]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
checkpatch: consider git extended headers valid patches
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
53cb28cb
MA		 190 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
193 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 194 }
f7bf5461
AK		 195}
196
db94604b 197static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 198{
199 unsigned i;
8b795765 200 uint32_t ret;
db94604b
PB		 201 PhysPageEntry e;
202 PhysPageEntry *p;
f7bf5461 203
53cb28cb 204 ret = map->nodes_nb++;
db94604b 205 p = map->nodes[ret];
f7bf5461 206 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 207 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 208
209 e.skip = leaf ? 0 : 1;
210 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 211 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 212 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 213 }
f7bf5461 214 return ret;
d6f2ea22
AK		 215}
216
53cb28cb
MA		 217static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
218 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 219 int level)
f7bf5461
AK		 220{
221 PhysPageEntry *p;
03f49957 222 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 223
9736e55b 224 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 225 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 226 }
db94604b 227 p = map->nodes[lp->ptr];
03f49957 228 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 229
03f49957 230 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 231 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 232 lp->skip = 0;
c19e8800 233 lp->ptr = leaf;
07f07b31
AK		 234 *index += step;
235 *nb -= step;
2999097b 236 } else {
53cb28cb 237 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 238 }
239 ++lp;
f7bf5461
AK		 240 }
241}
242
ac1970fb 243static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 244 hwaddr index, hwaddr nb,
2999097b 245 uint16_t leaf)
f7bf5461 246{
2999097b 247 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 248 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 249
53cb28cb 250 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 251}
252
b35ba30f
MT		 253/* Compact a non leaf page entry. Simply detect that the entry has a single child,
254 * and update our entry so we can skip it and go directly to the destination.
255 */
256static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
257{
258 unsigned valid_ptr = P_L2_SIZE;
259 int valid = 0;
260 PhysPageEntry *p;
261 int i;
262
263 if (lp->ptr == PHYS_MAP_NODE_NIL) {
264 return;
265 }
266
267 p = nodes[lp->ptr];
268 for (i = 0; i < P_L2_SIZE; i++) {
269 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
270 continue;
271 }
272
273 valid_ptr = i;
274 valid++;
275 if (p[i].skip) {
276 phys_page_compact(&p[i], nodes, compacted);
277 }
278 }
279
280 /* We can only compress if there's only one child. */
281 if (valid != 1) {
282 return;
283 }
284
285 assert(valid_ptr < P_L2_SIZE);
286
287 /* Don't compress if it won't fit in the # of bits we have. */
288 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
289 return;
290 }
291
292 lp->ptr = p[valid_ptr].ptr;
293 if (!p[valid_ptr].skip) {
294 /* If our only child is a leaf, make this a leaf. */
295 /* By design, we should have made this node a leaf to begin with so we
296 * should never reach here.
297 * But since it's so simple to handle this, let's do it just in case we
298 * change this rule.
299 */
300 lp->skip = 0;
301 } else {
302 lp->skip += p[valid_ptr].skip;
303 }
304}
305
306static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
307{
308 DECLARE_BITMAP(compacted, nodes_nb);
309
310 if (d->phys_map.skip) {
53cb28cb 311 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 312 }
313}
314
29cb533d
FZ		 315static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317{
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324}
325
97115a8d 326static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 327 Node *nodes, MemoryRegionSection *sections)
92e873b9 328{
31ab2b4a 329 PhysPageEntry *p;
97115a8d 330 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 331 int i;
f1f6e3b8 332
9736e55b 333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 335 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 336 }
9affd6fc 337 p = nodes[lp.ptr];
03f49957 338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 339 }
b35ba30f 340
29cb533d 341 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
f3705d53
AK		 346}
347
e5548617
BS		 348bool memory_region_is_unassigned(MemoryRegion *mr)
349{
2a8e7499 350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 351 && mr != &io_mem_watch;
fd6ce8f6 352}
149f54b5 353
79e2b9ae 354/* Called from RCU critical section */
c7086b4a 355static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 356 hwaddr addr,
357 bool resolve_subpage)
9f029603 358{
729633c2 359 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 360 subpage_t *subpage;
729633c2 361 bool update;
90260c6c 362
729633c2
FZ		 363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
90260c6c
JK		 371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 374 }
729633c2
FZ		 375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
90260c6c 378 return section;
9f029603
JK		 379}
380
79e2b9ae 381/* Called from RCU critical section */
90260c6c 382static MemoryRegionSection *
c7086b4a 383address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 384 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 385{
386 MemoryRegionSection *section;
965eb2fc 387 MemoryRegion *mr;
a87f3954 388 Int128 diff;
149f54b5 389
c7086b4a 390 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
965eb2fc 397 mr = section->mr;
b242e0e0
PB		 398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
965eb2fc 410 if (memory_region_is_ram(mr)) {
e4a511f8 411 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
149f54b5
PB		 414 return section;
415}
90260c6c 416
41063e1e 417/* Called from RCU critical section */
5c8a00ce
PB		 418MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
90260c6c 421{
30951157
AK		 422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
30951157
AK		 425
426 for (;;) {
79e2b9ae
PB		 427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
8d7b8cb9 435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
23820dbf 438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
fe680d0d 447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 449 *plen = MIN(page, *plen);
a87f3954
PB		 450 }
451
30951157
AK		 452 *xlat = addr;
453 return mr;
90260c6c
JK		 454}
455
79e2b9ae 456/* Called from RCU critical section */
90260c6c 457MemoryRegionSection *
d7898cda 458address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 459 hwaddr *xlat, hwaddr *plen)
90260c6c 460{
30951157 461 MemoryRegionSection *section;
d7898cda
PM		 462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 465
466 assert(!section->mr->iommu_ops);
467 return section;
90260c6c 468}
5b6dd868 469#endif
fd6ce8f6 470
b170fce3 471#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 472
473static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 474{
259186a7 475 CPUState *cpu = opaque;
a513fe19 476
5b6dd868
BS		 477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
259186a7 479 cpu->interrupt_request &= ~0x01;
c01a71c1 480 tlb_flush(cpu, 1);
5b6dd868
BS		 481
482 return 0;
a513fe19 483}
7501267e 484
6c3bff0e
PD		 485static int cpu_common_pre_load(void *opaque)
486{
487 CPUState *cpu = opaque;
488
adee6424 489 cpu->exception_index = -1;
6c3bff0e
PD		 490
491 return 0;
492}
493
494static bool cpu_common_exception_index_needed(void *opaque)
495{
496 CPUState *cpu = opaque;
497
adee6424 498 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 499}
500
501static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
5cd8cada 505 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510};
511
bac05aa9
AS		 512static bool cpu_common_crash_occurred_needed(void *opaque)
513{
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517}
518
519static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528};
529
1a1562f5 530const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
6c3bff0e 534 .pre_load = cpu_common_pre_load,
5b6dd868 535 .post_load = cpu_common_post_load,
35d08458 536 .fields = (VMStateField[]) {
259186a7
AF		 537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 539 VMSTATE_END_OF_LIST()
6c3bff0e 540 },
5cd8cada
JQ		 541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
bac05aa9 543 &vmstate_cpu_common_crash_occurred,
5cd8cada 544 NULL
5b6dd868
BS		 545 }
546};
1a1562f5 547
5b6dd868 548#endif
ea041c0e 549
38d8f5c8 550CPUState *qemu_get_cpu(int index)
ea041c0e 551{
bdc44640 552 CPUState *cpu;
ea041c0e 553
bdc44640 554 CPU_FOREACH(cpu) {
55e5c285 555 if (cpu->cpu_index == index) {
bdc44640 556 return cpu;
55e5c285 557 }
ea041c0e 558 }
5b6dd868 559
bdc44640 560 return NULL;
ea041c0e
FB		 561}
562
09daed84 563#if !defined(CONFIG_USER_ONLY)
56943e8c 564void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 565{
12ebc9a7
PM		 566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
56943e8c
PM		 571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
12ebc9a7
PM		 576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
09daed84 578
12ebc9a7
PM		 579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 581 }
32857f4d 582
12ebc9a7
PM		 583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
56943e8c 586 if (tcg_enabled()) {
12ebc9a7
PM		 587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 589 }
09daed84 590}
651a5bc0
PM		 591
592AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593{
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596}
09daed84
EI		 597#endif
598
b7bca733
BR		 599#ifndef CONFIG_USER_ONLY
600static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
601
602static int cpu_get_free_index(Error **errp)
603{
604 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
605
606 if (cpu >= MAX_CPUMASK_BITS) {
607 error_setg(errp, "Trying to use more CPUs than max of %d",
608 MAX_CPUMASK_BITS);
609 return -1;
610 }
611
612 bitmap_set(cpu_index_map, cpu, 1);
613 return cpu;
614}
615
1c59eb39 616static void cpu_release_index(CPUState *cpu)
b7bca733 617{
b7bca733 618 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
b7bca733
BR		 619}
620#else
621
622static int cpu_get_free_index(Error **errp)
623{
624 CPUState *some_cpu;
625 int cpu_index = 0;
626
627 CPU_FOREACH(some_cpu) {
628 cpu_index++;
629 }
630 return cpu_index;
631}
632
1c59eb39 633static void cpu_release_index(CPUState *cpu)
b7bca733 634{
1c59eb39 635 return;
b7bca733
BR		 636}
637#endif
638
1c59eb39
BR		 639void cpu_exec_exit(CPUState *cpu)
640{
9dfeca7c
BR		 641 CPUClass *cc = CPU_GET_CLASS(cpu);
642
1c59eb39
BR		 643#if defined(CONFIG_USER_ONLY)
644 cpu_list_lock();
645#endif
646 if (cpu->cpu_index == -1) {
647 /* cpu_index was never allocated by this @cpu or was already freed. */
648#if defined(CONFIG_USER_ONLY)
649 cpu_list_unlock();
650#endif
651 return;
652 }
653
654 QTAILQ_REMOVE(&cpus, cpu, node);
655 cpu_release_index(cpu);
656 cpu->cpu_index = -1;
657#if defined(CONFIG_USER_ONLY)
658 cpu_list_unlock();
659#endif
9dfeca7c
BR		 660
661 if (cc->vmsd != NULL) {
662 vmstate_unregister(NULL, cc->vmsd, cpu);
663 }
664 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
665 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
666 }
1c59eb39
BR		 667}
668
4bad9e39 669void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 670{
b170fce3 671 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 672 Error *local_err = NULL;
5b6dd868 673
56943e8c 674 cpu->as = NULL;
12ebc9a7 675 cpu->num_ases = 0;
56943e8c 676
291135b5 677#ifndef CONFIG_USER_ONLY
291135b5 678 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 679
680 /* This is a softmmu CPU object, so create a property for it
681 * so users can wire up its memory. (This can't go in qom/cpu.c
682 * because that file is compiled only once for both user-mode
683 * and system builds.) The default if no link is set up is to use
684 * the system address space.
685 */
686 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
687 (Object **)&cpu->memory,
688 qdev_prop_allow_set_link_before_realize,
689 OBJ_PROP_LINK_UNREF_ON_RELEASE,
690 &error_abort);
691 cpu->memory = system_memory;
692 object_ref(OBJECT(cpu->memory));
291135b5
EH		 693#endif
694
5b6dd868
BS		 695#if defined(CONFIG_USER_ONLY)
696 cpu_list_lock();
697#endif
741da0d3 698 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 699 if (local_err) {
700 error_propagate(errp, local_err);
701#if defined(CONFIG_USER_ONLY)
702 cpu_list_unlock();
703#endif
704 return;
5b6dd868 705 }
bdc44640 706 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 707#if defined(CONFIG_USER_ONLY)
741da0d3 708 (void) cc;
5b6dd868 709 cpu_list_unlock();
741da0d3 710#else
e0d47944 711 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 712 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 713 }
b170fce3 714 if (cc->vmsd != NULL) {
741da0d3 715 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 716 }
741da0d3 717#endif
ea041c0e
FB		 718}
719
94df27fd 720#if defined(CONFIG_USER_ONLY)
00b941e5 721static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 722{
723 tb_invalidate_phys_page_range(pc, pc + 1, 0);
724}
725#else
00b941e5 726static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 727{
5232e4c7
PM		 728 MemTxAttrs attrs;
729 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
730 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 731 if (phys != -1) {
5232e4c7 732 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 733 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 734 }
1e7855a5 735}
c27004ec 736#endif
d720b93d 737
c527ee8f 738#if defined(CONFIG_USER_ONLY)
75a34036 739void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 740
741{
742}
743
3ee887e8
PM		 744int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
745 int flags)
746{
747 return -ENOSYS;
748}
749
750void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
751{
752}
753
75a34036 754int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 755 int flags, CPUWatchpoint **watchpoint)
756{
757 return -ENOSYS;
758}
759#else
6658ffb8 760/* Add a watchpoint. */
75a34036 761int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 762 int flags, CPUWatchpoint **watchpoint)
6658ffb8 763{
c0ce998e 764 CPUWatchpoint *wp;
6658ffb8 765
05068c0d 766 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 767 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 768 error_report("tried to set invalid watchpoint at %"
769 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 770 return -EINVAL;
771 }
7267c094 772 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 773
774 wp->vaddr = addr;
05068c0d 775 wp->len = len;
a1d1bb31
AL		 776 wp->flags = flags;
777
2dc9f411 778 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 779 if (flags & BP_GDB) {
780 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
781 } else {
782 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
783 }
6658ffb8 784
31b030d4 785 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 786
787 if (watchpoint)
788 *watchpoint = wp;
789 return 0;
6658ffb8
PB		 790}
791
a1d1bb31 792/* Remove a specific watchpoint. */
75a34036 793int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 794 int flags)
6658ffb8 795{
a1d1bb31 796 CPUWatchpoint *wp;
6658ffb8 797
ff4700b0 798 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 799 if (addr == wp->vaddr && len == wp->len
6e140f28 800 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 801 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 802 return 0;
803 }
804 }
a1d1bb31 805 return -ENOENT;
6658ffb8
PB		 806}
807
a1d1bb31 808/* Remove a specific watchpoint by reference. */
75a34036 809void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 810{
ff4700b0 811 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 812
31b030d4 813 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 814
7267c094 815 g_free(watchpoint);
a1d1bb31
AL		 816}
817
818/* Remove all matching watchpoints. */
75a34036 819void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 820{
c0ce998e 821 CPUWatchpoint *wp, *next;
a1d1bb31 822
ff4700b0 823 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 824 if (wp->flags & mask) {
825 cpu_watchpoint_remove_by_ref(cpu, wp);
826 }
c0ce998e 827 }
7d03f82f 828}
05068c0d
PM		 829
830/* Return true if this watchpoint address matches the specified
831 * access (ie the address range covered by the watchpoint overlaps
832 * partially or completely with the address range covered by the
833 * access).
834 */
835static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
836 vaddr addr,
837 vaddr len)
838{
839 /* We know the lengths are non-zero, but a little caution is
840 * required to avoid errors in the case where the range ends
841 * exactly at the top of the address space and so addr + len
842 * wraps round to zero.
843 */
844 vaddr wpend = wp->vaddr + wp->len - 1;
845 vaddr addrend = addr + len - 1;
846
847 return !(addr > wpend || wp->vaddr > addrend);
848}
849
c527ee8f 850#endif
7d03f82f 851
a1d1bb31 852/* Add a breakpoint. */
b3310ab3 853int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 854 CPUBreakpoint **breakpoint)
4c3a88a2 855{
c0ce998e 856 CPUBreakpoint *bp;
3b46e624 857
7267c094 858 bp = g_malloc(sizeof(*bp));
4c3a88a2 859
a1d1bb31
AL		 860 bp->pc = pc;
861 bp->flags = flags;
862
2dc9f411 863 /* keep all GDB-injected breakpoints in front */
00b941e5 864 if (flags & BP_GDB) {
f0c3c505 865 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 866 } else {
f0c3c505 867 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 868 }
3b46e624 869
f0c3c505 870 breakpoint_invalidate(cpu, pc);
a1d1bb31 871
00b941e5 872 if (breakpoint) {
a1d1bb31 873 *breakpoint = bp;
00b941e5 874 }
4c3a88a2 875 return 0;
4c3a88a2
FB		 876}
877
a1d1bb31 878/* Remove a specific breakpoint. */
b3310ab3 879int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 880{
a1d1bb31
AL		 881 CPUBreakpoint *bp;
882
f0c3c505 883 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 884 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 885 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 886 return 0;
887 }
7d03f82f 888 }
a1d1bb31 889 return -ENOENT;
7d03f82f
EI		 890}
891
a1d1bb31 892/* Remove a specific breakpoint by reference. */
b3310ab3 893void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 894{
f0c3c505
AF		 895 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
896
897 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 898
7267c094 899 g_free(breakpoint);
a1d1bb31
AL		 900}
901
902/* Remove all matching breakpoints. */
b3310ab3 903void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 904{
c0ce998e 905 CPUBreakpoint *bp, *next;
a1d1bb31 906
f0c3c505 907 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 908 if (bp->flags & mask) {
909 cpu_breakpoint_remove_by_ref(cpu, bp);
910 }
c0ce998e 911 }
4c3a88a2
FB		 912}
913
c33a346e
FB		 914/* enable or disable single step mode. EXCP_DEBUG is returned by the
915 CPU loop after each instruction */
3825b28f 916void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 917{
ed2803da
AF		 918 if (cpu->singlestep_enabled != enabled) {
919 cpu->singlestep_enabled = enabled;
920 if (kvm_enabled()) {
38e478ec 921 kvm_update_guest_debug(cpu, 0);
ed2803da 922 } else {
ccbb4d44 923 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 924 /* XXX: only flush what is necessary */
bbd77c18 925 tb_flush(cpu);
e22a25c9 926 }
c33a346e 927 }
c33a346e
FB		 928}
929
a47dddd7 930void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 931{
932 va_list ap;
493ae1f0 933 va_list ap2;
7501267e
FB		 934
935 va_start(ap, fmt);
493ae1f0 936 va_copy(ap2, ap);
7501267e
FB		 937 fprintf(stderr, "qemu: fatal: ");
938 vfprintf(stderr, fmt, ap);
939 fprintf(stderr, "\n");
878096ee 940 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 941 if (qemu_log_separate()) {
93fcfe39
AL		 942 qemu_log("qemu: fatal: ");
943 qemu_log_vprintf(fmt, ap2);
944 qemu_log("\n");
a0762859 945 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 946 qemu_log_flush();
93fcfe39 947 qemu_log_close();
924edcae 948 }
493ae1f0 949 va_end(ap2);
f9373291 950 va_end(ap);
7615936e 951 replay_finish();
fd052bf6
RV		 952#if defined(CONFIG_USER_ONLY)
953 {
954 struct sigaction act;
955 sigfillset(&act.sa_mask);
956 act.sa_handler = SIG_DFL;
957 sigaction(SIGABRT, &act, NULL);
958 }
959#endif
7501267e
FB		 960 abort();
961}
962
0124311e 963#if !defined(CONFIG_USER_ONLY)
0dc3f44a 964/* Called from RCU critical section */
041603fe
PB		 965static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
966{
967 RAMBlock *block;
968
43771539 969 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 970 if (block && addr - block->offset < block->max_length) {
68851b98 971 return block;
041603fe 972 }
0dc3f44a 973 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 974 if (addr - block->offset < block->max_length) {
041603fe
PB		 975 goto found;
976 }
977 }
978
979 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
980 abort();
981
982found:
43771539
PB		 983 /* It is safe to write mru_block outside the iothread lock. This
984 * is what happens:
985 *
986 * mru_block = xxx
987 * rcu_read_unlock()
988 * xxx removed from list
989 * rcu_read_lock()
990 * read mru_block
991 * mru_block = NULL;
992 * call_rcu(reclaim_ramblock, xxx);
993 * rcu_read_unlock()
994 *
995 * atomic_rcu_set is not needed here. The block was already published
996 * when it was placed into the list. Here we're just making an extra
997 * copy of the pointer.
998 */
041603fe
PB		 999 ram_list.mru_block = block;
1000 return block;
1001}
1002
a2f4d5be 1003static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 1004{
9a13565d 1005 CPUState *cpu;
041603fe 1006 ram_addr_t start1;
a2f4d5be
JQ		 1007 RAMBlock *block;
1008 ram_addr_t end;
1009
1010 end = TARGET_PAGE_ALIGN(start + length);
1011 start &= TARGET_PAGE_MASK;
d24981d3 1012
0dc3f44a 1013 rcu_read_lock();
041603fe
PB		 1014 block = qemu_get_ram_block(start);
1015 assert(block == qemu_get_ram_block(end - 1));
1240be24 1016 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 1017 CPU_FOREACH(cpu) {
1018 tlb_reset_dirty(cpu, start1, length);
1019 }
0dc3f44a 1020 rcu_read_unlock();
d24981d3
JQ		 1021}
1022
5579c7f3 1023/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 1024bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
1025 ram_addr_t length,
1026 unsigned client)
1ccde1cb 1027{
5b82b703 1028 DirtyMemoryBlocks *blocks;
03eebc9e 1029 unsigned long end, page;
5b82b703 1030 bool dirty = false;
03eebc9e
SH		 1031
1032 if (length == 0) {
1033 return false;
1034 }
f23db169 1035
03eebc9e
SH		 1036 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1037 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1038
1039 rcu_read_lock();
1040
1041 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1042
1043 while (page < end) {
1044 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1045 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1046 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1047
1048 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1049 offset, num);
1050 page += num;
1051 }
1052
1053 rcu_read_unlock();
03eebc9e
SH		 1054
1055 if (dirty && tcg_enabled()) {
a2f4d5be 1056 tlb_reset_dirty_range_all(start, length);
5579c7f3 1057 }
03eebc9e
SH		 1058
1059 return dirty;
1ccde1cb
FB		 1060}
1061
79e2b9ae 1062/* Called from RCU critical section */
bb0e627a 1063hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1064 MemoryRegionSection *section,
1065 target_ulong vaddr,
1066 hwaddr paddr, hwaddr xlat,
1067 int prot,
1068 target_ulong *address)
e5548617 1069{
a8170e5e 1070 hwaddr iotlb;
e5548617
BS		 1071 CPUWatchpoint *wp;
1072
cc5bea60 1073 if (memory_region_is_ram(section->mr)) {
e5548617 1074 /* Normal RAM. */
e4e69794 1075 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1076 if (!section->readonly) {
b41aac4f 1077 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1078 } else {
b41aac4f 1079 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1080 }
1081 } else {
0b8e2c10
PM		 1082 AddressSpaceDispatch *d;
1083
1084 d = atomic_rcu_read(&section->address_space->dispatch);
1085 iotlb = section - d->map.sections;
149f54b5 1086 iotlb += xlat;
e5548617
BS		 1087 }
1088
1089 /* Make accesses to pages with watchpoints go via the
1090 watchpoint trap routines. */
ff4700b0 1091 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1092 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1093 /* Avoid trapping reads of pages with a write breakpoint. */
1094 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1095 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1096 *address |= TLB_MMIO;
1097 break;
1098 }
1099 }
1100 }
1101
1102 return iotlb;
1103}
9fa3e853
FB		 1104#endif /* defined(CONFIG_USER_ONLY) */
1105
e2eef170 1106#if !defined(CONFIG_USER_ONLY)
8da3ff18 1107
c227f099 1108static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1109 uint16_t section);
acc9d80b 1110static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1111
a2b257d6
IM		 1112static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1113 qemu_anon_ram_alloc;
91138037
MA		 1114
1115/*
1116 * Set a custom physical guest memory alloator.
1117 * Accelerators with unusual needs may need this. Hopefully, we can
1118 * get rid of it eventually.
1119 */
a2b257d6 1120void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1121{
1122 phys_mem_alloc = alloc;
1123}
1124
53cb28cb
MA		 1125static uint16_t phys_section_add(PhysPageMap *map,
1126 MemoryRegionSection *section)
5312bd8b 1127{
68f3f65b
PB		 1128 /* The physical section number is ORed with a page-aligned
1129 * pointer to produce the iotlb entries. Thus it should
1130 * never overflow into the page-aligned value.
1131 */
53cb28cb 1132 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1133
53cb28cb
MA		 1134 if (map->sections_nb == map->sections_nb_alloc) {
1135 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1136 map->sections = g_renew(MemoryRegionSection, map->sections,
1137 map->sections_nb_alloc);
5312bd8b 1138 }
53cb28cb 1139 map->sections[map->sections_nb] = *section;
dfde4e6e 1140 memory_region_ref(section->mr);
53cb28cb 1141 return map->sections_nb++;
5312bd8b
AK		 1142}
1143
058bc4b5
PB		 1144static void phys_section_destroy(MemoryRegion *mr)
1145{
55b4e80b
DS		 1146 bool have_sub_page = mr->subpage;
1147
dfde4e6e
PB		 1148 memory_region_unref(mr);
1149
55b4e80b 1150 if (have_sub_page) {
058bc4b5 1151 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1152 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1153 g_free(subpage);
1154 }
1155}
1156
6092666e 1157static void phys_sections_free(PhysPageMap *map)
5312bd8b 1158{
9affd6fc
PB		 1159 while (map->sections_nb > 0) {
1160 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1161 phys_section_destroy(section->mr);
1162 }
9affd6fc
PB		 1163 g_free(map->sections);
1164 g_free(map->nodes);
5312bd8b
AK		 1165}
1166
ac1970fb 1167static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1168{
1169 subpage_t *subpage;
a8170e5e 1170 hwaddr base = section->offset_within_address_space
0f0cb164 1171 & TARGET_PAGE_MASK;
97115a8d 1172 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1173 d->map.nodes, d->map.sections);
0f0cb164
AK		 1174 MemoryRegionSection subsection = {
1175 .offset_within_address_space = base,
052e87b0 1176 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1177 };
a8170e5e 1178 hwaddr start, end;
0f0cb164 1179
f3705d53 1180 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1181
f3705d53 1182 if (!(existing->mr->subpage)) {
acc9d80b 1183 subpage = subpage_init(d->as, base);
3be91e86 1184 subsection.address_space = d->as;
0f0cb164 1185 subsection.mr = &subpage->iomem;
ac1970fb 1186 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1187 phys_section_add(&d->map, &subsection));
0f0cb164 1188 } else {
f3705d53 1189 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1190 }
1191 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1192 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1193 subpage_register(subpage, start, end,
1194 phys_section_add(&d->map, section));
0f0cb164
AK		 1195}
1196
1197
052e87b0
PB		 1198static void register_multipage(AddressSpaceDispatch *d,
1199 MemoryRegionSection *section)
33417e70 1200{
a8170e5e 1201 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1202 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1203 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1204 TARGET_PAGE_BITS));
dd81124b 1205
733d5ef5
PB		 1206 assert(num_pages);
1207 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1208}
1209
ac1970fb 1210static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1211{
89ae337a 1212 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1213 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1214 MemoryRegionSection now = *section, remain = *section;
052e87b0 1215 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1216
733d5ef5
PB		 1217 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1218 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1219 - now.offset_within_address_space;
1220
052e87b0 1221 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1222 register_subpage(d, &now);
733d5ef5 1223 } else {
052e87b0 1224 now.size = int128_zero();
733d5ef5 1225 }
052e87b0
PB		 1226 while (int128_ne(remain.size, now.size)) {
1227 remain.size = int128_sub(remain.size, now.size);
1228 remain.offset_within_address_space += int128_get64(now.size);
1229 remain.offset_within_region += int128_get64(now.size);
69b67646 1230 now = remain;
052e87b0 1231 if (int128_lt(remain.size, page_size)) {
733d5ef5 1232 register_subpage(d, &now);
88266249 1233 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1234 now.size = page_size;
ac1970fb 1235 register_subpage(d, &now);
69b67646 1236 } else {
052e87b0 1237 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1238 register_multipage(d, &now);
69b67646 1239 }
0f0cb164
AK		 1240 }
1241}
1242
62a2744c
SY		 1243void qemu_flush_coalesced_mmio_buffer(void)
1244{
1245 if (kvm_enabled())
1246 kvm_flush_coalesced_mmio_buffer();
1247}
1248
b2a8658e
UD		 1249void qemu_mutex_lock_ramlist(void)
1250{
1251 qemu_mutex_lock(&ram_list.mutex);
1252}
1253
1254void qemu_mutex_unlock_ramlist(void)
1255{
1256 qemu_mutex_unlock(&ram_list.mutex);
1257}
1258
e1e84ba0 1259#ifdef __linux__
04b16653
AW		 1260static void *file_ram_alloc(RAMBlock *block,
1261 ram_addr_t memory,
7f56e740
PB		 1262 const char *path,
1263 Error **errp)
c902760f 1264{
fd97fd44 1265 bool unlink_on_error = false;
c902760f 1266 char *filename;
8ca761f6
PF		 1267 char *sanitized_name;
1268 char *c;
794e8f30 1269 void *area;
5c3ece79 1270 int fd = -1;
e1fb6471 1271 int64_t page_size;
c902760f
MT		 1272
1273 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1274 error_setg(errp,
1275 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1276 return NULL;
c902760f
MT		 1277 }
1278
fd97fd44
MA		 1279 for (;;) {
1280 fd = open(path, O_RDWR);
1281 if (fd >= 0) {
1282 /* @path names an existing file, use it */
1283 break;
8d31d6b6 1284 }
fd97fd44
MA		 1285 if (errno == ENOENT) {
1286 /* @path names a file that doesn't exist, create it */
1287 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1288 if (fd >= 0) {
1289 unlink_on_error = true;
1290 break;
1291 }
1292 } else if (errno == EISDIR) {
1293 /* @path names a directory, create a file there */
1294 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1295 sanitized_name = g_strdup(memory_region_name(block->mr));
1296 for (c = sanitized_name; *c != '\0'; c++) {
1297 if (*c == '/') {
1298 *c = '_';
1299 }
1300 }
8ca761f6 1301
fd97fd44
MA		 1302 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1303 sanitized_name);
1304 g_free(sanitized_name);
8d31d6b6 1305
fd97fd44
MA		 1306 fd = mkstemp(filename);
1307 if (fd >= 0) {
1308 unlink(filename);
1309 g_free(filename);
1310 break;
1311 }
1312 g_free(filename);
8d31d6b6 1313 }
fd97fd44
MA		 1314 if (errno != EEXIST && errno != EINTR) {
1315 error_setg_errno(errp, errno,
1316 "can't open backing store %s for guest RAM",
1317 path);
1318 goto error;
1319 }
1320 /*
1321 * Try again on EINTR and EEXIST. The latter happens when
1322 * something else creates the file between our two open().
1323 */
8d31d6b6 1324 }
c902760f 1325
e1fb6471 1326 page_size = qemu_fd_getpagesize(fd);
d2f39add 1327 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1328
e1fb6471 1329 if (memory < page_size) {
fd97fd44
MA		 1330 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1331 "or larger than page size 0x%" PRIx64,
e1fb6471 1332 memory, page_size);
f9a49dfa 1333 goto error;
c902760f 1334 }
c902760f 1335
e1fb6471 1336 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1337
1338 /*
1339 * ftruncate is not supported by hugetlbfs in older
1340 * hosts, so don't bother bailing out on errors.
1341 * If anything goes wrong with it under other filesystems,
1342 * mmap will fail.
1343 */
7f56e740 1344 if (ftruncate(fd, memory)) {
9742bf26 1345 perror("ftruncate");
7f56e740 1346 }
c902760f 1347
d2f39add
DD		 1348 area = qemu_ram_mmap(fd, memory, block->mr->align,
1349 block->flags & RAM_SHARED);
c902760f 1350 if (area == MAP_FAILED) {
7f56e740 1351 error_setg_errno(errp, errno,
fd97fd44 1352 "unable to map backing store for guest RAM");
f9a49dfa 1353 goto error;
c902760f 1354 }
ef36fa14
MT		 1355
1356 if (mem_prealloc) {
38183310 1357 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1358 }
1359
04b16653 1360 block->fd = fd;
c902760f 1361 return area;
f9a49dfa
MT		 1362
1363error:
fd97fd44
MA		 1364 if (unlink_on_error) {
1365 unlink(path);
1366 }
5c3ece79
PB		 1367 if (fd != -1) {
1368 close(fd);
1369 }
f9a49dfa 1370 return NULL;
c902760f
MT		 1371}
1372#endif
1373
0dc3f44a 1374/* Called with the ramlist lock held. */
d17b5288 1375static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1376{
1377 RAMBlock *block, *next_block;
3e837b2c 1378 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1379
49cd9ac6
SH		 1380 assert(size != 0); /* it would hand out same offset multiple times */
1381
0dc3f44a 1382 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1383 return 0;
0d53d9fe 1384 }
04b16653 1385
0dc3f44a 1386 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1387 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1388
62be4e3a 1389 end = block->offset + block->max_length;
04b16653 1390
0dc3f44a 1391 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1392 if (next_block->offset >= end) {
1393 next = MIN(next, next_block->offset);
1394 }
1395 }
1396 if (next - end >= size && next - end < mingap) {
3e837b2c 1397 offset = end;
04b16653
AW		 1398 mingap = next - end;
1399 }
1400 }
3e837b2c
AW		 1401
1402 if (offset == RAM_ADDR_MAX) {
1403 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1404 (uint64_t)size);
1405 abort();
1406 }
1407
04b16653
AW		 1408 return offset;
1409}
1410
652d7ec2 1411ram_addr_t last_ram_offset(void)
d17b5288
AW		 1412{
1413 RAMBlock *block;
1414 ram_addr_t last = 0;
1415
0dc3f44a
MD		 1416 rcu_read_lock();
1417 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1418 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1419 }
0dc3f44a 1420 rcu_read_unlock();
d17b5288
AW		 1421 return last;
1422}
1423
ddb97f1d
JB		 1424static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1425{
1426 int ret;
ddb97f1d
JB		 1427
1428 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1429 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1430 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1431 if (ret) {
1432 perror("qemu_madvise");
1433 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1434 "but dump_guest_core=off specified\n");
1435 }
1436 }
1437}
1438
422148d3
DDAG		 1439const char *qemu_ram_get_idstr(RAMBlock *rb)
1440{
1441 return rb->idstr;
1442}
1443
ae3a7047 1444/* Called with iothread lock held. */
fa53a0e5 1445void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1446{
fa53a0e5 1447 RAMBlock *block;
20cfe881 1448
c5705a77
AK		 1449 assert(new_block);
1450 assert(!new_block->idstr[0]);
84b89d78 1451
09e5ab63
AL		 1452 if (dev) {
1453 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1454 if (id) {
1455 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1456 g_free(id);
84b89d78
CM		 1457 }
1458 }
1459 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1460
ab0a9956 1461 rcu_read_lock();
0dc3f44a 1462 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1463 if (block != new_block &&
1464 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1465 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1466 new_block->idstr);
1467 abort();
1468 }
1469 }
0dc3f44a 1470 rcu_read_unlock();
c5705a77
AK		 1471}
1472
ae3a7047 1473/* Called with iothread lock held. */
fa53a0e5 1474void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1475{
ae3a7047
MD		 1476 /* FIXME: arch_init.c assumes that this is not called throughout
1477 * migration. Ignore the problem since hot-unplug during migration
1478 * does not work anyway.
1479 */
20cfe881
HT		 1480 if (block) {
1481 memset(block->idstr, 0, sizeof(block->idstr));
1482 }
1483}
1484
8490fc78
LC		 1485static int memory_try_enable_merging(void *addr, size_t len)
1486{
75cc7f01 1487 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1488 /* disabled by the user */
1489 return 0;
1490 }
1491
1492 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1493}
1494
62be4e3a
MT		 1495/* Only legal before guest might have detected the memory size: e.g. on
1496 * incoming migration, or right after reset.
1497 *
1498 * As memory core doesn't know how is memory accessed, it is up to
1499 * resize callback to update device state and/or add assertions to detect
1500 * misuse, if necessary.
1501 */
fa53a0e5 1502int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1503{
62be4e3a
MT		 1504 assert(block);
1505
4ed023ce 1506 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1507
62be4e3a
MT		 1508 if (block->used_length == newsize) {
1509 return 0;
1510 }
1511
1512 if (!(block->flags & RAM_RESIZEABLE)) {
1513 error_setg_errno(errp, EINVAL,
1514 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1515 " in != 0x" RAM_ADDR_FMT, block->idstr,
1516 newsize, block->used_length);
1517 return -EINVAL;
1518 }
1519
1520 if (block->max_length < newsize) {
1521 error_setg_errno(errp, EINVAL,
1522 "Length too large: %s: 0x" RAM_ADDR_FMT
1523 " > 0x" RAM_ADDR_FMT, block->idstr,
1524 newsize, block->max_length);
1525 return -EINVAL;
1526 }
1527
1528 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1529 block->used_length = newsize;
58d2707e
PB		 1530 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1531 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1532 memory_region_set_size(block->mr, newsize);
1533 if (block->resized) {
1534 block->resized(block->idstr, newsize, block->host);
1535 }
1536 return 0;
1537}
1538
5b82b703
SH		 1539/* Called with ram_list.mutex held */
1540static void dirty_memory_extend(ram_addr_t old_ram_size,
1541 ram_addr_t new_ram_size)
1542{
1543 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1544 DIRTY_MEMORY_BLOCK_SIZE);
1545 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1546 DIRTY_MEMORY_BLOCK_SIZE);
1547 int i;
1548
1549 /* Only need to extend if block count increased */
1550 if (new_num_blocks <= old_num_blocks) {
1551 return;
1552 }
1553
1554 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1555 DirtyMemoryBlocks *old_blocks;
1556 DirtyMemoryBlocks *new_blocks;
1557 int j;
1558
1559 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1560 new_blocks = g_malloc(sizeof(*new_blocks) +
1561 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1562
1563 if (old_num_blocks) {
1564 memcpy(new_blocks->blocks, old_blocks->blocks,
1565 old_num_blocks * sizeof(old_blocks->blocks[0]));
1566 }
1567
1568 for (j = old_num_blocks; j < new_num_blocks; j++) {
1569 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1570 }
1571
1572 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1573
1574 if (old_blocks) {
1575 g_free_rcu(old_blocks, rcu);
1576 }
1577 }
1578}
1579
528f46af 1580static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1581{
e1c57ab8 1582 RAMBlock *block;
0d53d9fe 1583 RAMBlock *last_block = NULL;
2152f5ca 1584 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1585 Error *err = NULL;
2152f5ca
JQ		 1586
1587 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1588
b2a8658e 1589 qemu_mutex_lock_ramlist();
9b8424d5 1590 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1591
1592 if (!new_block->host) {
1593 if (xen_enabled()) {
9b8424d5 1594 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1595 new_block->mr, &err);
1596 if (err) {
1597 error_propagate(errp, err);
1598 qemu_mutex_unlock_ramlist();
39c350ee 1599 return;
37aa7a0e 1600 }
e1c57ab8 1601 } else {
9b8424d5 1602 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1603 &new_block->mr->align);
39228250 1604 if (!new_block->host) {
ef701d7b
HT		 1605 error_setg_errno(errp, errno,
1606 "cannot set up guest memory '%s'",
1607 memory_region_name(new_block->mr));
1608 qemu_mutex_unlock_ramlist();
39c350ee 1609 return;
39228250 1610 }
9b8424d5 1611 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1612 }
c902760f 1613 }
94a6b54f 1614
dd631697
LZ		 1615 new_ram_size = MAX(old_ram_size,
1616 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1617 if (new_ram_size > old_ram_size) {
1618 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1619 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1620 }
0d53d9fe
MD		 1621 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1622 * QLIST (which has an RCU-friendly variant) does not have insertion at
1623 * tail, so save the last element in last_block.
1624 */
0dc3f44a 1625 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1626 last_block = block;
9b8424d5 1627 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1628 break;
1629 }
1630 }
1631 if (block) {
0dc3f44a 1632 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1633 } else if (last_block) {
0dc3f44a 1634 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1635 } else { /* list is empty */
0dc3f44a 1636 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1637 }
0d6d3c87 1638 ram_list.mru_block = NULL;
94a6b54f 1639
0dc3f44a
MD		 1640 /* Write list before version */
1641 smp_wmb();
f798b07f 1642 ram_list.version++;
b2a8658e 1643 qemu_mutex_unlock_ramlist();
f798b07f 1644
9b8424d5 1645 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1646 new_block->used_length,
1647 DIRTY_CLIENTS_ALL);
94a6b54f 1648
a904c911
PB		 1649 if (new_block->host) {
1650 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1651 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1652 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1653 if (kvm_enabled()) {
1654 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1655 }
e1c57ab8 1656 }
94a6b54f 1657}
e9a1ab19 1658
0b183fc8 1659#ifdef __linux__
528f46af
FZ		 1660RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1661 bool share, const char *mem_path,
1662 Error **errp)
e1c57ab8
PB		 1663{
1664 RAMBlock *new_block;
ef701d7b 1665 Error *local_err = NULL;
e1c57ab8
PB		 1666
1667 if (xen_enabled()) {
7f56e740 1668 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1669 return NULL;
e1c57ab8
PB		 1670 }
1671
1672 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1673 /*
1674 * file_ram_alloc() needs to allocate just like
1675 * phys_mem_alloc, but we haven't bothered to provide
1676 * a hook there.
1677 */
7f56e740
PB		 1678 error_setg(errp,
1679 "-mem-path not supported with this accelerator");
528f46af 1680 return NULL;
e1c57ab8
PB		 1681 }
1682
4ed023ce 1683 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1684 new_block = g_malloc0(sizeof(*new_block));
1685 new_block->mr = mr;
9b8424d5
MT		 1686 new_block->used_length = size;
1687 new_block->max_length = size;
dbcb8981 1688 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1689 new_block->host = file_ram_alloc(new_block, size,
1690 mem_path, errp);
1691 if (!new_block->host) {
1692 g_free(new_block);
528f46af 1693 return NULL;
7f56e740
PB		 1694 }
1695
528f46af 1696 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1697 if (local_err) {
1698 g_free(new_block);
1699 error_propagate(errp, local_err);
528f46af 1700 return NULL;
ef701d7b 1701 }
528f46af 1702 return new_block;
e1c57ab8 1703}
0b183fc8 1704#endif
e1c57ab8 1705
62be4e3a 1706static
528f46af
FZ		 1707RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1708 void (*resized)(const char*,
1709 uint64_t length,
1710 void *host),
1711 void *host, bool resizeable,
1712 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1713{
1714 RAMBlock *new_block;
ef701d7b 1715 Error *local_err = NULL;
e1c57ab8 1716
4ed023ce
DDAG		 1717 size = HOST_PAGE_ALIGN(size);
1718 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1719 new_block = g_malloc0(sizeof(*new_block));
1720 new_block->mr = mr;
62be4e3a 1721 new_block->resized = resized;
9b8424d5
MT		 1722 new_block->used_length = size;
1723 new_block->max_length = max_size;
62be4e3a 1724 assert(max_size >= size);
e1c57ab8
PB		 1725 new_block->fd = -1;
1726 new_block->host = host;
1727 if (host) {
7bd4f430 1728 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1729 }
62be4e3a
MT		 1730 if (resizeable) {
1731 new_block->flags |= RAM_RESIZEABLE;
1732 }
528f46af 1733 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1734 if (local_err) {
1735 g_free(new_block);
1736 error_propagate(errp, local_err);
528f46af 1737 return NULL;
ef701d7b 1738 }
528f46af 1739 return new_block;
e1c57ab8
PB		 1740}
1741
528f46af 1742RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1743 MemoryRegion *mr, Error **errp)
1744{
1745 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1746}
1747
528f46af 1748RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1749{
62be4e3a
MT		 1750 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1751}
1752
528f46af 1753RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1754 void (*resized)(const char*,
1755 uint64_t length,
1756 void *host),
1757 MemoryRegion *mr, Error **errp)
1758{
1759 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1760}
1761
43771539
PB		 1762static void reclaim_ramblock(RAMBlock *block)
1763{
1764 if (block->flags & RAM_PREALLOC) {
1765 ;
1766 } else if (xen_enabled()) {
1767 xen_invalidate_map_cache_entry(block->host);
1768#ifndef _WIN32
1769 } else if (block->fd >= 0) {
2f3a2bb1 1770 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1771 close(block->fd);
1772#endif
1773 } else {
1774 qemu_anon_ram_free(block->host, block->max_length);
1775 }
1776 g_free(block);
1777}
1778
f1060c55 1779void qemu_ram_free(RAMBlock *block)
e9a1ab19 1780{
85bc2a15
MAL		 1781 if (!block) {
1782 return;
1783 }
1784
b2a8658e 1785 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1786 QLIST_REMOVE_RCU(block, next);
1787 ram_list.mru_block = NULL;
1788 /* Write list before version */
1789 smp_wmb();
1790 ram_list.version++;
1791 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1792 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1793}
1794
cd19cfa2
HY		 1795#ifndef _WIN32
1796void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1797{
1798 RAMBlock *block;
1799 ram_addr_t offset;
1800 int flags;
1801 void *area, *vaddr;
1802
0dc3f44a 1803 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1804 offset = addr - block->offset;
9b8424d5 1805 if (offset < block->max_length) {
1240be24 1806 vaddr = ramblock_ptr(block, offset);
7bd4f430 1807 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1808 ;
dfeaf2ab
MA		 1809 } else if (xen_enabled()) {
1810 abort();
cd19cfa2
HY		 1811 } else {
1812 flags = MAP_FIXED;
3435f395 1813 if (block->fd >= 0) {
dbcb8981
PB		 1814 flags |= (block->flags & RAM_SHARED ?
1815 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1816 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1817 flags, block->fd, offset);
cd19cfa2 1818 } else {
2eb9fbaa
MA		 1819 /*
1820 * Remap needs to match alloc. Accelerators that
1821 * set phys_mem_alloc never remap. If they did,
1822 * we'd need a remap hook here.
1823 */
1824 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1825
cd19cfa2
HY		 1826 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1827 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1828 flags, -1, 0);
cd19cfa2
HY		 1829 }
1830 if (area != vaddr) {
f15fbc4b
AP		 1831 fprintf(stderr, "Could not remap addr: "
1832 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1833 length, addr);
1834 exit(1);
1835 }
8490fc78 1836 memory_try_enable_merging(vaddr, length);
ddb97f1d 1837 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1838 }
cd19cfa2
HY		 1839 }
1840 }
1841}
1842#endif /* !_WIN32 */
1843
1b5ec234 1844/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1845 * This should not be used for general purpose DMA. Use address_space_map
1846 * or address_space_rw instead. For local memory (e.g. video ram) that the
1847 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1848 *
49b24afc 1849 * Called within RCU critical section.
1b5ec234 1850 */
0878d0e1 1851void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1852{
3655cb9c
GA		 1853 RAMBlock *block = ram_block;
1854
1855 if (block == NULL) {
1856 block = qemu_get_ram_block(addr);
0878d0e1 1857 addr -= block->offset;
3655cb9c 1858 }
ae3a7047
MD		 1859
1860 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1861 /* We need to check if the requested address is in the RAM
1862 * because we don't want to map the entire memory in QEMU.
1863 * In that case just map until the end of the page.
1864 */
1865 if (block->offset == 0) {
49b24afc 1866 return xen_map_cache(addr, 0, 0);
0d6d3c87 1867 }
ae3a7047
MD		 1868
1869 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1870 }
0878d0e1 1871 return ramblock_ptr(block, addr);
dc828ca1
PB		 1872}
1873
0878d0e1 1874/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1875 * but takes a size argument.
0dc3f44a 1876 *
e81bcda5 1877 * Called within RCU critical section.
ae3a7047 1878 */
3655cb9c
GA		 1879static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1880 hwaddr *size)
38bee5dc 1881{
3655cb9c 1882 RAMBlock *block = ram_block;
8ab934f9
SS		 1883 if (*size == 0) {
1884 return NULL;
1885 }
e81bcda5 1886
3655cb9c
GA		 1887 if (block == NULL) {
1888 block = qemu_get_ram_block(addr);
0878d0e1 1889 addr -= block->offset;
3655cb9c 1890 }
0878d0e1 1891 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1892
1893 if (xen_enabled() && block->host == NULL) {
1894 /* We need to check if the requested address is in the RAM
1895 * because we don't want to map the entire memory in QEMU.
1896 * In that case just map the requested area.
1897 */
1898 if (block->offset == 0) {
1899 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1900 }
1901
e81bcda5 1902 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1903 }
e81bcda5 1904
0878d0e1 1905 return ramblock_ptr(block, addr);
38bee5dc
SS		 1906}
1907
422148d3
DDAG		 1908/*
1909 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1910 * in that RAMBlock.
1911 *
1912 * ptr: Host pointer to look up
1913 * round_offset: If true round the result offset down to a page boundary
1914 * *ram_addr: set to result ram_addr
1915 * *offset: set to result offset within the RAMBlock
1916 *
1917 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1918 *
1919 * By the time this function returns, the returned pointer is not protected
1920 * by RCU anymore. If the caller is not within an RCU critical section and
1921 * does not hold the iothread lock, it must have other means of protecting the
1922 * pointer, such as a reference to the region that includes the incoming
1923 * ram_addr_t.
1924 */
422148d3 1925RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1926 ram_addr_t *offset)
5579c7f3 1927{
94a6b54f
PB		 1928 RAMBlock *block;
1929 uint8_t *host = ptr;
1930
868bb33f 1931 if (xen_enabled()) {
f615f396 1932 ram_addr_t ram_addr;
0dc3f44a 1933 rcu_read_lock();
f615f396
PB		 1934 ram_addr = xen_ram_addr_from_mapcache(ptr);
1935 block = qemu_get_ram_block(ram_addr);
422148d3 1936 if (block) {
d6b6aec4 1937 *offset = ram_addr - block->offset;
422148d3 1938 }
0dc3f44a 1939 rcu_read_unlock();
422148d3 1940 return block;
712c2b41
SS		 1941 }
1942
0dc3f44a
MD		 1943 rcu_read_lock();
1944 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1945 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1946 goto found;
1947 }
1948
0dc3f44a 1949 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1950 /* This case append when the block is not mapped. */
1951 if (block->host == NULL) {
1952 continue;
1953 }
9b8424d5 1954 if (host - block->host < block->max_length) {
23887b79 1955 goto found;
f471a17e 1956 }
94a6b54f 1957 }
432d268c 1958
0dc3f44a 1959 rcu_read_unlock();
1b5ec234 1960 return NULL;
23887b79
PB		 1961
1962found:
422148d3
DDAG		 1963 *offset = (host - block->host);
1964 if (round_offset) {
1965 *offset &= TARGET_PAGE_MASK;
1966 }
0dc3f44a 1967 rcu_read_unlock();
422148d3
DDAG		 1968 return block;
1969}
1970
e3dd7493
DDAG		 1971/*
1972 * Finds the named RAMBlock
1973 *
1974 * name: The name of RAMBlock to find
1975 *
1976 * Returns: RAMBlock (or NULL if not found)
1977 */
1978RAMBlock *qemu_ram_block_by_name(const char *name)
1979{
1980 RAMBlock *block;
1981
1982 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1983 if (!strcmp(name, block->idstr)) {
1984 return block;
1985 }
1986 }
1987
1988 return NULL;
1989}
1990
422148d3
DDAG		 1991/* Some of the softmmu routines need to translate from a host pointer
1992 (typically a TLB entry) back to a ram offset. */
07bdaa41 1993ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1994{
1995 RAMBlock *block;
f615f396 1996 ram_addr_t offset;
422148d3 1997
f615f396 1998 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1999 if (!block) {
07bdaa41 2000 return RAM_ADDR_INVALID;
422148d3
DDAG		 2001 }
2002
07bdaa41 2003 return block->offset + offset;
e890261f 2004}
f471a17e 2005
49b24afc 2006/* Called within RCU critical section. */
a8170e5e 2007static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2008 uint64_t val, unsigned size)
9fa3e853 2009{
52159192 2010 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2011 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2012 }
0e0df1e2
AK		 2013 switch (size) {
2014 case 1:
0878d0e1 2015 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2016 break;
2017 case 2:
0878d0e1 2018 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2019 break;
2020 case 4:
0878d0e1 2021 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2022 break;
2023 default:
2024 abort();
3a7d929e 2025 }
58d2707e
PB		 2026 /* Set both VGA and migration bits for simplicity and to remove
2027 * the notdirty callback faster.
2028 */
2029 cpu_physical_memory_set_dirty_range(ram_addr, size,
2030 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2031 /* we remove the notdirty callback only if the code has been
2032 flushed */
a2cd8c85 2033 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2034 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2035 }
9fa3e853
FB		 2036}
2037
b018ddf6
PB		 2038static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2039 unsigned size, bool is_write)
2040{
2041 return is_write;
2042}
2043
0e0df1e2 2044static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2045 .write = notdirty_mem_write,
b018ddf6 2046 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2047 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2048};
2049
0f459d16 2050/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2051static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2052{
93afeade 2053 CPUState *cpu = current_cpu;
568496c0 2054 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2055 CPUArchState *env = cpu->env_ptr;
06d55cc1 2056 target_ulong pc, cs_base;
0f459d16 2057 target_ulong vaddr;
a1d1bb31 2058 CPUWatchpoint *wp;
89fee74a 2059 uint32_t cpu_flags;
0f459d16 2060
ff4700b0 2061 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2062 /* We re-entered the check after replacing the TB. Now raise
2063 * the debug interrupt so that is will trigger after the
2064 * current instruction. */
93afeade 2065 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2066 return;
2067 }
93afeade 2068 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2069 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2070 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2071 && (wp->flags & flags)) {
08225676
PM		 2072 if (flags == BP_MEM_READ) {
2073 wp->flags |= BP_WATCHPOINT_HIT_READ;
2074 } else {
2075 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2076 }
2077 wp->hitaddr = vaddr;
66b9b43c 2078 wp->hitattrs = attrs;
ff4700b0 2079 if (!cpu->watchpoint_hit) {
568496c0
SF		 2080 if (wp->flags & BP_CPU &&
2081 !cc->debug_check_watchpoint(cpu, wp)) {
2082 wp->flags &= ~BP_WATCHPOINT_HIT;
2083 continue;
2084 }
ff4700b0 2085 cpu->watchpoint_hit = wp;
239c51a5 2086 tb_check_watchpoint(cpu);
6e140f28 2087 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2088 cpu->exception_index = EXCP_DEBUG;
5638d180 2089 cpu_loop_exit(cpu);
6e140f28
AL		 2090 } else {
2091 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2092 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2093 cpu_loop_exit_noexc(cpu);
6e140f28 2094 }
06d55cc1 2095 }
6e140f28
AL		 2096 } else {
2097 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2098 }
2099 }
2100}
2101
6658ffb8
PB		 2102/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2103 so these check for a hit then pass through to the normal out-of-line
2104 phys routines. */
66b9b43c
PM		 2105static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2106 unsigned size, MemTxAttrs attrs)
6658ffb8 2107{
66b9b43c
PM		 2108 MemTxResult res;
2109 uint64_t data;
79ed0416
PM		 2110 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2111 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2112
2113 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2114 switch (size) {
66b9b43c 2115 case 1:
79ed0416 2116 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2117 break;
2118 case 2:
79ed0416 2119 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2120 break;
2121 case 4:
79ed0416 2122 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2123 break;
1ec9b909
AK		 2124 default: abort();
2125 }
66b9b43c
PM		 2126 *pdata = data;
2127 return res;
6658ffb8
PB		 2128}
2129
66b9b43c
PM		 2130static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2131 uint64_t val, unsigned size,
2132 MemTxAttrs attrs)
6658ffb8 2133{
66b9b43c 2134 MemTxResult res;
79ed0416
PM		 2135 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2136 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2137
2138 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2139 switch (size) {
67364150 2140 case 1:
79ed0416 2141 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2142 break;
2143 case 2:
79ed0416 2144 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2145 break;
2146 case 4:
79ed0416 2147 address_space_stl(as, addr, val, attrs, &res);
67364150 2148 break;
1ec9b909
AK		 2149 default: abort();
2150 }
66b9b43c 2151 return res;
6658ffb8
PB		 2152}
2153
1ec9b909 2154static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2155 .read_with_attrs = watch_mem_read,
2156 .write_with_attrs = watch_mem_write,
1ec9b909 2157 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2158};
6658ffb8 2159
f25a49e0
PM		 2160static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2161 unsigned len, MemTxAttrs attrs)
db7b5426 2162{
acc9d80b 2163 subpage_t *subpage = opaque;
ff6cff75 2164 uint8_t buf[8];
5c9eb028 2165 MemTxResult res;
791af8c8 2166
db7b5426 2167#if defined(DEBUG_SUBPAGE)
016e9d62 2168 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2169 subpage, len, addr);
db7b5426 2170#endif
5c9eb028
PM		 2171 res = address_space_read(subpage->as, addr + subpage->base,
2172 attrs, buf, len);
2173 if (res) {
2174 return res;
f25a49e0 2175 }
acc9d80b
JK		 2176 switch (len) {
2177 case 1:
f25a49e0
PM		 2178 *data = ldub_p(buf);
2179 return MEMTX_OK;
acc9d80b 2180 case 2:
f25a49e0
PM		 2181 *data = lduw_p(buf);
2182 return MEMTX_OK;
acc9d80b 2183 case 4:
f25a49e0
PM		 2184 *data = ldl_p(buf);
2185 return MEMTX_OK;
ff6cff75 2186 case 8:
f25a49e0
PM		 2187 *data = ldq_p(buf);
2188 return MEMTX_OK;
acc9d80b
JK		 2189 default:
2190 abort();
2191 }
db7b5426
BS		 2192}
2193
f25a49e0
PM		 2194static MemTxResult subpage_write(void *opaque, hwaddr addr,
2195 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2196{
acc9d80b 2197 subpage_t *subpage = opaque;
ff6cff75 2198 uint8_t buf[8];
acc9d80b 2199
db7b5426 2200#if defined(DEBUG_SUBPAGE)
016e9d62 2201 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2202 " value %"PRIx64"\n",
2203 __func__, subpage, len, addr, value);
db7b5426 2204#endif
acc9d80b
JK		 2205 switch (len) {
2206 case 1:
2207 stb_p(buf, value);
2208 break;
2209 case 2:
2210 stw_p(buf, value);
2211 break;
2212 case 4:
2213 stl_p(buf, value);
2214 break;
ff6cff75
PB		 2215 case 8:
2216 stq_p(buf, value);
2217 break;
acc9d80b
JK		 2218 default:
2219 abort();
2220 }
5c9eb028
PM		 2221 return address_space_write(subpage->as, addr + subpage->base,
2222 attrs, buf, len);
db7b5426
BS		 2223}
2224
c353e4cc 2225static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2226 unsigned len, bool is_write)
c353e4cc 2227{
acc9d80b 2228 subpage_t *subpage = opaque;
c353e4cc 2229#if defined(DEBUG_SUBPAGE)
016e9d62 2230 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2231 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2232#endif
2233
acc9d80b 2234 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2235 len, is_write);
c353e4cc
PB		 2236}
2237
70c68e44 2238static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2239 .read_with_attrs = subpage_read,
2240 .write_with_attrs = subpage_write,
ff6cff75
PB		 2241 .impl.min_access_size = 1,
2242 .impl.max_access_size = 8,
2243 .valid.min_access_size = 1,
2244 .valid.max_access_size = 8,
c353e4cc 2245 .valid.accepts = subpage_accepts,
70c68e44 2246 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2247};
2248
c227f099 2249static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2250 uint16_t section)
db7b5426
BS		 2251{
2252 int idx, eidx;
2253
2254 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2255 return -1;
2256 idx = SUBPAGE_IDX(start);
2257 eidx = SUBPAGE_IDX(end);
2258#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2259 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2260 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2261#endif
db7b5426 2262 for (; idx <= eidx; idx++) {
5312bd8b 2263 mmio->sub_section[idx] = section;
db7b5426
BS		 2264 }
2265
2266 return 0;
2267}
2268
acc9d80b 2269static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2270{
c227f099 2271 subpage_t *mmio;
db7b5426 2272
7267c094 2273 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2274
acc9d80b 2275 mmio->as = as;
1eec614b 2276 mmio->base = base;
2c9b15ca 2277 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2278 NULL, TARGET_PAGE_SIZE);
b3b00c78 2279 mmio->iomem.subpage = true;
db7b5426 2280#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2281 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2282 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2283#endif
b41aac4f 2284 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2285
2286 return mmio;
2287}
2288
a656e22f
PC		 2289static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2290 MemoryRegion *mr)
5312bd8b 2291{
a656e22f 2292 assert(as);
5312bd8b 2293 MemoryRegionSection section = {
a656e22f 2294 .address_space = as,
5312bd8b
AK		 2295 .mr = mr,
2296 .offset_within_address_space = 0,
2297 .offset_within_region = 0,
052e87b0 2298 .size = int128_2_64(),
5312bd8b
AK		 2299 };
2300
53cb28cb 2301 return phys_section_add(map, &section);
5312bd8b
AK		 2302}
2303
a54c87b6 2304MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2305{
a54c87b6
PM		 2306 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2307 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2308 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2309 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2310
2311 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2312}
2313
e9179ce1
AK		 2314static void io_mem_init(void)
2315{
1f6245e5 2316 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2317 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2318 NULL, UINT64_MAX);
2c9b15ca 2319 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2320 NULL, UINT64_MAX);
2c9b15ca 2321 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2322 NULL, UINT64_MAX);
e9179ce1
AK		 2323}
2324
ac1970fb 2325static void mem_begin(MemoryListener *listener)
00752703
PB		 2326{
2327 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2328 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2329 uint16_t n;
2330
a656e22f 2331 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2332 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2333 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2334 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2335 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2336 assert(n == PHYS_SECTION_ROM);
a656e22f 2337 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2338 assert(n == PHYS_SECTION_WATCH);
00752703 2339
9736e55b 2340 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2341 d->as = as;
2342 as->next_dispatch = d;
2343}
2344
79e2b9ae
PB		 2345static void address_space_dispatch_free(AddressSpaceDispatch *d)
2346{
2347 phys_sections_free(&d->map);
2348 g_free(d);
2349}
2350
00752703 2351static void mem_commit(MemoryListener *listener)
ac1970fb 2352{
89ae337a 2353 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2354 AddressSpaceDispatch *cur = as->dispatch;
2355 AddressSpaceDispatch *next = as->next_dispatch;
2356
53cb28cb 2357 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2358
79e2b9ae 2359 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2360 if (cur) {
79e2b9ae 2361 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2362 }
9affd6fc
PB		 2363}
2364
1d71148e 2365static void tcg_commit(MemoryListener *listener)
50c1e149 2366{
32857f4d
PM		 2367 CPUAddressSpace *cpuas;
2368 AddressSpaceDispatch *d;
117712c3
AK		 2369
2370 /* since each CPU stores ram addresses in its TLB cache, we must
2371 reset the modified entries */
32857f4d
PM		 2372 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2373 cpu_reloading_memory_map();
2374 /* The CPU and TLB are protected by the iothread lock.
2375 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2376 * may have split the RCU critical section.
2377 */
2378 d = atomic_rcu_read(&cpuas->as->dispatch);
2379 cpuas->memory_dispatch = d;
2380 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2381}
2382
ac1970fb
AK		 2383void address_space_init_dispatch(AddressSpace *as)
2384{
00752703 2385 as->dispatch = NULL;
89ae337a 2386 as->dispatch_listener = (MemoryListener) {
ac1970fb 2387 .begin = mem_begin,
00752703 2388 .commit = mem_commit,
ac1970fb
AK		 2389 .region_add = mem_add,
2390 .region_nop = mem_add,
2391 .priority = 0,
2392 };
89ae337a 2393 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2394}
2395
6e48e8f9
PB		 2396void address_space_unregister(AddressSpace *as)
2397{
2398 memory_listener_unregister(&as->dispatch_listener);
2399}
2400
83f3c251
AK		 2401void address_space_destroy_dispatch(AddressSpace *as)
2402{
2403 AddressSpaceDispatch *d = as->dispatch;
2404
79e2b9ae
PB		 2405 atomic_rcu_set(&as->dispatch, NULL);
2406 if (d) {
2407 call_rcu(d, address_space_dispatch_free, rcu);
2408 }
83f3c251
AK		 2409}
2410
62152b8a
AK		 2411static void memory_map_init(void)
2412{
7267c094 2413 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2414
57271d63 2415 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2416 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2417
7267c094 2418 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2419 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2420 65536);
7dca8043 2421 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2422}
2423
2424MemoryRegion *get_system_memory(void)
2425{
2426 return system_memory;
2427}
2428
309cb471
AK		 2429MemoryRegion *get_system_io(void)
2430{
2431 return system_io;
2432}
2433
e2eef170
PB		 2434#endif /* !defined(CONFIG_USER_ONLY) */
2435
13eb76e0
FB		 2436/* physical memory access (slow version, mainly for debug) */
2437#if defined(CONFIG_USER_ONLY)
f17ec444 2438int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2439 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2440{
2441 int l, flags;
2442 target_ulong page;
53a5960a 2443 void * p;
13eb76e0
FB		 2444
2445 while (len > 0) {
2446 page = addr & TARGET_PAGE_MASK;
2447 l = (page + TARGET_PAGE_SIZE) - addr;
2448 if (l > len)
2449 l = len;
2450 flags = page_get_flags(page);
2451 if (!(flags & PAGE_VALID))
a68fe89c 2452 return -1;
13eb76e0
FB		 2453 if (is_write) {
2454 if (!(flags & PAGE_WRITE))
a68fe89c 2455 return -1;
579a97f7 2456 /* XXX: this code should not depend on lock_user */
72fb7daa 2457 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2458 return -1;
72fb7daa
AJ		 2459 memcpy(p, buf, l);
2460 unlock_user(p, addr, l);
13eb76e0
FB		 2461 } else {
2462 if (!(flags & PAGE_READ))
a68fe89c 2463 return -1;
579a97f7 2464 /* XXX: this code should not depend on lock_user */
72fb7daa 2465 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2466 return -1;
72fb7daa 2467 memcpy(buf, p, l);
5b257578 2468 unlock_user(p, addr, 0);
13eb76e0
FB		 2469 }
2470 len -= l;
2471 buf += l;
2472 addr += l;
2473 }
a68fe89c 2474 return 0;
13eb76e0 2475}
8df1cd07 2476
13eb76e0 2477#else
51d7a9eb 2478
845b6214 2479static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2480 hwaddr length)
51d7a9eb 2481{
e87f7778 2482 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2483 addr += memory_region_get_ram_addr(mr);
2484
e87f7778
PB		 2485 /* No early return if dirty_log_mask is or becomes 0, because
2486 * cpu_physical_memory_set_dirty_range will still call
2487 * xen_modified_memory.
2488 */
2489 if (dirty_log_mask) {
2490 dirty_log_mask =
2491 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2492 }
2493 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2494 tb_invalidate_phys_range(addr, addr + length);
2495 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2496 }
e87f7778 2497 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2498}
2499
23326164 2500static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2501{
e1622f4b 2502 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2503
2504 /* Regions are assumed to support 1-4 byte accesses unless
2505 otherwise specified. */
23326164
RH		 2506 if (access_size_max == 0) {
2507 access_size_max = 4;
2508 }
2509
2510 /* Bound the maximum access by the alignment of the address. */
2511 if (!mr->ops->impl.unaligned) {
2512 unsigned align_size_max = addr & -addr;
2513 if (align_size_max != 0 && align_size_max < access_size_max) {
2514 access_size_max = align_size_max;
2515 }
82f2563f 2516 }
23326164
RH		 2517
2518 /* Don't attempt accesses larger than the maximum. */
2519 if (l > access_size_max) {
2520 l = access_size_max;
82f2563f 2521 }
6554f5c0 2522 l = pow2floor(l);
23326164
RH		 2523
2524 return l;
82f2563f
PB		 2525}
2526
4840f10e 2527static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2528{
4840f10e
JK		 2529 bool unlocked = !qemu_mutex_iothread_locked();
2530 bool release_lock = false;
2531
2532 if (unlocked && mr->global_locking) {
2533 qemu_mutex_lock_iothread();
2534 unlocked = false;
2535 release_lock = true;
2536 }
125b3806 2537 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2538 if (unlocked) {
2539 qemu_mutex_lock_iothread();
2540 }
125b3806 2541 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2542 if (unlocked) {
2543 qemu_mutex_unlock_iothread();
2544 }
125b3806 2545 }
4840f10e
JK		 2546
2547 return release_lock;
125b3806
PB		 2548}
2549
a203ac70
PB		 2550/* Called within RCU critical section. */
2551static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2552 MemTxAttrs attrs,
2553 const uint8_t *buf,
2554 int len, hwaddr addr1,
2555 hwaddr l, MemoryRegion *mr)
13eb76e0 2556{
13eb76e0 2557 uint8_t *ptr;
791af8c8 2558 uint64_t val;
3b643495 2559 MemTxResult result = MEMTX_OK;
4840f10e 2560 bool release_lock = false;
3b46e624 2561
a203ac70 2562 for (;;) {
eb7eeb88
PB		 2563 if (!memory_access_is_direct(mr, true)) {
2564 release_lock |= prepare_mmio_access(mr);
2565 l = memory_access_size(mr, l, addr1);
2566 /* XXX: could force current_cpu to NULL to avoid
2567 potential bugs */
2568 switch (l) {
2569 case 8:
2570 /* 64 bit write access */
2571 val = ldq_p(buf);
2572 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2573 attrs);
2574 break;
2575 case 4:
2576 /* 32 bit write access */
2577 val = ldl_p(buf);
2578 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2579 attrs);
2580 break;
2581 case 2:
2582 /* 16 bit write access */
2583 val = lduw_p(buf);
2584 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2585 attrs);
2586 break;
2587 case 1:
2588 /* 8 bit write access */
2589 val = ldub_p(buf);
2590 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2591 attrs);
2592 break;
2593 default:
2594 abort();
13eb76e0
FB		 2595 }
2596 } else {
eb7eeb88 2597 /* RAM case */
0878d0e1 2598 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2599 memcpy(ptr, buf, l);
2600 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2601 }
4840f10e
JK		 2602
2603 if (release_lock) {
2604 qemu_mutex_unlock_iothread();
2605 release_lock = false;
2606 }
2607
13eb76e0
FB		 2608 len -= l;
2609 buf += l;
2610 addr += l;
a203ac70
PB		 2611
2612 if (!len) {
2613 break;
2614 }
2615
2616 l = len;
2617 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2618 }
fd8aaa76 2619
3b643495 2620 return result;
13eb76e0 2621}
8df1cd07 2622
a203ac70
PB		 2623MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2624 const uint8_t *buf, int len)
ac1970fb 2625{
eb7eeb88 2626 hwaddr l;
eb7eeb88
PB		 2627 hwaddr addr1;
2628 MemoryRegion *mr;
2629 MemTxResult result = MEMTX_OK;
eb7eeb88 2630
a203ac70
PB		 2631 if (len > 0) {
2632 rcu_read_lock();
eb7eeb88 2633 l = len;
a203ac70
PB		 2634 mr = address_space_translate(as, addr, &addr1, &l, true);
2635 result = address_space_write_continue(as, addr, attrs, buf, len,
2636 addr1, l, mr);
2637 rcu_read_unlock();
2638 }
2639
2640 return result;
2641}
2642
2643/* Called within RCU critical section. */
2644MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2645 MemTxAttrs attrs, uint8_t *buf,
2646 int len, hwaddr addr1, hwaddr l,
2647 MemoryRegion *mr)
2648{
2649 uint8_t *ptr;
2650 uint64_t val;
2651 MemTxResult result = MEMTX_OK;
2652 bool release_lock = false;
eb7eeb88 2653
a203ac70 2654 for (;;) {
eb7eeb88
PB		 2655 if (!memory_access_is_direct(mr, false)) {
2656 /* I/O case */
2657 release_lock |= prepare_mmio_access(mr);
2658 l = memory_access_size(mr, l, addr1);
2659 switch (l) {
2660 case 8:
2661 /* 64 bit read access */
2662 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2663 attrs);
2664 stq_p(buf, val);
2665 break;
2666 case 4:
2667 /* 32 bit read access */
2668 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2669 attrs);
2670 stl_p(buf, val);
2671 break;
2672 case 2:
2673 /* 16 bit read access */
2674 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2675 attrs);
2676 stw_p(buf, val);
2677 break;
2678 case 1:
2679 /* 8 bit read access */
2680 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2681 attrs);
2682 stb_p(buf, val);
2683 break;
2684 default:
2685 abort();
2686 }
2687 } else {
2688 /* RAM case */
0878d0e1 2689 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2690 memcpy(buf, ptr, l);
2691 }
2692
2693 if (release_lock) {
2694 qemu_mutex_unlock_iothread();
2695 release_lock = false;
2696 }
2697
2698 len -= l;
2699 buf += l;
2700 addr += l;
a203ac70
PB		 2701
2702 if (!len) {
2703 break;
2704 }
2705
2706 l = len;
2707 mr = address_space_translate(as, addr, &addr1, &l, false);
2708 }
2709
2710 return result;
2711}
2712
3cc8f884
PB		 2713MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2714 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2715{
2716 hwaddr l;
2717 hwaddr addr1;
2718 MemoryRegion *mr;
2719 MemTxResult result = MEMTX_OK;
2720
2721 if (len > 0) {
2722 rcu_read_lock();
2723 l = len;
2724 mr = address_space_translate(as, addr, &addr1, &l, false);
2725 result = address_space_read_continue(as, addr, attrs, buf, len,
2726 addr1, l, mr);
2727 rcu_read_unlock();
eb7eeb88 2728 }
eb7eeb88
PB		 2729
2730 return result;
ac1970fb
AK		 2731}
2732
eb7eeb88
PB		 2733MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2734 uint8_t *buf, int len, bool is_write)
2735{
2736 if (is_write) {
2737 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2738 } else {
2739 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2740 }
2741}
ac1970fb 2742
a8170e5e 2743void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2744 int len, int is_write)
2745{
5c9eb028
PM		 2746 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2747 buf, len, is_write);
ac1970fb
AK		 2748}
2749
582b55a9
AG		 2750enum write_rom_type {
2751 WRITE_DATA,
2752 FLUSH_CACHE,
2753};
2754
2a221651 2755static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2756 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2757{
149f54b5 2758 hwaddr l;
d0ecd2aa 2759 uint8_t *ptr;
149f54b5 2760 hwaddr addr1;
5c8a00ce 2761 MemoryRegion *mr;
3b46e624 2762
41063e1e 2763 rcu_read_lock();
d0ecd2aa 2764 while (len > 0) {
149f54b5 2765 l = len;
2a221651 2766 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2767
5c8a00ce
PB		 2768 if (!(memory_region_is_ram(mr) ||
2769 memory_region_is_romd(mr))) {
b242e0e0 2770 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2771 } else {
d0ecd2aa 2772 /* ROM/RAM case */
0878d0e1 2773 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2774 switch (type) {
2775 case WRITE_DATA:
2776 memcpy(ptr, buf, l);
845b6214 2777 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2778 break;
2779 case FLUSH_CACHE:
2780 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2781 break;
2782 }
d0ecd2aa
FB		 2783 }
2784 len -= l;
2785 buf += l;
2786 addr += l;
2787 }
41063e1e 2788 rcu_read_unlock();
d0ecd2aa
FB		 2789}
2790
582b55a9 2791/* used for ROM loading : can write in RAM and ROM */
2a221651 2792void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2793 const uint8_t *buf, int len)
2794{
2a221651 2795 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2796}
2797
2798void cpu_flush_icache_range(hwaddr start, int len)
2799{
2800 /*
2801 * This function should do the same thing as an icache flush that was
2802 * triggered from within the guest. For TCG we are always cache coherent,
2803 * so there is no need to flush anything. For KVM / Xen we need to flush
2804 * the host's instruction cache at least.
2805 */
2806 if (tcg_enabled()) {
2807 return;
2808 }
2809
2a221651
EI		 2810 cpu_physical_memory_write_rom_internal(&address_space_memory,
2811 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2812}
2813
6d16c2f8 2814typedef struct {
d3e71559 2815 MemoryRegion *mr;
6d16c2f8 2816 void *buffer;
a8170e5e
AK		 2817 hwaddr addr;
2818 hwaddr len;
c2cba0ff 2819 bool in_use;
6d16c2f8
AL		 2820} BounceBuffer;
2821
2822static BounceBuffer bounce;
2823
ba223c29 2824typedef struct MapClient {
e95205e1 2825 QEMUBH *bh;
72cf2d4f 2826 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2827} MapClient;
2828
38e047b5 2829QemuMutex map_client_list_lock;
72cf2d4f
BS		 2830static QLIST_HEAD(map_client_list, MapClient) map_client_list
2831 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2832
e95205e1
FZ		 2833static void cpu_unregister_map_client_do(MapClient *client)
2834{
2835 QLIST_REMOVE(client, link);
2836 g_free(client);
2837}
2838
33b6c2ed
FZ		 2839static void cpu_notify_map_clients_locked(void)
2840{
2841 MapClient *client;
2842
2843 while (!QLIST_EMPTY(&map_client_list)) {
2844 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2845 qemu_bh_schedule(client->bh);
2846 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2847 }
2848}
2849
e95205e1 2850void cpu_register_map_client(QEMUBH *bh)
ba223c29 2851{
7267c094 2852 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2853
38e047b5 2854 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2855 client->bh = bh;
72cf2d4f 2856 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2857 if (!atomic_read(&bounce.in_use)) {
2858 cpu_notify_map_clients_locked();
2859 }
38e047b5 2860 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2861}
2862
38e047b5 2863void cpu_exec_init_all(void)
ba223c29 2864{
38e047b5 2865 qemu_mutex_init(&ram_list.mutex);
38e047b5 2866 io_mem_init();
680a4783 2867 memory_map_init();
38e047b5 2868 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2869}
2870
e95205e1 2871void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2872{
2873 MapClient *client;
2874
e95205e1
FZ		 2875 qemu_mutex_lock(&map_client_list_lock);
2876 QLIST_FOREACH(client, &map_client_list, link) {
2877 if (client->bh == bh) {
2878 cpu_unregister_map_client_do(client);
2879 break;
2880 }
ba223c29 2881 }
e95205e1 2882 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2883}
2884
2885static void cpu_notify_map_clients(void)
2886{
38e047b5 2887 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2888 cpu_notify_map_clients_locked();
38e047b5 2889 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2890}
2891
51644ab7
PB		 2892bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2893{
5c8a00ce 2894 MemoryRegion *mr;
51644ab7
PB		 2895 hwaddr l, xlat;
2896
41063e1e 2897 rcu_read_lock();
51644ab7
PB		 2898 while (len > 0) {
2899 l = len;
5c8a00ce
PB		 2900 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2901 if (!memory_access_is_direct(mr, is_write)) {
2902 l = memory_access_size(mr, l, addr);
2903 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2904 return false;
2905 }
2906 }
2907
2908 len -= l;
2909 addr += l;
2910 }
41063e1e 2911 rcu_read_unlock();
51644ab7
PB		 2912 return true;
2913}
2914
6d16c2f8
AL		 2915/* Map a physical memory region into a host virtual address.
2916 * May map a subset of the requested range, given by and returned in *plen.
2917 * May return NULL if resources needed to perform the mapping are exhausted.
2918 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2919 * Use cpu_register_map_client() to know when retrying the map operation is
2920 * likely to succeed.
6d16c2f8 2921 */
ac1970fb 2922void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2923 hwaddr addr,
2924 hwaddr *plen,
ac1970fb 2925 bool is_write)
6d16c2f8 2926{
a8170e5e 2927 hwaddr len = *plen;
e3127ae0
PB		 2928 hwaddr done = 0;
2929 hwaddr l, xlat, base;
2930 MemoryRegion *mr, *this_mr;
e81bcda5 2931 void *ptr;
6d16c2f8 2932
e3127ae0
PB		 2933 if (len == 0) {
2934 return NULL;
2935 }
38bee5dc 2936
e3127ae0 2937 l = len;
41063e1e 2938 rcu_read_lock();
e3127ae0 2939 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2940
e3127ae0 2941 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2942 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2943 rcu_read_unlock();
e3127ae0 2944 return NULL;
6d16c2f8 2945 }
e85d9db5
KW		 2946 /* Avoid unbounded allocations */
2947 l = MIN(l, TARGET_PAGE_SIZE);
2948 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2949 bounce.addr = addr;
2950 bounce.len = l;
d3e71559
PB		 2951
2952 memory_region_ref(mr);
2953 bounce.mr = mr;
e3127ae0 2954 if (!is_write) {
5c9eb028
PM		 2955 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2956 bounce.buffer, l);
8ab934f9 2957 }
6d16c2f8 2958
41063e1e 2959 rcu_read_unlock();
e3127ae0
PB		 2960 *plen = l;
2961 return bounce.buffer;
2962 }
2963
2964 base = xlat;
e3127ae0
PB		 2965
2966 for (;;) {
6d16c2f8
AL		 2967 len -= l;
2968 addr += l;
e3127ae0
PB		 2969 done += l;
2970 if (len == 0) {
2971 break;
2972 }
2973
2974 l = len;
2975 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2976 if (this_mr != mr || xlat != base + done) {
2977 break;
2978 }
6d16c2f8 2979 }
e3127ae0 2980
d3e71559 2981 memory_region_ref(mr);
e3127ae0 2982 *plen = done;
0878d0e1 2983 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2984 rcu_read_unlock();
2985
2986 return ptr;
6d16c2f8
AL		 2987}
2988
ac1970fb 2989/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2990 * Will also mark the memory as dirty if is_write == 1. access_len gives
2991 * the amount of memory that was actually read or written by the caller.
2992 */
a8170e5e
AK		 2993void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2994 int is_write, hwaddr access_len)
6d16c2f8
AL		 2995{
2996 if (buffer != bounce.buffer) {
d3e71559
PB		 2997 MemoryRegion *mr;
2998 ram_addr_t addr1;
2999
07bdaa41 3000 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3001 assert(mr != NULL);
6d16c2f8 3002 if (is_write) {
845b6214 3003 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3004 }
868bb33f 3005 if (xen_enabled()) {
e41d7c69 3006 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3007 }
d3e71559 3008 memory_region_unref(mr);
6d16c2f8
AL		 3009 return;
3010 }
3011 if (is_write) {
5c9eb028
PM		 3012 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3013 bounce.buffer, access_len);
6d16c2f8 3014 }
f8a83245 3015 qemu_vfree(bounce.buffer);
6d16c2f8 3016 bounce.buffer = NULL;
d3e71559 3017 memory_region_unref(bounce.mr);
c2cba0ff 3018 atomic_mb_set(&bounce.in_use, false);
ba223c29 3019 cpu_notify_map_clients();
6d16c2f8 3020}
d0ecd2aa 3021
a8170e5e
AK		 3022void *cpu_physical_memory_map(hwaddr addr,
3023 hwaddr *plen,
ac1970fb
AK		 3024 int is_write)
3025{
3026 return address_space_map(&address_space_memory, addr, plen, is_write);
3027}
3028
a8170e5e
AK		 3029void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3030 int is_write, hwaddr access_len)
ac1970fb
AK		 3031{
3032 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3033}
3034
8df1cd07 3035/* warning: addr must be aligned */
50013115
PM		 3036static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3037 MemTxAttrs attrs,
3038 MemTxResult *result,
3039 enum device_endian endian)
8df1cd07 3040{
8df1cd07 3041 uint8_t *ptr;
791af8c8 3042 uint64_t val;
5c8a00ce 3043 MemoryRegion *mr;
149f54b5
PB		 3044 hwaddr l = 4;
3045 hwaddr addr1;
50013115 3046 MemTxResult r;
4840f10e 3047 bool release_lock = false;
8df1cd07 3048
41063e1e 3049 rcu_read_lock();
fdfba1a2 3050 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3051 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3052 release_lock |= prepare_mmio_access(mr);
125b3806 3053
8df1cd07 3054 /* I/O case */
50013115 3055 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3056#if defined(TARGET_WORDS_BIGENDIAN)
3057 if (endian == DEVICE_LITTLE_ENDIAN) {
3058 val = bswap32(val);
3059 }
3060#else
3061 if (endian == DEVICE_BIG_ENDIAN) {
3062 val = bswap32(val);
3063 }
3064#endif
8df1cd07
FB		 3065 } else {
3066 /* RAM case */
0878d0e1 3067 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3068 switch (endian) {
3069 case DEVICE_LITTLE_ENDIAN:
3070 val = ldl_le_p(ptr);
3071 break;
3072 case DEVICE_BIG_ENDIAN:
3073 val = ldl_be_p(ptr);
3074 break;
3075 default:
3076 val = ldl_p(ptr);
3077 break;
3078 }
50013115
PM		 3079 r = MEMTX_OK;
3080 }
3081 if (result) {
3082 *result = r;
8df1cd07 3083 }
4840f10e
JK		 3084 if (release_lock) {
3085 qemu_mutex_unlock_iothread();
3086 }
41063e1e 3087 rcu_read_unlock();
8df1cd07
FB		 3088 return val;
3089}
3090
50013115
PM		 3091uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3092 MemTxAttrs attrs, MemTxResult *result)
3093{
3094 return address_space_ldl_internal(as, addr, attrs, result,
3095 DEVICE_NATIVE_ENDIAN);
3096}
3097
3098uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3099 MemTxAttrs attrs, MemTxResult *result)
3100{
3101 return address_space_ldl_internal(as, addr, attrs, result,
3102 DEVICE_LITTLE_ENDIAN);
3103}
3104
3105uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3106 MemTxAttrs attrs, MemTxResult *result)
3107{
3108 return address_space_ldl_internal(as, addr, attrs, result,
3109 DEVICE_BIG_ENDIAN);
3110}
3111
fdfba1a2 3112uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3113{
50013115 3114 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3115}
3116
fdfba1a2 3117uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3118{
50013115 3119 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3120}
3121
fdfba1a2 3122uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3123{
50013115 3124 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3125}
3126
84b7b8e7 3127/* warning: addr must be aligned */
50013115
PM		 3128static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs,
3130 MemTxResult *result,
3131 enum device_endian endian)
84b7b8e7 3132{
84b7b8e7
FB		 3133 uint8_t *ptr;
3134 uint64_t val;
5c8a00ce 3135 MemoryRegion *mr;
149f54b5
PB		 3136 hwaddr l = 8;
3137 hwaddr addr1;
50013115 3138 MemTxResult r;
4840f10e 3139 bool release_lock = false;
84b7b8e7 3140
41063e1e 3141 rcu_read_lock();
2c17449b 3142 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3143 false);
3144 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3145 release_lock |= prepare_mmio_access(mr);
125b3806 3146
84b7b8e7 3147 /* I/O case */
50013115 3148 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3149#if defined(TARGET_WORDS_BIGENDIAN)
3150 if (endian == DEVICE_LITTLE_ENDIAN) {
3151 val = bswap64(val);
3152 }
3153#else
3154 if (endian == DEVICE_BIG_ENDIAN) {
3155 val = bswap64(val);
3156 }
84b7b8e7
FB		 3157#endif
3158 } else {
3159 /* RAM case */
0878d0e1 3160 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3161 switch (endian) {
3162 case DEVICE_LITTLE_ENDIAN:
3163 val = ldq_le_p(ptr);
3164 break;
3165 case DEVICE_BIG_ENDIAN:
3166 val = ldq_be_p(ptr);
3167 break;
3168 default:
3169 val = ldq_p(ptr);
3170 break;
3171 }
50013115
PM		 3172 r = MEMTX_OK;
3173 }
3174 if (result) {
3175 *result = r;
84b7b8e7 3176 }
4840f10e
JK		 3177 if (release_lock) {
3178 qemu_mutex_unlock_iothread();
3179 }
41063e1e 3180 rcu_read_unlock();
84b7b8e7
FB		 3181 return val;
3182}
3183
50013115
PM		 3184uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3185 MemTxAttrs attrs, MemTxResult *result)
3186{
3187 return address_space_ldq_internal(as, addr, attrs, result,
3188 DEVICE_NATIVE_ENDIAN);
3189}
3190
3191uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3192 MemTxAttrs attrs, MemTxResult *result)
3193{
3194 return address_space_ldq_internal(as, addr, attrs, result,
3195 DEVICE_LITTLE_ENDIAN);
3196}
3197
3198uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3199 MemTxAttrs attrs, MemTxResult *result)
3200{
3201 return address_space_ldq_internal(as, addr, attrs, result,
3202 DEVICE_BIG_ENDIAN);
3203}
3204
2c17449b 3205uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3206{
50013115 3207 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3208}
3209
2c17449b 3210uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3211{
50013115 3212 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3213}
3214
2c17449b 3215uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3216{
50013115 3217 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3218}
3219
aab33094 3220/* XXX: optimize */
50013115
PM		 3221uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3222 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3223{
3224 uint8_t val;
50013115
PM		 3225 MemTxResult r;
3226
3227 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3228 if (result) {
3229 *result = r;
3230 }
aab33094
FB		 3231 return val;
3232}
3233
50013115
PM		 3234uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3235{
3236 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3237}
3238
733f0b02 3239/* warning: addr must be aligned */
50013115
PM		 3240static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3241 hwaddr addr,
3242 MemTxAttrs attrs,
3243 MemTxResult *result,
3244 enum device_endian endian)
aab33094 3245{
733f0b02
MT		 3246 uint8_t *ptr;
3247 uint64_t val;
5c8a00ce 3248 MemoryRegion *mr;
149f54b5
PB		 3249 hwaddr l = 2;
3250 hwaddr addr1;
50013115 3251 MemTxResult r;
4840f10e 3252 bool release_lock = false;
733f0b02 3253
41063e1e 3254 rcu_read_lock();
41701aa4 3255 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3256 false);
3257 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3258 release_lock |= prepare_mmio_access(mr);
125b3806 3259
733f0b02 3260 /* I/O case */
50013115 3261 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3262#if defined(TARGET_WORDS_BIGENDIAN)
3263 if (endian == DEVICE_LITTLE_ENDIAN) {
3264 val = bswap16(val);
3265 }
3266#else
3267 if (endian == DEVICE_BIG_ENDIAN) {
3268 val = bswap16(val);
3269 }
3270#endif
733f0b02
MT		 3271 } else {
3272 /* RAM case */
0878d0e1 3273 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3274 switch (endian) {
3275 case DEVICE_LITTLE_ENDIAN:
3276 val = lduw_le_p(ptr);
3277 break;
3278 case DEVICE_BIG_ENDIAN:
3279 val = lduw_be_p(ptr);
3280 break;
3281 default:
3282 val = lduw_p(ptr);
3283 break;
3284 }
50013115
PM		 3285 r = MEMTX_OK;
3286 }
3287 if (result) {
3288 *result = r;
733f0b02 3289 }
4840f10e
JK		 3290 if (release_lock) {
3291 qemu_mutex_unlock_iothread();
3292 }
41063e1e 3293 rcu_read_unlock();
733f0b02 3294 return val;
aab33094
FB		 3295}
3296
50013115
PM		 3297uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3298 MemTxAttrs attrs, MemTxResult *result)
3299{
3300 return address_space_lduw_internal(as, addr, attrs, result,
3301 DEVICE_NATIVE_ENDIAN);
3302}
3303
3304uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3305 MemTxAttrs attrs, MemTxResult *result)
3306{
3307 return address_space_lduw_internal(as, addr, attrs, result,
3308 DEVICE_LITTLE_ENDIAN);
3309}
3310
3311uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3312 MemTxAttrs attrs, MemTxResult *result)
3313{
3314 return address_space_lduw_internal(as, addr, attrs, result,
3315 DEVICE_BIG_ENDIAN);
3316}
3317
41701aa4 3318uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3319{
50013115 3320 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3321}
3322
41701aa4 3323uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3324{
50013115 3325 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3326}
3327
41701aa4 3328uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3329{
50013115 3330 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3331}
3332
8df1cd07
FB		 3333/* warning: addr must be aligned. The ram page is not masked as dirty
3334 and the code inside is not invalidated. It is useful if the dirty
3335 bits are used to track modified PTEs */
50013115
PM		 3336void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3337 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3338{
8df1cd07 3339 uint8_t *ptr;
5c8a00ce 3340 MemoryRegion *mr;
149f54b5
PB		 3341 hwaddr l = 4;
3342 hwaddr addr1;
50013115 3343 MemTxResult r;
845b6214 3344 uint8_t dirty_log_mask;
4840f10e 3345 bool release_lock = false;
8df1cd07 3346
41063e1e 3347 rcu_read_lock();
2198a121 3348 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3349 true);
3350 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3351 release_lock |= prepare_mmio_access(mr);
125b3806 3352
50013115 3353 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3354 } else {
0878d0e1 3355 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3356 stl_p(ptr, val);
74576198 3357
845b6214
PB		 3358 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3359 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3360 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3361 4, dirty_log_mask);
50013115
PM		 3362 r = MEMTX_OK;
3363 }
3364 if (result) {
3365 *result = r;
8df1cd07 3366 }
4840f10e
JK		 3367 if (release_lock) {
3368 qemu_mutex_unlock_iothread();
3369 }
41063e1e 3370 rcu_read_unlock();
8df1cd07
FB		 3371}
3372
50013115
PM		 3373void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3374{
3375 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3376}
3377
8df1cd07 3378/* warning: addr must be aligned */
50013115
PM		 3379static inline void address_space_stl_internal(AddressSpace *as,
3380 hwaddr addr, uint32_t val,
3381 MemTxAttrs attrs,
3382 MemTxResult *result,
3383 enum device_endian endian)
8df1cd07 3384{
8df1cd07 3385 uint8_t *ptr;
5c8a00ce 3386 MemoryRegion *mr;
149f54b5
PB		 3387 hwaddr l = 4;
3388 hwaddr addr1;
50013115 3389 MemTxResult r;
4840f10e 3390 bool release_lock = false;
8df1cd07 3391
41063e1e 3392 rcu_read_lock();
ab1da857 3393 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3394 true);
3395 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3396 release_lock |= prepare_mmio_access(mr);
125b3806 3397
1e78bcc1
AG		 3398#if defined(TARGET_WORDS_BIGENDIAN)
3399 if (endian == DEVICE_LITTLE_ENDIAN) {
3400 val = bswap32(val);
3401 }
3402#else
3403 if (endian == DEVICE_BIG_ENDIAN) {
3404 val = bswap32(val);
3405 }
3406#endif
50013115 3407 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3408 } else {
8df1cd07 3409 /* RAM case */
0878d0e1 3410 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3411 switch (endian) {
3412 case DEVICE_LITTLE_ENDIAN:
3413 stl_le_p(ptr, val);
3414 break;
3415 case DEVICE_BIG_ENDIAN:
3416 stl_be_p(ptr, val);
3417 break;
3418 default:
3419 stl_p(ptr, val);
3420 break;
3421 }
845b6214 3422 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3423 r = MEMTX_OK;
3424 }
3425 if (result) {
3426 *result = r;
8df1cd07 3427 }
4840f10e
JK		 3428 if (release_lock) {
3429 qemu_mutex_unlock_iothread();
3430 }
41063e1e 3431 rcu_read_unlock();
8df1cd07
FB		 3432}
3433
50013115
PM		 3434void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3435 MemTxAttrs attrs, MemTxResult *result)
3436{
3437 address_space_stl_internal(as, addr, val, attrs, result,
3438 DEVICE_NATIVE_ENDIAN);
3439}
3440
3441void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3442 MemTxAttrs attrs, MemTxResult *result)
3443{
3444 address_space_stl_internal(as, addr, val, attrs, result,
3445 DEVICE_LITTLE_ENDIAN);
3446}
3447
3448void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3449 MemTxAttrs attrs, MemTxResult *result)
3450{
3451 address_space_stl_internal(as, addr, val, attrs, result,
3452 DEVICE_BIG_ENDIAN);
3453}
3454
ab1da857 3455void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3456{
50013115 3457 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3458}
3459
ab1da857 3460void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3461{
50013115 3462 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3463}
3464
ab1da857 3465void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3466{
50013115 3467 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3468}
3469
aab33094 3470/* XXX: optimize */
50013115
PM		 3471void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3472 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3473{
3474 uint8_t v = val;
50013115
PM		 3475 MemTxResult r;
3476
3477 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3478 if (result) {
3479 *result = r;
3480 }
3481}
3482
3483void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3484{
3485 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3486}
3487
733f0b02 3488/* warning: addr must be aligned */
50013115
PM		 3489static inline void address_space_stw_internal(AddressSpace *as,
3490 hwaddr addr, uint32_t val,
3491 MemTxAttrs attrs,
3492 MemTxResult *result,
3493 enum device_endian endian)
aab33094 3494{
733f0b02 3495 uint8_t *ptr;
5c8a00ce 3496 MemoryRegion *mr;
149f54b5
PB		 3497 hwaddr l = 2;
3498 hwaddr addr1;
50013115 3499 MemTxResult r;
4840f10e 3500 bool release_lock = false;
733f0b02 3501
41063e1e 3502 rcu_read_lock();
5ce5944d 3503 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3504 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3505 release_lock |= prepare_mmio_access(mr);
125b3806 3506
1e78bcc1
AG		 3507#if defined(TARGET_WORDS_BIGENDIAN)
3508 if (endian == DEVICE_LITTLE_ENDIAN) {
3509 val = bswap16(val);
3510 }
3511#else
3512 if (endian == DEVICE_BIG_ENDIAN) {
3513 val = bswap16(val);
3514 }
3515#endif
50013115 3516 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3517 } else {
733f0b02 3518 /* RAM case */
0878d0e1 3519 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3520 switch (endian) {
3521 case DEVICE_LITTLE_ENDIAN:
3522 stw_le_p(ptr, val);
3523 break;
3524 case DEVICE_BIG_ENDIAN:
3525 stw_be_p(ptr, val);
3526 break;
3527 default:
3528 stw_p(ptr, val);
3529 break;
3530 }
845b6214 3531 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3532 r = MEMTX_OK;
3533 }
3534 if (result) {
3535 *result = r;
733f0b02 3536 }
4840f10e
JK		 3537 if (release_lock) {
3538 qemu_mutex_unlock_iothread();
3539 }
41063e1e 3540 rcu_read_unlock();
aab33094
FB		 3541}
3542
50013115
PM		 3543void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3544 MemTxAttrs attrs, MemTxResult *result)
3545{
3546 address_space_stw_internal(as, addr, val, attrs, result,
3547 DEVICE_NATIVE_ENDIAN);
3548}
3549
3550void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3551 MemTxAttrs attrs, MemTxResult *result)
3552{
3553 address_space_stw_internal(as, addr, val, attrs, result,
3554 DEVICE_LITTLE_ENDIAN);
3555}
3556
3557void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3558 MemTxAttrs attrs, MemTxResult *result)
3559{
3560 address_space_stw_internal(as, addr, val, attrs, result,
3561 DEVICE_BIG_ENDIAN);
3562}
3563
5ce5944d 3564void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3565{
50013115 3566 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3567}
3568
5ce5944d 3569void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3570{
50013115 3571 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3572}
3573
5ce5944d 3574void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3575{
50013115 3576 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3577}
3578
aab33094 3579/* XXX: optimize */
50013115
PM		 3580void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3581 MemTxAttrs attrs, MemTxResult *result)
aab33094 3582{
50013115 3583 MemTxResult r;
aab33094 3584 val = tswap64(val);
50013115
PM		 3585 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3586 if (result) {
3587 *result = r;
3588 }
aab33094
FB		 3589}
3590
50013115
PM		 3591void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3592 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3593{
50013115 3594 MemTxResult r;
1e78bcc1 3595 val = cpu_to_le64(val);
50013115
PM		 3596 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3597 if (result) {
3598 *result = r;
3599 }
3600}
3601void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3602 MemTxAttrs attrs, MemTxResult *result)
3603{
3604 MemTxResult r;
3605 val = cpu_to_be64(val);
3606 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3607 if (result) {
3608 *result = r;
3609 }
3610}
3611
3612void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3613{
3614 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3615}
3616
3617void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3618{
3619 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3620}
3621
f606604f 3622void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3623{
50013115 3624 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3625}
3626
5e2972fd 3627/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3628int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3629 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3630{
3631 int l;
a8170e5e 3632 hwaddr phys_addr;
9b3c35e0 3633 target_ulong page;
13eb76e0
FB		 3634
3635 while (len > 0) {
5232e4c7
PM		 3636 int asidx;
3637 MemTxAttrs attrs;
3638
13eb76e0 3639 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3640 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3641 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3642 /* if no physical page mapped, return an error */
3643 if (phys_addr == -1)
3644 return -1;
3645 l = (page + TARGET_PAGE_SIZE) - addr;
3646 if (l > len)
3647 l = len;
5e2972fd 3648 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3649 if (is_write) {
5232e4c7
PM		 3650 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3651 phys_addr, buf, l);
2e38847b 3652 } else {
5232e4c7
PM		 3653 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3654 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3655 buf, l, 0);
2e38847b 3656 }
13eb76e0
FB		 3657 len -= l;
3658 buf += l;
3659 addr += l;
3660 }
3661 return 0;
3662}
038629a6
DDAG		 3663
3664/*
3665 * Allows code that needs to deal with migration bitmaps etc to still be built
3666 * target independent.
3667 */
3668size_t qemu_target_page_bits(void)
3669{
3670 return TARGET_PAGE_BITS;
3671}
3672
a68fe89c 3673#endif
13eb76e0 3674
8e4a424b
BS		 3675/*
3676 * A helper function for the _utterly broken_ virtio device model to find out if
3677 * it's running on a big endian machine. Don't do this at home kids!
3678 */
98ed8ecf
GK		 3679bool target_words_bigendian(void);
3680bool target_words_bigendian(void)
8e4a424b
BS		 3681{
3682#if defined(TARGET_WORDS_BIGENDIAN)
3683 return true;
3684#else
3685 return false;
3686#endif
3687}
3688
76f35538 3689#ifndef CONFIG_USER_ONLY
a8170e5e 3690bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3691{
5c8a00ce 3692 MemoryRegion*mr;
149f54b5 3693 hwaddr l = 1;
41063e1e 3694 bool res;
76f35538 3695
41063e1e 3696 rcu_read_lock();
5c8a00ce
PB		 3697 mr = address_space_translate(&address_space_memory,
3698 phys_addr, &phys_addr, &l, false);
76f35538 3699
41063e1e
PB		 3700 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3701 rcu_read_unlock();
3702 return res;
76f35538 3703}
bd2fa51f 3704
e3807054 3705int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3706{
3707 RAMBlock *block;
e3807054 3708 int ret = 0;
bd2fa51f 3709
0dc3f44a
MD		 3710 rcu_read_lock();
3711 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3712 ret = func(block->idstr, block->host, block->offset,
3713 block->used_length, opaque);
3714 if (ret) {
3715 break;
3716 }
bd2fa51f 3717 }
0dc3f44a 3718 rcu_read_unlock();
e3807054 3719 return ret;
bd2fa51f 3720}
ec3f8c99 3721#endif
QEMU mirror