]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: manage coalesced mmio via a MemoryListener
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
7762c2c1 62#include "memory-internal.h"
67d95c15 63
fd6ce8f6 64//#define DEBUG_TB_INVALIDATE
66e85a21 65//#define DEBUG_FLUSH
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24 69//#define DEBUG_TB_CHECK
fd6ce8f6 70
1196be37 71//#define DEBUG_IOPORT
db7b5426 72//#define DEBUG_SUBPAGE
1196be37 73
99773bd4
PB		 74#if !defined(CONFIG_USER_ONLY)
75/* TB consistency checks only implemented for usermode emulation. */
76#undef DEBUG_TB_CHECK
77#endif
78
9fa3e853
FB		 79#define SMC_BITMAP_USE_THRESHOLD 10
80
bdaf78e0 81static TranslationBlock *tbs;
24ab68ac 82static int code_gen_max_blocks;
9fa3e853 83TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 84static int nb_tbs;
eb51d102 85/* any access to the tbs or the page table must use this lock */
c227f099 86spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 87
9b9c37c3 88#if defined(__arm__) || defined(__sparc__)
141ac468
BS		 89/* The prologue must be reachable with a direct jump. ARM and Sparc64
90 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 91 section close to code segment. */
92#define code_gen_section \
93 __attribute__((__section__(".gen_code"))) \
94 __attribute__((aligned (32)))
6840981d 95#elif defined(_WIN32) && !defined(_WIN64)
f8e2af11
SW		 96#define code_gen_section \
97 __attribute__((aligned (16)))
d03d860b
BS		 98#else
99#define code_gen_section \
100 __attribute__((aligned (32)))
101#endif
102
103uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 104static uint8_t *code_gen_buffer;
105static unsigned long code_gen_buffer_size;
26a5f13b 106/* threshold to flush the translated code buffer */
bdaf78e0 107static unsigned long code_gen_buffer_max_size;
24ab68ac 108static uint8_t *code_gen_ptr;
fd6ce8f6 109
e2eef170 110#if !defined(CONFIG_USER_ONLY)
9fa3e853 111int phys_ram_fd;
74576198 112static int in_migration;
94a6b54f 113
85d59fef 114RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 115
116static MemoryRegion *system_memory;
309cb471 117static MemoryRegion *system_io;
62152b8a 118
0e0df1e2 119MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 120static MemoryRegion io_mem_subpage_ram;
0e0df1e2 121
e2eef170 122#endif
9fa3e853 123
9349b4f9 124CPUArchState *first_cpu;
6a00d601
FB		 125/* current CPU in the current thread. It is only valid inside
126 cpu_exec() */
9349b4f9 127DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 128/* 0 = Do not count executed instructions.
bf20dc07 129 1 = Precise instruction counting.
2e70f6ef
PB		 130 2 = Adaptive rate instruction counting. */
131int use_icount = 0;
6a00d601 132
54936004 133typedef struct PageDesc {
92e873b9 134 /* list of TBs intersecting this ram page */
fd6ce8f6 135 TranslationBlock *first_tb;
9fa3e853
FB		 136 /* in order to optimize self modifying code, we count the number
137 of lookups we do to a given page to use a bitmap */
138 unsigned int code_write_count;
139 uint8_t *code_bitmap;
140#if defined(CONFIG_USER_ONLY)
141 unsigned long flags;
142#endif
54936004
FB		 143} PageDesc;
144
41c1b1c9 145/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 146 while in user mode we want it to be based on virtual addresses. */
147#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 148#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
149# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
150#else
5cd2c5b6 151# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 152#endif
bedb69ea 153#else
5cd2c5b6 154# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 155#endif
54936004 156
5cd2c5b6
RH		 157/* Size of the L2 (and L3, etc) page tables. */
158#define L2_BITS 10
54936004
FB		 159#define L2_SIZE (1 << L2_BITS)
160
3eef53df
AK		 161#define P_L2_LEVELS \
162 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
163
5cd2c5b6 164/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 165#define V_L1_BITS_REM \
166 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
167
5cd2c5b6
RH		 168#if V_L1_BITS_REM < 4
169#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
170#else
171#define V_L1_BITS V_L1_BITS_REM
172#endif
173
5cd2c5b6
RH		 174#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
175
5cd2c5b6
RH		 176#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
177
c6d50674
SW		 178uintptr_t qemu_real_host_page_size;
179uintptr_t qemu_host_page_size;
180uintptr_t qemu_host_page_mask;
54936004 181
5cd2c5b6
RH		 182/* This is a multi-level map on the virtual address space.
183 The bottom level has pointers to PageDesc. */
184static void *l1_map[V_L1_SIZE];
54936004 185
e2eef170 186#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 187typedef struct PhysPageEntry PhysPageEntry;
188
5312bd8b
AK		 189static MemoryRegionSection *phys_sections;
190static unsigned phys_sections_nb, phys_sections_nb_alloc;
191static uint16_t phys_section_unassigned;
aa102231
AK		 192static uint16_t phys_section_notdirty;
193static uint16_t phys_section_rom;
194static uint16_t phys_section_watch;
5312bd8b 195
4346ae3e 196struct PhysPageEntry {
07f07b31
AK		 197 uint16_t is_leaf : 1;
198 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
199 uint16_t ptr : 15;
4346ae3e
AK		 200};
201
d6f2ea22
AK		 202/* Simple allocator for PhysPageEntry nodes */
203static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
204static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
205
07f07b31 206#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 207
5cd2c5b6 208/* This is a multi-level map on the physical address space.
06ef3525 209 The bottom level has pointers to MemoryRegionSections. */
07f07b31 210static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 211
e2eef170 212static void io_mem_init(void);
62152b8a 213static void memory_map_init(void);
e2eef170 214
1ec9b909 215static MemoryRegion io_mem_watch;
6658ffb8 216#endif
33417e70 217
e3db7226 218/* statistics */
e3db7226
FB		 219static int tb_flush_count;
220static int tb_phys_invalidate_count;
221
7cb69cae
FB		 222#ifdef _WIN32
223static void map_exec(void *addr, long size)
224{
225 DWORD old_protect;
226 VirtualProtect(addr, size,
227 PAGE_EXECUTE_READWRITE, &old_protect);
228
229}
230#else
231static void map_exec(void *addr, long size)
232{
4369415f 233 unsigned long start, end, page_size;
7cb69cae 234
4369415f 235 page_size = getpagesize();
7cb69cae 236 start = (unsigned long)addr;
4369415f 237 start &= ~(page_size - 1);
7cb69cae
FB		 238
239 end = (unsigned long)addr + size;
4369415f
FB		 240 end += page_size - 1;
241 end &= ~(page_size - 1);
7cb69cae
FB		 242
243 mprotect((void *)start, end - start,
244 PROT_READ | PROT_WRITE | PROT_EXEC);
245}
246#endif
247
b346ff46 248static void page_init(void)
54936004 249{
83fb7adf 250 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 251 TARGET_PAGE_SIZE */
c2b48b69
AL		 252#ifdef _WIN32
253 {
254 SYSTEM_INFO system_info;
255
256 GetSystemInfo(&system_info);
257 qemu_real_host_page_size = system_info.dwPageSize;
258 }
259#else
260 qemu_real_host_page_size = getpagesize();
261#endif
83fb7adf
FB		 262 if (qemu_host_page_size == 0)
263 qemu_host_page_size = qemu_real_host_page_size;
264 if (qemu_host_page_size < TARGET_PAGE_SIZE)
265 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 266 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 267
2e9a5713 268#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 269 {
f01576f1
JL		 270#ifdef HAVE_KINFO_GETVMMAP
271 struct kinfo_vmentry *freep;
272 int i, cnt;
273
274 freep = kinfo_getvmmap(getpid(), &cnt);
275 if (freep) {
276 mmap_lock();
277 for (i = 0; i < cnt; i++) {
278 unsigned long startaddr, endaddr;
279
280 startaddr = freep[i].kve_start;
281 endaddr = freep[i].kve_end;
282 if (h2g_valid(startaddr)) {
283 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
284
285 if (h2g_valid(endaddr)) {
286 endaddr = h2g(endaddr);
fd436907 287 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 288 } else {
289#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
290 endaddr = ~0ul;
fd436907 291 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 292#endif
293 }
294 }
295 }
296 free(freep);
297 mmap_unlock();
298 }
299#else
50a9569b 300 FILE *f;
50a9569b 301
0776590d 302 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 303
fd436907 304 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 305 if (f) {
5cd2c5b6
RH		 306 mmap_lock();
307
50a9569b 308 do {
5cd2c5b6
RH		 309 unsigned long startaddr, endaddr;
310 int n;
311
312 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
313
314 if (n == 2 && h2g_valid(startaddr)) {
315 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
316
317 if (h2g_valid(endaddr)) {
318 endaddr = h2g(endaddr);
319 } else {
320 endaddr = ~0ul;
321 }
322 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 323 }
324 } while (!feof(f));
5cd2c5b6 325
50a9569b 326 fclose(f);
5cd2c5b6 327 mmap_unlock();
50a9569b 328 }
f01576f1 329#endif
50a9569b
AZ		 330 }
331#endif
54936004
FB		 332}
333
41c1b1c9 334static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 335{
41c1b1c9
PB		 336 PageDesc *pd;
337 void **lp;
338 int i;
339
5cd2c5b6 340#if defined(CONFIG_USER_ONLY)
7267c094 341 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 342# define ALLOC(P, SIZE) \
343 do { \
344 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
345 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 346 } while (0)
347#else
348# define ALLOC(P, SIZE) \
7267c094 349 do { P = g_malloc0(SIZE); } while (0)
17e2377a 350#endif
434929bf 351
5cd2c5b6
RH		 352 /* Level 1. Always allocated. */
353 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
354
355 /* Level 2..N-1. */
356 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
357 void **p = *lp;
358
359 if (p == NULL) {
360 if (!alloc) {
361 return NULL;
362 }
363 ALLOC(p, sizeof(void *) * L2_SIZE);
364 *lp = p;
17e2377a 365 }
5cd2c5b6
RH		 366
367 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
368 }
369
370 pd = *lp;
371 if (pd == NULL) {
372 if (!alloc) {
373 return NULL;
374 }
375 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
376 *lp = pd;
54936004 377 }
5cd2c5b6
RH		 378
379#undef ALLOC
5cd2c5b6
RH		 380
381 return pd + (index & (L2_SIZE - 1));
54936004
FB		 382}
383
41c1b1c9 384static inline PageDesc *page_find(tb_page_addr_t index)
54936004 385{
5cd2c5b6 386 return page_find_alloc(index, 0);
fd6ce8f6
FB		 387}
388
6d9a1304 389#if !defined(CONFIG_USER_ONLY)
d6f2ea22 390
f7bf5461 391static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 392{
f7bf5461 393 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 394 typedef PhysPageEntry Node[L2_SIZE];
395 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 396 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
397 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 398 phys_map_nodes = g_renew(Node, phys_map_nodes,
399 phys_map_nodes_nb_alloc);
400 }
f7bf5461
AK		 401}
402
403static uint16_t phys_map_node_alloc(void)
404{
405 unsigned i;
406 uint16_t ret;
407
408 ret = phys_map_nodes_nb++;
409 assert(ret != PHYS_MAP_NODE_NIL);
410 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 411 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 412 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 413 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 414 }
f7bf5461 415 return ret;
d6f2ea22
AK		 416}
417
418static void phys_map_nodes_reset(void)
419{
420 phys_map_nodes_nb = 0;
421}
422
92e873b9 423
2999097b
AK		 424static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
425 target_phys_addr_t *nb, uint16_t leaf,
426 int level)
f7bf5461
AK		 427{
428 PhysPageEntry *p;
429 int i;
07f07b31 430 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 431
07f07b31 432 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 433 lp->ptr = phys_map_node_alloc();
434 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 435 if (level == 0) {
436 for (i = 0; i < L2_SIZE; i++) {
07f07b31 437 p[i].is_leaf = 1;
c19e8800 438 p[i].ptr = phys_section_unassigned;
4346ae3e 439 }
67c4d23c 440 }
f7bf5461 441 } else {
c19e8800 442 p = phys_map_nodes[lp->ptr];
92e873b9 443 }
2999097b 444 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 445
2999097b 446 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 447 if ((*index & (step - 1)) == 0 && *nb >= step) {
448 lp->is_leaf = true;
c19e8800 449 lp->ptr = leaf;
07f07b31
AK		 450 *index += step;
451 *nb -= step;
2999097b
AK		 452 } else {
453 phys_page_set_level(lp, index, nb, leaf, level - 1);
454 }
455 ++lp;
f7bf5461
AK		 456 }
457}
458
2999097b
AK		 459static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
460 uint16_t leaf)
f7bf5461 461{
2999097b 462 /* Wildly overreserve - it doesn't matter much. */
07f07b31 463 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 464
2999097b 465 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 466}
467
0cac1b66 468MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 469{
31ab2b4a
AK		 470 PhysPageEntry lp = phys_map;
471 PhysPageEntry *p;
472 int i;
31ab2b4a 473 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 474
07f07b31 475 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 476 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 477 goto not_found;
478 }
c19e8800 479 p = phys_map_nodes[lp.ptr];
31ab2b4a 480 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 481 }
31ab2b4a 482
c19e8800 483 s_index = lp.ptr;
31ab2b4a 484not_found:
f3705d53
AK		 485 return &phys_sections[s_index];
486}
487
e5548617
BS		 488bool memory_region_is_unassigned(MemoryRegion *mr)
489{
490 return mr != &io_mem_ram && mr != &io_mem_rom
491 && mr != &io_mem_notdirty && !mr->rom_device
492 && mr != &io_mem_watch;
493}
494
c8a706fe
PB		 495#define mmap_lock() do { } while(0)
496#define mmap_unlock() do { } while(0)
9fa3e853 497#endif
fd6ce8f6 498
4369415f
FB		 499#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
500
501#if defined(CONFIG_USER_ONLY)
ccbb4d44 502/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 503 user mode. It will change when a dedicated libc will be used */
504#define USE_STATIC_CODE_GEN_BUFFER
505#endif
506
507#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 508static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
509 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 510#endif
511
8fcd3692 512static void code_gen_alloc(unsigned long tb_size)
26a5f13b 513{
4369415f
FB		 514#ifdef USE_STATIC_CODE_GEN_BUFFER
515 code_gen_buffer = static_code_gen_buffer;
516 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
517 map_exec(code_gen_buffer, code_gen_buffer_size);
518#else
26a5f13b
FB		 519 code_gen_buffer_size = tb_size;
520 if (code_gen_buffer_size == 0) {
4369415f 521#if defined(CONFIG_USER_ONLY)
4369415f
FB		 522 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
523#else
ccbb4d44 524 /* XXX: needs adjustments */
94a6b54f 525 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 526#endif
26a5f13b
FB		 527 }
528 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
529 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
530 /* The code gen buffer location may have constraints depending on
531 the host cpu and OS */
532#if defined(__linux__)
533 {
534 int flags;
141ac468
BS		 535 void *start = NULL;
536
26a5f13b
FB		 537 flags = MAP_PRIVATE | MAP_ANONYMOUS;
538#if defined(__x86_64__)
539 flags |= MAP_32BIT;
540 /* Cannot map more than that */
541 if (code_gen_buffer_size > (800 * 1024 * 1024))
542 code_gen_buffer_size = (800 * 1024 * 1024);
9b9c37c3 543#elif defined(__sparc__) && HOST_LONG_BITS == 64
141ac468 544 // Map the buffer below 2G, so we can use direct calls and branches
d5dd696f 545 start = (void *) 0x40000000UL;
141ac468
BS		 546 if (code_gen_buffer_size > (512 * 1024 * 1024))
547 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 548#elif defined(__arm__)
5c84bd90 549 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 550 if (code_gen_buffer_size > 16 * 1024 * 1024)
551 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 552#elif defined(__s390x__)
553 /* Map the buffer so that we can use direct calls and branches. */
554 /* We have a +- 4GB range on the branches; leave some slop. */
555 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
556 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
557 }
558 start = (void *)0x90000000UL;
26a5f13b 559#endif
141ac468
BS		 560 code_gen_buffer = mmap(start, code_gen_buffer_size,
561 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 562 flags, -1, 0);
563 if (code_gen_buffer == MAP_FAILED) {
564 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
565 exit(1);
566 }
567 }
cbb608a5 568#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 569 || defined(__DragonFly__) || defined(__OpenBSD__) \
570 || defined(__NetBSD__)
06e67a82
AL		 571 {
572 int flags;
573 void *addr = NULL;
574 flags = MAP_PRIVATE | MAP_ANONYMOUS;
575#if defined(__x86_64__)
576 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
577 * 0x40000000 is free */
578 flags |= MAP_FIXED;
579 addr = (void *)0x40000000;
580 /* Cannot map more than that */
581 if (code_gen_buffer_size > (800 * 1024 * 1024))
582 code_gen_buffer_size = (800 * 1024 * 1024);
9b9c37c3 583#elif defined(__sparc__) && HOST_LONG_BITS == 64
4cd31ad2 584 // Map the buffer below 2G, so we can use direct calls and branches
d5dd696f 585 addr = (void *) 0x40000000UL;
4cd31ad2
BS		 586 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
587 code_gen_buffer_size = (512 * 1024 * 1024);
588 }
06e67a82
AL		 589#endif
590 code_gen_buffer = mmap(addr, code_gen_buffer_size,
591 PROT_WRITE | PROT_READ | PROT_EXEC,
592 flags, -1, 0);
593 if (code_gen_buffer == MAP_FAILED) {
594 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
595 exit(1);
596 }
597 }
26a5f13b 598#else
7267c094 599 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 600 map_exec(code_gen_buffer, code_gen_buffer_size);
601#endif
4369415f 602#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 603 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 604 code_gen_buffer_max_size = code_gen_buffer_size -
605 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 606 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 607 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 608}
609
610/* Must be called before using the QEMU cpus. 'tb_size' is the size
611 (in bytes) allocated to the translation buffer. Zero means default
612 size. */
d5ab9713 613void tcg_exec_init(unsigned long tb_size)
26a5f13b 614{
26a5f13b
FB		 615 cpu_gen_init();
616 code_gen_alloc(tb_size);
617 code_gen_ptr = code_gen_buffer;
813da627 618 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 619 page_init();
9002ec79
RH		 620#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
621 /* There's no guest base to take into account, so go ahead and
622 initialize the prologue now. */
623 tcg_prologue_init(&tcg_ctx);
624#endif
26a5f13b
FB		 625}
626
d5ab9713
JK		 627bool tcg_enabled(void)
628{
629 return code_gen_buffer != NULL;
630}
631
632void cpu_exec_init_all(void)
633{
634#if !defined(CONFIG_USER_ONLY)
635 memory_map_init();
636 io_mem_init();
637#endif
638}
639
9656f324
PB		 640#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
641
e59fb374 642static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 643{
9349b4f9 644 CPUArchState *env = opaque;
9656f324 645
3098dba0
AJ		 646 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
647 version_id is increased. */
648 env->interrupt_request &= ~0x01;
9656f324
PB		 649 tlb_flush(env, 1);
650
651 return 0;
652}
e7f4eff7
JQ		 653
654static const VMStateDescription vmstate_cpu_common = {
655 .name = "cpu_common",
656 .version_id = 1,
657 .minimum_version_id = 1,
658 .minimum_version_id_old = 1,
e7f4eff7
JQ		 659 .post_load = cpu_common_post_load,
660 .fields = (VMStateField []) {
9349b4f9
AF		 661 VMSTATE_UINT32(halted, CPUArchState),
662 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 663 VMSTATE_END_OF_LIST()
664 }
665};
9656f324
PB		 666#endif
667
9349b4f9 668CPUArchState *qemu_get_cpu(int cpu)
950f1472 669{
9349b4f9 670 CPUArchState *env = first_cpu;
950f1472
GC		 671
672 while (env) {
673 if (env->cpu_index == cpu)
674 break;
675 env = env->next_cpu;
676 }
677
678 return env;
679}
680
9349b4f9 681void cpu_exec_init(CPUArchState *env)
fd6ce8f6 682{
9349b4f9 683 CPUArchState **penv;
6a00d601
FB		 684 int cpu_index;
685
c2764719
PB		 686#if defined(CONFIG_USER_ONLY)
687 cpu_list_lock();
688#endif
6a00d601
FB		 689 env->next_cpu = NULL;
690 penv = &first_cpu;
691 cpu_index = 0;
692 while (*penv != NULL) {
1e9fa730 693 penv = &(*penv)->next_cpu;
6a00d601
FB		 694 cpu_index++;
695 }
696 env->cpu_index = cpu_index;
268a362c 697 env->numa_node = 0;
72cf2d4f
BS		 698 QTAILQ_INIT(&env->breakpoints);
699 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 700#ifndef CONFIG_USER_ONLY
701 env->thread_id = qemu_get_thread_id();
702#endif
6a00d601 703 *penv = env;
c2764719
PB		 704#if defined(CONFIG_USER_ONLY)
705 cpu_list_unlock();
706#endif
b3c7724c 707#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 708 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
709 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 710 cpu_save, cpu_load, env);
711#endif
fd6ce8f6
FB		 712}
713
d1a1eb74
TG		 714/* Allocate a new translation block. Flush the translation buffer if
715 too many translation blocks or too much generated code. */
716static TranslationBlock *tb_alloc(target_ulong pc)
717{
718 TranslationBlock *tb;
719
720 if (nb_tbs >= code_gen_max_blocks ||
721 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
722 return NULL;
723 tb = &tbs[nb_tbs++];
724 tb->pc = pc;
725 tb->cflags = 0;
726 return tb;
727}
728
729void tb_free(TranslationBlock *tb)
730{
731 /* In practice this is mostly used for single use temporary TB
732 Ignore the hard cases and just back up if this TB happens to
733 be the last one generated. */
734 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
735 code_gen_ptr = tb->tc_ptr;
736 nb_tbs--;
737 }
738}
739
9fa3e853
FB		 740static inline void invalidate_page_bitmap(PageDesc *p)
741{
742 if (p->code_bitmap) {
7267c094 743 g_free(p->code_bitmap);
9fa3e853
FB		 744 p->code_bitmap = NULL;
745 }
746 p->code_write_count = 0;
747}
748
5cd2c5b6
RH		 749/* Set to NULL all the 'first_tb' fields in all PageDescs. */
750
751static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 752{
5cd2c5b6 753 int i;
fd6ce8f6 754
5cd2c5b6
RH		 755 if (*lp == NULL) {
756 return;
757 }
758 if (level == 0) {
759 PageDesc *pd = *lp;
7296abac 760 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 761 pd[i].first_tb = NULL;
762 invalidate_page_bitmap(pd + i);
fd6ce8f6 763 }
5cd2c5b6
RH		 764 } else {
765 void **pp = *lp;
7296abac 766 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 767 page_flush_tb_1 (level - 1, pp + i);
768 }
769 }
770}
771
772static void page_flush_tb(void)
773{
774 int i;
775 for (i = 0; i < V_L1_SIZE; i++) {
776 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 777 }
778}
779
780/* flush all the translation blocks */
d4e8164f 781/* XXX: tb_flush is currently not thread safe */
9349b4f9 782void tb_flush(CPUArchState *env1)
fd6ce8f6 783{
9349b4f9 784 CPUArchState *env;
0124311e 785#if defined(DEBUG_FLUSH)
ab3d1727
BS		 786 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
787 (unsigned long)(code_gen_ptr - code_gen_buffer),
788 nb_tbs, nb_tbs > 0 ?
789 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 790#endif
26a5f13b 791 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 792 cpu_abort(env1, "Internal error: code buffer overflow\n");
793
fd6ce8f6 794 nb_tbs = 0;
3b46e624 795
6a00d601
FB		 796 for(env = first_cpu; env != NULL; env = env->next_cpu) {
797 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
798 }
9fa3e853 799
8a8a608f 800 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 801 page_flush_tb();
9fa3e853 802
fd6ce8f6 803 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 804 /* XXX: flush processor icache at this point if cache flush is
805 expensive */
e3db7226 806 tb_flush_count++;
fd6ce8f6
FB		 807}
808
809#ifdef DEBUG_TB_CHECK
810
bc98a7ef 811static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 812{
813 TranslationBlock *tb;
814 int i;
815 address &= TARGET_PAGE_MASK;
99773bd4
PB		 816 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
817 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 818 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
819 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 820 printf("ERROR invalidate: address=" TARGET_FMT_lx
821 " PC=%08lx size=%04x\n",
99773bd4 822 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 823 }
824 }
825 }
826}
827
828/* verify that all the pages have correct rights for code */
829static void tb_page_check(void)
830{
831 TranslationBlock *tb;
832 int i, flags1, flags2;
3b46e624 833
99773bd4
PB		 834 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
835 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 836 flags1 = page_get_flags(tb->pc);
837 flags2 = page_get_flags(tb->pc + tb->size - 1);
838 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
839 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 840 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 841 }
842 }
843 }
844}
845
846#endif
847
848/* invalidate one TB */
849static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
850 int next_offset)
851{
852 TranslationBlock *tb1;
853 for(;;) {
854 tb1 = *ptb;
855 if (tb1 == tb) {
856 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
857 break;
858 }
859 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
860 }
861}
862
9fa3e853
FB		 863static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
864{
865 TranslationBlock *tb1;
866 unsigned int n1;
867
868 for(;;) {
869 tb1 = *ptb;
8efe0ca8
SW		 870 n1 = (uintptr_t)tb1 & 3;
871 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 872 if (tb1 == tb) {
873 *ptb = tb1->page_next[n1];
874 break;
875 }
876 ptb = &tb1->page_next[n1];
877 }
878}
879
d4e8164f
FB		 880static inline void tb_jmp_remove(TranslationBlock *tb, int n)
881{
882 TranslationBlock *tb1, **ptb;
883 unsigned int n1;
884
885 ptb = &tb->jmp_next[n];
886 tb1 = *ptb;
887 if (tb1) {
888 /* find tb(n) in circular list */
889 for(;;) {
890 tb1 = *ptb;
8efe0ca8
SW		 891 n1 = (uintptr_t)tb1 & 3;
892 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 893 if (n1 == n && tb1 == tb)
894 break;
895 if (n1 == 2) {
896 ptb = &tb1->jmp_first;
897 } else {
898 ptb = &tb1->jmp_next[n1];
899 }
900 }
901 /* now we can suppress tb(n) from the list */
902 *ptb = tb->jmp_next[n];
903
904 tb->jmp_next[n] = NULL;
905 }
906}
907
908/* reset the jump entry 'n' of a TB so that it is not chained to
909 another TB */
910static inline void tb_reset_jump(TranslationBlock *tb, int n)
911{
8efe0ca8 912 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 913}
914
41c1b1c9 915void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 916{
9349b4f9 917 CPUArchState *env;
8a40a180 918 PageDesc *p;
d4e8164f 919 unsigned int h, n1;
41c1b1c9 920 tb_page_addr_t phys_pc;
8a40a180 921 TranslationBlock *tb1, *tb2;
3b46e624 922
8a40a180
FB		 923 /* remove the TB from the hash list */
924 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
925 h = tb_phys_hash_func(phys_pc);
5fafdf24 926 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 927 offsetof(TranslationBlock, phys_hash_next));
928
929 /* remove the TB from the page list */
930 if (tb->page_addr[0] != page_addr) {
931 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
932 tb_page_remove(&p->first_tb, tb);
933 invalidate_page_bitmap(p);
934 }
935 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
936 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
937 tb_page_remove(&p->first_tb, tb);
938 invalidate_page_bitmap(p);
939 }
940
36bdbe54 941 tb_invalidated_flag = 1;
59817ccb 942
fd6ce8f6 943 /* remove the TB from the hash list */
8a40a180 944 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 945 for(env = first_cpu; env != NULL; env = env->next_cpu) {
946 if (env->tb_jmp_cache[h] == tb)
947 env->tb_jmp_cache[h] = NULL;
948 }
d4e8164f
FB		 949
950 /* suppress this TB from the two jump lists */
951 tb_jmp_remove(tb, 0);
952 tb_jmp_remove(tb, 1);
953
954 /* suppress any remaining jumps to this TB */
955 tb1 = tb->jmp_first;
956 for(;;) {
8efe0ca8 957 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 958 if (n1 == 2)
959 break;
8efe0ca8 960 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 961 tb2 = tb1->jmp_next[n1];
962 tb_reset_jump(tb1, n1);
963 tb1->jmp_next[n1] = NULL;
964 tb1 = tb2;
965 }
8efe0ca8 966 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 967
e3db7226 968 tb_phys_invalidate_count++;
9fa3e853
FB		 969}
970
971static inline void set_bits(uint8_t *tab, int start, int len)
972{
973 int end, mask, end1;
974
975 end = start + len;
976 tab += start >> 3;
977 mask = 0xff << (start & 7);
978 if ((start & ~7) == (end & ~7)) {
979 if (start < end) {
980 mask &= ~(0xff << (end & 7));
981 *tab |= mask;
982 }
983 } else {
984 *tab++ |= mask;
985 start = (start + 8) & ~7;
986 end1 = end & ~7;
987 while (start < end1) {
988 *tab++ = 0xff;
989 start += 8;
990 }
991 if (start < end) {
992 mask = ~(0xff << (end & 7));
993 *tab |= mask;
994 }
995 }
996}
997
998static void build_page_bitmap(PageDesc *p)
999{
1000 int n, tb_start, tb_end;
1001 TranslationBlock *tb;
3b46e624 1002
7267c094 1003 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1004
1005 tb = p->first_tb;
1006 while (tb != NULL) {
8efe0ca8
SW		 1007 n = (uintptr_t)tb & 3;
1008 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1009 /* NOTE: this is subtle as a TB may span two physical pages */
1010 if (n == 0) {
1011 /* NOTE: tb_end may be after the end of the page, but
1012 it is not a problem */
1013 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1014 tb_end = tb_start + tb->size;
1015 if (tb_end > TARGET_PAGE_SIZE)
1016 tb_end = TARGET_PAGE_SIZE;
1017 } else {
1018 tb_start = 0;
1019 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1020 }
1021 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1022 tb = tb->page_next[n];
1023 }
1024}
1025
9349b4f9 1026TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1027 target_ulong pc, target_ulong cs_base,
1028 int flags, int cflags)
d720b93d
FB		 1029{
1030 TranslationBlock *tb;
1031 uint8_t *tc_ptr;
41c1b1c9
PB		 1032 tb_page_addr_t phys_pc, phys_page2;
1033 target_ulong virt_page2;
d720b93d
FB		 1034 int code_gen_size;
1035
41c1b1c9 1036 phys_pc = get_page_addr_code(env, pc);
c27004ec 1037 tb = tb_alloc(pc);
d720b93d
FB		 1038 if (!tb) {
1039 /* flush must be done */
1040 tb_flush(env);
1041 /* cannot fail at this point */
c27004ec 1042 tb = tb_alloc(pc);
2e70f6ef
PB		 1043 /* Don't forget to invalidate previous TB info. */
1044 tb_invalidated_flag = 1;
d720b93d
FB		 1045 }
1046 tc_ptr = code_gen_ptr;
1047 tb->tc_ptr = tc_ptr;
1048 tb->cs_base = cs_base;
1049 tb->flags = flags;
1050 tb->cflags = cflags;
d07bde88 1051 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1052 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1053 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1054
d720b93d 1055 /* check next page if needed */
c27004ec 1056 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1057 phys_page2 = -1;
c27004ec 1058 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1059 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1060 }
41c1b1c9 1061 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1062 return tb;
d720b93d 1063}
3b46e624 1064
77a8f1a5 1065/*
8e0fdce3
JK		 1066 * Invalidate all TBs which intersect with the target physical address range
1067 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1068 * 'is_cpu_write_access' should be true if called from a real cpu write
1069 * access: the virtual CPU will exit the current TB if code is modified inside
1070 * this TB.
77a8f1a5
AG		 1071 */
1072void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1073 int is_cpu_write_access)
1074{
1075 while (start < end) {
1076 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1077 start &= TARGET_PAGE_MASK;
1078 start += TARGET_PAGE_SIZE;
1079 }
1080}
1081
8e0fdce3
JK		 1082/*
1083 * Invalidate all TBs which intersect with the target physical address range
1084 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1085 * 'is_cpu_write_access' should be true if called from a real cpu write
1086 * access: the virtual CPU will exit the current TB if code is modified inside
1087 * this TB.
1088 */
41c1b1c9 1089void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1090 int is_cpu_write_access)
1091{
6b917547 1092 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1093 CPUArchState *env = cpu_single_env;
41c1b1c9 1094 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1095 PageDesc *p;
1096 int n;
1097#ifdef TARGET_HAS_PRECISE_SMC
1098 int current_tb_not_found = is_cpu_write_access;
1099 TranslationBlock *current_tb = NULL;
1100 int current_tb_modified = 0;
1101 target_ulong current_pc = 0;
1102 target_ulong current_cs_base = 0;
1103 int current_flags = 0;
1104#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1105
1106 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1107 if (!p)
9fa3e853 1108 return;
5fafdf24 1109 if (!p->code_bitmap &&
d720b93d
FB		 1110 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1111 is_cpu_write_access) {
9fa3e853
FB		 1112 /* build code bitmap */
1113 build_page_bitmap(p);
1114 }
1115
1116 /* we remove all the TBs in the range [start, end[ */
1117 /* XXX: see if in some cases it could be faster to invalidate all the code */
1118 tb = p->first_tb;
1119 while (tb != NULL) {
8efe0ca8
SW		 1120 n = (uintptr_t)tb & 3;
1121 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1122 tb_next = tb->page_next[n];
1123 /* NOTE: this is subtle as a TB may span two physical pages */
1124 if (n == 0) {
1125 /* NOTE: tb_end may be after the end of the page, but
1126 it is not a problem */
1127 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1128 tb_end = tb_start + tb->size;
1129 } else {
1130 tb_start = tb->page_addr[1];
1131 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1132 }
1133 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1134#ifdef TARGET_HAS_PRECISE_SMC
1135 if (current_tb_not_found) {
1136 current_tb_not_found = 0;
1137 current_tb = NULL;
2e70f6ef 1138 if (env->mem_io_pc) {
d720b93d 1139 /* now we have a real cpu fault */
2e70f6ef 1140 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1141 }
1142 }
1143 if (current_tb == tb &&
2e70f6ef 1144 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1145 /* If we are modifying the current TB, we must stop
1146 its execution. We could be more precise by checking
1147 that the modification is after the current PC, but it
1148 would require a specialized function to partially
1149 restore the CPU state */
3b46e624 1150
d720b93d 1151 current_tb_modified = 1;
618ba8e6 1152 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1153 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1154 &current_flags);
d720b93d
FB		 1155 }
1156#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1157 /* we need to do that to handle the case where a signal
1158 occurs while doing tb_phys_invalidate() */
1159 saved_tb = NULL;
1160 if (env) {
1161 saved_tb = env->current_tb;
1162 env->current_tb = NULL;
1163 }
9fa3e853 1164 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1165 if (env) {
1166 env->current_tb = saved_tb;
1167 if (env->interrupt_request && env->current_tb)
1168 cpu_interrupt(env, env->interrupt_request);
1169 }
9fa3e853
FB		 1170 }
1171 tb = tb_next;
1172 }
1173#if !defined(CONFIG_USER_ONLY)
1174 /* if no code remaining, no need to continue to use slow writes */
1175 if (!p->first_tb) {
1176 invalidate_page_bitmap(p);
d720b93d 1177 if (is_cpu_write_access) {
2e70f6ef 1178 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1179 }
1180 }
1181#endif
1182#ifdef TARGET_HAS_PRECISE_SMC
1183 if (current_tb_modified) {
1184 /* we generate a block containing just the instruction
1185 modifying the memory. It will ensure that it cannot modify
1186 itself */
ea1c1802 1187 env->current_tb = NULL;
2e70f6ef 1188 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1189 cpu_resume_from_signal(env, NULL);
9fa3e853 1190 }
fd6ce8f6 1191#endif
9fa3e853 1192}
fd6ce8f6 1193
9fa3e853 1194/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1195static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1196{
1197 PageDesc *p;
1198 int offset, b;
59817ccb 1199#if 0
a4193c8a 1200 if (1) {
93fcfe39
AL		 1201 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1202 cpu_single_env->mem_io_vaddr, len,
1203 cpu_single_env->eip,
8efe0ca8
SW		 1204 cpu_single_env->eip +
1205 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1206 }
1207#endif
9fa3e853 1208 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1209 if (!p)
9fa3e853
FB		 1210 return;
1211 if (p->code_bitmap) {
1212 offset = start & ~TARGET_PAGE_MASK;
1213 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1214 if (b & ((1 << len) - 1))
1215 goto do_invalidate;
1216 } else {
1217 do_invalidate:
d720b93d 1218 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1219 }
1220}
1221
9fa3e853 1222#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1223static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1224 uintptr_t pc, void *puc)
9fa3e853 1225{
6b917547 1226 TranslationBlock *tb;
9fa3e853 1227 PageDesc *p;
6b917547 1228 int n;
d720b93d 1229#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1230 TranslationBlock *current_tb = NULL;
9349b4f9 1231 CPUArchState *env = cpu_single_env;
6b917547
AL		 1232 int current_tb_modified = 0;
1233 target_ulong current_pc = 0;
1234 target_ulong current_cs_base = 0;
1235 int current_flags = 0;
d720b93d 1236#endif
9fa3e853
FB		 1237
1238 addr &= TARGET_PAGE_MASK;
1239 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1240 if (!p)
9fa3e853
FB		 1241 return;
1242 tb = p->first_tb;
d720b93d
FB		 1243#ifdef TARGET_HAS_PRECISE_SMC
1244 if (tb && pc != 0) {
1245 current_tb = tb_find_pc(pc);
1246 }
1247#endif
9fa3e853 1248 while (tb != NULL) {
8efe0ca8
SW		 1249 n = (uintptr_t)tb & 3;
1250 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1251#ifdef TARGET_HAS_PRECISE_SMC
1252 if (current_tb == tb &&
2e70f6ef 1253 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1254 /* If we are modifying the current TB, we must stop
1255 its execution. We could be more precise by checking
1256 that the modification is after the current PC, but it
1257 would require a specialized function to partially
1258 restore the CPU state */
3b46e624 1259
d720b93d 1260 current_tb_modified = 1;
618ba8e6 1261 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1262 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1263 &current_flags);
d720b93d
FB		 1264 }
1265#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1266 tb_phys_invalidate(tb, addr);
1267 tb = tb->page_next[n];
1268 }
fd6ce8f6 1269 p->first_tb = NULL;
d720b93d
FB		 1270#ifdef TARGET_HAS_PRECISE_SMC
1271 if (current_tb_modified) {
1272 /* we generate a block containing just the instruction
1273 modifying the memory. It will ensure that it cannot modify
1274 itself */
ea1c1802 1275 env->current_tb = NULL;
2e70f6ef 1276 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1277 cpu_resume_from_signal(env, puc);
1278 }
1279#endif
fd6ce8f6 1280}
9fa3e853 1281#endif
fd6ce8f6
FB		 1282
1283/* add the tb in the target page and protect it if necessary */
5fafdf24 1284static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1285 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1286{
1287 PageDesc *p;
4429ab44
JQ		 1288#ifndef CONFIG_USER_ONLY
1289 bool page_already_protected;
1290#endif
9fa3e853
FB		 1291
1292 tb->page_addr[n] = page_addr;
5cd2c5b6 1293 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1294 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1295#ifndef CONFIG_USER_ONLY
1296 page_already_protected = p->first_tb != NULL;
1297#endif
8efe0ca8 1298 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1299 invalidate_page_bitmap(p);
fd6ce8f6 1300
107db443 1301#if defined(TARGET_HAS_SMC) || 1
d720b93d 1302
9fa3e853 1303#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1304 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1305 target_ulong addr;
1306 PageDesc *p2;
9fa3e853
FB		 1307 int prot;
1308
fd6ce8f6
FB		 1309 /* force the host page as non writable (writes will have a
1310 page fault + mprotect overhead) */
53a5960a 1311 page_addr &= qemu_host_page_mask;
fd6ce8f6 1312 prot = 0;
53a5960a
PB		 1313 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1314 addr += TARGET_PAGE_SIZE) {
1315
1316 p2 = page_find (addr >> TARGET_PAGE_BITS);
1317 if (!p2)
1318 continue;
1319 prot |= p2->flags;
1320 p2->flags &= ~PAGE_WRITE;
53a5960a 1321 }
5fafdf24 1322 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1323 (prot & PAGE_BITS) & ~PAGE_WRITE);
1324#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1325 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1326 page_addr);
fd6ce8f6 1327#endif
fd6ce8f6 1328 }
9fa3e853
FB		 1329#else
1330 /* if some code is already present, then the pages are already
1331 protected. So we handle the case where only the first TB is
1332 allocated in a physical page */
4429ab44 1333 if (!page_already_protected) {
6a00d601 1334 tlb_protect_code(page_addr);
9fa3e853
FB		 1335 }
1336#endif
d720b93d
FB		 1337
1338#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1339}
1340
9fa3e853
FB		 1341/* add a new TB and link it to the physical page tables. phys_page2 is
1342 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1343void tb_link_page(TranslationBlock *tb,
1344 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1345{
9fa3e853
FB		 1346 unsigned int h;
1347 TranslationBlock **ptb;
1348
c8a706fe
PB		 1349 /* Grab the mmap lock to stop another thread invalidating this TB
1350 before we are done. */
1351 mmap_lock();
9fa3e853
FB		 1352 /* add in the physical hash table */
1353 h = tb_phys_hash_func(phys_pc);
1354 ptb = &tb_phys_hash[h];
1355 tb->phys_hash_next = *ptb;
1356 *ptb = tb;
fd6ce8f6
FB		 1357
1358 /* add in the page list */
9fa3e853
FB		 1359 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1360 if (phys_page2 != -1)
1361 tb_alloc_page(tb, 1, phys_page2);
1362 else
1363 tb->page_addr[1] = -1;
9fa3e853 1364
8efe0ca8 1365 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1366 tb->jmp_next[0] = NULL;
1367 tb->jmp_next[1] = NULL;
1368
1369 /* init original jump addresses */
1370 if (tb->tb_next_offset[0] != 0xffff)
1371 tb_reset_jump(tb, 0);
1372 if (tb->tb_next_offset[1] != 0xffff)
1373 tb_reset_jump(tb, 1);
8a40a180
FB		 1374
1375#ifdef DEBUG_TB_CHECK
1376 tb_page_check();
1377#endif
c8a706fe 1378 mmap_unlock();
fd6ce8f6
FB		 1379}
1380
9fa3e853
FB		 1381/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1382 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1383TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1384{
9fa3e853 1385 int m_min, m_max, m;
8efe0ca8 1386 uintptr_t v;
9fa3e853 1387 TranslationBlock *tb;
a513fe19
FB		 1388
1389 if (nb_tbs <= 0)
1390 return NULL;
8efe0ca8
SW		 1391 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1392 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1393 return NULL;
8efe0ca8 1394 }
a513fe19
FB		 1395 /* binary search (cf Knuth) */
1396 m_min = 0;
1397 m_max = nb_tbs - 1;
1398 while (m_min <= m_max) {
1399 m = (m_min + m_max) >> 1;
1400 tb = &tbs[m];
8efe0ca8 1401 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1402 if (v == tc_ptr)
1403 return tb;
1404 else if (tc_ptr < v) {
1405 m_max = m - 1;
1406 } else {
1407 m_min = m + 1;
1408 }
5fafdf24 1409 }
a513fe19
FB		 1410 return &tbs[m_max];
1411}
7501267e 1412
ea041c0e
FB		 1413static void tb_reset_jump_recursive(TranslationBlock *tb);
1414
1415static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1416{
1417 TranslationBlock *tb1, *tb_next, **ptb;
1418 unsigned int n1;
1419
1420 tb1 = tb->jmp_next[n];
1421 if (tb1 != NULL) {
1422 /* find head of list */
1423 for(;;) {
8efe0ca8
SW		 1424 n1 = (uintptr_t)tb1 & 3;
1425 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1426 if (n1 == 2)
1427 break;
1428 tb1 = tb1->jmp_next[n1];
1429 }
1430 /* we are now sure now that tb jumps to tb1 */
1431 tb_next = tb1;
1432
1433 /* remove tb from the jmp_first list */
1434 ptb = &tb_next->jmp_first;
1435 for(;;) {
1436 tb1 = *ptb;
8efe0ca8
SW		 1437 n1 = (uintptr_t)tb1 & 3;
1438 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1439 if (n1 == n && tb1 == tb)
1440 break;
1441 ptb = &tb1->jmp_next[n1];
1442 }
1443 *ptb = tb->jmp_next[n];
1444 tb->jmp_next[n] = NULL;
3b46e624 1445
ea041c0e
FB		 1446 /* suppress the jump to next tb in generated code */
1447 tb_reset_jump(tb, n);
1448
0124311e 1449 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1450 tb_reset_jump_recursive(tb_next);
1451 }
1452}
1453
1454static void tb_reset_jump_recursive(TranslationBlock *tb)
1455{
1456 tb_reset_jump_recursive2(tb, 0);
1457 tb_reset_jump_recursive2(tb, 1);
1458}
1459
1fddef4b 1460#if defined(TARGET_HAS_ICE)
94df27fd 1461#if defined(CONFIG_USER_ONLY)
9349b4f9 1462static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1463{
1464 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1465}
1466#else
1e7855a5 1467void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1468{
c227f099 1469 ram_addr_t ram_addr;
f3705d53 1470 MemoryRegionSection *section;
d720b93d 1471
06ef3525 1472 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1473 if (!(memory_region_is_ram(section->mr)
1474 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1475 return;
1476 }
f3705d53 1477 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1478 + memory_region_section_addr(section, addr);
706cd4b5 1479 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1480}
1e7855a5
MF		 1481
1482static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1483{
9d70c4b7
MF		 1484 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1485 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1486}
c27004ec 1487#endif
94df27fd 1488#endif /* TARGET_HAS_ICE */
d720b93d 1489
c527ee8f 1490#if defined(CONFIG_USER_ONLY)
9349b4f9 1491void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1492
1493{
1494}
1495
9349b4f9 1496int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1497 int flags, CPUWatchpoint **watchpoint)
1498{
1499 return -ENOSYS;
1500}
1501#else
6658ffb8 1502/* Add a watchpoint. */
9349b4f9 1503int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1504 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1505{
b4051334 1506 target_ulong len_mask = ~(len - 1);
c0ce998e 1507 CPUWatchpoint *wp;
6658ffb8 1508
b4051334 1509 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1510 if ((len & (len - 1)) || (addr & ~len_mask) ||
1511 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1512 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1513 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1514 return -EINVAL;
1515 }
7267c094 1516 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1517
1518 wp->vaddr = addr;
b4051334 1519 wp->len_mask = len_mask;
a1d1bb31
AL		 1520 wp->flags = flags;
1521
2dc9f411 1522 /* keep all GDB-injected watchpoints in front */
c0ce998e 1523 if (flags & BP_GDB)
72cf2d4f 1524 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1525 else
72cf2d4f 1526 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1527
6658ffb8 1528 tlb_flush_page(env, addr);
a1d1bb31
AL		 1529
1530 if (watchpoint)
1531 *watchpoint = wp;
1532 return 0;
6658ffb8
PB		 1533}
1534
a1d1bb31 1535/* Remove a specific watchpoint. */
9349b4f9 1536int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1537 int flags)
6658ffb8 1538{
b4051334 1539 target_ulong len_mask = ~(len - 1);
a1d1bb31 1540 CPUWatchpoint *wp;
6658ffb8 1541
72cf2d4f 1542 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1543 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1544 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1545 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1546 return 0;
1547 }
1548 }
a1d1bb31 1549 return -ENOENT;
6658ffb8
PB		 1550}
1551
a1d1bb31 1552/* Remove a specific watchpoint by reference. */
9349b4f9 1553void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1554{
72cf2d4f 1555 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1556
a1d1bb31
AL		 1557 tlb_flush_page(env, watchpoint->vaddr);
1558
7267c094 1559 g_free(watchpoint);
a1d1bb31
AL		 1560}
1561
1562/* Remove all matching watchpoints. */
9349b4f9 1563void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1564{
c0ce998e 1565 CPUWatchpoint *wp, *next;
a1d1bb31 1566
72cf2d4f 1567 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1568 if (wp->flags & mask)
1569 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1570 }
7d03f82f 1571}
c527ee8f 1572#endif
7d03f82f 1573
a1d1bb31 1574/* Add a breakpoint. */
9349b4f9 1575int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1576 CPUBreakpoint **breakpoint)
4c3a88a2 1577{
1fddef4b 1578#if defined(TARGET_HAS_ICE)
c0ce998e 1579 CPUBreakpoint *bp;
3b46e624 1580
7267c094 1581 bp = g_malloc(sizeof(*bp));
4c3a88a2 1582
a1d1bb31
AL		 1583 bp->pc = pc;
1584 bp->flags = flags;
1585
2dc9f411 1586 /* keep all GDB-injected breakpoints in front */
c0ce998e 1587 if (flags & BP_GDB)
72cf2d4f 1588 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1589 else
72cf2d4f 1590 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1591
d720b93d 1592 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1593
1594 if (breakpoint)
1595 *breakpoint = bp;
4c3a88a2
FB		 1596 return 0;
1597#else
a1d1bb31 1598 return -ENOSYS;
4c3a88a2
FB		 1599#endif
1600}
1601
a1d1bb31 1602/* Remove a specific breakpoint. */
9349b4f9 1603int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1604{
7d03f82f 1605#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1606 CPUBreakpoint *bp;
1607
72cf2d4f 1608 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1609 if (bp->pc == pc && bp->flags == flags) {
1610 cpu_breakpoint_remove_by_ref(env, bp);
1611 return 0;
1612 }
7d03f82f 1613 }
a1d1bb31
AL		 1614 return -ENOENT;
1615#else
1616 return -ENOSYS;
7d03f82f
EI		 1617#endif
1618}
1619
a1d1bb31 1620/* Remove a specific breakpoint by reference. */
9349b4f9 1621void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1622{
1fddef4b 1623#if defined(TARGET_HAS_ICE)
72cf2d4f 1624 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1625
a1d1bb31
AL		 1626 breakpoint_invalidate(env, breakpoint->pc);
1627
7267c094 1628 g_free(breakpoint);
a1d1bb31
AL		 1629#endif
1630}
1631
1632/* Remove all matching breakpoints. */
9349b4f9 1633void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1634{
1635#if defined(TARGET_HAS_ICE)
c0ce998e 1636 CPUBreakpoint *bp, *next;
a1d1bb31 1637
72cf2d4f 1638 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1639 if (bp->flags & mask)
1640 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1641 }
4c3a88a2
FB		 1642#endif
1643}
1644
c33a346e
FB		 1645/* enable or disable single step mode. EXCP_DEBUG is returned by the
1646 CPU loop after each instruction */
9349b4f9 1647void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1648{
1fddef4b 1649#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1650 if (env->singlestep_enabled != enabled) {
1651 env->singlestep_enabled = enabled;
e22a25c9
AL		 1652 if (kvm_enabled())
1653 kvm_update_guest_debug(env, 0);
1654 else {
ccbb4d44 1655 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1656 /* XXX: only flush what is necessary */
1657 tb_flush(env);
1658 }
c33a346e
FB		 1659 }
1660#endif
1661}
1662
9349b4f9 1663static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1664{
3098dba0
AJ		 1665 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1666 problem and hope the cpu will stop of its own accord. For userspace
1667 emulation this often isn't actually as bad as it sounds. Often
1668 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1669 TranslationBlock *tb;
c227f099 1670 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1671
cab1b4bd 1672 spin_lock(&interrupt_lock);
3098dba0
AJ		 1673 tb = env->current_tb;
1674 /* if the cpu is currently executing code, we must unlink it and
1675 all the potentially executing TB */
f76cfe56 1676 if (tb) {
3098dba0
AJ		 1677 env->current_tb = NULL;
1678 tb_reset_jump_recursive(tb);
be214e6c 1679 }
cab1b4bd 1680 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1681}
1682
97ffbd8d 1683#ifndef CONFIG_USER_ONLY
3098dba0 1684/* mask must never be zero, except for A20 change call */
9349b4f9 1685static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1686{
1687 int old_mask;
be214e6c 1688
2e70f6ef 1689 old_mask = env->interrupt_request;
68a79315 1690 env->interrupt_request |= mask;
3098dba0 1691
8edac960
AL		 1692 /*
1693 * If called from iothread context, wake the target cpu in
1694 * case its halted.
1695 */
b7680cb6 1696 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1697 qemu_cpu_kick(env);
1698 return;
1699 }
8edac960 1700
2e70f6ef 1701 if (use_icount) {
266910c4 1702 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1703 if (!can_do_io(env)
be214e6c 1704 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1705 cpu_abort(env, "Raised interrupt while not in I/O function");
1706 }
2e70f6ef 1707 } else {
3098dba0 1708 cpu_unlink_tb(env);
ea041c0e
FB		 1709 }
1710}
1711
ec6959d0
JK		 1712CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1713
97ffbd8d
JK		 1714#else /* CONFIG_USER_ONLY */
1715
9349b4f9 1716void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1717{
1718 env->interrupt_request |= mask;
1719 cpu_unlink_tb(env);
1720}
1721#endif /* CONFIG_USER_ONLY */
1722
9349b4f9 1723void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1724{
1725 env->interrupt_request &= ~mask;
1726}
1727
9349b4f9 1728void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1729{
1730 env->exit_request = 1;
1731 cpu_unlink_tb(env);
1732}
1733
9349b4f9 1734void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1735{
1736 va_list ap;
493ae1f0 1737 va_list ap2;
7501267e
FB		 1738
1739 va_start(ap, fmt);
493ae1f0 1740 va_copy(ap2, ap);
7501267e
FB		 1741 fprintf(stderr, "qemu: fatal: ");
1742 vfprintf(stderr, fmt, ap);
1743 fprintf(stderr, "\n");
6fd2a026 1744 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1745 if (qemu_log_enabled()) {
1746 qemu_log("qemu: fatal: ");
1747 qemu_log_vprintf(fmt, ap2);
1748 qemu_log("\n");
6fd2a026 1749 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1750 qemu_log_flush();
93fcfe39 1751 qemu_log_close();
924edcae 1752 }
493ae1f0 1753 va_end(ap2);
f9373291 1754 va_end(ap);
fd052bf6
RV		 1755#if defined(CONFIG_USER_ONLY)
1756 {
1757 struct sigaction act;
1758 sigfillset(&act.sa_mask);
1759 act.sa_handler = SIG_DFL;
1760 sigaction(SIGABRT, &act, NULL);
1761 }
1762#endif
7501267e
FB		 1763 abort();
1764}
1765
9349b4f9 1766CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1767{
9349b4f9
AF		 1768 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1769 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1770 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1771#if defined(TARGET_HAS_ICE)
1772 CPUBreakpoint *bp;
1773 CPUWatchpoint *wp;
1774#endif
1775
9349b4f9 1776 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1777
1778 /* Preserve chaining and index. */
c5be9f08
TS		 1779 new_env->next_cpu = next_cpu;
1780 new_env->cpu_index = cpu_index;
5a38f081
AL		 1781
1782 /* Clone all break/watchpoints.
1783 Note: Once we support ptrace with hw-debug register access, make sure
1784 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1785 QTAILQ_INIT(&env->breakpoints);
1786 QTAILQ_INIT(&env->watchpoints);
5a38f081 1787#if defined(TARGET_HAS_ICE)
72cf2d4f 1788 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1789 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1790 }
72cf2d4f 1791 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1792 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1793 wp->flags, NULL);
1794 }
1795#endif
1796
c5be9f08
TS		 1797 return new_env;
1798}
1799
0124311e 1800#if !defined(CONFIG_USER_ONLY)
0cac1b66 1801void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1802{
1803 unsigned int i;
1804
1805 /* Discard jump cache entries for any tb which might potentially
1806 overlap the flushed page. */
1807 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1808 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1809 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1810
1811 i = tb_jmp_cache_hash_page(addr);
1812 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1813 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1814}
1815
d24981d3
JQ		 1816static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1817 uintptr_t length)
1818{
1819 uintptr_t start1;
1820
1821 /* we modify the TLB cache so that the dirty bit will be set again
1822 when accessing the range */
1823 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1824 /* Check that we don't span multiple blocks - this breaks the
1825 address comparisons below. */
1826 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1827 != (end - 1) - start) {
1828 abort();
1829 }
1830 cpu_tlb_reset_dirty_all(start1, length);
1831
1832}
1833
5579c7f3 1834/* Note: start and end must be within the same ram block. */
c227f099 1835void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1836 int dirty_flags)
1ccde1cb 1837{
d24981d3 1838 uintptr_t length;
1ccde1cb
FB		 1839
1840 start &= TARGET_PAGE_MASK;
1841 end = TARGET_PAGE_ALIGN(end);
1842
1843 length = end - start;
1844 if (length == 0)
1845 return;
f7c11b53 1846 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1847
d24981d3
JQ		 1848 if (tcg_enabled()) {
1849 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1850 }
1ccde1cb
FB		 1851}
1852
74576198
AL		 1853int cpu_physical_memory_set_dirty_tracking(int enable)
1854{
f6f3fbca 1855 int ret = 0;
74576198 1856 in_migration = enable;
f6f3fbca 1857 return ret;
74576198
AL		 1858}
1859
e5548617
BS		 1860target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1861 MemoryRegionSection *section,
1862 target_ulong vaddr,
1863 target_phys_addr_t paddr,
1864 int prot,
1865 target_ulong *address)
1866{
1867 target_phys_addr_t iotlb;
1868 CPUWatchpoint *wp;
1869
cc5bea60 1870 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1871 /* Normal RAM. */
1872 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1873 + memory_region_section_addr(section, paddr);
e5548617
BS		 1874 if (!section->readonly) {
1875 iotlb |= phys_section_notdirty;
1876 } else {
1877 iotlb |= phys_section_rom;
1878 }
1879 } else {
1880 /* IO handlers are currently passed a physical address.
1881 It would be nice to pass an offset from the base address
1882 of that region. This would avoid having to special case RAM,
1883 and avoid full address decoding in every device.
1884 We can't use the high bits of pd for this because
1885 IO_MEM_ROMD uses these as a ram address. */
1886 iotlb = section - phys_sections;
cc5bea60 1887 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1888 }
1889
1890 /* Make accesses to pages with watchpoints go via the
1891 watchpoint trap routines. */
1892 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1893 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1894 /* Avoid trapping reads of pages with a write breakpoint. */
1895 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1896 iotlb = phys_section_watch + paddr;
1897 *address |= TLB_MMIO;
1898 break;
1899 }
1900 }
1901 }
1902
1903 return iotlb;
1904}
1905
0124311e 1906#else
edf8e2af
MW		 1907/*
1908 * Walks guest process memory "regions" one by one
1909 * and calls callback function 'fn' for each region.
1910 */
5cd2c5b6
RH		 1911
1912struct walk_memory_regions_data
1913{
1914 walk_memory_regions_fn fn;
1915 void *priv;
8efe0ca8 1916 uintptr_t start;
5cd2c5b6
RH		 1917 int prot;
1918};
1919
1920static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1921 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1922{
1923 if (data->start != -1ul) {
1924 int rc = data->fn(data->priv, data->start, end, data->prot);
1925 if (rc != 0) {
1926 return rc;
1927 }
1928 }
1929
1930 data->start = (new_prot ? end : -1ul);
1931 data->prot = new_prot;
1932
1933 return 0;
1934}
1935
1936static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1937 abi_ulong base, int level, void **lp)
5cd2c5b6 1938{
b480d9b7 1939 abi_ulong pa;
5cd2c5b6
RH		 1940 int i, rc;
1941
1942 if (*lp == NULL) {
1943 return walk_memory_regions_end(data, base, 0);
1944 }
1945
1946 if (level == 0) {
1947 PageDesc *pd = *lp;
7296abac 1948 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1949 int prot = pd[i].flags;
1950
1951 pa = base | (i << TARGET_PAGE_BITS);
1952 if (prot != data->prot) {
1953 rc = walk_memory_regions_end(data, pa, prot);
1954 if (rc != 0) {
1955 return rc;
9fa3e853 1956 }
9fa3e853 1957 }
5cd2c5b6
RH		 1958 }
1959 } else {
1960 void **pp = *lp;
7296abac 1961 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1962 pa = base | ((abi_ulong)i <<
1963 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1964 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1965 if (rc != 0) {
1966 return rc;
1967 }
1968 }
1969 }
1970
1971 return 0;
1972}
1973
1974int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1975{
1976 struct walk_memory_regions_data data;
8efe0ca8 1977 uintptr_t i;
5cd2c5b6
RH		 1978
1979 data.fn = fn;
1980 data.priv = priv;
1981 data.start = -1ul;
1982 data.prot = 0;
1983
1984 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1985 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1986 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1987 if (rc != 0) {
1988 return rc;
9fa3e853 1989 }
33417e70 1990 }
5cd2c5b6
RH		 1991
1992 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 1993}
1994
b480d9b7
PB		 1995static int dump_region(void *priv, abi_ulong start,
1996 abi_ulong end, unsigned long prot)
edf8e2af
MW		 1997{
1998 FILE *f = (FILE *)priv;
1999
b480d9b7
PB		 2000 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2001 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2002 start, end, end - start,
2003 ((prot & PAGE_READ) ? 'r' : '-'),
2004 ((prot & PAGE_WRITE) ? 'w' : '-'),
2005 ((prot & PAGE_EXEC) ? 'x' : '-'));
2006
2007 return (0);
2008}
2009
2010/* dump memory mappings */
2011void page_dump(FILE *f)
2012{
2013 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2014 "start", "end", "size", "prot");
2015 walk_memory_regions(f, dump_region);
33417e70
FB		 2016}
2017
53a5960a 2018int page_get_flags(target_ulong address)
33417e70 2019{
9fa3e853
FB		 2020 PageDesc *p;
2021
2022 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2023 if (!p)
9fa3e853
FB		 2024 return 0;
2025 return p->flags;
2026}
2027
376a7909
RH		 2028/* Modify the flags of a page and invalidate the code if necessary.
2029 The flag PAGE_WRITE_ORG is positioned automatically depending
2030 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2031void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2032{
376a7909
RH		 2033 target_ulong addr, len;
2034
2035 /* This function should never be called with addresses outside the
2036 guest address space. If this assert fires, it probably indicates
2037 a missing call to h2g_valid. */
b480d9b7
PB		 2038#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2039 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2040#endif
2041 assert(start < end);
9fa3e853
FB		 2042
2043 start = start & TARGET_PAGE_MASK;
2044 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2045
2046 if (flags & PAGE_WRITE) {
9fa3e853 2047 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2048 }
2049
2050 for (addr = start, len = end - start;
2051 len != 0;
2052 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2053 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2054
2055 /* If the write protection bit is set, then we invalidate
2056 the code inside. */
5fafdf24 2057 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2058 (flags & PAGE_WRITE) &&
2059 p->first_tb) {
d720b93d 2060 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2061 }
2062 p->flags = flags;
2063 }
33417e70
FB		 2064}
2065
3d97b40b
TS		 2066int page_check_range(target_ulong start, target_ulong len, int flags)
2067{
2068 PageDesc *p;
2069 target_ulong end;
2070 target_ulong addr;
2071
376a7909
RH		 2072 /* This function should never be called with addresses outside the
2073 guest address space. If this assert fires, it probably indicates
2074 a missing call to h2g_valid. */
338e9e6c
BS		 2075#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2076 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2077#endif
2078
3e0650a9
RH		 2079 if (len == 0) {
2080 return 0;
2081 }
376a7909
RH		 2082 if (start + len - 1 < start) {
2083 /* We've wrapped around. */
55f280c9 2084 return -1;
376a7909 2085 }
55f280c9 2086
3d97b40b
TS		 2087 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2088 start = start & TARGET_PAGE_MASK;
2089
376a7909
RH		 2090 for (addr = start, len = end - start;
2091 len != 0;
2092 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2093 p = page_find(addr >> TARGET_PAGE_BITS);
2094 if( !p )
2095 return -1;
2096 if( !(p->flags & PAGE_VALID) )
2097 return -1;
2098
dae3270c 2099 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2100 return -1;
dae3270c
FB		 2101 if (flags & PAGE_WRITE) {
2102 if (!(p->flags & PAGE_WRITE_ORG))
2103 return -1;
2104 /* unprotect the page if it was put read-only because it
2105 contains translated code */
2106 if (!(p->flags & PAGE_WRITE)) {
2107 if (!page_unprotect(addr, 0, NULL))
2108 return -1;
2109 }
2110 return 0;
2111 }
3d97b40b
TS		 2112 }
2113 return 0;
2114}
2115
9fa3e853 2116/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2117 page. Return TRUE if the fault was successfully handled. */
6375e09e 2118int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2119{
45d679d6
AJ		 2120 unsigned int prot;
2121 PageDesc *p;
53a5960a 2122 target_ulong host_start, host_end, addr;
9fa3e853 2123
c8a706fe
PB		 2124 /* Technically this isn't safe inside a signal handler. However we
2125 know this only ever happens in a synchronous SEGV handler, so in
2126 practice it seems to be ok. */
2127 mmap_lock();
2128
45d679d6
AJ		 2129 p = page_find(address >> TARGET_PAGE_BITS);
2130 if (!p) {
c8a706fe 2131 mmap_unlock();
9fa3e853 2132 return 0;
c8a706fe 2133 }
45d679d6 2134
9fa3e853
FB		 2135 /* if the page was really writable, then we change its
2136 protection back to writable */
45d679d6
AJ		 2137 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2138 host_start = address & qemu_host_page_mask;
2139 host_end = host_start + qemu_host_page_size;
2140
2141 prot = 0;
2142 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2143 p = page_find(addr >> TARGET_PAGE_BITS);
2144 p->flags |= PAGE_WRITE;
2145 prot |= p->flags;
2146
9fa3e853
FB		 2147 /* and since the content will be modified, we must invalidate
2148 the corresponding translated code. */
45d679d6 2149 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2150#ifdef DEBUG_TB_CHECK
45d679d6 2151 tb_invalidate_check(addr);
9fa3e853 2152#endif
9fa3e853 2153 }
45d679d6
AJ		 2154 mprotect((void *)g2h(host_start), qemu_host_page_size,
2155 prot & PAGE_BITS);
2156
2157 mmap_unlock();
2158 return 1;
9fa3e853 2159 }
c8a706fe 2160 mmap_unlock();
9fa3e853
FB		 2161 return 0;
2162}
9fa3e853
FB		 2163#endif /* defined(CONFIG_USER_ONLY) */
2164
e2eef170 2165#if !defined(CONFIG_USER_ONLY)
8da3ff18 2166
c04b2b78
PB		 2167#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2168typedef struct subpage_t {
70c68e44 2169 MemoryRegion iomem;
c04b2b78 2170 target_phys_addr_t base;
5312bd8b 2171 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2172} subpage_t;
2173
c227f099 2174static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2175 uint16_t section);
0f0cb164 2176static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2177static void destroy_page_desc(uint16_t section_index)
54688b1e 2178{
5312bd8b
AK		 2179 MemoryRegionSection *section = &phys_sections[section_index];
2180 MemoryRegion *mr = section->mr;
54688b1e
AK		 2181
2182 if (mr->subpage) {
2183 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2184 memory_region_destroy(&subpage->iomem);
2185 g_free(subpage);
2186 }
2187}
2188
4346ae3e 2189static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2190{
2191 unsigned i;
d6f2ea22 2192 PhysPageEntry *p;
54688b1e 2193
c19e8800 2194 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2195 return;
2196 }
2197
c19e8800 2198 p = phys_map_nodes[lp->ptr];
4346ae3e 2199 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2200 if (!p[i].is_leaf) {
54688b1e 2201 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2202 } else {
c19e8800 2203 destroy_page_desc(p[i].ptr);
54688b1e 2204 }
54688b1e 2205 }
07f07b31 2206 lp->is_leaf = 0;
c19e8800 2207 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2208}
2209
2210static void destroy_all_mappings(void)
2211{
3eef53df 2212 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2213 phys_map_nodes_reset();
54688b1e
AK		 2214}
2215
5312bd8b
AK		 2216static uint16_t phys_section_add(MemoryRegionSection *section)
2217{
2218 if (phys_sections_nb == phys_sections_nb_alloc) {
2219 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2220 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2221 phys_sections_nb_alloc);
2222 }
2223 phys_sections[phys_sections_nb] = *section;
2224 return phys_sections_nb++;
2225}
2226
2227static void phys_sections_clear(void)
2228{
2229 phys_sections_nb = 0;
2230}
2231
0f0cb164
AK		 2232static void register_subpage(MemoryRegionSection *section)
2233{
2234 subpage_t *subpage;
2235 target_phys_addr_t base = section->offset_within_address_space
2236 & TARGET_PAGE_MASK;
f3705d53 2237 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2238 MemoryRegionSection subsection = {
2239 .offset_within_address_space = base,
2240 .size = TARGET_PAGE_SIZE,
2241 };
0f0cb164
AK		 2242 target_phys_addr_t start, end;
2243
f3705d53 2244 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2245
f3705d53 2246 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2247 subpage = subpage_init(base);
2248 subsection.mr = &subpage->iomem;
2999097b
AK		 2249 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2250 phys_section_add(&subsection));
0f0cb164 2251 } else {
f3705d53 2252 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2253 }
2254 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2255 end = start + section->size - 1;
0f0cb164
AK		 2256 subpage_register(subpage, start, end, phys_section_add(section));
2257}
2258
2259
2260static void register_multipage(MemoryRegionSection *section)
33417e70 2261{
dd81124b
AK		 2262 target_phys_addr_t start_addr = section->offset_within_address_space;
2263 ram_addr_t size = section->size;
2999097b 2264 target_phys_addr_t addr;
5312bd8b 2265 uint16_t section_index = phys_section_add(section);
dd81124b 2266
3b8e6a2d 2267 assert(size);
f6f3fbca 2268
3b8e6a2d 2269 addr = start_addr;
2999097b
AK		 2270 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2271 section_index);
33417e70
FB		 2272}
2273
0f0cb164
AK		 2274void cpu_register_physical_memory_log(MemoryRegionSection *section,
2275 bool readonly)
2276{
2277 MemoryRegionSection now = *section, remain = *section;
2278
2279 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2280 || (now.size < TARGET_PAGE_SIZE)) {
2281 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2282 - now.offset_within_address_space,
2283 now.size);
2284 register_subpage(&now);
2285 remain.size -= now.size;
2286 remain.offset_within_address_space += now.size;
2287 remain.offset_within_region += now.size;
2288 }
69b67646
TH		 2289 while (remain.size >= TARGET_PAGE_SIZE) {
2290 now = remain;
2291 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2292 now.size = TARGET_PAGE_SIZE;
2293 register_subpage(&now);
2294 } else {
2295 now.size &= TARGET_PAGE_MASK;
2296 register_multipage(&now);
2297 }
0f0cb164
AK		 2298 remain.size -= now.size;
2299 remain.offset_within_address_space += now.size;
2300 remain.offset_within_region += now.size;
2301 }
2302 now = remain;
2303 if (now.size) {
2304 register_subpage(&now);
2305 }
2306}
2307
62a2744c
SY		 2308void qemu_flush_coalesced_mmio_buffer(void)
2309{
2310 if (kvm_enabled())
2311 kvm_flush_coalesced_mmio_buffer();
2312}
2313
c902760f
MT		 2314#if defined(__linux__) && !defined(TARGET_S390X)
2315
2316#include <sys/vfs.h>
2317
2318#define HUGETLBFS_MAGIC 0x958458f6
2319
2320static long gethugepagesize(const char *path)
2321{
2322 struct statfs fs;
2323 int ret;
2324
2325 do {
9742bf26 2326 ret = statfs(path, &fs);
c902760f
MT		 2327 } while (ret != 0 && errno == EINTR);
2328
2329 if (ret != 0) {
9742bf26
YT		 2330 perror(path);
2331 return 0;
c902760f
MT		 2332 }
2333
2334 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2335 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2336
2337 return fs.f_bsize;
2338}
2339
04b16653
AW		 2340static void *file_ram_alloc(RAMBlock *block,
2341 ram_addr_t memory,
2342 const char *path)
c902760f
MT		 2343{
2344 char *filename;
2345 void *area;
2346 int fd;
2347#ifdef MAP_POPULATE
2348 int flags;
2349#endif
2350 unsigned long hpagesize;
2351
2352 hpagesize = gethugepagesize(path);
2353 if (!hpagesize) {
9742bf26 2354 return NULL;
c902760f
MT		 2355 }
2356
2357 if (memory < hpagesize) {
2358 return NULL;
2359 }
2360
2361 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2362 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2363 return NULL;
2364 }
2365
2366 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2367 return NULL;
c902760f
MT		 2368 }
2369
2370 fd = mkstemp(filename);
2371 if (fd < 0) {
9742bf26
YT		 2372 perror("unable to create backing store for hugepages");
2373 free(filename);
2374 return NULL;
c902760f
MT		 2375 }
2376 unlink(filename);
2377 free(filename);
2378
2379 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2380
2381 /*
2382 * ftruncate is not supported by hugetlbfs in older
2383 * hosts, so don't bother bailing out on errors.
2384 * If anything goes wrong with it under other filesystems,
2385 * mmap will fail.
2386 */
2387 if (ftruncate(fd, memory))
9742bf26 2388 perror("ftruncate");
c902760f
MT		 2389
2390#ifdef MAP_POPULATE
2391 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2392 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2393 * to sidestep this quirk.
2394 */
2395 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2396 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2397#else
2398 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2399#endif
2400 if (area == MAP_FAILED) {
9742bf26
YT		 2401 perror("file_ram_alloc: can't mmap RAM pages");
2402 close(fd);
2403 return (NULL);
c902760f 2404 }
04b16653 2405 block->fd = fd;
c902760f
MT		 2406 return area;
2407}
2408#endif
2409
d17b5288 2410static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2411{
2412 RAMBlock *block, *next_block;
3e837b2c 2413 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2414
2415 if (QLIST_EMPTY(&ram_list.blocks))
2416 return 0;
2417
2418 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2419 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2420
2421 end = block->offset + block->length;
2422
2423 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2424 if (next_block->offset >= end) {
2425 next = MIN(next, next_block->offset);
2426 }
2427 }
2428 if (next - end >= size && next - end < mingap) {
3e837b2c 2429 offset = end;
04b16653
AW		 2430 mingap = next - end;
2431 }
2432 }
3e837b2c
AW		 2433
2434 if (offset == RAM_ADDR_MAX) {
2435 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2436 (uint64_t)size);
2437 abort();
2438 }
2439
04b16653
AW		 2440 return offset;
2441}
2442
2443static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2444{
2445 RAMBlock *block;
2446 ram_addr_t last = 0;
2447
2448 QLIST_FOREACH(block, &ram_list.blocks, next)
2449 last = MAX(last, block->offset + block->length);
2450
2451 return last;
2452}
2453
ddb97f1d
JB		 2454static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2455{
2456 int ret;
2457 QemuOpts *machine_opts;
2458
2459 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2460 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2461 if (machine_opts &&
2462 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2463 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2464 if (ret) {
2465 perror("qemu_madvise");
2466 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2467 "but dump_guest_core=off specified\n");
2468 }
2469 }
2470}
2471
c5705a77 2472void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2473{
2474 RAMBlock *new_block, *block;
2475
c5705a77
AK		 2476 new_block = NULL;
2477 QLIST_FOREACH(block, &ram_list.blocks, next) {
2478 if (block->offset == addr) {
2479 new_block = block;
2480 break;
2481 }
2482 }
2483 assert(new_block);
2484 assert(!new_block->idstr[0]);
84b89d78 2485
09e5ab63
AL		 2486 if (dev) {
2487 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2488 if (id) {
2489 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2490 g_free(id);
84b89d78
CM		 2491 }
2492 }
2493 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2494
2495 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2496 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2497 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2498 new_block->idstr);
2499 abort();
2500 }
2501 }
c5705a77
AK		 2502}
2503
8490fc78
LC		 2504static int memory_try_enable_merging(void *addr, size_t len)
2505{
2506 QemuOpts *opts;
2507
2508 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2509 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2510 /* disabled by the user */
2511 return 0;
2512 }
2513
2514 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2515}
2516
c5705a77
AK		 2517ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2518 MemoryRegion *mr)
2519{
2520 RAMBlock *new_block;
2521
2522 size = TARGET_PAGE_ALIGN(size);
2523 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2524
7c637366 2525 new_block->mr = mr;
432d268c 2526 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2527 if (host) {
2528 new_block->host = host;
cd19cfa2 2529 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2530 } else {
2531 if (mem_path) {
c902760f 2532#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2533 new_block->host = file_ram_alloc(new_block, size, mem_path);
2534 if (!new_block->host) {
2535 new_block->host = qemu_vmalloc(size);
8490fc78 2536 memory_try_enable_merging(new_block->host, size);
6977dfe6 2537 }
c902760f 2538#else
6977dfe6
YT		 2539 fprintf(stderr, "-mem-path option unsupported\n");
2540 exit(1);
c902760f 2541#endif
6977dfe6 2542 } else {
868bb33f 2543 if (xen_enabled()) {
fce537d4 2544 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2545 } else if (kvm_enabled()) {
2546 /* some s390/kvm configurations have special constraints */
2547 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2548 } else {
2549 new_block->host = qemu_vmalloc(size);
2550 }
8490fc78 2551 memory_try_enable_merging(new_block->host, size);
6977dfe6 2552 }
c902760f 2553 }
94a6b54f
PB		 2554 new_block->length = size;
2555
f471a17e 2556 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2557
7267c094 2558 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2559 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2560 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2561 0, size >> TARGET_PAGE_BITS);
1720aeee 2562 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2563
ddb97f1d
JB		 2564 qemu_ram_setup_dump(new_block->host, size);
2565
6f0437e8
JK		 2566 if (kvm_enabled())
2567 kvm_setup_guest_memory(new_block->host, size);
2568
94a6b54f
PB		 2569 return new_block->offset;
2570}
e9a1ab19 2571
c5705a77 2572ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2573{
c5705a77 2574 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2575}
2576
1f2e98b6
AW		 2577void qemu_ram_free_from_ptr(ram_addr_t addr)
2578{
2579 RAMBlock *block;
2580
2581 QLIST_FOREACH(block, &ram_list.blocks, next) {
2582 if (addr == block->offset) {
2583 QLIST_REMOVE(block, next);
7267c094 2584 g_free(block);
1f2e98b6
AW		 2585 return;
2586 }
2587 }
2588}
2589
c227f099 2590void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2591{
04b16653
AW		 2592 RAMBlock *block;
2593
2594 QLIST_FOREACH(block, &ram_list.blocks, next) {
2595 if (addr == block->offset) {
2596 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2597 if (block->flags & RAM_PREALLOC_MASK) {
2598 ;
2599 } else if (mem_path) {
04b16653
AW		 2600#if defined (__linux__) && !defined(TARGET_S390X)
2601 if (block->fd) {
2602 munmap(block->host, block->length);
2603 close(block->fd);
2604 } else {
2605 qemu_vfree(block->host);
2606 }
fd28aa13
JK		 2607#else
2608 abort();
04b16653
AW		 2609#endif
2610 } else {
2611#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2612 munmap(block->host, block->length);
2613#else
868bb33f 2614 if (xen_enabled()) {
e41d7c69 2615 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2616 } else {
2617 qemu_vfree(block->host);
2618 }
04b16653
AW		 2619#endif
2620 }
7267c094 2621 g_free(block);
04b16653
AW		 2622 return;
2623 }
2624 }
2625
e9a1ab19
FB		 2626}
2627
cd19cfa2
HY		 2628#ifndef _WIN32
2629void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2630{
2631 RAMBlock *block;
2632 ram_addr_t offset;
2633 int flags;
2634 void *area, *vaddr;
2635
2636 QLIST_FOREACH(block, &ram_list.blocks, next) {
2637 offset = addr - block->offset;
2638 if (offset < block->length) {
2639 vaddr = block->host + offset;
2640 if (block->flags & RAM_PREALLOC_MASK) {
2641 ;
2642 } else {
2643 flags = MAP_FIXED;
2644 munmap(vaddr, length);
2645 if (mem_path) {
2646#if defined(__linux__) && !defined(TARGET_S390X)
2647 if (block->fd) {
2648#ifdef MAP_POPULATE
2649 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2650 MAP_PRIVATE;
2651#else
2652 flags |= MAP_PRIVATE;
2653#endif
2654 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2655 flags, block->fd, offset);
2656 } else {
2657 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2658 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2659 flags, -1, 0);
2660 }
fd28aa13
JK		 2661#else
2662 abort();
cd19cfa2
HY		 2663#endif
2664 } else {
2665#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2666 flags |= MAP_SHARED | MAP_ANONYMOUS;
2667 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2668 flags, -1, 0);
2669#else
2670 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2671 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2672 flags, -1, 0);
2673#endif
2674 }
2675 if (area != vaddr) {
f15fbc4b
AP		 2676 fprintf(stderr, "Could not remap addr: "
2677 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2678 length, addr);
2679 exit(1);
2680 }
8490fc78 2681 memory_try_enable_merging(vaddr, length);
ddb97f1d 2682 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2683 }
2684 return;
2685 }
2686 }
2687}
2688#endif /* !_WIN32 */
2689
dc828ca1 2690/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2691 With the exception of the softmmu code in this file, this should
2692 only be used for local memory (e.g. video ram) that the device owns,
2693 and knows it isn't going to access beyond the end of the block.
2694
2695 It should not be used for general purpose DMA.
2696 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2697 */
c227f099 2698void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2699{
94a6b54f
PB		 2700 RAMBlock *block;
2701
f471a17e
AW		 2702 QLIST_FOREACH(block, &ram_list.blocks, next) {
2703 if (addr - block->offset < block->length) {
7d82af38
VP		 2704 /* Move this entry to to start of the list. */
2705 if (block != QLIST_FIRST(&ram_list.blocks)) {
2706 QLIST_REMOVE(block, next);
2707 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2708 }
868bb33f 2709 if (xen_enabled()) {
432d268c
JN		 2710 /* We need to check if the requested address is in the RAM
2711 * because we don't want to map the entire memory in QEMU.
712c2b41 2712 * In that case just map until the end of the page.
432d268c
JN		 2713 */
2714 if (block->offset == 0) {
e41d7c69 2715 return xen_map_cache(addr, 0, 0);
432d268c 2716 } else if (block->host == NULL) {
e41d7c69
JK		 2717 block->host =
2718 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2719 }
2720 }
f471a17e
AW		 2721 return block->host + (addr - block->offset);
2722 }
94a6b54f 2723 }
f471a17e
AW		 2724
2725 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2726 abort();
2727
2728 return NULL;
dc828ca1
PB		 2729}
2730
b2e0a138
MT		 2731/* Return a host pointer to ram allocated with qemu_ram_alloc.
2732 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2733 */
2734void *qemu_safe_ram_ptr(ram_addr_t addr)
2735{
2736 RAMBlock *block;
2737
2738 QLIST_FOREACH(block, &ram_list.blocks, next) {
2739 if (addr - block->offset < block->length) {
868bb33f 2740 if (xen_enabled()) {
432d268c
JN		 2741 /* We need to check if the requested address is in the RAM
2742 * because we don't want to map the entire memory in QEMU.
712c2b41 2743 * In that case just map until the end of the page.
432d268c
JN		 2744 */
2745 if (block->offset == 0) {
e41d7c69 2746 return xen_map_cache(addr, 0, 0);
432d268c 2747 } else if (block->host == NULL) {
e41d7c69
JK		 2748 block->host =
2749 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2750 }
2751 }
b2e0a138
MT		 2752 return block->host + (addr - block->offset);
2753 }
2754 }
2755
2756 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2757 abort();
2758
2759 return NULL;
2760}
2761
38bee5dc
SS		 2762/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2763 * but takes a size argument */
8ab934f9 2764void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2765{
8ab934f9
SS		 2766 if (*size == 0) {
2767 return NULL;
2768 }
868bb33f 2769 if (xen_enabled()) {
e41d7c69 2770 return xen_map_cache(addr, *size, 1);
868bb33f 2771 } else {
38bee5dc
SS		 2772 RAMBlock *block;
2773
2774 QLIST_FOREACH(block, &ram_list.blocks, next) {
2775 if (addr - block->offset < block->length) {
2776 if (addr - block->offset + *size > block->length)
2777 *size = block->length - addr + block->offset;
2778 return block->host + (addr - block->offset);
2779 }
2780 }
2781
2782 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2783 abort();
38bee5dc
SS		 2784 }
2785}
2786
050a0ddf
AP		 2787void qemu_put_ram_ptr(void *addr)
2788{
2789 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2790}
2791
e890261f 2792int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2793{
94a6b54f
PB		 2794 RAMBlock *block;
2795 uint8_t *host = ptr;
2796
868bb33f 2797 if (xen_enabled()) {
e41d7c69 2798 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2799 return 0;
2800 }
2801
f471a17e 2802 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2803 /* This case append when the block is not mapped. */
2804 if (block->host == NULL) {
2805 continue;
2806 }
f471a17e 2807 if (host - block->host < block->length) {
e890261f
MT		 2808 *ram_addr = block->offset + (host - block->host);
2809 return 0;
f471a17e 2810 }
94a6b54f 2811 }
432d268c 2812
e890261f
MT		 2813 return -1;
2814}
f471a17e 2815
e890261f
MT		 2816/* Some of the softmmu routines need to translate from a host pointer
2817 (typically a TLB entry) back to a ram offset. */
2818ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2819{
2820 ram_addr_t ram_addr;
f471a17e 2821
e890261f
MT		 2822 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2823 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2824 abort();
2825 }
2826 return ram_addr;
5579c7f3
PB		 2827}
2828
0e0df1e2
AK		 2829static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2830 unsigned size)
e18231a3
BS		 2831{
2832#ifdef DEBUG_UNASSIGNED
2833 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2834#endif
5b450407 2835#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2836 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2837#endif
2838 return 0;
2839}
2840
0e0df1e2
AK		 2841static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2842 uint64_t val, unsigned size)
e18231a3
BS		 2843{
2844#ifdef DEBUG_UNASSIGNED
0e0df1e2 2845 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2846#endif
5b450407 2847#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2848 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2849#endif
33417e70
FB		 2850}
2851
0e0df1e2
AK		 2852static const MemoryRegionOps unassigned_mem_ops = {
2853 .read = unassigned_mem_read,
2854 .write = unassigned_mem_write,
2855 .endianness = DEVICE_NATIVE_ENDIAN,
2856};
e18231a3 2857
0e0df1e2
AK		 2858static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2859 unsigned size)
e18231a3 2860{
0e0df1e2 2861 abort();
e18231a3
BS		 2862}
2863
0e0df1e2
AK		 2864static void error_mem_write(void *opaque, target_phys_addr_t addr,
2865 uint64_t value, unsigned size)
e18231a3 2866{
0e0df1e2 2867 abort();
33417e70
FB		 2868}
2869
0e0df1e2
AK		 2870static const MemoryRegionOps error_mem_ops = {
2871 .read = error_mem_read,
2872 .write = error_mem_write,
2873 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2874};
2875
0e0df1e2
AK		 2876static const MemoryRegionOps rom_mem_ops = {
2877 .read = error_mem_read,
2878 .write = unassigned_mem_write,
2879 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2880};
2881
0e0df1e2
AK		 2882static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2883 uint64_t val, unsigned size)
9fa3e853 2884{
3a7d929e 2885 int dirty_flags;
f7c11b53 2886 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2887 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2888#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2889 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2890 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2891#endif
3a7d929e 2892 }
0e0df1e2
AK		 2893 switch (size) {
2894 case 1:
2895 stb_p(qemu_get_ram_ptr(ram_addr), val);
2896 break;
2897 case 2:
2898 stw_p(qemu_get_ram_ptr(ram_addr), val);
2899 break;
2900 case 4:
2901 stl_p(qemu_get_ram_ptr(ram_addr), val);
2902 break;
2903 default:
2904 abort();
3a7d929e 2905 }
f23db169 2906 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2907 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2908 /* we remove the notdirty callback only if the code has been
2909 flushed */
2910 if (dirty_flags == 0xff)
2e70f6ef 2911 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2912}
2913
0e0df1e2
AK		 2914static const MemoryRegionOps notdirty_mem_ops = {
2915 .read = error_mem_read,
2916 .write = notdirty_mem_write,
2917 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2918};
2919
0f459d16 2920/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2921static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2922{
9349b4f9 2923 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2924 target_ulong pc, cs_base;
2925 TranslationBlock *tb;
0f459d16 2926 target_ulong vaddr;
a1d1bb31 2927 CPUWatchpoint *wp;
06d55cc1 2928 int cpu_flags;
0f459d16 2929
06d55cc1
AL		 2930 if (env->watchpoint_hit) {
2931 /* We re-entered the check after replacing the TB. Now raise
2932 * the debug interrupt so that is will trigger after the
2933 * current instruction. */
2934 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2935 return;
2936 }
2e70f6ef 2937 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2938 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2939 if ((vaddr == (wp->vaddr & len_mask) ||
2940 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2941 wp->flags |= BP_WATCHPOINT_HIT;
2942 if (!env->watchpoint_hit) {
2943 env->watchpoint_hit = wp;
2944 tb = tb_find_pc(env->mem_io_pc);
2945 if (!tb) {
2946 cpu_abort(env, "check_watchpoint: could not find TB for "
2947 "pc=%p", (void *)env->mem_io_pc);
2948 }
618ba8e6 2949 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2950 tb_phys_invalidate(tb, -1);
2951 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2952 env->exception_index = EXCP_DEBUG;
488d6577 2953 cpu_loop_exit(env);
6e140f28
AL		 2954 } else {
2955 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2956 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2957 cpu_resume_from_signal(env, NULL);
6e140f28 2958 }
06d55cc1 2959 }
6e140f28
AL		 2960 } else {
2961 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2962 }
2963 }
2964}
2965
6658ffb8
PB		 2966/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2967 so these check for a hit then pass through to the normal out-of-line
2968 phys routines. */
1ec9b909
AK		 2969static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
2970 unsigned size)
6658ffb8 2971{
1ec9b909
AK		 2972 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2973 switch (size) {
2974 case 1: return ldub_phys(addr);
2975 case 2: return lduw_phys(addr);
2976 case 4: return ldl_phys(addr);
2977 default: abort();
2978 }
6658ffb8
PB		 2979}
2980
1ec9b909
AK		 2981static void watch_mem_write(void *opaque, target_phys_addr_t addr,
2982 uint64_t val, unsigned size)
6658ffb8 2983{
1ec9b909
AK		 2984 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
2985 switch (size) {
67364150
MF		 2986 case 1:
2987 stb_phys(addr, val);
2988 break;
2989 case 2:
2990 stw_phys(addr, val);
2991 break;
2992 case 4:
2993 stl_phys(addr, val);
2994 break;
1ec9b909
AK		 2995 default: abort();
2996 }
6658ffb8
PB		 2997}
2998
1ec9b909
AK		 2999static const MemoryRegionOps watch_mem_ops = {
3000 .read = watch_mem_read,
3001 .write = watch_mem_write,
3002 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3003};
6658ffb8 3004
70c68e44
AK		 3005static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3006 unsigned len)
db7b5426 3007{
70c68e44 3008 subpage_t *mmio = opaque;
f6405247 3009 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3010 MemoryRegionSection *section;
db7b5426
BS		 3011#if defined(DEBUG_SUBPAGE)
3012 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3013 mmio, len, addr, idx);
3014#endif
db7b5426 3015
5312bd8b
AK		 3016 section = &phys_sections[mmio->sub_section[idx]];
3017 addr += mmio->base;
3018 addr -= section->offset_within_address_space;
3019 addr += section->offset_within_region;
37ec01d4 3020 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3021}
3022
70c68e44
AK		 3023static void subpage_write(void *opaque, target_phys_addr_t addr,
3024 uint64_t value, unsigned len)
db7b5426 3025{
70c68e44 3026 subpage_t *mmio = opaque;
f6405247 3027 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3028 MemoryRegionSection *section;
db7b5426 3029#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3030 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3031 " idx %d value %"PRIx64"\n",
f6405247 3032 __func__, mmio, len, addr, idx, value);
db7b5426 3033#endif
f6405247 3034
5312bd8b
AK		 3035 section = &phys_sections[mmio->sub_section[idx]];
3036 addr += mmio->base;
3037 addr -= section->offset_within_address_space;
3038 addr += section->offset_within_region;
37ec01d4 3039 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3040}
3041
70c68e44
AK		 3042static const MemoryRegionOps subpage_ops = {
3043 .read = subpage_read,
3044 .write = subpage_write,
3045 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3046};
3047
de712f94
AK		 3048static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3049 unsigned size)
56384e8b
AF		 3050{
3051 ram_addr_t raddr = addr;
3052 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3053 switch (size) {
3054 case 1: return ldub_p(ptr);
3055 case 2: return lduw_p(ptr);
3056 case 4: return ldl_p(ptr);
3057 default: abort();
3058 }
56384e8b
AF		 3059}
3060
de712f94
AK		 3061static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3062 uint64_t value, unsigned size)
56384e8b
AF		 3063{
3064 ram_addr_t raddr = addr;
3065 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3066 switch (size) {
3067 case 1: return stb_p(ptr, value);
3068 case 2: return stw_p(ptr, value);
3069 case 4: return stl_p(ptr, value);
3070 default: abort();
3071 }
56384e8b
AF		 3072}
3073
de712f94
AK		 3074static const MemoryRegionOps subpage_ram_ops = {
3075 .read = subpage_ram_read,
3076 .write = subpage_ram_write,
3077 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3078};
3079
c227f099 3080static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3081 uint16_t section)
db7b5426
BS		 3082{
3083 int idx, eidx;
3084
3085 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3086 return -1;
3087 idx = SUBPAGE_IDX(start);
3088 eidx = SUBPAGE_IDX(end);
3089#if defined(DEBUG_SUBPAGE)
0bf9e31a 3090 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3091 mmio, start, end, idx, eidx, memory);
3092#endif
5312bd8b
AK		 3093 if (memory_region_is_ram(phys_sections[section].mr)) {
3094 MemoryRegionSection new_section = phys_sections[section];
3095 new_section.mr = &io_mem_subpage_ram;
3096 section = phys_section_add(&new_section);
56384e8b 3097 }
db7b5426 3098 for (; idx <= eidx; idx++) {
5312bd8b 3099 mmio->sub_section[idx] = section;
db7b5426
BS		 3100 }
3101
3102 return 0;
3103}
3104
0f0cb164 3105static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3106{
c227f099 3107 subpage_t *mmio;
db7b5426 3108
7267c094 3109 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3110
3111 mmio->base = base;
70c68e44
AK		 3112 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3113 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3114 mmio->iomem.subpage = true;
db7b5426 3115#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3116 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3117 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3118#endif
0f0cb164 3119 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3120
3121 return mmio;
3122}
3123
5312bd8b
AK		 3124static uint16_t dummy_section(MemoryRegion *mr)
3125{
3126 MemoryRegionSection section = {
3127 .mr = mr,
3128 .offset_within_address_space = 0,
3129 .offset_within_region = 0,
3130 .size = UINT64_MAX,
3131 };
3132
3133 return phys_section_add(&section);
3134}
3135
37ec01d4 3136MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3137{
37ec01d4 3138 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3139}
3140
e9179ce1
AK		 3141static void io_mem_init(void)
3142{
0e0df1e2 3143 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3144 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3145 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3146 "unassigned", UINT64_MAX);
3147 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3148 "notdirty", UINT64_MAX);
de712f94
AK		 3149 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3150 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3151 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3152 "watch", UINT64_MAX);
e9179ce1
AK		 3153}
3154
50c1e149
AK		 3155static void core_begin(MemoryListener *listener)
3156{
54688b1e 3157 destroy_all_mappings();
5312bd8b 3158 phys_sections_clear();
c19e8800 3159 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3160 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3161 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3162 phys_section_rom = dummy_section(&io_mem_rom);
3163 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3164}
3165
3166static void core_commit(MemoryListener *listener)
3167{
9349b4f9 3168 CPUArchState *env;
117712c3
AK		 3169
3170 /* since each CPU stores ram addresses in its TLB cache, we must
3171 reset the modified entries */
3172 /* XXX: slow ! */
3173 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3174 tlb_flush(env, 1);
3175 }
50c1e149
AK		 3176}
3177
93632747
AK		 3178static void core_region_add(MemoryListener *listener,
3179 MemoryRegionSection *section)
3180{
4855d41a 3181 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3182}
3183
50c1e149
AK		 3184static void core_region_nop(MemoryListener *listener,
3185 MemoryRegionSection *section)
3186{
54688b1e 3187 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3188}
3189
93632747
AK		 3190static void core_log_global_start(MemoryListener *listener)
3191{
3192 cpu_physical_memory_set_dirty_tracking(1);
3193}
3194
3195static void core_log_global_stop(MemoryListener *listener)
3196{
3197 cpu_physical_memory_set_dirty_tracking(0);
3198}
3199
4855d41a
AK		 3200static void io_region_add(MemoryListener *listener,
3201 MemoryRegionSection *section)
3202{
a2d33521
AK		 3203 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3204
3205 mrio->mr = section->mr;
3206 mrio->offset = section->offset_within_region;
3207 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3208 section->offset_within_address_space, section->size);
a2d33521 3209 ioport_register(&mrio->iorange);
4855d41a
AK		 3210}
3211
3212static void io_region_del(MemoryListener *listener,
3213 MemoryRegionSection *section)
3214{
3215 isa_unassign_ioport(section->offset_within_address_space, section->size);
3216}
3217
93632747 3218static MemoryListener core_memory_listener = {
50c1e149
AK		 3219 .begin = core_begin,
3220 .commit = core_commit,
93632747 3221 .region_add = core_region_add,
50c1e149 3222 .region_nop = core_region_nop,
93632747
AK		 3223 .log_global_start = core_log_global_start,
3224 .log_global_stop = core_log_global_stop,
93632747
AK		 3225 .priority = 0,
3226};
3227
4855d41a
AK		 3228static MemoryListener io_memory_listener = {
3229 .region_add = io_region_add,
3230 .region_del = io_region_del,
4855d41a
AK		 3231 .priority = 0,
3232};
3233
62152b8a
AK		 3234static void memory_map_init(void)
3235{
7267c094 3236 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3237 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3238 set_system_memory_map(system_memory);
309cb471 3239
7267c094 3240 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3241 memory_region_init(system_io, "io", 65536);
3242 set_system_io_map(system_io);
93632747 3243
4855d41a
AK		 3244 memory_listener_register(&core_memory_listener, system_memory);
3245 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3246}
3247
3248MemoryRegion *get_system_memory(void)
3249{
3250 return system_memory;
3251}
3252
309cb471
AK		 3253MemoryRegion *get_system_io(void)
3254{
3255 return system_io;
3256}
3257
e2eef170
PB		 3258#endif /* !defined(CONFIG_USER_ONLY) */
3259
13eb76e0
FB		 3260/* physical memory access (slow version, mainly for debug) */
3261#if defined(CONFIG_USER_ONLY)
9349b4f9 3262int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3263 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3264{
3265 int l, flags;
3266 target_ulong page;
53a5960a 3267 void * p;
13eb76e0
FB		 3268
3269 while (len > 0) {
3270 page = addr & TARGET_PAGE_MASK;
3271 l = (page + TARGET_PAGE_SIZE) - addr;
3272 if (l > len)
3273 l = len;
3274 flags = page_get_flags(page);
3275 if (!(flags & PAGE_VALID))
a68fe89c 3276 return -1;
13eb76e0
FB		 3277 if (is_write) {
3278 if (!(flags & PAGE_WRITE))
a68fe89c 3279 return -1;
579a97f7 3280 /* XXX: this code should not depend on lock_user */
72fb7daa 3281 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3282 return -1;
72fb7daa
AJ		 3283 memcpy(p, buf, l);
3284 unlock_user(p, addr, l);
13eb76e0
FB		 3285 } else {
3286 if (!(flags & PAGE_READ))
a68fe89c 3287 return -1;
579a97f7 3288 /* XXX: this code should not depend on lock_user */
72fb7daa 3289 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3290 return -1;
72fb7daa 3291 memcpy(buf, p, l);
5b257578 3292 unlock_user(p, addr, 0);
13eb76e0
FB		 3293 }
3294 len -= l;
3295 buf += l;
3296 addr += l;
3297 }
a68fe89c 3298 return 0;
13eb76e0 3299}
8df1cd07 3300
13eb76e0 3301#else
51d7a9eb
AP		 3302
3303static void invalidate_and_set_dirty(target_phys_addr_t addr,
3304 target_phys_addr_t length)
3305{
3306 if (!cpu_physical_memory_is_dirty(addr)) {
3307 /* invalidate code */
3308 tb_invalidate_phys_page_range(addr, addr + length, 0);
3309 /* set dirty bit */
3310 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3311 }
e226939d 3312 xen_modified_memory(addr, length);
51d7a9eb
AP		 3313}
3314
c227f099 3315void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3316 int len, int is_write)
3317{
37ec01d4 3318 int l;
13eb76e0
FB		 3319 uint8_t *ptr;
3320 uint32_t val;
c227f099 3321 target_phys_addr_t page;
f3705d53 3322 MemoryRegionSection *section;
3b46e624 3323
13eb76e0
FB		 3324 while (len > 0) {
3325 page = addr & TARGET_PAGE_MASK;
3326 l = (page + TARGET_PAGE_SIZE) - addr;
3327 if (l > len)
3328 l = len;
06ef3525 3329 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3330
13eb76e0 3331 if (is_write) {
f3705d53 3332 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3333 target_phys_addr_t addr1;
cc5bea60 3334 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3335 /* XXX: could force cpu_single_env to NULL to avoid
3336 potential bugs */
6c2934db 3337 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3338 /* 32 bit write access */
c27004ec 3339 val = ldl_p(buf);
37ec01d4 3340 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3341 l = 4;
6c2934db 3342 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3343 /* 16 bit write access */
c27004ec 3344 val = lduw_p(buf);
37ec01d4 3345 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3346 l = 2;
3347 } else {
1c213d19 3348 /* 8 bit write access */
c27004ec 3349 val = ldub_p(buf);
37ec01d4 3350 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3351 l = 1;
3352 }
f3705d53 3353 } else if (!section->readonly) {
8ca5692d 3354 ram_addr_t addr1;
f3705d53 3355 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3356 + memory_region_section_addr(section, addr);
13eb76e0 3357 /* RAM case */
5579c7f3 3358 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3359 memcpy(ptr, buf, l);
51d7a9eb 3360 invalidate_and_set_dirty(addr1, l);
050a0ddf 3361 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3362 }
3363 } else {
cc5bea60
BS		 3364 if (!(memory_region_is_ram(section->mr) ||
3365 memory_region_is_romd(section->mr))) {
f1f6e3b8 3366 target_phys_addr_t addr1;
13eb76e0 3367 /* I/O case */
cc5bea60 3368 addr1 = memory_region_section_addr(section, addr);
6c2934db 3369 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3370 /* 32 bit read access */
37ec01d4 3371 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3372 stl_p(buf, val);
13eb76e0 3373 l = 4;
6c2934db 3374 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3375 /* 16 bit read access */
37ec01d4 3376 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3377 stw_p(buf, val);
13eb76e0
FB		 3378 l = 2;
3379 } else {
1c213d19 3380 /* 8 bit read access */
37ec01d4 3381 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3382 stb_p(buf, val);
13eb76e0
FB		 3383 l = 1;
3384 }
3385 } else {
3386 /* RAM case */
0a1b357f 3387 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3388 + memory_region_section_addr(section,
3389 addr));
f3705d53 3390 memcpy(buf, ptr, l);
050a0ddf 3391 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3392 }
3393 }
3394 len -= l;
3395 buf += l;
3396 addr += l;
3397 }
3398}
8df1cd07 3399
d0ecd2aa 3400/* used for ROM loading : can write in RAM and ROM */
c227f099 3401void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3402 const uint8_t *buf, int len)
3403{
3404 int l;
3405 uint8_t *ptr;
c227f099 3406 target_phys_addr_t page;
f3705d53 3407 MemoryRegionSection *section;
3b46e624 3408
d0ecd2aa
FB		 3409 while (len > 0) {
3410 page = addr & TARGET_PAGE_MASK;
3411 l = (page + TARGET_PAGE_SIZE) - addr;
3412 if (l > len)
3413 l = len;
06ef3525 3414 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3415
cc5bea60
BS		 3416 if (!(memory_region_is_ram(section->mr) ||
3417 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3418 /* do nothing */
3419 } else {
3420 unsigned long addr1;
f3705d53 3421 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3422 + memory_region_section_addr(section, addr);
d0ecd2aa 3423 /* ROM/RAM case */
5579c7f3 3424 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3425 memcpy(ptr, buf, l);
51d7a9eb 3426 invalidate_and_set_dirty(addr1, l);
050a0ddf 3427 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3428 }
3429 len -= l;
3430 buf += l;
3431 addr += l;
3432 }
3433}
3434
6d16c2f8
AL		 3435typedef struct {
3436 void *buffer;
c227f099
AL		 3437 target_phys_addr_t addr;
3438 target_phys_addr_t len;
6d16c2f8
AL		 3439} BounceBuffer;
3440
3441static BounceBuffer bounce;
3442
ba223c29
AL		 3443typedef struct MapClient {
3444 void *opaque;
3445 void (*callback)(void *opaque);
72cf2d4f 3446 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3447} MapClient;
3448
72cf2d4f
BS		 3449static QLIST_HEAD(map_client_list, MapClient) map_client_list
3450 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3451
3452void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3453{
7267c094 3454 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3455
3456 client->opaque = opaque;
3457 client->callback = callback;
72cf2d4f 3458 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3459 return client;
3460}
3461
3462void cpu_unregister_map_client(void *_client)
3463{
3464 MapClient *client = (MapClient *)_client;
3465
72cf2d4f 3466 QLIST_REMOVE(client, link);
7267c094 3467 g_free(client);
ba223c29
AL		 3468}
3469
3470static void cpu_notify_map_clients(void)
3471{
3472 MapClient *client;
3473
72cf2d4f
BS		 3474 while (!QLIST_EMPTY(&map_client_list)) {
3475 client = QLIST_FIRST(&map_client_list);
ba223c29 3476 client->callback(client->opaque);
34d5e948 3477 cpu_unregister_map_client(client);
ba223c29
AL		 3478 }
3479}
3480
6d16c2f8
AL		 3481/* Map a physical memory region into a host virtual address.
3482 * May map a subset of the requested range, given by and returned in *plen.
3483 * May return NULL if resources needed to perform the mapping are exhausted.
3484 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3485 * Use cpu_register_map_client() to know when retrying the map operation is
3486 * likely to succeed.
6d16c2f8 3487 */
c227f099
AL		 3488void *cpu_physical_memory_map(target_phys_addr_t addr,
3489 target_phys_addr_t *plen,
6d16c2f8
AL		 3490 int is_write)
3491{
c227f099 3492 target_phys_addr_t len = *plen;
38bee5dc 3493 target_phys_addr_t todo = 0;
6d16c2f8 3494 int l;
c227f099 3495 target_phys_addr_t page;
f3705d53 3496 MemoryRegionSection *section;
f15fbc4b 3497 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3498 ram_addr_t rlen;
3499 void *ret;
6d16c2f8
AL		 3500
3501 while (len > 0) {
3502 page = addr & TARGET_PAGE_MASK;
3503 l = (page + TARGET_PAGE_SIZE) - addr;
3504 if (l > len)
3505 l = len;
06ef3525 3506 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3507
f3705d53 3508 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3509 if (todo || bounce.buffer) {
6d16c2f8
AL		 3510 break;
3511 }
3512 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3513 bounce.addr = addr;
3514 bounce.len = l;
3515 if (!is_write) {
54f7b4a3 3516 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3517 }
38bee5dc
SS		 3518
3519 *plen = l;
3520 return bounce.buffer;
6d16c2f8 3521 }
8ab934f9 3522 if (!todo) {
f3705d53 3523 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3524 + memory_region_section_addr(section, addr);
8ab934f9 3525 }
6d16c2f8
AL		 3526
3527 len -= l;
3528 addr += l;
38bee5dc 3529 todo += l;
6d16c2f8 3530 }
8ab934f9
SS		 3531 rlen = todo;
3532 ret = qemu_ram_ptr_length(raddr, &rlen);
3533 *plen = rlen;
3534 return ret;
6d16c2f8
AL		 3535}
3536
3537/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3538 * Will also mark the memory as dirty if is_write == 1. access_len gives
3539 * the amount of memory that was actually read or written by the caller.
3540 */
c227f099
AL		 3541void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3542 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3543{
3544 if (buffer != bounce.buffer) {
3545 if (is_write) {
e890261f 3546 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3547 while (access_len) {
3548 unsigned l;
3549 l = TARGET_PAGE_SIZE;
3550 if (l > access_len)
3551 l = access_len;
51d7a9eb 3552 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3553 addr1 += l;
3554 access_len -= l;
3555 }
3556 }
868bb33f 3557 if (xen_enabled()) {
e41d7c69 3558 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3559 }
6d16c2f8
AL		 3560 return;
3561 }
3562 if (is_write) {
3563 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3564 }
f8a83245 3565 qemu_vfree(bounce.buffer);
6d16c2f8 3566 bounce.buffer = NULL;
ba223c29 3567 cpu_notify_map_clients();
6d16c2f8 3568}
d0ecd2aa 3569
8df1cd07 3570/* warning: addr must be aligned */
1e78bcc1
AG		 3571static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3572 enum device_endian endian)
8df1cd07 3573{
8df1cd07
FB		 3574 uint8_t *ptr;
3575 uint32_t val;
f3705d53 3576 MemoryRegionSection *section;
8df1cd07 3577
06ef3525 3578 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3579
cc5bea60
BS		 3580 if (!(memory_region_is_ram(section->mr) ||
3581 memory_region_is_romd(section->mr))) {
8df1cd07 3582 /* I/O case */
cc5bea60 3583 addr = memory_region_section_addr(section, addr);
37ec01d4 3584 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3585#if defined(TARGET_WORDS_BIGENDIAN)
3586 if (endian == DEVICE_LITTLE_ENDIAN) {
3587 val = bswap32(val);
3588 }
3589#else
3590 if (endian == DEVICE_BIG_ENDIAN) {
3591 val = bswap32(val);
3592 }
3593#endif
8df1cd07
FB		 3594 } else {
3595 /* RAM case */
f3705d53 3596 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3597 & TARGET_PAGE_MASK)
cc5bea60 3598 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3599 switch (endian) {
3600 case DEVICE_LITTLE_ENDIAN:
3601 val = ldl_le_p(ptr);
3602 break;
3603 case DEVICE_BIG_ENDIAN:
3604 val = ldl_be_p(ptr);
3605 break;
3606 default:
3607 val = ldl_p(ptr);
3608 break;
3609 }
8df1cd07
FB		 3610 }
3611 return val;
3612}
3613
1e78bcc1
AG		 3614uint32_t ldl_phys(target_phys_addr_t addr)
3615{
3616 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3617}
3618
3619uint32_t ldl_le_phys(target_phys_addr_t addr)
3620{
3621 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3622}
3623
3624uint32_t ldl_be_phys(target_phys_addr_t addr)
3625{
3626 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3627}
3628
84b7b8e7 3629/* warning: addr must be aligned */
1e78bcc1
AG		 3630static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3631 enum device_endian endian)
84b7b8e7 3632{
84b7b8e7
FB		 3633 uint8_t *ptr;
3634 uint64_t val;
f3705d53 3635 MemoryRegionSection *section;
84b7b8e7 3636
06ef3525 3637 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3638
cc5bea60
BS		 3639 if (!(memory_region_is_ram(section->mr) ||
3640 memory_region_is_romd(section->mr))) {
84b7b8e7 3641 /* I/O case */
cc5bea60 3642 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3643
3644 /* XXX This is broken when device endian != cpu endian.
3645 Fix and add "endian" variable check */
84b7b8e7 3646#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3647 val = io_mem_read(section->mr, addr, 4) << 32;
3648 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3649#else
37ec01d4
AK		 3650 val = io_mem_read(section->mr, addr, 4);
3651 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3652#endif
3653 } else {
3654 /* RAM case */
f3705d53 3655 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3656 & TARGET_PAGE_MASK)
cc5bea60 3657 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3658 switch (endian) {
3659 case DEVICE_LITTLE_ENDIAN:
3660 val = ldq_le_p(ptr);
3661 break;
3662 case DEVICE_BIG_ENDIAN:
3663 val = ldq_be_p(ptr);
3664 break;
3665 default:
3666 val = ldq_p(ptr);
3667 break;
3668 }
84b7b8e7
FB		 3669 }
3670 return val;
3671}
3672
1e78bcc1
AG		 3673uint64_t ldq_phys(target_phys_addr_t addr)
3674{
3675 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3676}
3677
3678uint64_t ldq_le_phys(target_phys_addr_t addr)
3679{
3680 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3681}
3682
3683uint64_t ldq_be_phys(target_phys_addr_t addr)
3684{
3685 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3686}
3687
aab33094 3688/* XXX: optimize */
c227f099 3689uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3690{
3691 uint8_t val;
3692 cpu_physical_memory_read(addr, &val, 1);
3693 return val;
3694}
3695
733f0b02 3696/* warning: addr must be aligned */
1e78bcc1
AG		 3697static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3698 enum device_endian endian)
aab33094 3699{
733f0b02
MT		 3700 uint8_t *ptr;
3701 uint64_t val;
f3705d53 3702 MemoryRegionSection *section;
733f0b02 3703
06ef3525 3704 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3705
cc5bea60
BS		 3706 if (!(memory_region_is_ram(section->mr) ||
3707 memory_region_is_romd(section->mr))) {
733f0b02 3708 /* I/O case */
cc5bea60 3709 addr = memory_region_section_addr(section, addr);
37ec01d4 3710 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3711#if defined(TARGET_WORDS_BIGENDIAN)
3712 if (endian == DEVICE_LITTLE_ENDIAN) {
3713 val = bswap16(val);
3714 }
3715#else
3716 if (endian == DEVICE_BIG_ENDIAN) {
3717 val = bswap16(val);
3718 }
3719#endif
733f0b02
MT		 3720 } else {
3721 /* RAM case */
f3705d53 3722 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3723 & TARGET_PAGE_MASK)
cc5bea60 3724 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3725 switch (endian) {
3726 case DEVICE_LITTLE_ENDIAN:
3727 val = lduw_le_p(ptr);
3728 break;
3729 case DEVICE_BIG_ENDIAN:
3730 val = lduw_be_p(ptr);
3731 break;
3732 default:
3733 val = lduw_p(ptr);
3734 break;
3735 }
733f0b02
MT		 3736 }
3737 return val;
aab33094
FB		 3738}
3739
1e78bcc1
AG		 3740uint32_t lduw_phys(target_phys_addr_t addr)
3741{
3742 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3743}
3744
3745uint32_t lduw_le_phys(target_phys_addr_t addr)
3746{
3747 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3748}
3749
3750uint32_t lduw_be_phys(target_phys_addr_t addr)
3751{
3752 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3753}
3754
8df1cd07
FB		 3755/* warning: addr must be aligned. The ram page is not masked as dirty
3756 and the code inside is not invalidated. It is useful if the dirty
3757 bits are used to track modified PTEs */
c227f099 3758void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3759{
8df1cd07 3760 uint8_t *ptr;
f3705d53 3761 MemoryRegionSection *section;
8df1cd07 3762
06ef3525 3763 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3764
f3705d53 3765 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3766 addr = memory_region_section_addr(section, addr);
f3705d53 3767 if (memory_region_is_ram(section->mr)) {
37ec01d4 3768 section = &phys_sections[phys_section_rom];
06ef3525 3769 }
37ec01d4 3770 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3771 } else {
f3705d53 3772 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3773 & TARGET_PAGE_MASK)
cc5bea60 3774 + memory_region_section_addr(section, addr);
5579c7f3 3775 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3776 stl_p(ptr, val);
74576198
AL		 3777
3778 if (unlikely(in_migration)) {
3779 if (!cpu_physical_memory_is_dirty(addr1)) {
3780 /* invalidate code */
3781 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3782 /* set dirty bit */
f7c11b53
YT		 3783 cpu_physical_memory_set_dirty_flags(
3784 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3785 }
3786 }
8df1cd07
FB		 3787 }
3788}
3789
c227f099 3790void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3791{
bc98a7ef 3792 uint8_t *ptr;
f3705d53 3793 MemoryRegionSection *section;
bc98a7ef 3794
06ef3525 3795 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3796
f3705d53 3797 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3798 addr = memory_region_section_addr(section, addr);
f3705d53 3799 if (memory_region_is_ram(section->mr)) {
37ec01d4 3800 section = &phys_sections[phys_section_rom];
06ef3525 3801 }
bc98a7ef 3802#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3803 io_mem_write(section->mr, addr, val >> 32, 4);
3804 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3805#else
37ec01d4
AK		 3806 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3807 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3808#endif
3809 } else {
f3705d53 3810 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3811 & TARGET_PAGE_MASK)
cc5bea60 3812 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3813 stq_p(ptr, val);
3814 }
3815}
3816
8df1cd07 3817/* warning: addr must be aligned */
1e78bcc1
AG		 3818static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3819 enum device_endian endian)
8df1cd07 3820{
8df1cd07 3821 uint8_t *ptr;
f3705d53 3822 MemoryRegionSection *section;
8df1cd07 3823
06ef3525 3824 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3825
f3705d53 3826 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3827 addr = memory_region_section_addr(section, addr);
f3705d53 3828 if (memory_region_is_ram(section->mr)) {
37ec01d4 3829 section = &phys_sections[phys_section_rom];
06ef3525 3830 }
1e78bcc1
AG		 3831#if defined(TARGET_WORDS_BIGENDIAN)
3832 if (endian == DEVICE_LITTLE_ENDIAN) {
3833 val = bswap32(val);
3834 }
3835#else
3836 if (endian == DEVICE_BIG_ENDIAN) {
3837 val = bswap32(val);
3838 }
3839#endif
37ec01d4 3840 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3841 } else {
3842 unsigned long addr1;
f3705d53 3843 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3844 + memory_region_section_addr(section, addr);
8df1cd07 3845 /* RAM case */
5579c7f3 3846 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3847 switch (endian) {
3848 case DEVICE_LITTLE_ENDIAN:
3849 stl_le_p(ptr, val);
3850 break;
3851 case DEVICE_BIG_ENDIAN:
3852 stl_be_p(ptr, val);
3853 break;
3854 default:
3855 stl_p(ptr, val);
3856 break;
3857 }
51d7a9eb 3858 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3859 }
3860}
3861
1e78bcc1
AG		 3862void stl_phys(target_phys_addr_t addr, uint32_t val)
3863{
3864 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3865}
3866
3867void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3868{
3869 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3870}
3871
3872void stl_be_phys(target_phys_addr_t addr, uint32_t val)
3873{
3874 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3875}
3876
aab33094 3877/* XXX: optimize */
c227f099 3878void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 3879{
3880 uint8_t v = val;
3881 cpu_physical_memory_write(addr, &v, 1);
3882}
3883
733f0b02 3884/* warning: addr must be aligned */
1e78bcc1
AG		 3885static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
3886 enum device_endian endian)
aab33094 3887{
733f0b02 3888 uint8_t *ptr;
f3705d53 3889 MemoryRegionSection *section;
733f0b02 3890
06ef3525 3891 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3892
f3705d53 3893 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3894 addr = memory_region_section_addr(section, addr);
f3705d53 3895 if (memory_region_is_ram(section->mr)) {
37ec01d4 3896 section = &phys_sections[phys_section_rom];
06ef3525 3897 }
1e78bcc1
AG		 3898#if defined(TARGET_WORDS_BIGENDIAN)
3899 if (endian == DEVICE_LITTLE_ENDIAN) {
3900 val = bswap16(val);
3901 }
3902#else
3903 if (endian == DEVICE_BIG_ENDIAN) {
3904 val = bswap16(val);
3905 }
3906#endif
37ec01d4 3907 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 3908 } else {
3909 unsigned long addr1;
f3705d53 3910 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3911 + memory_region_section_addr(section, addr);
733f0b02
MT		 3912 /* RAM case */
3913 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3914 switch (endian) {
3915 case DEVICE_LITTLE_ENDIAN:
3916 stw_le_p(ptr, val);
3917 break;
3918 case DEVICE_BIG_ENDIAN:
3919 stw_be_p(ptr, val);
3920 break;
3921 default:
3922 stw_p(ptr, val);
3923 break;
3924 }
51d7a9eb 3925 invalidate_and_set_dirty(addr1, 2);
733f0b02 3926 }
aab33094
FB		 3927}
3928
1e78bcc1
AG		 3929void stw_phys(target_phys_addr_t addr, uint32_t val)
3930{
3931 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3932}
3933
3934void stw_le_phys(target_phys_addr_t addr, uint32_t val)
3935{
3936 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3937}
3938
3939void stw_be_phys(target_phys_addr_t addr, uint32_t val)
3940{
3941 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3942}
3943
aab33094 3944/* XXX: optimize */
c227f099 3945void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 3946{
3947 val = tswap64(val);
71d2b725 3948 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 3949}
3950
1e78bcc1
AG		 3951void stq_le_phys(target_phys_addr_t addr, uint64_t val)
3952{
3953 val = cpu_to_le64(val);
3954 cpu_physical_memory_write(addr, &val, 8);
3955}
3956
3957void stq_be_phys(target_phys_addr_t addr, uint64_t val)
3958{
3959 val = cpu_to_be64(val);
3960 cpu_physical_memory_write(addr, &val, 8);
3961}
3962
5e2972fd 3963/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 3964int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 3965 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3966{
3967 int l;
c227f099 3968 target_phys_addr_t phys_addr;
9b3c35e0 3969 target_ulong page;
13eb76e0
FB		 3970
3971 while (len > 0) {
3972 page = addr & TARGET_PAGE_MASK;
3973 phys_addr = cpu_get_phys_page_debug(env, page);
3974 /* if no physical page mapped, return an error */
3975 if (phys_addr == -1)
3976 return -1;
3977 l = (page + TARGET_PAGE_SIZE) - addr;
3978 if (l > len)
3979 l = len;
5e2972fd 3980 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 3981 if (is_write)
3982 cpu_physical_memory_write_rom(phys_addr, buf, l);
3983 else
5e2972fd 3984 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 3985 len -= l;
3986 buf += l;
3987 addr += l;
3988 }
3989 return 0;
3990}
a68fe89c 3991#endif
13eb76e0 3992
2e70f6ef
PB		 3993/* in deterministic execution mode, instructions doing device I/Os
3994 must be at the end of the TB */
20503968 3995void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 3996{
3997 TranslationBlock *tb;
3998 uint32_t n, cflags;
3999 target_ulong pc, cs_base;
4000 uint64_t flags;
4001
20503968 4002 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4003 if (!tb) {
4004 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4005 (void *)retaddr);
2e70f6ef
PB		 4006 }
4007 n = env->icount_decr.u16.low + tb->icount;
20503968 4008 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4009 /* Calculate how many instructions had been executed before the fault
bf20dc07 4010 occurred. */
2e70f6ef
PB		 4011 n = n - env->icount_decr.u16.low;
4012 /* Generate a new TB ending on the I/O insn. */
4013 n++;
4014 /* On MIPS and SH, delay slot instructions can only be restarted if
4015 they were already the first instruction in the TB. If this is not
bf20dc07 4016 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4017 branch. */
4018#if defined(TARGET_MIPS)
4019 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4020 env->active_tc.PC -= 4;
4021 env->icount_decr.u16.low++;
4022 env->hflags &= ~MIPS_HFLAG_BMASK;
4023 }
4024#elif defined(TARGET_SH4)
4025 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4026 && n > 1) {
4027 env->pc -= 2;
4028 env->icount_decr.u16.low++;
4029 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4030 }
4031#endif
4032 /* This should never happen. */
4033 if (n > CF_COUNT_MASK)
4034 cpu_abort(env, "TB too big during recompile");
4035
4036 cflags = n | CF_LAST_IO;
4037 pc = tb->pc;
4038 cs_base = tb->cs_base;
4039 flags = tb->flags;
4040 tb_phys_invalidate(tb, -1);
4041 /* FIXME: In theory this could raise an exception. In practice
4042 we have already translated the block once so it's probably ok. */
4043 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4044 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4045 the first in the TB) then we end up generating a whole new TB and
4046 repeating the fault, which is horribly inefficient.
4047 Better would be to execute just this insn uncached, or generate a
4048 second new TB. */
4049 cpu_resume_from_signal(env, NULL);
4050}
4051
b3755a91
PB		 4052#if !defined(CONFIG_USER_ONLY)
4053
055403b2 4054void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4055{
4056 int i, target_code_size, max_target_code_size;
4057 int direct_jmp_count, direct_jmp2_count, cross_page;
4058 TranslationBlock *tb;
3b46e624 4059
e3db7226
FB		 4060 target_code_size = 0;
4061 max_target_code_size = 0;
4062 cross_page = 0;
4063 direct_jmp_count = 0;
4064 direct_jmp2_count = 0;
4065 for(i = 0; i < nb_tbs; i++) {
4066 tb = &tbs[i];
4067 target_code_size += tb->size;
4068 if (tb->size > max_target_code_size)
4069 max_target_code_size = tb->size;
4070 if (tb->page_addr[1] != -1)
4071 cross_page++;
4072 if (tb->tb_next_offset[0] != 0xffff) {
4073 direct_jmp_count++;
4074 if (tb->tb_next_offset[1] != 0xffff) {
4075 direct_jmp2_count++;
4076 }
4077 }
4078 }
4079 /* XXX: avoid using doubles ? */
57fec1fe 4080 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4081 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4082 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4083 cpu_fprintf(f, "TB count %d/%d\n",
4084 nb_tbs, code_gen_max_blocks);
5fafdf24 4085 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4086 nb_tbs ? target_code_size / nb_tbs : 0,
4087 max_target_code_size);
055403b2 4088 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4089 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4090 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4091 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4092 cross_page,
e3db7226
FB		 4093 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4094 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4095 direct_jmp_count,
e3db7226
FB		 4096 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4097 direct_jmp2_count,
4098 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4099 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4100 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4101 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4102 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4103 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4104}
4105
82afa586
BH		 4106/*
4107 * A helper function for the _utterly broken_ virtio device model to find out if
4108 * it's running on a big endian machine. Don't do this at home kids!
4109 */
4110bool virtio_is_big_endian(void);
4111bool virtio_is_big_endian(void)
4112{
4113#if defined(TARGET_WORDS_BIGENDIAN)
4114 return true;
4115#else
4116 return false;
4117#endif
4118}
4119
61382a50 4120#endif
76f35538
WC		 4121
4122#ifndef CONFIG_USER_ONLY
4123bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4124{
4125 MemoryRegionSection *section;
4126
4127 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4128
4129 return !(memory_region_is_ram(section->mr) ||
4130 memory_region_is_romd(section->mr));
4131}
4132#endif
QEMU mirror