]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: Introduce helper to set dirty flags.
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
67d95c15
AK		 62#define WANT_EXEC_OBSOLETE
63#include "exec-obsolete.h"
64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
9b9c37c3 89#if defined(__arm__) || defined(__sparc__)
141ac468
BS		 90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
6840981d 96#elif defined(_WIN32) && !defined(_WIN64)
f8e2af11
SW		 97#define code_gen_section \
98 __attribute__((aligned (16)))
d03d860b
BS		 99#else
100#define code_gen_section \
101 __attribute__((aligned (32)))
102#endif
103
104uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 105static uint8_t *code_gen_buffer;
106static unsigned long code_gen_buffer_size;
26a5f13b 107/* threshold to flush the translated code buffer */
bdaf78e0 108static unsigned long code_gen_buffer_max_size;
24ab68ac 109static uint8_t *code_gen_ptr;
fd6ce8f6 110
e2eef170 111#if !defined(CONFIG_USER_ONLY)
9fa3e853 112int phys_ram_fd;
74576198 113static int in_migration;
94a6b54f 114
85d59fef 115RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 116
117static MemoryRegion *system_memory;
309cb471 118static MemoryRegion *system_io;
62152b8a 119
0e0df1e2 120MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 121static MemoryRegion io_mem_subpage_ram;
0e0df1e2 122
e2eef170 123#endif
9fa3e853 124
9349b4f9 125CPUArchState *first_cpu;
6a00d601
FB		 126/* current CPU in the current thread. It is only valid inside
127 cpu_exec() */
9349b4f9 128DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 129/* 0 = Do not count executed instructions.
bf20dc07 130 1 = Precise instruction counting.
2e70f6ef
PB		 131 2 = Adaptive rate instruction counting. */
132int use_icount = 0;
6a00d601 133
54936004 134typedef struct PageDesc {
92e873b9 135 /* list of TBs intersecting this ram page */
fd6ce8f6 136 TranslationBlock *first_tb;
9fa3e853
FB		 137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141#if defined(CONFIG_USER_ONLY)
142 unsigned long flags;
143#endif
54936004
FB		 144} PageDesc;
145
41c1b1c9 146/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 147 while in user mode we want it to be based on virtual addresses. */
148#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 149#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
151#else
5cd2c5b6 152# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 153#endif
bedb69ea 154#else
5cd2c5b6 155# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 156#endif
54936004 157
5cd2c5b6
RH		 158/* Size of the L2 (and L3, etc) page tables. */
159#define L2_BITS 10
54936004
FB		 160#define L2_SIZE (1 << L2_BITS)
161
3eef53df
AK		 162#define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
164
5cd2c5b6 165/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 166#define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
168
5cd2c5b6
RH		 169#if V_L1_BITS_REM < 4
170#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
171#else
172#define V_L1_BITS V_L1_BITS_REM
173#endif
174
5cd2c5b6
RH		 175#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
176
5cd2c5b6
RH		 177#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
178
c6d50674
SW		 179uintptr_t qemu_real_host_page_size;
180uintptr_t qemu_host_page_size;
181uintptr_t qemu_host_page_mask;
54936004 182
5cd2c5b6
RH		 183/* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185static void *l1_map[V_L1_SIZE];
54936004 186
e2eef170 187#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 188typedef struct PhysPageEntry PhysPageEntry;
189
5312bd8b
AK		 190static MemoryRegionSection *phys_sections;
191static unsigned phys_sections_nb, phys_sections_nb_alloc;
192static uint16_t phys_section_unassigned;
aa102231
AK		 193static uint16_t phys_section_notdirty;
194static uint16_t phys_section_rom;
195static uint16_t phys_section_watch;
5312bd8b 196
4346ae3e 197struct PhysPageEntry {
07f07b31
AK		 198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
200 uint16_t ptr : 15;
4346ae3e
AK		 201};
202
d6f2ea22
AK		 203/* Simple allocator for PhysPageEntry nodes */
204static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
206
07f07b31 207#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 208
5cd2c5b6 209/* This is a multi-level map on the physical address space.
06ef3525 210 The bottom level has pointers to MemoryRegionSections. */
07f07b31 211static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 212
e2eef170 213static void io_mem_init(void);
62152b8a 214static void memory_map_init(void);
e2eef170 215
1ec9b909 216static MemoryRegion io_mem_watch;
6658ffb8 217#endif
33417e70 218
e3db7226 219/* statistics */
e3db7226
FB		 220static int tb_flush_count;
221static int tb_phys_invalidate_count;
222
7cb69cae
FB		 223#ifdef _WIN32
224static void map_exec(void *addr, long size)
225{
226 DWORD old_protect;
227 VirtualProtect(addr, size,
228 PAGE_EXECUTE_READWRITE, &old_protect);
229
230}
231#else
232static void map_exec(void *addr, long size)
233{
4369415f 234 unsigned long start, end, page_size;
7cb69cae 235
4369415f 236 page_size = getpagesize();
7cb69cae 237 start = (unsigned long)addr;
4369415f 238 start &= ~(page_size - 1);
7cb69cae
FB		 239
240 end = (unsigned long)addr + size;
4369415f
FB		 241 end += page_size - 1;
242 end &= ~(page_size - 1);
7cb69cae
FB		 243
244 mprotect((void *)start, end - start,
245 PROT_READ | PROT_WRITE | PROT_EXEC);
246}
247#endif
248
b346ff46 249static void page_init(void)
54936004 250{
83fb7adf 251 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 252 TARGET_PAGE_SIZE */
c2b48b69
AL		 253#ifdef _WIN32
254 {
255 SYSTEM_INFO system_info;
256
257 GetSystemInfo(&system_info);
258 qemu_real_host_page_size = system_info.dwPageSize;
259 }
260#else
261 qemu_real_host_page_size = getpagesize();
262#endif
83fb7adf
FB		 263 if (qemu_host_page_size == 0)
264 qemu_host_page_size = qemu_real_host_page_size;
265 if (qemu_host_page_size < TARGET_PAGE_SIZE)
266 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 267 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 268
2e9a5713 269#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 270 {
f01576f1
JL		 271#ifdef HAVE_KINFO_GETVMMAP
272 struct kinfo_vmentry *freep;
273 int i, cnt;
274
275 freep = kinfo_getvmmap(getpid(), &cnt);
276 if (freep) {
277 mmap_lock();
278 for (i = 0; i < cnt; i++) {
279 unsigned long startaddr, endaddr;
280
281 startaddr = freep[i].kve_start;
282 endaddr = freep[i].kve_end;
283 if (h2g_valid(startaddr)) {
284 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
285
286 if (h2g_valid(endaddr)) {
287 endaddr = h2g(endaddr);
fd436907 288 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 289 } else {
290#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
291 endaddr = ~0ul;
fd436907 292 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 293#endif
294 }
295 }
296 }
297 free(freep);
298 mmap_unlock();
299 }
300#else
50a9569b 301 FILE *f;
50a9569b 302
0776590d 303 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 304
fd436907 305 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 306 if (f) {
5cd2c5b6
RH		 307 mmap_lock();
308
50a9569b 309 do {
5cd2c5b6
RH		 310 unsigned long startaddr, endaddr;
311 int n;
312
313 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
314
315 if (n == 2 && h2g_valid(startaddr)) {
316 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
317
318 if (h2g_valid(endaddr)) {
319 endaddr = h2g(endaddr);
320 } else {
321 endaddr = ~0ul;
322 }
323 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 324 }
325 } while (!feof(f));
5cd2c5b6 326
50a9569b 327 fclose(f);
5cd2c5b6 328 mmap_unlock();
50a9569b 329 }
f01576f1 330#endif
50a9569b
AZ		 331 }
332#endif
54936004
FB		 333}
334
41c1b1c9 335static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 336{
41c1b1c9
PB		 337 PageDesc *pd;
338 void **lp;
339 int i;
340
5cd2c5b6 341#if defined(CONFIG_USER_ONLY)
7267c094 342 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 343# define ALLOC(P, SIZE) \
344 do { \
345 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
346 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 347 } while (0)
348#else
349# define ALLOC(P, SIZE) \
7267c094 350 do { P = g_malloc0(SIZE); } while (0)
17e2377a 351#endif
434929bf 352
5cd2c5b6
RH		 353 /* Level 1. Always allocated. */
354 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
355
356 /* Level 2..N-1. */
357 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
358 void **p = *lp;
359
360 if (p == NULL) {
361 if (!alloc) {
362 return NULL;
363 }
364 ALLOC(p, sizeof(void *) * L2_SIZE);
365 *lp = p;
17e2377a 366 }
5cd2c5b6
RH		 367
368 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
369 }
370
371 pd = *lp;
372 if (pd == NULL) {
373 if (!alloc) {
374 return NULL;
375 }
376 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
377 *lp = pd;
54936004 378 }
5cd2c5b6
RH		 379
380#undef ALLOC
5cd2c5b6
RH		 381
382 return pd + (index & (L2_SIZE - 1));
54936004
FB		 383}
384
41c1b1c9 385static inline PageDesc *page_find(tb_page_addr_t index)
54936004 386{
5cd2c5b6 387 return page_find_alloc(index, 0);
fd6ce8f6
FB		 388}
389
6d9a1304 390#if !defined(CONFIG_USER_ONLY)
d6f2ea22 391
f7bf5461 392static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 393{
f7bf5461 394 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 395 typedef PhysPageEntry Node[L2_SIZE];
396 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 397 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
398 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 399 phys_map_nodes = g_renew(Node, phys_map_nodes,
400 phys_map_nodes_nb_alloc);
401 }
f7bf5461
AK		 402}
403
404static uint16_t phys_map_node_alloc(void)
405{
406 unsigned i;
407 uint16_t ret;
408
409 ret = phys_map_nodes_nb++;
410 assert(ret != PHYS_MAP_NODE_NIL);
411 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 412 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 413 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 414 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 415 }
f7bf5461 416 return ret;
d6f2ea22
AK		 417}
418
419static void phys_map_nodes_reset(void)
420{
421 phys_map_nodes_nb = 0;
422}
423
92e873b9 424
2999097b
AK		 425static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
426 target_phys_addr_t *nb, uint16_t leaf,
427 int level)
f7bf5461
AK		 428{
429 PhysPageEntry *p;
430 int i;
07f07b31 431 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 432
07f07b31 433 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 434 lp->ptr = phys_map_node_alloc();
435 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 436 if (level == 0) {
437 for (i = 0; i < L2_SIZE; i++) {
07f07b31 438 p[i].is_leaf = 1;
c19e8800 439 p[i].ptr = phys_section_unassigned;
4346ae3e 440 }
67c4d23c 441 }
f7bf5461 442 } else {
c19e8800 443 p = phys_map_nodes[lp->ptr];
92e873b9 444 }
2999097b 445 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 446
2999097b 447 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 448 if ((*index & (step - 1)) == 0 && *nb >= step) {
449 lp->is_leaf = true;
c19e8800 450 lp->ptr = leaf;
07f07b31
AK		 451 *index += step;
452 *nb -= step;
2999097b
AK		 453 } else {
454 phys_page_set_level(lp, index, nb, leaf, level - 1);
455 }
456 ++lp;
f7bf5461
AK		 457 }
458}
459
2999097b
AK		 460static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
461 uint16_t leaf)
f7bf5461 462{
2999097b 463 /* Wildly overreserve - it doesn't matter much. */
07f07b31 464 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 465
2999097b 466 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 467}
468
0cac1b66 469MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 470{
31ab2b4a
AK		 471 PhysPageEntry lp = phys_map;
472 PhysPageEntry *p;
473 int i;
31ab2b4a 474 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 475
07f07b31 476 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 477 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 478 goto not_found;
479 }
c19e8800 480 p = phys_map_nodes[lp.ptr];
31ab2b4a 481 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 482 }
31ab2b4a 483
c19e8800 484 s_index = lp.ptr;
31ab2b4a 485not_found:
f3705d53
AK		 486 return &phys_sections[s_index];
487}
488
e5548617
BS		 489bool memory_region_is_unassigned(MemoryRegion *mr)
490{
491 return mr != &io_mem_ram && mr != &io_mem_rom
492 && mr != &io_mem_notdirty && !mr->rom_device
493 && mr != &io_mem_watch;
494}
495
c8a706fe
PB		 496#define mmap_lock() do { } while(0)
497#define mmap_unlock() do { } while(0)
9fa3e853 498#endif
fd6ce8f6 499
4369415f
FB		 500#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
501
502#if defined(CONFIG_USER_ONLY)
ccbb4d44 503/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 504 user mode. It will change when a dedicated libc will be used */
505#define USE_STATIC_CODE_GEN_BUFFER
506#endif
507
508#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 509static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
510 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 511#endif
512
8fcd3692 513static void code_gen_alloc(unsigned long tb_size)
26a5f13b 514{
4369415f
FB		 515#ifdef USE_STATIC_CODE_GEN_BUFFER
516 code_gen_buffer = static_code_gen_buffer;
517 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
518 map_exec(code_gen_buffer, code_gen_buffer_size);
519#else
26a5f13b
FB		 520 code_gen_buffer_size = tb_size;
521 if (code_gen_buffer_size == 0) {
4369415f 522#if defined(CONFIG_USER_ONLY)
4369415f
FB		 523 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
524#else
ccbb4d44 525 /* XXX: needs adjustments */
94a6b54f 526 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 527#endif
26a5f13b
FB		 528 }
529 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
530 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
531 /* The code gen buffer location may have constraints depending on
532 the host cpu and OS */
533#if defined(__linux__)
534 {
535 int flags;
141ac468
BS		 536 void *start = NULL;
537
26a5f13b
FB		 538 flags = MAP_PRIVATE | MAP_ANONYMOUS;
539#if defined(__x86_64__)
540 flags |= MAP_32BIT;
541 /* Cannot map more than that */
542 if (code_gen_buffer_size > (800 * 1024 * 1024))
543 code_gen_buffer_size = (800 * 1024 * 1024);
9b9c37c3 544#elif defined(__sparc__) && HOST_LONG_BITS == 64
141ac468 545 // Map the buffer below 2G, so we can use direct calls and branches
d5dd696f 546 start = (void *) 0x40000000UL;
141ac468
BS		 547 if (code_gen_buffer_size > (512 * 1024 * 1024))
548 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 549#elif defined(__arm__)
5c84bd90 550 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 551 if (code_gen_buffer_size > 16 * 1024 * 1024)
552 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 553#elif defined(__s390x__)
554 /* Map the buffer so that we can use direct calls and branches. */
555 /* We have a +- 4GB range on the branches; leave some slop. */
556 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
557 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
558 }
559 start = (void *)0x90000000UL;
26a5f13b 560#endif
141ac468
BS		 561 code_gen_buffer = mmap(start, code_gen_buffer_size,
562 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 563 flags, -1, 0);
564 if (code_gen_buffer == MAP_FAILED) {
565 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
566 exit(1);
567 }
568 }
cbb608a5 569#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 570 || defined(__DragonFly__) || defined(__OpenBSD__) \
571 || defined(__NetBSD__)
06e67a82
AL		 572 {
573 int flags;
574 void *addr = NULL;
575 flags = MAP_PRIVATE | MAP_ANONYMOUS;
576#if defined(__x86_64__)
577 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
578 * 0x40000000 is free */
579 flags |= MAP_FIXED;
580 addr = (void *)0x40000000;
581 /* Cannot map more than that */
582 if (code_gen_buffer_size > (800 * 1024 * 1024))
583 code_gen_buffer_size = (800 * 1024 * 1024);
9b9c37c3 584#elif defined(__sparc__) && HOST_LONG_BITS == 64
4cd31ad2 585 // Map the buffer below 2G, so we can use direct calls and branches
d5dd696f 586 addr = (void *) 0x40000000UL;
4cd31ad2
BS		 587 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
588 code_gen_buffer_size = (512 * 1024 * 1024);
589 }
06e67a82
AL		 590#endif
591 code_gen_buffer = mmap(addr, code_gen_buffer_size,
592 PROT_WRITE | PROT_READ | PROT_EXEC,
593 flags, -1, 0);
594 if (code_gen_buffer == MAP_FAILED) {
595 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
596 exit(1);
597 }
598 }
26a5f13b 599#else
7267c094 600 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 601 map_exec(code_gen_buffer, code_gen_buffer_size);
602#endif
4369415f 603#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 604 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 605 code_gen_buffer_max_size = code_gen_buffer_size -
606 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 607 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 608 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 609}
610
611/* Must be called before using the QEMU cpus. 'tb_size' is the size
612 (in bytes) allocated to the translation buffer. Zero means default
613 size. */
d5ab9713 614void tcg_exec_init(unsigned long tb_size)
26a5f13b 615{
26a5f13b
FB		 616 cpu_gen_init();
617 code_gen_alloc(tb_size);
618 code_gen_ptr = code_gen_buffer;
813da627 619 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 620 page_init();
9002ec79
RH		 621#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
622 /* There's no guest base to take into account, so go ahead and
623 initialize the prologue now. */
624 tcg_prologue_init(&tcg_ctx);
625#endif
26a5f13b
FB		 626}
627
d5ab9713
JK		 628bool tcg_enabled(void)
629{
630 return code_gen_buffer != NULL;
631}
632
633void cpu_exec_init_all(void)
634{
635#if !defined(CONFIG_USER_ONLY)
636 memory_map_init();
637 io_mem_init();
638#endif
639}
640
9656f324
PB		 641#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
642
e59fb374 643static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 644{
9349b4f9 645 CPUArchState *env = opaque;
9656f324 646
3098dba0
AJ		 647 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
648 version_id is increased. */
649 env->interrupt_request &= ~0x01;
9656f324
PB		 650 tlb_flush(env, 1);
651
652 return 0;
653}
e7f4eff7
JQ		 654
655static const VMStateDescription vmstate_cpu_common = {
656 .name = "cpu_common",
657 .version_id = 1,
658 .minimum_version_id = 1,
659 .minimum_version_id_old = 1,
e7f4eff7
JQ		 660 .post_load = cpu_common_post_load,
661 .fields = (VMStateField []) {
9349b4f9
AF		 662 VMSTATE_UINT32(halted, CPUArchState),
663 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 664 VMSTATE_END_OF_LIST()
665 }
666};
9656f324
PB		 667#endif
668
9349b4f9 669CPUArchState *qemu_get_cpu(int cpu)
950f1472 670{
9349b4f9 671 CPUArchState *env = first_cpu;
950f1472
GC		 672
673 while (env) {
674 if (env->cpu_index == cpu)
675 break;
676 env = env->next_cpu;
677 }
678
679 return env;
680}
681
9349b4f9 682void cpu_exec_init(CPUArchState *env)
fd6ce8f6 683{
9349b4f9 684 CPUArchState **penv;
6a00d601
FB		 685 int cpu_index;
686
c2764719
PB		 687#if defined(CONFIG_USER_ONLY)
688 cpu_list_lock();
689#endif
6a00d601
FB		 690 env->next_cpu = NULL;
691 penv = &first_cpu;
692 cpu_index = 0;
693 while (*penv != NULL) {
1e9fa730 694 penv = &(*penv)->next_cpu;
6a00d601
FB		 695 cpu_index++;
696 }
697 env->cpu_index = cpu_index;
268a362c 698 env->numa_node = 0;
72cf2d4f
BS		 699 QTAILQ_INIT(&env->breakpoints);
700 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 701#ifndef CONFIG_USER_ONLY
702 env->thread_id = qemu_get_thread_id();
703#endif
6a00d601 704 *penv = env;
c2764719
PB		 705#if defined(CONFIG_USER_ONLY)
706 cpu_list_unlock();
707#endif
b3c7724c 708#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 709 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
710 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 711 cpu_save, cpu_load, env);
712#endif
fd6ce8f6
FB		 713}
714
d1a1eb74
TG		 715/* Allocate a new translation block. Flush the translation buffer if
716 too many translation blocks or too much generated code. */
717static TranslationBlock *tb_alloc(target_ulong pc)
718{
719 TranslationBlock *tb;
720
721 if (nb_tbs >= code_gen_max_blocks ||
722 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
723 return NULL;
724 tb = &tbs[nb_tbs++];
725 tb->pc = pc;
726 tb->cflags = 0;
727 return tb;
728}
729
730void tb_free(TranslationBlock *tb)
731{
732 /* In practice this is mostly used for single use temporary TB
733 Ignore the hard cases and just back up if this TB happens to
734 be the last one generated. */
735 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
736 code_gen_ptr = tb->tc_ptr;
737 nb_tbs--;
738 }
739}
740
9fa3e853
FB		 741static inline void invalidate_page_bitmap(PageDesc *p)
742{
743 if (p->code_bitmap) {
7267c094 744 g_free(p->code_bitmap);
9fa3e853
FB		 745 p->code_bitmap = NULL;
746 }
747 p->code_write_count = 0;
748}
749
5cd2c5b6
RH		 750/* Set to NULL all the 'first_tb' fields in all PageDescs. */
751
752static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 753{
5cd2c5b6 754 int i;
fd6ce8f6 755
5cd2c5b6
RH		 756 if (*lp == NULL) {
757 return;
758 }
759 if (level == 0) {
760 PageDesc *pd = *lp;
7296abac 761 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 762 pd[i].first_tb = NULL;
763 invalidate_page_bitmap(pd + i);
fd6ce8f6 764 }
5cd2c5b6
RH		 765 } else {
766 void **pp = *lp;
7296abac 767 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 768 page_flush_tb_1 (level - 1, pp + i);
769 }
770 }
771}
772
773static void page_flush_tb(void)
774{
775 int i;
776 for (i = 0; i < V_L1_SIZE; i++) {
777 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 778 }
779}
780
781/* flush all the translation blocks */
d4e8164f 782/* XXX: tb_flush is currently not thread safe */
9349b4f9 783void tb_flush(CPUArchState *env1)
fd6ce8f6 784{
9349b4f9 785 CPUArchState *env;
0124311e 786#if defined(DEBUG_FLUSH)
ab3d1727
BS		 787 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
788 (unsigned long)(code_gen_ptr - code_gen_buffer),
789 nb_tbs, nb_tbs > 0 ?
790 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 791#endif
26a5f13b 792 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 793 cpu_abort(env1, "Internal error: code buffer overflow\n");
794
fd6ce8f6 795 nb_tbs = 0;
3b46e624 796
6a00d601
FB		 797 for(env = first_cpu; env != NULL; env = env->next_cpu) {
798 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
799 }
9fa3e853 800
8a8a608f 801 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 802 page_flush_tb();
9fa3e853 803
fd6ce8f6 804 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 805 /* XXX: flush processor icache at this point if cache flush is
806 expensive */
e3db7226 807 tb_flush_count++;
fd6ce8f6
FB		 808}
809
810#ifdef DEBUG_TB_CHECK
811
bc98a7ef 812static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 813{
814 TranslationBlock *tb;
815 int i;
816 address &= TARGET_PAGE_MASK;
99773bd4
PB		 817 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
818 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 819 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
820 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 821 printf("ERROR invalidate: address=" TARGET_FMT_lx
822 " PC=%08lx size=%04x\n",
99773bd4 823 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 824 }
825 }
826 }
827}
828
829/* verify that all the pages have correct rights for code */
830static void tb_page_check(void)
831{
832 TranslationBlock *tb;
833 int i, flags1, flags2;
3b46e624 834
99773bd4
PB		 835 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
836 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 837 flags1 = page_get_flags(tb->pc);
838 flags2 = page_get_flags(tb->pc + tb->size - 1);
839 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
840 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 841 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 842 }
843 }
844 }
845}
846
847#endif
848
849/* invalidate one TB */
850static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
851 int next_offset)
852{
853 TranslationBlock *tb1;
854 for(;;) {
855 tb1 = *ptb;
856 if (tb1 == tb) {
857 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
858 break;
859 }
860 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
861 }
862}
863
9fa3e853
FB		 864static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
865{
866 TranslationBlock *tb1;
867 unsigned int n1;
868
869 for(;;) {
870 tb1 = *ptb;
8efe0ca8
SW		 871 n1 = (uintptr_t)tb1 & 3;
872 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 873 if (tb1 == tb) {
874 *ptb = tb1->page_next[n1];
875 break;
876 }
877 ptb = &tb1->page_next[n1];
878 }
879}
880
d4e8164f
FB		 881static inline void tb_jmp_remove(TranslationBlock *tb, int n)
882{
883 TranslationBlock *tb1, **ptb;
884 unsigned int n1;
885
886 ptb = &tb->jmp_next[n];
887 tb1 = *ptb;
888 if (tb1) {
889 /* find tb(n) in circular list */
890 for(;;) {
891 tb1 = *ptb;
8efe0ca8
SW		 892 n1 = (uintptr_t)tb1 & 3;
893 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 894 if (n1 == n && tb1 == tb)
895 break;
896 if (n1 == 2) {
897 ptb = &tb1->jmp_first;
898 } else {
899 ptb = &tb1->jmp_next[n1];
900 }
901 }
902 /* now we can suppress tb(n) from the list */
903 *ptb = tb->jmp_next[n];
904
905 tb->jmp_next[n] = NULL;
906 }
907}
908
909/* reset the jump entry 'n' of a TB so that it is not chained to
910 another TB */
911static inline void tb_reset_jump(TranslationBlock *tb, int n)
912{
8efe0ca8 913 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 914}
915
41c1b1c9 916void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 917{
9349b4f9 918 CPUArchState *env;
8a40a180 919 PageDesc *p;
d4e8164f 920 unsigned int h, n1;
41c1b1c9 921 tb_page_addr_t phys_pc;
8a40a180 922 TranslationBlock *tb1, *tb2;
3b46e624 923
8a40a180
FB		 924 /* remove the TB from the hash list */
925 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
926 h = tb_phys_hash_func(phys_pc);
5fafdf24 927 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 928 offsetof(TranslationBlock, phys_hash_next));
929
930 /* remove the TB from the page list */
931 if (tb->page_addr[0] != page_addr) {
932 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
933 tb_page_remove(&p->first_tb, tb);
934 invalidate_page_bitmap(p);
935 }
936 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
937 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
938 tb_page_remove(&p->first_tb, tb);
939 invalidate_page_bitmap(p);
940 }
941
36bdbe54 942 tb_invalidated_flag = 1;
59817ccb 943
fd6ce8f6 944 /* remove the TB from the hash list */
8a40a180 945 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 946 for(env = first_cpu; env != NULL; env = env->next_cpu) {
947 if (env->tb_jmp_cache[h] == tb)
948 env->tb_jmp_cache[h] = NULL;
949 }
d4e8164f
FB		 950
951 /* suppress this TB from the two jump lists */
952 tb_jmp_remove(tb, 0);
953 tb_jmp_remove(tb, 1);
954
955 /* suppress any remaining jumps to this TB */
956 tb1 = tb->jmp_first;
957 for(;;) {
8efe0ca8 958 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 959 if (n1 == 2)
960 break;
8efe0ca8 961 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 962 tb2 = tb1->jmp_next[n1];
963 tb_reset_jump(tb1, n1);
964 tb1->jmp_next[n1] = NULL;
965 tb1 = tb2;
966 }
8efe0ca8 967 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 968
e3db7226 969 tb_phys_invalidate_count++;
9fa3e853
FB		 970}
971
972static inline void set_bits(uint8_t *tab, int start, int len)
973{
974 int end, mask, end1;
975
976 end = start + len;
977 tab += start >> 3;
978 mask = 0xff << (start & 7);
979 if ((start & ~7) == (end & ~7)) {
980 if (start < end) {
981 mask &= ~(0xff << (end & 7));
982 *tab |= mask;
983 }
984 } else {
985 *tab++ |= mask;
986 start = (start + 8) & ~7;
987 end1 = end & ~7;
988 while (start < end1) {
989 *tab++ = 0xff;
990 start += 8;
991 }
992 if (start < end) {
993 mask = ~(0xff << (end & 7));
994 *tab |= mask;
995 }
996 }
997}
998
999static void build_page_bitmap(PageDesc *p)
1000{
1001 int n, tb_start, tb_end;
1002 TranslationBlock *tb;
3b46e624 1003
7267c094 1004 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1005
1006 tb = p->first_tb;
1007 while (tb != NULL) {
8efe0ca8
SW		 1008 n = (uintptr_t)tb & 3;
1009 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1010 /* NOTE: this is subtle as a TB may span two physical pages */
1011 if (n == 0) {
1012 /* NOTE: tb_end may be after the end of the page, but
1013 it is not a problem */
1014 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1015 tb_end = tb_start + tb->size;
1016 if (tb_end > TARGET_PAGE_SIZE)
1017 tb_end = TARGET_PAGE_SIZE;
1018 } else {
1019 tb_start = 0;
1020 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1021 }
1022 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1023 tb = tb->page_next[n];
1024 }
1025}
1026
9349b4f9 1027TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1028 target_ulong pc, target_ulong cs_base,
1029 int flags, int cflags)
d720b93d
FB		 1030{
1031 TranslationBlock *tb;
1032 uint8_t *tc_ptr;
41c1b1c9
PB		 1033 tb_page_addr_t phys_pc, phys_page2;
1034 target_ulong virt_page2;
d720b93d
FB		 1035 int code_gen_size;
1036
41c1b1c9 1037 phys_pc = get_page_addr_code(env, pc);
c27004ec 1038 tb = tb_alloc(pc);
d720b93d
FB		 1039 if (!tb) {
1040 /* flush must be done */
1041 tb_flush(env);
1042 /* cannot fail at this point */
c27004ec 1043 tb = tb_alloc(pc);
2e70f6ef
PB		 1044 /* Don't forget to invalidate previous TB info. */
1045 tb_invalidated_flag = 1;
d720b93d
FB		 1046 }
1047 tc_ptr = code_gen_ptr;
1048 tb->tc_ptr = tc_ptr;
1049 tb->cs_base = cs_base;
1050 tb->flags = flags;
1051 tb->cflags = cflags;
d07bde88 1052 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1053 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1054 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1055
d720b93d 1056 /* check next page if needed */
c27004ec 1057 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1058 phys_page2 = -1;
c27004ec 1059 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1060 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1061 }
41c1b1c9 1062 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1063 return tb;
d720b93d 1064}
3b46e624 1065
77a8f1a5 1066/*
8e0fdce3
JK		 1067 * Invalidate all TBs which intersect with the target physical address range
1068 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1069 * 'is_cpu_write_access' should be true if called from a real cpu write
1070 * access: the virtual CPU will exit the current TB if code is modified inside
1071 * this TB.
77a8f1a5
AG		 1072 */
1073void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1074 int is_cpu_write_access)
1075{
1076 while (start < end) {
1077 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1078 start &= TARGET_PAGE_MASK;
1079 start += TARGET_PAGE_SIZE;
1080 }
1081}
1082
8e0fdce3
JK		 1083/*
1084 * Invalidate all TBs which intersect with the target physical address range
1085 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1086 * 'is_cpu_write_access' should be true if called from a real cpu write
1087 * access: the virtual CPU will exit the current TB if code is modified inside
1088 * this TB.
1089 */
41c1b1c9 1090void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1091 int is_cpu_write_access)
1092{
6b917547 1093 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1094 CPUArchState *env = cpu_single_env;
41c1b1c9 1095 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1096 PageDesc *p;
1097 int n;
1098#ifdef TARGET_HAS_PRECISE_SMC
1099 int current_tb_not_found = is_cpu_write_access;
1100 TranslationBlock *current_tb = NULL;
1101 int current_tb_modified = 0;
1102 target_ulong current_pc = 0;
1103 target_ulong current_cs_base = 0;
1104 int current_flags = 0;
1105#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1106
1107 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1108 if (!p)
9fa3e853 1109 return;
5fafdf24 1110 if (!p->code_bitmap &&
d720b93d
FB		 1111 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1112 is_cpu_write_access) {
9fa3e853
FB		 1113 /* build code bitmap */
1114 build_page_bitmap(p);
1115 }
1116
1117 /* we remove all the TBs in the range [start, end[ */
1118 /* XXX: see if in some cases it could be faster to invalidate all the code */
1119 tb = p->first_tb;
1120 while (tb != NULL) {
8efe0ca8
SW		 1121 n = (uintptr_t)tb & 3;
1122 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1123 tb_next = tb->page_next[n];
1124 /* NOTE: this is subtle as a TB may span two physical pages */
1125 if (n == 0) {
1126 /* NOTE: tb_end may be after the end of the page, but
1127 it is not a problem */
1128 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1129 tb_end = tb_start + tb->size;
1130 } else {
1131 tb_start = tb->page_addr[1];
1132 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1133 }
1134 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1135#ifdef TARGET_HAS_PRECISE_SMC
1136 if (current_tb_not_found) {
1137 current_tb_not_found = 0;
1138 current_tb = NULL;
2e70f6ef 1139 if (env->mem_io_pc) {
d720b93d 1140 /* now we have a real cpu fault */
2e70f6ef 1141 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1142 }
1143 }
1144 if (current_tb == tb &&
2e70f6ef 1145 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1146 /* If we are modifying the current TB, we must stop
1147 its execution. We could be more precise by checking
1148 that the modification is after the current PC, but it
1149 would require a specialized function to partially
1150 restore the CPU state */
3b46e624 1151
d720b93d 1152 current_tb_modified = 1;
618ba8e6 1153 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1154 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1155 &current_flags);
d720b93d
FB		 1156 }
1157#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1158 /* we need to do that to handle the case where a signal
1159 occurs while doing tb_phys_invalidate() */
1160 saved_tb = NULL;
1161 if (env) {
1162 saved_tb = env->current_tb;
1163 env->current_tb = NULL;
1164 }
9fa3e853 1165 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1166 if (env) {
1167 env->current_tb = saved_tb;
1168 if (env->interrupt_request && env->current_tb)
1169 cpu_interrupt(env, env->interrupt_request);
1170 }
9fa3e853
FB		 1171 }
1172 tb = tb_next;
1173 }
1174#if !defined(CONFIG_USER_ONLY)
1175 /* if no code remaining, no need to continue to use slow writes */
1176 if (!p->first_tb) {
1177 invalidate_page_bitmap(p);
d720b93d 1178 if (is_cpu_write_access) {
2e70f6ef 1179 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1180 }
1181 }
1182#endif
1183#ifdef TARGET_HAS_PRECISE_SMC
1184 if (current_tb_modified) {
1185 /* we generate a block containing just the instruction
1186 modifying the memory. It will ensure that it cannot modify
1187 itself */
ea1c1802 1188 env->current_tb = NULL;
2e70f6ef 1189 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1190 cpu_resume_from_signal(env, NULL);
9fa3e853 1191 }
fd6ce8f6 1192#endif
9fa3e853 1193}
fd6ce8f6 1194
9fa3e853 1195/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1196static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1197{
1198 PageDesc *p;
1199 int offset, b;
59817ccb 1200#if 0
a4193c8a 1201 if (1) {
93fcfe39
AL		 1202 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1203 cpu_single_env->mem_io_vaddr, len,
1204 cpu_single_env->eip,
8efe0ca8
SW		 1205 cpu_single_env->eip +
1206 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1207 }
1208#endif
9fa3e853 1209 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1210 if (!p)
9fa3e853
FB		 1211 return;
1212 if (p->code_bitmap) {
1213 offset = start & ~TARGET_PAGE_MASK;
1214 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1215 if (b & ((1 << len) - 1))
1216 goto do_invalidate;
1217 } else {
1218 do_invalidate:
d720b93d 1219 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1220 }
1221}
1222
9fa3e853 1223#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1224static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1225 uintptr_t pc, void *puc)
9fa3e853 1226{
6b917547 1227 TranslationBlock *tb;
9fa3e853 1228 PageDesc *p;
6b917547 1229 int n;
d720b93d 1230#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1231 TranslationBlock *current_tb = NULL;
9349b4f9 1232 CPUArchState *env = cpu_single_env;
6b917547
AL		 1233 int current_tb_modified = 0;
1234 target_ulong current_pc = 0;
1235 target_ulong current_cs_base = 0;
1236 int current_flags = 0;
d720b93d 1237#endif
9fa3e853
FB		 1238
1239 addr &= TARGET_PAGE_MASK;
1240 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1241 if (!p)
9fa3e853
FB		 1242 return;
1243 tb = p->first_tb;
d720b93d
FB		 1244#ifdef TARGET_HAS_PRECISE_SMC
1245 if (tb && pc != 0) {
1246 current_tb = tb_find_pc(pc);
1247 }
1248#endif
9fa3e853 1249 while (tb != NULL) {
8efe0ca8
SW		 1250 n = (uintptr_t)tb & 3;
1251 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1252#ifdef TARGET_HAS_PRECISE_SMC
1253 if (current_tb == tb &&
2e70f6ef 1254 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1255 /* If we are modifying the current TB, we must stop
1256 its execution. We could be more precise by checking
1257 that the modification is after the current PC, but it
1258 would require a specialized function to partially
1259 restore the CPU state */
3b46e624 1260
d720b93d 1261 current_tb_modified = 1;
618ba8e6 1262 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1263 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1264 &current_flags);
d720b93d
FB		 1265 }
1266#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1267 tb_phys_invalidate(tb, addr);
1268 tb = tb->page_next[n];
1269 }
fd6ce8f6 1270 p->first_tb = NULL;
d720b93d
FB		 1271#ifdef TARGET_HAS_PRECISE_SMC
1272 if (current_tb_modified) {
1273 /* we generate a block containing just the instruction
1274 modifying the memory. It will ensure that it cannot modify
1275 itself */
ea1c1802 1276 env->current_tb = NULL;
2e70f6ef 1277 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1278 cpu_resume_from_signal(env, puc);
1279 }
1280#endif
fd6ce8f6 1281}
9fa3e853 1282#endif
fd6ce8f6
FB		 1283
1284/* add the tb in the target page and protect it if necessary */
5fafdf24 1285static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1286 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1287{
1288 PageDesc *p;
4429ab44
JQ		 1289#ifndef CONFIG_USER_ONLY
1290 bool page_already_protected;
1291#endif
9fa3e853
FB		 1292
1293 tb->page_addr[n] = page_addr;
5cd2c5b6 1294 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1295 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1296#ifndef CONFIG_USER_ONLY
1297 page_already_protected = p->first_tb != NULL;
1298#endif
8efe0ca8 1299 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1300 invalidate_page_bitmap(p);
fd6ce8f6 1301
107db443 1302#if defined(TARGET_HAS_SMC) || 1
d720b93d 1303
9fa3e853 1304#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1305 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1306 target_ulong addr;
1307 PageDesc *p2;
9fa3e853
FB		 1308 int prot;
1309
fd6ce8f6
FB		 1310 /* force the host page as non writable (writes will have a
1311 page fault + mprotect overhead) */
53a5960a 1312 page_addr &= qemu_host_page_mask;
fd6ce8f6 1313 prot = 0;
53a5960a
PB		 1314 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1315 addr += TARGET_PAGE_SIZE) {
1316
1317 p2 = page_find (addr >> TARGET_PAGE_BITS);
1318 if (!p2)
1319 continue;
1320 prot |= p2->flags;
1321 p2->flags &= ~PAGE_WRITE;
53a5960a 1322 }
5fafdf24 1323 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1324 (prot & PAGE_BITS) & ~PAGE_WRITE);
1325#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1326 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1327 page_addr);
fd6ce8f6 1328#endif
fd6ce8f6 1329 }
9fa3e853
FB		 1330#else
1331 /* if some code is already present, then the pages are already
1332 protected. So we handle the case where only the first TB is
1333 allocated in a physical page */
4429ab44 1334 if (!page_already_protected) {
6a00d601 1335 tlb_protect_code(page_addr);
9fa3e853
FB		 1336 }
1337#endif
d720b93d
FB		 1338
1339#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1340}
1341
9fa3e853
FB		 1342/* add a new TB and link it to the physical page tables. phys_page2 is
1343 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1344void tb_link_page(TranslationBlock *tb,
1345 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1346{
9fa3e853
FB		 1347 unsigned int h;
1348 TranslationBlock **ptb;
1349
c8a706fe
PB		 1350 /* Grab the mmap lock to stop another thread invalidating this TB
1351 before we are done. */
1352 mmap_lock();
9fa3e853
FB		 1353 /* add in the physical hash table */
1354 h = tb_phys_hash_func(phys_pc);
1355 ptb = &tb_phys_hash[h];
1356 tb->phys_hash_next = *ptb;
1357 *ptb = tb;
fd6ce8f6
FB		 1358
1359 /* add in the page list */
9fa3e853
FB		 1360 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1361 if (phys_page2 != -1)
1362 tb_alloc_page(tb, 1, phys_page2);
1363 else
1364 tb->page_addr[1] = -1;
9fa3e853 1365
8efe0ca8 1366 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1367 tb->jmp_next[0] = NULL;
1368 tb->jmp_next[1] = NULL;
1369
1370 /* init original jump addresses */
1371 if (tb->tb_next_offset[0] != 0xffff)
1372 tb_reset_jump(tb, 0);
1373 if (tb->tb_next_offset[1] != 0xffff)
1374 tb_reset_jump(tb, 1);
8a40a180
FB		 1375
1376#ifdef DEBUG_TB_CHECK
1377 tb_page_check();
1378#endif
c8a706fe 1379 mmap_unlock();
fd6ce8f6
FB		 1380}
1381
9fa3e853
FB		 1382/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1383 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1384TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1385{
9fa3e853 1386 int m_min, m_max, m;
8efe0ca8 1387 uintptr_t v;
9fa3e853 1388 TranslationBlock *tb;
a513fe19
FB		 1389
1390 if (nb_tbs <= 0)
1391 return NULL;
8efe0ca8
SW		 1392 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1393 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1394 return NULL;
8efe0ca8 1395 }
a513fe19
FB		 1396 /* binary search (cf Knuth) */
1397 m_min = 0;
1398 m_max = nb_tbs - 1;
1399 while (m_min <= m_max) {
1400 m = (m_min + m_max) >> 1;
1401 tb = &tbs[m];
8efe0ca8 1402 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1403 if (v == tc_ptr)
1404 return tb;
1405 else if (tc_ptr < v) {
1406 m_max = m - 1;
1407 } else {
1408 m_min = m + 1;
1409 }
5fafdf24 1410 }
a513fe19
FB		 1411 return &tbs[m_max];
1412}
7501267e 1413
ea041c0e
FB		 1414static void tb_reset_jump_recursive(TranslationBlock *tb);
1415
1416static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1417{
1418 TranslationBlock *tb1, *tb_next, **ptb;
1419 unsigned int n1;
1420
1421 tb1 = tb->jmp_next[n];
1422 if (tb1 != NULL) {
1423 /* find head of list */
1424 for(;;) {
8efe0ca8
SW		 1425 n1 = (uintptr_t)tb1 & 3;
1426 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1427 if (n1 == 2)
1428 break;
1429 tb1 = tb1->jmp_next[n1];
1430 }
1431 /* we are now sure now that tb jumps to tb1 */
1432 tb_next = tb1;
1433
1434 /* remove tb from the jmp_first list */
1435 ptb = &tb_next->jmp_first;
1436 for(;;) {
1437 tb1 = *ptb;
8efe0ca8
SW		 1438 n1 = (uintptr_t)tb1 & 3;
1439 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1440 if (n1 == n && tb1 == tb)
1441 break;
1442 ptb = &tb1->jmp_next[n1];
1443 }
1444 *ptb = tb->jmp_next[n];
1445 tb->jmp_next[n] = NULL;
3b46e624 1446
ea041c0e
FB		 1447 /* suppress the jump to next tb in generated code */
1448 tb_reset_jump(tb, n);
1449
0124311e 1450 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1451 tb_reset_jump_recursive(tb_next);
1452 }
1453}
1454
1455static void tb_reset_jump_recursive(TranslationBlock *tb)
1456{
1457 tb_reset_jump_recursive2(tb, 0);
1458 tb_reset_jump_recursive2(tb, 1);
1459}
1460
1fddef4b 1461#if defined(TARGET_HAS_ICE)
94df27fd 1462#if defined(CONFIG_USER_ONLY)
9349b4f9 1463static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1464{
1465 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1466}
1467#else
1e7855a5 1468void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1469{
c227f099 1470 ram_addr_t ram_addr;
f3705d53 1471 MemoryRegionSection *section;
d720b93d 1472
06ef3525 1473 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1474 if (!(memory_region_is_ram(section->mr)
1475 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1476 return;
1477 }
f3705d53 1478 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1479 + memory_region_section_addr(section, addr);
706cd4b5 1480 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1481}
1e7855a5
MF		 1482
1483static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1484{
9d70c4b7
MF		 1485 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1486 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1487}
c27004ec 1488#endif
94df27fd 1489#endif /* TARGET_HAS_ICE */
d720b93d 1490
c527ee8f 1491#if defined(CONFIG_USER_ONLY)
9349b4f9 1492void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1493
1494{
1495}
1496
9349b4f9 1497int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1498 int flags, CPUWatchpoint **watchpoint)
1499{
1500 return -ENOSYS;
1501}
1502#else
6658ffb8 1503/* Add a watchpoint. */
9349b4f9 1504int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1505 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1506{
b4051334 1507 target_ulong len_mask = ~(len - 1);
c0ce998e 1508 CPUWatchpoint *wp;
6658ffb8 1509
b4051334 1510 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1511 if ((len & (len - 1)) || (addr & ~len_mask) ||
1512 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1513 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1514 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1515 return -EINVAL;
1516 }
7267c094 1517 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1518
1519 wp->vaddr = addr;
b4051334 1520 wp->len_mask = len_mask;
a1d1bb31
AL		 1521 wp->flags = flags;
1522
2dc9f411 1523 /* keep all GDB-injected watchpoints in front */
c0ce998e 1524 if (flags & BP_GDB)
72cf2d4f 1525 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1526 else
72cf2d4f 1527 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1528
6658ffb8 1529 tlb_flush_page(env, addr);
a1d1bb31
AL		 1530
1531 if (watchpoint)
1532 *watchpoint = wp;
1533 return 0;
6658ffb8
PB		 1534}
1535
a1d1bb31 1536/* Remove a specific watchpoint. */
9349b4f9 1537int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1538 int flags)
6658ffb8 1539{
b4051334 1540 target_ulong len_mask = ~(len - 1);
a1d1bb31 1541 CPUWatchpoint *wp;
6658ffb8 1542
72cf2d4f 1543 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1544 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1545 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1546 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1547 return 0;
1548 }
1549 }
a1d1bb31 1550 return -ENOENT;
6658ffb8
PB		 1551}
1552
a1d1bb31 1553/* Remove a specific watchpoint by reference. */
9349b4f9 1554void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1555{
72cf2d4f 1556 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1557
a1d1bb31
AL		 1558 tlb_flush_page(env, watchpoint->vaddr);
1559
7267c094 1560 g_free(watchpoint);
a1d1bb31
AL		 1561}
1562
1563/* Remove all matching watchpoints. */
9349b4f9 1564void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1565{
c0ce998e 1566 CPUWatchpoint *wp, *next;
a1d1bb31 1567
72cf2d4f 1568 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1569 if (wp->flags & mask)
1570 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1571 }
7d03f82f 1572}
c527ee8f 1573#endif
7d03f82f 1574
a1d1bb31 1575/* Add a breakpoint. */
9349b4f9 1576int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1577 CPUBreakpoint **breakpoint)
4c3a88a2 1578{
1fddef4b 1579#if defined(TARGET_HAS_ICE)
c0ce998e 1580 CPUBreakpoint *bp;
3b46e624 1581
7267c094 1582 bp = g_malloc(sizeof(*bp));
4c3a88a2 1583
a1d1bb31
AL		 1584 bp->pc = pc;
1585 bp->flags = flags;
1586
2dc9f411 1587 /* keep all GDB-injected breakpoints in front */
c0ce998e 1588 if (flags & BP_GDB)
72cf2d4f 1589 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1590 else
72cf2d4f 1591 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1592
d720b93d 1593 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1594
1595 if (breakpoint)
1596 *breakpoint = bp;
4c3a88a2
FB		 1597 return 0;
1598#else
a1d1bb31 1599 return -ENOSYS;
4c3a88a2
FB		 1600#endif
1601}
1602
a1d1bb31 1603/* Remove a specific breakpoint. */
9349b4f9 1604int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1605{
7d03f82f 1606#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1607 CPUBreakpoint *bp;
1608
72cf2d4f 1609 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1610 if (bp->pc == pc && bp->flags == flags) {
1611 cpu_breakpoint_remove_by_ref(env, bp);
1612 return 0;
1613 }
7d03f82f 1614 }
a1d1bb31
AL		 1615 return -ENOENT;
1616#else
1617 return -ENOSYS;
7d03f82f
EI		 1618#endif
1619}
1620
a1d1bb31 1621/* Remove a specific breakpoint by reference. */
9349b4f9 1622void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1623{
1fddef4b 1624#if defined(TARGET_HAS_ICE)
72cf2d4f 1625 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1626
a1d1bb31
AL		 1627 breakpoint_invalidate(env, breakpoint->pc);
1628
7267c094 1629 g_free(breakpoint);
a1d1bb31
AL		 1630#endif
1631}
1632
1633/* Remove all matching breakpoints. */
9349b4f9 1634void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1635{
1636#if defined(TARGET_HAS_ICE)
c0ce998e 1637 CPUBreakpoint *bp, *next;
a1d1bb31 1638
72cf2d4f 1639 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1640 if (bp->flags & mask)
1641 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1642 }
4c3a88a2
FB		 1643#endif
1644}
1645
c33a346e
FB		 1646/* enable or disable single step mode. EXCP_DEBUG is returned by the
1647 CPU loop after each instruction */
9349b4f9 1648void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1649{
1fddef4b 1650#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1651 if (env->singlestep_enabled != enabled) {
1652 env->singlestep_enabled = enabled;
e22a25c9
AL		 1653 if (kvm_enabled())
1654 kvm_update_guest_debug(env, 0);
1655 else {
ccbb4d44 1656 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1657 /* XXX: only flush what is necessary */
1658 tb_flush(env);
1659 }
c33a346e
FB		 1660 }
1661#endif
1662}
1663
9349b4f9 1664static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1665{
3098dba0
AJ		 1666 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1667 problem and hope the cpu will stop of its own accord. For userspace
1668 emulation this often isn't actually as bad as it sounds. Often
1669 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1670 TranslationBlock *tb;
c227f099 1671 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1672
cab1b4bd 1673 spin_lock(&interrupt_lock);
3098dba0
AJ		 1674 tb = env->current_tb;
1675 /* if the cpu is currently executing code, we must unlink it and
1676 all the potentially executing TB */
f76cfe56 1677 if (tb) {
3098dba0
AJ		 1678 env->current_tb = NULL;
1679 tb_reset_jump_recursive(tb);
be214e6c 1680 }
cab1b4bd 1681 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1682}
1683
97ffbd8d 1684#ifndef CONFIG_USER_ONLY
3098dba0 1685/* mask must never be zero, except for A20 change call */
9349b4f9 1686static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1687{
1688 int old_mask;
be214e6c 1689
2e70f6ef 1690 old_mask = env->interrupt_request;
68a79315 1691 env->interrupt_request |= mask;
3098dba0 1692
8edac960
AL		 1693 /*
1694 * If called from iothread context, wake the target cpu in
1695 * case its halted.
1696 */
b7680cb6 1697 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1698 qemu_cpu_kick(env);
1699 return;
1700 }
8edac960 1701
2e70f6ef 1702 if (use_icount) {
266910c4 1703 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1704 if (!can_do_io(env)
be214e6c 1705 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1706 cpu_abort(env, "Raised interrupt while not in I/O function");
1707 }
2e70f6ef 1708 } else {
3098dba0 1709 cpu_unlink_tb(env);
ea041c0e
FB		 1710 }
1711}
1712
ec6959d0
JK		 1713CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1714
97ffbd8d
JK		 1715#else /* CONFIG_USER_ONLY */
1716
9349b4f9 1717void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1718{
1719 env->interrupt_request |= mask;
1720 cpu_unlink_tb(env);
1721}
1722#endif /* CONFIG_USER_ONLY */
1723
9349b4f9 1724void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1725{
1726 env->interrupt_request &= ~mask;
1727}
1728
9349b4f9 1729void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1730{
1731 env->exit_request = 1;
1732 cpu_unlink_tb(env);
1733}
1734
9349b4f9 1735void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1736{
1737 va_list ap;
493ae1f0 1738 va_list ap2;
7501267e
FB		 1739
1740 va_start(ap, fmt);
493ae1f0 1741 va_copy(ap2, ap);
7501267e
FB		 1742 fprintf(stderr, "qemu: fatal: ");
1743 vfprintf(stderr, fmt, ap);
1744 fprintf(stderr, "\n");
1745#ifdef TARGET_I386
7fe48483
FB		 1746 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1747#else
1748 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1749#endif
93fcfe39
AL		 1750 if (qemu_log_enabled()) {
1751 qemu_log("qemu: fatal: ");
1752 qemu_log_vprintf(fmt, ap2);
1753 qemu_log("\n");
f9373291 1754#ifdef TARGET_I386
93fcfe39 1755 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1756#else
93fcfe39 1757 log_cpu_state(env, 0);
f9373291 1758#endif
31b1a7b4 1759 qemu_log_flush();
93fcfe39 1760 qemu_log_close();
924edcae 1761 }
493ae1f0 1762 va_end(ap2);
f9373291 1763 va_end(ap);
fd052bf6
RV		 1764#if defined(CONFIG_USER_ONLY)
1765 {
1766 struct sigaction act;
1767 sigfillset(&act.sa_mask);
1768 act.sa_handler = SIG_DFL;
1769 sigaction(SIGABRT, &act, NULL);
1770 }
1771#endif
7501267e
FB		 1772 abort();
1773}
1774
9349b4f9 1775CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1776{
9349b4f9
AF		 1777 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1778 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1779 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1780#if defined(TARGET_HAS_ICE)
1781 CPUBreakpoint *bp;
1782 CPUWatchpoint *wp;
1783#endif
1784
9349b4f9 1785 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1786
1787 /* Preserve chaining and index. */
c5be9f08
TS		 1788 new_env->next_cpu = next_cpu;
1789 new_env->cpu_index = cpu_index;
5a38f081
AL		 1790
1791 /* Clone all break/watchpoints.
1792 Note: Once we support ptrace with hw-debug register access, make sure
1793 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1794 QTAILQ_INIT(&env->breakpoints);
1795 QTAILQ_INIT(&env->watchpoints);
5a38f081 1796#if defined(TARGET_HAS_ICE)
72cf2d4f 1797 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1798 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1799 }
72cf2d4f 1800 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1801 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1802 wp->flags, NULL);
1803 }
1804#endif
1805
c5be9f08
TS		 1806 return new_env;
1807}
1808
0124311e 1809#if !defined(CONFIG_USER_ONLY)
0cac1b66 1810void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1811{
1812 unsigned int i;
1813
1814 /* Discard jump cache entries for any tb which might potentially
1815 overlap the flushed page. */
1816 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1817 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1818 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1819
1820 i = tb_jmp_cache_hash_page(addr);
1821 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1822 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1823}
1824
d24981d3
JQ		 1825static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1826 uintptr_t length)
1827{
1828 uintptr_t start1;
1829
1830 /* we modify the TLB cache so that the dirty bit will be set again
1831 when accessing the range */
1832 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1833 /* Check that we don't span multiple blocks - this breaks the
1834 address comparisons below. */
1835 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1836 != (end - 1) - start) {
1837 abort();
1838 }
1839 cpu_tlb_reset_dirty_all(start1, length);
1840
1841}
1842
5579c7f3 1843/* Note: start and end must be within the same ram block. */
c227f099 1844void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1845 int dirty_flags)
1ccde1cb 1846{
d24981d3 1847 uintptr_t length;
1ccde1cb
FB		 1848
1849 start &= TARGET_PAGE_MASK;
1850 end = TARGET_PAGE_ALIGN(end);
1851
1852 length = end - start;
1853 if (length == 0)
1854 return;
f7c11b53 1855 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1856
d24981d3
JQ		 1857 if (tcg_enabled()) {
1858 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1859 }
1ccde1cb
FB		 1860}
1861
74576198
AL		 1862int cpu_physical_memory_set_dirty_tracking(int enable)
1863{
f6f3fbca 1864 int ret = 0;
74576198 1865 in_migration = enable;
f6f3fbca 1866 return ret;
74576198
AL		 1867}
1868
e5548617
BS		 1869target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1870 MemoryRegionSection *section,
1871 target_ulong vaddr,
1872 target_phys_addr_t paddr,
1873 int prot,
1874 target_ulong *address)
1875{
1876 target_phys_addr_t iotlb;
1877 CPUWatchpoint *wp;
1878
cc5bea60 1879 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1880 /* Normal RAM. */
1881 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1882 + memory_region_section_addr(section, paddr);
e5548617
BS		 1883 if (!section->readonly) {
1884 iotlb |= phys_section_notdirty;
1885 } else {
1886 iotlb |= phys_section_rom;
1887 }
1888 } else {
1889 /* IO handlers are currently passed a physical address.
1890 It would be nice to pass an offset from the base address
1891 of that region. This would avoid having to special case RAM,
1892 and avoid full address decoding in every device.
1893 We can't use the high bits of pd for this because
1894 IO_MEM_ROMD uses these as a ram address. */
1895 iotlb = section - phys_sections;
cc5bea60 1896 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1897 }
1898
1899 /* Make accesses to pages with watchpoints go via the
1900 watchpoint trap routines. */
1901 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1902 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1903 /* Avoid trapping reads of pages with a write breakpoint. */
1904 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1905 iotlb = phys_section_watch + paddr;
1906 *address |= TLB_MMIO;
1907 break;
1908 }
1909 }
1910 }
1911
1912 return iotlb;
1913}
1914
0124311e 1915#else
edf8e2af
MW		 1916/*
1917 * Walks guest process memory "regions" one by one
1918 * and calls callback function 'fn' for each region.
1919 */
5cd2c5b6
RH		 1920
1921struct walk_memory_regions_data
1922{
1923 walk_memory_regions_fn fn;
1924 void *priv;
8efe0ca8 1925 uintptr_t start;
5cd2c5b6
RH		 1926 int prot;
1927};
1928
1929static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1930 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1931{
1932 if (data->start != -1ul) {
1933 int rc = data->fn(data->priv, data->start, end, data->prot);
1934 if (rc != 0) {
1935 return rc;
1936 }
1937 }
1938
1939 data->start = (new_prot ? end : -1ul);
1940 data->prot = new_prot;
1941
1942 return 0;
1943}
1944
1945static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1946 abi_ulong base, int level, void **lp)
5cd2c5b6 1947{
b480d9b7 1948 abi_ulong pa;
5cd2c5b6
RH		 1949 int i, rc;
1950
1951 if (*lp == NULL) {
1952 return walk_memory_regions_end(data, base, 0);
1953 }
1954
1955 if (level == 0) {
1956 PageDesc *pd = *lp;
7296abac 1957 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1958 int prot = pd[i].flags;
1959
1960 pa = base | (i << TARGET_PAGE_BITS);
1961 if (prot != data->prot) {
1962 rc = walk_memory_regions_end(data, pa, prot);
1963 if (rc != 0) {
1964 return rc;
9fa3e853 1965 }
9fa3e853 1966 }
5cd2c5b6
RH		 1967 }
1968 } else {
1969 void **pp = *lp;
7296abac 1970 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1971 pa = base | ((abi_ulong)i <<
1972 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1973 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1974 if (rc != 0) {
1975 return rc;
1976 }
1977 }
1978 }
1979
1980 return 0;
1981}
1982
1983int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1984{
1985 struct walk_memory_regions_data data;
8efe0ca8 1986 uintptr_t i;
5cd2c5b6
RH		 1987
1988 data.fn = fn;
1989 data.priv = priv;
1990 data.start = -1ul;
1991 data.prot = 0;
1992
1993 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1994 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1995 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1996 if (rc != 0) {
1997 return rc;
9fa3e853 1998 }
33417e70 1999 }
5cd2c5b6
RH		 2000
2001 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2002}
2003
b480d9b7
PB		 2004static int dump_region(void *priv, abi_ulong start,
2005 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2006{
2007 FILE *f = (FILE *)priv;
2008
b480d9b7
PB		 2009 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2010 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2011 start, end, end - start,
2012 ((prot & PAGE_READ) ? 'r' : '-'),
2013 ((prot & PAGE_WRITE) ? 'w' : '-'),
2014 ((prot & PAGE_EXEC) ? 'x' : '-'));
2015
2016 return (0);
2017}
2018
2019/* dump memory mappings */
2020void page_dump(FILE *f)
2021{
2022 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2023 "start", "end", "size", "prot");
2024 walk_memory_regions(f, dump_region);
33417e70
FB		 2025}
2026
53a5960a 2027int page_get_flags(target_ulong address)
33417e70 2028{
9fa3e853
FB		 2029 PageDesc *p;
2030
2031 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2032 if (!p)
9fa3e853
FB		 2033 return 0;
2034 return p->flags;
2035}
2036
376a7909
RH		 2037/* Modify the flags of a page and invalidate the code if necessary.
2038 The flag PAGE_WRITE_ORG is positioned automatically depending
2039 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2040void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2041{
376a7909
RH		 2042 target_ulong addr, len;
2043
2044 /* This function should never be called with addresses outside the
2045 guest address space. If this assert fires, it probably indicates
2046 a missing call to h2g_valid. */
b480d9b7
PB		 2047#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2048 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2049#endif
2050 assert(start < end);
9fa3e853
FB		 2051
2052 start = start & TARGET_PAGE_MASK;
2053 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2054
2055 if (flags & PAGE_WRITE) {
9fa3e853 2056 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2057 }
2058
2059 for (addr = start, len = end - start;
2060 len != 0;
2061 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2062 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2063
2064 /* If the write protection bit is set, then we invalidate
2065 the code inside. */
5fafdf24 2066 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2067 (flags & PAGE_WRITE) &&
2068 p->first_tb) {
d720b93d 2069 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2070 }
2071 p->flags = flags;
2072 }
33417e70
FB		 2073}
2074
3d97b40b
TS		 2075int page_check_range(target_ulong start, target_ulong len, int flags)
2076{
2077 PageDesc *p;
2078 target_ulong end;
2079 target_ulong addr;
2080
376a7909
RH		 2081 /* This function should never be called with addresses outside the
2082 guest address space. If this assert fires, it probably indicates
2083 a missing call to h2g_valid. */
338e9e6c
BS		 2084#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2085 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2086#endif
2087
3e0650a9
RH		 2088 if (len == 0) {
2089 return 0;
2090 }
376a7909
RH		 2091 if (start + len - 1 < start) {
2092 /* We've wrapped around. */
55f280c9 2093 return -1;
376a7909 2094 }
55f280c9 2095
3d97b40b
TS		 2096 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2097 start = start & TARGET_PAGE_MASK;
2098
376a7909
RH		 2099 for (addr = start, len = end - start;
2100 len != 0;
2101 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2102 p = page_find(addr >> TARGET_PAGE_BITS);
2103 if( !p )
2104 return -1;
2105 if( !(p->flags & PAGE_VALID) )
2106 return -1;
2107
dae3270c 2108 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2109 return -1;
dae3270c
FB		 2110 if (flags & PAGE_WRITE) {
2111 if (!(p->flags & PAGE_WRITE_ORG))
2112 return -1;
2113 /* unprotect the page if it was put read-only because it
2114 contains translated code */
2115 if (!(p->flags & PAGE_WRITE)) {
2116 if (!page_unprotect(addr, 0, NULL))
2117 return -1;
2118 }
2119 return 0;
2120 }
3d97b40b
TS		 2121 }
2122 return 0;
2123}
2124
9fa3e853 2125/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2126 page. Return TRUE if the fault was successfully handled. */
6375e09e 2127int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2128{
45d679d6
AJ		 2129 unsigned int prot;
2130 PageDesc *p;
53a5960a 2131 target_ulong host_start, host_end, addr;
9fa3e853 2132
c8a706fe
PB		 2133 /* Technically this isn't safe inside a signal handler. However we
2134 know this only ever happens in a synchronous SEGV handler, so in
2135 practice it seems to be ok. */
2136 mmap_lock();
2137
45d679d6
AJ		 2138 p = page_find(address >> TARGET_PAGE_BITS);
2139 if (!p) {
c8a706fe 2140 mmap_unlock();
9fa3e853 2141 return 0;
c8a706fe 2142 }
45d679d6 2143
9fa3e853
FB		 2144 /* if the page was really writable, then we change its
2145 protection back to writable */
45d679d6
AJ		 2146 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2147 host_start = address & qemu_host_page_mask;
2148 host_end = host_start + qemu_host_page_size;
2149
2150 prot = 0;
2151 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2152 p = page_find(addr >> TARGET_PAGE_BITS);
2153 p->flags |= PAGE_WRITE;
2154 prot |= p->flags;
2155
9fa3e853
FB		 2156 /* and since the content will be modified, we must invalidate
2157 the corresponding translated code. */
45d679d6 2158 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2159#ifdef DEBUG_TB_CHECK
45d679d6 2160 tb_invalidate_check(addr);
9fa3e853 2161#endif
9fa3e853 2162 }
45d679d6
AJ		 2163 mprotect((void *)g2h(host_start), qemu_host_page_size,
2164 prot & PAGE_BITS);
2165
2166 mmap_unlock();
2167 return 1;
9fa3e853 2168 }
c8a706fe 2169 mmap_unlock();
9fa3e853
FB		 2170 return 0;
2171}
9fa3e853
FB		 2172#endif /* defined(CONFIG_USER_ONLY) */
2173
e2eef170 2174#if !defined(CONFIG_USER_ONLY)
8da3ff18 2175
c04b2b78
PB		 2176#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2177typedef struct subpage_t {
70c68e44 2178 MemoryRegion iomem;
c04b2b78 2179 target_phys_addr_t base;
5312bd8b 2180 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2181} subpage_t;
2182
c227f099 2183static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2184 uint16_t section);
0f0cb164 2185static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2186static void destroy_page_desc(uint16_t section_index)
54688b1e 2187{
5312bd8b
AK		 2188 MemoryRegionSection *section = &phys_sections[section_index];
2189 MemoryRegion *mr = section->mr;
54688b1e
AK		 2190
2191 if (mr->subpage) {
2192 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2193 memory_region_destroy(&subpage->iomem);
2194 g_free(subpage);
2195 }
2196}
2197
4346ae3e 2198static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2199{
2200 unsigned i;
d6f2ea22 2201 PhysPageEntry *p;
54688b1e 2202
c19e8800 2203 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2204 return;
2205 }
2206
c19e8800 2207 p = phys_map_nodes[lp->ptr];
4346ae3e 2208 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2209 if (!p[i].is_leaf) {
54688b1e 2210 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2211 } else {
c19e8800 2212 destroy_page_desc(p[i].ptr);
54688b1e 2213 }
54688b1e 2214 }
07f07b31 2215 lp->is_leaf = 0;
c19e8800 2216 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2217}
2218
2219static void destroy_all_mappings(void)
2220{
3eef53df 2221 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2222 phys_map_nodes_reset();
54688b1e
AK		 2223}
2224
5312bd8b
AK		 2225static uint16_t phys_section_add(MemoryRegionSection *section)
2226{
2227 if (phys_sections_nb == phys_sections_nb_alloc) {
2228 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2229 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2230 phys_sections_nb_alloc);
2231 }
2232 phys_sections[phys_sections_nb] = *section;
2233 return phys_sections_nb++;
2234}
2235
2236static void phys_sections_clear(void)
2237{
2238 phys_sections_nb = 0;
2239}
2240
0f0cb164
AK		 2241static void register_subpage(MemoryRegionSection *section)
2242{
2243 subpage_t *subpage;
2244 target_phys_addr_t base = section->offset_within_address_space
2245 & TARGET_PAGE_MASK;
f3705d53 2246 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2247 MemoryRegionSection subsection = {
2248 .offset_within_address_space = base,
2249 .size = TARGET_PAGE_SIZE,
2250 };
0f0cb164
AK		 2251 target_phys_addr_t start, end;
2252
f3705d53 2253 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2254
f3705d53 2255 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2256 subpage = subpage_init(base);
2257 subsection.mr = &subpage->iomem;
2999097b
AK		 2258 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2259 phys_section_add(&subsection));
0f0cb164 2260 } else {
f3705d53 2261 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2262 }
2263 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2264 end = start + section->size - 1;
0f0cb164
AK		 2265 subpage_register(subpage, start, end, phys_section_add(section));
2266}
2267
2268
2269static void register_multipage(MemoryRegionSection *section)
33417e70 2270{
dd81124b
AK		 2271 target_phys_addr_t start_addr = section->offset_within_address_space;
2272 ram_addr_t size = section->size;
2999097b 2273 target_phys_addr_t addr;
5312bd8b 2274 uint16_t section_index = phys_section_add(section);
dd81124b 2275
3b8e6a2d 2276 assert(size);
f6f3fbca 2277
3b8e6a2d 2278 addr = start_addr;
2999097b
AK		 2279 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2280 section_index);
33417e70
FB		 2281}
2282
0f0cb164
AK		 2283void cpu_register_physical_memory_log(MemoryRegionSection *section,
2284 bool readonly)
2285{
2286 MemoryRegionSection now = *section, remain = *section;
2287
2288 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2289 || (now.size < TARGET_PAGE_SIZE)) {
2290 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2291 - now.offset_within_address_space,
2292 now.size);
2293 register_subpage(&now);
2294 remain.size -= now.size;
2295 remain.offset_within_address_space += now.size;
2296 remain.offset_within_region += now.size;
2297 }
69b67646
TH		 2298 while (remain.size >= TARGET_PAGE_SIZE) {
2299 now = remain;
2300 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2301 now.size = TARGET_PAGE_SIZE;
2302 register_subpage(&now);
2303 } else {
2304 now.size &= TARGET_PAGE_MASK;
2305 register_multipage(&now);
2306 }
0f0cb164
AK		 2307 remain.size -= now.size;
2308 remain.offset_within_address_space += now.size;
2309 remain.offset_within_region += now.size;
2310 }
2311 now = remain;
2312 if (now.size) {
2313 register_subpage(&now);
2314 }
2315}
2316
2317
c227f099 2318void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2319{
2320 if (kvm_enabled())
2321 kvm_coalesce_mmio_region(addr, size);
2322}
2323
c227f099 2324void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2325{
2326 if (kvm_enabled())
2327 kvm_uncoalesce_mmio_region(addr, size);
2328}
2329
62a2744c
SY		 2330void qemu_flush_coalesced_mmio_buffer(void)
2331{
2332 if (kvm_enabled())
2333 kvm_flush_coalesced_mmio_buffer();
2334}
2335
c902760f
MT		 2336#if defined(__linux__) && !defined(TARGET_S390X)
2337
2338#include <sys/vfs.h>
2339
2340#define HUGETLBFS_MAGIC 0x958458f6
2341
2342static long gethugepagesize(const char *path)
2343{
2344 struct statfs fs;
2345 int ret;
2346
2347 do {
9742bf26 2348 ret = statfs(path, &fs);
c902760f
MT		 2349 } while (ret != 0 && errno == EINTR);
2350
2351 if (ret != 0) {
9742bf26
YT		 2352 perror(path);
2353 return 0;
c902760f
MT		 2354 }
2355
2356 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2357 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2358
2359 return fs.f_bsize;
2360}
2361
04b16653
AW		 2362static void *file_ram_alloc(RAMBlock *block,
2363 ram_addr_t memory,
2364 const char *path)
c902760f
MT		 2365{
2366 char *filename;
2367 void *area;
2368 int fd;
2369#ifdef MAP_POPULATE
2370 int flags;
2371#endif
2372 unsigned long hpagesize;
2373
2374 hpagesize = gethugepagesize(path);
2375 if (!hpagesize) {
9742bf26 2376 return NULL;
c902760f
MT		 2377 }
2378
2379 if (memory < hpagesize) {
2380 return NULL;
2381 }
2382
2383 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2384 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2385 return NULL;
2386 }
2387
2388 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2389 return NULL;
c902760f
MT		 2390 }
2391
2392 fd = mkstemp(filename);
2393 if (fd < 0) {
9742bf26
YT		 2394 perror("unable to create backing store for hugepages");
2395 free(filename);
2396 return NULL;
c902760f
MT		 2397 }
2398 unlink(filename);
2399 free(filename);
2400
2401 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2402
2403 /*
2404 * ftruncate is not supported by hugetlbfs in older
2405 * hosts, so don't bother bailing out on errors.
2406 * If anything goes wrong with it under other filesystems,
2407 * mmap will fail.
2408 */
2409 if (ftruncate(fd, memory))
9742bf26 2410 perror("ftruncate");
c902760f
MT		 2411
2412#ifdef MAP_POPULATE
2413 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2414 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2415 * to sidestep this quirk.
2416 */
2417 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2418 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2419#else
2420 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2421#endif
2422 if (area == MAP_FAILED) {
9742bf26
YT		 2423 perror("file_ram_alloc: can't mmap RAM pages");
2424 close(fd);
2425 return (NULL);
c902760f 2426 }
04b16653 2427 block->fd = fd;
c902760f
MT		 2428 return area;
2429}
2430#endif
2431
d17b5288 2432static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2433{
2434 RAMBlock *block, *next_block;
3e837b2c 2435 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2436
2437 if (QLIST_EMPTY(&ram_list.blocks))
2438 return 0;
2439
2440 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2441 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2442
2443 end = block->offset + block->length;
2444
2445 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2446 if (next_block->offset >= end) {
2447 next = MIN(next, next_block->offset);
2448 }
2449 }
2450 if (next - end >= size && next - end < mingap) {
3e837b2c 2451 offset = end;
04b16653
AW		 2452 mingap = next - end;
2453 }
2454 }
3e837b2c
AW		 2455
2456 if (offset == RAM_ADDR_MAX) {
2457 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2458 (uint64_t)size);
2459 abort();
2460 }
2461
04b16653
AW		 2462 return offset;
2463}
2464
2465static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2466{
2467 RAMBlock *block;
2468 ram_addr_t last = 0;
2469
2470 QLIST_FOREACH(block, &ram_list.blocks, next)
2471 last = MAX(last, block->offset + block->length);
2472
2473 return last;
2474}
2475
ddb97f1d
JB		 2476static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2477{
2478 int ret;
2479 QemuOpts *machine_opts;
2480
2481 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2482 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2483 if (machine_opts &&
2484 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2485 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2486 if (ret) {
2487 perror("qemu_madvise");
2488 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2489 "but dump_guest_core=off specified\n");
2490 }
2491 }
2492}
2493
c5705a77 2494void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2495{
2496 RAMBlock *new_block, *block;
2497
c5705a77
AK		 2498 new_block = NULL;
2499 QLIST_FOREACH(block, &ram_list.blocks, next) {
2500 if (block->offset == addr) {
2501 new_block = block;
2502 break;
2503 }
2504 }
2505 assert(new_block);
2506 assert(!new_block->idstr[0]);
84b89d78 2507
09e5ab63
AL		 2508 if (dev) {
2509 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2510 if (id) {
2511 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2512 g_free(id);
84b89d78
CM		 2513 }
2514 }
2515 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2516
2517 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2518 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2519 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2520 new_block->idstr);
2521 abort();
2522 }
2523 }
c5705a77
AK		 2524}
2525
8490fc78
LC		 2526static int memory_try_enable_merging(void *addr, size_t len)
2527{
2528 QemuOpts *opts;
2529
2530 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2531 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2532 /* disabled by the user */
2533 return 0;
2534 }
2535
2536 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2537}
2538
c5705a77
AK		 2539ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2540 MemoryRegion *mr)
2541{
2542 RAMBlock *new_block;
2543
2544 size = TARGET_PAGE_ALIGN(size);
2545 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2546
7c637366 2547 new_block->mr = mr;
432d268c 2548 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2549 if (host) {
2550 new_block->host = host;
cd19cfa2 2551 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2552 } else {
2553 if (mem_path) {
c902760f 2554#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2555 new_block->host = file_ram_alloc(new_block, size, mem_path);
2556 if (!new_block->host) {
2557 new_block->host = qemu_vmalloc(size);
8490fc78 2558 memory_try_enable_merging(new_block->host, size);
6977dfe6 2559 }
c902760f 2560#else
6977dfe6
YT		 2561 fprintf(stderr, "-mem-path option unsupported\n");
2562 exit(1);
c902760f 2563#endif
6977dfe6 2564 } else {
868bb33f 2565 if (xen_enabled()) {
fce537d4 2566 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2567 } else if (kvm_enabled()) {
2568 /* some s390/kvm configurations have special constraints */
2569 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2570 } else {
2571 new_block->host = qemu_vmalloc(size);
2572 }
8490fc78 2573 memory_try_enable_merging(new_block->host, size);
6977dfe6 2574 }
c902760f 2575 }
94a6b54f
PB		 2576 new_block->length = size;
2577
f471a17e 2578 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2579
7267c094 2580 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2581 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2582 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2583 0, size >> TARGET_PAGE_BITS);
1720aeee 2584 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2585
ddb97f1d
JB		 2586 qemu_ram_setup_dump(new_block->host, size);
2587
6f0437e8
JK		 2588 if (kvm_enabled())
2589 kvm_setup_guest_memory(new_block->host, size);
2590
94a6b54f
PB		 2591 return new_block->offset;
2592}
e9a1ab19 2593
c5705a77 2594ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2595{
c5705a77 2596 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2597}
2598
1f2e98b6
AW		 2599void qemu_ram_free_from_ptr(ram_addr_t addr)
2600{
2601 RAMBlock *block;
2602
2603 QLIST_FOREACH(block, &ram_list.blocks, next) {
2604 if (addr == block->offset) {
2605 QLIST_REMOVE(block, next);
7267c094 2606 g_free(block);
1f2e98b6
AW		 2607 return;
2608 }
2609 }
2610}
2611
c227f099 2612void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2613{
04b16653
AW		 2614 RAMBlock *block;
2615
2616 QLIST_FOREACH(block, &ram_list.blocks, next) {
2617 if (addr == block->offset) {
2618 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2619 if (block->flags & RAM_PREALLOC_MASK) {
2620 ;
2621 } else if (mem_path) {
04b16653
AW		 2622#if defined (__linux__) && !defined(TARGET_S390X)
2623 if (block->fd) {
2624 munmap(block->host, block->length);
2625 close(block->fd);
2626 } else {
2627 qemu_vfree(block->host);
2628 }
fd28aa13
JK		 2629#else
2630 abort();
04b16653
AW		 2631#endif
2632 } else {
2633#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2634 munmap(block->host, block->length);
2635#else
868bb33f 2636 if (xen_enabled()) {
e41d7c69 2637 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2638 } else {
2639 qemu_vfree(block->host);
2640 }
04b16653
AW		 2641#endif
2642 }
7267c094 2643 g_free(block);
04b16653
AW		 2644 return;
2645 }
2646 }
2647
e9a1ab19
FB		 2648}
2649
cd19cfa2
HY		 2650#ifndef _WIN32
2651void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2652{
2653 RAMBlock *block;
2654 ram_addr_t offset;
2655 int flags;
2656 void *area, *vaddr;
2657
2658 QLIST_FOREACH(block, &ram_list.blocks, next) {
2659 offset = addr - block->offset;
2660 if (offset < block->length) {
2661 vaddr = block->host + offset;
2662 if (block->flags & RAM_PREALLOC_MASK) {
2663 ;
2664 } else {
2665 flags = MAP_FIXED;
2666 munmap(vaddr, length);
2667 if (mem_path) {
2668#if defined(__linux__) && !defined(TARGET_S390X)
2669 if (block->fd) {
2670#ifdef MAP_POPULATE
2671 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2672 MAP_PRIVATE;
2673#else
2674 flags |= MAP_PRIVATE;
2675#endif
2676 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2677 flags, block->fd, offset);
2678 } else {
2679 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2680 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2681 flags, -1, 0);
2682 }
fd28aa13
JK		 2683#else
2684 abort();
cd19cfa2
HY		 2685#endif
2686 } else {
2687#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2688 flags |= MAP_SHARED | MAP_ANONYMOUS;
2689 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2690 flags, -1, 0);
2691#else
2692 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2693 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2694 flags, -1, 0);
2695#endif
2696 }
2697 if (area != vaddr) {
f15fbc4b
AP		 2698 fprintf(stderr, "Could not remap addr: "
2699 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2700 length, addr);
2701 exit(1);
2702 }
8490fc78 2703 memory_try_enable_merging(vaddr, length);
ddb97f1d 2704 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2705 }
2706 return;
2707 }
2708 }
2709}
2710#endif /* !_WIN32 */
2711
dc828ca1 2712/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2713 With the exception of the softmmu code in this file, this should
2714 only be used for local memory (e.g. video ram) that the device owns,
2715 and knows it isn't going to access beyond the end of the block.
2716
2717 It should not be used for general purpose DMA.
2718 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2719 */
c227f099 2720void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2721{
94a6b54f
PB		 2722 RAMBlock *block;
2723
f471a17e
AW		 2724 QLIST_FOREACH(block, &ram_list.blocks, next) {
2725 if (addr - block->offset < block->length) {
7d82af38
VP		 2726 /* Move this entry to to start of the list. */
2727 if (block != QLIST_FIRST(&ram_list.blocks)) {
2728 QLIST_REMOVE(block, next);
2729 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2730 }
868bb33f 2731 if (xen_enabled()) {
432d268c
JN		 2732 /* We need to check if the requested address is in the RAM
2733 * because we don't want to map the entire memory in QEMU.
712c2b41 2734 * In that case just map until the end of the page.
432d268c
JN		 2735 */
2736 if (block->offset == 0) {
e41d7c69 2737 return xen_map_cache(addr, 0, 0);
432d268c 2738 } else if (block->host == NULL) {
e41d7c69
JK		 2739 block->host =
2740 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2741 }
2742 }
f471a17e
AW		 2743 return block->host + (addr - block->offset);
2744 }
94a6b54f 2745 }
f471a17e
AW		 2746
2747 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2748 abort();
2749
2750 return NULL;
dc828ca1
PB		 2751}
2752
b2e0a138
MT		 2753/* Return a host pointer to ram allocated with qemu_ram_alloc.
2754 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2755 */
2756void *qemu_safe_ram_ptr(ram_addr_t addr)
2757{
2758 RAMBlock *block;
2759
2760 QLIST_FOREACH(block, &ram_list.blocks, next) {
2761 if (addr - block->offset < block->length) {
868bb33f 2762 if (xen_enabled()) {
432d268c
JN		 2763 /* We need to check if the requested address is in the RAM
2764 * because we don't want to map the entire memory in QEMU.
712c2b41 2765 * In that case just map until the end of the page.
432d268c
JN		 2766 */
2767 if (block->offset == 0) {
e41d7c69 2768 return xen_map_cache(addr, 0, 0);
432d268c 2769 } else if (block->host == NULL) {
e41d7c69
JK		 2770 block->host =
2771 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2772 }
2773 }
b2e0a138
MT		 2774 return block->host + (addr - block->offset);
2775 }
2776 }
2777
2778 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2779 abort();
2780
2781 return NULL;
2782}
2783
38bee5dc
SS		 2784/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2785 * but takes a size argument */
8ab934f9 2786void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2787{
8ab934f9
SS		 2788 if (*size == 0) {
2789 return NULL;
2790 }
868bb33f 2791 if (xen_enabled()) {
e41d7c69 2792 return xen_map_cache(addr, *size, 1);
868bb33f 2793 } else {
38bee5dc
SS		 2794 RAMBlock *block;
2795
2796 QLIST_FOREACH(block, &ram_list.blocks, next) {
2797 if (addr - block->offset < block->length) {
2798 if (addr - block->offset + *size > block->length)
2799 *size = block->length - addr + block->offset;
2800 return block->host + (addr - block->offset);
2801 }
2802 }
2803
2804 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2805 abort();
38bee5dc
SS		 2806 }
2807}
2808
050a0ddf
AP		 2809void qemu_put_ram_ptr(void *addr)
2810{
2811 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2812}
2813
e890261f 2814int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2815{
94a6b54f
PB		 2816 RAMBlock *block;
2817 uint8_t *host = ptr;
2818
868bb33f 2819 if (xen_enabled()) {
e41d7c69 2820 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2821 return 0;
2822 }
2823
f471a17e 2824 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2825 /* This case append when the block is not mapped. */
2826 if (block->host == NULL) {
2827 continue;
2828 }
f471a17e 2829 if (host - block->host < block->length) {
e890261f
MT		 2830 *ram_addr = block->offset + (host - block->host);
2831 return 0;
f471a17e 2832 }
94a6b54f 2833 }
432d268c 2834
e890261f
MT		 2835 return -1;
2836}
f471a17e 2837
e890261f
MT		 2838/* Some of the softmmu routines need to translate from a host pointer
2839 (typically a TLB entry) back to a ram offset. */
2840ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2841{
2842 ram_addr_t ram_addr;
f471a17e 2843
e890261f
MT		 2844 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2845 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2846 abort();
2847 }
2848 return ram_addr;
5579c7f3
PB		 2849}
2850
0e0df1e2
AK		 2851static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2852 unsigned size)
e18231a3
BS		 2853{
2854#ifdef DEBUG_UNASSIGNED
2855 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2856#endif
5b450407 2857#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2858 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2859#endif
2860 return 0;
2861}
2862
0e0df1e2
AK		 2863static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2864 uint64_t val, unsigned size)
e18231a3
BS		 2865{
2866#ifdef DEBUG_UNASSIGNED
0e0df1e2 2867 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2868#endif
5b450407 2869#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2870 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2871#endif
33417e70
FB		 2872}
2873
0e0df1e2
AK		 2874static const MemoryRegionOps unassigned_mem_ops = {
2875 .read = unassigned_mem_read,
2876 .write = unassigned_mem_write,
2877 .endianness = DEVICE_NATIVE_ENDIAN,
2878};
e18231a3 2879
0e0df1e2
AK		 2880static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2881 unsigned size)
e18231a3 2882{
0e0df1e2 2883 abort();
e18231a3
BS		 2884}
2885
0e0df1e2
AK		 2886static void error_mem_write(void *opaque, target_phys_addr_t addr,
2887 uint64_t value, unsigned size)
e18231a3 2888{
0e0df1e2 2889 abort();
33417e70
FB		 2890}
2891
0e0df1e2
AK		 2892static const MemoryRegionOps error_mem_ops = {
2893 .read = error_mem_read,
2894 .write = error_mem_write,
2895 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2896};
2897
0e0df1e2
AK		 2898static const MemoryRegionOps rom_mem_ops = {
2899 .read = error_mem_read,
2900 .write = unassigned_mem_write,
2901 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2902};
2903
0e0df1e2
AK		 2904static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2905 uint64_t val, unsigned size)
9fa3e853 2906{
3a7d929e 2907 int dirty_flags;
f7c11b53 2908 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2909 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2910#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2911 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2912 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2913#endif
3a7d929e 2914 }
0e0df1e2
AK		 2915 switch (size) {
2916 case 1:
2917 stb_p(qemu_get_ram_ptr(ram_addr), val);
2918 break;
2919 case 2:
2920 stw_p(qemu_get_ram_ptr(ram_addr), val);
2921 break;
2922 case 4:
2923 stl_p(qemu_get_ram_ptr(ram_addr), val);
2924 break;
2925 default:
2926 abort();
3a7d929e 2927 }
f23db169 2928 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2929 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2930 /* we remove the notdirty callback only if the code has been
2931 flushed */
2932 if (dirty_flags == 0xff)
2e70f6ef 2933 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2934}
2935
0e0df1e2
AK		 2936static const MemoryRegionOps notdirty_mem_ops = {
2937 .read = error_mem_read,
2938 .write = notdirty_mem_write,
2939 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2940};
2941
0f459d16 2942/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2943static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2944{
9349b4f9 2945 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2946 target_ulong pc, cs_base;
2947 TranslationBlock *tb;
0f459d16 2948 target_ulong vaddr;
a1d1bb31 2949 CPUWatchpoint *wp;
06d55cc1 2950 int cpu_flags;
0f459d16 2951
06d55cc1
AL		 2952 if (env->watchpoint_hit) {
2953 /* We re-entered the check after replacing the TB. Now raise
2954 * the debug interrupt so that is will trigger after the
2955 * current instruction. */
2956 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2957 return;
2958 }
2e70f6ef 2959 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2960 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2961 if ((vaddr == (wp->vaddr & len_mask) ||
2962 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2963 wp->flags |= BP_WATCHPOINT_HIT;
2964 if (!env->watchpoint_hit) {
2965 env->watchpoint_hit = wp;
2966 tb = tb_find_pc(env->mem_io_pc);
2967 if (!tb) {
2968 cpu_abort(env, "check_watchpoint: could not find TB for "
2969 "pc=%p", (void *)env->mem_io_pc);
2970 }
618ba8e6 2971 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2972 tb_phys_invalidate(tb, -1);
2973 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2974 env->exception_index = EXCP_DEBUG;
488d6577 2975 cpu_loop_exit(env);
6e140f28
AL		 2976 } else {
2977 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2978 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2979 cpu_resume_from_signal(env, NULL);
6e140f28 2980 }
06d55cc1 2981 }
6e140f28
AL		 2982 } else {
2983 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2984 }
2985 }
2986}
2987
6658ffb8
PB		 2988/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2989 so these check for a hit then pass through to the normal out-of-line
2990 phys routines. */
1ec9b909
AK		 2991static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
2992 unsigned size)
6658ffb8 2993{
1ec9b909
AK		 2994 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2995 switch (size) {
2996 case 1: return ldub_phys(addr);
2997 case 2: return lduw_phys(addr);
2998 case 4: return ldl_phys(addr);
2999 default: abort();
3000 }
6658ffb8
PB		 3001}
3002
1ec9b909
AK		 3003static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3004 uint64_t val, unsigned size)
6658ffb8 3005{
1ec9b909
AK		 3006 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3007 switch (size) {
67364150
MF		 3008 case 1:
3009 stb_phys(addr, val);
3010 break;
3011 case 2:
3012 stw_phys(addr, val);
3013 break;
3014 case 4:
3015 stl_phys(addr, val);
3016 break;
1ec9b909
AK		 3017 default: abort();
3018 }
6658ffb8
PB		 3019}
3020
1ec9b909
AK		 3021static const MemoryRegionOps watch_mem_ops = {
3022 .read = watch_mem_read,
3023 .write = watch_mem_write,
3024 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3025};
6658ffb8 3026
70c68e44
AK		 3027static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3028 unsigned len)
db7b5426 3029{
70c68e44 3030 subpage_t *mmio = opaque;
f6405247 3031 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3032 MemoryRegionSection *section;
db7b5426
BS		 3033#if defined(DEBUG_SUBPAGE)
3034 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3035 mmio, len, addr, idx);
3036#endif
db7b5426 3037
5312bd8b
AK		 3038 section = &phys_sections[mmio->sub_section[idx]];
3039 addr += mmio->base;
3040 addr -= section->offset_within_address_space;
3041 addr += section->offset_within_region;
37ec01d4 3042 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3043}
3044
70c68e44
AK		 3045static void subpage_write(void *opaque, target_phys_addr_t addr,
3046 uint64_t value, unsigned len)
db7b5426 3047{
70c68e44 3048 subpage_t *mmio = opaque;
f6405247 3049 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3050 MemoryRegionSection *section;
db7b5426 3051#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3052 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3053 " idx %d value %"PRIx64"\n",
f6405247 3054 __func__, mmio, len, addr, idx, value);
db7b5426 3055#endif
f6405247 3056
5312bd8b
AK		 3057 section = &phys_sections[mmio->sub_section[idx]];
3058 addr += mmio->base;
3059 addr -= section->offset_within_address_space;
3060 addr += section->offset_within_region;
37ec01d4 3061 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3062}
3063
70c68e44
AK		 3064static const MemoryRegionOps subpage_ops = {
3065 .read = subpage_read,
3066 .write = subpage_write,
3067 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3068};
3069
de712f94
AK		 3070static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3071 unsigned size)
56384e8b
AF		 3072{
3073 ram_addr_t raddr = addr;
3074 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3075 switch (size) {
3076 case 1: return ldub_p(ptr);
3077 case 2: return lduw_p(ptr);
3078 case 4: return ldl_p(ptr);
3079 default: abort();
3080 }
56384e8b
AF		 3081}
3082
de712f94
AK		 3083static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3084 uint64_t value, unsigned size)
56384e8b
AF		 3085{
3086 ram_addr_t raddr = addr;
3087 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3088 switch (size) {
3089 case 1: return stb_p(ptr, value);
3090 case 2: return stw_p(ptr, value);
3091 case 4: return stl_p(ptr, value);
3092 default: abort();
3093 }
56384e8b
AF		 3094}
3095
de712f94
AK		 3096static const MemoryRegionOps subpage_ram_ops = {
3097 .read = subpage_ram_read,
3098 .write = subpage_ram_write,
3099 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3100};
3101
c227f099 3102static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3103 uint16_t section)
db7b5426
BS		 3104{
3105 int idx, eidx;
3106
3107 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3108 return -1;
3109 idx = SUBPAGE_IDX(start);
3110 eidx = SUBPAGE_IDX(end);
3111#if defined(DEBUG_SUBPAGE)
0bf9e31a 3112 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3113 mmio, start, end, idx, eidx, memory);
3114#endif
5312bd8b
AK		 3115 if (memory_region_is_ram(phys_sections[section].mr)) {
3116 MemoryRegionSection new_section = phys_sections[section];
3117 new_section.mr = &io_mem_subpage_ram;
3118 section = phys_section_add(&new_section);
56384e8b 3119 }
db7b5426 3120 for (; idx <= eidx; idx++) {
5312bd8b 3121 mmio->sub_section[idx] = section;
db7b5426
BS		 3122 }
3123
3124 return 0;
3125}
3126
0f0cb164 3127static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3128{
c227f099 3129 subpage_t *mmio;
db7b5426 3130
7267c094 3131 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3132
3133 mmio->base = base;
70c68e44
AK		 3134 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3135 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3136 mmio->iomem.subpage = true;
db7b5426 3137#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3138 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3139 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3140#endif
0f0cb164 3141 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3142
3143 return mmio;
3144}
3145
5312bd8b
AK		 3146static uint16_t dummy_section(MemoryRegion *mr)
3147{
3148 MemoryRegionSection section = {
3149 .mr = mr,
3150 .offset_within_address_space = 0,
3151 .offset_within_region = 0,
3152 .size = UINT64_MAX,
3153 };
3154
3155 return phys_section_add(&section);
3156}
3157
37ec01d4 3158MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3159{
37ec01d4 3160 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3161}
3162
e9179ce1
AK		 3163static void io_mem_init(void)
3164{
0e0df1e2 3165 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3166 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3167 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3168 "unassigned", UINT64_MAX);
3169 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3170 "notdirty", UINT64_MAX);
de712f94
AK		 3171 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3172 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3173 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3174 "watch", UINT64_MAX);
e9179ce1
AK		 3175}
3176
50c1e149
AK		 3177static void core_begin(MemoryListener *listener)
3178{
54688b1e 3179 destroy_all_mappings();
5312bd8b 3180 phys_sections_clear();
c19e8800 3181 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3182 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3183 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3184 phys_section_rom = dummy_section(&io_mem_rom);
3185 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3186}
3187
3188static void core_commit(MemoryListener *listener)
3189{
9349b4f9 3190 CPUArchState *env;
117712c3
AK		 3191
3192 /* since each CPU stores ram addresses in its TLB cache, we must
3193 reset the modified entries */
3194 /* XXX: slow ! */
3195 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3196 tlb_flush(env, 1);
3197 }
50c1e149
AK		 3198}
3199
93632747
AK		 3200static void core_region_add(MemoryListener *listener,
3201 MemoryRegionSection *section)
3202{
4855d41a 3203 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3204}
3205
3206static void core_region_del(MemoryListener *listener,
3207 MemoryRegionSection *section)
3208{
93632747
AK		 3209}
3210
50c1e149
AK		 3211static void core_region_nop(MemoryListener *listener,
3212 MemoryRegionSection *section)
3213{
54688b1e 3214 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3215}
3216
93632747
AK		 3217static void core_log_start(MemoryListener *listener,
3218 MemoryRegionSection *section)
3219{
3220}
3221
3222static void core_log_stop(MemoryListener *listener,
3223 MemoryRegionSection *section)
3224{
3225}
3226
3227static void core_log_sync(MemoryListener *listener,
3228 MemoryRegionSection *section)
3229{
3230}
3231
3232static void core_log_global_start(MemoryListener *listener)
3233{
3234 cpu_physical_memory_set_dirty_tracking(1);
3235}
3236
3237static void core_log_global_stop(MemoryListener *listener)
3238{
3239 cpu_physical_memory_set_dirty_tracking(0);
3240}
3241
3242static void core_eventfd_add(MemoryListener *listener,
3243 MemoryRegionSection *section,
753d5e14 3244 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3245{
3246}
3247
3248static void core_eventfd_del(MemoryListener *listener,
3249 MemoryRegionSection *section,
753d5e14 3250 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3251{
3252}
3253
50c1e149
AK		 3254static void io_begin(MemoryListener *listener)
3255{
3256}
3257
3258static void io_commit(MemoryListener *listener)
3259{
3260}
3261
4855d41a
AK		 3262static void io_region_add(MemoryListener *listener,
3263 MemoryRegionSection *section)
3264{
a2d33521
AK		 3265 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3266
3267 mrio->mr = section->mr;
3268 mrio->offset = section->offset_within_region;
3269 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3270 section->offset_within_address_space, section->size);
a2d33521 3271 ioport_register(&mrio->iorange);
4855d41a
AK		 3272}
3273
3274static void io_region_del(MemoryListener *listener,
3275 MemoryRegionSection *section)
3276{
3277 isa_unassign_ioport(section->offset_within_address_space, section->size);
3278}
3279
50c1e149
AK		 3280static void io_region_nop(MemoryListener *listener,
3281 MemoryRegionSection *section)
3282{
3283}
3284
4855d41a
AK		 3285static void io_log_start(MemoryListener *listener,
3286 MemoryRegionSection *section)
3287{
3288}
3289
3290static void io_log_stop(MemoryListener *listener,
3291 MemoryRegionSection *section)
3292{
3293}
3294
3295static void io_log_sync(MemoryListener *listener,
3296 MemoryRegionSection *section)
3297{
3298}
3299
3300static void io_log_global_start(MemoryListener *listener)
3301{
3302}
3303
3304static void io_log_global_stop(MemoryListener *listener)
3305{
3306}
3307
3308static void io_eventfd_add(MemoryListener *listener,
3309 MemoryRegionSection *section,
753d5e14 3310 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3311{
3312}
3313
3314static void io_eventfd_del(MemoryListener *listener,
3315 MemoryRegionSection *section,
753d5e14 3316 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3317{
3318}
3319
93632747 3320static MemoryListener core_memory_listener = {
50c1e149
AK		 3321 .begin = core_begin,
3322 .commit = core_commit,
93632747
AK		 3323 .region_add = core_region_add,
3324 .region_del = core_region_del,
50c1e149 3325 .region_nop = core_region_nop,
93632747
AK		 3326 .log_start = core_log_start,
3327 .log_stop = core_log_stop,
3328 .log_sync = core_log_sync,
3329 .log_global_start = core_log_global_start,
3330 .log_global_stop = core_log_global_stop,
3331 .eventfd_add = core_eventfd_add,
3332 .eventfd_del = core_eventfd_del,
3333 .priority = 0,
3334};
3335
4855d41a 3336static MemoryListener io_memory_listener = {
50c1e149
AK		 3337 .begin = io_begin,
3338 .commit = io_commit,
4855d41a
AK		 3339 .region_add = io_region_add,
3340 .region_del = io_region_del,
50c1e149 3341 .region_nop = io_region_nop,
4855d41a
AK		 3342 .log_start = io_log_start,
3343 .log_stop = io_log_stop,
3344 .log_sync = io_log_sync,
3345 .log_global_start = io_log_global_start,
3346 .log_global_stop = io_log_global_stop,
3347 .eventfd_add = io_eventfd_add,
3348 .eventfd_del = io_eventfd_del,
3349 .priority = 0,
3350};
3351
62152b8a
AK		 3352static void memory_map_init(void)
3353{
7267c094 3354 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3355 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3356 set_system_memory_map(system_memory);
309cb471 3357
7267c094 3358 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3359 memory_region_init(system_io, "io", 65536);
3360 set_system_io_map(system_io);
93632747 3361
4855d41a
AK		 3362 memory_listener_register(&core_memory_listener, system_memory);
3363 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3364}
3365
3366MemoryRegion *get_system_memory(void)
3367{
3368 return system_memory;
3369}
3370
309cb471
AK		 3371MemoryRegion *get_system_io(void)
3372{
3373 return system_io;
3374}
3375
e2eef170
PB		 3376#endif /* !defined(CONFIG_USER_ONLY) */
3377
13eb76e0
FB		 3378/* physical memory access (slow version, mainly for debug) */
3379#if defined(CONFIG_USER_ONLY)
9349b4f9 3380int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3381 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3382{
3383 int l, flags;
3384 target_ulong page;
53a5960a 3385 void * p;
13eb76e0
FB		 3386
3387 while (len > 0) {
3388 page = addr & TARGET_PAGE_MASK;
3389 l = (page + TARGET_PAGE_SIZE) - addr;
3390 if (l > len)
3391 l = len;
3392 flags = page_get_flags(page);
3393 if (!(flags & PAGE_VALID))
a68fe89c 3394 return -1;
13eb76e0
FB		 3395 if (is_write) {
3396 if (!(flags & PAGE_WRITE))
a68fe89c 3397 return -1;
579a97f7 3398 /* XXX: this code should not depend on lock_user */
72fb7daa 3399 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3400 return -1;
72fb7daa
AJ		 3401 memcpy(p, buf, l);
3402 unlock_user(p, addr, l);
13eb76e0
FB		 3403 } else {
3404 if (!(flags & PAGE_READ))
a68fe89c 3405 return -1;
579a97f7 3406 /* XXX: this code should not depend on lock_user */
72fb7daa 3407 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3408 return -1;
72fb7daa 3409 memcpy(buf, p, l);
5b257578 3410 unlock_user(p, addr, 0);
13eb76e0
FB		 3411 }
3412 len -= l;
3413 buf += l;
3414 addr += l;
3415 }
a68fe89c 3416 return 0;
13eb76e0 3417}
8df1cd07 3418
13eb76e0 3419#else
51d7a9eb
AP		 3420
3421static void invalidate_and_set_dirty(target_phys_addr_t addr,
3422 target_phys_addr_t length)
3423{
3424 if (!cpu_physical_memory_is_dirty(addr)) {
3425 /* invalidate code */
3426 tb_invalidate_phys_page_range(addr, addr + length, 0);
3427 /* set dirty bit */
3428 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3429 }
3430}
3431
c227f099 3432void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3433 int len, int is_write)
3434{
37ec01d4 3435 int l;
13eb76e0
FB		 3436 uint8_t *ptr;
3437 uint32_t val;
c227f099 3438 target_phys_addr_t page;
f3705d53 3439 MemoryRegionSection *section;
3b46e624 3440
13eb76e0
FB		 3441 while (len > 0) {
3442 page = addr & TARGET_PAGE_MASK;
3443 l = (page + TARGET_PAGE_SIZE) - addr;
3444 if (l > len)
3445 l = len;
06ef3525 3446 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3447
13eb76e0 3448 if (is_write) {
f3705d53 3449 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3450 target_phys_addr_t addr1;
cc5bea60 3451 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3452 /* XXX: could force cpu_single_env to NULL to avoid
3453 potential bugs */
6c2934db 3454 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3455 /* 32 bit write access */
c27004ec 3456 val = ldl_p(buf);
37ec01d4 3457 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3458 l = 4;
6c2934db 3459 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3460 /* 16 bit write access */
c27004ec 3461 val = lduw_p(buf);
37ec01d4 3462 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3463 l = 2;
3464 } else {
1c213d19 3465 /* 8 bit write access */
c27004ec 3466 val = ldub_p(buf);
37ec01d4 3467 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3468 l = 1;
3469 }
f3705d53 3470 } else if (!section->readonly) {
8ca5692d 3471 ram_addr_t addr1;
f3705d53 3472 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3473 + memory_region_section_addr(section, addr);
13eb76e0 3474 /* RAM case */
5579c7f3 3475 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3476 memcpy(ptr, buf, l);
51d7a9eb 3477 invalidate_and_set_dirty(addr1, l);
050a0ddf 3478 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3479 }
3480 } else {
cc5bea60
BS		 3481 if (!(memory_region_is_ram(section->mr) ||
3482 memory_region_is_romd(section->mr))) {
f1f6e3b8 3483 target_phys_addr_t addr1;
13eb76e0 3484 /* I/O case */
cc5bea60 3485 addr1 = memory_region_section_addr(section, addr);
6c2934db 3486 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3487 /* 32 bit read access */
37ec01d4 3488 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3489 stl_p(buf, val);
13eb76e0 3490 l = 4;
6c2934db 3491 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3492 /* 16 bit read access */
37ec01d4 3493 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3494 stw_p(buf, val);
13eb76e0
FB		 3495 l = 2;
3496 } else {
1c213d19 3497 /* 8 bit read access */
37ec01d4 3498 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3499 stb_p(buf, val);
13eb76e0
FB		 3500 l = 1;
3501 }
3502 } else {
3503 /* RAM case */
0a1b357f 3504 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3505 + memory_region_section_addr(section,
3506 addr));
f3705d53 3507 memcpy(buf, ptr, l);
050a0ddf 3508 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3509 }
3510 }
3511 len -= l;
3512 buf += l;
3513 addr += l;
3514 }
3515}
8df1cd07 3516
d0ecd2aa 3517/* used for ROM loading : can write in RAM and ROM */
c227f099 3518void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3519 const uint8_t *buf, int len)
3520{
3521 int l;
3522 uint8_t *ptr;
c227f099 3523 target_phys_addr_t page;
f3705d53 3524 MemoryRegionSection *section;
3b46e624 3525
d0ecd2aa
FB		 3526 while (len > 0) {
3527 page = addr & TARGET_PAGE_MASK;
3528 l = (page + TARGET_PAGE_SIZE) - addr;
3529 if (l > len)
3530 l = len;
06ef3525 3531 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3532
cc5bea60
BS		 3533 if (!(memory_region_is_ram(section->mr) ||
3534 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3535 /* do nothing */
3536 } else {
3537 unsigned long addr1;
f3705d53 3538 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3539 + memory_region_section_addr(section, addr);
d0ecd2aa 3540 /* ROM/RAM case */
5579c7f3 3541 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3542 memcpy(ptr, buf, l);
51d7a9eb 3543 invalidate_and_set_dirty(addr1, l);
050a0ddf 3544 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3545 }
3546 len -= l;
3547 buf += l;
3548 addr += l;
3549 }
3550}
3551
6d16c2f8
AL		 3552typedef struct {
3553 void *buffer;
c227f099
AL		 3554 target_phys_addr_t addr;
3555 target_phys_addr_t len;
6d16c2f8
AL		 3556} BounceBuffer;
3557
3558static BounceBuffer bounce;
3559
ba223c29
AL		 3560typedef struct MapClient {
3561 void *opaque;
3562 void (*callback)(void *opaque);
72cf2d4f 3563 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3564} MapClient;
3565
72cf2d4f
BS		 3566static QLIST_HEAD(map_client_list, MapClient) map_client_list
3567 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3568
3569void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3570{
7267c094 3571 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3572
3573 client->opaque = opaque;
3574 client->callback = callback;
72cf2d4f 3575 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3576 return client;
3577}
3578
3579void cpu_unregister_map_client(void *_client)
3580{
3581 MapClient *client = (MapClient *)_client;
3582
72cf2d4f 3583 QLIST_REMOVE(client, link);
7267c094 3584 g_free(client);
ba223c29
AL		 3585}
3586
3587static void cpu_notify_map_clients(void)
3588{
3589 MapClient *client;
3590
72cf2d4f
BS		 3591 while (!QLIST_EMPTY(&map_client_list)) {
3592 client = QLIST_FIRST(&map_client_list);
ba223c29 3593 client->callback(client->opaque);
34d5e948 3594 cpu_unregister_map_client(client);
ba223c29
AL		 3595 }
3596}
3597
6d16c2f8
AL		 3598/* Map a physical memory region into a host virtual address.
3599 * May map a subset of the requested range, given by and returned in *plen.
3600 * May return NULL if resources needed to perform the mapping are exhausted.
3601 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3602 * Use cpu_register_map_client() to know when retrying the map operation is
3603 * likely to succeed.
6d16c2f8 3604 */
c227f099
AL		 3605void *cpu_physical_memory_map(target_phys_addr_t addr,
3606 target_phys_addr_t *plen,
6d16c2f8
AL		 3607 int is_write)
3608{
c227f099 3609 target_phys_addr_t len = *plen;
38bee5dc 3610 target_phys_addr_t todo = 0;
6d16c2f8 3611 int l;
c227f099 3612 target_phys_addr_t page;
f3705d53 3613 MemoryRegionSection *section;
f15fbc4b 3614 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3615 ram_addr_t rlen;
3616 void *ret;
6d16c2f8
AL		 3617
3618 while (len > 0) {
3619 page = addr & TARGET_PAGE_MASK;
3620 l = (page + TARGET_PAGE_SIZE) - addr;
3621 if (l > len)
3622 l = len;
06ef3525 3623 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3624
f3705d53 3625 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3626 if (todo || bounce.buffer) {
6d16c2f8
AL		 3627 break;
3628 }
3629 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3630 bounce.addr = addr;
3631 bounce.len = l;
3632 if (!is_write) {
54f7b4a3 3633 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3634 }
38bee5dc
SS		 3635
3636 *plen = l;
3637 return bounce.buffer;
6d16c2f8 3638 }
8ab934f9 3639 if (!todo) {
f3705d53 3640 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3641 + memory_region_section_addr(section, addr);
8ab934f9 3642 }
6d16c2f8
AL		 3643
3644 len -= l;
3645 addr += l;
38bee5dc 3646 todo += l;
6d16c2f8 3647 }
8ab934f9
SS		 3648 rlen = todo;
3649 ret = qemu_ram_ptr_length(raddr, &rlen);
3650 *plen = rlen;
3651 return ret;
6d16c2f8
AL		 3652}
3653
3654/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3655 * Will also mark the memory as dirty if is_write == 1. access_len gives
3656 * the amount of memory that was actually read or written by the caller.
3657 */
c227f099
AL		 3658void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3659 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3660{
3661 if (buffer != bounce.buffer) {
3662 if (is_write) {
e890261f 3663 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3664 while (access_len) {
3665 unsigned l;
3666 l = TARGET_PAGE_SIZE;
3667 if (l > access_len)
3668 l = access_len;
51d7a9eb 3669 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3670 addr1 += l;
3671 access_len -= l;
3672 }
3673 }
868bb33f 3674 if (xen_enabled()) {
e41d7c69 3675 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3676 }
6d16c2f8
AL		 3677 return;
3678 }
3679 if (is_write) {
3680 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3681 }
f8a83245 3682 qemu_vfree(bounce.buffer);
6d16c2f8 3683 bounce.buffer = NULL;
ba223c29 3684 cpu_notify_map_clients();
6d16c2f8 3685}
d0ecd2aa 3686
8df1cd07 3687/* warning: addr must be aligned */
1e78bcc1
AG		 3688static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3689 enum device_endian endian)
8df1cd07 3690{
8df1cd07
FB		 3691 uint8_t *ptr;
3692 uint32_t val;
f3705d53 3693 MemoryRegionSection *section;
8df1cd07 3694
06ef3525 3695 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3696
cc5bea60
BS		 3697 if (!(memory_region_is_ram(section->mr) ||
3698 memory_region_is_romd(section->mr))) {
8df1cd07 3699 /* I/O case */
cc5bea60 3700 addr = memory_region_section_addr(section, addr);
37ec01d4 3701 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3702#if defined(TARGET_WORDS_BIGENDIAN)
3703 if (endian == DEVICE_LITTLE_ENDIAN) {
3704 val = bswap32(val);
3705 }
3706#else
3707 if (endian == DEVICE_BIG_ENDIAN) {
3708 val = bswap32(val);
3709 }
3710#endif
8df1cd07
FB		 3711 } else {
3712 /* RAM case */
f3705d53 3713 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3714 & TARGET_PAGE_MASK)
cc5bea60 3715 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3716 switch (endian) {
3717 case DEVICE_LITTLE_ENDIAN:
3718 val = ldl_le_p(ptr);
3719 break;
3720 case DEVICE_BIG_ENDIAN:
3721 val = ldl_be_p(ptr);
3722 break;
3723 default:
3724 val = ldl_p(ptr);
3725 break;
3726 }
8df1cd07
FB		 3727 }
3728 return val;
3729}
3730
1e78bcc1
AG		 3731uint32_t ldl_phys(target_phys_addr_t addr)
3732{
3733 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3734}
3735
3736uint32_t ldl_le_phys(target_phys_addr_t addr)
3737{
3738 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3739}
3740
3741uint32_t ldl_be_phys(target_phys_addr_t addr)
3742{
3743 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3744}
3745
84b7b8e7 3746/* warning: addr must be aligned */
1e78bcc1
AG		 3747static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3748 enum device_endian endian)
84b7b8e7 3749{
84b7b8e7
FB		 3750 uint8_t *ptr;
3751 uint64_t val;
f3705d53 3752 MemoryRegionSection *section;
84b7b8e7 3753
06ef3525 3754 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3755
cc5bea60
BS		 3756 if (!(memory_region_is_ram(section->mr) ||
3757 memory_region_is_romd(section->mr))) {
84b7b8e7 3758 /* I/O case */
cc5bea60 3759 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3760
3761 /* XXX This is broken when device endian != cpu endian.
3762 Fix and add "endian" variable check */
84b7b8e7 3763#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3764 val = io_mem_read(section->mr, addr, 4) << 32;
3765 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3766#else
37ec01d4
AK		 3767 val = io_mem_read(section->mr, addr, 4);
3768 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3769#endif
3770 } else {
3771 /* RAM case */
f3705d53 3772 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3773 & TARGET_PAGE_MASK)
cc5bea60 3774 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3775 switch (endian) {
3776 case DEVICE_LITTLE_ENDIAN:
3777 val = ldq_le_p(ptr);
3778 break;
3779 case DEVICE_BIG_ENDIAN:
3780 val = ldq_be_p(ptr);
3781 break;
3782 default:
3783 val = ldq_p(ptr);
3784 break;
3785 }
84b7b8e7
FB		 3786 }
3787 return val;
3788}
3789
1e78bcc1
AG		 3790uint64_t ldq_phys(target_phys_addr_t addr)
3791{
3792 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3793}
3794
3795uint64_t ldq_le_phys(target_phys_addr_t addr)
3796{
3797 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3798}
3799
3800uint64_t ldq_be_phys(target_phys_addr_t addr)
3801{
3802 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3803}
3804
aab33094 3805/* XXX: optimize */
c227f099 3806uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3807{
3808 uint8_t val;
3809 cpu_physical_memory_read(addr, &val, 1);
3810 return val;
3811}
3812
733f0b02 3813/* warning: addr must be aligned */
1e78bcc1
AG		 3814static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3815 enum device_endian endian)
aab33094 3816{
733f0b02
MT		 3817 uint8_t *ptr;
3818 uint64_t val;
f3705d53 3819 MemoryRegionSection *section;
733f0b02 3820
06ef3525 3821 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3822
cc5bea60
BS		 3823 if (!(memory_region_is_ram(section->mr) ||
3824 memory_region_is_romd(section->mr))) {
733f0b02 3825 /* I/O case */
cc5bea60 3826 addr = memory_region_section_addr(section, addr);
37ec01d4 3827 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3828#if defined(TARGET_WORDS_BIGENDIAN)
3829 if (endian == DEVICE_LITTLE_ENDIAN) {
3830 val = bswap16(val);
3831 }
3832#else
3833 if (endian == DEVICE_BIG_ENDIAN) {
3834 val = bswap16(val);
3835 }
3836#endif
733f0b02
MT		 3837 } else {
3838 /* RAM case */
f3705d53 3839 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3840 & TARGET_PAGE_MASK)
cc5bea60 3841 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3842 switch (endian) {
3843 case DEVICE_LITTLE_ENDIAN:
3844 val = lduw_le_p(ptr);
3845 break;
3846 case DEVICE_BIG_ENDIAN:
3847 val = lduw_be_p(ptr);
3848 break;
3849 default:
3850 val = lduw_p(ptr);
3851 break;
3852 }
733f0b02
MT		 3853 }
3854 return val;
aab33094
FB		 3855}
3856
1e78bcc1
AG		 3857uint32_t lduw_phys(target_phys_addr_t addr)
3858{
3859 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3860}
3861
3862uint32_t lduw_le_phys(target_phys_addr_t addr)
3863{
3864 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3865}
3866
3867uint32_t lduw_be_phys(target_phys_addr_t addr)
3868{
3869 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3870}
3871
8df1cd07
FB		 3872/* warning: addr must be aligned. The ram page is not masked as dirty
3873 and the code inside is not invalidated. It is useful if the dirty
3874 bits are used to track modified PTEs */
c227f099 3875void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3876{
8df1cd07 3877 uint8_t *ptr;
f3705d53 3878 MemoryRegionSection *section;
8df1cd07 3879
06ef3525 3880 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3881
f3705d53 3882 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3883 addr = memory_region_section_addr(section, addr);
f3705d53 3884 if (memory_region_is_ram(section->mr)) {
37ec01d4 3885 section = &phys_sections[phys_section_rom];
06ef3525 3886 }
37ec01d4 3887 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3888 } else {
f3705d53 3889 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3890 & TARGET_PAGE_MASK)
cc5bea60 3891 + memory_region_section_addr(section, addr);
5579c7f3 3892 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3893 stl_p(ptr, val);
74576198
AL		 3894
3895 if (unlikely(in_migration)) {
3896 if (!cpu_physical_memory_is_dirty(addr1)) {
3897 /* invalidate code */
3898 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3899 /* set dirty bit */
f7c11b53
YT		 3900 cpu_physical_memory_set_dirty_flags(
3901 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3902 }
3903 }
8df1cd07
FB		 3904 }
3905}
3906
c227f099 3907void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3908{
bc98a7ef 3909 uint8_t *ptr;
f3705d53 3910 MemoryRegionSection *section;
bc98a7ef 3911
06ef3525 3912 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3913
f3705d53 3914 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3915 addr = memory_region_section_addr(section, addr);
f3705d53 3916 if (memory_region_is_ram(section->mr)) {
37ec01d4 3917 section = &phys_sections[phys_section_rom];
06ef3525 3918 }
bc98a7ef 3919#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3920 io_mem_write(section->mr, addr, val >> 32, 4);
3921 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3922#else
37ec01d4
AK		 3923 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3924 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3925#endif
3926 } else {
f3705d53 3927 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3928 & TARGET_PAGE_MASK)
cc5bea60 3929 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3930 stq_p(ptr, val);
3931 }
3932}
3933
8df1cd07 3934/* warning: addr must be aligned */
1e78bcc1
AG		 3935static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3936 enum device_endian endian)
8df1cd07 3937{
8df1cd07 3938 uint8_t *ptr;
f3705d53 3939 MemoryRegionSection *section;
8df1cd07 3940
06ef3525 3941 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3942
f3705d53 3943 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3944 addr = memory_region_section_addr(section, addr);
f3705d53 3945 if (memory_region_is_ram(section->mr)) {
37ec01d4 3946 section = &phys_sections[phys_section_rom];
06ef3525 3947 }
1e78bcc1
AG		 3948#if defined(TARGET_WORDS_BIGENDIAN)
3949 if (endian == DEVICE_LITTLE_ENDIAN) {
3950 val = bswap32(val);
3951 }
3952#else
3953 if (endian == DEVICE_BIG_ENDIAN) {
3954 val = bswap32(val);
3955 }
3956#endif
37ec01d4 3957 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3958 } else {
3959 unsigned long addr1;
f3705d53 3960 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3961 + memory_region_section_addr(section, addr);
8df1cd07 3962 /* RAM case */
5579c7f3 3963 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3964 switch (endian) {
3965 case DEVICE_LITTLE_ENDIAN:
3966 stl_le_p(ptr, val);
3967 break;
3968 case DEVICE_BIG_ENDIAN:
3969 stl_be_p(ptr, val);
3970 break;
3971 default:
3972 stl_p(ptr, val);
3973 break;
3974 }
51d7a9eb 3975 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3976 }
3977}
3978
1e78bcc1
AG		 3979void stl_phys(target_phys_addr_t addr, uint32_t val)
3980{
3981 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3982}
3983
3984void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3985{
3986 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3987}
3988
3989void stl_be_phys(target_phys_addr_t addr, uint32_t val)
3990{
3991 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3992}
3993
aab33094 3994/* XXX: optimize */
c227f099 3995void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 3996{
3997 uint8_t v = val;
3998 cpu_physical_memory_write(addr, &v, 1);
3999}
4000
733f0b02 4001/* warning: addr must be aligned */
1e78bcc1
AG		 4002static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4003 enum device_endian endian)
aab33094 4004{
733f0b02 4005 uint8_t *ptr;
f3705d53 4006 MemoryRegionSection *section;
733f0b02 4007
06ef3525 4008 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4009
f3705d53 4010 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4011 addr = memory_region_section_addr(section, addr);
f3705d53 4012 if (memory_region_is_ram(section->mr)) {
37ec01d4 4013 section = &phys_sections[phys_section_rom];
06ef3525 4014 }
1e78bcc1
AG		 4015#if defined(TARGET_WORDS_BIGENDIAN)
4016 if (endian == DEVICE_LITTLE_ENDIAN) {
4017 val = bswap16(val);
4018 }
4019#else
4020 if (endian == DEVICE_BIG_ENDIAN) {
4021 val = bswap16(val);
4022 }
4023#endif
37ec01d4 4024 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4025 } else {
4026 unsigned long addr1;
f3705d53 4027 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4028 + memory_region_section_addr(section, addr);
733f0b02
MT		 4029 /* RAM case */
4030 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4031 switch (endian) {
4032 case DEVICE_LITTLE_ENDIAN:
4033 stw_le_p(ptr, val);
4034 break;
4035 case DEVICE_BIG_ENDIAN:
4036 stw_be_p(ptr, val);
4037 break;
4038 default:
4039 stw_p(ptr, val);
4040 break;
4041 }
51d7a9eb 4042 invalidate_and_set_dirty(addr1, 2);
733f0b02 4043 }
aab33094
FB		 4044}
4045
1e78bcc1
AG		 4046void stw_phys(target_phys_addr_t addr, uint32_t val)
4047{
4048 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4049}
4050
4051void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4052{
4053 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4054}
4055
4056void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4057{
4058 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4059}
4060
aab33094 4061/* XXX: optimize */
c227f099 4062void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4063{
4064 val = tswap64(val);
71d2b725 4065 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4066}
4067
1e78bcc1
AG		 4068void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4069{
4070 val = cpu_to_le64(val);
4071 cpu_physical_memory_write(addr, &val, 8);
4072}
4073
4074void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4075{
4076 val = cpu_to_be64(val);
4077 cpu_physical_memory_write(addr, &val, 8);
4078}
4079
5e2972fd 4080/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4081int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4082 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4083{
4084 int l;
c227f099 4085 target_phys_addr_t phys_addr;
9b3c35e0 4086 target_ulong page;
13eb76e0
FB		 4087
4088 while (len > 0) {
4089 page = addr & TARGET_PAGE_MASK;
4090 phys_addr = cpu_get_phys_page_debug(env, page);
4091 /* if no physical page mapped, return an error */
4092 if (phys_addr == -1)
4093 return -1;
4094 l = (page + TARGET_PAGE_SIZE) - addr;
4095 if (l > len)
4096 l = len;
5e2972fd 4097 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4098 if (is_write)
4099 cpu_physical_memory_write_rom(phys_addr, buf, l);
4100 else
5e2972fd 4101 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4102 len -= l;
4103 buf += l;
4104 addr += l;
4105 }
4106 return 0;
4107}
a68fe89c 4108#endif
13eb76e0 4109
2e70f6ef
PB		 4110/* in deterministic execution mode, instructions doing device I/Os
4111 must be at the end of the TB */
20503968 4112void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4113{
4114 TranslationBlock *tb;
4115 uint32_t n, cflags;
4116 target_ulong pc, cs_base;
4117 uint64_t flags;
4118
20503968 4119 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4120 if (!tb) {
4121 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4122 (void *)retaddr);
2e70f6ef
PB		 4123 }
4124 n = env->icount_decr.u16.low + tb->icount;
20503968 4125 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4126 /* Calculate how many instructions had been executed before the fault
bf20dc07 4127 occurred. */
2e70f6ef
PB		 4128 n = n - env->icount_decr.u16.low;
4129 /* Generate a new TB ending on the I/O insn. */
4130 n++;
4131 /* On MIPS and SH, delay slot instructions can only be restarted if
4132 they were already the first instruction in the TB. If this is not
bf20dc07 4133 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4134 branch. */
4135#if defined(TARGET_MIPS)
4136 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4137 env->active_tc.PC -= 4;
4138 env->icount_decr.u16.low++;
4139 env->hflags &= ~MIPS_HFLAG_BMASK;
4140 }
4141#elif defined(TARGET_SH4)
4142 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4143 && n > 1) {
4144 env->pc -= 2;
4145 env->icount_decr.u16.low++;
4146 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4147 }
4148#endif
4149 /* This should never happen. */
4150 if (n > CF_COUNT_MASK)
4151 cpu_abort(env, "TB too big during recompile");
4152
4153 cflags = n | CF_LAST_IO;
4154 pc = tb->pc;
4155 cs_base = tb->cs_base;
4156 flags = tb->flags;
4157 tb_phys_invalidate(tb, -1);
4158 /* FIXME: In theory this could raise an exception. In practice
4159 we have already translated the block once so it's probably ok. */
4160 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4161 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4162 the first in the TB) then we end up generating a whole new TB and
4163 repeating the fault, which is horribly inefficient.
4164 Better would be to execute just this insn uncached, or generate a
4165 second new TB. */
4166 cpu_resume_from_signal(env, NULL);
4167}
4168
b3755a91
PB		 4169#if !defined(CONFIG_USER_ONLY)
4170
055403b2 4171void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4172{
4173 int i, target_code_size, max_target_code_size;
4174 int direct_jmp_count, direct_jmp2_count, cross_page;
4175 TranslationBlock *tb;
3b46e624 4176
e3db7226
FB		 4177 target_code_size = 0;
4178 max_target_code_size = 0;
4179 cross_page = 0;
4180 direct_jmp_count = 0;
4181 direct_jmp2_count = 0;
4182 for(i = 0; i < nb_tbs; i++) {
4183 tb = &tbs[i];
4184 target_code_size += tb->size;
4185 if (tb->size > max_target_code_size)
4186 max_target_code_size = tb->size;
4187 if (tb->page_addr[1] != -1)
4188 cross_page++;
4189 if (tb->tb_next_offset[0] != 0xffff) {
4190 direct_jmp_count++;
4191 if (tb->tb_next_offset[1] != 0xffff) {
4192 direct_jmp2_count++;
4193 }
4194 }
4195 }
4196 /* XXX: avoid using doubles ? */
57fec1fe 4197 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4198 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4199 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4200 cpu_fprintf(f, "TB count %d/%d\n",
4201 nb_tbs, code_gen_max_blocks);
5fafdf24 4202 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4203 nb_tbs ? target_code_size / nb_tbs : 0,
4204 max_target_code_size);
055403b2 4205 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4206 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4207 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4208 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4209 cross_page,
e3db7226
FB		 4210 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4211 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4212 direct_jmp_count,
e3db7226
FB		 4213 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4214 direct_jmp2_count,
4215 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4216 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4217 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4218 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4219 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4220 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4221}
4222
82afa586
BH		 4223/*
4224 * A helper function for the _utterly broken_ virtio device model to find out if
4225 * it's running on a big endian machine. Don't do this at home kids!
4226 */
4227bool virtio_is_big_endian(void);
4228bool virtio_is_big_endian(void)
4229{
4230#if defined(TARGET_WORDS_BIGENDIAN)
4231 return true;
4232#else
4233 return false;
4234#endif
4235}
4236
61382a50 4237#endif
76f35538
WC		 4238
4239#ifndef CONFIG_USER_ONLY
4240bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4241{
4242 MemoryRegionSection *section;
4243
4244 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4245
4246 return !(memory_region_is_ram(section->mr) ||
4247 memory_region_is_romd(section->mr));
4248}
4249#endif
QEMU mirror