]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: Fix memory allocation when memory path names new file
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
777872e5 20#ifndef _WIN32
d5a8f07c
FB		 21#include <sys/mman.h>
22#endif
54936004 23
055403b2 24#include "qemu-common.h"
6180a181 25#include "cpu.h"
b67d9a52 26#include "tcg.h"
b3c7724c 27#include "hw/hw.h"
4485bd26 28#if !defined(CONFIG_USER_ONLY)
47c8ca53 29#include "hw/boards.h"
4485bd26 30#endif
cc9e98cb 31#include "hw/qdev.h"
9c17d615 32#include "sysemu/kvm.h"
2ff3de68 33#include "sysemu/sysemu.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
0dc3f44a 48#include "qemu/rcu_queue.h"
4840f10e 49#include "qemu/main-loop.h"
5b6dd868 50#include "translate-all.h"
7615936e 51#include "sysemu/replay.h"
0cac1b66 52
022c62cb 53#include "exec/memory-internal.h"
220c3ebd 54#include "exec/ram_addr.h"
508127e2 55#include "exec/log.h"
67d95c15 56
b35ba30f 57#include "qemu/range.h"
794e8f30
MT		 58#ifndef _WIN32
59#include "qemu/mmap-alloc.h"
60#endif
b35ba30f 61
db7b5426 62//#define DEBUG_SUBPAGE
1196be37 63
e2eef170 64#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 65/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
0d53d9fe 68RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 69
70static MemoryRegion *system_memory;
309cb471 71static MemoryRegion *system_io;
62152b8a 72
f6790af6
AK		 73AddressSpace address_space_io;
74AddressSpace address_space_memory;
2673a5da 75
0844e007 76MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 77static MemoryRegion io_mem_unassigned;
0e0df1e2 78
7bd4f430
PB		 79/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80#define RAM_PREALLOC (1 << 0)
81
dbcb8981
PB		 82/* RAM is mmap-ed with MAP_SHARED */
83#define RAM_SHARED (1 << 1)
84
62be4e3a
MT		 85/* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88#define RAM_RESIZEABLE (1 << 2)
89
e2eef170 90#endif
9fa3e853 91
bdc44640 92struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 93/* current CPU in the current thread. It is only valid inside
94 cpu_exec() */
f240eb6f 95__thread CPUState *current_cpu;
2e70f6ef 96/* 0 = Do not count executed instructions.
bf20dc07 97 1 = Precise instruction counting.
2e70f6ef 98 2 = Adaptive rate instruction counting. */
5708fc66 99int use_icount;
6a00d601 100
e2eef170 101#if !defined(CONFIG_USER_ONLY)
4346ae3e 102
1db8abb1
PB		 103typedef struct PhysPageEntry PhysPageEntry;
104
105struct PhysPageEntry {
9736e55b 106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 107 uint32_t skip : 6;
9736e55b 108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 109 uint32_t ptr : 26;
1db8abb1
PB		 110};
111
8b795765
MT		 112#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113
03f49957 114/* Size of the L2 (and L3, etc) page tables. */
57271d63 115#define ADDR_SPACE_BITS 64
03f49957 116
026736ce 117#define P_L2_BITS 9
03f49957
PB		 118#define P_L2_SIZE (1 << P_L2_BITS)
119
120#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121
122typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 123
53cb28cb 124typedef struct PhysPageMap {
79e2b9ae
PB		 125 struct rcu_head rcu;
126
53cb28cb
MA		 127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
129 unsigned nodes_nb;
130 unsigned nodes_nb_alloc;
131 Node *nodes;
132 MemoryRegionSection *sections;
133} PhysPageMap;
134
1db8abb1 135struct AddressSpaceDispatch {
79e2b9ae
PB		 136 struct rcu_head rcu;
137
729633c2 138 MemoryRegionSection *mru_section;
1db8abb1
PB		 139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
53cb28cb 143 PhysPageMap map;
acc9d80b 144 AddressSpace *as;
1db8abb1
PB		 145};
146
90260c6c
JK		 147#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148typedef struct subpage_t {
149 MemoryRegion iomem;
acc9d80b 150 AddressSpace *as;
90260c6c
JK		 151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153} subpage_t;
154
b41aac4f
LPF		 155#define PHYS_SECTION_UNASSIGNED 0
156#define PHYS_SECTION_NOTDIRTY 1
157#define PHYS_SECTION_ROM 2
158#define PHYS_SECTION_WATCH 3
5312bd8b 159
e2eef170 160static void io_mem_init(void);
62152b8a 161static void memory_map_init(void);
09daed84 162static void tcg_commit(MemoryListener *listener);
e2eef170 163
1ec9b909 164static MemoryRegion io_mem_watch;
32857f4d
PM		 165
166/**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178};
179
6658ffb8 180#endif
fd6ce8f6 181
6d9a1304 182#if !defined(CONFIG_USER_ONLY)
d6f2ea22 183
53cb28cb 184static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 185{
53cb28cb
MA		 186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 190 }
f7bf5461
AK		 191}
192
db94604b 193static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 194{
195 unsigned i;
8b795765 196 uint32_t ret;
db94604b
PB		 197 PhysPageEntry e;
198 PhysPageEntry *p;
f7bf5461 199
53cb28cb 200 ret = map->nodes_nb++;
db94604b 201 p = map->nodes[ret];
f7bf5461 202 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 203 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 207 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 208 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 209 }
f7bf5461 210 return ret;
d6f2ea22
AK		 211}
212
53cb28cb
MA		 213static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 215 int level)
f7bf5461
AK		 216{
217 PhysPageEntry *p;
03f49957 218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 219
9736e55b 220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 221 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 222 }
db94604b 223 p = map->nodes[lp->ptr];
03f49957 224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 225
03f49957 226 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 227 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 228 lp->skip = 0;
c19e8800 229 lp->ptr = leaf;
07f07b31
AK		 230 *index += step;
231 *nb -= step;
2999097b 232 } else {
53cb28cb 233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 234 }
235 ++lp;
f7bf5461
AK		 236 }
237}
238
ac1970fb 239static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 240 hwaddr index, hwaddr nb,
2999097b 241 uint16_t leaf)
f7bf5461 242{
2999097b 243 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 245
53cb28cb 246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 247}
248
b35ba30f
MT		 249/* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253{
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300}
301
302static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303{
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
53cb28cb 307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 308 }
309}
310
29cb533d
FZ		 311static inline bool section_covers_addr(const MemoryRegionSection *section,
312 hwaddr addr)
313{
314 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
315 * the section must cover the entire address space.
316 */
317 return section->size.hi ||
318 range_covers_byte(section->offset_within_address_space,
319 section->size.lo, addr);
320}
321
97115a8d 322static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 323 Node *nodes, MemoryRegionSection *sections)
92e873b9 324{
31ab2b4a 325 PhysPageEntry *p;
97115a8d 326 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 327 int i;
f1f6e3b8 328
9736e55b 329 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 330 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 331 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 332 }
9affd6fc 333 p = nodes[lp.ptr];
03f49957 334 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 335 }
b35ba30f 336
29cb533d 337 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 338 return &sections[lp.ptr];
339 } else {
340 return &sections[PHYS_SECTION_UNASSIGNED];
341 }
f3705d53
AK		 342}
343
e5548617
BS		 344bool memory_region_is_unassigned(MemoryRegion *mr)
345{
2a8e7499 346 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 347 && mr != &io_mem_watch;
fd6ce8f6 348}
149f54b5 349
79e2b9ae 350/* Called from RCU critical section */
c7086b4a 351static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 352 hwaddr addr,
353 bool resolve_subpage)
9f029603 354{
729633c2 355 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 356 subpage_t *subpage;
729633c2 357 bool update;
90260c6c 358
729633c2
FZ		 359 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
360 section_covers_addr(section, addr)) {
361 update = false;
362 } else {
363 section = phys_page_find(d->phys_map, addr, d->map.nodes,
364 d->map.sections);
365 update = true;
366 }
90260c6c
JK		 367 if (resolve_subpage && section->mr->subpage) {
368 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 369 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 370 }
729633c2
FZ		 371 if (update) {
372 atomic_set(&d->mru_section, section);
373 }
90260c6c 374 return section;
9f029603
JK		 375}
376
79e2b9ae 377/* Called from RCU critical section */
90260c6c 378static MemoryRegionSection *
c7086b4a 379address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 380 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 381{
382 MemoryRegionSection *section;
965eb2fc 383 MemoryRegion *mr;
a87f3954 384 Int128 diff;
149f54b5 385
c7086b4a 386 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 387 /* Compute offset within MemoryRegionSection */
388 addr -= section->offset_within_address_space;
389
390 /* Compute offset within MemoryRegion */
391 *xlat = addr + section->offset_within_region;
392
965eb2fc 393 mr = section->mr;
b242e0e0
PB		 394
395 /* MMIO registers can be expected to perform full-width accesses based only
396 * on their address, without considering adjacent registers that could
397 * decode to completely different MemoryRegions. When such registers
398 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
399 * regions overlap wildly. For this reason we cannot clamp the accesses
400 * here.
401 *
402 * If the length is small (as is the case for address_space_ldl/stl),
403 * everything works fine. If the incoming length is large, however,
404 * the caller really has to do the clamping through memory_access_size.
405 */
965eb2fc 406 if (memory_region_is_ram(mr)) {
e4a511f8 407 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 408 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
409 }
149f54b5
PB		 410 return section;
411}
90260c6c 412
41063e1e 413/* Called from RCU critical section */
5c8a00ce
PB		 414MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
415 hwaddr *xlat, hwaddr *plen,
416 bool is_write)
90260c6c 417{
30951157
AK		 418 IOMMUTLBEntry iotlb;
419 MemoryRegionSection *section;
420 MemoryRegion *mr;
30951157
AK		 421
422 for (;;) {
79e2b9ae
PB		 423 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
424 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 425 mr = section->mr;
426
427 if (!mr->iommu_ops) {
428 break;
429 }
430
8d7b8cb9 431 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 432 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
433 | (addr & iotlb.addr_mask));
23820dbf 434 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 435 if (!(iotlb.perm & (1 << is_write))) {
436 mr = &io_mem_unassigned;
437 break;
438 }
439
440 as = iotlb.target_as;
441 }
442
fe680d0d 443 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 444 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 445 *plen = MIN(page, *plen);
a87f3954
PB		 446 }
447
30951157
AK		 448 *xlat = addr;
449 return mr;
90260c6c
JK		 450}
451
79e2b9ae 452/* Called from RCU critical section */
90260c6c 453MemoryRegionSection *
d7898cda 454address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 455 hwaddr *xlat, hwaddr *plen)
90260c6c 456{
30951157 457 MemoryRegionSection *section;
d7898cda
PM		 458 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
459
460 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 461
462 assert(!section->mr->iommu_ops);
463 return section;
90260c6c 464}
5b6dd868 465#endif
fd6ce8f6 466
b170fce3 467#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 468
469static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 470{
259186a7 471 CPUState *cpu = opaque;
a513fe19 472
5b6dd868
BS		 473 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
474 version_id is increased. */
259186a7 475 cpu->interrupt_request &= ~0x01;
c01a71c1 476 tlb_flush(cpu, 1);
5b6dd868
BS		 477
478 return 0;
a513fe19 479}
7501267e 480
6c3bff0e
PD		 481static int cpu_common_pre_load(void *opaque)
482{
483 CPUState *cpu = opaque;
484
adee6424 485 cpu->exception_index = -1;
6c3bff0e
PD		 486
487 return 0;
488}
489
490static bool cpu_common_exception_index_needed(void *opaque)
491{
492 CPUState *cpu = opaque;
493
adee6424 494 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 495}
496
497static const VMStateDescription vmstate_cpu_common_exception_index = {
498 .name = "cpu_common/exception_index",
499 .version_id = 1,
500 .minimum_version_id = 1,
5cd8cada 501 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 502 .fields = (VMStateField[]) {
503 VMSTATE_INT32(exception_index, CPUState),
504 VMSTATE_END_OF_LIST()
505 }
506};
507
bac05aa9
AS		 508static bool cpu_common_crash_occurred_needed(void *opaque)
509{
510 CPUState *cpu = opaque;
511
512 return cpu->crash_occurred;
513}
514
515static const VMStateDescription vmstate_cpu_common_crash_occurred = {
516 .name = "cpu_common/crash_occurred",
517 .version_id = 1,
518 .minimum_version_id = 1,
519 .needed = cpu_common_crash_occurred_needed,
520 .fields = (VMStateField[]) {
521 VMSTATE_BOOL(crash_occurred, CPUState),
522 VMSTATE_END_OF_LIST()
523 }
524};
525
1a1562f5 526const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 527 .name = "cpu_common",
528 .version_id = 1,
529 .minimum_version_id = 1,
6c3bff0e 530 .pre_load = cpu_common_pre_load,
5b6dd868 531 .post_load = cpu_common_post_load,
35d08458 532 .fields = (VMStateField[]) {
259186a7
AF		 533 VMSTATE_UINT32(halted, CPUState),
534 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 535 VMSTATE_END_OF_LIST()
6c3bff0e 536 },
5cd8cada
JQ		 537 .subsections = (const VMStateDescription*[]) {
538 &vmstate_cpu_common_exception_index,
bac05aa9 539 &vmstate_cpu_common_crash_occurred,
5cd8cada 540 NULL
5b6dd868
BS		 541 }
542};
1a1562f5 543
5b6dd868 544#endif
ea041c0e 545
38d8f5c8 546CPUState *qemu_get_cpu(int index)
ea041c0e 547{
bdc44640 548 CPUState *cpu;
ea041c0e 549
bdc44640 550 CPU_FOREACH(cpu) {
55e5c285 551 if (cpu->cpu_index == index) {
bdc44640 552 return cpu;
55e5c285 553 }
ea041c0e 554 }
5b6dd868 555
bdc44640 556 return NULL;
ea041c0e
FB		 557}
558
09daed84 559#if !defined(CONFIG_USER_ONLY)
56943e8c 560void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 561{
12ebc9a7
PM		 562 CPUAddressSpace *newas;
563
564 /* Target code should have set num_ases before calling us */
565 assert(asidx < cpu->num_ases);
566
56943e8c
PM		 567 if (asidx == 0) {
568 /* address space 0 gets the convenience alias */
569 cpu->as = as;
570 }
571
12ebc9a7
PM		 572 /* KVM cannot currently support multiple address spaces. */
573 assert(asidx == 0 || !kvm_enabled());
09daed84 574
12ebc9a7
PM		 575 if (!cpu->cpu_ases) {
576 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 577 }
32857f4d 578
12ebc9a7
PM		 579 newas = &cpu->cpu_ases[asidx];
580 newas->cpu = cpu;
581 newas->as = as;
56943e8c 582 if (tcg_enabled()) {
12ebc9a7
PM		 583 newas->tcg_as_listener.commit = tcg_commit;
584 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 585 }
09daed84 586}
651a5bc0
PM		 587
588AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
589{
590 /* Return the AddressSpace corresponding to the specified index */
591 return cpu->cpu_ases[asidx].as;
592}
09daed84
EI		 593#endif
594
b7bca733
BR		 595#ifndef CONFIG_USER_ONLY
596static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
597
598static int cpu_get_free_index(Error **errp)
599{
600 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
601
602 if (cpu >= MAX_CPUMASK_BITS) {
603 error_setg(errp, "Trying to use more CPUs than max of %d",
604 MAX_CPUMASK_BITS);
605 return -1;
606 }
607
608 bitmap_set(cpu_index_map, cpu, 1);
609 return cpu;
610}
611
612void cpu_exec_exit(CPUState *cpu)
613{
614 if (cpu->cpu_index == -1) {
615 /* cpu_index was never allocated by this @cpu or was already freed. */
616 return;
617 }
618
619 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
620 cpu->cpu_index = -1;
621}
622#else
623
624static int cpu_get_free_index(Error **errp)
625{
626 CPUState *some_cpu;
627 int cpu_index = 0;
628
629 CPU_FOREACH(some_cpu) {
630 cpu_index++;
631 }
632 return cpu_index;
633}
634
635void cpu_exec_exit(CPUState *cpu)
636{
637}
638#endif
639
4bad9e39 640void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 641{
b170fce3 642 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 643 int cpu_index;
b7bca733 644 Error *local_err = NULL;
5b6dd868 645
56943e8c 646 cpu->as = NULL;
12ebc9a7 647 cpu->num_ases = 0;
56943e8c 648
291135b5 649#ifndef CONFIG_USER_ONLY
291135b5 650 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 651
652 /* This is a softmmu CPU object, so create a property for it
653 * so users can wire up its memory. (This can't go in qom/cpu.c
654 * because that file is compiled only once for both user-mode
655 * and system builds.) The default if no link is set up is to use
656 * the system address space.
657 */
658 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
659 (Object **)&cpu->memory,
660 qdev_prop_allow_set_link_before_realize,
661 OBJ_PROP_LINK_UNREF_ON_RELEASE,
662 &error_abort);
663 cpu->memory = system_memory;
664 object_ref(OBJECT(cpu->memory));
291135b5
EH		 665#endif
666
5b6dd868
BS		 667#if defined(CONFIG_USER_ONLY)
668 cpu_list_lock();
669#endif
b7bca733
BR		 670 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
671 if (local_err) {
672 error_propagate(errp, local_err);
673#if defined(CONFIG_USER_ONLY)
674 cpu_list_unlock();
675#endif
676 return;
5b6dd868 677 }
bdc44640 678 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 679#if defined(CONFIG_USER_ONLY)
680 cpu_list_unlock();
681#endif
e0d47944
AF		 682 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
683 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
684 }
b170fce3
AF		 685 if (cc->vmsd != NULL) {
686 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
687 }
ea041c0e
FB		 688}
689
94df27fd 690#if defined(CONFIG_USER_ONLY)
00b941e5 691static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 692{
693 tb_invalidate_phys_page_range(pc, pc + 1, 0);
694}
695#else
00b941e5 696static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 697{
5232e4c7
PM		 698 MemTxAttrs attrs;
699 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
700 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 701 if (phys != -1) {
5232e4c7 702 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 703 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 704 }
1e7855a5 705}
c27004ec 706#endif
d720b93d 707
c527ee8f 708#if defined(CONFIG_USER_ONLY)
75a34036 709void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 710
711{
712}
713
3ee887e8
PM		 714int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
715 int flags)
716{
717 return -ENOSYS;
718}
719
720void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
721{
722}
723
75a34036 724int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 725 int flags, CPUWatchpoint **watchpoint)
726{
727 return -ENOSYS;
728}
729#else
6658ffb8 730/* Add a watchpoint. */
75a34036 731int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 732 int flags, CPUWatchpoint **watchpoint)
6658ffb8 733{
c0ce998e 734 CPUWatchpoint *wp;
6658ffb8 735
05068c0d 736 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 737 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 738 error_report("tried to set invalid watchpoint at %"
739 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 740 return -EINVAL;
741 }
7267c094 742 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 743
744 wp->vaddr = addr;
05068c0d 745 wp->len = len;
a1d1bb31
AL		 746 wp->flags = flags;
747
2dc9f411 748 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 749 if (flags & BP_GDB) {
750 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
751 } else {
752 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
753 }
6658ffb8 754
31b030d4 755 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 756
757 if (watchpoint)
758 *watchpoint = wp;
759 return 0;
6658ffb8
PB		 760}
761
a1d1bb31 762/* Remove a specific watchpoint. */
75a34036 763int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 764 int flags)
6658ffb8 765{
a1d1bb31 766 CPUWatchpoint *wp;
6658ffb8 767
ff4700b0 768 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 769 if (addr == wp->vaddr && len == wp->len
6e140f28 770 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 771 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 772 return 0;
773 }
774 }
a1d1bb31 775 return -ENOENT;
6658ffb8
PB		 776}
777
a1d1bb31 778/* Remove a specific watchpoint by reference. */
75a34036 779void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 780{
ff4700b0 781 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 782
31b030d4 783 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 784
7267c094 785 g_free(watchpoint);
a1d1bb31
AL		 786}
787
788/* Remove all matching watchpoints. */
75a34036 789void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 790{
c0ce998e 791 CPUWatchpoint *wp, *next;
a1d1bb31 792
ff4700b0 793 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 794 if (wp->flags & mask) {
795 cpu_watchpoint_remove_by_ref(cpu, wp);
796 }
c0ce998e 797 }
7d03f82f 798}
05068c0d
PM		 799
800/* Return true if this watchpoint address matches the specified
801 * access (ie the address range covered by the watchpoint overlaps
802 * partially or completely with the address range covered by the
803 * access).
804 */
805static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
806 vaddr addr,
807 vaddr len)
808{
809 /* We know the lengths are non-zero, but a little caution is
810 * required to avoid errors in the case where the range ends
811 * exactly at the top of the address space and so addr + len
812 * wraps round to zero.
813 */
814 vaddr wpend = wp->vaddr + wp->len - 1;
815 vaddr addrend = addr + len - 1;
816
817 return !(addr > wpend || wp->vaddr > addrend);
818}
819
c527ee8f 820#endif
7d03f82f 821
a1d1bb31 822/* Add a breakpoint. */
b3310ab3 823int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 824 CPUBreakpoint **breakpoint)
4c3a88a2 825{
c0ce998e 826 CPUBreakpoint *bp;
3b46e624 827
7267c094 828 bp = g_malloc(sizeof(*bp));
4c3a88a2 829
a1d1bb31
AL		 830 bp->pc = pc;
831 bp->flags = flags;
832
2dc9f411 833 /* keep all GDB-injected breakpoints in front */
00b941e5 834 if (flags & BP_GDB) {
f0c3c505 835 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 836 } else {
f0c3c505 837 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 838 }
3b46e624 839
f0c3c505 840 breakpoint_invalidate(cpu, pc);
a1d1bb31 841
00b941e5 842 if (breakpoint) {
a1d1bb31 843 *breakpoint = bp;
00b941e5 844 }
4c3a88a2 845 return 0;
4c3a88a2
FB		 846}
847
a1d1bb31 848/* Remove a specific breakpoint. */
b3310ab3 849int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 850{
a1d1bb31
AL		 851 CPUBreakpoint *bp;
852
f0c3c505 853 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 854 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 855 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 856 return 0;
857 }
7d03f82f 858 }
a1d1bb31 859 return -ENOENT;
7d03f82f
EI		 860}
861
a1d1bb31 862/* Remove a specific breakpoint by reference. */
b3310ab3 863void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 864{
f0c3c505
AF		 865 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
866
867 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 868
7267c094 869 g_free(breakpoint);
a1d1bb31
AL		 870}
871
872/* Remove all matching breakpoints. */
b3310ab3 873void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 874{
c0ce998e 875 CPUBreakpoint *bp, *next;
a1d1bb31 876
f0c3c505 877 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 878 if (bp->flags & mask) {
879 cpu_breakpoint_remove_by_ref(cpu, bp);
880 }
c0ce998e 881 }
4c3a88a2
FB		 882}
883
c33a346e
FB		 884/* enable or disable single step mode. EXCP_DEBUG is returned by the
885 CPU loop after each instruction */
3825b28f 886void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 887{
ed2803da
AF		 888 if (cpu->singlestep_enabled != enabled) {
889 cpu->singlestep_enabled = enabled;
890 if (kvm_enabled()) {
38e478ec 891 kvm_update_guest_debug(cpu, 0);
ed2803da 892 } else {
ccbb4d44 893 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 894 /* XXX: only flush what is necessary */
bbd77c18 895 tb_flush(cpu);
e22a25c9 896 }
c33a346e 897 }
c33a346e
FB		 898}
899
a47dddd7 900void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 901{
902 va_list ap;
493ae1f0 903 va_list ap2;
7501267e
FB		 904
905 va_start(ap, fmt);
493ae1f0 906 va_copy(ap2, ap);
7501267e
FB		 907 fprintf(stderr, "qemu: fatal: ");
908 vfprintf(stderr, fmt, ap);
909 fprintf(stderr, "\n");
878096ee 910 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 911 if (qemu_log_separate()) {
93fcfe39
AL		 912 qemu_log("qemu: fatal: ");
913 qemu_log_vprintf(fmt, ap2);
914 qemu_log("\n");
a0762859 915 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 916 qemu_log_flush();
93fcfe39 917 qemu_log_close();
924edcae 918 }
493ae1f0 919 va_end(ap2);
f9373291 920 va_end(ap);
7615936e 921 replay_finish();
fd052bf6
RV		 922#if defined(CONFIG_USER_ONLY)
923 {
924 struct sigaction act;
925 sigfillset(&act.sa_mask);
926 act.sa_handler = SIG_DFL;
927 sigaction(SIGABRT, &act, NULL);
928 }
929#endif
7501267e
FB		 930 abort();
931}
932
0124311e 933#if !defined(CONFIG_USER_ONLY)
0dc3f44a 934/* Called from RCU critical section */
041603fe
PB		 935static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
936{
937 RAMBlock *block;
938
43771539 939 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 940 if (block && addr - block->offset < block->max_length) {
68851b98 941 return block;
041603fe 942 }
0dc3f44a 943 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 944 if (addr - block->offset < block->max_length) {
041603fe
PB		 945 goto found;
946 }
947 }
948
949 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
950 abort();
951
952found:
43771539
PB		 953 /* It is safe to write mru_block outside the iothread lock. This
954 * is what happens:
955 *
956 * mru_block = xxx
957 * rcu_read_unlock()
958 * xxx removed from list
959 * rcu_read_lock()
960 * read mru_block
961 * mru_block = NULL;
962 * call_rcu(reclaim_ramblock, xxx);
963 * rcu_read_unlock()
964 *
965 * atomic_rcu_set is not needed here. The block was already published
966 * when it was placed into the list. Here we're just making an extra
967 * copy of the pointer.
968 */
041603fe
PB		 969 ram_list.mru_block = block;
970 return block;
971}
972
a2f4d5be 973static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 974{
9a13565d 975 CPUState *cpu;
041603fe 976 ram_addr_t start1;
a2f4d5be
JQ		 977 RAMBlock *block;
978 ram_addr_t end;
979
980 end = TARGET_PAGE_ALIGN(start + length);
981 start &= TARGET_PAGE_MASK;
d24981d3 982
0dc3f44a 983 rcu_read_lock();
041603fe
PB		 984 block = qemu_get_ram_block(start);
985 assert(block == qemu_get_ram_block(end - 1));
1240be24 986 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 987 CPU_FOREACH(cpu) {
988 tlb_reset_dirty(cpu, start1, length);
989 }
0dc3f44a 990 rcu_read_unlock();
d24981d3
JQ		 991}
992
5579c7f3 993/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 994bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
995 ram_addr_t length,
996 unsigned client)
1ccde1cb 997{
5b82b703 998 DirtyMemoryBlocks *blocks;
03eebc9e 999 unsigned long end, page;
5b82b703 1000 bool dirty = false;
03eebc9e
SH		 1001
1002 if (length == 0) {
1003 return false;
1004 }
f23db169 1005
03eebc9e
SH		 1006 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1007 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1008
1009 rcu_read_lock();
1010
1011 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1012
1013 while (page < end) {
1014 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1015 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1016 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1017
1018 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1019 offset, num);
1020 page += num;
1021 }
1022
1023 rcu_read_unlock();
03eebc9e
SH		 1024
1025 if (dirty && tcg_enabled()) {
a2f4d5be 1026 tlb_reset_dirty_range_all(start, length);
5579c7f3 1027 }
03eebc9e
SH		 1028
1029 return dirty;
1ccde1cb
FB		 1030}
1031
79e2b9ae 1032/* Called from RCU critical section */
bb0e627a 1033hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1034 MemoryRegionSection *section,
1035 target_ulong vaddr,
1036 hwaddr paddr, hwaddr xlat,
1037 int prot,
1038 target_ulong *address)
e5548617 1039{
a8170e5e 1040 hwaddr iotlb;
e5548617
BS		 1041 CPUWatchpoint *wp;
1042
cc5bea60 1043 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1044 /* Normal RAM. */
1045 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1046 + xlat;
e5548617 1047 if (!section->readonly) {
b41aac4f 1048 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1049 } else {
b41aac4f 1050 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1051 }
1052 } else {
0b8e2c10
PM		 1053 AddressSpaceDispatch *d;
1054
1055 d = atomic_rcu_read(&section->address_space->dispatch);
1056 iotlb = section - d->map.sections;
149f54b5 1057 iotlb += xlat;
e5548617
BS		 1058 }
1059
1060 /* Make accesses to pages with watchpoints go via the
1061 watchpoint trap routines. */
ff4700b0 1062 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1063 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1064 /* Avoid trapping reads of pages with a write breakpoint. */
1065 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1066 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1067 *address |= TLB_MMIO;
1068 break;
1069 }
1070 }
1071 }
1072
1073 return iotlb;
1074}
9fa3e853
FB		 1075#endif /* defined(CONFIG_USER_ONLY) */
1076
e2eef170 1077#if !defined(CONFIG_USER_ONLY)
8da3ff18 1078
c227f099 1079static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1080 uint16_t section);
acc9d80b 1081static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1082
a2b257d6
IM		 1083static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1084 qemu_anon_ram_alloc;
91138037
MA		 1085
1086/*
1087 * Set a custom physical guest memory alloator.
1088 * Accelerators with unusual needs may need this. Hopefully, we can
1089 * get rid of it eventually.
1090 */
a2b257d6 1091void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1092{
1093 phys_mem_alloc = alloc;
1094}
1095
53cb28cb
MA		 1096static uint16_t phys_section_add(PhysPageMap *map,
1097 MemoryRegionSection *section)
5312bd8b 1098{
68f3f65b
PB		 1099 /* The physical section number is ORed with a page-aligned
1100 * pointer to produce the iotlb entries. Thus it should
1101 * never overflow into the page-aligned value.
1102 */
53cb28cb 1103 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1104
53cb28cb
MA		 1105 if (map->sections_nb == map->sections_nb_alloc) {
1106 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1107 map->sections = g_renew(MemoryRegionSection, map->sections,
1108 map->sections_nb_alloc);
5312bd8b 1109 }
53cb28cb 1110 map->sections[map->sections_nb] = *section;
dfde4e6e 1111 memory_region_ref(section->mr);
53cb28cb 1112 return map->sections_nb++;
5312bd8b
AK		 1113}
1114
058bc4b5
PB		 1115static void phys_section_destroy(MemoryRegion *mr)
1116{
55b4e80b
DS		 1117 bool have_sub_page = mr->subpage;
1118
dfde4e6e
PB		 1119 memory_region_unref(mr);
1120
55b4e80b 1121 if (have_sub_page) {
058bc4b5 1122 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1123 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1124 g_free(subpage);
1125 }
1126}
1127
6092666e 1128static void phys_sections_free(PhysPageMap *map)
5312bd8b 1129{
9affd6fc
PB		 1130 while (map->sections_nb > 0) {
1131 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1132 phys_section_destroy(section->mr);
1133 }
9affd6fc
PB		 1134 g_free(map->sections);
1135 g_free(map->nodes);
5312bd8b
AK		 1136}
1137
ac1970fb 1138static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1139{
1140 subpage_t *subpage;
a8170e5e 1141 hwaddr base = section->offset_within_address_space
0f0cb164 1142 & TARGET_PAGE_MASK;
97115a8d 1143 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1144 d->map.nodes, d->map.sections);
0f0cb164
AK		 1145 MemoryRegionSection subsection = {
1146 .offset_within_address_space = base,
052e87b0 1147 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1148 };
a8170e5e 1149 hwaddr start, end;
0f0cb164 1150
f3705d53 1151 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1152
f3705d53 1153 if (!(existing->mr->subpage)) {
acc9d80b 1154 subpage = subpage_init(d->as, base);
3be91e86 1155 subsection.address_space = d->as;
0f0cb164 1156 subsection.mr = &subpage->iomem;
ac1970fb 1157 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1158 phys_section_add(&d->map, &subsection));
0f0cb164 1159 } else {
f3705d53 1160 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1161 }
1162 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1163 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1164 subpage_register(subpage, start, end,
1165 phys_section_add(&d->map, section));
0f0cb164
AK		 1166}
1167
1168
052e87b0
PB		 1169static void register_multipage(AddressSpaceDispatch *d,
1170 MemoryRegionSection *section)
33417e70 1171{
a8170e5e 1172 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1173 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1174 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1175 TARGET_PAGE_BITS));
dd81124b 1176
733d5ef5
PB		 1177 assert(num_pages);
1178 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1179}
1180
ac1970fb 1181static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1182{
89ae337a 1183 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1184 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1185 MemoryRegionSection now = *section, remain = *section;
052e87b0 1186 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1187
733d5ef5
PB		 1188 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1189 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1190 - now.offset_within_address_space;
1191
052e87b0 1192 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1193 register_subpage(d, &now);
733d5ef5 1194 } else {
052e87b0 1195 now.size = int128_zero();
733d5ef5 1196 }
052e87b0
PB		 1197 while (int128_ne(remain.size, now.size)) {
1198 remain.size = int128_sub(remain.size, now.size);
1199 remain.offset_within_address_space += int128_get64(now.size);
1200 remain.offset_within_region += int128_get64(now.size);
69b67646 1201 now = remain;
052e87b0 1202 if (int128_lt(remain.size, page_size)) {
733d5ef5 1203 register_subpage(d, &now);
88266249 1204 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1205 now.size = page_size;
ac1970fb 1206 register_subpage(d, &now);
69b67646 1207 } else {
052e87b0 1208 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1209 register_multipage(d, &now);
69b67646 1210 }
0f0cb164
AK		 1211 }
1212}
1213
62a2744c
SY		 1214void qemu_flush_coalesced_mmio_buffer(void)
1215{
1216 if (kvm_enabled())
1217 kvm_flush_coalesced_mmio_buffer();
1218}
1219
b2a8658e
UD		 1220void qemu_mutex_lock_ramlist(void)
1221{
1222 qemu_mutex_lock(&ram_list.mutex);
1223}
1224
1225void qemu_mutex_unlock_ramlist(void)
1226{
1227 qemu_mutex_unlock(&ram_list.mutex);
1228}
1229
e1e84ba0 1230#ifdef __linux__
c902760f
MT		 1231
1232#include <sys/vfs.h>
1233
1234#define HUGETLBFS_MAGIC 0x958458f6
1235
fd97fd44 1236static long gethugepagesize(int fd)
c902760f
MT		 1237{
1238 struct statfs fs;
1239 int ret;
1240
1241 do {
fd97fd44 1242 ret = fstatfs(fd, &fs);
c902760f
MT		 1243 } while (ret != 0 && errno == EINTR);
1244
1245 if (ret != 0) {
fd97fd44 1246 return -1;
c902760f
MT		 1247 }
1248
c902760f
MT		 1249 return fs.f_bsize;
1250}
1251
04b16653
AW		 1252static void *file_ram_alloc(RAMBlock *block,
1253 ram_addr_t memory,
7f56e740
PB		 1254 const char *path,
1255 Error **errp)
c902760f 1256{
fd97fd44 1257 bool unlink_on_error = false;
c902760f 1258 char *filename;
8ca761f6
PF		 1259 char *sanitized_name;
1260 char *c;
794e8f30 1261 void *area;
c902760f 1262 int fd;
fd97fd44 1263 int64_t hpagesize;
c902760f
MT		 1264
1265 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1266 error_setg(errp,
1267 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1268 return NULL;
c902760f
MT		 1269 }
1270
fd97fd44
MA		 1271 for (;;) {
1272 fd = open(path, O_RDWR);
1273 if (fd >= 0) {
1274 /* @path names an existing file, use it */
1275 break;
8d31d6b6 1276 }
fd97fd44
MA		 1277 if (errno == ENOENT) {
1278 /* @path names a file that doesn't exist, create it */
1279 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1280 if (fd >= 0) {
1281 unlink_on_error = true;
1282 break;
1283 }
1284 } else if (errno == EISDIR) {
1285 /* @path names a directory, create a file there */
1286 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1287 sanitized_name = g_strdup(memory_region_name(block->mr));
1288 for (c = sanitized_name; *c != '\0'; c++) {
1289 if (*c == '/') {
1290 *c = '_';
1291 }
1292 }
8ca761f6 1293
fd97fd44
MA		 1294 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1295 sanitized_name);
1296 g_free(sanitized_name);
8d31d6b6 1297
fd97fd44
MA		 1298 fd = mkstemp(filename);
1299 if (fd >= 0) {
1300 unlink(filename);
1301 g_free(filename);
1302 break;
1303 }
1304 g_free(filename);
8d31d6b6 1305 }
fd97fd44
MA		 1306 if (errno != EEXIST && errno != EINTR) {
1307 error_setg_errno(errp, errno,
1308 "can't open backing store %s for guest RAM",
1309 path);
1310 goto error;
1311 }
1312 /*
1313 * Try again on EINTR and EEXIST. The latter happens when
1314 * something else creates the file between our two open().
1315 */
8d31d6b6 1316 }
c902760f 1317
fd97fd44
MA		 1318 hpagesize = gethugepagesize(fd);
1319 if (hpagesize < 0) {
1320 error_setg_errno(errp, errno, "can't get page size for %s",
1321 path);
1322 goto error;
1323 }
1324 block->mr->align = hpagesize;
1325
1326 if (memory < hpagesize) {
1327 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1328 "or larger than page size 0x%" PRIx64,
1329 memory, hpagesize);
f9a49dfa 1330 goto error;
c902760f 1331 }
c902760f 1332
9284f319 1333 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1334
1335 /*
1336 * ftruncate is not supported by hugetlbfs in older
1337 * hosts, so don't bother bailing out on errors.
1338 * If anything goes wrong with it under other filesystems,
1339 * mmap will fail.
1340 */
7f56e740 1341 if (ftruncate(fd, memory)) {
9742bf26 1342 perror("ftruncate");
7f56e740 1343 }
c902760f 1344
794e8f30 1345 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1346 if (area == MAP_FAILED) {
7f56e740 1347 error_setg_errno(errp, errno,
fd97fd44 1348 "unable to map backing store for guest RAM");
9742bf26 1349 close(fd);
f9a49dfa 1350 goto error;
c902760f 1351 }
ef36fa14
MT		 1352
1353 if (mem_prealloc) {
38183310 1354 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1355 }
1356
04b16653 1357 block->fd = fd;
c902760f 1358 return area;
f9a49dfa
MT		 1359
1360error:
fd97fd44
MA		 1361 if (unlink_on_error) {
1362 unlink(path);
1363 }
1364 close(fd);
f9a49dfa 1365 return NULL;
c902760f
MT		 1366}
1367#endif
1368
0dc3f44a 1369/* Called with the ramlist lock held. */
d17b5288 1370static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1371{
1372 RAMBlock *block, *next_block;
3e837b2c 1373 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1374
49cd9ac6
SH		 1375 assert(size != 0); /* it would hand out same offset multiple times */
1376
0dc3f44a 1377 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1378 return 0;
0d53d9fe 1379 }
04b16653 1380
0dc3f44a 1381 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1382 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1383
62be4e3a 1384 end = block->offset + block->max_length;
04b16653 1385
0dc3f44a 1386 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1387 if (next_block->offset >= end) {
1388 next = MIN(next, next_block->offset);
1389 }
1390 }
1391 if (next - end >= size && next - end < mingap) {
3e837b2c 1392 offset = end;
04b16653
AW		 1393 mingap = next - end;
1394 }
1395 }
3e837b2c
AW		 1396
1397 if (offset == RAM_ADDR_MAX) {
1398 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1399 (uint64_t)size);
1400 abort();
1401 }
1402
04b16653
AW		 1403 return offset;
1404}
1405
652d7ec2 1406ram_addr_t last_ram_offset(void)
d17b5288
AW		 1407{
1408 RAMBlock *block;
1409 ram_addr_t last = 0;
1410
0dc3f44a
MD		 1411 rcu_read_lock();
1412 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1413 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1414 }
0dc3f44a 1415 rcu_read_unlock();
d17b5288
AW		 1416 return last;
1417}
1418
ddb97f1d
JB		 1419static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1420{
1421 int ret;
ddb97f1d
JB		 1422
1423 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1424 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1425 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1426 if (ret) {
1427 perror("qemu_madvise");
1428 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1429 "but dump_guest_core=off specified\n");
1430 }
1431 }
1432}
1433
0dc3f44a
MD		 1434/* Called within an RCU critical section, or while the ramlist lock
1435 * is held.
1436 */
20cfe881 1437static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1438{
20cfe881 1439 RAMBlock *block;
84b89d78 1440
0dc3f44a 1441 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1442 if (block->offset == addr) {
20cfe881 1443 return block;
c5705a77
AK		 1444 }
1445 }
20cfe881
HT		 1446
1447 return NULL;
1448}
1449
422148d3
DDAG		 1450const char *qemu_ram_get_idstr(RAMBlock *rb)
1451{
1452 return rb->idstr;
1453}
1454
ae3a7047 1455/* Called with iothread lock held. */
20cfe881
HT		 1456void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1457{
ae3a7047 1458 RAMBlock *new_block, *block;
20cfe881 1459
0dc3f44a 1460 rcu_read_lock();
ae3a7047 1461 new_block = find_ram_block(addr);
c5705a77
AK		 1462 assert(new_block);
1463 assert(!new_block->idstr[0]);
84b89d78 1464
09e5ab63
AL		 1465 if (dev) {
1466 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1467 if (id) {
1468 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1469 g_free(id);
84b89d78
CM		 1470 }
1471 }
1472 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1473
0dc3f44a 1474 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1475 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1476 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1477 new_block->idstr);
1478 abort();
1479 }
1480 }
0dc3f44a 1481 rcu_read_unlock();
c5705a77
AK		 1482}
1483
ae3a7047 1484/* Called with iothread lock held. */
20cfe881
HT		 1485void qemu_ram_unset_idstr(ram_addr_t addr)
1486{
ae3a7047 1487 RAMBlock *block;
20cfe881 1488
ae3a7047
MD		 1489 /* FIXME: arch_init.c assumes that this is not called throughout
1490 * migration. Ignore the problem since hot-unplug during migration
1491 * does not work anyway.
1492 */
1493
0dc3f44a 1494 rcu_read_lock();
ae3a7047 1495 block = find_ram_block(addr);
20cfe881
HT		 1496 if (block) {
1497 memset(block->idstr, 0, sizeof(block->idstr));
1498 }
0dc3f44a 1499 rcu_read_unlock();
20cfe881
HT		 1500}
1501
8490fc78
LC		 1502static int memory_try_enable_merging(void *addr, size_t len)
1503{
75cc7f01 1504 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1505 /* disabled by the user */
1506 return 0;
1507 }
1508
1509 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1510}
1511
62be4e3a
MT		 1512/* Only legal before guest might have detected the memory size: e.g. on
1513 * incoming migration, or right after reset.
1514 *
1515 * As memory core doesn't know how is memory accessed, it is up to
1516 * resize callback to update device state and/or add assertions to detect
1517 * misuse, if necessary.
1518 */
1519int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1520{
1521 RAMBlock *block = find_ram_block(base);
1522
1523 assert(block);
1524
4ed023ce 1525 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1526
62be4e3a
MT		 1527 if (block->used_length == newsize) {
1528 return 0;
1529 }
1530
1531 if (!(block->flags & RAM_RESIZEABLE)) {
1532 error_setg_errno(errp, EINVAL,
1533 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1534 " in != 0x" RAM_ADDR_FMT, block->idstr,
1535 newsize, block->used_length);
1536 return -EINVAL;
1537 }
1538
1539 if (block->max_length < newsize) {
1540 error_setg_errno(errp, EINVAL,
1541 "Length too large: %s: 0x" RAM_ADDR_FMT
1542 " > 0x" RAM_ADDR_FMT, block->idstr,
1543 newsize, block->max_length);
1544 return -EINVAL;
1545 }
1546
1547 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1548 block->used_length = newsize;
58d2707e
PB		 1549 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1550 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1551 memory_region_set_size(block->mr, newsize);
1552 if (block->resized) {
1553 block->resized(block->idstr, newsize, block->host);
1554 }
1555 return 0;
1556}
1557
5b82b703
SH		 1558/* Called with ram_list.mutex held */
1559static void dirty_memory_extend(ram_addr_t old_ram_size,
1560 ram_addr_t new_ram_size)
1561{
1562 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1563 DIRTY_MEMORY_BLOCK_SIZE);
1564 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1565 DIRTY_MEMORY_BLOCK_SIZE);
1566 int i;
1567
1568 /* Only need to extend if block count increased */
1569 if (new_num_blocks <= old_num_blocks) {
1570 return;
1571 }
1572
1573 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1574 DirtyMemoryBlocks *old_blocks;
1575 DirtyMemoryBlocks *new_blocks;
1576 int j;
1577
1578 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1579 new_blocks = g_malloc(sizeof(*new_blocks) +
1580 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1581
1582 if (old_num_blocks) {
1583 memcpy(new_blocks->blocks, old_blocks->blocks,
1584 old_num_blocks * sizeof(old_blocks->blocks[0]));
1585 }
1586
1587 for (j = old_num_blocks; j < new_num_blocks; j++) {
1588 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1589 }
1590
1591 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1592
1593 if (old_blocks) {
1594 g_free_rcu(old_blocks, rcu);
1595 }
1596 }
1597}
1598
528f46af 1599static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1600{
e1c57ab8 1601 RAMBlock *block;
0d53d9fe 1602 RAMBlock *last_block = NULL;
2152f5ca 1603 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1604 Error *err = NULL;
2152f5ca
JQ		 1605
1606 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1607
b2a8658e 1608 qemu_mutex_lock_ramlist();
9b8424d5 1609 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1610
1611 if (!new_block->host) {
1612 if (xen_enabled()) {
9b8424d5 1613 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1614 new_block->mr, &err);
1615 if (err) {
1616 error_propagate(errp, err);
1617 qemu_mutex_unlock_ramlist();
37aa7a0e 1618 }
e1c57ab8 1619 } else {
9b8424d5 1620 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1621 &new_block->mr->align);
39228250 1622 if (!new_block->host) {
ef701d7b
HT		 1623 error_setg_errno(errp, errno,
1624 "cannot set up guest memory '%s'",
1625 memory_region_name(new_block->mr));
1626 qemu_mutex_unlock_ramlist();
39228250 1627 }
9b8424d5 1628 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1629 }
c902760f 1630 }
94a6b54f 1631
dd631697
LZ		 1632 new_ram_size = MAX(old_ram_size,
1633 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1634 if (new_ram_size > old_ram_size) {
1635 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1636 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1637 }
0d53d9fe
MD		 1638 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1639 * QLIST (which has an RCU-friendly variant) does not have insertion at
1640 * tail, so save the last element in last_block.
1641 */
0dc3f44a 1642 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1643 last_block = block;
9b8424d5 1644 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1645 break;
1646 }
1647 }
1648 if (block) {
0dc3f44a 1649 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1650 } else if (last_block) {
0dc3f44a 1651 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1652 } else { /* list is empty */
0dc3f44a 1653 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1654 }
0d6d3c87 1655 ram_list.mru_block = NULL;
94a6b54f 1656
0dc3f44a
MD		 1657 /* Write list before version */
1658 smp_wmb();
f798b07f 1659 ram_list.version++;
b2a8658e 1660 qemu_mutex_unlock_ramlist();
f798b07f 1661
9b8424d5 1662 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1663 new_block->used_length,
1664 DIRTY_CLIENTS_ALL);
94a6b54f 1665
a904c911
PB		 1666 if (new_block->host) {
1667 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1668 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1669 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1670 if (kvm_enabled()) {
1671 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1672 }
e1c57ab8 1673 }
94a6b54f 1674}
e9a1ab19 1675
0b183fc8 1676#ifdef __linux__
528f46af
FZ		 1677RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1678 bool share, const char *mem_path,
1679 Error **errp)
e1c57ab8
PB		 1680{
1681 RAMBlock *new_block;
ef701d7b 1682 Error *local_err = NULL;
e1c57ab8
PB		 1683
1684 if (xen_enabled()) {
7f56e740 1685 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1686 return NULL;
e1c57ab8
PB		 1687 }
1688
1689 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1690 /*
1691 * file_ram_alloc() needs to allocate just like
1692 * phys_mem_alloc, but we haven't bothered to provide
1693 * a hook there.
1694 */
7f56e740
PB		 1695 error_setg(errp,
1696 "-mem-path not supported with this accelerator");
528f46af 1697 return NULL;
e1c57ab8
PB		 1698 }
1699
4ed023ce 1700 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1701 new_block = g_malloc0(sizeof(*new_block));
1702 new_block->mr = mr;
9b8424d5
MT		 1703 new_block->used_length = size;
1704 new_block->max_length = size;
dbcb8981 1705 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1706 new_block->host = file_ram_alloc(new_block, size,
1707 mem_path, errp);
1708 if (!new_block->host) {
1709 g_free(new_block);
528f46af 1710 return NULL;
7f56e740
PB		 1711 }
1712
528f46af 1713 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1714 if (local_err) {
1715 g_free(new_block);
1716 error_propagate(errp, local_err);
528f46af 1717 return NULL;
ef701d7b 1718 }
528f46af 1719 return new_block;
e1c57ab8 1720}
0b183fc8 1721#endif
e1c57ab8 1722
62be4e3a 1723static
528f46af
FZ		 1724RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1725 void (*resized)(const char*,
1726 uint64_t length,
1727 void *host),
1728 void *host, bool resizeable,
1729 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1730{
1731 RAMBlock *new_block;
ef701d7b 1732 Error *local_err = NULL;
e1c57ab8 1733
4ed023ce
DDAG		 1734 size = HOST_PAGE_ALIGN(size);
1735 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1736 new_block = g_malloc0(sizeof(*new_block));
1737 new_block->mr = mr;
62be4e3a 1738 new_block->resized = resized;
9b8424d5
MT		 1739 new_block->used_length = size;
1740 new_block->max_length = max_size;
62be4e3a 1741 assert(max_size >= size);
e1c57ab8
PB		 1742 new_block->fd = -1;
1743 new_block->host = host;
1744 if (host) {
7bd4f430 1745 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1746 }
62be4e3a
MT		 1747 if (resizeable) {
1748 new_block->flags |= RAM_RESIZEABLE;
1749 }
528f46af 1750 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1751 if (local_err) {
1752 g_free(new_block);
1753 error_propagate(errp, local_err);
528f46af 1754 return NULL;
ef701d7b 1755 }
528f46af 1756 return new_block;
e1c57ab8
PB		 1757}
1758
528f46af 1759RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1760 MemoryRegion *mr, Error **errp)
1761{
1762 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1763}
1764
528f46af 1765RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1766{
62be4e3a
MT		 1767 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1768}
1769
528f46af 1770RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1771 void (*resized)(const char*,
1772 uint64_t length,
1773 void *host),
1774 MemoryRegion *mr, Error **errp)
1775{
1776 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1777}
1778
43771539
PB		 1779static void reclaim_ramblock(RAMBlock *block)
1780{
1781 if (block->flags & RAM_PREALLOC) {
1782 ;
1783 } else if (xen_enabled()) {
1784 xen_invalidate_map_cache_entry(block->host);
1785#ifndef _WIN32
1786 } else if (block->fd >= 0) {
2f3a2bb1 1787 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1788 close(block->fd);
1789#endif
1790 } else {
1791 qemu_anon_ram_free(block->host, block->max_length);
1792 }
1793 g_free(block);
1794}
1795
f1060c55 1796void qemu_ram_free(RAMBlock *block)
e9a1ab19 1797{
b2a8658e 1798 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1799 QLIST_REMOVE_RCU(block, next);
1800 ram_list.mru_block = NULL;
1801 /* Write list before version */
1802 smp_wmb();
1803 ram_list.version++;
1804 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1805 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1806}
1807
cd19cfa2
HY		 1808#ifndef _WIN32
1809void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1810{
1811 RAMBlock *block;
1812 ram_addr_t offset;
1813 int flags;
1814 void *area, *vaddr;
1815
0dc3f44a 1816 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1817 offset = addr - block->offset;
9b8424d5 1818 if (offset < block->max_length) {
1240be24 1819 vaddr = ramblock_ptr(block, offset);
7bd4f430 1820 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1821 ;
dfeaf2ab
MA		 1822 } else if (xen_enabled()) {
1823 abort();
cd19cfa2
HY		 1824 } else {
1825 flags = MAP_FIXED;
3435f395 1826 if (block->fd >= 0) {
dbcb8981
PB		 1827 flags |= (block->flags & RAM_SHARED ?
1828 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1829 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1830 flags, block->fd, offset);
cd19cfa2 1831 } else {
2eb9fbaa
MA		 1832 /*
1833 * Remap needs to match alloc. Accelerators that
1834 * set phys_mem_alloc never remap. If they did,
1835 * we'd need a remap hook here.
1836 */
1837 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1838
cd19cfa2
HY		 1839 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1840 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1841 flags, -1, 0);
cd19cfa2
HY		 1842 }
1843 if (area != vaddr) {
f15fbc4b
AP		 1844 fprintf(stderr, "Could not remap addr: "
1845 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1846 length, addr);
1847 exit(1);
1848 }
8490fc78 1849 memory_try_enable_merging(vaddr, length);
ddb97f1d 1850 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1851 }
cd19cfa2
HY		 1852 }
1853 }
1854}
1855#endif /* !_WIN32 */
1856
a35ba7be
PB		 1857int qemu_get_ram_fd(ram_addr_t addr)
1858{
ae3a7047
MD		 1859 RAMBlock *block;
1860 int fd;
a35ba7be 1861
0dc3f44a 1862 rcu_read_lock();
ae3a7047
MD		 1863 block = qemu_get_ram_block(addr);
1864 fd = block->fd;
0dc3f44a 1865 rcu_read_unlock();
ae3a7047 1866 return fd;
a35ba7be
PB		 1867}
1868
56a571d9
TM		 1869void qemu_set_ram_fd(ram_addr_t addr, int fd)
1870{
1871 RAMBlock *block;
1872
1873 rcu_read_lock();
1874 block = qemu_get_ram_block(addr);
1875 block->fd = fd;
1876 rcu_read_unlock();
1877}
1878
3fd74b84
DM		 1879void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1880{
ae3a7047
MD		 1881 RAMBlock *block;
1882 void *ptr;
3fd74b84 1883
0dc3f44a 1884 rcu_read_lock();
ae3a7047
MD		 1885 block = qemu_get_ram_block(addr);
1886 ptr = ramblock_ptr(block, 0);
0dc3f44a 1887 rcu_read_unlock();
ae3a7047 1888 return ptr;
3fd74b84
DM		 1889}
1890
1b5ec234 1891/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1892 * This should not be used for general purpose DMA. Use address_space_map
1893 * or address_space_rw instead. For local memory (e.g. video ram) that the
1894 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1895 *
49b24afc 1896 * Called within RCU critical section.
1b5ec234 1897 */
3655cb9c 1898void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1899{
3655cb9c
GA		 1900 RAMBlock *block = ram_block;
1901
1902 if (block == NULL) {
1903 block = qemu_get_ram_block(addr);
1904 }
ae3a7047
MD		 1905
1906 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1907 /* We need to check if the requested address is in the RAM
1908 * because we don't want to map the entire memory in QEMU.
1909 * In that case just map until the end of the page.
1910 */
1911 if (block->offset == 0) {
49b24afc 1912 return xen_map_cache(addr, 0, 0);
0d6d3c87 1913 }
ae3a7047
MD		 1914
1915 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1916 }
49b24afc 1917 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1918}
1919
38bee5dc 1920/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1921 * but takes a size argument.
0dc3f44a 1922 *
e81bcda5 1923 * Called within RCU critical section.
ae3a7047 1924 */
3655cb9c
GA		 1925static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1926 hwaddr *size)
38bee5dc 1927{
3655cb9c 1928 RAMBlock *block = ram_block;
e81bcda5 1929 ram_addr_t offset_inside_block;
8ab934f9
SS		 1930 if (*size == 0) {
1931 return NULL;
1932 }
e81bcda5 1933
3655cb9c
GA		 1934 if (block == NULL) {
1935 block = qemu_get_ram_block(addr);
1936 }
e81bcda5
PB		 1937 offset_inside_block = addr - block->offset;
1938 *size = MIN(*size, block->max_length - offset_inside_block);
1939
1940 if (xen_enabled() && block->host == NULL) {
1941 /* We need to check if the requested address is in the RAM
1942 * because we don't want to map the entire memory in QEMU.
1943 * In that case just map the requested area.
1944 */
1945 if (block->offset == 0) {
1946 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1947 }
1948
e81bcda5 1949 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1950 }
e81bcda5
PB		 1951
1952 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1953}
1954
422148d3
DDAG		 1955/*
1956 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1957 * in that RAMBlock.
1958 *
1959 * ptr: Host pointer to look up
1960 * round_offset: If true round the result offset down to a page boundary
1961 * *ram_addr: set to result ram_addr
1962 * *offset: set to result offset within the RAMBlock
1963 *
1964 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1965 *
1966 * By the time this function returns, the returned pointer is not protected
1967 * by RCU anymore. If the caller is not within an RCU critical section and
1968 * does not hold the iothread lock, it must have other means of protecting the
1969 * pointer, such as a reference to the region that includes the incoming
1970 * ram_addr_t.
1971 */
422148d3
DDAG		 1972RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1973 ram_addr_t *ram_addr,
1974 ram_addr_t *offset)
5579c7f3 1975{
94a6b54f
PB		 1976 RAMBlock *block;
1977 uint8_t *host = ptr;
1978
868bb33f 1979 if (xen_enabled()) {
0dc3f44a 1980 rcu_read_lock();
e41d7c69 1981 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1982 block = qemu_get_ram_block(*ram_addr);
1983 if (block) {
1984 *offset = (host - block->host);
1985 }
0dc3f44a 1986 rcu_read_unlock();
422148d3 1987 return block;
712c2b41
SS		 1988 }
1989
0dc3f44a
MD		 1990 rcu_read_lock();
1991 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1992 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1993 goto found;
1994 }
1995
0dc3f44a 1996 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1997 /* This case append when the block is not mapped. */
1998 if (block->host == NULL) {
1999 continue;
2000 }
9b8424d5 2001 if (host - block->host < block->max_length) {
23887b79 2002 goto found;
f471a17e 2003 }
94a6b54f 2004 }
432d268c 2005
0dc3f44a 2006 rcu_read_unlock();
1b5ec234 2007 return NULL;
23887b79
PB		 2008
2009found:
422148d3
DDAG		 2010 *offset = (host - block->host);
2011 if (round_offset) {
2012 *offset &= TARGET_PAGE_MASK;
2013 }
2014 *ram_addr = block->offset + *offset;
0dc3f44a 2015 rcu_read_unlock();
422148d3
DDAG		 2016 return block;
2017}
2018
e3dd7493
DDAG		 2019/*
2020 * Finds the named RAMBlock
2021 *
2022 * name: The name of RAMBlock to find
2023 *
2024 * Returns: RAMBlock (or NULL if not found)
2025 */
2026RAMBlock *qemu_ram_block_by_name(const char *name)
2027{
2028 RAMBlock *block;
2029
2030 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
2031 if (!strcmp(name, block->idstr)) {
2032 return block;
2033 }
2034 }
2035
2036 return NULL;
2037}
2038
422148d3
DDAG		 2039/* Some of the softmmu routines need to translate from a host pointer
2040 (typically a TLB entry) back to a ram offset. */
2041MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2042{
2043 RAMBlock *block;
2044 ram_addr_t offset; /* Not used */
2045
2046 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2047
2048 if (!block) {
2049 return NULL;
2050 }
2051
2052 return block->mr;
e890261f 2053}
f471a17e 2054
49b24afc 2055/* Called within RCU critical section. */
a8170e5e 2056static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2057 uint64_t val, unsigned size)
9fa3e853 2058{
52159192 2059 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2060 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2061 }
0e0df1e2
AK		 2062 switch (size) {
2063 case 1:
3655cb9c 2064 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2065 break;
2066 case 2:
3655cb9c 2067 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2068 break;
2069 case 4:
3655cb9c 2070 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2071 break;
2072 default:
2073 abort();
3a7d929e 2074 }
58d2707e
PB		 2075 /* Set both VGA and migration bits for simplicity and to remove
2076 * the notdirty callback faster.
2077 */
2078 cpu_physical_memory_set_dirty_range(ram_addr, size,
2079 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2080 /* we remove the notdirty callback only if the code has been
2081 flushed */
a2cd8c85 2082 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2083 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2084 }
9fa3e853
FB		 2085}
2086
b018ddf6
PB		 2087static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2088 unsigned size, bool is_write)
2089{
2090 return is_write;
2091}
2092
0e0df1e2 2093static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2094 .write = notdirty_mem_write,
b018ddf6 2095 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2096 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2097};
2098
0f459d16 2099/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2100static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2101{
93afeade 2102 CPUState *cpu = current_cpu;
568496c0 2103 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2104 CPUArchState *env = cpu->env_ptr;
06d55cc1 2105 target_ulong pc, cs_base;
0f459d16 2106 target_ulong vaddr;
a1d1bb31 2107 CPUWatchpoint *wp;
06d55cc1 2108 int cpu_flags;
0f459d16 2109
ff4700b0 2110 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2111 /* We re-entered the check after replacing the TB. Now raise
2112 * the debug interrupt so that is will trigger after the
2113 * current instruction. */
93afeade 2114 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2115 return;
2116 }
93afeade 2117 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2118 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2119 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2120 && (wp->flags & flags)) {
08225676
PM		 2121 if (flags == BP_MEM_READ) {
2122 wp->flags |= BP_WATCHPOINT_HIT_READ;
2123 } else {
2124 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2125 }
2126 wp->hitaddr = vaddr;
66b9b43c 2127 wp->hitattrs = attrs;
ff4700b0 2128 if (!cpu->watchpoint_hit) {
568496c0
SF		 2129 if (wp->flags & BP_CPU &&
2130 !cc->debug_check_watchpoint(cpu, wp)) {
2131 wp->flags &= ~BP_WATCHPOINT_HIT;
2132 continue;
2133 }
ff4700b0 2134 cpu->watchpoint_hit = wp;
239c51a5 2135 tb_check_watchpoint(cpu);
6e140f28 2136 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2137 cpu->exception_index = EXCP_DEBUG;
5638d180 2138 cpu_loop_exit(cpu);
6e140f28
AL		 2139 } else {
2140 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2141 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2142 cpu_resume_from_signal(cpu, NULL);
6e140f28 2143 }
06d55cc1 2144 }
6e140f28
AL		 2145 } else {
2146 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2147 }
2148 }
2149}
2150
6658ffb8
PB		 2151/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2152 so these check for a hit then pass through to the normal out-of-line
2153 phys routines. */
66b9b43c
PM		 2154static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2155 unsigned size, MemTxAttrs attrs)
6658ffb8 2156{
66b9b43c
PM		 2157 MemTxResult res;
2158 uint64_t data;
79ed0416
PM		 2159 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2160 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2161
2162 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2163 switch (size) {
66b9b43c 2164 case 1:
79ed0416 2165 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2166 break;
2167 case 2:
79ed0416 2168 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2169 break;
2170 case 4:
79ed0416 2171 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2172 break;
1ec9b909
AK		 2173 default: abort();
2174 }
66b9b43c
PM		 2175 *pdata = data;
2176 return res;
6658ffb8
PB		 2177}
2178
66b9b43c
PM		 2179static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2180 uint64_t val, unsigned size,
2181 MemTxAttrs attrs)
6658ffb8 2182{
66b9b43c 2183 MemTxResult res;
79ed0416
PM		 2184 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2185 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2186
2187 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2188 switch (size) {
67364150 2189 case 1:
79ed0416 2190 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2191 break;
2192 case 2:
79ed0416 2193 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2194 break;
2195 case 4:
79ed0416 2196 address_space_stl(as, addr, val, attrs, &res);
67364150 2197 break;
1ec9b909
AK		 2198 default: abort();
2199 }
66b9b43c 2200 return res;
6658ffb8
PB		 2201}
2202
1ec9b909 2203static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2204 .read_with_attrs = watch_mem_read,
2205 .write_with_attrs = watch_mem_write,
1ec9b909 2206 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2207};
6658ffb8 2208
f25a49e0
PM		 2209static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2210 unsigned len, MemTxAttrs attrs)
db7b5426 2211{
acc9d80b 2212 subpage_t *subpage = opaque;
ff6cff75 2213 uint8_t buf[8];
5c9eb028 2214 MemTxResult res;
791af8c8 2215
db7b5426 2216#if defined(DEBUG_SUBPAGE)
016e9d62 2217 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2218 subpage, len, addr);
db7b5426 2219#endif
5c9eb028
PM		 2220 res = address_space_read(subpage->as, addr + subpage->base,
2221 attrs, buf, len);
2222 if (res) {
2223 return res;
f25a49e0 2224 }
acc9d80b
JK		 2225 switch (len) {
2226 case 1:
f25a49e0
PM		 2227 *data = ldub_p(buf);
2228 return MEMTX_OK;
acc9d80b 2229 case 2:
f25a49e0
PM		 2230 *data = lduw_p(buf);
2231 return MEMTX_OK;
acc9d80b 2232 case 4:
f25a49e0
PM		 2233 *data = ldl_p(buf);
2234 return MEMTX_OK;
ff6cff75 2235 case 8:
f25a49e0
PM		 2236 *data = ldq_p(buf);
2237 return MEMTX_OK;
acc9d80b
JK		 2238 default:
2239 abort();
2240 }
db7b5426
BS		 2241}
2242
f25a49e0
PM		 2243static MemTxResult subpage_write(void *opaque, hwaddr addr,
2244 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2245{
acc9d80b 2246 subpage_t *subpage = opaque;
ff6cff75 2247 uint8_t buf[8];
acc9d80b 2248
db7b5426 2249#if defined(DEBUG_SUBPAGE)
016e9d62 2250 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2251 " value %"PRIx64"\n",
2252 __func__, subpage, len, addr, value);
db7b5426 2253#endif
acc9d80b
JK		 2254 switch (len) {
2255 case 1:
2256 stb_p(buf, value);
2257 break;
2258 case 2:
2259 stw_p(buf, value);
2260 break;
2261 case 4:
2262 stl_p(buf, value);
2263 break;
ff6cff75
PB		 2264 case 8:
2265 stq_p(buf, value);
2266 break;
acc9d80b
JK		 2267 default:
2268 abort();
2269 }
5c9eb028
PM		 2270 return address_space_write(subpage->as, addr + subpage->base,
2271 attrs, buf, len);
db7b5426
BS		 2272}
2273
c353e4cc 2274static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2275 unsigned len, bool is_write)
c353e4cc 2276{
acc9d80b 2277 subpage_t *subpage = opaque;
c353e4cc 2278#if defined(DEBUG_SUBPAGE)
016e9d62 2279 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2280 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2281#endif
2282
acc9d80b 2283 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2284 len, is_write);
c353e4cc
PB		 2285}
2286
70c68e44 2287static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2288 .read_with_attrs = subpage_read,
2289 .write_with_attrs = subpage_write,
ff6cff75
PB		 2290 .impl.min_access_size = 1,
2291 .impl.max_access_size = 8,
2292 .valid.min_access_size = 1,
2293 .valid.max_access_size = 8,
c353e4cc 2294 .valid.accepts = subpage_accepts,
70c68e44 2295 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2296};
2297
c227f099 2298static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2299 uint16_t section)
db7b5426
BS		 2300{
2301 int idx, eidx;
2302
2303 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2304 return -1;
2305 idx = SUBPAGE_IDX(start);
2306 eidx = SUBPAGE_IDX(end);
2307#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2308 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2309 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2310#endif
db7b5426 2311 for (; idx <= eidx; idx++) {
5312bd8b 2312 mmio->sub_section[idx] = section;
db7b5426
BS		 2313 }
2314
2315 return 0;
2316}
2317
acc9d80b 2318static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2319{
c227f099 2320 subpage_t *mmio;
db7b5426 2321
7267c094 2322 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2323
acc9d80b 2324 mmio->as = as;
1eec614b 2325 mmio->base = base;
2c9b15ca 2326 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2327 NULL, TARGET_PAGE_SIZE);
b3b00c78 2328 mmio->iomem.subpage = true;
db7b5426 2329#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2330 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2331 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2332#endif
b41aac4f 2333 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2334
2335 return mmio;
2336}
2337
a656e22f
PC		 2338static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2339 MemoryRegion *mr)
5312bd8b 2340{
a656e22f 2341 assert(as);
5312bd8b 2342 MemoryRegionSection section = {
a656e22f 2343 .address_space = as,
5312bd8b
AK		 2344 .mr = mr,
2345 .offset_within_address_space = 0,
2346 .offset_within_region = 0,
052e87b0 2347 .size = int128_2_64(),
5312bd8b
AK		 2348 };
2349
53cb28cb 2350 return phys_section_add(map, &section);
5312bd8b
AK		 2351}
2352
a54c87b6 2353MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2354{
a54c87b6
PM		 2355 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2356 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2357 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2358 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2359
2360 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2361}
2362
e9179ce1
AK		 2363static void io_mem_init(void)
2364{
1f6245e5 2365 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2366 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2367 NULL, UINT64_MAX);
2c9b15ca 2368 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2369 NULL, UINT64_MAX);
2c9b15ca 2370 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2371 NULL, UINT64_MAX);
e9179ce1
AK		 2372}
2373
ac1970fb 2374static void mem_begin(MemoryListener *listener)
00752703
PB		 2375{
2376 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2377 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2378 uint16_t n;
2379
a656e22f 2380 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2381 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2382 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2383 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2384 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2385 assert(n == PHYS_SECTION_ROM);
a656e22f 2386 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2387 assert(n == PHYS_SECTION_WATCH);
00752703 2388
9736e55b 2389 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2390 d->as = as;
2391 as->next_dispatch = d;
2392}
2393
79e2b9ae
PB		 2394static void address_space_dispatch_free(AddressSpaceDispatch *d)
2395{
2396 phys_sections_free(&d->map);
2397 g_free(d);
2398}
2399
00752703 2400static void mem_commit(MemoryListener *listener)
ac1970fb 2401{
89ae337a 2402 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2403 AddressSpaceDispatch *cur = as->dispatch;
2404 AddressSpaceDispatch *next = as->next_dispatch;
2405
53cb28cb 2406 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2407
79e2b9ae 2408 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2409 if (cur) {
79e2b9ae 2410 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2411 }
9affd6fc
PB		 2412}
2413
1d71148e 2414static void tcg_commit(MemoryListener *listener)
50c1e149 2415{
32857f4d
PM		 2416 CPUAddressSpace *cpuas;
2417 AddressSpaceDispatch *d;
117712c3
AK		 2418
2419 /* since each CPU stores ram addresses in its TLB cache, we must
2420 reset the modified entries */
32857f4d
PM		 2421 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2422 cpu_reloading_memory_map();
2423 /* The CPU and TLB are protected by the iothread lock.
2424 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2425 * may have split the RCU critical section.
2426 */
2427 d = atomic_rcu_read(&cpuas->as->dispatch);
2428 cpuas->memory_dispatch = d;
2429 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2430}
2431
ac1970fb
AK		 2432void address_space_init_dispatch(AddressSpace *as)
2433{
00752703 2434 as->dispatch = NULL;
89ae337a 2435 as->dispatch_listener = (MemoryListener) {
ac1970fb 2436 .begin = mem_begin,
00752703 2437 .commit = mem_commit,
ac1970fb
AK		 2438 .region_add = mem_add,
2439 .region_nop = mem_add,
2440 .priority = 0,
2441 };
89ae337a 2442 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2443}
2444
6e48e8f9
PB		 2445void address_space_unregister(AddressSpace *as)
2446{
2447 memory_listener_unregister(&as->dispatch_listener);
2448}
2449
83f3c251
AK		 2450void address_space_destroy_dispatch(AddressSpace *as)
2451{
2452 AddressSpaceDispatch *d = as->dispatch;
2453
79e2b9ae
PB		 2454 atomic_rcu_set(&as->dispatch, NULL);
2455 if (d) {
2456 call_rcu(d, address_space_dispatch_free, rcu);
2457 }
83f3c251
AK		 2458}
2459
62152b8a
AK		 2460static void memory_map_init(void)
2461{
7267c094 2462 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2463
57271d63 2464 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2465 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2466
7267c094 2467 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2468 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2469 65536);
7dca8043 2470 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2471}
2472
2473MemoryRegion *get_system_memory(void)
2474{
2475 return system_memory;
2476}
2477
309cb471
AK		 2478MemoryRegion *get_system_io(void)
2479{
2480 return system_io;
2481}
2482
e2eef170
PB		 2483#endif /* !defined(CONFIG_USER_ONLY) */
2484
13eb76e0
FB		 2485/* physical memory access (slow version, mainly for debug) */
2486#if defined(CONFIG_USER_ONLY)
f17ec444 2487int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2488 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2489{
2490 int l, flags;
2491 target_ulong page;
53a5960a 2492 void * p;
13eb76e0
FB		 2493
2494 while (len > 0) {
2495 page = addr & TARGET_PAGE_MASK;
2496 l = (page + TARGET_PAGE_SIZE) - addr;
2497 if (l > len)
2498 l = len;
2499 flags = page_get_flags(page);
2500 if (!(flags & PAGE_VALID))
a68fe89c 2501 return -1;
13eb76e0
FB		 2502 if (is_write) {
2503 if (!(flags & PAGE_WRITE))
a68fe89c 2504 return -1;
579a97f7 2505 /* XXX: this code should not depend on lock_user */
72fb7daa 2506 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2507 return -1;
72fb7daa
AJ		 2508 memcpy(p, buf, l);
2509 unlock_user(p, addr, l);
13eb76e0
FB		 2510 } else {
2511 if (!(flags & PAGE_READ))
a68fe89c 2512 return -1;
579a97f7 2513 /* XXX: this code should not depend on lock_user */
72fb7daa 2514 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2515 return -1;
72fb7daa 2516 memcpy(buf, p, l);
5b257578 2517 unlock_user(p, addr, 0);
13eb76e0
FB		 2518 }
2519 len -= l;
2520 buf += l;
2521 addr += l;
2522 }
a68fe89c 2523 return 0;
13eb76e0 2524}
8df1cd07 2525
13eb76e0 2526#else
51d7a9eb 2527
845b6214 2528static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2529 hwaddr length)
51d7a9eb 2530{
e87f7778
PB		 2531 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2532 /* No early return if dirty_log_mask is or becomes 0, because
2533 * cpu_physical_memory_set_dirty_range will still call
2534 * xen_modified_memory.
2535 */
2536 if (dirty_log_mask) {
2537 dirty_log_mask =
2538 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2539 }
2540 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2541 tb_invalidate_phys_range(addr, addr + length);
2542 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2543 }
e87f7778 2544 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2545}
2546
23326164 2547static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2548{
e1622f4b 2549 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2550
2551 /* Regions are assumed to support 1-4 byte accesses unless
2552 otherwise specified. */
23326164
RH		 2553 if (access_size_max == 0) {
2554 access_size_max = 4;
2555 }
2556
2557 /* Bound the maximum access by the alignment of the address. */
2558 if (!mr->ops->impl.unaligned) {
2559 unsigned align_size_max = addr & -addr;
2560 if (align_size_max != 0 && align_size_max < access_size_max) {
2561 access_size_max = align_size_max;
2562 }
82f2563f 2563 }
23326164
RH		 2564
2565 /* Don't attempt accesses larger than the maximum. */
2566 if (l > access_size_max) {
2567 l = access_size_max;
82f2563f 2568 }
6554f5c0 2569 l = pow2floor(l);
23326164
RH		 2570
2571 return l;
82f2563f
PB		 2572}
2573
4840f10e 2574static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2575{
4840f10e
JK		 2576 bool unlocked = !qemu_mutex_iothread_locked();
2577 bool release_lock = false;
2578
2579 if (unlocked && mr->global_locking) {
2580 qemu_mutex_lock_iothread();
2581 unlocked = false;
2582 release_lock = true;
2583 }
125b3806 2584 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2585 if (unlocked) {
2586 qemu_mutex_lock_iothread();
2587 }
125b3806 2588 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2589 if (unlocked) {
2590 qemu_mutex_unlock_iothread();
2591 }
125b3806 2592 }
4840f10e
JK		 2593
2594 return release_lock;
125b3806
PB		 2595}
2596
a203ac70
PB		 2597/* Called within RCU critical section. */
2598static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2599 MemTxAttrs attrs,
2600 const uint8_t *buf,
2601 int len, hwaddr addr1,
2602 hwaddr l, MemoryRegion *mr)
13eb76e0 2603{
13eb76e0 2604 uint8_t *ptr;
791af8c8 2605 uint64_t val;
3b643495 2606 MemTxResult result = MEMTX_OK;
4840f10e 2607 bool release_lock = false;
3b46e624 2608
a203ac70 2609 for (;;) {
eb7eeb88
PB		 2610 if (!memory_access_is_direct(mr, true)) {
2611 release_lock |= prepare_mmio_access(mr);
2612 l = memory_access_size(mr, l, addr1);
2613 /* XXX: could force current_cpu to NULL to avoid
2614 potential bugs */
2615 switch (l) {
2616 case 8:
2617 /* 64 bit write access */
2618 val = ldq_p(buf);
2619 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2620 attrs);
2621 break;
2622 case 4:
2623 /* 32 bit write access */
2624 val = ldl_p(buf);
2625 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2626 attrs);
2627 break;
2628 case 2:
2629 /* 16 bit write access */
2630 val = lduw_p(buf);
2631 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2632 attrs);
2633 break;
2634 case 1:
2635 /* 8 bit write access */
2636 val = ldub_p(buf);
2637 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2638 attrs);
2639 break;
2640 default:
2641 abort();
13eb76e0
FB		 2642 }
2643 } else {
eb7eeb88
PB		 2644 addr1 += memory_region_get_ram_addr(mr);
2645 /* RAM case */
3655cb9c 2646 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2647 memcpy(ptr, buf, l);
2648 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2649 }
4840f10e
JK		 2650
2651 if (release_lock) {
2652 qemu_mutex_unlock_iothread();
2653 release_lock = false;
2654 }
2655
13eb76e0
FB		 2656 len -= l;
2657 buf += l;
2658 addr += l;
a203ac70
PB		 2659
2660 if (!len) {
2661 break;
2662 }
2663
2664 l = len;
2665 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2666 }
fd8aaa76 2667
3b643495 2668 return result;
13eb76e0 2669}
8df1cd07 2670
a203ac70
PB		 2671MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2672 const uint8_t *buf, int len)
ac1970fb 2673{
eb7eeb88 2674 hwaddr l;
eb7eeb88
PB		 2675 hwaddr addr1;
2676 MemoryRegion *mr;
2677 MemTxResult result = MEMTX_OK;
eb7eeb88 2678
a203ac70
PB		 2679 if (len > 0) {
2680 rcu_read_lock();
eb7eeb88 2681 l = len;
a203ac70
PB		 2682 mr = address_space_translate(as, addr, &addr1, &l, true);
2683 result = address_space_write_continue(as, addr, attrs, buf, len,
2684 addr1, l, mr);
2685 rcu_read_unlock();
2686 }
2687
2688 return result;
2689}
2690
2691/* Called within RCU critical section. */
2692MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2693 MemTxAttrs attrs, uint8_t *buf,
2694 int len, hwaddr addr1, hwaddr l,
2695 MemoryRegion *mr)
2696{
2697 uint8_t *ptr;
2698 uint64_t val;
2699 MemTxResult result = MEMTX_OK;
2700 bool release_lock = false;
eb7eeb88 2701
a203ac70 2702 for (;;) {
eb7eeb88
PB		 2703 if (!memory_access_is_direct(mr, false)) {
2704 /* I/O case */
2705 release_lock |= prepare_mmio_access(mr);
2706 l = memory_access_size(mr, l, addr1);
2707 switch (l) {
2708 case 8:
2709 /* 64 bit read access */
2710 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2711 attrs);
2712 stq_p(buf, val);
2713 break;
2714 case 4:
2715 /* 32 bit read access */
2716 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2717 attrs);
2718 stl_p(buf, val);
2719 break;
2720 case 2:
2721 /* 16 bit read access */
2722 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2723 attrs);
2724 stw_p(buf, val);
2725 break;
2726 case 1:
2727 /* 8 bit read access */
2728 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2729 attrs);
2730 stb_p(buf, val);
2731 break;
2732 default:
2733 abort();
2734 }
2735 } else {
2736 /* RAM case */
8e41fb63
FZ		 2737 ptr = qemu_get_ram_ptr(mr->ram_block,
2738 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2739 memcpy(buf, ptr, l);
2740 }
2741
2742 if (release_lock) {
2743 qemu_mutex_unlock_iothread();
2744 release_lock = false;
2745 }
2746
2747 len -= l;
2748 buf += l;
2749 addr += l;
a203ac70
PB		 2750
2751 if (!len) {
2752 break;
2753 }
2754
2755 l = len;
2756 mr = address_space_translate(as, addr, &addr1, &l, false);
2757 }
2758
2759 return result;
2760}
2761
3cc8f884
PB		 2762MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2763 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2764{
2765 hwaddr l;
2766 hwaddr addr1;
2767 MemoryRegion *mr;
2768 MemTxResult result = MEMTX_OK;
2769
2770 if (len > 0) {
2771 rcu_read_lock();
2772 l = len;
2773 mr = address_space_translate(as, addr, &addr1, &l, false);
2774 result = address_space_read_continue(as, addr, attrs, buf, len,
2775 addr1, l, mr);
2776 rcu_read_unlock();
eb7eeb88 2777 }
eb7eeb88
PB		 2778
2779 return result;
ac1970fb
AK		 2780}
2781
eb7eeb88
PB		 2782MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2783 uint8_t *buf, int len, bool is_write)
2784{
2785 if (is_write) {
2786 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2787 } else {
2788 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2789 }
2790}
ac1970fb 2791
a8170e5e 2792void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2793 int len, int is_write)
2794{
5c9eb028
PM		 2795 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2796 buf, len, is_write);
ac1970fb
AK		 2797}
2798
582b55a9
AG		 2799enum write_rom_type {
2800 WRITE_DATA,
2801 FLUSH_CACHE,
2802};
2803
2a221651 2804static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2805 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2806{
149f54b5 2807 hwaddr l;
d0ecd2aa 2808 uint8_t *ptr;
149f54b5 2809 hwaddr addr1;
5c8a00ce 2810 MemoryRegion *mr;
3b46e624 2811
41063e1e 2812 rcu_read_lock();
d0ecd2aa 2813 while (len > 0) {
149f54b5 2814 l = len;
2a221651 2815 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2816
5c8a00ce
PB		 2817 if (!(memory_region_is_ram(mr) ||
2818 memory_region_is_romd(mr))) {
b242e0e0 2819 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2820 } else {
5c8a00ce 2821 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2822 /* ROM/RAM case */
3655cb9c 2823 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2824 switch (type) {
2825 case WRITE_DATA:
2826 memcpy(ptr, buf, l);
845b6214 2827 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2828 break;
2829 case FLUSH_CACHE:
2830 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2831 break;
2832 }
d0ecd2aa
FB		 2833 }
2834 len -= l;
2835 buf += l;
2836 addr += l;
2837 }
41063e1e 2838 rcu_read_unlock();
d0ecd2aa
FB		 2839}
2840
582b55a9 2841/* used for ROM loading : can write in RAM and ROM */
2a221651 2842void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2843 const uint8_t *buf, int len)
2844{
2a221651 2845 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2846}
2847
2848void cpu_flush_icache_range(hwaddr start, int len)
2849{
2850 /*
2851 * This function should do the same thing as an icache flush that was
2852 * triggered from within the guest. For TCG we are always cache coherent,
2853 * so there is no need to flush anything. For KVM / Xen we need to flush
2854 * the host's instruction cache at least.
2855 */
2856 if (tcg_enabled()) {
2857 return;
2858 }
2859
2a221651
EI		 2860 cpu_physical_memory_write_rom_internal(&address_space_memory,
2861 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2862}
2863
6d16c2f8 2864typedef struct {
d3e71559 2865 MemoryRegion *mr;
6d16c2f8 2866 void *buffer;
a8170e5e
AK		 2867 hwaddr addr;
2868 hwaddr len;
c2cba0ff 2869 bool in_use;
6d16c2f8
AL		 2870} BounceBuffer;
2871
2872static BounceBuffer bounce;
2873
ba223c29 2874typedef struct MapClient {
e95205e1 2875 QEMUBH *bh;
72cf2d4f 2876 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2877} MapClient;
2878
38e047b5 2879QemuMutex map_client_list_lock;
72cf2d4f
BS		 2880static QLIST_HEAD(map_client_list, MapClient) map_client_list
2881 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2882
e95205e1
FZ		 2883static void cpu_unregister_map_client_do(MapClient *client)
2884{
2885 QLIST_REMOVE(client, link);
2886 g_free(client);
2887}
2888
33b6c2ed
FZ		 2889static void cpu_notify_map_clients_locked(void)
2890{
2891 MapClient *client;
2892
2893 while (!QLIST_EMPTY(&map_client_list)) {
2894 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2895 qemu_bh_schedule(client->bh);
2896 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2897 }
2898}
2899
e95205e1 2900void cpu_register_map_client(QEMUBH *bh)
ba223c29 2901{
7267c094 2902 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2903
38e047b5 2904 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2905 client->bh = bh;
72cf2d4f 2906 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2907 if (!atomic_read(&bounce.in_use)) {
2908 cpu_notify_map_clients_locked();
2909 }
38e047b5 2910 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2911}
2912
38e047b5 2913void cpu_exec_init_all(void)
ba223c29 2914{
38e047b5 2915 qemu_mutex_init(&ram_list.mutex);
38e047b5 2916 io_mem_init();
680a4783 2917 memory_map_init();
38e047b5 2918 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2919}
2920
e95205e1 2921void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2922{
2923 MapClient *client;
2924
e95205e1
FZ		 2925 qemu_mutex_lock(&map_client_list_lock);
2926 QLIST_FOREACH(client, &map_client_list, link) {
2927 if (client->bh == bh) {
2928 cpu_unregister_map_client_do(client);
2929 break;
2930 }
ba223c29 2931 }
e95205e1 2932 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2933}
2934
2935static void cpu_notify_map_clients(void)
2936{
38e047b5 2937 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2938 cpu_notify_map_clients_locked();
38e047b5 2939 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2940}
2941
51644ab7
PB		 2942bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2943{
5c8a00ce 2944 MemoryRegion *mr;
51644ab7
PB		 2945 hwaddr l, xlat;
2946
41063e1e 2947 rcu_read_lock();
51644ab7
PB		 2948 while (len > 0) {
2949 l = len;
5c8a00ce
PB		 2950 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2951 if (!memory_access_is_direct(mr, is_write)) {
2952 l = memory_access_size(mr, l, addr);
2953 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2954 return false;
2955 }
2956 }
2957
2958 len -= l;
2959 addr += l;
2960 }
41063e1e 2961 rcu_read_unlock();
51644ab7
PB		 2962 return true;
2963}
2964
6d16c2f8
AL		 2965/* Map a physical memory region into a host virtual address.
2966 * May map a subset of the requested range, given by and returned in *plen.
2967 * May return NULL if resources needed to perform the mapping are exhausted.
2968 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2969 * Use cpu_register_map_client() to know when retrying the map operation is
2970 * likely to succeed.
6d16c2f8 2971 */
ac1970fb 2972void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2973 hwaddr addr,
2974 hwaddr *plen,
ac1970fb 2975 bool is_write)
6d16c2f8 2976{
a8170e5e 2977 hwaddr len = *plen;
e3127ae0
PB		 2978 hwaddr done = 0;
2979 hwaddr l, xlat, base;
2980 MemoryRegion *mr, *this_mr;
2981 ram_addr_t raddr;
e81bcda5 2982 void *ptr;
6d16c2f8 2983
e3127ae0
PB		 2984 if (len == 0) {
2985 return NULL;
2986 }
38bee5dc 2987
e3127ae0 2988 l = len;
41063e1e 2989 rcu_read_lock();
e3127ae0 2990 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2991
e3127ae0 2992 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2993 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2994 rcu_read_unlock();
e3127ae0 2995 return NULL;
6d16c2f8 2996 }
e85d9db5
KW		 2997 /* Avoid unbounded allocations */
2998 l = MIN(l, TARGET_PAGE_SIZE);
2999 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 3000 bounce.addr = addr;
3001 bounce.len = l;
d3e71559
PB		 3002
3003 memory_region_ref(mr);
3004 bounce.mr = mr;
e3127ae0 3005 if (!is_write) {
5c9eb028
PM		 3006 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
3007 bounce.buffer, l);
8ab934f9 3008 }
6d16c2f8 3009
41063e1e 3010 rcu_read_unlock();
e3127ae0
PB		 3011 *plen = l;
3012 return bounce.buffer;
3013 }
3014
3015 base = xlat;
3016 raddr = memory_region_get_ram_addr(mr);
3017
3018 for (;;) {
6d16c2f8
AL		 3019 len -= l;
3020 addr += l;
e3127ae0
PB		 3021 done += l;
3022 if (len == 0) {
3023 break;
3024 }
3025
3026 l = len;
3027 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3028 if (this_mr != mr || xlat != base + done) {
3029 break;
3030 }
6d16c2f8 3031 }
e3127ae0 3032
d3e71559 3033 memory_region_ref(mr);
e3127ae0 3034 *plen = done;
3655cb9c 3035 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 3036 rcu_read_unlock();
3037
3038 return ptr;
6d16c2f8
AL		 3039}
3040
ac1970fb 3041/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3042 * Will also mark the memory as dirty if is_write == 1. access_len gives
3043 * the amount of memory that was actually read or written by the caller.
3044 */
a8170e5e
AK		 3045void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3046 int is_write, hwaddr access_len)
6d16c2f8
AL		 3047{
3048 if (buffer != bounce.buffer) {
d3e71559
PB		 3049 MemoryRegion *mr;
3050 ram_addr_t addr1;
3051
3052 mr = qemu_ram_addr_from_host(buffer, &addr1);
3053 assert(mr != NULL);
6d16c2f8 3054 if (is_write) {
845b6214 3055 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3056 }
868bb33f 3057 if (xen_enabled()) {
e41d7c69 3058 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3059 }
d3e71559 3060 memory_region_unref(mr);
6d16c2f8
AL		 3061 return;
3062 }
3063 if (is_write) {
5c9eb028
PM		 3064 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3065 bounce.buffer, access_len);
6d16c2f8 3066 }
f8a83245 3067 qemu_vfree(bounce.buffer);
6d16c2f8 3068 bounce.buffer = NULL;
d3e71559 3069 memory_region_unref(bounce.mr);
c2cba0ff 3070 atomic_mb_set(&bounce.in_use, false);
ba223c29 3071 cpu_notify_map_clients();
6d16c2f8 3072}
d0ecd2aa 3073
a8170e5e
AK		 3074void *cpu_physical_memory_map(hwaddr addr,
3075 hwaddr *plen,
ac1970fb
AK		 3076 int is_write)
3077{
3078 return address_space_map(&address_space_memory, addr, plen, is_write);
3079}
3080
a8170e5e
AK		 3081void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3082 int is_write, hwaddr access_len)
ac1970fb
AK		 3083{
3084 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3085}
3086
8df1cd07 3087/* warning: addr must be aligned */
50013115
PM		 3088static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3089 MemTxAttrs attrs,
3090 MemTxResult *result,
3091 enum device_endian endian)
8df1cd07 3092{
8df1cd07 3093 uint8_t *ptr;
791af8c8 3094 uint64_t val;
5c8a00ce 3095 MemoryRegion *mr;
149f54b5
PB		 3096 hwaddr l = 4;
3097 hwaddr addr1;
50013115 3098 MemTxResult r;
4840f10e 3099 bool release_lock = false;
8df1cd07 3100
41063e1e 3101 rcu_read_lock();
fdfba1a2 3102 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3103 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3104 release_lock |= prepare_mmio_access(mr);
125b3806 3105
8df1cd07 3106 /* I/O case */
50013115 3107 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3108#if defined(TARGET_WORDS_BIGENDIAN)
3109 if (endian == DEVICE_LITTLE_ENDIAN) {
3110 val = bswap32(val);
3111 }
3112#else
3113 if (endian == DEVICE_BIG_ENDIAN) {
3114 val = bswap32(val);
3115 }
3116#endif
8df1cd07
FB		 3117 } else {
3118 /* RAM case */
3655cb9c
GA		 3119 ptr = qemu_get_ram_ptr(mr->ram_block,
3120 (memory_region_get_ram_addr(mr)
06ef3525 3121 & TARGET_PAGE_MASK)
149f54b5 3122 + addr1);
1e78bcc1
AG		 3123 switch (endian) {
3124 case DEVICE_LITTLE_ENDIAN:
3125 val = ldl_le_p(ptr);
3126 break;
3127 case DEVICE_BIG_ENDIAN:
3128 val = ldl_be_p(ptr);
3129 break;
3130 default:
3131 val = ldl_p(ptr);
3132 break;
3133 }
50013115
PM		 3134 r = MEMTX_OK;
3135 }
3136 if (result) {
3137 *result = r;
8df1cd07 3138 }
4840f10e
JK		 3139 if (release_lock) {
3140 qemu_mutex_unlock_iothread();
3141 }
41063e1e 3142 rcu_read_unlock();
8df1cd07
FB		 3143 return val;
3144}
3145
50013115
PM		 3146uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3147 MemTxAttrs attrs, MemTxResult *result)
3148{
3149 return address_space_ldl_internal(as, addr, attrs, result,
3150 DEVICE_NATIVE_ENDIAN);
3151}
3152
3153uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3154 MemTxAttrs attrs, MemTxResult *result)
3155{
3156 return address_space_ldl_internal(as, addr, attrs, result,
3157 DEVICE_LITTLE_ENDIAN);
3158}
3159
3160uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3161 MemTxAttrs attrs, MemTxResult *result)
3162{
3163 return address_space_ldl_internal(as, addr, attrs, result,
3164 DEVICE_BIG_ENDIAN);
3165}
3166
fdfba1a2 3167uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3168{
50013115 3169 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3170}
3171
fdfba1a2 3172uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3173{
50013115 3174 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3175}
3176
fdfba1a2 3177uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3178{
50013115 3179 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3180}
3181
84b7b8e7 3182/* warning: addr must be aligned */
50013115
PM		 3183static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3184 MemTxAttrs attrs,
3185 MemTxResult *result,
3186 enum device_endian endian)
84b7b8e7 3187{
84b7b8e7
FB		 3188 uint8_t *ptr;
3189 uint64_t val;
5c8a00ce 3190 MemoryRegion *mr;
149f54b5
PB		 3191 hwaddr l = 8;
3192 hwaddr addr1;
50013115 3193 MemTxResult r;
4840f10e 3194 bool release_lock = false;
84b7b8e7 3195
41063e1e 3196 rcu_read_lock();
2c17449b 3197 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3198 false);
3199 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3200 release_lock |= prepare_mmio_access(mr);
125b3806 3201
84b7b8e7 3202 /* I/O case */
50013115 3203 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3204#if defined(TARGET_WORDS_BIGENDIAN)
3205 if (endian == DEVICE_LITTLE_ENDIAN) {
3206 val = bswap64(val);
3207 }
3208#else
3209 if (endian == DEVICE_BIG_ENDIAN) {
3210 val = bswap64(val);
3211 }
84b7b8e7
FB		 3212#endif
3213 } else {
3214 /* RAM case */
3655cb9c
GA		 3215 ptr = qemu_get_ram_ptr(mr->ram_block,
3216 (memory_region_get_ram_addr(mr)
06ef3525 3217 & TARGET_PAGE_MASK)
149f54b5 3218 + addr1);
1e78bcc1
AG		 3219 switch (endian) {
3220 case DEVICE_LITTLE_ENDIAN:
3221 val = ldq_le_p(ptr);
3222 break;
3223 case DEVICE_BIG_ENDIAN:
3224 val = ldq_be_p(ptr);
3225 break;
3226 default:
3227 val = ldq_p(ptr);
3228 break;
3229 }
50013115
PM		 3230 r = MEMTX_OK;
3231 }
3232 if (result) {
3233 *result = r;
84b7b8e7 3234 }
4840f10e
JK		 3235 if (release_lock) {
3236 qemu_mutex_unlock_iothread();
3237 }
41063e1e 3238 rcu_read_unlock();
84b7b8e7
FB		 3239 return val;
3240}
3241
50013115
PM		 3242uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3243 MemTxAttrs attrs, MemTxResult *result)
3244{
3245 return address_space_ldq_internal(as, addr, attrs, result,
3246 DEVICE_NATIVE_ENDIAN);
3247}
3248
3249uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3250 MemTxAttrs attrs, MemTxResult *result)
3251{
3252 return address_space_ldq_internal(as, addr, attrs, result,
3253 DEVICE_LITTLE_ENDIAN);
3254}
3255
3256uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3257 MemTxAttrs attrs, MemTxResult *result)
3258{
3259 return address_space_ldq_internal(as, addr, attrs, result,
3260 DEVICE_BIG_ENDIAN);
3261}
3262
2c17449b 3263uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3264{
50013115 3265 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3266}
3267
2c17449b 3268uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3269{
50013115 3270 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3271}
3272
2c17449b 3273uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3274{
50013115 3275 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3276}
3277
aab33094 3278/* XXX: optimize */
50013115
PM		 3279uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3280 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3281{
3282 uint8_t val;
50013115
PM		 3283 MemTxResult r;
3284
3285 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3286 if (result) {
3287 *result = r;
3288 }
aab33094
FB		 3289 return val;
3290}
3291
50013115
PM		 3292uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3293{
3294 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3295}
3296
733f0b02 3297/* warning: addr must be aligned */
50013115
PM		 3298static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3299 hwaddr addr,
3300 MemTxAttrs attrs,
3301 MemTxResult *result,
3302 enum device_endian endian)
aab33094 3303{
733f0b02
MT		 3304 uint8_t *ptr;
3305 uint64_t val;
5c8a00ce 3306 MemoryRegion *mr;
149f54b5
PB		 3307 hwaddr l = 2;
3308 hwaddr addr1;
50013115 3309 MemTxResult r;
4840f10e 3310 bool release_lock = false;
733f0b02 3311
41063e1e 3312 rcu_read_lock();
41701aa4 3313 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3314 false);
3315 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3316 release_lock |= prepare_mmio_access(mr);
125b3806 3317
733f0b02 3318 /* I/O case */
50013115 3319 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3320#if defined(TARGET_WORDS_BIGENDIAN)
3321 if (endian == DEVICE_LITTLE_ENDIAN) {
3322 val = bswap16(val);
3323 }
3324#else
3325 if (endian == DEVICE_BIG_ENDIAN) {
3326 val = bswap16(val);
3327 }
3328#endif
733f0b02
MT		 3329 } else {
3330 /* RAM case */
3655cb9c
GA		 3331 ptr = qemu_get_ram_ptr(mr->ram_block,
3332 (memory_region_get_ram_addr(mr)
06ef3525 3333 & TARGET_PAGE_MASK)
149f54b5 3334 + addr1);
1e78bcc1
AG		 3335 switch (endian) {
3336 case DEVICE_LITTLE_ENDIAN:
3337 val = lduw_le_p(ptr);
3338 break;
3339 case DEVICE_BIG_ENDIAN:
3340 val = lduw_be_p(ptr);
3341 break;
3342 default:
3343 val = lduw_p(ptr);
3344 break;
3345 }
50013115
PM		 3346 r = MEMTX_OK;
3347 }
3348 if (result) {
3349 *result = r;
733f0b02 3350 }
4840f10e
JK		 3351 if (release_lock) {
3352 qemu_mutex_unlock_iothread();
3353 }
41063e1e 3354 rcu_read_unlock();
733f0b02 3355 return val;
aab33094
FB		 3356}
3357
50013115
PM		 3358uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3359 MemTxAttrs attrs, MemTxResult *result)
3360{
3361 return address_space_lduw_internal(as, addr, attrs, result,
3362 DEVICE_NATIVE_ENDIAN);
3363}
3364
3365uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3366 MemTxAttrs attrs, MemTxResult *result)
3367{
3368 return address_space_lduw_internal(as, addr, attrs, result,
3369 DEVICE_LITTLE_ENDIAN);
3370}
3371
3372uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3373 MemTxAttrs attrs, MemTxResult *result)
3374{
3375 return address_space_lduw_internal(as, addr, attrs, result,
3376 DEVICE_BIG_ENDIAN);
3377}
3378
41701aa4 3379uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3380{
50013115 3381 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3382}
3383
41701aa4 3384uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3385{
50013115 3386 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3387}
3388
41701aa4 3389uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3390{
50013115 3391 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3392}
3393
8df1cd07
FB		 3394/* warning: addr must be aligned. The ram page is not masked as dirty
3395 and the code inside is not invalidated. It is useful if the dirty
3396 bits are used to track modified PTEs */
50013115
PM		 3397void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3398 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3399{
8df1cd07 3400 uint8_t *ptr;
5c8a00ce 3401 MemoryRegion *mr;
149f54b5
PB		 3402 hwaddr l = 4;
3403 hwaddr addr1;
50013115 3404 MemTxResult r;
845b6214 3405 uint8_t dirty_log_mask;
4840f10e 3406 bool release_lock = false;
8df1cd07 3407
41063e1e 3408 rcu_read_lock();
2198a121 3409 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3410 true);
3411 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3412 release_lock |= prepare_mmio_access(mr);
125b3806 3413
50013115 3414 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3415 } else {
5c8a00ce 3416 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3417 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3418 stl_p(ptr, val);
74576198 3419
845b6214
PB		 3420 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3421 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3422 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3423 r = MEMTX_OK;
3424 }
3425 if (result) {
3426 *result = r;
8df1cd07 3427 }
4840f10e
JK		 3428 if (release_lock) {
3429 qemu_mutex_unlock_iothread();
3430 }
41063e1e 3431 rcu_read_unlock();
8df1cd07
FB		 3432}
3433
50013115
PM		 3434void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3435{
3436 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3437}
3438
8df1cd07 3439/* warning: addr must be aligned */
50013115
PM		 3440static inline void address_space_stl_internal(AddressSpace *as,
3441 hwaddr addr, uint32_t val,
3442 MemTxAttrs attrs,
3443 MemTxResult *result,
3444 enum device_endian endian)
8df1cd07 3445{
8df1cd07 3446 uint8_t *ptr;
5c8a00ce 3447 MemoryRegion *mr;
149f54b5
PB		 3448 hwaddr l = 4;
3449 hwaddr addr1;
50013115 3450 MemTxResult r;
4840f10e 3451 bool release_lock = false;
8df1cd07 3452
41063e1e 3453 rcu_read_lock();
ab1da857 3454 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3455 true);
3456 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3457 release_lock |= prepare_mmio_access(mr);
125b3806 3458
1e78bcc1
AG		 3459#if defined(TARGET_WORDS_BIGENDIAN)
3460 if (endian == DEVICE_LITTLE_ENDIAN) {
3461 val = bswap32(val);
3462 }
3463#else
3464 if (endian == DEVICE_BIG_ENDIAN) {
3465 val = bswap32(val);
3466 }
3467#endif
50013115 3468 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3469 } else {
8df1cd07 3470 /* RAM case */
5c8a00ce 3471 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3472 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3473 switch (endian) {
3474 case DEVICE_LITTLE_ENDIAN:
3475 stl_le_p(ptr, val);
3476 break;
3477 case DEVICE_BIG_ENDIAN:
3478 stl_be_p(ptr, val);
3479 break;
3480 default:
3481 stl_p(ptr, val);
3482 break;
3483 }
845b6214 3484 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3485 r = MEMTX_OK;
3486 }
3487 if (result) {
3488 *result = r;
8df1cd07 3489 }
4840f10e
JK		 3490 if (release_lock) {
3491 qemu_mutex_unlock_iothread();
3492 }
41063e1e 3493 rcu_read_unlock();
8df1cd07
FB		 3494}
3495
50013115
PM		 3496void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3497 MemTxAttrs attrs, MemTxResult *result)
3498{
3499 address_space_stl_internal(as, addr, val, attrs, result,
3500 DEVICE_NATIVE_ENDIAN);
3501}
3502
3503void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3504 MemTxAttrs attrs, MemTxResult *result)
3505{
3506 address_space_stl_internal(as, addr, val, attrs, result,
3507 DEVICE_LITTLE_ENDIAN);
3508}
3509
3510void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3511 MemTxAttrs attrs, MemTxResult *result)
3512{
3513 address_space_stl_internal(as, addr, val, attrs, result,
3514 DEVICE_BIG_ENDIAN);
3515}
3516
ab1da857 3517void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3518{
50013115 3519 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3520}
3521
ab1da857 3522void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3523{
50013115 3524 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3525}
3526
ab1da857 3527void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3528{
50013115 3529 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3530}
3531
aab33094 3532/* XXX: optimize */
50013115
PM		 3533void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3534 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3535{
3536 uint8_t v = val;
50013115
PM		 3537 MemTxResult r;
3538
3539 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3540 if (result) {
3541 *result = r;
3542 }
3543}
3544
3545void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3546{
3547 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3548}
3549
733f0b02 3550/* warning: addr must be aligned */
50013115
PM		 3551static inline void address_space_stw_internal(AddressSpace *as,
3552 hwaddr addr, uint32_t val,
3553 MemTxAttrs attrs,
3554 MemTxResult *result,
3555 enum device_endian endian)
aab33094 3556{
733f0b02 3557 uint8_t *ptr;
5c8a00ce 3558 MemoryRegion *mr;
149f54b5
PB		 3559 hwaddr l = 2;
3560 hwaddr addr1;
50013115 3561 MemTxResult r;
4840f10e 3562 bool release_lock = false;
733f0b02 3563
41063e1e 3564 rcu_read_lock();
5ce5944d 3565 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3566 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3567 release_lock |= prepare_mmio_access(mr);
125b3806 3568
1e78bcc1
AG		 3569#if defined(TARGET_WORDS_BIGENDIAN)
3570 if (endian == DEVICE_LITTLE_ENDIAN) {
3571 val = bswap16(val);
3572 }
3573#else
3574 if (endian == DEVICE_BIG_ENDIAN) {
3575 val = bswap16(val);
3576 }
3577#endif
50013115 3578 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3579 } else {
733f0b02 3580 /* RAM case */
5c8a00ce 3581 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3582 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3583 switch (endian) {
3584 case DEVICE_LITTLE_ENDIAN:
3585 stw_le_p(ptr, val);
3586 break;
3587 case DEVICE_BIG_ENDIAN:
3588 stw_be_p(ptr, val);
3589 break;
3590 default:
3591 stw_p(ptr, val);
3592 break;
3593 }
845b6214 3594 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3595 r = MEMTX_OK;
3596 }
3597 if (result) {
3598 *result = r;
733f0b02 3599 }
4840f10e
JK		 3600 if (release_lock) {
3601 qemu_mutex_unlock_iothread();
3602 }
41063e1e 3603 rcu_read_unlock();
aab33094
FB		 3604}
3605
50013115
PM		 3606void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3607 MemTxAttrs attrs, MemTxResult *result)
3608{
3609 address_space_stw_internal(as, addr, val, attrs, result,
3610 DEVICE_NATIVE_ENDIAN);
3611}
3612
3613void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3614 MemTxAttrs attrs, MemTxResult *result)
3615{
3616 address_space_stw_internal(as, addr, val, attrs, result,
3617 DEVICE_LITTLE_ENDIAN);
3618}
3619
3620void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3621 MemTxAttrs attrs, MemTxResult *result)
3622{
3623 address_space_stw_internal(as, addr, val, attrs, result,
3624 DEVICE_BIG_ENDIAN);
3625}
3626
5ce5944d 3627void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3628{
50013115 3629 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3630}
3631
5ce5944d 3632void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3633{
50013115 3634 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3635}
3636
5ce5944d 3637void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3638{
50013115 3639 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3640}
3641
aab33094 3642/* XXX: optimize */
50013115
PM		 3643void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3644 MemTxAttrs attrs, MemTxResult *result)
aab33094 3645{
50013115 3646 MemTxResult r;
aab33094 3647 val = tswap64(val);
50013115
PM		 3648 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3649 if (result) {
3650 *result = r;
3651 }
aab33094
FB		 3652}
3653
50013115
PM		 3654void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3655 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3656{
50013115 3657 MemTxResult r;
1e78bcc1 3658 val = cpu_to_le64(val);
50013115
PM		 3659 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3660 if (result) {
3661 *result = r;
3662 }
3663}
3664void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3665 MemTxAttrs attrs, MemTxResult *result)
3666{
3667 MemTxResult r;
3668 val = cpu_to_be64(val);
3669 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3670 if (result) {
3671 *result = r;
3672 }
3673}
3674
3675void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3676{
3677 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3678}
3679
3680void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3681{
3682 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3683}
3684
f606604f 3685void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3686{
50013115 3687 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3688}
3689
5e2972fd 3690/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3691int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3692 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3693{
3694 int l;
a8170e5e 3695 hwaddr phys_addr;
9b3c35e0 3696 target_ulong page;
13eb76e0
FB		 3697
3698 while (len > 0) {
5232e4c7
PM		 3699 int asidx;
3700 MemTxAttrs attrs;
3701
13eb76e0 3702 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3703 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3704 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3705 /* if no physical page mapped, return an error */
3706 if (phys_addr == -1)
3707 return -1;
3708 l = (page + TARGET_PAGE_SIZE) - addr;
3709 if (l > len)
3710 l = len;
5e2972fd 3711 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3712 if (is_write) {
5232e4c7
PM		 3713 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3714 phys_addr, buf, l);
2e38847b 3715 } else {
5232e4c7
PM		 3716 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3717 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3718 buf, l, 0);
2e38847b 3719 }
13eb76e0
FB		 3720 len -= l;
3721 buf += l;
3722 addr += l;
3723 }
3724 return 0;
3725}
038629a6
DDAG		 3726
3727/*
3728 * Allows code that needs to deal with migration bitmaps etc to still be built
3729 * target independent.
3730 */
3731size_t qemu_target_page_bits(void)
3732{
3733 return TARGET_PAGE_BITS;
3734}
3735
a68fe89c 3736#endif
13eb76e0 3737
8e4a424b
BS		 3738/*
3739 * A helper function for the _utterly broken_ virtio device model to find out if
3740 * it's running on a big endian machine. Don't do this at home kids!
3741 */
98ed8ecf
GK		 3742bool target_words_bigendian(void);
3743bool target_words_bigendian(void)
8e4a424b
BS		 3744{
3745#if defined(TARGET_WORDS_BIGENDIAN)
3746 return true;
3747#else
3748 return false;
3749#endif
3750}
3751
76f35538 3752#ifndef CONFIG_USER_ONLY
a8170e5e 3753bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3754{
5c8a00ce 3755 MemoryRegion*mr;
149f54b5 3756 hwaddr l = 1;
41063e1e 3757 bool res;
76f35538 3758
41063e1e 3759 rcu_read_lock();
5c8a00ce
PB		 3760 mr = address_space_translate(&address_space_memory,
3761 phys_addr, &phys_addr, &l, false);
76f35538 3762
41063e1e
PB		 3763 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3764 rcu_read_unlock();
3765 return res;
76f35538 3766}
bd2fa51f 3767
e3807054 3768int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3769{
3770 RAMBlock *block;
e3807054 3771 int ret = 0;
bd2fa51f 3772
0dc3f44a
MD		 3773 rcu_read_lock();
3774 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3775 ret = func(block->idstr, block->host, block->offset,
3776 block->used_length, opaque);
3777 if (ret) {
3778 break;
3779 }
bd2fa51f 3780 }
0dc3f44a 3781 rcu_read_unlock();
e3807054 3782 return ret;
bd2fa51f 3783}
ec3f8c99 3784#endif
QEMU mirror