]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec.c: Use cpu_get_phys_page_attrs_debug
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
67d95c15 57
b35ba30f 58#include "qemu/range.h"
794e8f30
MT		 59#ifndef _WIN32
60#include "qemu/mmap-alloc.h"
61#endif
b35ba30f 62
db7b5426 63//#define DEBUG_SUBPAGE
1196be37 64
e2eef170 65#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 66/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
0d53d9fe 69RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 70
71static MemoryRegion *system_memory;
309cb471 72static MemoryRegion *system_io;
62152b8a 73
f6790af6
AK		 74AddressSpace address_space_io;
75AddressSpace address_space_memory;
2673a5da 76
0844e007 77MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 78static MemoryRegion io_mem_unassigned;
0e0df1e2 79
7bd4f430
PB		 80/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81#define RAM_PREALLOC (1 << 0)
82
dbcb8981
PB		 83/* RAM is mmap-ed with MAP_SHARED */
84#define RAM_SHARED (1 << 1)
85
62be4e3a
MT		 86/* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89#define RAM_RESIZEABLE (1 << 2)
90
e2eef170 91#endif
9fa3e853 92
bdc44640 93struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 94/* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
f240eb6f 96__thread CPUState *current_cpu;
2e70f6ef 97/* 0 = Do not count executed instructions.
bf20dc07 98 1 = Precise instruction counting.
2e70f6ef 99 2 = Adaptive rate instruction counting. */
5708fc66 100int use_icount;
6a00d601 101
e2eef170 102#if !defined(CONFIG_USER_ONLY)
4346ae3e 103
1db8abb1
PB		 104typedef struct PhysPageEntry PhysPageEntry;
105
106struct PhysPageEntry {
9736e55b 107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 108 uint32_t skip : 6;
9736e55b 109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 110 uint32_t ptr : 26;
1db8abb1
PB		 111};
112
8b795765
MT		 113#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
03f49957 115/* Size of the L2 (and L3, etc) page tables. */
57271d63 116#define ADDR_SPACE_BITS 64
03f49957 117
026736ce 118#define P_L2_BITS 9
03f49957
PB		 119#define P_L2_SIZE (1 << P_L2_BITS)
120
121#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 124
53cb28cb 125typedef struct PhysPageMap {
79e2b9ae
PB		 126 struct rcu_head rcu;
127
53cb28cb
MA		 128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134} PhysPageMap;
135
1db8abb1 136struct AddressSpaceDispatch {
79e2b9ae
PB		 137 struct rcu_head rcu;
138
1db8abb1
PB		 139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
53cb28cb 143 PhysPageMap map;
acc9d80b 144 AddressSpace *as;
1db8abb1
PB		 145};
146
90260c6c
JK		 147#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148typedef struct subpage_t {
149 MemoryRegion iomem;
acc9d80b 150 AddressSpace *as;
90260c6c
JK		 151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153} subpage_t;
154
b41aac4f
LPF		 155#define PHYS_SECTION_UNASSIGNED 0
156#define PHYS_SECTION_NOTDIRTY 1
157#define PHYS_SECTION_ROM 2
158#define PHYS_SECTION_WATCH 3
5312bd8b 159
e2eef170 160static void io_mem_init(void);
62152b8a 161static void memory_map_init(void);
09daed84 162static void tcg_commit(MemoryListener *listener);
e2eef170 163
1ec9b909 164static MemoryRegion io_mem_watch;
32857f4d
PM		 165
166/**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178};
179
6658ffb8 180#endif
fd6ce8f6 181
6d9a1304 182#if !defined(CONFIG_USER_ONLY)
d6f2ea22 183
53cb28cb 184static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 185{
53cb28cb
MA		 186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 190 }
f7bf5461
AK		 191}
192
db94604b 193static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 194{
195 unsigned i;
8b795765 196 uint32_t ret;
db94604b
PB		 197 PhysPageEntry e;
198 PhysPageEntry *p;
f7bf5461 199
53cb28cb 200 ret = map->nodes_nb++;
db94604b 201 p = map->nodes[ret];
f7bf5461 202 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 203 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 207 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 208 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 209 }
f7bf5461 210 return ret;
d6f2ea22
AK		 211}
212
53cb28cb
MA		 213static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 215 int level)
f7bf5461
AK		 216{
217 PhysPageEntry *p;
03f49957 218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 219
9736e55b 220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 221 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 222 }
db94604b 223 p = map->nodes[lp->ptr];
03f49957 224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 225
03f49957 226 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 227 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 228 lp->skip = 0;
c19e8800 229 lp->ptr = leaf;
07f07b31
AK		 230 *index += step;
231 *nb -= step;
2999097b 232 } else {
53cb28cb 233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 234 }
235 ++lp;
f7bf5461
AK		 236 }
237}
238
ac1970fb 239static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 240 hwaddr index, hwaddr nb,
2999097b 241 uint16_t leaf)
f7bf5461 242{
2999097b 243 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 245
53cb28cb 246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 247}
248
b35ba30f
MT		 249/* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253{
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300}
301
302static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303{
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
53cb28cb 307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 308 }
309}
310
97115a8d 311static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 312 Node *nodes, MemoryRegionSection *sections)
92e873b9 313{
31ab2b4a 314 PhysPageEntry *p;
97115a8d 315 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 316 int i;
f1f6e3b8 317
9736e55b 318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 320 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 321 }
9affd6fc 322 p = nodes[lp.ptr];
03f49957 323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 324 }
b35ba30f
MT		 325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
f3705d53
AK		 333}
334
e5548617
BS		 335bool memory_region_is_unassigned(MemoryRegion *mr)
336{
2a8e7499 337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 338 && mr != &io_mem_watch;
fd6ce8f6 339}
149f54b5 340
79e2b9ae 341/* Called from RCU critical section */
c7086b4a 342static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 343 hwaddr addr,
344 bool resolve_subpage)
9f029603 345{
90260c6c
JK		 346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
53cb28cb 349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 353 }
354 return section;
9f029603
JK		 355}
356
79e2b9ae 357/* Called from RCU critical section */
90260c6c 358static MemoryRegionSection *
c7086b4a 359address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 360 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 361{
362 MemoryRegionSection *section;
965eb2fc 363 MemoryRegion *mr;
a87f3954 364 Int128 diff;
149f54b5 365
c7086b4a 366 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
965eb2fc 373 mr = section->mr;
b242e0e0
PB		 374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
965eb2fc 386 if (memory_region_is_ram(mr)) {
e4a511f8 387 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
149f54b5
PB		 390 return section;
391}
90260c6c 392
41063e1e 393/* Called from RCU critical section */
5c8a00ce
PB		 394MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
90260c6c 397{
30951157
AK		 398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
30951157
AK		 401
402 for (;;) {
79e2b9ae
PB		 403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
8d7b8cb9 411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
23820dbf 414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
fe680d0d 423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 425 *plen = MIN(page, *plen);
a87f3954
PB		 426 }
427
30951157
AK		 428 *xlat = addr;
429 return mr;
90260c6c
JK		 430}
431
79e2b9ae 432/* Called from RCU critical section */
90260c6c 433MemoryRegionSection *
d7898cda 434address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 435 hwaddr *xlat, hwaddr *plen)
90260c6c 436{
30951157 437 MemoryRegionSection *section;
d7898cda
PM		 438 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
439
440 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 441
442 assert(!section->mr->iommu_ops);
443 return section;
90260c6c 444}
5b6dd868 445#endif
fd6ce8f6 446
b170fce3 447#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 448
449static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 450{
259186a7 451 CPUState *cpu = opaque;
a513fe19 452
5b6dd868
BS		 453 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
454 version_id is increased. */
259186a7 455 cpu->interrupt_request &= ~0x01;
c01a71c1 456 tlb_flush(cpu, 1);
5b6dd868
BS		 457
458 return 0;
a513fe19 459}
7501267e 460
6c3bff0e
PD		 461static int cpu_common_pre_load(void *opaque)
462{
463 CPUState *cpu = opaque;
464
adee6424 465 cpu->exception_index = -1;
6c3bff0e
PD		 466
467 return 0;
468}
469
470static bool cpu_common_exception_index_needed(void *opaque)
471{
472 CPUState *cpu = opaque;
473
adee6424 474 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 475}
476
477static const VMStateDescription vmstate_cpu_common_exception_index = {
478 .name = "cpu_common/exception_index",
479 .version_id = 1,
480 .minimum_version_id = 1,
5cd8cada 481 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 482 .fields = (VMStateField[]) {
483 VMSTATE_INT32(exception_index, CPUState),
484 VMSTATE_END_OF_LIST()
485 }
486};
487
bac05aa9
AS		 488static bool cpu_common_crash_occurred_needed(void *opaque)
489{
490 CPUState *cpu = opaque;
491
492 return cpu->crash_occurred;
493}
494
495static const VMStateDescription vmstate_cpu_common_crash_occurred = {
496 .name = "cpu_common/crash_occurred",
497 .version_id = 1,
498 .minimum_version_id = 1,
499 .needed = cpu_common_crash_occurred_needed,
500 .fields = (VMStateField[]) {
501 VMSTATE_BOOL(crash_occurred, CPUState),
502 VMSTATE_END_OF_LIST()
503 }
504};
505
1a1562f5 506const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 507 .name = "cpu_common",
508 .version_id = 1,
509 .minimum_version_id = 1,
6c3bff0e 510 .pre_load = cpu_common_pre_load,
5b6dd868 511 .post_load = cpu_common_post_load,
35d08458 512 .fields = (VMStateField[]) {
259186a7
AF		 513 VMSTATE_UINT32(halted, CPUState),
514 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 515 VMSTATE_END_OF_LIST()
6c3bff0e 516 },
5cd8cada
JQ		 517 .subsections = (const VMStateDescription*[]) {
518 &vmstate_cpu_common_exception_index,
bac05aa9 519 &vmstate_cpu_common_crash_occurred,
5cd8cada 520 NULL
5b6dd868
BS		 521 }
522};
1a1562f5 523
5b6dd868 524#endif
ea041c0e 525
38d8f5c8 526CPUState *qemu_get_cpu(int index)
ea041c0e 527{
bdc44640 528 CPUState *cpu;
ea041c0e 529
bdc44640 530 CPU_FOREACH(cpu) {
55e5c285 531 if (cpu->cpu_index == index) {
bdc44640 532 return cpu;
55e5c285 533 }
ea041c0e 534 }
5b6dd868 535
bdc44640 536 return NULL;
ea041c0e
FB		 537}
538
09daed84 539#if !defined(CONFIG_USER_ONLY)
56943e8c 540void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 541{
12ebc9a7
PM		 542 CPUAddressSpace *newas;
543
544 /* Target code should have set num_ases before calling us */
545 assert(asidx < cpu->num_ases);
546
56943e8c
PM		 547 if (asidx == 0) {
548 /* address space 0 gets the convenience alias */
549 cpu->as = as;
550 }
551
12ebc9a7
PM		 552 /* KVM cannot currently support multiple address spaces. */
553 assert(asidx == 0 || !kvm_enabled());
09daed84 554
12ebc9a7
PM		 555 if (!cpu->cpu_ases) {
556 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 557 }
32857f4d 558
12ebc9a7
PM		 559 newas = &cpu->cpu_ases[asidx];
560 newas->cpu = cpu;
561 newas->as = as;
56943e8c 562 if (tcg_enabled()) {
12ebc9a7
PM		 563 newas->tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 565 }
09daed84 566}
651a5bc0
PM		 567
568AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
569{
570 /* Return the AddressSpace corresponding to the specified index */
571 return cpu->cpu_ases[asidx].as;
572}
09daed84
EI		 573#endif
574
b7bca733
BR		 575#ifndef CONFIG_USER_ONLY
576static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
577
578static int cpu_get_free_index(Error **errp)
579{
580 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
581
582 if (cpu >= MAX_CPUMASK_BITS) {
583 error_setg(errp, "Trying to use more CPUs than max of %d",
584 MAX_CPUMASK_BITS);
585 return -1;
586 }
587
588 bitmap_set(cpu_index_map, cpu, 1);
589 return cpu;
590}
591
592void cpu_exec_exit(CPUState *cpu)
593{
594 if (cpu->cpu_index == -1) {
595 /* cpu_index was never allocated by this @cpu or was already freed. */
596 return;
597 }
598
599 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
600 cpu->cpu_index = -1;
601}
602#else
603
604static int cpu_get_free_index(Error **errp)
605{
606 CPUState *some_cpu;
607 int cpu_index = 0;
608
609 CPU_FOREACH(some_cpu) {
610 cpu_index++;
611 }
612 return cpu_index;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617}
618#endif
619
4bad9e39 620void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 621{
b170fce3 622 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 623 int cpu_index;
b7bca733 624 Error *local_err = NULL;
5b6dd868 625
56943e8c 626 cpu->as = NULL;
12ebc9a7 627 cpu->num_ases = 0;
56943e8c 628
291135b5 629#ifndef CONFIG_USER_ONLY
291135b5 630 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 631#endif
632
5b6dd868
BS		 633#if defined(CONFIG_USER_ONLY)
634 cpu_list_lock();
635#endif
b7bca733
BR		 636 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
637 if (local_err) {
638 error_propagate(errp, local_err);
639#if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641#endif
642 return;
5b6dd868 643 }
bdc44640 644 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 645#if defined(CONFIG_USER_ONLY)
646 cpu_list_unlock();
647#endif
e0d47944
AF		 648 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
649 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
650 }
5b6dd868 651#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 652 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 653 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 654 assert(cc->vmsd == NULL);
e0d47944 655 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 656#endif
b170fce3
AF		 657 if (cc->vmsd != NULL) {
658 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
659 }
ea041c0e
FB		 660}
661
94df27fd 662#if defined(CONFIG_USER_ONLY)
00b941e5 663static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 664{
665 tb_invalidate_phys_page_range(pc, pc + 1, 0);
666}
667#else
00b941e5 668static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 669{
5232e4c7
PM		 670 MemTxAttrs attrs;
671 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
672 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 673 if (phys != -1) {
5232e4c7 674 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 675 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 676 }
1e7855a5 677}
c27004ec 678#endif
d720b93d 679
c527ee8f 680#if defined(CONFIG_USER_ONLY)
75a34036 681void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 682
683{
684}
685
3ee887e8
PM		 686int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
687 int flags)
688{
689 return -ENOSYS;
690}
691
692void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
693{
694}
695
75a34036 696int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 697 int flags, CPUWatchpoint **watchpoint)
698{
699 return -ENOSYS;
700}
701#else
6658ffb8 702/* Add a watchpoint. */
75a34036 703int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 704 int flags, CPUWatchpoint **watchpoint)
6658ffb8 705{
c0ce998e 706 CPUWatchpoint *wp;
6658ffb8 707
05068c0d 708 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 709 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 710 error_report("tried to set invalid watchpoint at %"
711 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 712 return -EINVAL;
713 }
7267c094 714 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 715
716 wp->vaddr = addr;
05068c0d 717 wp->len = len;
a1d1bb31
AL		 718 wp->flags = flags;
719
2dc9f411 720 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 721 if (flags & BP_GDB) {
722 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
723 } else {
724 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
725 }
6658ffb8 726
31b030d4 727 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 728
729 if (watchpoint)
730 *watchpoint = wp;
731 return 0;
6658ffb8
PB		 732}
733
a1d1bb31 734/* Remove a specific watchpoint. */
75a34036 735int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags)
6658ffb8 737{
a1d1bb31 738 CPUWatchpoint *wp;
6658ffb8 739
ff4700b0 740 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 741 if (addr == wp->vaddr && len == wp->len
6e140f28 742 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 743 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 744 return 0;
745 }
746 }
a1d1bb31 747 return -ENOENT;
6658ffb8
PB		 748}
749
a1d1bb31 750/* Remove a specific watchpoint by reference. */
75a34036 751void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 752{
ff4700b0 753 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 754
31b030d4 755 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 756
7267c094 757 g_free(watchpoint);
a1d1bb31
AL		 758}
759
760/* Remove all matching watchpoints. */
75a34036 761void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 762{
c0ce998e 763 CPUWatchpoint *wp, *next;
a1d1bb31 764
ff4700b0 765 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 766 if (wp->flags & mask) {
767 cpu_watchpoint_remove_by_ref(cpu, wp);
768 }
c0ce998e 769 }
7d03f82f 770}
05068c0d
PM		 771
772/* Return true if this watchpoint address matches the specified
773 * access (ie the address range covered by the watchpoint overlaps
774 * partially or completely with the address range covered by the
775 * access).
776 */
777static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
778 vaddr addr,
779 vaddr len)
780{
781 /* We know the lengths are non-zero, but a little caution is
782 * required to avoid errors in the case where the range ends
783 * exactly at the top of the address space and so addr + len
784 * wraps round to zero.
785 */
786 vaddr wpend = wp->vaddr + wp->len - 1;
787 vaddr addrend = addr + len - 1;
788
789 return !(addr > wpend || wp->vaddr > addrend);
790}
791
c527ee8f 792#endif
7d03f82f 793
a1d1bb31 794/* Add a breakpoint. */
b3310ab3 795int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 796 CPUBreakpoint **breakpoint)
4c3a88a2 797{
c0ce998e 798 CPUBreakpoint *bp;
3b46e624 799
7267c094 800 bp = g_malloc(sizeof(*bp));
4c3a88a2 801
a1d1bb31
AL		 802 bp->pc = pc;
803 bp->flags = flags;
804
2dc9f411 805 /* keep all GDB-injected breakpoints in front */
00b941e5 806 if (flags & BP_GDB) {
f0c3c505 807 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 808 } else {
f0c3c505 809 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 810 }
3b46e624 811
f0c3c505 812 breakpoint_invalidate(cpu, pc);
a1d1bb31 813
00b941e5 814 if (breakpoint) {
a1d1bb31 815 *breakpoint = bp;
00b941e5 816 }
4c3a88a2 817 return 0;
4c3a88a2
FB		 818}
819
a1d1bb31 820/* Remove a specific breakpoint. */
b3310ab3 821int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 822{
a1d1bb31
AL		 823 CPUBreakpoint *bp;
824
f0c3c505 825 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 826 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 827 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 828 return 0;
829 }
7d03f82f 830 }
a1d1bb31 831 return -ENOENT;
7d03f82f
EI		 832}
833
a1d1bb31 834/* Remove a specific breakpoint by reference. */
b3310ab3 835void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 836{
f0c3c505
AF		 837 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
838
839 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 840
7267c094 841 g_free(breakpoint);
a1d1bb31
AL		 842}
843
844/* Remove all matching breakpoints. */
b3310ab3 845void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 846{
c0ce998e 847 CPUBreakpoint *bp, *next;
a1d1bb31 848
f0c3c505 849 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 850 if (bp->flags & mask) {
851 cpu_breakpoint_remove_by_ref(cpu, bp);
852 }
c0ce998e 853 }
4c3a88a2
FB		 854}
855
c33a346e
FB		 856/* enable or disable single step mode. EXCP_DEBUG is returned by the
857 CPU loop after each instruction */
3825b28f 858void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 859{
ed2803da
AF		 860 if (cpu->singlestep_enabled != enabled) {
861 cpu->singlestep_enabled = enabled;
862 if (kvm_enabled()) {
38e478ec 863 kvm_update_guest_debug(cpu, 0);
ed2803da 864 } else {
ccbb4d44 865 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 866 /* XXX: only flush what is necessary */
bbd77c18 867 tb_flush(cpu);
e22a25c9 868 }
c33a346e 869 }
c33a346e
FB		 870}
871
a47dddd7 872void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 873{
874 va_list ap;
493ae1f0 875 va_list ap2;
7501267e
FB		 876
877 va_start(ap, fmt);
493ae1f0 878 va_copy(ap2, ap);
7501267e
FB		 879 fprintf(stderr, "qemu: fatal: ");
880 vfprintf(stderr, fmt, ap);
881 fprintf(stderr, "\n");
878096ee 882 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 883 if (qemu_log_separate()) {
93fcfe39
AL		 884 qemu_log("qemu: fatal: ");
885 qemu_log_vprintf(fmt, ap2);
886 qemu_log("\n");
a0762859 887 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 888 qemu_log_flush();
93fcfe39 889 qemu_log_close();
924edcae 890 }
493ae1f0 891 va_end(ap2);
f9373291 892 va_end(ap);
7615936e 893 replay_finish();
fd052bf6
RV		 894#if defined(CONFIG_USER_ONLY)
895 {
896 struct sigaction act;
897 sigfillset(&act.sa_mask);
898 act.sa_handler = SIG_DFL;
899 sigaction(SIGABRT, &act, NULL);
900 }
901#endif
7501267e
FB		 902 abort();
903}
904
0124311e 905#if !defined(CONFIG_USER_ONLY)
0dc3f44a 906/* Called from RCU critical section */
041603fe
PB		 907static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
908{
909 RAMBlock *block;
910
43771539 911 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 912 if (block && addr - block->offset < block->max_length) {
68851b98 913 return block;
041603fe 914 }
0dc3f44a 915 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 916 if (addr - block->offset < block->max_length) {
041603fe
PB		 917 goto found;
918 }
919 }
920
921 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
922 abort();
923
924found:
43771539
PB		 925 /* It is safe to write mru_block outside the iothread lock. This
926 * is what happens:
927 *
928 * mru_block = xxx
929 * rcu_read_unlock()
930 * xxx removed from list
931 * rcu_read_lock()
932 * read mru_block
933 * mru_block = NULL;
934 * call_rcu(reclaim_ramblock, xxx);
935 * rcu_read_unlock()
936 *
937 * atomic_rcu_set is not needed here. The block was already published
938 * when it was placed into the list. Here we're just making an extra
939 * copy of the pointer.
940 */
041603fe
PB		 941 ram_list.mru_block = block;
942 return block;
943}
944
a2f4d5be 945static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 946{
9a13565d 947 CPUState *cpu;
041603fe 948 ram_addr_t start1;
a2f4d5be
JQ		 949 RAMBlock *block;
950 ram_addr_t end;
951
952 end = TARGET_PAGE_ALIGN(start + length);
953 start &= TARGET_PAGE_MASK;
d24981d3 954
0dc3f44a 955 rcu_read_lock();
041603fe
PB		 956 block = qemu_get_ram_block(start);
957 assert(block == qemu_get_ram_block(end - 1));
1240be24 958 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 959 CPU_FOREACH(cpu) {
960 tlb_reset_dirty(cpu, start1, length);
961 }
0dc3f44a 962 rcu_read_unlock();
d24981d3
JQ		 963}
964
5579c7f3 965/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 966bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
967 ram_addr_t length,
968 unsigned client)
1ccde1cb 969{
03eebc9e
SH		 970 unsigned long end, page;
971 bool dirty;
972
973 if (length == 0) {
974 return false;
975 }
f23db169 976
03eebc9e
SH		 977 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
978 page = start >> TARGET_PAGE_BITS;
979 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
980 page, end - page);
981
982 if (dirty && tcg_enabled()) {
a2f4d5be 983 tlb_reset_dirty_range_all(start, length);
5579c7f3 984 }
03eebc9e
SH		 985
986 return dirty;
1ccde1cb
FB		 987}
988
79e2b9ae 989/* Called from RCU critical section */
bb0e627a 990hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 991 MemoryRegionSection *section,
992 target_ulong vaddr,
993 hwaddr paddr, hwaddr xlat,
994 int prot,
995 target_ulong *address)
e5548617 996{
a8170e5e 997 hwaddr iotlb;
e5548617
BS		 998 CPUWatchpoint *wp;
999
cc5bea60 1000 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1001 /* Normal RAM. */
1002 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1003 + xlat;
e5548617 1004 if (!section->readonly) {
b41aac4f 1005 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1006 } else {
b41aac4f 1007 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1008 }
1009 } else {
0b8e2c10
PM		 1010 AddressSpaceDispatch *d;
1011
1012 d = atomic_rcu_read(&section->address_space->dispatch);
1013 iotlb = section - d->map.sections;
149f54b5 1014 iotlb += xlat;
e5548617
BS		 1015 }
1016
1017 /* Make accesses to pages with watchpoints go via the
1018 watchpoint trap routines. */
ff4700b0 1019 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1020 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1021 /* Avoid trapping reads of pages with a write breakpoint. */
1022 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1023 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1024 *address |= TLB_MMIO;
1025 break;
1026 }
1027 }
1028 }
1029
1030 return iotlb;
1031}
9fa3e853
FB		 1032#endif /* defined(CONFIG_USER_ONLY) */
1033
e2eef170 1034#if !defined(CONFIG_USER_ONLY)
8da3ff18 1035
c227f099 1036static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1037 uint16_t section);
acc9d80b 1038static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1039
a2b257d6
IM		 1040static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1041 qemu_anon_ram_alloc;
91138037
MA		 1042
1043/*
1044 * Set a custom physical guest memory alloator.
1045 * Accelerators with unusual needs may need this. Hopefully, we can
1046 * get rid of it eventually.
1047 */
a2b257d6 1048void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1049{
1050 phys_mem_alloc = alloc;
1051}
1052
53cb28cb
MA		 1053static uint16_t phys_section_add(PhysPageMap *map,
1054 MemoryRegionSection *section)
5312bd8b 1055{
68f3f65b
PB		 1056 /* The physical section number is ORed with a page-aligned
1057 * pointer to produce the iotlb entries. Thus it should
1058 * never overflow into the page-aligned value.
1059 */
53cb28cb 1060 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1061
53cb28cb
MA		 1062 if (map->sections_nb == map->sections_nb_alloc) {
1063 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1064 map->sections = g_renew(MemoryRegionSection, map->sections,
1065 map->sections_nb_alloc);
5312bd8b 1066 }
53cb28cb 1067 map->sections[map->sections_nb] = *section;
dfde4e6e 1068 memory_region_ref(section->mr);
53cb28cb 1069 return map->sections_nb++;
5312bd8b
AK		 1070}
1071
058bc4b5
PB		 1072static void phys_section_destroy(MemoryRegion *mr)
1073{
55b4e80b
DS		 1074 bool have_sub_page = mr->subpage;
1075
dfde4e6e
PB		 1076 memory_region_unref(mr);
1077
55b4e80b 1078 if (have_sub_page) {
058bc4b5 1079 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1080 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1081 g_free(subpage);
1082 }
1083}
1084
6092666e 1085static void phys_sections_free(PhysPageMap *map)
5312bd8b 1086{
9affd6fc
PB		 1087 while (map->sections_nb > 0) {
1088 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1089 phys_section_destroy(section->mr);
1090 }
9affd6fc
PB		 1091 g_free(map->sections);
1092 g_free(map->nodes);
5312bd8b
AK		 1093}
1094
ac1970fb 1095static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1096{
1097 subpage_t *subpage;
a8170e5e 1098 hwaddr base = section->offset_within_address_space
0f0cb164 1099 & TARGET_PAGE_MASK;
97115a8d 1100 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1101 d->map.nodes, d->map.sections);
0f0cb164
AK		 1102 MemoryRegionSection subsection = {
1103 .offset_within_address_space = base,
052e87b0 1104 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1105 };
a8170e5e 1106 hwaddr start, end;
0f0cb164 1107
f3705d53 1108 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1109
f3705d53 1110 if (!(existing->mr->subpage)) {
acc9d80b 1111 subpage = subpage_init(d->as, base);
3be91e86 1112 subsection.address_space = d->as;
0f0cb164 1113 subsection.mr = &subpage->iomem;
ac1970fb 1114 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1115 phys_section_add(&d->map, &subsection));
0f0cb164 1116 } else {
f3705d53 1117 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1118 }
1119 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1120 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1121 subpage_register(subpage, start, end,
1122 phys_section_add(&d->map, section));
0f0cb164
AK		 1123}
1124
1125
052e87b0
PB		 1126static void register_multipage(AddressSpaceDispatch *d,
1127 MemoryRegionSection *section)
33417e70 1128{
a8170e5e 1129 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1130 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1131 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1132 TARGET_PAGE_BITS));
dd81124b 1133
733d5ef5
PB		 1134 assert(num_pages);
1135 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1136}
1137
ac1970fb 1138static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1139{
89ae337a 1140 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1141 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1142 MemoryRegionSection now = *section, remain = *section;
052e87b0 1143 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1144
733d5ef5
PB		 1145 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1146 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1147 - now.offset_within_address_space;
1148
052e87b0 1149 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1150 register_subpage(d, &now);
733d5ef5 1151 } else {
052e87b0 1152 now.size = int128_zero();
733d5ef5 1153 }
052e87b0
PB		 1154 while (int128_ne(remain.size, now.size)) {
1155 remain.size = int128_sub(remain.size, now.size);
1156 remain.offset_within_address_space += int128_get64(now.size);
1157 remain.offset_within_region += int128_get64(now.size);
69b67646 1158 now = remain;
052e87b0 1159 if (int128_lt(remain.size, page_size)) {
733d5ef5 1160 register_subpage(d, &now);
88266249 1161 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1162 now.size = page_size;
ac1970fb 1163 register_subpage(d, &now);
69b67646 1164 } else {
052e87b0 1165 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1166 register_multipage(d, &now);
69b67646 1167 }
0f0cb164
AK		 1168 }
1169}
1170
62a2744c
SY		 1171void qemu_flush_coalesced_mmio_buffer(void)
1172{
1173 if (kvm_enabled())
1174 kvm_flush_coalesced_mmio_buffer();
1175}
1176
b2a8658e
UD		 1177void qemu_mutex_lock_ramlist(void)
1178{
1179 qemu_mutex_lock(&ram_list.mutex);
1180}
1181
1182void qemu_mutex_unlock_ramlist(void)
1183{
1184 qemu_mutex_unlock(&ram_list.mutex);
1185}
1186
e1e84ba0 1187#ifdef __linux__
c902760f
MT		 1188
1189#include <sys/vfs.h>
1190
1191#define HUGETLBFS_MAGIC 0x958458f6
1192
fc7a5800 1193static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1194{
1195 struct statfs fs;
1196 int ret;
1197
1198 do {
9742bf26 1199 ret = statfs(path, &fs);
c902760f
MT		 1200 } while (ret != 0 && errno == EINTR);
1201
1202 if (ret != 0) {
fc7a5800
HT		 1203 error_setg_errno(errp, errno, "failed to get page size of file %s",
1204 path);
9742bf26 1205 return 0;
c902760f
MT		 1206 }
1207
c902760f
MT		 1208 return fs.f_bsize;
1209}
1210
04b16653
AW		 1211static void *file_ram_alloc(RAMBlock *block,
1212 ram_addr_t memory,
7f56e740
PB		 1213 const char *path,
1214 Error **errp)
c902760f 1215{
8d31d6b6 1216 struct stat st;
c902760f 1217 char *filename;
8ca761f6
PF		 1218 char *sanitized_name;
1219 char *c;
794e8f30 1220 void *area;
c902760f 1221 int fd;
557529dd 1222 uint64_t hpagesize;
fc7a5800 1223 Error *local_err = NULL;
c902760f 1224
fc7a5800
HT		 1225 hpagesize = gethugepagesize(path, &local_err);
1226 if (local_err) {
1227 error_propagate(errp, local_err);
f9a49dfa 1228 goto error;
c902760f 1229 }
a2b257d6 1230 block->mr->align = hpagesize;
c902760f
MT		 1231
1232 if (memory < hpagesize) {
557529dd
HT		 1233 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1234 "or larger than huge page size 0x%" PRIx64,
1235 memory, hpagesize);
1236 goto error;
c902760f
MT		 1237 }
1238
1239 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1240 error_setg(errp,
1241 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1242 goto error;
c902760f
MT		 1243 }
1244
8d31d6b6
PF		 1245 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1246 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1247 sanitized_name = g_strdup(memory_region_name(block->mr));
1248 for (c = sanitized_name; *c != '\0'; c++) {
1249 if (*c == '/') {
1250 *c = '_';
1251 }
1252 }
8ca761f6 1253
8d31d6b6
PF		 1254 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1255 sanitized_name);
1256 g_free(sanitized_name);
1257
1258 fd = mkstemp(filename);
1259 if (fd >= 0) {
1260 unlink(filename);
1261 }
1262 g_free(filename);
1263 } else {
1264 fd = open(path, O_RDWR | O_CREAT, 0644);
1265 }
c902760f 1266
c902760f 1267 if (fd < 0) {
7f56e740
PB		 1268 error_setg_errno(errp, errno,
1269 "unable to create backing store for hugepages");
f9a49dfa 1270 goto error;
c902760f 1271 }
c902760f 1272
9284f319 1273 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1274
1275 /*
1276 * ftruncate is not supported by hugetlbfs in older
1277 * hosts, so don't bother bailing out on errors.
1278 * If anything goes wrong with it under other filesystems,
1279 * mmap will fail.
1280 */
7f56e740 1281 if (ftruncate(fd, memory)) {
9742bf26 1282 perror("ftruncate");
7f56e740 1283 }
c902760f 1284
794e8f30 1285 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1286 if (area == MAP_FAILED) {
7f56e740
PB		 1287 error_setg_errno(errp, errno,
1288 "unable to map backing store for hugepages");
9742bf26 1289 close(fd);
f9a49dfa 1290 goto error;
c902760f 1291 }
ef36fa14
MT		 1292
1293 if (mem_prealloc) {
38183310 1294 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1295 }
1296
04b16653 1297 block->fd = fd;
c902760f 1298 return area;
f9a49dfa
MT		 1299
1300error:
f9a49dfa 1301 return NULL;
c902760f
MT		 1302}
1303#endif
1304
0dc3f44a 1305/* Called with the ramlist lock held. */
d17b5288 1306static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1307{
1308 RAMBlock *block, *next_block;
3e837b2c 1309 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1310
49cd9ac6
SH		 1311 assert(size != 0); /* it would hand out same offset multiple times */
1312
0dc3f44a 1313 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1314 return 0;
0d53d9fe 1315 }
04b16653 1316
0dc3f44a 1317 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1318 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1319
62be4e3a 1320 end = block->offset + block->max_length;
04b16653 1321
0dc3f44a 1322 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1323 if (next_block->offset >= end) {
1324 next = MIN(next, next_block->offset);
1325 }
1326 }
1327 if (next - end >= size && next - end < mingap) {
3e837b2c 1328 offset = end;
04b16653
AW		 1329 mingap = next - end;
1330 }
1331 }
3e837b2c
AW		 1332
1333 if (offset == RAM_ADDR_MAX) {
1334 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1335 (uint64_t)size);
1336 abort();
1337 }
1338
04b16653
AW		 1339 return offset;
1340}
1341
652d7ec2 1342ram_addr_t last_ram_offset(void)
d17b5288
AW		 1343{
1344 RAMBlock *block;
1345 ram_addr_t last = 0;
1346
0dc3f44a
MD		 1347 rcu_read_lock();
1348 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1349 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1350 }
0dc3f44a 1351 rcu_read_unlock();
d17b5288
AW		 1352 return last;
1353}
1354
ddb97f1d
JB		 1355static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1356{
1357 int ret;
ddb97f1d
JB		 1358
1359 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1360 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1361 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1362 if (ret) {
1363 perror("qemu_madvise");
1364 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1365 "but dump_guest_core=off specified\n");
1366 }
1367 }
1368}
1369
0dc3f44a
MD		 1370/* Called within an RCU critical section, or while the ramlist lock
1371 * is held.
1372 */
20cfe881 1373static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1374{
20cfe881 1375 RAMBlock *block;
84b89d78 1376
0dc3f44a 1377 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1378 if (block->offset == addr) {
20cfe881 1379 return block;
c5705a77
AK		 1380 }
1381 }
20cfe881
HT		 1382
1383 return NULL;
1384}
1385
422148d3
DDAG		 1386const char *qemu_ram_get_idstr(RAMBlock *rb)
1387{
1388 return rb->idstr;
1389}
1390
ae3a7047 1391/* Called with iothread lock held. */
20cfe881
HT		 1392void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1393{
ae3a7047 1394 RAMBlock *new_block, *block;
20cfe881 1395
0dc3f44a 1396 rcu_read_lock();
ae3a7047 1397 new_block = find_ram_block(addr);
c5705a77
AK		 1398 assert(new_block);
1399 assert(!new_block->idstr[0]);
84b89d78 1400
09e5ab63
AL		 1401 if (dev) {
1402 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1403 if (id) {
1404 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1405 g_free(id);
84b89d78
CM		 1406 }
1407 }
1408 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1409
0dc3f44a 1410 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1411 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1412 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1413 new_block->idstr);
1414 abort();
1415 }
1416 }
0dc3f44a 1417 rcu_read_unlock();
c5705a77
AK		 1418}
1419
ae3a7047 1420/* Called with iothread lock held. */
20cfe881
HT		 1421void qemu_ram_unset_idstr(ram_addr_t addr)
1422{
ae3a7047 1423 RAMBlock *block;
20cfe881 1424
ae3a7047
MD		 1425 /* FIXME: arch_init.c assumes that this is not called throughout
1426 * migration. Ignore the problem since hot-unplug during migration
1427 * does not work anyway.
1428 */
1429
0dc3f44a 1430 rcu_read_lock();
ae3a7047 1431 block = find_ram_block(addr);
20cfe881
HT		 1432 if (block) {
1433 memset(block->idstr, 0, sizeof(block->idstr));
1434 }
0dc3f44a 1435 rcu_read_unlock();
20cfe881
HT		 1436}
1437
8490fc78
LC		 1438static int memory_try_enable_merging(void *addr, size_t len)
1439{
75cc7f01 1440 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1441 /* disabled by the user */
1442 return 0;
1443 }
1444
1445 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1446}
1447
62be4e3a
MT		 1448/* Only legal before guest might have detected the memory size: e.g. on
1449 * incoming migration, or right after reset.
1450 *
1451 * As memory core doesn't know how is memory accessed, it is up to
1452 * resize callback to update device state and/or add assertions to detect
1453 * misuse, if necessary.
1454 */
1455int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1456{
1457 RAMBlock *block = find_ram_block(base);
1458
1459 assert(block);
1460
4ed023ce 1461 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1462
62be4e3a
MT		 1463 if (block->used_length == newsize) {
1464 return 0;
1465 }
1466
1467 if (!(block->flags & RAM_RESIZEABLE)) {
1468 error_setg_errno(errp, EINVAL,
1469 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1470 " in != 0x" RAM_ADDR_FMT, block->idstr,
1471 newsize, block->used_length);
1472 return -EINVAL;
1473 }
1474
1475 if (block->max_length < newsize) {
1476 error_setg_errno(errp, EINVAL,
1477 "Length too large: %s: 0x" RAM_ADDR_FMT
1478 " > 0x" RAM_ADDR_FMT, block->idstr,
1479 newsize, block->max_length);
1480 return -EINVAL;
1481 }
1482
1483 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1484 block->used_length = newsize;
58d2707e
PB		 1485 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1486 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1487 memory_region_set_size(block->mr, newsize);
1488 if (block->resized) {
1489 block->resized(block->idstr, newsize, block->host);
1490 }
1491 return 0;
1492}
1493
ef701d7b 1494static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1495{
e1c57ab8 1496 RAMBlock *block;
0d53d9fe 1497 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1498 ram_addr_t old_ram_size, new_ram_size;
1499
1500 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1501
b2a8658e 1502 qemu_mutex_lock_ramlist();
9b8424d5 1503 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1504
1505 if (!new_block->host) {
1506 if (xen_enabled()) {
9b8424d5
MT		 1507 xen_ram_alloc(new_block->offset, new_block->max_length,
1508 new_block->mr);
e1c57ab8 1509 } else {
9b8424d5 1510 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1511 &new_block->mr->align);
39228250 1512 if (!new_block->host) {
ef701d7b
HT		 1513 error_setg_errno(errp, errno,
1514 "cannot set up guest memory '%s'",
1515 memory_region_name(new_block->mr));
1516 qemu_mutex_unlock_ramlist();
1517 return -1;
39228250 1518 }
9b8424d5 1519 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1520 }
c902760f 1521 }
94a6b54f 1522
dd631697
LZ		 1523 new_ram_size = MAX(old_ram_size,
1524 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1525 if (new_ram_size > old_ram_size) {
1526 migration_bitmap_extend(old_ram_size, new_ram_size);
1527 }
0d53d9fe
MD		 1528 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1529 * QLIST (which has an RCU-friendly variant) does not have insertion at
1530 * tail, so save the last element in last_block.
1531 */
0dc3f44a 1532 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1533 last_block = block;
9b8424d5 1534 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1535 break;
1536 }
1537 }
1538 if (block) {
0dc3f44a 1539 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1540 } else if (last_block) {
0dc3f44a 1541 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1542 } else { /* list is empty */
0dc3f44a 1543 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1544 }
0d6d3c87 1545 ram_list.mru_block = NULL;
94a6b54f 1546
0dc3f44a
MD		 1547 /* Write list before version */
1548 smp_wmb();
f798b07f 1549 ram_list.version++;
b2a8658e 1550 qemu_mutex_unlock_ramlist();
f798b07f 1551
2152f5ca
JQ		 1552 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1553
1554 if (new_ram_size > old_ram_size) {
1ab4c8ce 1555 int i;
ae3a7047
MD		 1556
1557 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1558 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1559 ram_list.dirty_memory[i] =
1560 bitmap_zero_extend(ram_list.dirty_memory[i],
1561 old_ram_size, new_ram_size);
1562 }
2152f5ca 1563 }
9b8424d5 1564 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1565 new_block->used_length,
1566 DIRTY_CLIENTS_ALL);
94a6b54f 1567
a904c911
PB		 1568 if (new_block->host) {
1569 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1570 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1571 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1572 if (kvm_enabled()) {
1573 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1574 }
e1c57ab8 1575 }
6f0437e8 1576
94a6b54f
PB		 1577 return new_block->offset;
1578}
e9a1ab19 1579
0b183fc8 1580#ifdef __linux__
e1c57ab8 1581ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1582 bool share, const char *mem_path,
7f56e740 1583 Error **errp)
e1c57ab8
PB		 1584{
1585 RAMBlock *new_block;
ef701d7b
HT		 1586 ram_addr_t addr;
1587 Error *local_err = NULL;
e1c57ab8
PB		 1588
1589 if (xen_enabled()) {
7f56e740
PB		 1590 error_setg(errp, "-mem-path not supported with Xen");
1591 return -1;
e1c57ab8
PB		 1592 }
1593
1594 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1595 /*
1596 * file_ram_alloc() needs to allocate just like
1597 * phys_mem_alloc, but we haven't bothered to provide
1598 * a hook there.
1599 */
7f56e740
PB		 1600 error_setg(errp,
1601 "-mem-path not supported with this accelerator");
1602 return -1;
e1c57ab8
PB		 1603 }
1604
4ed023ce 1605 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1606 new_block = g_malloc0(sizeof(*new_block));
1607 new_block->mr = mr;
9b8424d5
MT		 1608 new_block->used_length = size;
1609 new_block->max_length = size;
dbcb8981 1610 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1611 new_block->host = file_ram_alloc(new_block, size,
1612 mem_path, errp);
1613 if (!new_block->host) {
1614 g_free(new_block);
1615 return -1;
1616 }
1617
ef701d7b
HT		 1618 addr = ram_block_add(new_block, &local_err);
1619 if (local_err) {
1620 g_free(new_block);
1621 error_propagate(errp, local_err);
1622 return -1;
1623 }
1624 return addr;
e1c57ab8 1625}
0b183fc8 1626#endif
e1c57ab8 1627
62be4e3a
MT		 1628static
1629ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1630 void (*resized)(const char*,
1631 uint64_t length,
1632 void *host),
1633 void *host, bool resizeable,
ef701d7b 1634 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1635{
1636 RAMBlock *new_block;
ef701d7b
HT		 1637 ram_addr_t addr;
1638 Error *local_err = NULL;
e1c57ab8 1639
4ed023ce
DDAG		 1640 size = HOST_PAGE_ALIGN(size);
1641 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1642 new_block = g_malloc0(sizeof(*new_block));
1643 new_block->mr = mr;
62be4e3a 1644 new_block->resized = resized;
9b8424d5
MT		 1645 new_block->used_length = size;
1646 new_block->max_length = max_size;
62be4e3a 1647 assert(max_size >= size);
e1c57ab8
PB		 1648 new_block->fd = -1;
1649 new_block->host = host;
1650 if (host) {
7bd4f430 1651 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1652 }
62be4e3a
MT		 1653 if (resizeable) {
1654 new_block->flags |= RAM_RESIZEABLE;
1655 }
ef701d7b
HT		 1656 addr = ram_block_add(new_block, &local_err);
1657 if (local_err) {
1658 g_free(new_block);
1659 error_propagate(errp, local_err);
1660 return -1;
1661 }
1662 return addr;
e1c57ab8
PB		 1663}
1664
62be4e3a
MT		 1665ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1666 MemoryRegion *mr, Error **errp)
1667{
1668 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1669}
1670
ef701d7b 1671ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1672{
62be4e3a
MT		 1673 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1674}
1675
1676ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1677 void (*resized)(const char*,
1678 uint64_t length,
1679 void *host),
1680 MemoryRegion *mr, Error **errp)
1681{
1682 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1683}
1684
43771539
PB		 1685static void reclaim_ramblock(RAMBlock *block)
1686{
1687 if (block->flags & RAM_PREALLOC) {
1688 ;
1689 } else if (xen_enabled()) {
1690 xen_invalidate_map_cache_entry(block->host);
1691#ifndef _WIN32
1692 } else if (block->fd >= 0) {
2f3a2bb1 1693 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1694 close(block->fd);
1695#endif
1696 } else {
1697 qemu_anon_ram_free(block->host, block->max_length);
1698 }
1699 g_free(block);
1700}
1701
c227f099 1702void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1703{
04b16653
AW		 1704 RAMBlock *block;
1705
b2a8658e 1706 qemu_mutex_lock_ramlist();
0dc3f44a 1707 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1708 if (addr == block->offset) {
0dc3f44a 1709 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1710 ram_list.mru_block = NULL;
0dc3f44a
MD		 1711 /* Write list before version */
1712 smp_wmb();
f798b07f 1713 ram_list.version++;
43771539 1714 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1715 break;
04b16653
AW		 1716 }
1717 }
b2a8658e 1718 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1719}
1720
cd19cfa2
HY		 1721#ifndef _WIN32
1722void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1723{
1724 RAMBlock *block;
1725 ram_addr_t offset;
1726 int flags;
1727 void *area, *vaddr;
1728
0dc3f44a 1729 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1730 offset = addr - block->offset;
9b8424d5 1731 if (offset < block->max_length) {
1240be24 1732 vaddr = ramblock_ptr(block, offset);
7bd4f430 1733 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1734 ;
dfeaf2ab
MA		 1735 } else if (xen_enabled()) {
1736 abort();
cd19cfa2
HY		 1737 } else {
1738 flags = MAP_FIXED;
3435f395 1739 if (block->fd >= 0) {
dbcb8981
PB		 1740 flags |= (block->flags & RAM_SHARED ?
1741 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1742 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1743 flags, block->fd, offset);
cd19cfa2 1744 } else {
2eb9fbaa
MA		 1745 /*
1746 * Remap needs to match alloc. Accelerators that
1747 * set phys_mem_alloc never remap. If they did,
1748 * we'd need a remap hook here.
1749 */
1750 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1751
cd19cfa2
HY		 1752 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1753 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1754 flags, -1, 0);
cd19cfa2
HY		 1755 }
1756 if (area != vaddr) {
f15fbc4b
AP		 1757 fprintf(stderr, "Could not remap addr: "
1758 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1759 length, addr);
1760 exit(1);
1761 }
8490fc78 1762 memory_try_enable_merging(vaddr, length);
ddb97f1d 1763 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1764 }
cd19cfa2
HY		 1765 }
1766 }
1767}
1768#endif /* !_WIN32 */
1769
a35ba7be
PB		 1770int qemu_get_ram_fd(ram_addr_t addr)
1771{
ae3a7047
MD		 1772 RAMBlock *block;
1773 int fd;
a35ba7be 1774
0dc3f44a 1775 rcu_read_lock();
ae3a7047
MD		 1776 block = qemu_get_ram_block(addr);
1777 fd = block->fd;
0dc3f44a 1778 rcu_read_unlock();
ae3a7047 1779 return fd;
a35ba7be
PB		 1780}
1781
56a571d9
TM		 1782void qemu_set_ram_fd(ram_addr_t addr, int fd)
1783{
1784 RAMBlock *block;
1785
1786 rcu_read_lock();
1787 block = qemu_get_ram_block(addr);
1788 block->fd = fd;
1789 rcu_read_unlock();
1790}
1791
3fd74b84
DM		 1792void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1793{
ae3a7047
MD		 1794 RAMBlock *block;
1795 void *ptr;
3fd74b84 1796
0dc3f44a 1797 rcu_read_lock();
ae3a7047
MD		 1798 block = qemu_get_ram_block(addr);
1799 ptr = ramblock_ptr(block, 0);
0dc3f44a 1800 rcu_read_unlock();
ae3a7047 1801 return ptr;
3fd74b84
DM		 1802}
1803
1b5ec234 1804/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1805 * This should not be used for general purpose DMA. Use address_space_map
1806 * or address_space_rw instead. For local memory (e.g. video ram) that the
1807 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1808 *
49b24afc 1809 * Called within RCU critical section.
1b5ec234
PB		 1810 */
1811void *qemu_get_ram_ptr(ram_addr_t addr)
1812{
49b24afc 1813 RAMBlock *block = qemu_get_ram_block(addr);
ae3a7047
MD		 1814
1815 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1816 /* We need to check if the requested address is in the RAM
1817 * because we don't want to map the entire memory in QEMU.
1818 * In that case just map until the end of the page.
1819 */
1820 if (block->offset == 0) {
49b24afc 1821 return xen_map_cache(addr, 0, 0);
0d6d3c87 1822 }
ae3a7047
MD		 1823
1824 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1825 }
49b24afc 1826 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1827}
1828
38bee5dc 1829/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1830 * but takes a size argument.
0dc3f44a 1831 *
e81bcda5 1832 * Called within RCU critical section.
ae3a7047 1833 */
cb85f7ab 1834static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1835{
e81bcda5
PB		 1836 RAMBlock *block;
1837 ram_addr_t offset_inside_block;
8ab934f9
SS		 1838 if (*size == 0) {
1839 return NULL;
1840 }
e81bcda5
PB		 1841
1842 block = qemu_get_ram_block(addr);
1843 offset_inside_block = addr - block->offset;
1844 *size = MIN(*size, block->max_length - offset_inside_block);
1845
1846 if (xen_enabled() && block->host == NULL) {
1847 /* We need to check if the requested address is in the RAM
1848 * because we don't want to map the entire memory in QEMU.
1849 * In that case just map the requested area.
1850 */
1851 if (block->offset == 0) {
1852 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1853 }
1854
e81bcda5 1855 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1856 }
e81bcda5
PB		 1857
1858 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1859}
1860
422148d3
DDAG		 1861/*
1862 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1863 * in that RAMBlock.
1864 *
1865 * ptr: Host pointer to look up
1866 * round_offset: If true round the result offset down to a page boundary
1867 * *ram_addr: set to result ram_addr
1868 * *offset: set to result offset within the RAMBlock
1869 *
1870 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1871 *
1872 * By the time this function returns, the returned pointer is not protected
1873 * by RCU anymore. If the caller is not within an RCU critical section and
1874 * does not hold the iothread lock, it must have other means of protecting the
1875 * pointer, such as a reference to the region that includes the incoming
1876 * ram_addr_t.
1877 */
422148d3
DDAG		 1878RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1879 ram_addr_t *ram_addr,
1880 ram_addr_t *offset)
5579c7f3 1881{
94a6b54f
PB		 1882 RAMBlock *block;
1883 uint8_t *host = ptr;
1884
868bb33f 1885 if (xen_enabled()) {
0dc3f44a 1886 rcu_read_lock();
e41d7c69 1887 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1888 block = qemu_get_ram_block(*ram_addr);
1889 if (block) {
1890 *offset = (host - block->host);
1891 }
0dc3f44a 1892 rcu_read_unlock();
422148d3 1893 return block;
712c2b41
SS		 1894 }
1895
0dc3f44a
MD		 1896 rcu_read_lock();
1897 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1898 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1899 goto found;
1900 }
1901
0dc3f44a 1902 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1903 /* This case append when the block is not mapped. */
1904 if (block->host == NULL) {
1905 continue;
1906 }
9b8424d5 1907 if (host - block->host < block->max_length) {
23887b79 1908 goto found;
f471a17e 1909 }
94a6b54f 1910 }
432d268c 1911
0dc3f44a 1912 rcu_read_unlock();
1b5ec234 1913 return NULL;
23887b79
PB		 1914
1915found:
422148d3
DDAG		 1916 *offset = (host - block->host);
1917 if (round_offset) {
1918 *offset &= TARGET_PAGE_MASK;
1919 }
1920 *ram_addr = block->offset + *offset;
0dc3f44a 1921 rcu_read_unlock();
422148d3
DDAG		 1922 return block;
1923}
1924
e3dd7493
DDAG		 1925/*
1926 * Finds the named RAMBlock
1927 *
1928 * name: The name of RAMBlock to find
1929 *
1930 * Returns: RAMBlock (or NULL if not found)
1931 */
1932RAMBlock *qemu_ram_block_by_name(const char *name)
1933{
1934 RAMBlock *block;
1935
1936 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1937 if (!strcmp(name, block->idstr)) {
1938 return block;
1939 }
1940 }
1941
1942 return NULL;
1943}
1944
422148d3
DDAG		 1945/* Some of the softmmu routines need to translate from a host pointer
1946 (typically a TLB entry) back to a ram offset. */
1947MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1948{
1949 RAMBlock *block;
1950 ram_addr_t offset; /* Not used */
1951
1952 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1953
1954 if (!block) {
1955 return NULL;
1956 }
1957
1958 return block->mr;
e890261f 1959}
f471a17e 1960
49b24afc 1961/* Called within RCU critical section. */
a8170e5e 1962static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1963 uint64_t val, unsigned size)
9fa3e853 1964{
52159192 1965 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1966 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1967 }
0e0df1e2
AK		 1968 switch (size) {
1969 case 1:
1970 stb_p(qemu_get_ram_ptr(ram_addr), val);
1971 break;
1972 case 2:
1973 stw_p(qemu_get_ram_ptr(ram_addr), val);
1974 break;
1975 case 4:
1976 stl_p(qemu_get_ram_ptr(ram_addr), val);
1977 break;
1978 default:
1979 abort();
3a7d929e 1980 }
58d2707e
PB		 1981 /* Set both VGA and migration bits for simplicity and to remove
1982 * the notdirty callback faster.
1983 */
1984 cpu_physical_memory_set_dirty_range(ram_addr, size,
1985 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1986 /* we remove the notdirty callback only if the code has been
1987 flushed */
a2cd8c85 1988 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1989 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1990 }
9fa3e853
FB		 1991}
1992
b018ddf6
PB		 1993static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1994 unsigned size, bool is_write)
1995{
1996 return is_write;
1997}
1998
0e0df1e2 1999static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2000 .write = notdirty_mem_write,
b018ddf6 2001 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2002 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2003};
2004
0f459d16 2005/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2006static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2007{
93afeade
AF		 2008 CPUState *cpu = current_cpu;
2009 CPUArchState *env = cpu->env_ptr;
06d55cc1 2010 target_ulong pc, cs_base;
0f459d16 2011 target_ulong vaddr;
a1d1bb31 2012 CPUWatchpoint *wp;
06d55cc1 2013 int cpu_flags;
0f459d16 2014
ff4700b0 2015 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2016 /* We re-entered the check after replacing the TB. Now raise
2017 * the debug interrupt so that is will trigger after the
2018 * current instruction. */
93afeade 2019 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2020 return;
2021 }
93afeade 2022 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2023 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2024 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2025 && (wp->flags & flags)) {
08225676
PM		 2026 if (flags == BP_MEM_READ) {
2027 wp->flags |= BP_WATCHPOINT_HIT_READ;
2028 } else {
2029 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2030 }
2031 wp->hitaddr = vaddr;
66b9b43c 2032 wp->hitattrs = attrs;
ff4700b0
AF		 2033 if (!cpu->watchpoint_hit) {
2034 cpu->watchpoint_hit = wp;
239c51a5 2035 tb_check_watchpoint(cpu);
6e140f28 2036 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2037 cpu->exception_index = EXCP_DEBUG;
5638d180 2038 cpu_loop_exit(cpu);
6e140f28
AL		 2039 } else {
2040 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2041 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2042 cpu_resume_from_signal(cpu, NULL);
6e140f28 2043 }
06d55cc1 2044 }
6e140f28
AL		 2045 } else {
2046 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2047 }
2048 }
2049}
2050
6658ffb8
PB		 2051/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2052 so these check for a hit then pass through to the normal out-of-line
2053 phys routines. */
66b9b43c
PM		 2054static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2055 unsigned size, MemTxAttrs attrs)
6658ffb8 2056{
66b9b43c
PM		 2057 MemTxResult res;
2058 uint64_t data;
2059
2060 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2061 switch (size) {
66b9b43c
PM		 2062 case 1:
2063 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2064 break;
2065 case 2:
2066 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2067 break;
2068 case 4:
2069 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2070 break;
1ec9b909
AK		 2071 default: abort();
2072 }
66b9b43c
PM		 2073 *pdata = data;
2074 return res;
6658ffb8
PB		 2075}
2076
66b9b43c
PM		 2077static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2078 uint64_t val, unsigned size,
2079 MemTxAttrs attrs)
6658ffb8 2080{
66b9b43c
PM		 2081 MemTxResult res;
2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2084 switch (size) {
67364150 2085 case 1:
66b9b43c 2086 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2087 break;
2088 case 2:
66b9b43c 2089 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2090 break;
2091 case 4:
66b9b43c 2092 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2093 break;
1ec9b909
AK		 2094 default: abort();
2095 }
66b9b43c 2096 return res;
6658ffb8
PB		 2097}
2098
1ec9b909 2099static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2100 .read_with_attrs = watch_mem_read,
2101 .write_with_attrs = watch_mem_write,
1ec9b909 2102 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2103};
6658ffb8 2104
f25a49e0
PM		 2105static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2106 unsigned len, MemTxAttrs attrs)
db7b5426 2107{
acc9d80b 2108 subpage_t *subpage = opaque;
ff6cff75 2109 uint8_t buf[8];
5c9eb028 2110 MemTxResult res;
791af8c8 2111
db7b5426 2112#if defined(DEBUG_SUBPAGE)
016e9d62 2113 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2114 subpage, len, addr);
db7b5426 2115#endif
5c9eb028
PM		 2116 res = address_space_read(subpage->as, addr + subpage->base,
2117 attrs, buf, len);
2118 if (res) {
2119 return res;
f25a49e0 2120 }
acc9d80b
JK		 2121 switch (len) {
2122 case 1:
f25a49e0
PM		 2123 *data = ldub_p(buf);
2124 return MEMTX_OK;
acc9d80b 2125 case 2:
f25a49e0
PM		 2126 *data = lduw_p(buf);
2127 return MEMTX_OK;
acc9d80b 2128 case 4:
f25a49e0
PM		 2129 *data = ldl_p(buf);
2130 return MEMTX_OK;
ff6cff75 2131 case 8:
f25a49e0
PM		 2132 *data = ldq_p(buf);
2133 return MEMTX_OK;
acc9d80b
JK		 2134 default:
2135 abort();
2136 }
db7b5426
BS		 2137}
2138
f25a49e0
PM		 2139static MemTxResult subpage_write(void *opaque, hwaddr addr,
2140 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2141{
acc9d80b 2142 subpage_t *subpage = opaque;
ff6cff75 2143 uint8_t buf[8];
acc9d80b 2144
db7b5426 2145#if defined(DEBUG_SUBPAGE)
016e9d62 2146 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2147 " value %"PRIx64"\n",
2148 __func__, subpage, len, addr, value);
db7b5426 2149#endif
acc9d80b
JK		 2150 switch (len) {
2151 case 1:
2152 stb_p(buf, value);
2153 break;
2154 case 2:
2155 stw_p(buf, value);
2156 break;
2157 case 4:
2158 stl_p(buf, value);
2159 break;
ff6cff75
PB		 2160 case 8:
2161 stq_p(buf, value);
2162 break;
acc9d80b
JK		 2163 default:
2164 abort();
2165 }
5c9eb028
PM		 2166 return address_space_write(subpage->as, addr + subpage->base,
2167 attrs, buf, len);
db7b5426
BS		 2168}
2169
c353e4cc 2170static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2171 unsigned len, bool is_write)
c353e4cc 2172{
acc9d80b 2173 subpage_t *subpage = opaque;
c353e4cc 2174#if defined(DEBUG_SUBPAGE)
016e9d62 2175 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2176 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2177#endif
2178
acc9d80b 2179 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2180 len, is_write);
c353e4cc
PB		 2181}
2182
70c68e44 2183static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2184 .read_with_attrs = subpage_read,
2185 .write_with_attrs = subpage_write,
ff6cff75
PB		 2186 .impl.min_access_size = 1,
2187 .impl.max_access_size = 8,
2188 .valid.min_access_size = 1,
2189 .valid.max_access_size = 8,
c353e4cc 2190 .valid.accepts = subpage_accepts,
70c68e44 2191 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2192};
2193
c227f099 2194static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2195 uint16_t section)
db7b5426
BS		 2196{
2197 int idx, eidx;
2198
2199 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2200 return -1;
2201 idx = SUBPAGE_IDX(start);
2202 eidx = SUBPAGE_IDX(end);
2203#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2204 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2205 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2206#endif
db7b5426 2207 for (; idx <= eidx; idx++) {
5312bd8b 2208 mmio->sub_section[idx] = section;
db7b5426
BS		 2209 }
2210
2211 return 0;
2212}
2213
acc9d80b 2214static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2215{
c227f099 2216 subpage_t *mmio;
db7b5426 2217
7267c094 2218 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2219
acc9d80b 2220 mmio->as = as;
1eec614b 2221 mmio->base = base;
2c9b15ca 2222 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2223 NULL, TARGET_PAGE_SIZE);
b3b00c78 2224 mmio->iomem.subpage = true;
db7b5426 2225#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2226 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2227 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2228#endif
b41aac4f 2229 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2230
2231 return mmio;
2232}
2233
a656e22f
PC		 2234static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2235 MemoryRegion *mr)
5312bd8b 2236{
a656e22f 2237 assert(as);
5312bd8b 2238 MemoryRegionSection section = {
a656e22f 2239 .address_space = as,
5312bd8b
AK		 2240 .mr = mr,
2241 .offset_within_address_space = 0,
2242 .offset_within_region = 0,
052e87b0 2243 .size = int128_2_64(),
5312bd8b
AK		 2244 };
2245
53cb28cb 2246 return phys_section_add(map, &section);
5312bd8b
AK		 2247}
2248
a54c87b6 2249MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2250{
a54c87b6
PM		 2251 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2252 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2253 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2254 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2255
2256 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2257}
2258
e9179ce1
AK		 2259static void io_mem_init(void)
2260{
1f6245e5 2261 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2262 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2263 NULL, UINT64_MAX);
2c9b15ca 2264 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2265 NULL, UINT64_MAX);
2c9b15ca 2266 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2267 NULL, UINT64_MAX);
e9179ce1
AK		 2268}
2269
ac1970fb 2270static void mem_begin(MemoryListener *listener)
00752703
PB		 2271{
2272 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2273 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2274 uint16_t n;
2275
a656e22f 2276 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2277 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2278 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2279 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2280 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2281 assert(n == PHYS_SECTION_ROM);
a656e22f 2282 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2283 assert(n == PHYS_SECTION_WATCH);
00752703 2284
9736e55b 2285 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2286 d->as = as;
2287 as->next_dispatch = d;
2288}
2289
79e2b9ae
PB		 2290static void address_space_dispatch_free(AddressSpaceDispatch *d)
2291{
2292 phys_sections_free(&d->map);
2293 g_free(d);
2294}
2295
00752703 2296static void mem_commit(MemoryListener *listener)
ac1970fb 2297{
89ae337a 2298 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2299 AddressSpaceDispatch *cur = as->dispatch;
2300 AddressSpaceDispatch *next = as->next_dispatch;
2301
53cb28cb 2302 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2303
79e2b9ae 2304 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2305 if (cur) {
79e2b9ae 2306 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2307 }
9affd6fc
PB		 2308}
2309
1d71148e 2310static void tcg_commit(MemoryListener *listener)
50c1e149 2311{
32857f4d
PM		 2312 CPUAddressSpace *cpuas;
2313 AddressSpaceDispatch *d;
117712c3
AK		 2314
2315 /* since each CPU stores ram addresses in its TLB cache, we must
2316 reset the modified entries */
32857f4d
PM		 2317 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2318 cpu_reloading_memory_map();
2319 /* The CPU and TLB are protected by the iothread lock.
2320 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2321 * may have split the RCU critical section.
2322 */
2323 d = atomic_rcu_read(&cpuas->as->dispatch);
2324 cpuas->memory_dispatch = d;
2325 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2326}
2327
ac1970fb
AK		 2328void address_space_init_dispatch(AddressSpace *as)
2329{
00752703 2330 as->dispatch = NULL;
89ae337a 2331 as->dispatch_listener = (MemoryListener) {
ac1970fb 2332 .begin = mem_begin,
00752703 2333 .commit = mem_commit,
ac1970fb
AK		 2334 .region_add = mem_add,
2335 .region_nop = mem_add,
2336 .priority = 0,
2337 };
89ae337a 2338 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2339}
2340
6e48e8f9
PB		 2341void address_space_unregister(AddressSpace *as)
2342{
2343 memory_listener_unregister(&as->dispatch_listener);
2344}
2345
83f3c251
AK		 2346void address_space_destroy_dispatch(AddressSpace *as)
2347{
2348 AddressSpaceDispatch *d = as->dispatch;
2349
79e2b9ae
PB		 2350 atomic_rcu_set(&as->dispatch, NULL);
2351 if (d) {
2352 call_rcu(d, address_space_dispatch_free, rcu);
2353 }
83f3c251
AK		 2354}
2355
62152b8a
AK		 2356static void memory_map_init(void)
2357{
7267c094 2358 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2359
57271d63 2360 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2361 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2362
7267c094 2363 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2364 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2365 65536);
7dca8043 2366 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2367}
2368
2369MemoryRegion *get_system_memory(void)
2370{
2371 return system_memory;
2372}
2373
309cb471
AK		 2374MemoryRegion *get_system_io(void)
2375{
2376 return system_io;
2377}
2378
e2eef170
PB		 2379#endif /* !defined(CONFIG_USER_ONLY) */
2380
13eb76e0
FB		 2381/* physical memory access (slow version, mainly for debug) */
2382#if defined(CONFIG_USER_ONLY)
f17ec444 2383int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2384 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2385{
2386 int l, flags;
2387 target_ulong page;
53a5960a 2388 void * p;
13eb76e0
FB		 2389
2390 while (len > 0) {
2391 page = addr & TARGET_PAGE_MASK;
2392 l = (page + TARGET_PAGE_SIZE) - addr;
2393 if (l > len)
2394 l = len;
2395 flags = page_get_flags(page);
2396 if (!(flags & PAGE_VALID))
a68fe89c 2397 return -1;
13eb76e0
FB		 2398 if (is_write) {
2399 if (!(flags & PAGE_WRITE))
a68fe89c 2400 return -1;
579a97f7 2401 /* XXX: this code should not depend on lock_user */
72fb7daa 2402 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2403 return -1;
72fb7daa
AJ		 2404 memcpy(p, buf, l);
2405 unlock_user(p, addr, l);
13eb76e0
FB		 2406 } else {
2407 if (!(flags & PAGE_READ))
a68fe89c 2408 return -1;
579a97f7 2409 /* XXX: this code should not depend on lock_user */
72fb7daa 2410 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2411 return -1;
72fb7daa 2412 memcpy(buf, p, l);
5b257578 2413 unlock_user(p, addr, 0);
13eb76e0
FB		 2414 }
2415 len -= l;
2416 buf += l;
2417 addr += l;
2418 }
a68fe89c 2419 return 0;
13eb76e0 2420}
8df1cd07 2421
13eb76e0 2422#else
51d7a9eb 2423
845b6214 2424static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2425 hwaddr length)
51d7a9eb 2426{
e87f7778
PB		 2427 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2428 /* No early return if dirty_log_mask is or becomes 0, because
2429 * cpu_physical_memory_set_dirty_range will still call
2430 * xen_modified_memory.
2431 */
2432 if (dirty_log_mask) {
2433 dirty_log_mask =
2434 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2435 }
2436 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2437 tb_invalidate_phys_range(addr, addr + length);
2438 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2439 }
e87f7778 2440 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2441}
2442
23326164 2443static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2444{
e1622f4b 2445 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2446
2447 /* Regions are assumed to support 1-4 byte accesses unless
2448 otherwise specified. */
23326164
RH		 2449 if (access_size_max == 0) {
2450 access_size_max = 4;
2451 }
2452
2453 /* Bound the maximum access by the alignment of the address. */
2454 if (!mr->ops->impl.unaligned) {
2455 unsigned align_size_max = addr & -addr;
2456 if (align_size_max != 0 && align_size_max < access_size_max) {
2457 access_size_max = align_size_max;
2458 }
82f2563f 2459 }
23326164
RH		 2460
2461 /* Don't attempt accesses larger than the maximum. */
2462 if (l > access_size_max) {
2463 l = access_size_max;
82f2563f 2464 }
6554f5c0 2465 l = pow2floor(l);
23326164
RH		 2466
2467 return l;
82f2563f
PB		 2468}
2469
4840f10e 2470static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2471{
4840f10e
JK		 2472 bool unlocked = !qemu_mutex_iothread_locked();
2473 bool release_lock = false;
2474
2475 if (unlocked && mr->global_locking) {
2476 qemu_mutex_lock_iothread();
2477 unlocked = false;
2478 release_lock = true;
2479 }
125b3806 2480 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2481 if (unlocked) {
2482 qemu_mutex_lock_iothread();
2483 }
125b3806 2484 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2485 if (unlocked) {
2486 qemu_mutex_unlock_iothread();
2487 }
125b3806 2488 }
4840f10e
JK		 2489
2490 return release_lock;
125b3806
PB		 2491}
2492
a203ac70
PB		 2493/* Called within RCU critical section. */
2494static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2495 MemTxAttrs attrs,
2496 const uint8_t *buf,
2497 int len, hwaddr addr1,
2498 hwaddr l, MemoryRegion *mr)
13eb76e0 2499{
13eb76e0 2500 uint8_t *ptr;
791af8c8 2501 uint64_t val;
3b643495 2502 MemTxResult result = MEMTX_OK;
4840f10e 2503 bool release_lock = false;
3b46e624 2504
a203ac70 2505 for (;;) {
eb7eeb88
PB		 2506 if (!memory_access_is_direct(mr, true)) {
2507 release_lock |= prepare_mmio_access(mr);
2508 l = memory_access_size(mr, l, addr1);
2509 /* XXX: could force current_cpu to NULL to avoid
2510 potential bugs */
2511 switch (l) {
2512 case 8:
2513 /* 64 bit write access */
2514 val = ldq_p(buf);
2515 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2516 attrs);
2517 break;
2518 case 4:
2519 /* 32 bit write access */
2520 val = ldl_p(buf);
2521 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2522 attrs);
2523 break;
2524 case 2:
2525 /* 16 bit write access */
2526 val = lduw_p(buf);
2527 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2528 attrs);
2529 break;
2530 case 1:
2531 /* 8 bit write access */
2532 val = ldub_p(buf);
2533 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2534 attrs);
2535 break;
2536 default:
2537 abort();
13eb76e0
FB		 2538 }
2539 } else {
eb7eeb88
PB		 2540 addr1 += memory_region_get_ram_addr(mr);
2541 /* RAM case */
2542 ptr = qemu_get_ram_ptr(addr1);
2543 memcpy(ptr, buf, l);
2544 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2545 }
4840f10e
JK		 2546
2547 if (release_lock) {
2548 qemu_mutex_unlock_iothread();
2549 release_lock = false;
2550 }
2551
13eb76e0
FB		 2552 len -= l;
2553 buf += l;
2554 addr += l;
a203ac70
PB		 2555
2556 if (!len) {
2557 break;
2558 }
2559
2560 l = len;
2561 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2562 }
fd8aaa76 2563
3b643495 2564 return result;
13eb76e0 2565}
8df1cd07 2566
a203ac70
PB		 2567MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2568 const uint8_t *buf, int len)
ac1970fb 2569{
eb7eeb88 2570 hwaddr l;
eb7eeb88
PB		 2571 hwaddr addr1;
2572 MemoryRegion *mr;
2573 MemTxResult result = MEMTX_OK;
eb7eeb88 2574
a203ac70
PB		 2575 if (len > 0) {
2576 rcu_read_lock();
eb7eeb88 2577 l = len;
a203ac70
PB		 2578 mr = address_space_translate(as, addr, &addr1, &l, true);
2579 result = address_space_write_continue(as, addr, attrs, buf, len,
2580 addr1, l, mr);
2581 rcu_read_unlock();
2582 }
2583
2584 return result;
2585}
2586
2587/* Called within RCU critical section. */
2588MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2589 MemTxAttrs attrs, uint8_t *buf,
2590 int len, hwaddr addr1, hwaddr l,
2591 MemoryRegion *mr)
2592{
2593 uint8_t *ptr;
2594 uint64_t val;
2595 MemTxResult result = MEMTX_OK;
2596 bool release_lock = false;
eb7eeb88 2597
a203ac70 2598 for (;;) {
eb7eeb88
PB		 2599 if (!memory_access_is_direct(mr, false)) {
2600 /* I/O case */
2601 release_lock |= prepare_mmio_access(mr);
2602 l = memory_access_size(mr, l, addr1);
2603 switch (l) {
2604 case 8:
2605 /* 64 bit read access */
2606 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2607 attrs);
2608 stq_p(buf, val);
2609 break;
2610 case 4:
2611 /* 32 bit read access */
2612 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2613 attrs);
2614 stl_p(buf, val);
2615 break;
2616 case 2:
2617 /* 16 bit read access */
2618 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2619 attrs);
2620 stw_p(buf, val);
2621 break;
2622 case 1:
2623 /* 8 bit read access */
2624 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2625 attrs);
2626 stb_p(buf, val);
2627 break;
2628 default:
2629 abort();
2630 }
2631 } else {
2632 /* RAM case */
2633 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2634 memcpy(buf, ptr, l);
2635 }
2636
2637 if (release_lock) {
2638 qemu_mutex_unlock_iothread();
2639 release_lock = false;
2640 }
2641
2642 len -= l;
2643 buf += l;
2644 addr += l;
a203ac70
PB		 2645
2646 if (!len) {
2647 break;
2648 }
2649
2650 l = len;
2651 mr = address_space_translate(as, addr, &addr1, &l, false);
2652 }
2653
2654 return result;
2655}
2656
3cc8f884
PB		 2657MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2658 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2659{
2660 hwaddr l;
2661 hwaddr addr1;
2662 MemoryRegion *mr;
2663 MemTxResult result = MEMTX_OK;
2664
2665 if (len > 0) {
2666 rcu_read_lock();
2667 l = len;
2668 mr = address_space_translate(as, addr, &addr1, &l, false);
2669 result = address_space_read_continue(as, addr, attrs, buf, len,
2670 addr1, l, mr);
2671 rcu_read_unlock();
eb7eeb88 2672 }
eb7eeb88
PB		 2673
2674 return result;
ac1970fb
AK		 2675}
2676
eb7eeb88
PB		 2677MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2678 uint8_t *buf, int len, bool is_write)
2679{
2680 if (is_write) {
2681 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2682 } else {
2683 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2684 }
2685}
ac1970fb 2686
a8170e5e 2687void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2688 int len, int is_write)
2689{
5c9eb028
PM		 2690 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2691 buf, len, is_write);
ac1970fb
AK		 2692}
2693
582b55a9
AG		 2694enum write_rom_type {
2695 WRITE_DATA,
2696 FLUSH_CACHE,
2697};
2698
2a221651 2699static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2700 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2701{
149f54b5 2702 hwaddr l;
d0ecd2aa 2703 uint8_t *ptr;
149f54b5 2704 hwaddr addr1;
5c8a00ce 2705 MemoryRegion *mr;
3b46e624 2706
41063e1e 2707 rcu_read_lock();
d0ecd2aa 2708 while (len > 0) {
149f54b5 2709 l = len;
2a221651 2710 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2711
5c8a00ce
PB		 2712 if (!(memory_region_is_ram(mr) ||
2713 memory_region_is_romd(mr))) {
b242e0e0 2714 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2715 } else {
5c8a00ce 2716 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2717 /* ROM/RAM case */
5579c7f3 2718 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2719 switch (type) {
2720 case WRITE_DATA:
2721 memcpy(ptr, buf, l);
845b6214 2722 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2723 break;
2724 case FLUSH_CACHE:
2725 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2726 break;
2727 }
d0ecd2aa
FB		 2728 }
2729 len -= l;
2730 buf += l;
2731 addr += l;
2732 }
41063e1e 2733 rcu_read_unlock();
d0ecd2aa
FB		 2734}
2735
582b55a9 2736/* used for ROM loading : can write in RAM and ROM */
2a221651 2737void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2738 const uint8_t *buf, int len)
2739{
2a221651 2740 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2741}
2742
2743void cpu_flush_icache_range(hwaddr start, int len)
2744{
2745 /*
2746 * This function should do the same thing as an icache flush that was
2747 * triggered from within the guest. For TCG we are always cache coherent,
2748 * so there is no need to flush anything. For KVM / Xen we need to flush
2749 * the host's instruction cache at least.
2750 */
2751 if (tcg_enabled()) {
2752 return;
2753 }
2754
2a221651
EI		 2755 cpu_physical_memory_write_rom_internal(&address_space_memory,
2756 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2757}
2758
6d16c2f8 2759typedef struct {
d3e71559 2760 MemoryRegion *mr;
6d16c2f8 2761 void *buffer;
a8170e5e
AK		 2762 hwaddr addr;
2763 hwaddr len;
c2cba0ff 2764 bool in_use;
6d16c2f8
AL		 2765} BounceBuffer;
2766
2767static BounceBuffer bounce;
2768
ba223c29 2769typedef struct MapClient {
e95205e1 2770 QEMUBH *bh;
72cf2d4f 2771 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2772} MapClient;
2773
38e047b5 2774QemuMutex map_client_list_lock;
72cf2d4f
BS		 2775static QLIST_HEAD(map_client_list, MapClient) map_client_list
2776 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2777
e95205e1
FZ		 2778static void cpu_unregister_map_client_do(MapClient *client)
2779{
2780 QLIST_REMOVE(client, link);
2781 g_free(client);
2782}
2783
33b6c2ed
FZ		 2784static void cpu_notify_map_clients_locked(void)
2785{
2786 MapClient *client;
2787
2788 while (!QLIST_EMPTY(&map_client_list)) {
2789 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2790 qemu_bh_schedule(client->bh);
2791 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2792 }
2793}
2794
e95205e1 2795void cpu_register_map_client(QEMUBH *bh)
ba223c29 2796{
7267c094 2797 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2798
38e047b5 2799 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2800 client->bh = bh;
72cf2d4f 2801 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2802 if (!atomic_read(&bounce.in_use)) {
2803 cpu_notify_map_clients_locked();
2804 }
38e047b5 2805 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2806}
2807
38e047b5 2808void cpu_exec_init_all(void)
ba223c29 2809{
38e047b5 2810 qemu_mutex_init(&ram_list.mutex);
38e047b5 2811 io_mem_init();
680a4783 2812 memory_map_init();
38e047b5 2813 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2814}
2815
e95205e1 2816void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2817{
2818 MapClient *client;
2819
e95205e1
FZ		 2820 qemu_mutex_lock(&map_client_list_lock);
2821 QLIST_FOREACH(client, &map_client_list, link) {
2822 if (client->bh == bh) {
2823 cpu_unregister_map_client_do(client);
2824 break;
2825 }
ba223c29 2826 }
e95205e1 2827 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2828}
2829
2830static void cpu_notify_map_clients(void)
2831{
38e047b5 2832 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2833 cpu_notify_map_clients_locked();
38e047b5 2834 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2835}
2836
51644ab7
PB		 2837bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2838{
5c8a00ce 2839 MemoryRegion *mr;
51644ab7
PB		 2840 hwaddr l, xlat;
2841
41063e1e 2842 rcu_read_lock();
51644ab7
PB		 2843 while (len > 0) {
2844 l = len;
5c8a00ce
PB		 2845 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2846 if (!memory_access_is_direct(mr, is_write)) {
2847 l = memory_access_size(mr, l, addr);
2848 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2849 return false;
2850 }
2851 }
2852
2853 len -= l;
2854 addr += l;
2855 }
41063e1e 2856 rcu_read_unlock();
51644ab7
PB		 2857 return true;
2858}
2859
6d16c2f8
AL		 2860/* Map a physical memory region into a host virtual address.
2861 * May map a subset of the requested range, given by and returned in *plen.
2862 * May return NULL if resources needed to perform the mapping are exhausted.
2863 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2864 * Use cpu_register_map_client() to know when retrying the map operation is
2865 * likely to succeed.
6d16c2f8 2866 */
ac1970fb 2867void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2868 hwaddr addr,
2869 hwaddr *plen,
ac1970fb 2870 bool is_write)
6d16c2f8 2871{
a8170e5e 2872 hwaddr len = *plen;
e3127ae0
PB		 2873 hwaddr done = 0;
2874 hwaddr l, xlat, base;
2875 MemoryRegion *mr, *this_mr;
2876 ram_addr_t raddr;
e81bcda5 2877 void *ptr;
6d16c2f8 2878
e3127ae0
PB		 2879 if (len == 0) {
2880 return NULL;
2881 }
38bee5dc 2882
e3127ae0 2883 l = len;
41063e1e 2884 rcu_read_lock();
e3127ae0 2885 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2886
e3127ae0 2887 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2888 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2889 rcu_read_unlock();
e3127ae0 2890 return NULL;
6d16c2f8 2891 }
e85d9db5
KW		 2892 /* Avoid unbounded allocations */
2893 l = MIN(l, TARGET_PAGE_SIZE);
2894 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2895 bounce.addr = addr;
2896 bounce.len = l;
d3e71559
PB		 2897
2898 memory_region_ref(mr);
2899 bounce.mr = mr;
e3127ae0 2900 if (!is_write) {
5c9eb028
PM		 2901 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2902 bounce.buffer, l);
8ab934f9 2903 }
6d16c2f8 2904
41063e1e 2905 rcu_read_unlock();
e3127ae0
PB		 2906 *plen = l;
2907 return bounce.buffer;
2908 }
2909
2910 base = xlat;
2911 raddr = memory_region_get_ram_addr(mr);
2912
2913 for (;;) {
6d16c2f8
AL		 2914 len -= l;
2915 addr += l;
e3127ae0
PB		 2916 done += l;
2917 if (len == 0) {
2918 break;
2919 }
2920
2921 l = len;
2922 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2923 if (this_mr != mr || xlat != base + done) {
2924 break;
2925 }
6d16c2f8 2926 }
e3127ae0 2927
d3e71559 2928 memory_region_ref(mr);
e3127ae0 2929 *plen = done;
e81bcda5
PB		 2930 ptr = qemu_ram_ptr_length(raddr + base, plen);
2931 rcu_read_unlock();
2932
2933 return ptr;
6d16c2f8
AL		 2934}
2935
ac1970fb 2936/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2937 * Will also mark the memory as dirty if is_write == 1. access_len gives
2938 * the amount of memory that was actually read or written by the caller.
2939 */
a8170e5e
AK		 2940void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2941 int is_write, hwaddr access_len)
6d16c2f8
AL		 2942{
2943 if (buffer != bounce.buffer) {
d3e71559
PB		 2944 MemoryRegion *mr;
2945 ram_addr_t addr1;
2946
2947 mr = qemu_ram_addr_from_host(buffer, &addr1);
2948 assert(mr != NULL);
6d16c2f8 2949 if (is_write) {
845b6214 2950 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2951 }
868bb33f 2952 if (xen_enabled()) {
e41d7c69 2953 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2954 }
d3e71559 2955 memory_region_unref(mr);
6d16c2f8
AL		 2956 return;
2957 }
2958 if (is_write) {
5c9eb028
PM		 2959 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2960 bounce.buffer, access_len);
6d16c2f8 2961 }
f8a83245 2962 qemu_vfree(bounce.buffer);
6d16c2f8 2963 bounce.buffer = NULL;
d3e71559 2964 memory_region_unref(bounce.mr);
c2cba0ff 2965 atomic_mb_set(&bounce.in_use, false);
ba223c29 2966 cpu_notify_map_clients();
6d16c2f8 2967}
d0ecd2aa 2968
a8170e5e
AK		 2969void *cpu_physical_memory_map(hwaddr addr,
2970 hwaddr *plen,
ac1970fb
AK		 2971 int is_write)
2972{
2973 return address_space_map(&address_space_memory, addr, plen, is_write);
2974}
2975
a8170e5e
AK		 2976void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2977 int is_write, hwaddr access_len)
ac1970fb
AK		 2978{
2979 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2980}
2981
8df1cd07 2982/* warning: addr must be aligned */
50013115
PM		 2983static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs,
2985 MemTxResult *result,
2986 enum device_endian endian)
8df1cd07 2987{
8df1cd07 2988 uint8_t *ptr;
791af8c8 2989 uint64_t val;
5c8a00ce 2990 MemoryRegion *mr;
149f54b5
PB		 2991 hwaddr l = 4;
2992 hwaddr addr1;
50013115 2993 MemTxResult r;
4840f10e 2994 bool release_lock = false;
8df1cd07 2995
41063e1e 2996 rcu_read_lock();
fdfba1a2 2997 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2998 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2999 release_lock |= prepare_mmio_access(mr);
125b3806 3000
8df1cd07 3001 /* I/O case */
50013115 3002 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3003#if defined(TARGET_WORDS_BIGENDIAN)
3004 if (endian == DEVICE_LITTLE_ENDIAN) {
3005 val = bswap32(val);
3006 }
3007#else
3008 if (endian == DEVICE_BIG_ENDIAN) {
3009 val = bswap32(val);
3010 }
3011#endif
8df1cd07
FB		 3012 } else {
3013 /* RAM case */
5c8a00ce 3014 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3015 & TARGET_PAGE_MASK)
149f54b5 3016 + addr1);
1e78bcc1
AG		 3017 switch (endian) {
3018 case DEVICE_LITTLE_ENDIAN:
3019 val = ldl_le_p(ptr);
3020 break;
3021 case DEVICE_BIG_ENDIAN:
3022 val = ldl_be_p(ptr);
3023 break;
3024 default:
3025 val = ldl_p(ptr);
3026 break;
3027 }
50013115
PM		 3028 r = MEMTX_OK;
3029 }
3030 if (result) {
3031 *result = r;
8df1cd07 3032 }
4840f10e
JK		 3033 if (release_lock) {
3034 qemu_mutex_unlock_iothread();
3035 }
41063e1e 3036 rcu_read_unlock();
8df1cd07
FB		 3037 return val;
3038}
3039
50013115
PM		 3040uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3041 MemTxAttrs attrs, MemTxResult *result)
3042{
3043 return address_space_ldl_internal(as, addr, attrs, result,
3044 DEVICE_NATIVE_ENDIAN);
3045}
3046
3047uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3048 MemTxAttrs attrs, MemTxResult *result)
3049{
3050 return address_space_ldl_internal(as, addr, attrs, result,
3051 DEVICE_LITTLE_ENDIAN);
3052}
3053
3054uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3055 MemTxAttrs attrs, MemTxResult *result)
3056{
3057 return address_space_ldl_internal(as, addr, attrs, result,
3058 DEVICE_BIG_ENDIAN);
3059}
3060
fdfba1a2 3061uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3062{
50013115 3063 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3064}
3065
fdfba1a2 3066uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3067{
50013115 3068 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3069}
3070
fdfba1a2 3071uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3072{
50013115 3073 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3074}
3075
84b7b8e7 3076/* warning: addr must be aligned */
50013115
PM		 3077static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3078 MemTxAttrs attrs,
3079 MemTxResult *result,
3080 enum device_endian endian)
84b7b8e7 3081{
84b7b8e7
FB		 3082 uint8_t *ptr;
3083 uint64_t val;
5c8a00ce 3084 MemoryRegion *mr;
149f54b5
PB		 3085 hwaddr l = 8;
3086 hwaddr addr1;
50013115 3087 MemTxResult r;
4840f10e 3088 bool release_lock = false;
84b7b8e7 3089
41063e1e 3090 rcu_read_lock();
2c17449b 3091 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3092 false);
3093 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3094 release_lock |= prepare_mmio_access(mr);
125b3806 3095
84b7b8e7 3096 /* I/O case */
50013115 3097 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3098#if defined(TARGET_WORDS_BIGENDIAN)
3099 if (endian == DEVICE_LITTLE_ENDIAN) {
3100 val = bswap64(val);
3101 }
3102#else
3103 if (endian == DEVICE_BIG_ENDIAN) {
3104 val = bswap64(val);
3105 }
84b7b8e7
FB		 3106#endif
3107 } else {
3108 /* RAM case */
5c8a00ce 3109 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3110 & TARGET_PAGE_MASK)
149f54b5 3111 + addr1);
1e78bcc1
AG		 3112 switch (endian) {
3113 case DEVICE_LITTLE_ENDIAN:
3114 val = ldq_le_p(ptr);
3115 break;
3116 case DEVICE_BIG_ENDIAN:
3117 val = ldq_be_p(ptr);
3118 break;
3119 default:
3120 val = ldq_p(ptr);
3121 break;
3122 }
50013115
PM		 3123 r = MEMTX_OK;
3124 }
3125 if (result) {
3126 *result = r;
84b7b8e7 3127 }
4840f10e
JK		 3128 if (release_lock) {
3129 qemu_mutex_unlock_iothread();
3130 }
41063e1e 3131 rcu_read_unlock();
84b7b8e7
FB		 3132 return val;
3133}
3134
50013115
PM		 3135uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3137{
3138 return address_space_ldq_internal(as, addr, attrs, result,
3139 DEVICE_NATIVE_ENDIAN);
3140}
3141
3142uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs, MemTxResult *result)
3144{
3145 return address_space_ldq_internal(as, addr, attrs, result,
3146 DEVICE_LITTLE_ENDIAN);
3147}
3148
3149uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3150 MemTxAttrs attrs, MemTxResult *result)
3151{
3152 return address_space_ldq_internal(as, addr, attrs, result,
3153 DEVICE_BIG_ENDIAN);
3154}
3155
2c17449b 3156uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3157{
50013115 3158 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3159}
3160
2c17449b 3161uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3162{
50013115 3163 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3164}
3165
2c17449b 3166uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3167{
50013115 3168 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3169}
3170
aab33094 3171/* XXX: optimize */
50013115
PM		 3172uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3173 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3174{
3175 uint8_t val;
50013115
PM		 3176 MemTxResult r;
3177
3178 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3179 if (result) {
3180 *result = r;
3181 }
aab33094
FB		 3182 return val;
3183}
3184
50013115
PM		 3185uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3186{
3187 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3188}
3189
733f0b02 3190/* warning: addr must be aligned */
50013115
PM		 3191static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3192 hwaddr addr,
3193 MemTxAttrs attrs,
3194 MemTxResult *result,
3195 enum device_endian endian)
aab33094 3196{
733f0b02
MT		 3197 uint8_t *ptr;
3198 uint64_t val;
5c8a00ce 3199 MemoryRegion *mr;
149f54b5
PB		 3200 hwaddr l = 2;
3201 hwaddr addr1;
50013115 3202 MemTxResult r;
4840f10e 3203 bool release_lock = false;
733f0b02 3204
41063e1e 3205 rcu_read_lock();
41701aa4 3206 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3207 false);
3208 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3209 release_lock |= prepare_mmio_access(mr);
125b3806 3210
733f0b02 3211 /* I/O case */
50013115 3212 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3213#if defined(TARGET_WORDS_BIGENDIAN)
3214 if (endian == DEVICE_LITTLE_ENDIAN) {
3215 val = bswap16(val);
3216 }
3217#else
3218 if (endian == DEVICE_BIG_ENDIAN) {
3219 val = bswap16(val);
3220 }
3221#endif
733f0b02
MT		 3222 } else {
3223 /* RAM case */
5c8a00ce 3224 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3225 & TARGET_PAGE_MASK)
149f54b5 3226 + addr1);
1e78bcc1
AG		 3227 switch (endian) {
3228 case DEVICE_LITTLE_ENDIAN:
3229 val = lduw_le_p(ptr);
3230 break;
3231 case DEVICE_BIG_ENDIAN:
3232 val = lduw_be_p(ptr);
3233 break;
3234 default:
3235 val = lduw_p(ptr);
3236 break;
3237 }
50013115
PM		 3238 r = MEMTX_OK;
3239 }
3240 if (result) {
3241 *result = r;
733f0b02 3242 }
4840f10e
JK		 3243 if (release_lock) {
3244 qemu_mutex_unlock_iothread();
3245 }
41063e1e 3246 rcu_read_unlock();
733f0b02 3247 return val;
aab33094
FB		 3248}
3249
50013115
PM		 3250uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3251 MemTxAttrs attrs, MemTxResult *result)
3252{
3253 return address_space_lduw_internal(as, addr, attrs, result,
3254 DEVICE_NATIVE_ENDIAN);
3255}
3256
3257uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3258 MemTxAttrs attrs, MemTxResult *result)
3259{
3260 return address_space_lduw_internal(as, addr, attrs, result,
3261 DEVICE_LITTLE_ENDIAN);
3262}
3263
3264uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3265 MemTxAttrs attrs, MemTxResult *result)
3266{
3267 return address_space_lduw_internal(as, addr, attrs, result,
3268 DEVICE_BIG_ENDIAN);
3269}
3270
41701aa4 3271uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3272{
50013115 3273 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3274}
3275
41701aa4 3276uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3277{
50013115 3278 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3279}
3280
41701aa4 3281uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3282{
50013115 3283 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3284}
3285
8df1cd07
FB		 3286/* warning: addr must be aligned. The ram page is not masked as dirty
3287 and the code inside is not invalidated. It is useful if the dirty
3288 bits are used to track modified PTEs */
50013115
PM		 3289void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3291{
8df1cd07 3292 uint8_t *ptr;
5c8a00ce 3293 MemoryRegion *mr;
149f54b5
PB		 3294 hwaddr l = 4;
3295 hwaddr addr1;
50013115 3296 MemTxResult r;
845b6214 3297 uint8_t dirty_log_mask;
4840f10e 3298 bool release_lock = false;
8df1cd07 3299
41063e1e 3300 rcu_read_lock();
2198a121 3301 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3302 true);
3303 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3304 release_lock |= prepare_mmio_access(mr);
125b3806 3305
50013115 3306 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3307 } else {
5c8a00ce 3308 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3309 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3310 stl_p(ptr, val);
74576198 3311
845b6214
PB		 3312 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3313 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3314 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3315 r = MEMTX_OK;
3316 }
3317 if (result) {
3318 *result = r;
8df1cd07 3319 }
4840f10e
JK		 3320 if (release_lock) {
3321 qemu_mutex_unlock_iothread();
3322 }
41063e1e 3323 rcu_read_unlock();
8df1cd07
FB		 3324}
3325
50013115
PM		 3326void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3327{
3328 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3329}
3330
8df1cd07 3331/* warning: addr must be aligned */
50013115
PM		 3332static inline void address_space_stl_internal(AddressSpace *as,
3333 hwaddr addr, uint32_t val,
3334 MemTxAttrs attrs,
3335 MemTxResult *result,
3336 enum device_endian endian)
8df1cd07 3337{
8df1cd07 3338 uint8_t *ptr;
5c8a00ce 3339 MemoryRegion *mr;
149f54b5
PB		 3340 hwaddr l = 4;
3341 hwaddr addr1;
50013115 3342 MemTxResult r;
4840f10e 3343 bool release_lock = false;
8df1cd07 3344
41063e1e 3345 rcu_read_lock();
ab1da857 3346 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3347 true);
3348 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3349 release_lock |= prepare_mmio_access(mr);
125b3806 3350
1e78bcc1
AG		 3351#if defined(TARGET_WORDS_BIGENDIAN)
3352 if (endian == DEVICE_LITTLE_ENDIAN) {
3353 val = bswap32(val);
3354 }
3355#else
3356 if (endian == DEVICE_BIG_ENDIAN) {
3357 val = bswap32(val);
3358 }
3359#endif
50013115 3360 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3361 } else {
8df1cd07 3362 /* RAM case */
5c8a00ce 3363 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3364 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3365 switch (endian) {
3366 case DEVICE_LITTLE_ENDIAN:
3367 stl_le_p(ptr, val);
3368 break;
3369 case DEVICE_BIG_ENDIAN:
3370 stl_be_p(ptr, val);
3371 break;
3372 default:
3373 stl_p(ptr, val);
3374 break;
3375 }
845b6214 3376 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3377 r = MEMTX_OK;
3378 }
3379 if (result) {
3380 *result = r;
8df1cd07 3381 }
4840f10e
JK		 3382 if (release_lock) {
3383 qemu_mutex_unlock_iothread();
3384 }
41063e1e 3385 rcu_read_unlock();
8df1cd07
FB		 3386}
3387
50013115
PM		 3388void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3389 MemTxAttrs attrs, MemTxResult *result)
3390{
3391 address_space_stl_internal(as, addr, val, attrs, result,
3392 DEVICE_NATIVE_ENDIAN);
3393}
3394
3395void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3397{
3398 address_space_stl_internal(as, addr, val, attrs, result,
3399 DEVICE_LITTLE_ENDIAN);
3400}
3401
3402void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3403 MemTxAttrs attrs, MemTxResult *result)
3404{
3405 address_space_stl_internal(as, addr, val, attrs, result,
3406 DEVICE_BIG_ENDIAN);
3407}
3408
ab1da857 3409void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3410{
50013115 3411 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3412}
3413
ab1da857 3414void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3415{
50013115 3416 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3417}
3418
ab1da857 3419void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3420{
50013115 3421 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3422}
3423
aab33094 3424/* XXX: optimize */
50013115
PM		 3425void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3426 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3427{
3428 uint8_t v = val;
50013115
PM		 3429 MemTxResult r;
3430
3431 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3432 if (result) {
3433 *result = r;
3434 }
3435}
3436
3437void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3438{
3439 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3440}
3441
733f0b02 3442/* warning: addr must be aligned */
50013115
PM		 3443static inline void address_space_stw_internal(AddressSpace *as,
3444 hwaddr addr, uint32_t val,
3445 MemTxAttrs attrs,
3446 MemTxResult *result,
3447 enum device_endian endian)
aab33094 3448{
733f0b02 3449 uint8_t *ptr;
5c8a00ce 3450 MemoryRegion *mr;
149f54b5
PB		 3451 hwaddr l = 2;
3452 hwaddr addr1;
50013115 3453 MemTxResult r;
4840f10e 3454 bool release_lock = false;
733f0b02 3455
41063e1e 3456 rcu_read_lock();
5ce5944d 3457 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3458 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3459 release_lock |= prepare_mmio_access(mr);
125b3806 3460
1e78bcc1
AG		 3461#if defined(TARGET_WORDS_BIGENDIAN)
3462 if (endian == DEVICE_LITTLE_ENDIAN) {
3463 val = bswap16(val);
3464 }
3465#else
3466 if (endian == DEVICE_BIG_ENDIAN) {
3467 val = bswap16(val);
3468 }
3469#endif
50013115 3470 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3471 } else {
733f0b02 3472 /* RAM case */
5c8a00ce 3473 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3474 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3475 switch (endian) {
3476 case DEVICE_LITTLE_ENDIAN:
3477 stw_le_p(ptr, val);
3478 break;
3479 case DEVICE_BIG_ENDIAN:
3480 stw_be_p(ptr, val);
3481 break;
3482 default:
3483 stw_p(ptr, val);
3484 break;
3485 }
845b6214 3486 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3487 r = MEMTX_OK;
3488 }
3489 if (result) {
3490 *result = r;
733f0b02 3491 }
4840f10e
JK		 3492 if (release_lock) {
3493 qemu_mutex_unlock_iothread();
3494 }
41063e1e 3495 rcu_read_unlock();
aab33094
FB		 3496}
3497
50013115
PM		 3498void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3499 MemTxAttrs attrs, MemTxResult *result)
3500{
3501 address_space_stw_internal(as, addr, val, attrs, result,
3502 DEVICE_NATIVE_ENDIAN);
3503}
3504
3505void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3506 MemTxAttrs attrs, MemTxResult *result)
3507{
3508 address_space_stw_internal(as, addr, val, attrs, result,
3509 DEVICE_LITTLE_ENDIAN);
3510}
3511
3512void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3513 MemTxAttrs attrs, MemTxResult *result)
3514{
3515 address_space_stw_internal(as, addr, val, attrs, result,
3516 DEVICE_BIG_ENDIAN);
3517}
3518
5ce5944d 3519void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3520{
50013115 3521 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3522}
3523
5ce5944d 3524void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3525{
50013115 3526 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3527}
3528
5ce5944d 3529void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3530{
50013115 3531 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3532}
3533
aab33094 3534/* XXX: optimize */
50013115
PM		 3535void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3536 MemTxAttrs attrs, MemTxResult *result)
aab33094 3537{
50013115 3538 MemTxResult r;
aab33094 3539 val = tswap64(val);
50013115
PM		 3540 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3541 if (result) {
3542 *result = r;
3543 }
aab33094
FB		 3544}
3545
50013115
PM		 3546void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3547 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3548{
50013115 3549 MemTxResult r;
1e78bcc1 3550 val = cpu_to_le64(val);
50013115
PM		 3551 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3552 if (result) {
3553 *result = r;
3554 }
3555}
3556void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3557 MemTxAttrs attrs, MemTxResult *result)
3558{
3559 MemTxResult r;
3560 val = cpu_to_be64(val);
3561 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3562 if (result) {
3563 *result = r;
3564 }
3565}
3566
3567void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3568{
3569 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3570}
3571
3572void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3573{
3574 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3575}
3576
f606604f 3577void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3578{
50013115 3579 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3580}
3581
5e2972fd 3582/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3583int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3584 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3585{
3586 int l;
a8170e5e 3587 hwaddr phys_addr;
9b3c35e0 3588 target_ulong page;
13eb76e0
FB		 3589
3590 while (len > 0) {
5232e4c7
PM		 3591 int asidx;
3592 MemTxAttrs attrs;
3593
13eb76e0 3594 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3595 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3596 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3597 /* if no physical page mapped, return an error */
3598 if (phys_addr == -1)
3599 return -1;
3600 l = (page + TARGET_PAGE_SIZE) - addr;
3601 if (l > len)
3602 l = len;
5e2972fd 3603 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3604 if (is_write) {
5232e4c7
PM		 3605 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3606 phys_addr, buf, l);
2e38847b 3607 } else {
5232e4c7
PM		 3608 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3609 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3610 buf, l, 0);
2e38847b 3611 }
13eb76e0
FB		 3612 len -= l;
3613 buf += l;
3614 addr += l;
3615 }
3616 return 0;
3617}
038629a6
DDAG		 3618
3619/*
3620 * Allows code that needs to deal with migration bitmaps etc to still be built
3621 * target independent.
3622 */
3623size_t qemu_target_page_bits(void)
3624{
3625 return TARGET_PAGE_BITS;
3626}
3627
a68fe89c 3628#endif
13eb76e0 3629
8e4a424b
BS		 3630/*
3631 * A helper function for the _utterly broken_ virtio device model to find out if
3632 * it's running on a big endian machine. Don't do this at home kids!
3633 */
98ed8ecf
GK		 3634bool target_words_bigendian(void);
3635bool target_words_bigendian(void)
8e4a424b
BS		 3636{
3637#if defined(TARGET_WORDS_BIGENDIAN)
3638 return true;
3639#else
3640 return false;
3641#endif
3642}
3643
76f35538 3644#ifndef CONFIG_USER_ONLY
a8170e5e 3645bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3646{
5c8a00ce 3647 MemoryRegion*mr;
149f54b5 3648 hwaddr l = 1;
41063e1e 3649 bool res;
76f35538 3650
41063e1e 3651 rcu_read_lock();
5c8a00ce
PB		 3652 mr = address_space_translate(&address_space_memory,
3653 phys_addr, &phys_addr, &l, false);
76f35538 3654
41063e1e
PB		 3655 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3656 rcu_read_unlock();
3657 return res;
76f35538 3658}
bd2fa51f 3659
e3807054 3660int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3661{
3662 RAMBlock *block;
e3807054 3663 int ret = 0;
bd2fa51f 3664
0dc3f44a
MD		 3665 rcu_read_lock();
3666 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3667 ret = func(block->idstr, block->host, block->offset,
3668 block->used_length, opaque);
3669 if (ret) {
3670 break;
3671 }
bd2fa51f 3672 }
0dc3f44a 3673 rcu_read_unlock();
e3807054 3674 return ret;
bd2fa51f 3675}
ec3f8c99 3676#endif
QEMU mirror