]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rename target_phys_addr_t to hwaddr
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
7762c2c1 62#include "memory-internal.h"
67d95c15 63
fd6ce8f6 64//#define DEBUG_TB_INVALIDATE
66e85a21 65//#define DEBUG_FLUSH
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24 69//#define DEBUG_TB_CHECK
fd6ce8f6 70
1196be37 71//#define DEBUG_IOPORT
db7b5426 72//#define DEBUG_SUBPAGE
1196be37 73
99773bd4
PB		 74#if !defined(CONFIG_USER_ONLY)
75/* TB consistency checks only implemented for usermode emulation. */
76#undef DEBUG_TB_CHECK
77#endif
78
9fa3e853
FB		 79#define SMC_BITMAP_USE_THRESHOLD 10
80
bdaf78e0 81static TranslationBlock *tbs;
24ab68ac 82static int code_gen_max_blocks;
9fa3e853 83TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 84static int nb_tbs;
eb51d102 85/* any access to the tbs or the page table must use this lock */
c227f099 86spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 87
4438c8a9 88uint8_t *code_gen_prologue;
bdaf78e0 89static uint8_t *code_gen_buffer;
f1bc0bcc 90static size_t code_gen_buffer_size;
26a5f13b 91/* threshold to flush the translated code buffer */
f1bc0bcc 92static size_t code_gen_buffer_max_size;
24ab68ac 93static uint8_t *code_gen_ptr;
fd6ce8f6 94
e2eef170 95#if !defined(CONFIG_USER_ONLY)
9fa3e853 96int phys_ram_fd;
74576198 97static int in_migration;
94a6b54f 98
85d59fef 99RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 100
101static MemoryRegion *system_memory;
309cb471 102static MemoryRegion *system_io;
62152b8a 103
f6790af6
AK		 104AddressSpace address_space_io;
105AddressSpace address_space_memory;
2673a5da 106
0e0df1e2 107MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 108static MemoryRegion io_mem_subpage_ram;
0e0df1e2 109
e2eef170 110#endif
9fa3e853 111
9349b4f9 112CPUArchState *first_cpu;
6a00d601
FB		 113/* current CPU in the current thread. It is only valid inside
114 cpu_exec() */
9349b4f9 115DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 116/* 0 = Do not count executed instructions.
bf20dc07 117 1 = Precise instruction counting.
2e70f6ef
PB		 118 2 = Adaptive rate instruction counting. */
119int use_icount = 0;
6a00d601 120
54936004 121typedef struct PageDesc {
92e873b9 122 /* list of TBs intersecting this ram page */
fd6ce8f6 123 TranslationBlock *first_tb;
9fa3e853
FB		 124 /* in order to optimize self modifying code, we count the number
125 of lookups we do to a given page to use a bitmap */
126 unsigned int code_write_count;
127 uint8_t *code_bitmap;
128#if defined(CONFIG_USER_ONLY)
129 unsigned long flags;
130#endif
54936004
FB		 131} PageDesc;
132
41c1b1c9 133/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 134 while in user mode we want it to be based on virtual addresses. */
135#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 136#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
137# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
138#else
5cd2c5b6 139# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 140#endif
bedb69ea 141#else
5cd2c5b6 142# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 143#endif
54936004 144
5cd2c5b6
RH		 145/* Size of the L2 (and L3, etc) page tables. */
146#define L2_BITS 10
54936004
FB		 147#define L2_SIZE (1 << L2_BITS)
148
3eef53df
AK		 149#define P_L2_LEVELS \
150 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
151
5cd2c5b6 152/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 153#define V_L1_BITS_REM \
154 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
155
5cd2c5b6
RH		 156#if V_L1_BITS_REM < 4
157#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
158#else
159#define V_L1_BITS V_L1_BITS_REM
160#endif
161
5cd2c5b6
RH		 162#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
163
5cd2c5b6
RH		 164#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
165
c6d50674
SW		 166uintptr_t qemu_real_host_page_size;
167uintptr_t qemu_host_page_size;
168uintptr_t qemu_host_page_mask;
54936004 169
5cd2c5b6
RH		 170/* This is a multi-level map on the virtual address space.
171 The bottom level has pointers to PageDesc. */
172static void *l1_map[V_L1_SIZE];
54936004 173
e2eef170 174#if !defined(CONFIG_USER_ONLY)
4346ae3e 175
5312bd8b
AK		 176static MemoryRegionSection *phys_sections;
177static unsigned phys_sections_nb, phys_sections_nb_alloc;
178static uint16_t phys_section_unassigned;
aa102231
AK		 179static uint16_t phys_section_notdirty;
180static uint16_t phys_section_rom;
181static uint16_t phys_section_watch;
5312bd8b 182
d6f2ea22
AK		 183/* Simple allocator for PhysPageEntry nodes */
184static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
185static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
186
07f07b31 187#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 188
e2eef170 189static void io_mem_init(void);
62152b8a 190static void memory_map_init(void);
e2eef170 191
1ec9b909 192static MemoryRegion io_mem_watch;
6658ffb8 193#endif
33417e70 194
e3db7226 195/* statistics */
e3db7226
FB		 196static int tb_flush_count;
197static int tb_phys_invalidate_count;
198
7cb69cae 199#ifdef _WIN32
4438c8a9 200static inline void map_exec(void *addr, long size)
7cb69cae
FB		 201{
202 DWORD old_protect;
203 VirtualProtect(addr, size,
204 PAGE_EXECUTE_READWRITE, &old_protect);
205
206}
207#else
4438c8a9 208static inline void map_exec(void *addr, long size)
7cb69cae 209{
4369415f 210 unsigned long start, end, page_size;
7cb69cae 211
4369415f 212 page_size = getpagesize();
7cb69cae 213 start = (unsigned long)addr;
4369415f 214 start &= ~(page_size - 1);
7cb69cae
FB		 215
216 end = (unsigned long)addr + size;
4369415f
FB		 217 end += page_size - 1;
218 end &= ~(page_size - 1);
7cb69cae
FB		 219
220 mprotect((void *)start, end - start,
221 PROT_READ | PROT_WRITE | PROT_EXEC);
222}
223#endif
224
b346ff46 225static void page_init(void)
54936004 226{
83fb7adf 227 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 228 TARGET_PAGE_SIZE */
c2b48b69
AL		 229#ifdef _WIN32
230 {
231 SYSTEM_INFO system_info;
232
233 GetSystemInfo(&system_info);
234 qemu_real_host_page_size = system_info.dwPageSize;
235 }
236#else
237 qemu_real_host_page_size = getpagesize();
238#endif
83fb7adf
FB		 239 if (qemu_host_page_size == 0)
240 qemu_host_page_size = qemu_real_host_page_size;
241 if (qemu_host_page_size < TARGET_PAGE_SIZE)
242 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 243 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 244
2e9a5713 245#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 246 {
f01576f1
JL		 247#ifdef HAVE_KINFO_GETVMMAP
248 struct kinfo_vmentry *freep;
249 int i, cnt;
250
251 freep = kinfo_getvmmap(getpid(), &cnt);
252 if (freep) {
253 mmap_lock();
254 for (i = 0; i < cnt; i++) {
255 unsigned long startaddr, endaddr;
256
257 startaddr = freep[i].kve_start;
258 endaddr = freep[i].kve_end;
259 if (h2g_valid(startaddr)) {
260 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
261
262 if (h2g_valid(endaddr)) {
263 endaddr = h2g(endaddr);
fd436907 264 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 265 } else {
266#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
267 endaddr = ~0ul;
fd436907 268 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 269#endif
270 }
271 }
272 }
273 free(freep);
274 mmap_unlock();
275 }
276#else
50a9569b 277 FILE *f;
50a9569b 278
0776590d 279 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 280
fd436907 281 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 282 if (f) {
5cd2c5b6
RH		 283 mmap_lock();
284
50a9569b 285 do {
5cd2c5b6
RH		 286 unsigned long startaddr, endaddr;
287 int n;
288
289 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
290
291 if (n == 2 && h2g_valid(startaddr)) {
292 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
293
294 if (h2g_valid(endaddr)) {
295 endaddr = h2g(endaddr);
296 } else {
297 endaddr = ~0ul;
298 }
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 300 }
301 } while (!feof(f));
5cd2c5b6 302
50a9569b 303 fclose(f);
5cd2c5b6 304 mmap_unlock();
50a9569b 305 }
f01576f1 306#endif
50a9569b
AZ		 307 }
308#endif
54936004
FB		 309}
310
41c1b1c9 311static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 312{
41c1b1c9
PB		 313 PageDesc *pd;
314 void **lp;
315 int i;
316
5cd2c5b6 317#if defined(CONFIG_USER_ONLY)
7267c094 318 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 319# define ALLOC(P, SIZE) \
320 do { \
321 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
322 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 323 } while (0)
324#else
325# define ALLOC(P, SIZE) \
7267c094 326 do { P = g_malloc0(SIZE); } while (0)
17e2377a 327#endif
434929bf 328
5cd2c5b6
RH		 329 /* Level 1. Always allocated. */
330 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
331
332 /* Level 2..N-1. */
333 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
334 void **p = *lp;
335
336 if (p == NULL) {
337 if (!alloc) {
338 return NULL;
339 }
340 ALLOC(p, sizeof(void *) * L2_SIZE);
341 *lp = p;
17e2377a 342 }
5cd2c5b6
RH		 343
344 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
345 }
346
347 pd = *lp;
348 if (pd == NULL) {
349 if (!alloc) {
350 return NULL;
351 }
352 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
353 *lp = pd;
54936004 354 }
5cd2c5b6
RH		 355
356#undef ALLOC
5cd2c5b6
RH		 357
358 return pd + (index & (L2_SIZE - 1));
54936004
FB		 359}
360
41c1b1c9 361static inline PageDesc *page_find(tb_page_addr_t index)
54936004 362{
5cd2c5b6 363 return page_find_alloc(index, 0);
fd6ce8f6
FB		 364}
365
6d9a1304 366#if !defined(CONFIG_USER_ONLY)
d6f2ea22 367
f7bf5461 368static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 369{
f7bf5461 370 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 371 typedef PhysPageEntry Node[L2_SIZE];
372 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 373 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
374 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 375 phys_map_nodes = g_renew(Node, phys_map_nodes,
376 phys_map_nodes_nb_alloc);
377 }
f7bf5461
AK		 378}
379
380static uint16_t phys_map_node_alloc(void)
381{
382 unsigned i;
383 uint16_t ret;
384
385 ret = phys_map_nodes_nb++;
386 assert(ret != PHYS_MAP_NODE_NIL);
387 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 388 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 389 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 390 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 391 }
f7bf5461 392 return ret;
d6f2ea22
AK		 393}
394
395static void phys_map_nodes_reset(void)
396{
397 phys_map_nodes_nb = 0;
398}
399
92e873b9 400
a8170e5e
AK		 401static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
402 hwaddr *nb, uint16_t leaf,
2999097b 403 int level)
f7bf5461
AK		 404{
405 PhysPageEntry *p;
406 int i;
a8170e5e 407 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 408
07f07b31 409 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 410 lp->ptr = phys_map_node_alloc();
411 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 412 if (level == 0) {
413 for (i = 0; i < L2_SIZE; i++) {
07f07b31 414 p[i].is_leaf = 1;
c19e8800 415 p[i].ptr = phys_section_unassigned;
4346ae3e 416 }
67c4d23c 417 }
f7bf5461 418 } else {
c19e8800 419 p = phys_map_nodes[lp->ptr];
92e873b9 420 }
2999097b 421 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 422
2999097b 423 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 424 if ((*index & (step - 1)) == 0 && *nb >= step) {
425 lp->is_leaf = true;
c19e8800 426 lp->ptr = leaf;
07f07b31
AK		 427 *index += step;
428 *nb -= step;
2999097b
AK		 429 } else {
430 phys_page_set_level(lp, index, nb, leaf, level - 1);
431 }
432 ++lp;
f7bf5461
AK		 433 }
434}
435
ac1970fb 436static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 437 hwaddr index, hwaddr nb,
2999097b 438 uint16_t leaf)
f7bf5461 439{
2999097b 440 /* Wildly overreserve - it doesn't matter much. */
07f07b31 441 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 442
ac1970fb 443 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 444}
445
a8170e5e 446MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 447{
ac1970fb 448 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 449 PhysPageEntry *p;
450 int i;
31ab2b4a 451 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 452
07f07b31 453 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 454 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 455 goto not_found;
456 }
c19e8800 457 p = phys_map_nodes[lp.ptr];
31ab2b4a 458 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 459 }
31ab2b4a 460
c19e8800 461 s_index = lp.ptr;
31ab2b4a 462not_found:
f3705d53
AK		 463 return &phys_sections[s_index];
464}
465
e5548617
BS		 466bool memory_region_is_unassigned(MemoryRegion *mr)
467{
468 return mr != &io_mem_ram && mr != &io_mem_rom
469 && mr != &io_mem_notdirty && !mr->rom_device
470 && mr != &io_mem_watch;
471}
472
c8a706fe
PB		 473#define mmap_lock() do { } while(0)
474#define mmap_unlock() do { } while(0)
9fa3e853 475#endif
fd6ce8f6 476
4369415f 477#if defined(CONFIG_USER_ONLY)
ccbb4d44 478/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 479 user mode. It will change when a dedicated libc will be used. */
480/* ??? 64-bit hosts ought to have no problem mmaping data outside the
481 region in which the guest needs to run. Revisit this. */
4369415f
FB		 482#define USE_STATIC_CODE_GEN_BUFFER
483#endif
484
f1bc0bcc
RH		 485/* ??? Should configure for this, not list operating systems here. */
486#if (defined(__linux__) \
487 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
488 || defined(__DragonFly__) || defined(__OpenBSD__) \
489 || defined(__NetBSD__))
490# define USE_MMAP
4369415f
FB		 491#endif
492
74d590c8
RH		 493/* Minimum size of the code gen buffer. This number is randomly chosen,
494 but not so small that we can't have a fair number of TB's live. */
495#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
496
f1bc0bcc
RH		 497/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
498 indicated, this is constrained by the range of direct branches on the
499 host cpu, as used by the TCG implementation of goto_tb. */
500#if defined(__x86_64__)
501# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
502#elif defined(__sparc__)
503# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504#elif defined(__arm__)
505# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
506#elif defined(__s390x__)
507 /* We have a +- 4GB range on the branches; leave some slop. */
508# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
509#else
510# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
511#endif
512
3d85a72f
RH		 513#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
514
515#define DEFAULT_CODE_GEN_BUFFER_SIZE \
516 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
517 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 518
519static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 520{
f1bc0bcc
RH		 521 /* Size the buffer. */
522 if (tb_size == 0) {
4369415f 523#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 524 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 525#else
f1bc0bcc
RH		 526 /* ??? Needs adjustments. */
527 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
528 static buffer, we could size this on RESERVED_VA, on the text
529 segment size of the executable, or continue to use the default. */
530 tb_size = (unsigned long)(ram_size / 4);
4369415f 531#endif
26a5f13b 532 }
f1bc0bcc
RH		 533 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
534 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 535 }
f1bc0bcc
RH		 536 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
537 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 538 }
f1bc0bcc
RH		 539 code_gen_buffer_size = tb_size;
540 return tb_size;
541}
542
543#ifdef USE_STATIC_CODE_GEN_BUFFER
544static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
545 __attribute__((aligned(CODE_GEN_ALIGN)));
546
547static inline void *alloc_code_gen_buffer(void)
548{
549 map_exec(static_code_gen_buffer, code_gen_buffer_size);
550 return static_code_gen_buffer;
551}
552#elif defined(USE_MMAP)
553static inline void *alloc_code_gen_buffer(void)
554{
555 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
556 uintptr_t start = 0;
557 void *buf;
558
559 /* Constrain the position of the buffer based on the host cpu.
560 Note that these addresses are chosen in concert with the
561 addresses assigned in the relevant linker script file. */
405def18
RH		 562# if defined(__PIE__) || defined(__PIC__)
563 /* Don't bother setting a preferred location if we're building
564 a position-independent executable. We're more likely to get
565 an address near the main executable if we let the kernel
566 choose the address. */
567# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 568 /* Force the memory down into low memory with the executable.
569 Leave the choice of exact location with the kernel. */
570 flags |= MAP_32BIT;
571 /* Cannot expect to map more than 800MB in low memory. */
572 if (code_gen_buffer_size > 800u * 1024 * 1024) {
573 code_gen_buffer_size = 800u * 1024 * 1024;
574 }
575# elif defined(__sparc__)
576 start = 0x40000000ul;
577# elif defined(__s390x__)
578 start = 0x90000000ul;
579# endif
580
581 buf = mmap((void *)start, code_gen_buffer_size,
582 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
583 return buf == MAP_FAILED ? NULL : buf;
584}
26a5f13b 585#else
f1bc0bcc
RH		 586static inline void *alloc_code_gen_buffer(void)
587{
588 void *buf = g_malloc(code_gen_buffer_size);
589 if (buf) {
590 map_exec(buf, code_gen_buffer_size);
591 }
592 return buf;
593}
594#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
595
596static inline void code_gen_alloc(size_t tb_size)
597{
598 code_gen_buffer_size = size_code_gen_buffer(tb_size);
599 code_gen_buffer = alloc_code_gen_buffer();
600 if (code_gen_buffer == NULL) {
601 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
602 exit(1);
603 }
604
4438c8a9
RH		 605 /* Steal room for the prologue at the end of the buffer. This ensures
606 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
607 from TB's to the prologue are going to be in range. It also means
608 that we don't need to mark (additional) portions of the data segment
609 as executable. */
610 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
611 code_gen_buffer_size -= 1024;
612
a884da8a
PM		 613 code_gen_buffer_max_size = code_gen_buffer_size -
614 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 615 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 616 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 617}
618
619/* Must be called before using the QEMU cpus. 'tb_size' is the size
620 (in bytes) allocated to the translation buffer. Zero means default
621 size. */
d5ab9713 622void tcg_exec_init(unsigned long tb_size)
26a5f13b 623{
26a5f13b
FB		 624 cpu_gen_init();
625 code_gen_alloc(tb_size);
626 code_gen_ptr = code_gen_buffer;
813da627 627 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 628 page_init();
9002ec79
RH		 629#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
630 /* There's no guest base to take into account, so go ahead and
631 initialize the prologue now. */
632 tcg_prologue_init(&tcg_ctx);
633#endif
26a5f13b
FB		 634}
635
d5ab9713
JK		 636bool tcg_enabled(void)
637{
638 return code_gen_buffer != NULL;
639}
640
641void cpu_exec_init_all(void)
642{
643#if !defined(CONFIG_USER_ONLY)
644 memory_map_init();
645 io_mem_init();
646#endif
647}
648
9656f324
PB		 649#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
650
e59fb374 651static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 652{
9349b4f9 653 CPUArchState *env = opaque;
9656f324 654
3098dba0
AJ		 655 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
656 version_id is increased. */
657 env->interrupt_request &= ~0x01;
9656f324
PB		 658 tlb_flush(env, 1);
659
660 return 0;
661}
e7f4eff7
JQ		 662
663static const VMStateDescription vmstate_cpu_common = {
664 .name = "cpu_common",
665 .version_id = 1,
666 .minimum_version_id = 1,
667 .minimum_version_id_old = 1,
e7f4eff7
JQ		 668 .post_load = cpu_common_post_load,
669 .fields = (VMStateField []) {
9349b4f9
AF		 670 VMSTATE_UINT32(halted, CPUArchState),
671 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 672 VMSTATE_END_OF_LIST()
673 }
674};
9656f324
PB		 675#endif
676
9349b4f9 677CPUArchState *qemu_get_cpu(int cpu)
950f1472 678{
9349b4f9 679 CPUArchState *env = first_cpu;
950f1472
GC		 680
681 while (env) {
682 if (env->cpu_index == cpu)
683 break;
684 env = env->next_cpu;
685 }
686
687 return env;
688}
689
9349b4f9 690void cpu_exec_init(CPUArchState *env)
fd6ce8f6 691{
9349b4f9 692 CPUArchState **penv;
6a00d601
FB		 693 int cpu_index;
694
c2764719
PB		 695#if defined(CONFIG_USER_ONLY)
696 cpu_list_lock();
697#endif
6a00d601
FB		 698 env->next_cpu = NULL;
699 penv = &first_cpu;
700 cpu_index = 0;
701 while (*penv != NULL) {
1e9fa730 702 penv = &(*penv)->next_cpu;
6a00d601
FB		 703 cpu_index++;
704 }
705 env->cpu_index = cpu_index;
268a362c 706 env->numa_node = 0;
72cf2d4f
BS		 707 QTAILQ_INIT(&env->breakpoints);
708 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 709#ifndef CONFIG_USER_ONLY
710 env->thread_id = qemu_get_thread_id();
711#endif
6a00d601 712 *penv = env;
c2764719
PB		 713#if defined(CONFIG_USER_ONLY)
714 cpu_list_unlock();
715#endif
b3c7724c 716#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 717 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
718 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 719 cpu_save, cpu_load, env);
720#endif
fd6ce8f6
FB		 721}
722
d1a1eb74
TG		 723/* Allocate a new translation block. Flush the translation buffer if
724 too many translation blocks or too much generated code. */
725static TranslationBlock *tb_alloc(target_ulong pc)
726{
727 TranslationBlock *tb;
728
729 if (nb_tbs >= code_gen_max_blocks ||
730 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
731 return NULL;
732 tb = &tbs[nb_tbs++];
733 tb->pc = pc;
734 tb->cflags = 0;
735 return tb;
736}
737
738void tb_free(TranslationBlock *tb)
739{
740 /* In practice this is mostly used for single use temporary TB
741 Ignore the hard cases and just back up if this TB happens to
742 be the last one generated. */
743 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
744 code_gen_ptr = tb->tc_ptr;
745 nb_tbs--;
746 }
747}
748
9fa3e853
FB		 749static inline void invalidate_page_bitmap(PageDesc *p)
750{
751 if (p->code_bitmap) {
7267c094 752 g_free(p->code_bitmap);
9fa3e853
FB		 753 p->code_bitmap = NULL;
754 }
755 p->code_write_count = 0;
756}
757
5cd2c5b6
RH		 758/* Set to NULL all the 'first_tb' fields in all PageDescs. */
759
760static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 761{
5cd2c5b6 762 int i;
fd6ce8f6 763
5cd2c5b6
RH		 764 if (*lp == NULL) {
765 return;
766 }
767 if (level == 0) {
768 PageDesc *pd = *lp;
7296abac 769 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 770 pd[i].first_tb = NULL;
771 invalidate_page_bitmap(pd + i);
fd6ce8f6 772 }
5cd2c5b6
RH		 773 } else {
774 void **pp = *lp;
7296abac 775 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 776 page_flush_tb_1 (level - 1, pp + i);
777 }
778 }
779}
780
781static void page_flush_tb(void)
782{
783 int i;
784 for (i = 0; i < V_L1_SIZE; i++) {
785 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 786 }
787}
788
789/* flush all the translation blocks */
d4e8164f 790/* XXX: tb_flush is currently not thread safe */
9349b4f9 791void tb_flush(CPUArchState *env1)
fd6ce8f6 792{
9349b4f9 793 CPUArchState *env;
0124311e 794#if defined(DEBUG_FLUSH)
ab3d1727
BS		 795 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
796 (unsigned long)(code_gen_ptr - code_gen_buffer),
797 nb_tbs, nb_tbs > 0 ?
798 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 799#endif
26a5f13b 800 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 801 cpu_abort(env1, "Internal error: code buffer overflow\n");
802
fd6ce8f6 803 nb_tbs = 0;
3b46e624 804
6a00d601
FB		 805 for(env = first_cpu; env != NULL; env = env->next_cpu) {
806 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
807 }
9fa3e853 808
8a8a608f 809 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 810 page_flush_tb();
9fa3e853 811
fd6ce8f6 812 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 813 /* XXX: flush processor icache at this point if cache flush is
814 expensive */
e3db7226 815 tb_flush_count++;
fd6ce8f6
FB		 816}
817
818#ifdef DEBUG_TB_CHECK
819
bc98a7ef 820static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 821{
822 TranslationBlock *tb;
823 int i;
824 address &= TARGET_PAGE_MASK;
99773bd4
PB		 825 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
826 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 827 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
828 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 829 printf("ERROR invalidate: address=" TARGET_FMT_lx
830 " PC=%08lx size=%04x\n",
99773bd4 831 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 832 }
833 }
834 }
835}
836
837/* verify that all the pages have correct rights for code */
838static void tb_page_check(void)
839{
840 TranslationBlock *tb;
841 int i, flags1, flags2;
3b46e624 842
99773bd4
PB		 843 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
844 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 845 flags1 = page_get_flags(tb->pc);
846 flags2 = page_get_flags(tb->pc + tb->size - 1);
847 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
848 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 849 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 850 }
851 }
852 }
853}
854
855#endif
856
857/* invalidate one TB */
858static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
859 int next_offset)
860{
861 TranslationBlock *tb1;
862 for(;;) {
863 tb1 = *ptb;
864 if (tb1 == tb) {
865 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
866 break;
867 }
868 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
869 }
870}
871
9fa3e853
FB		 872static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
873{
874 TranslationBlock *tb1;
875 unsigned int n1;
876
877 for(;;) {
878 tb1 = *ptb;
8efe0ca8
SW		 879 n1 = (uintptr_t)tb1 & 3;
880 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 881 if (tb1 == tb) {
882 *ptb = tb1->page_next[n1];
883 break;
884 }
885 ptb = &tb1->page_next[n1];
886 }
887}
888
d4e8164f
FB		 889static inline void tb_jmp_remove(TranslationBlock *tb, int n)
890{
891 TranslationBlock *tb1, **ptb;
892 unsigned int n1;
893
894 ptb = &tb->jmp_next[n];
895 tb1 = *ptb;
896 if (tb1) {
897 /* find tb(n) in circular list */
898 for(;;) {
899 tb1 = *ptb;
8efe0ca8
SW		 900 n1 = (uintptr_t)tb1 & 3;
901 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 902 if (n1 == n && tb1 == tb)
903 break;
904 if (n1 == 2) {
905 ptb = &tb1->jmp_first;
906 } else {
907 ptb = &tb1->jmp_next[n1];
908 }
909 }
910 /* now we can suppress tb(n) from the list */
911 *ptb = tb->jmp_next[n];
912
913 tb->jmp_next[n] = NULL;
914 }
915}
916
917/* reset the jump entry 'n' of a TB so that it is not chained to
918 another TB */
919static inline void tb_reset_jump(TranslationBlock *tb, int n)
920{
8efe0ca8 921 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 922}
923
41c1b1c9 924void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 925{
9349b4f9 926 CPUArchState *env;
8a40a180 927 PageDesc *p;
d4e8164f 928 unsigned int h, n1;
41c1b1c9 929 tb_page_addr_t phys_pc;
8a40a180 930 TranslationBlock *tb1, *tb2;
3b46e624 931
8a40a180
FB		 932 /* remove the TB from the hash list */
933 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
934 h = tb_phys_hash_func(phys_pc);
5fafdf24 935 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 936 offsetof(TranslationBlock, phys_hash_next));
937
938 /* remove the TB from the page list */
939 if (tb->page_addr[0] != page_addr) {
940 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
941 tb_page_remove(&p->first_tb, tb);
942 invalidate_page_bitmap(p);
943 }
944 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
945 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
946 tb_page_remove(&p->first_tb, tb);
947 invalidate_page_bitmap(p);
948 }
949
36bdbe54 950 tb_invalidated_flag = 1;
59817ccb 951
fd6ce8f6 952 /* remove the TB from the hash list */
8a40a180 953 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 954 for(env = first_cpu; env != NULL; env = env->next_cpu) {
955 if (env->tb_jmp_cache[h] == tb)
956 env->tb_jmp_cache[h] = NULL;
957 }
d4e8164f
FB		 958
959 /* suppress this TB from the two jump lists */
960 tb_jmp_remove(tb, 0);
961 tb_jmp_remove(tb, 1);
962
963 /* suppress any remaining jumps to this TB */
964 tb1 = tb->jmp_first;
965 for(;;) {
8efe0ca8 966 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 967 if (n1 == 2)
968 break;
8efe0ca8 969 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 970 tb2 = tb1->jmp_next[n1];
971 tb_reset_jump(tb1, n1);
972 tb1->jmp_next[n1] = NULL;
973 tb1 = tb2;
974 }
8efe0ca8 975 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 976
e3db7226 977 tb_phys_invalidate_count++;
9fa3e853
FB		 978}
979
980static inline void set_bits(uint8_t *tab, int start, int len)
981{
982 int end, mask, end1;
983
984 end = start + len;
985 tab += start >> 3;
986 mask = 0xff << (start & 7);
987 if ((start & ~7) == (end & ~7)) {
988 if (start < end) {
989 mask &= ~(0xff << (end & 7));
990 *tab |= mask;
991 }
992 } else {
993 *tab++ |= mask;
994 start = (start + 8) & ~7;
995 end1 = end & ~7;
996 while (start < end1) {
997 *tab++ = 0xff;
998 start += 8;
999 }
1000 if (start < end) {
1001 mask = ~(0xff << (end & 7));
1002 *tab |= mask;
1003 }
1004 }
1005}
1006
1007static void build_page_bitmap(PageDesc *p)
1008{
1009 int n, tb_start, tb_end;
1010 TranslationBlock *tb;
3b46e624 1011
7267c094 1012 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1013
1014 tb = p->first_tb;
1015 while (tb != NULL) {
8efe0ca8
SW		 1016 n = (uintptr_t)tb & 3;
1017 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1018 /* NOTE: this is subtle as a TB may span two physical pages */
1019 if (n == 0) {
1020 /* NOTE: tb_end may be after the end of the page, but
1021 it is not a problem */
1022 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1023 tb_end = tb_start + tb->size;
1024 if (tb_end > TARGET_PAGE_SIZE)
1025 tb_end = TARGET_PAGE_SIZE;
1026 } else {
1027 tb_start = 0;
1028 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1029 }
1030 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1031 tb = tb->page_next[n];
1032 }
1033}
1034
9349b4f9 1035TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1036 target_ulong pc, target_ulong cs_base,
1037 int flags, int cflags)
d720b93d
FB		 1038{
1039 TranslationBlock *tb;
1040 uint8_t *tc_ptr;
41c1b1c9
PB		 1041 tb_page_addr_t phys_pc, phys_page2;
1042 target_ulong virt_page2;
d720b93d
FB		 1043 int code_gen_size;
1044
41c1b1c9 1045 phys_pc = get_page_addr_code(env, pc);
c27004ec 1046 tb = tb_alloc(pc);
d720b93d
FB		 1047 if (!tb) {
1048 /* flush must be done */
1049 tb_flush(env);
1050 /* cannot fail at this point */
c27004ec 1051 tb = tb_alloc(pc);
2e70f6ef
PB		 1052 /* Don't forget to invalidate previous TB info. */
1053 tb_invalidated_flag = 1;
d720b93d
FB		 1054 }
1055 tc_ptr = code_gen_ptr;
1056 tb->tc_ptr = tc_ptr;
1057 tb->cs_base = cs_base;
1058 tb->flags = flags;
1059 tb->cflags = cflags;
d07bde88 1060 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1061 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1062 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1063
d720b93d 1064 /* check next page if needed */
c27004ec 1065 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1066 phys_page2 = -1;
c27004ec 1067 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1068 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1069 }
41c1b1c9 1070 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1071 return tb;
d720b93d 1072}
3b46e624 1073
77a8f1a5 1074/*
8e0fdce3
JK		 1075 * Invalidate all TBs which intersect with the target physical address range
1076 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1077 * 'is_cpu_write_access' should be true if called from a real cpu write
1078 * access: the virtual CPU will exit the current TB if code is modified inside
1079 * this TB.
77a8f1a5
AG		 1080 */
1081void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1082 int is_cpu_write_access)
1083{
1084 while (start < end) {
1085 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1086 start &= TARGET_PAGE_MASK;
1087 start += TARGET_PAGE_SIZE;
1088 }
1089}
1090
8e0fdce3
JK		 1091/*
1092 * Invalidate all TBs which intersect with the target physical address range
1093 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1094 * 'is_cpu_write_access' should be true if called from a real cpu write
1095 * access: the virtual CPU will exit the current TB if code is modified inside
1096 * this TB.
1097 */
41c1b1c9 1098void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1099 int is_cpu_write_access)
1100{
6b917547 1101 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1102 CPUArchState *env = cpu_single_env;
41c1b1c9 1103 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1104 PageDesc *p;
1105 int n;
1106#ifdef TARGET_HAS_PRECISE_SMC
1107 int current_tb_not_found = is_cpu_write_access;
1108 TranslationBlock *current_tb = NULL;
1109 int current_tb_modified = 0;
1110 target_ulong current_pc = 0;
1111 target_ulong current_cs_base = 0;
1112 int current_flags = 0;
1113#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1114
1115 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1116 if (!p)
9fa3e853 1117 return;
5fafdf24 1118 if (!p->code_bitmap &&
d720b93d
FB		 1119 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1120 is_cpu_write_access) {
9fa3e853
FB		 1121 /* build code bitmap */
1122 build_page_bitmap(p);
1123 }
1124
1125 /* we remove all the TBs in the range [start, end[ */
1126 /* XXX: see if in some cases it could be faster to invalidate all the code */
1127 tb = p->first_tb;
1128 while (tb != NULL) {
8efe0ca8
SW		 1129 n = (uintptr_t)tb & 3;
1130 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1131 tb_next = tb->page_next[n];
1132 /* NOTE: this is subtle as a TB may span two physical pages */
1133 if (n == 0) {
1134 /* NOTE: tb_end may be after the end of the page, but
1135 it is not a problem */
1136 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1137 tb_end = tb_start + tb->size;
1138 } else {
1139 tb_start = tb->page_addr[1];
1140 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1141 }
1142 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1143#ifdef TARGET_HAS_PRECISE_SMC
1144 if (current_tb_not_found) {
1145 current_tb_not_found = 0;
1146 current_tb = NULL;
2e70f6ef 1147 if (env->mem_io_pc) {
d720b93d 1148 /* now we have a real cpu fault */
2e70f6ef 1149 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1150 }
1151 }
1152 if (current_tb == tb &&
2e70f6ef 1153 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1154 /* If we are modifying the current TB, we must stop
1155 its execution. We could be more precise by checking
1156 that the modification is after the current PC, but it
1157 would require a specialized function to partially
1158 restore the CPU state */
3b46e624 1159
d720b93d 1160 current_tb_modified = 1;
618ba8e6 1161 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1162 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1163 &current_flags);
d720b93d
FB		 1164 }
1165#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1166 /* we need to do that to handle the case where a signal
1167 occurs while doing tb_phys_invalidate() */
1168 saved_tb = NULL;
1169 if (env) {
1170 saved_tb = env->current_tb;
1171 env->current_tb = NULL;
1172 }
9fa3e853 1173 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1174 if (env) {
1175 env->current_tb = saved_tb;
1176 if (env->interrupt_request && env->current_tb)
1177 cpu_interrupt(env, env->interrupt_request);
1178 }
9fa3e853
FB		 1179 }
1180 tb = tb_next;
1181 }
1182#if !defined(CONFIG_USER_ONLY)
1183 /* if no code remaining, no need to continue to use slow writes */
1184 if (!p->first_tb) {
1185 invalidate_page_bitmap(p);
d720b93d 1186 if (is_cpu_write_access) {
2e70f6ef 1187 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1188 }
1189 }
1190#endif
1191#ifdef TARGET_HAS_PRECISE_SMC
1192 if (current_tb_modified) {
1193 /* we generate a block containing just the instruction
1194 modifying the memory. It will ensure that it cannot modify
1195 itself */
ea1c1802 1196 env->current_tb = NULL;
2e70f6ef 1197 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1198 cpu_resume_from_signal(env, NULL);
9fa3e853 1199 }
fd6ce8f6 1200#endif
9fa3e853 1201}
fd6ce8f6 1202
9fa3e853 1203/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1204static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1205{
1206 PageDesc *p;
1207 int offset, b;
59817ccb 1208#if 0
a4193c8a 1209 if (1) {
93fcfe39
AL		 1210 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1211 cpu_single_env->mem_io_vaddr, len,
1212 cpu_single_env->eip,
8efe0ca8
SW		 1213 cpu_single_env->eip +
1214 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1215 }
1216#endif
9fa3e853 1217 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1218 if (!p)
9fa3e853
FB		 1219 return;
1220 if (p->code_bitmap) {
1221 offset = start & ~TARGET_PAGE_MASK;
1222 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1223 if (b & ((1 << len) - 1))
1224 goto do_invalidate;
1225 } else {
1226 do_invalidate:
d720b93d 1227 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1228 }
1229}
1230
9fa3e853 1231#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1232static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1233 uintptr_t pc, void *puc)
9fa3e853 1234{
6b917547 1235 TranslationBlock *tb;
9fa3e853 1236 PageDesc *p;
6b917547 1237 int n;
d720b93d 1238#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1239 TranslationBlock *current_tb = NULL;
9349b4f9 1240 CPUArchState *env = cpu_single_env;
6b917547
AL		 1241 int current_tb_modified = 0;
1242 target_ulong current_pc = 0;
1243 target_ulong current_cs_base = 0;
1244 int current_flags = 0;
d720b93d 1245#endif
9fa3e853
FB		 1246
1247 addr &= TARGET_PAGE_MASK;
1248 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1249 if (!p)
9fa3e853
FB		 1250 return;
1251 tb = p->first_tb;
d720b93d
FB		 1252#ifdef TARGET_HAS_PRECISE_SMC
1253 if (tb && pc != 0) {
1254 current_tb = tb_find_pc(pc);
1255 }
1256#endif
9fa3e853 1257 while (tb != NULL) {
8efe0ca8
SW		 1258 n = (uintptr_t)tb & 3;
1259 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1260#ifdef TARGET_HAS_PRECISE_SMC
1261 if (current_tb == tb &&
2e70f6ef 1262 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1263 /* If we are modifying the current TB, we must stop
1264 its execution. We could be more precise by checking
1265 that the modification is after the current PC, but it
1266 would require a specialized function to partially
1267 restore the CPU state */
3b46e624 1268
d720b93d 1269 current_tb_modified = 1;
618ba8e6 1270 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1271 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1272 &current_flags);
d720b93d
FB		 1273 }
1274#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1275 tb_phys_invalidate(tb, addr);
1276 tb = tb->page_next[n];
1277 }
fd6ce8f6 1278 p->first_tb = NULL;
d720b93d
FB		 1279#ifdef TARGET_HAS_PRECISE_SMC
1280 if (current_tb_modified) {
1281 /* we generate a block containing just the instruction
1282 modifying the memory. It will ensure that it cannot modify
1283 itself */
ea1c1802 1284 env->current_tb = NULL;
2e70f6ef 1285 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1286 cpu_resume_from_signal(env, puc);
1287 }
1288#endif
fd6ce8f6 1289}
9fa3e853 1290#endif
fd6ce8f6
FB		 1291
1292/* add the tb in the target page and protect it if necessary */
5fafdf24 1293static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1294 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1295{
1296 PageDesc *p;
4429ab44
JQ		 1297#ifndef CONFIG_USER_ONLY
1298 bool page_already_protected;
1299#endif
9fa3e853
FB		 1300
1301 tb->page_addr[n] = page_addr;
5cd2c5b6 1302 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1303 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1304#ifndef CONFIG_USER_ONLY
1305 page_already_protected = p->first_tb != NULL;
1306#endif
8efe0ca8 1307 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1308 invalidate_page_bitmap(p);
fd6ce8f6 1309
107db443 1310#if defined(TARGET_HAS_SMC) || 1
d720b93d 1311
9fa3e853 1312#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1313 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1314 target_ulong addr;
1315 PageDesc *p2;
9fa3e853
FB		 1316 int prot;
1317
fd6ce8f6
FB		 1318 /* force the host page as non writable (writes will have a
1319 page fault + mprotect overhead) */
53a5960a 1320 page_addr &= qemu_host_page_mask;
fd6ce8f6 1321 prot = 0;
53a5960a
PB		 1322 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1323 addr += TARGET_PAGE_SIZE) {
1324
1325 p2 = page_find (addr >> TARGET_PAGE_BITS);
1326 if (!p2)
1327 continue;
1328 prot |= p2->flags;
1329 p2->flags &= ~PAGE_WRITE;
53a5960a 1330 }
5fafdf24 1331 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1332 (prot & PAGE_BITS) & ~PAGE_WRITE);
1333#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1334 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1335 page_addr);
fd6ce8f6 1336#endif
fd6ce8f6 1337 }
9fa3e853
FB		 1338#else
1339 /* if some code is already present, then the pages are already
1340 protected. So we handle the case where only the first TB is
1341 allocated in a physical page */
4429ab44 1342 if (!page_already_protected) {
6a00d601 1343 tlb_protect_code(page_addr);
9fa3e853
FB		 1344 }
1345#endif
d720b93d
FB		 1346
1347#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1348}
1349
9fa3e853
FB		 1350/* add a new TB and link it to the physical page tables. phys_page2 is
1351 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1352void tb_link_page(TranslationBlock *tb,
1353 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1354{
9fa3e853
FB		 1355 unsigned int h;
1356 TranslationBlock **ptb;
1357
c8a706fe
PB		 1358 /* Grab the mmap lock to stop another thread invalidating this TB
1359 before we are done. */
1360 mmap_lock();
9fa3e853
FB		 1361 /* add in the physical hash table */
1362 h = tb_phys_hash_func(phys_pc);
1363 ptb = &tb_phys_hash[h];
1364 tb->phys_hash_next = *ptb;
1365 *ptb = tb;
fd6ce8f6
FB		 1366
1367 /* add in the page list */
9fa3e853
FB		 1368 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1369 if (phys_page2 != -1)
1370 tb_alloc_page(tb, 1, phys_page2);
1371 else
1372 tb->page_addr[1] = -1;
9fa3e853 1373
8efe0ca8 1374 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1375 tb->jmp_next[0] = NULL;
1376 tb->jmp_next[1] = NULL;
1377
1378 /* init original jump addresses */
1379 if (tb->tb_next_offset[0] != 0xffff)
1380 tb_reset_jump(tb, 0);
1381 if (tb->tb_next_offset[1] != 0xffff)
1382 tb_reset_jump(tb, 1);
8a40a180
FB		 1383
1384#ifdef DEBUG_TB_CHECK
1385 tb_page_check();
1386#endif
c8a706fe 1387 mmap_unlock();
fd6ce8f6
FB		 1388}
1389
9fa3e853
FB		 1390/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1391 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1392TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1393{
9fa3e853 1394 int m_min, m_max, m;
8efe0ca8 1395 uintptr_t v;
9fa3e853 1396 TranslationBlock *tb;
a513fe19
FB		 1397
1398 if (nb_tbs <= 0)
1399 return NULL;
8efe0ca8
SW		 1400 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1401 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1402 return NULL;
8efe0ca8 1403 }
a513fe19
FB		 1404 /* binary search (cf Knuth) */
1405 m_min = 0;
1406 m_max = nb_tbs - 1;
1407 while (m_min <= m_max) {
1408 m = (m_min + m_max) >> 1;
1409 tb = &tbs[m];
8efe0ca8 1410 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1411 if (v == tc_ptr)
1412 return tb;
1413 else if (tc_ptr < v) {
1414 m_max = m - 1;
1415 } else {
1416 m_min = m + 1;
1417 }
5fafdf24 1418 }
a513fe19
FB		 1419 return &tbs[m_max];
1420}
7501267e 1421
ea041c0e
FB		 1422static void tb_reset_jump_recursive(TranslationBlock *tb);
1423
1424static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1425{
1426 TranslationBlock *tb1, *tb_next, **ptb;
1427 unsigned int n1;
1428
1429 tb1 = tb->jmp_next[n];
1430 if (tb1 != NULL) {
1431 /* find head of list */
1432 for(;;) {
8efe0ca8
SW		 1433 n1 = (uintptr_t)tb1 & 3;
1434 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1435 if (n1 == 2)
1436 break;
1437 tb1 = tb1->jmp_next[n1];
1438 }
1439 /* we are now sure now that tb jumps to tb1 */
1440 tb_next = tb1;
1441
1442 /* remove tb from the jmp_first list */
1443 ptb = &tb_next->jmp_first;
1444 for(;;) {
1445 tb1 = *ptb;
8efe0ca8
SW		 1446 n1 = (uintptr_t)tb1 & 3;
1447 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1448 if (n1 == n && tb1 == tb)
1449 break;
1450 ptb = &tb1->jmp_next[n1];
1451 }
1452 *ptb = tb->jmp_next[n];
1453 tb->jmp_next[n] = NULL;
3b46e624 1454
ea041c0e
FB		 1455 /* suppress the jump to next tb in generated code */
1456 tb_reset_jump(tb, n);
1457
0124311e 1458 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1459 tb_reset_jump_recursive(tb_next);
1460 }
1461}
1462
1463static void tb_reset_jump_recursive(TranslationBlock *tb)
1464{
1465 tb_reset_jump_recursive2(tb, 0);
1466 tb_reset_jump_recursive2(tb, 1);
1467}
1468
1fddef4b 1469#if defined(TARGET_HAS_ICE)
94df27fd 1470#if defined(CONFIG_USER_ONLY)
9349b4f9 1471static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1472{
1473 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1474}
1475#else
a8170e5e 1476void tb_invalidate_phys_addr(hwaddr addr)
d720b93d 1477{
c227f099 1478 ram_addr_t ram_addr;
f3705d53 1479 MemoryRegionSection *section;
d720b93d 1480
ac1970fb 1481 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1482 if (!(memory_region_is_ram(section->mr)
1483 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1484 return;
1485 }
f3705d53 1486 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1487 + memory_region_section_addr(section, addr);
706cd4b5 1488 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1489}
1e7855a5
MF		 1490
1491static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1492{
9d70c4b7
MF		 1493 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1494 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1495}
c27004ec 1496#endif
94df27fd 1497#endif /* TARGET_HAS_ICE */
d720b93d 1498
c527ee8f 1499#if defined(CONFIG_USER_ONLY)
9349b4f9 1500void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1501
1502{
1503}
1504
9349b4f9 1505int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1506 int flags, CPUWatchpoint **watchpoint)
1507{
1508 return -ENOSYS;
1509}
1510#else
6658ffb8 1511/* Add a watchpoint. */
9349b4f9 1512int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1513 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1514{
b4051334 1515 target_ulong len_mask = ~(len - 1);
c0ce998e 1516 CPUWatchpoint *wp;
6658ffb8 1517
b4051334 1518 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1519 if ((len & (len - 1)) || (addr & ~len_mask) ||
1520 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1521 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1522 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1523 return -EINVAL;
1524 }
7267c094 1525 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1526
1527 wp->vaddr = addr;
b4051334 1528 wp->len_mask = len_mask;
a1d1bb31
AL		 1529 wp->flags = flags;
1530
2dc9f411 1531 /* keep all GDB-injected watchpoints in front */
c0ce998e 1532 if (flags & BP_GDB)
72cf2d4f 1533 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1534 else
72cf2d4f 1535 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1536
6658ffb8 1537 tlb_flush_page(env, addr);
a1d1bb31
AL		 1538
1539 if (watchpoint)
1540 *watchpoint = wp;
1541 return 0;
6658ffb8
PB		 1542}
1543
a1d1bb31 1544/* Remove a specific watchpoint. */
9349b4f9 1545int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1546 int flags)
6658ffb8 1547{
b4051334 1548 target_ulong len_mask = ~(len - 1);
a1d1bb31 1549 CPUWatchpoint *wp;
6658ffb8 1550
72cf2d4f 1551 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1552 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1553 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1554 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1555 return 0;
1556 }
1557 }
a1d1bb31 1558 return -ENOENT;
6658ffb8
PB		 1559}
1560
a1d1bb31 1561/* Remove a specific watchpoint by reference. */
9349b4f9 1562void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1563{
72cf2d4f 1564 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1565
a1d1bb31
AL		 1566 tlb_flush_page(env, watchpoint->vaddr);
1567
7267c094 1568 g_free(watchpoint);
a1d1bb31
AL		 1569}
1570
1571/* Remove all matching watchpoints. */
9349b4f9 1572void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1573{
c0ce998e 1574 CPUWatchpoint *wp, *next;
a1d1bb31 1575
72cf2d4f 1576 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1577 if (wp->flags & mask)
1578 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1579 }
7d03f82f 1580}
c527ee8f 1581#endif
7d03f82f 1582
a1d1bb31 1583/* Add a breakpoint. */
9349b4f9 1584int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1585 CPUBreakpoint **breakpoint)
4c3a88a2 1586{
1fddef4b 1587#if defined(TARGET_HAS_ICE)
c0ce998e 1588 CPUBreakpoint *bp;
3b46e624 1589
7267c094 1590 bp = g_malloc(sizeof(*bp));
4c3a88a2 1591
a1d1bb31
AL		 1592 bp->pc = pc;
1593 bp->flags = flags;
1594
2dc9f411 1595 /* keep all GDB-injected breakpoints in front */
c0ce998e 1596 if (flags & BP_GDB)
72cf2d4f 1597 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1598 else
72cf2d4f 1599 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1600
d720b93d 1601 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1602
1603 if (breakpoint)
1604 *breakpoint = bp;
4c3a88a2
FB		 1605 return 0;
1606#else
a1d1bb31 1607 return -ENOSYS;
4c3a88a2
FB		 1608#endif
1609}
1610
a1d1bb31 1611/* Remove a specific breakpoint. */
9349b4f9 1612int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1613{
7d03f82f 1614#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1615 CPUBreakpoint *bp;
1616
72cf2d4f 1617 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1618 if (bp->pc == pc && bp->flags == flags) {
1619 cpu_breakpoint_remove_by_ref(env, bp);
1620 return 0;
1621 }
7d03f82f 1622 }
a1d1bb31
AL		 1623 return -ENOENT;
1624#else
1625 return -ENOSYS;
7d03f82f
EI		 1626#endif
1627}
1628
a1d1bb31 1629/* Remove a specific breakpoint by reference. */
9349b4f9 1630void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1631{
1fddef4b 1632#if defined(TARGET_HAS_ICE)
72cf2d4f 1633 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1634
a1d1bb31
AL		 1635 breakpoint_invalidate(env, breakpoint->pc);
1636
7267c094 1637 g_free(breakpoint);
a1d1bb31
AL		 1638#endif
1639}
1640
1641/* Remove all matching breakpoints. */
9349b4f9 1642void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1643{
1644#if defined(TARGET_HAS_ICE)
c0ce998e 1645 CPUBreakpoint *bp, *next;
a1d1bb31 1646
72cf2d4f 1647 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1648 if (bp->flags & mask)
1649 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1650 }
4c3a88a2
FB		 1651#endif
1652}
1653
c33a346e
FB		 1654/* enable or disable single step mode. EXCP_DEBUG is returned by the
1655 CPU loop after each instruction */
9349b4f9 1656void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1657{
1fddef4b 1658#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1659 if (env->singlestep_enabled != enabled) {
1660 env->singlestep_enabled = enabled;
e22a25c9
AL		 1661 if (kvm_enabled())
1662 kvm_update_guest_debug(env, 0);
1663 else {
ccbb4d44 1664 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1665 /* XXX: only flush what is necessary */
1666 tb_flush(env);
1667 }
c33a346e
FB		 1668 }
1669#endif
1670}
1671
9349b4f9 1672static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1673{
3098dba0
AJ		 1674 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1675 problem and hope the cpu will stop of its own accord. For userspace
1676 emulation this often isn't actually as bad as it sounds. Often
1677 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1678 TranslationBlock *tb;
c227f099 1679 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1680
cab1b4bd 1681 spin_lock(&interrupt_lock);
3098dba0
AJ		 1682 tb = env->current_tb;
1683 /* if the cpu is currently executing code, we must unlink it and
1684 all the potentially executing TB */
f76cfe56 1685 if (tb) {
3098dba0
AJ		 1686 env->current_tb = NULL;
1687 tb_reset_jump_recursive(tb);
be214e6c 1688 }
cab1b4bd 1689 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1690}
1691
97ffbd8d 1692#ifndef CONFIG_USER_ONLY
3098dba0 1693/* mask must never be zero, except for A20 change call */
9349b4f9 1694static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1695{
1696 int old_mask;
be214e6c 1697
2e70f6ef 1698 old_mask = env->interrupt_request;
68a79315 1699 env->interrupt_request |= mask;
3098dba0 1700
8edac960
AL		 1701 /*
1702 * If called from iothread context, wake the target cpu in
1703 * case its halted.
1704 */
b7680cb6 1705 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1706 qemu_cpu_kick(env);
1707 return;
1708 }
8edac960 1709
2e70f6ef 1710 if (use_icount) {
266910c4 1711 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1712 if (!can_do_io(env)
be214e6c 1713 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1714 cpu_abort(env, "Raised interrupt while not in I/O function");
1715 }
2e70f6ef 1716 } else {
3098dba0 1717 cpu_unlink_tb(env);
ea041c0e
FB		 1718 }
1719}
1720
ec6959d0
JK		 1721CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1722
97ffbd8d
JK		 1723#else /* CONFIG_USER_ONLY */
1724
9349b4f9 1725void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1726{
1727 env->interrupt_request |= mask;
1728 cpu_unlink_tb(env);
1729}
1730#endif /* CONFIG_USER_ONLY */
1731
9349b4f9 1732void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1733{
1734 env->interrupt_request &= ~mask;
1735}
1736
9349b4f9 1737void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1738{
1739 env->exit_request = 1;
1740 cpu_unlink_tb(env);
1741}
1742
9349b4f9 1743void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1744{
1745 va_list ap;
493ae1f0 1746 va_list ap2;
7501267e
FB		 1747
1748 va_start(ap, fmt);
493ae1f0 1749 va_copy(ap2, ap);
7501267e
FB		 1750 fprintf(stderr, "qemu: fatal: ");
1751 vfprintf(stderr, fmt, ap);
1752 fprintf(stderr, "\n");
6fd2a026 1753 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1754 if (qemu_log_enabled()) {
1755 qemu_log("qemu: fatal: ");
1756 qemu_log_vprintf(fmt, ap2);
1757 qemu_log("\n");
6fd2a026 1758 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1759 qemu_log_flush();
93fcfe39 1760 qemu_log_close();
924edcae 1761 }
493ae1f0 1762 va_end(ap2);
f9373291 1763 va_end(ap);
fd052bf6
RV		 1764#if defined(CONFIG_USER_ONLY)
1765 {
1766 struct sigaction act;
1767 sigfillset(&act.sa_mask);
1768 act.sa_handler = SIG_DFL;
1769 sigaction(SIGABRT, &act, NULL);
1770 }
1771#endif
7501267e
FB		 1772 abort();
1773}
1774
9349b4f9 1775CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1776{
9349b4f9
AF		 1777 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1778 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1779 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1780#if defined(TARGET_HAS_ICE)
1781 CPUBreakpoint *bp;
1782 CPUWatchpoint *wp;
1783#endif
1784
9349b4f9 1785 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1786
1787 /* Preserve chaining and index. */
c5be9f08
TS		 1788 new_env->next_cpu = next_cpu;
1789 new_env->cpu_index = cpu_index;
5a38f081
AL		 1790
1791 /* Clone all break/watchpoints.
1792 Note: Once we support ptrace with hw-debug register access, make sure
1793 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1794 QTAILQ_INIT(&env->breakpoints);
1795 QTAILQ_INIT(&env->watchpoints);
5a38f081 1796#if defined(TARGET_HAS_ICE)
72cf2d4f 1797 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1798 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1799 }
72cf2d4f 1800 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1801 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1802 wp->flags, NULL);
1803 }
1804#endif
1805
c5be9f08
TS		 1806 return new_env;
1807}
1808
0124311e 1809#if !defined(CONFIG_USER_ONLY)
0cac1b66 1810void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1811{
1812 unsigned int i;
1813
1814 /* Discard jump cache entries for any tb which might potentially
1815 overlap the flushed page. */
1816 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1817 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1818 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1819
1820 i = tb_jmp_cache_hash_page(addr);
1821 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1822 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1823}
1824
d24981d3
JQ		 1825static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1826 uintptr_t length)
1827{
1828 uintptr_t start1;
1829
1830 /* we modify the TLB cache so that the dirty bit will be set again
1831 when accessing the range */
1832 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1833 /* Check that we don't span multiple blocks - this breaks the
1834 address comparisons below. */
1835 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1836 != (end - 1) - start) {
1837 abort();
1838 }
1839 cpu_tlb_reset_dirty_all(start1, length);
1840
1841}
1842
5579c7f3 1843/* Note: start and end must be within the same ram block. */
c227f099 1844void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1845 int dirty_flags)
1ccde1cb 1846{
d24981d3 1847 uintptr_t length;
1ccde1cb
FB		 1848
1849 start &= TARGET_PAGE_MASK;
1850 end = TARGET_PAGE_ALIGN(end);
1851
1852 length = end - start;
1853 if (length == 0)
1854 return;
f7c11b53 1855 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1856
d24981d3
JQ		 1857 if (tcg_enabled()) {
1858 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1859 }
1ccde1cb
FB		 1860}
1861
74576198
AL		 1862int cpu_physical_memory_set_dirty_tracking(int enable)
1863{
f6f3fbca 1864 int ret = 0;
74576198 1865 in_migration = enable;
f6f3fbca 1866 return ret;
74576198
AL		 1867}
1868
a8170e5e 1869hwaddr memory_region_section_get_iotlb(CPUArchState *env,
e5548617
BS		 1870 MemoryRegionSection *section,
1871 target_ulong vaddr,
a8170e5e 1872 hwaddr paddr,
e5548617
BS		 1873 int prot,
1874 target_ulong *address)
1875{
a8170e5e 1876 hwaddr iotlb;
e5548617
BS		 1877 CPUWatchpoint *wp;
1878
cc5bea60 1879 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1880 /* Normal RAM. */
1881 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1882 + memory_region_section_addr(section, paddr);
e5548617
BS		 1883 if (!section->readonly) {
1884 iotlb |= phys_section_notdirty;
1885 } else {
1886 iotlb |= phys_section_rom;
1887 }
1888 } else {
1889 /* IO handlers are currently passed a physical address.
1890 It would be nice to pass an offset from the base address
1891 of that region. This would avoid having to special case RAM,
1892 and avoid full address decoding in every device.
1893 We can't use the high bits of pd for this because
1894 IO_MEM_ROMD uses these as a ram address. */
1895 iotlb = section - phys_sections;
cc5bea60 1896 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1897 }
1898
1899 /* Make accesses to pages with watchpoints go via the
1900 watchpoint trap routines. */
1901 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1902 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1903 /* Avoid trapping reads of pages with a write breakpoint. */
1904 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1905 iotlb = phys_section_watch + paddr;
1906 *address |= TLB_MMIO;
1907 break;
1908 }
1909 }
1910 }
1911
1912 return iotlb;
1913}
1914
0124311e 1915#else
edf8e2af
MW		 1916/*
1917 * Walks guest process memory "regions" one by one
1918 * and calls callback function 'fn' for each region.
1919 */
5cd2c5b6
RH		 1920
1921struct walk_memory_regions_data
1922{
1923 walk_memory_regions_fn fn;
1924 void *priv;
8efe0ca8 1925 uintptr_t start;
5cd2c5b6
RH		 1926 int prot;
1927};
1928
1929static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1930 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1931{
1932 if (data->start != -1ul) {
1933 int rc = data->fn(data->priv, data->start, end, data->prot);
1934 if (rc != 0) {
1935 return rc;
1936 }
1937 }
1938
1939 data->start = (new_prot ? end : -1ul);
1940 data->prot = new_prot;
1941
1942 return 0;
1943}
1944
1945static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1946 abi_ulong base, int level, void **lp)
5cd2c5b6 1947{
b480d9b7 1948 abi_ulong pa;
5cd2c5b6
RH		 1949 int i, rc;
1950
1951 if (*lp == NULL) {
1952 return walk_memory_regions_end(data, base, 0);
1953 }
1954
1955 if (level == 0) {
1956 PageDesc *pd = *lp;
7296abac 1957 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1958 int prot = pd[i].flags;
1959
1960 pa = base | (i << TARGET_PAGE_BITS);
1961 if (prot != data->prot) {
1962 rc = walk_memory_regions_end(data, pa, prot);
1963 if (rc != 0) {
1964 return rc;
9fa3e853 1965 }
9fa3e853 1966 }
5cd2c5b6
RH		 1967 }
1968 } else {
1969 void **pp = *lp;
7296abac 1970 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1971 pa = base | ((abi_ulong)i <<
1972 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1973 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1974 if (rc != 0) {
1975 return rc;
1976 }
1977 }
1978 }
1979
1980 return 0;
1981}
1982
1983int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1984{
1985 struct walk_memory_regions_data data;
8efe0ca8 1986 uintptr_t i;
5cd2c5b6
RH		 1987
1988 data.fn = fn;
1989 data.priv = priv;
1990 data.start = -1ul;
1991 data.prot = 0;
1992
1993 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1994 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1995 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1996 if (rc != 0) {
1997 return rc;
9fa3e853 1998 }
33417e70 1999 }
5cd2c5b6
RH		 2000
2001 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2002}
2003
b480d9b7
PB		 2004static int dump_region(void *priv, abi_ulong start,
2005 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2006{
2007 FILE *f = (FILE *)priv;
2008
b480d9b7
PB		 2009 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2010 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2011 start, end, end - start,
2012 ((prot & PAGE_READ) ? 'r' : '-'),
2013 ((prot & PAGE_WRITE) ? 'w' : '-'),
2014 ((prot & PAGE_EXEC) ? 'x' : '-'));
2015
2016 return (0);
2017}
2018
2019/* dump memory mappings */
2020void page_dump(FILE *f)
2021{
2022 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2023 "start", "end", "size", "prot");
2024 walk_memory_regions(f, dump_region);
33417e70
FB		 2025}
2026
53a5960a 2027int page_get_flags(target_ulong address)
33417e70 2028{
9fa3e853
FB		 2029 PageDesc *p;
2030
2031 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2032 if (!p)
9fa3e853
FB		 2033 return 0;
2034 return p->flags;
2035}
2036
376a7909
RH		 2037/* Modify the flags of a page and invalidate the code if necessary.
2038 The flag PAGE_WRITE_ORG is positioned automatically depending
2039 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2040void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2041{
376a7909
RH		 2042 target_ulong addr, len;
2043
2044 /* This function should never be called with addresses outside the
2045 guest address space. If this assert fires, it probably indicates
2046 a missing call to h2g_valid. */
b480d9b7
PB		 2047#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2048 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2049#endif
2050 assert(start < end);
9fa3e853
FB		 2051
2052 start = start & TARGET_PAGE_MASK;
2053 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2054
2055 if (flags & PAGE_WRITE) {
9fa3e853 2056 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2057 }
2058
2059 for (addr = start, len = end - start;
2060 len != 0;
2061 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2062 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2063
2064 /* If the write protection bit is set, then we invalidate
2065 the code inside. */
5fafdf24 2066 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2067 (flags & PAGE_WRITE) &&
2068 p->first_tb) {
d720b93d 2069 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2070 }
2071 p->flags = flags;
2072 }
33417e70
FB		 2073}
2074
3d97b40b
TS		 2075int page_check_range(target_ulong start, target_ulong len, int flags)
2076{
2077 PageDesc *p;
2078 target_ulong end;
2079 target_ulong addr;
2080
376a7909
RH		 2081 /* This function should never be called with addresses outside the
2082 guest address space. If this assert fires, it probably indicates
2083 a missing call to h2g_valid. */
338e9e6c
BS		 2084#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2085 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2086#endif
2087
3e0650a9
RH		 2088 if (len == 0) {
2089 return 0;
2090 }
376a7909
RH		 2091 if (start + len - 1 < start) {
2092 /* We've wrapped around. */
55f280c9 2093 return -1;
376a7909 2094 }
55f280c9 2095
3d97b40b
TS		 2096 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2097 start = start & TARGET_PAGE_MASK;
2098
376a7909
RH		 2099 for (addr = start, len = end - start;
2100 len != 0;
2101 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2102 p = page_find(addr >> TARGET_PAGE_BITS);
2103 if( !p )
2104 return -1;
2105 if( !(p->flags & PAGE_VALID) )
2106 return -1;
2107
dae3270c 2108 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2109 return -1;
dae3270c
FB		 2110 if (flags & PAGE_WRITE) {
2111 if (!(p->flags & PAGE_WRITE_ORG))
2112 return -1;
2113 /* unprotect the page if it was put read-only because it
2114 contains translated code */
2115 if (!(p->flags & PAGE_WRITE)) {
2116 if (!page_unprotect(addr, 0, NULL))
2117 return -1;
2118 }
2119 return 0;
2120 }
3d97b40b
TS		 2121 }
2122 return 0;
2123}
2124
9fa3e853 2125/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2126 page. Return TRUE if the fault was successfully handled. */
6375e09e 2127int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2128{
45d679d6
AJ		 2129 unsigned int prot;
2130 PageDesc *p;
53a5960a 2131 target_ulong host_start, host_end, addr;
9fa3e853 2132
c8a706fe
PB		 2133 /* Technically this isn't safe inside a signal handler. However we
2134 know this only ever happens in a synchronous SEGV handler, so in
2135 practice it seems to be ok. */
2136 mmap_lock();
2137
45d679d6
AJ		 2138 p = page_find(address >> TARGET_PAGE_BITS);
2139 if (!p) {
c8a706fe 2140 mmap_unlock();
9fa3e853 2141 return 0;
c8a706fe 2142 }
45d679d6 2143
9fa3e853
FB		 2144 /* if the page was really writable, then we change its
2145 protection back to writable */
45d679d6
AJ		 2146 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2147 host_start = address & qemu_host_page_mask;
2148 host_end = host_start + qemu_host_page_size;
2149
2150 prot = 0;
2151 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2152 p = page_find(addr >> TARGET_PAGE_BITS);
2153 p->flags |= PAGE_WRITE;
2154 prot |= p->flags;
2155
9fa3e853
FB		 2156 /* and since the content will be modified, we must invalidate
2157 the corresponding translated code. */
45d679d6 2158 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2159#ifdef DEBUG_TB_CHECK
45d679d6 2160 tb_invalidate_check(addr);
9fa3e853 2161#endif
9fa3e853 2162 }
45d679d6
AJ		 2163 mprotect((void *)g2h(host_start), qemu_host_page_size,
2164 prot & PAGE_BITS);
2165
2166 mmap_unlock();
2167 return 1;
9fa3e853 2168 }
c8a706fe 2169 mmap_unlock();
9fa3e853
FB		 2170 return 0;
2171}
9fa3e853
FB		 2172#endif /* defined(CONFIG_USER_ONLY) */
2173
e2eef170 2174#if !defined(CONFIG_USER_ONLY)
8da3ff18 2175
c04b2b78
PB		 2176#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2177typedef struct subpage_t {
70c68e44 2178 MemoryRegion iomem;
a8170e5e 2179 hwaddr base;
5312bd8b 2180 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2181} subpage_t;
2182
c227f099 2183static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2184 uint16_t section);
a8170e5e 2185static subpage_t *subpage_init(hwaddr base);
5312bd8b 2186static void destroy_page_desc(uint16_t section_index)
54688b1e 2187{
5312bd8b
AK		 2188 MemoryRegionSection *section = &phys_sections[section_index];
2189 MemoryRegion *mr = section->mr;
54688b1e
AK		 2190
2191 if (mr->subpage) {
2192 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2193 memory_region_destroy(&subpage->iomem);
2194 g_free(subpage);
2195 }
2196}
2197
4346ae3e 2198static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2199{
2200 unsigned i;
d6f2ea22 2201 PhysPageEntry *p;
54688b1e 2202
c19e8800 2203 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2204 return;
2205 }
2206
c19e8800 2207 p = phys_map_nodes[lp->ptr];
4346ae3e 2208 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2209 if (!p[i].is_leaf) {
54688b1e 2210 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2211 } else {
c19e8800 2212 destroy_page_desc(p[i].ptr);
54688b1e 2213 }
54688b1e 2214 }
07f07b31 2215 lp->is_leaf = 0;
c19e8800 2216 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2217}
2218
ac1970fb 2219static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 2220{
ac1970fb 2221 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 2222 phys_map_nodes_reset();
54688b1e
AK		 2223}
2224
5312bd8b
AK		 2225static uint16_t phys_section_add(MemoryRegionSection *section)
2226{
2227 if (phys_sections_nb == phys_sections_nb_alloc) {
2228 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2229 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2230 phys_sections_nb_alloc);
2231 }
2232 phys_sections[phys_sections_nb] = *section;
2233 return phys_sections_nb++;
2234}
2235
2236static void phys_sections_clear(void)
2237{
2238 phys_sections_nb = 0;
2239}
2240
ac1970fb 2241static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 2242{
2243 subpage_t *subpage;
a8170e5e 2244 hwaddr base = section->offset_within_address_space
0f0cb164 2245 & TARGET_PAGE_MASK;
ac1970fb 2246 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2247 MemoryRegionSection subsection = {
2248 .offset_within_address_space = base,
2249 .size = TARGET_PAGE_SIZE,
2250 };
a8170e5e 2251 hwaddr start, end;
0f0cb164 2252
f3705d53 2253 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2254
f3705d53 2255 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2256 subpage = subpage_init(base);
2257 subsection.mr = &subpage->iomem;
ac1970fb 2258 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 2259 phys_section_add(&subsection));
0f0cb164 2260 } else {
f3705d53 2261 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2262 }
2263 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2264 end = start + section->size - 1;
0f0cb164
AK		 2265 subpage_register(subpage, start, end, phys_section_add(section));
2266}
2267
2268
ac1970fb 2269static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 2270{
a8170e5e 2271 hwaddr start_addr = section->offset_within_address_space;
dd81124b 2272 ram_addr_t size = section->size;
a8170e5e 2273 hwaddr addr;
5312bd8b 2274 uint16_t section_index = phys_section_add(section);
dd81124b 2275
3b8e6a2d 2276 assert(size);
f6f3fbca 2277
3b8e6a2d 2278 addr = start_addr;
ac1970fb 2279 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 2280 section_index);
33417e70
FB		 2281}
2282
ac1970fb 2283static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 2284{
ac1970fb 2285 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
0f0cb164
AK		 2286 MemoryRegionSection now = *section, remain = *section;
2287
2288 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2289 || (now.size < TARGET_PAGE_SIZE)) {
2290 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2291 - now.offset_within_address_space,
2292 now.size);
ac1970fb 2293 register_subpage(d, &now);
0f0cb164
AK		 2294 remain.size -= now.size;
2295 remain.offset_within_address_space += now.size;
2296 remain.offset_within_region += now.size;
2297 }
69b67646
TH		 2298 while (remain.size >= TARGET_PAGE_SIZE) {
2299 now = remain;
2300 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2301 now.size = TARGET_PAGE_SIZE;
ac1970fb 2302 register_subpage(d, &now);
69b67646
TH		 2303 } else {
2304 now.size &= TARGET_PAGE_MASK;
ac1970fb 2305 register_multipage(d, &now);
69b67646 2306 }
0f0cb164
AK		 2307 remain.size -= now.size;
2308 remain.offset_within_address_space += now.size;
2309 remain.offset_within_region += now.size;
2310 }
2311 now = remain;
2312 if (now.size) {
ac1970fb 2313 register_subpage(d, &now);
0f0cb164
AK		 2314 }
2315}
2316
62a2744c
SY		 2317void qemu_flush_coalesced_mmio_buffer(void)
2318{
2319 if (kvm_enabled())
2320 kvm_flush_coalesced_mmio_buffer();
2321}
2322
c902760f
MT		 2323#if defined(__linux__) && !defined(TARGET_S390X)
2324
2325#include <sys/vfs.h>
2326
2327#define HUGETLBFS_MAGIC 0x958458f6
2328
2329static long gethugepagesize(const char *path)
2330{
2331 struct statfs fs;
2332 int ret;
2333
2334 do {
9742bf26 2335 ret = statfs(path, &fs);
c902760f
MT		 2336 } while (ret != 0 && errno == EINTR);
2337
2338 if (ret != 0) {
9742bf26
YT		 2339 perror(path);
2340 return 0;
c902760f
MT		 2341 }
2342
2343 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2344 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2345
2346 return fs.f_bsize;
2347}
2348
04b16653
AW		 2349static void *file_ram_alloc(RAMBlock *block,
2350 ram_addr_t memory,
2351 const char *path)
c902760f
MT		 2352{
2353 char *filename;
2354 void *area;
2355 int fd;
2356#ifdef MAP_POPULATE
2357 int flags;
2358#endif
2359 unsigned long hpagesize;
2360
2361 hpagesize = gethugepagesize(path);
2362 if (!hpagesize) {
9742bf26 2363 return NULL;
c902760f
MT		 2364 }
2365
2366 if (memory < hpagesize) {
2367 return NULL;
2368 }
2369
2370 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2371 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2372 return NULL;
2373 }
2374
2375 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2376 return NULL;
c902760f
MT		 2377 }
2378
2379 fd = mkstemp(filename);
2380 if (fd < 0) {
9742bf26
YT		 2381 perror("unable to create backing store for hugepages");
2382 free(filename);
2383 return NULL;
c902760f
MT		 2384 }
2385 unlink(filename);
2386 free(filename);
2387
2388 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2389
2390 /*
2391 * ftruncate is not supported by hugetlbfs in older
2392 * hosts, so don't bother bailing out on errors.
2393 * If anything goes wrong with it under other filesystems,
2394 * mmap will fail.
2395 */
2396 if (ftruncate(fd, memory))
9742bf26 2397 perror("ftruncate");
c902760f
MT		 2398
2399#ifdef MAP_POPULATE
2400 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2401 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2402 * to sidestep this quirk.
2403 */
2404 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2405 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2406#else
2407 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2408#endif
2409 if (area == MAP_FAILED) {
9742bf26
YT		 2410 perror("file_ram_alloc: can't mmap RAM pages");
2411 close(fd);
2412 return (NULL);
c902760f 2413 }
04b16653 2414 block->fd = fd;
c902760f
MT		 2415 return area;
2416}
2417#endif
2418
d17b5288 2419static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2420{
2421 RAMBlock *block, *next_block;
3e837b2c 2422 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2423
2424 if (QLIST_EMPTY(&ram_list.blocks))
2425 return 0;
2426
2427 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2428 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2429
2430 end = block->offset + block->length;
2431
2432 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2433 if (next_block->offset >= end) {
2434 next = MIN(next, next_block->offset);
2435 }
2436 }
2437 if (next - end >= size && next - end < mingap) {
3e837b2c 2438 offset = end;
04b16653
AW		 2439 mingap = next - end;
2440 }
2441 }
3e837b2c
AW		 2442
2443 if (offset == RAM_ADDR_MAX) {
2444 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2445 (uint64_t)size);
2446 abort();
2447 }
2448
04b16653
AW		 2449 return offset;
2450}
2451
652d7ec2 2452ram_addr_t last_ram_offset(void)
d17b5288
AW		 2453{
2454 RAMBlock *block;
2455 ram_addr_t last = 0;
2456
2457 QLIST_FOREACH(block, &ram_list.blocks, next)
2458 last = MAX(last, block->offset + block->length);
2459
2460 return last;
2461}
2462
ddb97f1d
JB		 2463static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2464{
2465 int ret;
2466 QemuOpts *machine_opts;
2467
2468 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2469 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2470 if (machine_opts &&
2471 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2472 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2473 if (ret) {
2474 perror("qemu_madvise");
2475 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2476 "but dump_guest_core=off specified\n");
2477 }
2478 }
2479}
2480
c5705a77 2481void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2482{
2483 RAMBlock *new_block, *block;
2484
c5705a77
AK		 2485 new_block = NULL;
2486 QLIST_FOREACH(block, &ram_list.blocks, next) {
2487 if (block->offset == addr) {
2488 new_block = block;
2489 break;
2490 }
2491 }
2492 assert(new_block);
2493 assert(!new_block->idstr[0]);
84b89d78 2494
09e5ab63
AL		 2495 if (dev) {
2496 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2497 if (id) {
2498 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2499 g_free(id);
84b89d78
CM		 2500 }
2501 }
2502 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2503
2504 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2505 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2506 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2507 new_block->idstr);
2508 abort();
2509 }
2510 }
c5705a77
AK		 2511}
2512
8490fc78
LC		 2513static int memory_try_enable_merging(void *addr, size_t len)
2514{
2515 QemuOpts *opts;
2516
2517 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2518 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2519 /* disabled by the user */
2520 return 0;
2521 }
2522
2523 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2524}
2525
c5705a77
AK		 2526ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2527 MemoryRegion *mr)
2528{
2529 RAMBlock *new_block;
2530
2531 size = TARGET_PAGE_ALIGN(size);
2532 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2533
7c637366 2534 new_block->mr = mr;
432d268c 2535 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2536 if (host) {
2537 new_block->host = host;
cd19cfa2 2538 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2539 } else {
2540 if (mem_path) {
c902760f 2541#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2542 new_block->host = file_ram_alloc(new_block, size, mem_path);
2543 if (!new_block->host) {
2544 new_block->host = qemu_vmalloc(size);
8490fc78 2545 memory_try_enable_merging(new_block->host, size);
6977dfe6 2546 }
c902760f 2547#else
6977dfe6
YT		 2548 fprintf(stderr, "-mem-path option unsupported\n");
2549 exit(1);
c902760f 2550#endif
6977dfe6 2551 } else {
868bb33f 2552 if (xen_enabled()) {
fce537d4 2553 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2554 } else if (kvm_enabled()) {
2555 /* some s390/kvm configurations have special constraints */
2556 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2557 } else {
2558 new_block->host = qemu_vmalloc(size);
2559 }
8490fc78 2560 memory_try_enable_merging(new_block->host, size);
6977dfe6 2561 }
c902760f 2562 }
94a6b54f
PB		 2563 new_block->length = size;
2564
f471a17e 2565 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2566
7267c094 2567 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2568 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2569 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2570 0, size >> TARGET_PAGE_BITS);
1720aeee 2571 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2572
ddb97f1d 2573 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 2574 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 2575
6f0437e8
JK		 2576 if (kvm_enabled())
2577 kvm_setup_guest_memory(new_block->host, size);
2578
94a6b54f
PB		 2579 return new_block->offset;
2580}
e9a1ab19 2581
c5705a77 2582ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2583{
c5705a77 2584 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2585}
2586
1f2e98b6
AW		 2587void qemu_ram_free_from_ptr(ram_addr_t addr)
2588{
2589 RAMBlock *block;
2590
2591 QLIST_FOREACH(block, &ram_list.blocks, next) {
2592 if (addr == block->offset) {
2593 QLIST_REMOVE(block, next);
7267c094 2594 g_free(block);
1f2e98b6
AW		 2595 return;
2596 }
2597 }
2598}
2599
c227f099 2600void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2601{
04b16653
AW		 2602 RAMBlock *block;
2603
2604 QLIST_FOREACH(block, &ram_list.blocks, next) {
2605 if (addr == block->offset) {
2606 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2607 if (block->flags & RAM_PREALLOC_MASK) {
2608 ;
2609 } else if (mem_path) {
04b16653
AW		 2610#if defined (__linux__) && !defined(TARGET_S390X)
2611 if (block->fd) {
2612 munmap(block->host, block->length);
2613 close(block->fd);
2614 } else {
2615 qemu_vfree(block->host);
2616 }
fd28aa13
JK		 2617#else
2618 abort();
04b16653
AW		 2619#endif
2620 } else {
2621#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2622 munmap(block->host, block->length);
2623#else
868bb33f 2624 if (xen_enabled()) {
e41d7c69 2625 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2626 } else {
2627 qemu_vfree(block->host);
2628 }
04b16653
AW		 2629#endif
2630 }
7267c094 2631 g_free(block);
04b16653
AW		 2632 return;
2633 }
2634 }
2635
e9a1ab19
FB		 2636}
2637
cd19cfa2
HY		 2638#ifndef _WIN32
2639void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2640{
2641 RAMBlock *block;
2642 ram_addr_t offset;
2643 int flags;
2644 void *area, *vaddr;
2645
2646 QLIST_FOREACH(block, &ram_list.blocks, next) {
2647 offset = addr - block->offset;
2648 if (offset < block->length) {
2649 vaddr = block->host + offset;
2650 if (block->flags & RAM_PREALLOC_MASK) {
2651 ;
2652 } else {
2653 flags = MAP_FIXED;
2654 munmap(vaddr, length);
2655 if (mem_path) {
2656#if defined(__linux__) && !defined(TARGET_S390X)
2657 if (block->fd) {
2658#ifdef MAP_POPULATE
2659 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2660 MAP_PRIVATE;
2661#else
2662 flags |= MAP_PRIVATE;
2663#endif
2664 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2665 flags, block->fd, offset);
2666 } else {
2667 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2668 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2669 flags, -1, 0);
2670 }
fd28aa13
JK		 2671#else
2672 abort();
cd19cfa2
HY		 2673#endif
2674 } else {
2675#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2676 flags |= MAP_SHARED | MAP_ANONYMOUS;
2677 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2678 flags, -1, 0);
2679#else
2680 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2681 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2682 flags, -1, 0);
2683#endif
2684 }
2685 if (area != vaddr) {
f15fbc4b
AP		 2686 fprintf(stderr, "Could not remap addr: "
2687 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2688 length, addr);
2689 exit(1);
2690 }
8490fc78 2691 memory_try_enable_merging(vaddr, length);
ddb97f1d 2692 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2693 }
2694 return;
2695 }
2696 }
2697}
2698#endif /* !_WIN32 */
2699
dc828ca1 2700/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2701 With the exception of the softmmu code in this file, this should
2702 only be used for local memory (e.g. video ram) that the device owns,
2703 and knows it isn't going to access beyond the end of the block.
2704
2705 It should not be used for general purpose DMA.
2706 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2707 */
c227f099 2708void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2709{
94a6b54f
PB		 2710 RAMBlock *block;
2711
f471a17e
AW		 2712 QLIST_FOREACH(block, &ram_list.blocks, next) {
2713 if (addr - block->offset < block->length) {
7d82af38
VP		 2714 /* Move this entry to to start of the list. */
2715 if (block != QLIST_FIRST(&ram_list.blocks)) {
2716 QLIST_REMOVE(block, next);
2717 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2718 }
868bb33f 2719 if (xen_enabled()) {
432d268c
JN		 2720 /* We need to check if the requested address is in the RAM
2721 * because we don't want to map the entire memory in QEMU.
712c2b41 2722 * In that case just map until the end of the page.
432d268c
JN		 2723 */
2724 if (block->offset == 0) {
e41d7c69 2725 return xen_map_cache(addr, 0, 0);
432d268c 2726 } else if (block->host == NULL) {
e41d7c69
JK		 2727 block->host =
2728 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2729 }
2730 }
f471a17e
AW		 2731 return block->host + (addr - block->offset);
2732 }
94a6b54f 2733 }
f471a17e
AW		 2734
2735 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2736 abort();
2737
2738 return NULL;
dc828ca1
PB		 2739}
2740
b2e0a138
MT		 2741/* Return a host pointer to ram allocated with qemu_ram_alloc.
2742 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2743 */
2744void *qemu_safe_ram_ptr(ram_addr_t addr)
2745{
2746 RAMBlock *block;
2747
2748 QLIST_FOREACH(block, &ram_list.blocks, next) {
2749 if (addr - block->offset < block->length) {
868bb33f 2750 if (xen_enabled()) {
432d268c
JN		 2751 /* We need to check if the requested address is in the RAM
2752 * because we don't want to map the entire memory in QEMU.
712c2b41 2753 * In that case just map until the end of the page.
432d268c
JN		 2754 */
2755 if (block->offset == 0) {
e41d7c69 2756 return xen_map_cache(addr, 0, 0);
432d268c 2757 } else if (block->host == NULL) {
e41d7c69
JK		 2758 block->host =
2759 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2760 }
2761 }
b2e0a138
MT		 2762 return block->host + (addr - block->offset);
2763 }
2764 }
2765
2766 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2767 abort();
2768
2769 return NULL;
2770}
2771
38bee5dc
SS		 2772/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2773 * but takes a size argument */
8ab934f9 2774void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2775{
8ab934f9
SS		 2776 if (*size == 0) {
2777 return NULL;
2778 }
868bb33f 2779 if (xen_enabled()) {
e41d7c69 2780 return xen_map_cache(addr, *size, 1);
868bb33f 2781 } else {
38bee5dc
SS		 2782 RAMBlock *block;
2783
2784 QLIST_FOREACH(block, &ram_list.blocks, next) {
2785 if (addr - block->offset < block->length) {
2786 if (addr - block->offset + *size > block->length)
2787 *size = block->length - addr + block->offset;
2788 return block->host + (addr - block->offset);
2789 }
2790 }
2791
2792 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2793 abort();
38bee5dc
SS		 2794 }
2795}
2796
050a0ddf
AP		 2797void qemu_put_ram_ptr(void *addr)
2798{
2799 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2800}
2801
e890261f 2802int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2803{
94a6b54f
PB		 2804 RAMBlock *block;
2805 uint8_t *host = ptr;
2806
868bb33f 2807 if (xen_enabled()) {
e41d7c69 2808 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2809 return 0;
2810 }
2811
f471a17e 2812 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2813 /* This case append when the block is not mapped. */
2814 if (block->host == NULL) {
2815 continue;
2816 }
f471a17e 2817 if (host - block->host < block->length) {
e890261f
MT		 2818 *ram_addr = block->offset + (host - block->host);
2819 return 0;
f471a17e 2820 }
94a6b54f 2821 }
432d268c 2822
e890261f
MT		 2823 return -1;
2824}
f471a17e 2825
e890261f
MT		 2826/* Some of the softmmu routines need to translate from a host pointer
2827 (typically a TLB entry) back to a ram offset. */
2828ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2829{
2830 ram_addr_t ram_addr;
f471a17e 2831
e890261f
MT		 2832 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2833 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2834 abort();
2835 }
2836 return ram_addr;
5579c7f3
PB		 2837}
2838
a8170e5e 2839static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2840 unsigned size)
e18231a3
BS		 2841{
2842#ifdef DEBUG_UNASSIGNED
2843 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2844#endif
5b450407 2845#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2846 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2847#endif
2848 return 0;
2849}
2850
a8170e5e 2851static void unassigned_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2852 uint64_t val, unsigned size)
e18231a3
BS		 2853{
2854#ifdef DEBUG_UNASSIGNED
0e0df1e2 2855 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2856#endif
5b450407 2857#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2858 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2859#endif
33417e70
FB		 2860}
2861
0e0df1e2
AK		 2862static const MemoryRegionOps unassigned_mem_ops = {
2863 .read = unassigned_mem_read,
2864 .write = unassigned_mem_write,
2865 .endianness = DEVICE_NATIVE_ENDIAN,
2866};
e18231a3 2867
a8170e5e 2868static uint64_t error_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2869 unsigned size)
e18231a3 2870{
0e0df1e2 2871 abort();
e18231a3
BS		 2872}
2873
a8170e5e 2874static void error_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2875 uint64_t value, unsigned size)
e18231a3 2876{
0e0df1e2 2877 abort();
33417e70
FB		 2878}
2879
0e0df1e2
AK		 2880static const MemoryRegionOps error_mem_ops = {
2881 .read = error_mem_read,
2882 .write = error_mem_write,
2883 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2884};
2885
0e0df1e2
AK		 2886static const MemoryRegionOps rom_mem_ops = {
2887 .read = error_mem_read,
2888 .write = unassigned_mem_write,
2889 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2890};
2891
a8170e5e 2892static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2893 uint64_t val, unsigned size)
9fa3e853 2894{
3a7d929e 2895 int dirty_flags;
f7c11b53 2896 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2897 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2898#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2899 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2900 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2901#endif
3a7d929e 2902 }
0e0df1e2
AK		 2903 switch (size) {
2904 case 1:
2905 stb_p(qemu_get_ram_ptr(ram_addr), val);
2906 break;
2907 case 2:
2908 stw_p(qemu_get_ram_ptr(ram_addr), val);
2909 break;
2910 case 4:
2911 stl_p(qemu_get_ram_ptr(ram_addr), val);
2912 break;
2913 default:
2914 abort();
3a7d929e 2915 }
f23db169 2916 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2917 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2918 /* we remove the notdirty callback only if the code has been
2919 flushed */
2920 if (dirty_flags == 0xff)
2e70f6ef 2921 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2922}
2923
0e0df1e2
AK		 2924static const MemoryRegionOps notdirty_mem_ops = {
2925 .read = error_mem_read,
2926 .write = notdirty_mem_write,
2927 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2928};
2929
0f459d16 2930/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2931static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2932{
9349b4f9 2933 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2934 target_ulong pc, cs_base;
2935 TranslationBlock *tb;
0f459d16 2936 target_ulong vaddr;
a1d1bb31 2937 CPUWatchpoint *wp;
06d55cc1 2938 int cpu_flags;
0f459d16 2939
06d55cc1
AL		 2940 if (env->watchpoint_hit) {
2941 /* We re-entered the check after replacing the TB. Now raise
2942 * the debug interrupt so that is will trigger after the
2943 * current instruction. */
2944 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2945 return;
2946 }
2e70f6ef 2947 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2948 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2949 if ((vaddr == (wp->vaddr & len_mask) ||
2950 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2951 wp->flags |= BP_WATCHPOINT_HIT;
2952 if (!env->watchpoint_hit) {
2953 env->watchpoint_hit = wp;
2954 tb = tb_find_pc(env->mem_io_pc);
2955 if (!tb) {
2956 cpu_abort(env, "check_watchpoint: could not find TB for "
2957 "pc=%p", (void *)env->mem_io_pc);
2958 }
618ba8e6 2959 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2960 tb_phys_invalidate(tb, -1);
2961 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2962 env->exception_index = EXCP_DEBUG;
488d6577 2963 cpu_loop_exit(env);
6e140f28
AL		 2964 } else {
2965 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2966 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2967 cpu_resume_from_signal(env, NULL);
6e140f28 2968 }
06d55cc1 2969 }
6e140f28
AL		 2970 } else {
2971 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2972 }
2973 }
2974}
2975
6658ffb8
PB		 2976/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2977 so these check for a hit then pass through to the normal out-of-line
2978 phys routines. */
a8170e5e 2979static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 2980 unsigned size)
6658ffb8 2981{
1ec9b909
AK		 2982 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2983 switch (size) {
2984 case 1: return ldub_phys(addr);
2985 case 2: return lduw_phys(addr);
2986 case 4: return ldl_phys(addr);
2987 default: abort();
2988 }
6658ffb8
PB		 2989}
2990
a8170e5e 2991static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 2992 uint64_t val, unsigned size)
6658ffb8 2993{
1ec9b909
AK		 2994 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
2995 switch (size) {
67364150
MF		 2996 case 1:
2997 stb_phys(addr, val);
2998 break;
2999 case 2:
3000 stw_phys(addr, val);
3001 break;
3002 case 4:
3003 stl_phys(addr, val);
3004 break;
1ec9b909
AK		 3005 default: abort();
3006 }
6658ffb8
PB		 3007}
3008
1ec9b909
AK		 3009static const MemoryRegionOps watch_mem_ops = {
3010 .read = watch_mem_read,
3011 .write = watch_mem_write,
3012 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3013};
6658ffb8 3014
a8170e5e 3015static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 3016 unsigned len)
db7b5426 3017{
70c68e44 3018 subpage_t *mmio = opaque;
f6405247 3019 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3020 MemoryRegionSection *section;
db7b5426
BS		 3021#if defined(DEBUG_SUBPAGE)
3022 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3023 mmio, len, addr, idx);
3024#endif
db7b5426 3025
5312bd8b
AK		 3026 section = &phys_sections[mmio->sub_section[idx]];
3027 addr += mmio->base;
3028 addr -= section->offset_within_address_space;
3029 addr += section->offset_within_region;
37ec01d4 3030 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3031}
3032
a8170e5e 3033static void subpage_write(void *opaque, hwaddr addr,
70c68e44 3034 uint64_t value, unsigned len)
db7b5426 3035{
70c68e44 3036 subpage_t *mmio = opaque;
f6405247 3037 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3038 MemoryRegionSection *section;
db7b5426 3039#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3040 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3041 " idx %d value %"PRIx64"\n",
f6405247 3042 __func__, mmio, len, addr, idx, value);
db7b5426 3043#endif
f6405247 3044
5312bd8b
AK		 3045 section = &phys_sections[mmio->sub_section[idx]];
3046 addr += mmio->base;
3047 addr -= section->offset_within_address_space;
3048 addr += section->offset_within_region;
37ec01d4 3049 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3050}
3051
70c68e44
AK		 3052static const MemoryRegionOps subpage_ops = {
3053 .read = subpage_read,
3054 .write = subpage_write,
3055 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3056};
3057
a8170e5e 3058static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
de712f94 3059 unsigned size)
56384e8b
AF		 3060{
3061 ram_addr_t raddr = addr;
3062 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3063 switch (size) {
3064 case 1: return ldub_p(ptr);
3065 case 2: return lduw_p(ptr);
3066 case 4: return ldl_p(ptr);
3067 default: abort();
3068 }
56384e8b
AF		 3069}
3070
a8170e5e 3071static void subpage_ram_write(void *opaque, hwaddr addr,
de712f94 3072 uint64_t value, unsigned size)
56384e8b
AF		 3073{
3074 ram_addr_t raddr = addr;
3075 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3076 switch (size) {
3077 case 1: return stb_p(ptr, value);
3078 case 2: return stw_p(ptr, value);
3079 case 4: return stl_p(ptr, value);
3080 default: abort();
3081 }
56384e8b
AF		 3082}
3083
de712f94
AK		 3084static const MemoryRegionOps subpage_ram_ops = {
3085 .read = subpage_ram_read,
3086 .write = subpage_ram_write,
3087 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3088};
3089
c227f099 3090static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3091 uint16_t section)
db7b5426
BS		 3092{
3093 int idx, eidx;
3094
3095 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3096 return -1;
3097 idx = SUBPAGE_IDX(start);
3098 eidx = SUBPAGE_IDX(end);
3099#if defined(DEBUG_SUBPAGE)
0bf9e31a 3100 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3101 mmio, start, end, idx, eidx, memory);
3102#endif
5312bd8b
AK		 3103 if (memory_region_is_ram(phys_sections[section].mr)) {
3104 MemoryRegionSection new_section = phys_sections[section];
3105 new_section.mr = &io_mem_subpage_ram;
3106 section = phys_section_add(&new_section);
56384e8b 3107 }
db7b5426 3108 for (; idx <= eidx; idx++) {
5312bd8b 3109 mmio->sub_section[idx] = section;
db7b5426
BS		 3110 }
3111
3112 return 0;
3113}
3114
a8170e5e 3115static subpage_t *subpage_init(hwaddr base)
db7b5426 3116{
c227f099 3117 subpage_t *mmio;
db7b5426 3118
7267c094 3119 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3120
3121 mmio->base = base;
70c68e44
AK		 3122 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3123 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3124 mmio->iomem.subpage = true;
db7b5426 3125#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3126 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3127 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3128#endif
0f0cb164 3129 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3130
3131 return mmio;
3132}
3133
5312bd8b
AK		 3134static uint16_t dummy_section(MemoryRegion *mr)
3135{
3136 MemoryRegionSection section = {
3137 .mr = mr,
3138 .offset_within_address_space = 0,
3139 .offset_within_region = 0,
3140 .size = UINT64_MAX,
3141 };
3142
3143 return phys_section_add(&section);
3144}
3145
a8170e5e 3146MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 3147{
37ec01d4 3148 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3149}
3150
e9179ce1
AK		 3151static void io_mem_init(void)
3152{
0e0df1e2 3153 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3154 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3155 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3156 "unassigned", UINT64_MAX);
3157 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3158 "notdirty", UINT64_MAX);
de712f94
AK		 3159 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3160 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3161 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3162 "watch", UINT64_MAX);
e9179ce1
AK		 3163}
3164
ac1970fb
AK		 3165static void mem_begin(MemoryListener *listener)
3166{
3167 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3168
3169 destroy_all_mappings(d);
3170 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3171}
3172
50c1e149
AK		 3173static void core_begin(MemoryListener *listener)
3174{
5312bd8b
AK		 3175 phys_sections_clear();
3176 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3177 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3178 phys_section_rom = dummy_section(&io_mem_rom);
3179 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3180}
3181
1d71148e 3182static void tcg_commit(MemoryListener *listener)
50c1e149 3183{
9349b4f9 3184 CPUArchState *env;
117712c3
AK		 3185
3186 /* since each CPU stores ram addresses in its TLB cache, we must
3187 reset the modified entries */
3188 /* XXX: slow ! */
3189 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3190 tlb_flush(env, 1);
3191 }
50c1e149
AK		 3192}
3193
93632747
AK		 3194static void core_log_global_start(MemoryListener *listener)
3195{
3196 cpu_physical_memory_set_dirty_tracking(1);
3197}
3198
3199static void core_log_global_stop(MemoryListener *listener)
3200{
3201 cpu_physical_memory_set_dirty_tracking(0);
3202}
3203
4855d41a
AK		 3204static void io_region_add(MemoryListener *listener,
3205 MemoryRegionSection *section)
3206{
a2d33521
AK		 3207 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3208
3209 mrio->mr = section->mr;
3210 mrio->offset = section->offset_within_region;
3211 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3212 section->offset_within_address_space, section->size);
a2d33521 3213 ioport_register(&mrio->iorange);
4855d41a
AK		 3214}
3215
3216static void io_region_del(MemoryListener *listener,
3217 MemoryRegionSection *section)
3218{
3219 isa_unassign_ioport(section->offset_within_address_space, section->size);
3220}
3221
93632747 3222static MemoryListener core_memory_listener = {
50c1e149 3223 .begin = core_begin,
93632747
AK		 3224 .log_global_start = core_log_global_start,
3225 .log_global_stop = core_log_global_stop,
ac1970fb 3226 .priority = 1,
93632747
AK		 3227};
3228
4855d41a
AK		 3229static MemoryListener io_memory_listener = {
3230 .region_add = io_region_add,
3231 .region_del = io_region_del,
4855d41a
AK		 3232 .priority = 0,
3233};
3234
1d71148e
AK		 3235static MemoryListener tcg_memory_listener = {
3236 .commit = tcg_commit,
3237};
3238
ac1970fb
AK		 3239void address_space_init_dispatch(AddressSpace *as)
3240{
3241 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3242
3243 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3244 d->listener = (MemoryListener) {
3245 .begin = mem_begin,
3246 .region_add = mem_add,
3247 .region_nop = mem_add,
3248 .priority = 0,
3249 };
3250 as->dispatch = d;
3251 memory_listener_register(&d->listener, as);
3252}
3253
83f3c251
AK		 3254void address_space_destroy_dispatch(AddressSpace *as)
3255{
3256 AddressSpaceDispatch *d = as->dispatch;
3257
3258 memory_listener_unregister(&d->listener);
3259 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
3260 g_free(d);
3261 as->dispatch = NULL;
3262}
3263
62152b8a
AK		 3264static void memory_map_init(void)
3265{
7267c094 3266 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3267 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 3268 address_space_init(&address_space_memory, system_memory);
3269 address_space_memory.name = "memory";
309cb471 3270
7267c094 3271 system_io = g_malloc(sizeof(*system_io));
309cb471 3272 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 3273 address_space_init(&address_space_io, system_io);
3274 address_space_io.name = "I/O";
93632747 3275
f6790af6
AK		 3276 memory_listener_register(&core_memory_listener, &address_space_memory);
3277 memory_listener_register(&io_memory_listener, &address_space_io);
3278 memory_listener_register(&tcg_memory_listener, &address_space_memory);
62152b8a
AK		 3279}
3280
3281MemoryRegion *get_system_memory(void)
3282{
3283 return system_memory;
3284}
3285
309cb471
AK		 3286MemoryRegion *get_system_io(void)
3287{
3288 return system_io;
3289}
3290
e2eef170
PB		 3291#endif /* !defined(CONFIG_USER_ONLY) */
3292
13eb76e0
FB		 3293/* physical memory access (slow version, mainly for debug) */
3294#if defined(CONFIG_USER_ONLY)
9349b4f9 3295int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3296 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3297{
3298 int l, flags;
3299 target_ulong page;
53a5960a 3300 void * p;
13eb76e0
FB		 3301
3302 while (len > 0) {
3303 page = addr & TARGET_PAGE_MASK;
3304 l = (page + TARGET_PAGE_SIZE) - addr;
3305 if (l > len)
3306 l = len;
3307 flags = page_get_flags(page);
3308 if (!(flags & PAGE_VALID))
a68fe89c 3309 return -1;
13eb76e0
FB		 3310 if (is_write) {
3311 if (!(flags & PAGE_WRITE))
a68fe89c 3312 return -1;
579a97f7 3313 /* XXX: this code should not depend on lock_user */
72fb7daa 3314 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3315 return -1;
72fb7daa
AJ		 3316 memcpy(p, buf, l);
3317 unlock_user(p, addr, l);
13eb76e0
FB		 3318 } else {
3319 if (!(flags & PAGE_READ))
a68fe89c 3320 return -1;
579a97f7 3321 /* XXX: this code should not depend on lock_user */
72fb7daa 3322 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3323 return -1;
72fb7daa 3324 memcpy(buf, p, l);
5b257578 3325 unlock_user(p, addr, 0);
13eb76e0
FB		 3326 }
3327 len -= l;
3328 buf += l;
3329 addr += l;
3330 }
a68fe89c 3331 return 0;
13eb76e0 3332}
8df1cd07 3333
13eb76e0 3334#else
51d7a9eb 3335
a8170e5e
AK		 3336static void invalidate_and_set_dirty(hwaddr addr,
3337 hwaddr length)
51d7a9eb
AP		 3338{
3339 if (!cpu_physical_memory_is_dirty(addr)) {
3340 /* invalidate code */
3341 tb_invalidate_phys_page_range(addr, addr + length, 0);
3342 /* set dirty bit */
3343 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3344 }
e226939d 3345 xen_modified_memory(addr, length);
51d7a9eb
AP		 3346}
3347
a8170e5e 3348void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 3349 int len, bool is_write)
13eb76e0 3350{
ac1970fb 3351 AddressSpaceDispatch *d = as->dispatch;
37ec01d4 3352 int l;
13eb76e0
FB		 3353 uint8_t *ptr;
3354 uint32_t val;
a8170e5e 3355 hwaddr page;
f3705d53 3356 MemoryRegionSection *section;
3b46e624 3357
13eb76e0
FB		 3358 while (len > 0) {
3359 page = addr & TARGET_PAGE_MASK;
3360 l = (page + TARGET_PAGE_SIZE) - addr;
3361 if (l > len)
3362 l = len;
ac1970fb 3363 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3364
13eb76e0 3365 if (is_write) {
f3705d53 3366 if (!memory_region_is_ram(section->mr)) {
a8170e5e 3367 hwaddr addr1;
cc5bea60 3368 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3369 /* XXX: could force cpu_single_env to NULL to avoid
3370 potential bugs */
6c2934db 3371 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3372 /* 32 bit write access */
c27004ec 3373 val = ldl_p(buf);
37ec01d4 3374 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3375 l = 4;
6c2934db 3376 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3377 /* 16 bit write access */
c27004ec 3378 val = lduw_p(buf);
37ec01d4 3379 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3380 l = 2;
3381 } else {
1c213d19 3382 /* 8 bit write access */
c27004ec 3383 val = ldub_p(buf);
37ec01d4 3384 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3385 l = 1;
3386 }
f3705d53 3387 } else if (!section->readonly) {
8ca5692d 3388 ram_addr_t addr1;
f3705d53 3389 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3390 + memory_region_section_addr(section, addr);
13eb76e0 3391 /* RAM case */
5579c7f3 3392 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3393 memcpy(ptr, buf, l);
51d7a9eb 3394 invalidate_and_set_dirty(addr1, l);
050a0ddf 3395 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3396 }
3397 } else {
cc5bea60
BS		 3398 if (!(memory_region_is_ram(section->mr) ||
3399 memory_region_is_romd(section->mr))) {
a8170e5e 3400 hwaddr addr1;
13eb76e0 3401 /* I/O case */
cc5bea60 3402 addr1 = memory_region_section_addr(section, addr);
6c2934db 3403 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3404 /* 32 bit read access */
37ec01d4 3405 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3406 stl_p(buf, val);
13eb76e0 3407 l = 4;
6c2934db 3408 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3409 /* 16 bit read access */
37ec01d4 3410 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3411 stw_p(buf, val);
13eb76e0
FB		 3412 l = 2;
3413 } else {
1c213d19 3414 /* 8 bit read access */
37ec01d4 3415 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3416 stb_p(buf, val);
13eb76e0
FB		 3417 l = 1;
3418 }
3419 } else {
3420 /* RAM case */
0a1b357f 3421 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3422 + memory_region_section_addr(section,
3423 addr));
f3705d53 3424 memcpy(buf, ptr, l);
050a0ddf 3425 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3426 }
3427 }
3428 len -= l;
3429 buf += l;
3430 addr += l;
3431 }
3432}
8df1cd07 3433
a8170e5e 3434void address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 3435 const uint8_t *buf, int len)
3436{
3437 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3438}
3439
3440/**
3441 * address_space_read: read from an address space.
3442 *
3443 * @as: #AddressSpace to be accessed
3444 * @addr: address within that address space
3445 * @buf: buffer with the data transferred
3446 */
a8170e5e 3447void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb
AK		 3448{
3449 address_space_rw(as, addr, buf, len, false);
3450}
3451
3452
a8170e5e 3453void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 3454 int len, int is_write)
3455{
3456 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3457}
3458
d0ecd2aa 3459/* used for ROM loading : can write in RAM and ROM */
a8170e5e 3460void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 3461 const uint8_t *buf, int len)
3462{
ac1970fb 3463 AddressSpaceDispatch *d = address_space_memory.dispatch;
d0ecd2aa
FB		 3464 int l;
3465 uint8_t *ptr;
a8170e5e 3466 hwaddr page;
f3705d53 3467 MemoryRegionSection *section;
3b46e624 3468
d0ecd2aa
FB		 3469 while (len > 0) {
3470 page = addr & TARGET_PAGE_MASK;
3471 l = (page + TARGET_PAGE_SIZE) - addr;
3472 if (l > len)
3473 l = len;
ac1970fb 3474 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3475
cc5bea60
BS		 3476 if (!(memory_region_is_ram(section->mr) ||
3477 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3478 /* do nothing */
3479 } else {
3480 unsigned long addr1;
f3705d53 3481 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3482 + memory_region_section_addr(section, addr);
d0ecd2aa 3483 /* ROM/RAM case */
5579c7f3 3484 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3485 memcpy(ptr, buf, l);
51d7a9eb 3486 invalidate_and_set_dirty(addr1, l);
050a0ddf 3487 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3488 }
3489 len -= l;
3490 buf += l;
3491 addr += l;
3492 }
3493}
3494
6d16c2f8
AL		 3495typedef struct {
3496 void *buffer;
a8170e5e
AK		 3497 hwaddr addr;
3498 hwaddr len;
6d16c2f8
AL		 3499} BounceBuffer;
3500
3501static BounceBuffer bounce;
3502
ba223c29
AL		 3503typedef struct MapClient {
3504 void *opaque;
3505 void (*callback)(void *opaque);
72cf2d4f 3506 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3507} MapClient;
3508
72cf2d4f
BS		 3509static QLIST_HEAD(map_client_list, MapClient) map_client_list
3510 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3511
3512void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3513{
7267c094 3514 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3515
3516 client->opaque = opaque;
3517 client->callback = callback;
72cf2d4f 3518 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3519 return client;
3520}
3521
3522void cpu_unregister_map_client(void *_client)
3523{
3524 MapClient *client = (MapClient *)_client;
3525
72cf2d4f 3526 QLIST_REMOVE(client, link);
7267c094 3527 g_free(client);
ba223c29
AL		 3528}
3529
3530static void cpu_notify_map_clients(void)
3531{
3532 MapClient *client;
3533
72cf2d4f
BS		 3534 while (!QLIST_EMPTY(&map_client_list)) {
3535 client = QLIST_FIRST(&map_client_list);
ba223c29 3536 client->callback(client->opaque);
34d5e948 3537 cpu_unregister_map_client(client);
ba223c29
AL		 3538 }
3539}
3540
6d16c2f8
AL		 3541/* Map a physical memory region into a host virtual address.
3542 * May map a subset of the requested range, given by and returned in *plen.
3543 * May return NULL if resources needed to perform the mapping are exhausted.
3544 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3545 * Use cpu_register_map_client() to know when retrying the map operation is
3546 * likely to succeed.
6d16c2f8 3547 */
ac1970fb 3548void *address_space_map(AddressSpace *as,
a8170e5e
AK		 3549 hwaddr addr,
3550 hwaddr *plen,
ac1970fb 3551 bool is_write)
6d16c2f8 3552{
ac1970fb 3553 AddressSpaceDispatch *d = as->dispatch;
a8170e5e
AK		 3554 hwaddr len = *plen;
3555 hwaddr todo = 0;
6d16c2f8 3556 int l;
a8170e5e 3557 hwaddr page;
f3705d53 3558 MemoryRegionSection *section;
f15fbc4b 3559 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3560 ram_addr_t rlen;
3561 void *ret;
6d16c2f8
AL		 3562
3563 while (len > 0) {
3564 page = addr & TARGET_PAGE_MASK;
3565 l = (page + TARGET_PAGE_SIZE) - addr;
3566 if (l > len)
3567 l = len;
ac1970fb 3568 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
6d16c2f8 3569
f3705d53 3570 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3571 if (todo || bounce.buffer) {
6d16c2f8
AL		 3572 break;
3573 }
3574 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3575 bounce.addr = addr;
3576 bounce.len = l;
3577 if (!is_write) {
ac1970fb 3578 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 3579 }
38bee5dc
SS		 3580
3581 *plen = l;
3582 return bounce.buffer;
6d16c2f8 3583 }
8ab934f9 3584 if (!todo) {
f3705d53 3585 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3586 + memory_region_section_addr(section, addr);
8ab934f9 3587 }
6d16c2f8
AL		 3588
3589 len -= l;
3590 addr += l;
38bee5dc 3591 todo += l;
6d16c2f8 3592 }
8ab934f9
SS		 3593 rlen = todo;
3594 ret = qemu_ram_ptr_length(raddr, &rlen);
3595 *plen = rlen;
3596 return ret;
6d16c2f8
AL		 3597}
3598
ac1970fb 3599/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3600 * Will also mark the memory as dirty if is_write == 1. access_len gives
3601 * the amount of memory that was actually read or written by the caller.
3602 */
a8170e5e
AK		 3603void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3604 int is_write, hwaddr access_len)
6d16c2f8
AL		 3605{
3606 if (buffer != bounce.buffer) {
3607 if (is_write) {
e890261f 3608 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3609 while (access_len) {
3610 unsigned l;
3611 l = TARGET_PAGE_SIZE;
3612 if (l > access_len)
3613 l = access_len;
51d7a9eb 3614 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3615 addr1 += l;
3616 access_len -= l;
3617 }
3618 }
868bb33f 3619 if (xen_enabled()) {
e41d7c69 3620 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3621 }
6d16c2f8
AL		 3622 return;
3623 }
3624 if (is_write) {
ac1970fb 3625 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 3626 }
f8a83245 3627 qemu_vfree(bounce.buffer);
6d16c2f8 3628 bounce.buffer = NULL;
ba223c29 3629 cpu_notify_map_clients();
6d16c2f8 3630}
d0ecd2aa 3631
a8170e5e
AK		 3632void *cpu_physical_memory_map(hwaddr addr,
3633 hwaddr *plen,
ac1970fb
AK		 3634 int is_write)
3635{
3636 return address_space_map(&address_space_memory, addr, plen, is_write);
3637}
3638
a8170e5e
AK		 3639void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3640 int is_write, hwaddr access_len)
ac1970fb
AK		 3641{
3642 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3643}
3644
8df1cd07 3645/* warning: addr must be aligned */
a8170e5e 3646static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 3647 enum device_endian endian)
8df1cd07 3648{
8df1cd07
FB		 3649 uint8_t *ptr;
3650 uint32_t val;
f3705d53 3651 MemoryRegionSection *section;
8df1cd07 3652
ac1970fb 3653 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3654
cc5bea60
BS		 3655 if (!(memory_region_is_ram(section->mr) ||
3656 memory_region_is_romd(section->mr))) {
8df1cd07 3657 /* I/O case */
cc5bea60 3658 addr = memory_region_section_addr(section, addr);
37ec01d4 3659 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3660#if defined(TARGET_WORDS_BIGENDIAN)
3661 if (endian == DEVICE_LITTLE_ENDIAN) {
3662 val = bswap32(val);
3663 }
3664#else
3665 if (endian == DEVICE_BIG_ENDIAN) {
3666 val = bswap32(val);
3667 }
3668#endif
8df1cd07
FB		 3669 } else {
3670 /* RAM case */
f3705d53 3671 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3672 & TARGET_PAGE_MASK)
cc5bea60 3673 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3674 switch (endian) {
3675 case DEVICE_LITTLE_ENDIAN:
3676 val = ldl_le_p(ptr);
3677 break;
3678 case DEVICE_BIG_ENDIAN:
3679 val = ldl_be_p(ptr);
3680 break;
3681 default:
3682 val = ldl_p(ptr);
3683 break;
3684 }
8df1cd07
FB		 3685 }
3686 return val;
3687}
3688
a8170e5e 3689uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 3690{
3691 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3692}
3693
a8170e5e 3694uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 3695{
3696 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3697}
3698
a8170e5e 3699uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 3700{
3701 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3702}
3703
84b7b8e7 3704/* warning: addr must be aligned */
a8170e5e 3705static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 3706 enum device_endian endian)
84b7b8e7 3707{
84b7b8e7
FB		 3708 uint8_t *ptr;
3709 uint64_t val;
f3705d53 3710 MemoryRegionSection *section;
84b7b8e7 3711
ac1970fb 3712 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3713
cc5bea60
BS		 3714 if (!(memory_region_is_ram(section->mr) ||
3715 memory_region_is_romd(section->mr))) {
84b7b8e7 3716 /* I/O case */
cc5bea60 3717 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3718
3719 /* XXX This is broken when device endian != cpu endian.
3720 Fix and add "endian" variable check */
84b7b8e7 3721#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3722 val = io_mem_read(section->mr, addr, 4) << 32;
3723 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3724#else
37ec01d4
AK		 3725 val = io_mem_read(section->mr, addr, 4);
3726 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3727#endif
3728 } else {
3729 /* RAM case */
f3705d53 3730 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3731 & TARGET_PAGE_MASK)
cc5bea60 3732 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3733 switch (endian) {
3734 case DEVICE_LITTLE_ENDIAN:
3735 val = ldq_le_p(ptr);
3736 break;
3737 case DEVICE_BIG_ENDIAN:
3738 val = ldq_be_p(ptr);
3739 break;
3740 default:
3741 val = ldq_p(ptr);
3742 break;
3743 }
84b7b8e7
FB		 3744 }
3745 return val;
3746}
3747
a8170e5e 3748uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 3749{
3750 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3751}
3752
a8170e5e 3753uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 3754{
3755 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3756}
3757
a8170e5e 3758uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 3759{
3760 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3761}
3762
aab33094 3763/* XXX: optimize */
a8170e5e 3764uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 3765{
3766 uint8_t val;
3767 cpu_physical_memory_read(addr, &val, 1);
3768 return val;
3769}
3770
733f0b02 3771/* warning: addr must be aligned */
a8170e5e 3772static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 3773 enum device_endian endian)
aab33094 3774{
733f0b02
MT		 3775 uint8_t *ptr;
3776 uint64_t val;
f3705d53 3777 MemoryRegionSection *section;
733f0b02 3778
ac1970fb 3779 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3780
cc5bea60
BS		 3781 if (!(memory_region_is_ram(section->mr) ||
3782 memory_region_is_romd(section->mr))) {
733f0b02 3783 /* I/O case */
cc5bea60 3784 addr = memory_region_section_addr(section, addr);
37ec01d4 3785 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3786#if defined(TARGET_WORDS_BIGENDIAN)
3787 if (endian == DEVICE_LITTLE_ENDIAN) {
3788 val = bswap16(val);
3789 }
3790#else
3791 if (endian == DEVICE_BIG_ENDIAN) {
3792 val = bswap16(val);
3793 }
3794#endif
733f0b02
MT		 3795 } else {
3796 /* RAM case */
f3705d53 3797 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3798 & TARGET_PAGE_MASK)
cc5bea60 3799 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3800 switch (endian) {
3801 case DEVICE_LITTLE_ENDIAN:
3802 val = lduw_le_p(ptr);
3803 break;
3804 case DEVICE_BIG_ENDIAN:
3805 val = lduw_be_p(ptr);
3806 break;
3807 default:
3808 val = lduw_p(ptr);
3809 break;
3810 }
733f0b02
MT		 3811 }
3812 return val;
aab33094
FB		 3813}
3814
a8170e5e 3815uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 3816{
3817 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3818}
3819
a8170e5e 3820uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 3821{
3822 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3823}
3824
a8170e5e 3825uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 3826{
3827 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3828}
3829
8df1cd07
FB		 3830/* warning: addr must be aligned. The ram page is not masked as dirty
3831 and the code inside is not invalidated. It is useful if the dirty
3832 bits are used to track modified PTEs */
a8170e5e 3833void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 3834{
8df1cd07 3835 uint8_t *ptr;
f3705d53 3836 MemoryRegionSection *section;
8df1cd07 3837
ac1970fb 3838 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3839
f3705d53 3840 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3841 addr = memory_region_section_addr(section, addr);
f3705d53 3842 if (memory_region_is_ram(section->mr)) {
37ec01d4 3843 section = &phys_sections[phys_section_rom];
06ef3525 3844 }
37ec01d4 3845 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3846 } else {
f3705d53 3847 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3848 & TARGET_PAGE_MASK)
cc5bea60 3849 + memory_region_section_addr(section, addr);
5579c7f3 3850 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3851 stl_p(ptr, val);
74576198
AL		 3852
3853 if (unlikely(in_migration)) {
3854 if (!cpu_physical_memory_is_dirty(addr1)) {
3855 /* invalidate code */
3856 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3857 /* set dirty bit */
f7c11b53
YT		 3858 cpu_physical_memory_set_dirty_flags(
3859 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3860 }
3861 }
8df1cd07
FB		 3862 }
3863}
3864
a8170e5e 3865void stq_phys_notdirty(hwaddr addr, uint64_t val)
bc98a7ef 3866{
bc98a7ef 3867 uint8_t *ptr;
f3705d53 3868 MemoryRegionSection *section;
bc98a7ef 3869
ac1970fb 3870 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3871
f3705d53 3872 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3873 addr = memory_region_section_addr(section, addr);
f3705d53 3874 if (memory_region_is_ram(section->mr)) {
37ec01d4 3875 section = &phys_sections[phys_section_rom];
06ef3525 3876 }
bc98a7ef 3877#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3878 io_mem_write(section->mr, addr, val >> 32, 4);
3879 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3880#else
37ec01d4
AK		 3881 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3882 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3883#endif
3884 } else {
f3705d53 3885 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3886 & TARGET_PAGE_MASK)
cc5bea60 3887 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3888 stq_p(ptr, val);
3889 }
3890}
3891
8df1cd07 3892/* warning: addr must be aligned */
a8170e5e 3893static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3894 enum device_endian endian)
8df1cd07 3895{
8df1cd07 3896 uint8_t *ptr;
f3705d53 3897 MemoryRegionSection *section;
8df1cd07 3898
ac1970fb 3899 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3900
f3705d53 3901 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3902 addr = memory_region_section_addr(section, addr);
f3705d53 3903 if (memory_region_is_ram(section->mr)) {
37ec01d4 3904 section = &phys_sections[phys_section_rom];
06ef3525 3905 }
1e78bcc1
AG		 3906#if defined(TARGET_WORDS_BIGENDIAN)
3907 if (endian == DEVICE_LITTLE_ENDIAN) {
3908 val = bswap32(val);
3909 }
3910#else
3911 if (endian == DEVICE_BIG_ENDIAN) {
3912 val = bswap32(val);
3913 }
3914#endif
37ec01d4 3915 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3916 } else {
3917 unsigned long addr1;
f3705d53 3918 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3919 + memory_region_section_addr(section, addr);
8df1cd07 3920 /* RAM case */
5579c7f3 3921 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3922 switch (endian) {
3923 case DEVICE_LITTLE_ENDIAN:
3924 stl_le_p(ptr, val);
3925 break;
3926 case DEVICE_BIG_ENDIAN:
3927 stl_be_p(ptr, val);
3928 break;
3929 default:
3930 stl_p(ptr, val);
3931 break;
3932 }
51d7a9eb 3933 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3934 }
3935}
3936
a8170e5e 3937void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3938{
3939 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3940}
3941
a8170e5e 3942void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3943{
3944 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3945}
3946
a8170e5e 3947void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3948{
3949 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3950}
3951
aab33094 3952/* XXX: optimize */
a8170e5e 3953void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 3954{
3955 uint8_t v = val;
3956 cpu_physical_memory_write(addr, &v, 1);
3957}
3958
733f0b02 3959/* warning: addr must be aligned */
a8170e5e 3960static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3961 enum device_endian endian)
aab33094 3962{
733f0b02 3963 uint8_t *ptr;
f3705d53 3964 MemoryRegionSection *section;
733f0b02 3965
ac1970fb 3966 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3967
f3705d53 3968 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3969 addr = memory_region_section_addr(section, addr);
f3705d53 3970 if (memory_region_is_ram(section->mr)) {
37ec01d4 3971 section = &phys_sections[phys_section_rom];
06ef3525 3972 }
1e78bcc1
AG		 3973#if defined(TARGET_WORDS_BIGENDIAN)
3974 if (endian == DEVICE_LITTLE_ENDIAN) {
3975 val = bswap16(val);
3976 }
3977#else
3978 if (endian == DEVICE_BIG_ENDIAN) {
3979 val = bswap16(val);
3980 }
3981#endif
37ec01d4 3982 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 3983 } else {
3984 unsigned long addr1;
f3705d53 3985 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3986 + memory_region_section_addr(section, addr);
733f0b02
MT		 3987 /* RAM case */
3988 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3989 switch (endian) {
3990 case DEVICE_LITTLE_ENDIAN:
3991 stw_le_p(ptr, val);
3992 break;
3993 case DEVICE_BIG_ENDIAN:
3994 stw_be_p(ptr, val);
3995 break;
3996 default:
3997 stw_p(ptr, val);
3998 break;
3999 }
51d7a9eb 4000 invalidate_and_set_dirty(addr1, 2);
733f0b02 4001 }
aab33094
FB		 4002}
4003
a8170e5e 4004void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4005{
4006 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4007}
4008
a8170e5e 4009void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4010{
4011 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4012}
4013
a8170e5e 4014void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4015{
4016 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4017}
4018
aab33094 4019/* XXX: optimize */
a8170e5e 4020void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 4021{
4022 val = tswap64(val);
71d2b725 4023 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4024}
4025
a8170e5e 4026void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4027{
4028 val = cpu_to_le64(val);
4029 cpu_physical_memory_write(addr, &val, 8);
4030}
4031
a8170e5e 4032void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4033{
4034 val = cpu_to_be64(val);
4035 cpu_physical_memory_write(addr, &val, 8);
4036}
4037
5e2972fd 4038/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4039int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4040 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4041{
4042 int l;
a8170e5e 4043 hwaddr phys_addr;
9b3c35e0 4044 target_ulong page;
13eb76e0
FB		 4045
4046 while (len > 0) {
4047 page = addr & TARGET_PAGE_MASK;
4048 phys_addr = cpu_get_phys_page_debug(env, page);
4049 /* if no physical page mapped, return an error */
4050 if (phys_addr == -1)
4051 return -1;
4052 l = (page + TARGET_PAGE_SIZE) - addr;
4053 if (l > len)
4054 l = len;
5e2972fd 4055 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4056 if (is_write)
4057 cpu_physical_memory_write_rom(phys_addr, buf, l);
4058 else
5e2972fd 4059 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4060 len -= l;
4061 buf += l;
4062 addr += l;
4063 }
4064 return 0;
4065}
a68fe89c 4066#endif
13eb76e0 4067
2e70f6ef
PB		 4068/* in deterministic execution mode, instructions doing device I/Os
4069 must be at the end of the TB */
20503968 4070void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4071{
4072 TranslationBlock *tb;
4073 uint32_t n, cflags;
4074 target_ulong pc, cs_base;
4075 uint64_t flags;
4076
20503968 4077 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4078 if (!tb) {
4079 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4080 (void *)retaddr);
2e70f6ef
PB		 4081 }
4082 n = env->icount_decr.u16.low + tb->icount;
20503968 4083 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4084 /* Calculate how many instructions had been executed before the fault
bf20dc07 4085 occurred. */
2e70f6ef
PB		 4086 n = n - env->icount_decr.u16.low;
4087 /* Generate a new TB ending on the I/O insn. */
4088 n++;
4089 /* On MIPS and SH, delay slot instructions can only be restarted if
4090 they were already the first instruction in the TB. If this is not
bf20dc07 4091 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4092 branch. */
4093#if defined(TARGET_MIPS)
4094 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4095 env->active_tc.PC -= 4;
4096 env->icount_decr.u16.low++;
4097 env->hflags &= ~MIPS_HFLAG_BMASK;
4098 }
4099#elif defined(TARGET_SH4)
4100 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4101 && n > 1) {
4102 env->pc -= 2;
4103 env->icount_decr.u16.low++;
4104 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4105 }
4106#endif
4107 /* This should never happen. */
4108 if (n > CF_COUNT_MASK)
4109 cpu_abort(env, "TB too big during recompile");
4110
4111 cflags = n | CF_LAST_IO;
4112 pc = tb->pc;
4113 cs_base = tb->cs_base;
4114 flags = tb->flags;
4115 tb_phys_invalidate(tb, -1);
4116 /* FIXME: In theory this could raise an exception. In practice
4117 we have already translated the block once so it's probably ok. */
4118 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4119 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4120 the first in the TB) then we end up generating a whole new TB and
4121 repeating the fault, which is horribly inefficient.
4122 Better would be to execute just this insn uncached, or generate a
4123 second new TB. */
4124 cpu_resume_from_signal(env, NULL);
4125}
4126
b3755a91
PB		 4127#if !defined(CONFIG_USER_ONLY)
4128
055403b2 4129void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4130{
4131 int i, target_code_size, max_target_code_size;
4132 int direct_jmp_count, direct_jmp2_count, cross_page;
4133 TranslationBlock *tb;
3b46e624 4134
e3db7226
FB		 4135 target_code_size = 0;
4136 max_target_code_size = 0;
4137 cross_page = 0;
4138 direct_jmp_count = 0;
4139 direct_jmp2_count = 0;
4140 for(i = 0; i < nb_tbs; i++) {
4141 tb = &tbs[i];
4142 target_code_size += tb->size;
4143 if (tb->size > max_target_code_size)
4144 max_target_code_size = tb->size;
4145 if (tb->page_addr[1] != -1)
4146 cross_page++;
4147 if (tb->tb_next_offset[0] != 0xffff) {
4148 direct_jmp_count++;
4149 if (tb->tb_next_offset[1] != 0xffff) {
4150 direct_jmp2_count++;
4151 }
4152 }
4153 }
4154 /* XXX: avoid using doubles ? */
57fec1fe 4155 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4156 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4157 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4158 cpu_fprintf(f, "TB count %d/%d\n",
4159 nb_tbs, code_gen_max_blocks);
5fafdf24 4160 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4161 nb_tbs ? target_code_size / nb_tbs : 0,
4162 max_target_code_size);
055403b2 4163 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4164 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4165 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4166 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4167 cross_page,
e3db7226
FB		 4168 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4169 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4170 direct_jmp_count,
e3db7226
FB		 4171 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4172 direct_jmp2_count,
4173 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4174 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4175 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4176 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4177 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4178 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4179}
4180
82afa586
BH		 4181/*
4182 * A helper function for the _utterly broken_ virtio device model to find out if
4183 * it's running on a big endian machine. Don't do this at home kids!
4184 */
4185bool virtio_is_big_endian(void);
4186bool virtio_is_big_endian(void)
4187{
4188#if defined(TARGET_WORDS_BIGENDIAN)
4189 return true;
4190#else
4191 return false;
4192#endif
4193}
4194
61382a50 4195#endif
76f35538
WC		 4196
4197#ifndef CONFIG_USER_ONLY
a8170e5e 4198bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538
WC		 4199{
4200 MemoryRegionSection *section;
4201
ac1970fb
AK		 4202 section = phys_page_find(address_space_memory.dispatch,
4203 phys_addr >> TARGET_PAGE_BITS);
76f35538
WC		 4204
4205 return !(memory_region_is_ram(section->mr) ||
4206 memory_region_is_romd(section->mr));
4207}
4208#endif
QEMU mirror