]> git.proxmox.com Git - mirror_qemu.git/blame - translate-all.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: revert MemoryRegionCache
[mirror_qemu.git] / translate-all.c
CommitLineData
d19893da
FB		 1/*
2 * Host code generation
5fafdf24 3 *
d19893da
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
d19893da 18 */
5b6dd868
BS		 19#ifdef _WIN32
20#include <windows.h>
5b6dd868 21#endif
7b31bbc2 22#include "qemu/osdep.h"
d19893da 23
2054396a 24
5b6dd868 25#include "qemu-common.h"
af5ad107 26#define NO_CPU_IO_DEFS
d3eead2e 27#include "cpu.h"
0ab8ed18 28#include "trace-root.h"
76cad711 29#include "disas/disas.h"
63c91552 30#include "exec/exec-all.h"
57fec1fe 31#include "tcg.h"
5b6dd868
BS		 32#if defined(CONFIG_USER_ONLY)
33#include "qemu.h"
301e40ed 34#include "exec/exec-all.h"
5b6dd868
BS		 35#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
36#include <sys/param.h>
37#if __FreeBSD_version >= 700104
38#define HAVE_KINFO_GETVMMAP
39#define sigqueue sigqueue_freebsd /* avoid redefinition */
5b6dd868
BS		 40#include <sys/proc.h>
41#include <machine/profile.h>
42#define _KERNEL
43#include <sys/user.h>
44#undef _KERNEL
45#undef sigqueue
46#include <libutil.h>
47#endif
48#endif
0bc3cd62
PB		 49#else
50#include "exec/address-spaces.h"
5b6dd868
BS		 51#endif
52
022c62cb 53#include "exec/cputlb.h"
e1b89321 54#include "exec/tb-hash.h"
5b6dd868 55#include "translate-all.h"
510a647f 56#include "qemu/bitmap.h"
0aa09897 57#include "qemu/timer.h"
8d04fb55 58#include "qemu/main-loop.h"
508127e2 59#include "exec/log.h"
d2528bdc 60#include "sysemu/cpus.h"
5b6dd868 61
955939a2
AB		 62/* #define DEBUG_TB_INVALIDATE */
63/* #define DEBUG_TB_FLUSH */
5b6dd868 64/* make various TB consistency checks */
955939a2 65/* #define DEBUG_TB_CHECK */
5b6dd868
BS		 66
67#if !defined(CONFIG_USER_ONLY)
68/* TB consistency checks only implemented for usermode emulation. */
69#undef DEBUG_TB_CHECK
70#endif
71
301e40ed
AB		 72/* Access to the various translations structures need to be serialised via locks
73 * for consistency. This is automatic for SoftMMU based system
74 * emulation due to its single threaded nature. In user-mode emulation
75 * access to the memory related structures are protected with the
76 * mmap_lock.
77 */
301e40ed 78#ifdef CONFIG_SOFTMMU
2f169606 79#define assert_memory_lock() tcg_debug_assert(have_tb_lock)
301e40ed 80#else
6ac3d7e8 81#define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
301e40ed
AB		 82#endif
83
5b6dd868
BS		 84#define SMC_BITMAP_USE_THRESHOLD 10
85
5b6dd868
BS		 86typedef struct PageDesc {
87 /* list of TBs intersecting this ram page */
88 TranslationBlock *first_tb;
6fad459c 89#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 90 /* in order to optimize self modifying code, we count the number
91 of lookups we do to a given page to use a bitmap */
92 unsigned int code_write_count;
510a647f 93 unsigned long *code_bitmap;
6fad459c 94#else
5b6dd868
BS		 95 unsigned long flags;
96#endif
97} PageDesc;
98
99/* In system mode we want L1_MAP to be based on ram offsets,
100 while in user mode we want it to be based on virtual addresses. */
101#if !defined(CONFIG_USER_ONLY)
102#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
103# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
104#else
105# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
106#endif
107#else
108# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
109#endif
110
03f49957
PB		 111/* Size of the L2 (and L3, etc) page tables. */
112#define V_L2_BITS 10
113#define V_L2_SIZE (1 << V_L2_BITS)
114
5b6dd868 115uintptr_t qemu_host_page_size;
0c2d70c4 116intptr_t qemu_host_page_mask;
5b6dd868 117
66ec9f49
VK		 118/*
119 * L1 Mapping properties
120 */
121static int v_l1_size;
122static int v_l1_shift;
123static int v_l2_levels;
124
125/* The bottom level has pointers to PageDesc, and is indexed by
126 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
127 */
128#define V_L1_MIN_BITS 4
129#define V_L1_MAX_BITS (V_L2_BITS + 3)
130#define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
131
132static void *l1_map[V_L1_MAX_SIZE];
5b6dd868 133
57fec1fe
FB		 134/* code generation context */
135TCGContext tcg_ctx;
fdbc2b57 136bool parallel_cpus;
d19893da 137
677ef623 138/* translation block context */
677ef623 139__thread int have_tb_lock;
677ef623 140
66ec9f49
VK		 141static void page_table_config_init(void)
142{
143 uint32_t v_l1_bits;
144
145 assert(TARGET_PAGE_BITS);
146 /* The bits remaining after N lower levels of page tables. */
147 v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS;
148 if (v_l1_bits < V_L1_MIN_BITS) {
149 v_l1_bits += V_L2_BITS;
150 }
151
152 v_l1_size = 1 << v_l1_bits;
153 v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits;
154 v_l2_levels = v_l1_shift / V_L2_BITS - 1;
155
156 assert(v_l1_bits <= V_L1_MAX_BITS);
157 assert(v_l1_shift % V_L2_BITS == 0);
158 assert(v_l2_levels >= 0);
159}
160
6ac3d7e8
PK		 161#define assert_tb_locked() tcg_debug_assert(have_tb_lock)
162#define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
6ac3d7e8 163
677ef623
FK		 164void tb_lock(void)
165{
6ac3d7e8 166 assert_tb_unlocked();
677ef623
FK		 167 qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
168 have_tb_lock++;
677ef623
FK		 169}
170
171void tb_unlock(void)
172{
6ac3d7e8 173 assert_tb_locked();
677ef623
FK		 174 have_tb_lock--;
175 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
677ef623
FK		 176}
177
178void tb_lock_reset(void)
179{
677ef623
FK		 180 if (have_tb_lock) {
181 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
182 have_tb_lock = 0;
183 }
677ef623
FK		 184}
185
a8a826a3 186static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
5b6dd868 187
57fec1fe
FB		 188void cpu_gen_init(void)
189{
190 tcg_context_init(&tcg_ctx);
57fec1fe
FB		 191}
192
fca8a500
RH		 193/* Encode VAL as a signed leb128 sequence at P.
194 Return P incremented past the encoded value. */
195static uint8_t *encode_sleb128(uint8_t *p, target_long val)
196{
197 int more, byte;
198
199 do {
200 byte = val & 0x7f;
201 val >>= 7;
202 more = !((val == 0 && (byte & 0x40) == 0)
203 || (val == -1 && (byte & 0x40) != 0));
204 if (more) {
205 byte |= 0x80;
206 }
207 *p++ = byte;
208 } while (more);
209
210 return p;
211}
212
213/* Decode a signed leb128 sequence at *PP; increment *PP past the
214 decoded value. Return the decoded value. */
215static target_long decode_sleb128(uint8_t **pp)
216{
217 uint8_t *p = *pp;
218 target_long val = 0;
219 int byte, shift = 0;
220
221 do {
222 byte = *p++;
223 val |= (target_ulong)(byte & 0x7f) << shift;
224 shift += 7;
225 } while (byte & 0x80);
226 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
227 val |= -(target_ulong)1 << shift;
228 }
229
230 *pp = p;
231 return val;
232}
233
234/* Encode the data collected about the instructions while compiling TB.
235 Place the data at BLOCK, and return the number of bytes consumed.
236
237 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
238 which come from the target's insn_start data, followed by a uintptr_t
239 which comes from the host pc of the end of the code implementing the insn.
240
241 Each line of the table is encoded as sleb128 deltas from the previous
242 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
243 That is, the first column is seeded with the guest pc, the last column
244 with the host pc, and the middle columns with zeros. */
245
246static int encode_search(TranslationBlock *tb, uint8_t *block)
247{
b125f9dc 248 uint8_t *highwater = tcg_ctx.code_gen_highwater;
fca8a500
RH		 249 uint8_t *p = block;
250 int i, j, n;
251
252 tb->tc_search = block;
253
254 for (i = 0, n = tb->icount; i < n; ++i) {
255 target_ulong prev;
256
257 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
258 if (i == 0) {
259 prev = (j == 0 ? tb->pc : 0);
260 } else {
261 prev = tcg_ctx.gen_insn_data[i - 1][j];
262 }
263 p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev);
264 }
265 prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]);
266 p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev);
b125f9dc
RH		 267
268 /* Test for (pending) buffer overflow. The assumption is that any
269 one row beginning below the high water mark cannot overrun
270 the buffer completely. Thus we can test for overflow after
271 encoding a row without having to check during encoding. */
272 if (unlikely(p > highwater)) {
273 return -1;
274 }
fca8a500
RH		 275 }
276
277 return p - block;
278}
279
7d7500d9
PB		 280/* The cpu state corresponding to 'searched_pc' is restored.
281 * Called with tb_lock held.
282 */
74f10515 283static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
a8a826a3 284 uintptr_t searched_pc)
d19893da 285{
fca8a500
RH		 286 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
287 uintptr_t host_pc = (uintptr_t)tb->tc_ptr;
74f10515 288 CPUArchState *env = cpu->env_ptr;
fca8a500
RH		 289 uint8_t *p = tb->tc_search;
290 int i, j, num_insns = tb->icount;
57fec1fe 291#ifdef CONFIG_PROFILER
fca8a500 292 int64_t ti = profile_getclock();
57fec1fe
FB		 293#endif
294
01ecaf43
RH		 295 searched_pc -= GETPC_ADJ;
296
fca8a500
RH		 297 if (searched_pc < host_pc) {
298 return -1;
299 }
d19893da 300
fca8a500
RH		 301 /* Reconstruct the stored insn data while looking for the point at
302 which the end of the insn exceeds the searched_pc. */
303 for (i = 0; i < num_insns; ++i) {
304 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
305 data[j] += decode_sleb128(&p);
306 }
307 host_pc += decode_sleb128(&p);
308 if (host_pc > searched_pc) {
309 goto found;
310 }
311 }
312 return -1;
3b46e624 313
fca8a500 314 found:
bd79255d 315 if (tb->cflags & CF_USE_ICOUNT) {
414b15c9 316 assert(use_icount);
2e70f6ef 317 /* Reset the cycle counter to the start of the block. */
fca8a500 318 cpu->icount_decr.u16.low += num_insns;
2e70f6ef 319 /* Clear the IO flag. */
99df7dce 320 cpu->can_do_io = 0;
2e70f6ef 321 }
fca8a500
RH		 322 cpu->icount_decr.u16.low -= i;
323 restore_state_to_opc(env, tb, data);
57fec1fe
FB		 324
325#ifdef CONFIG_PROFILER
fca8a500
RH		 326 tcg_ctx.restore_time += profile_getclock() - ti;
327 tcg_ctx.restore_count++;
57fec1fe 328#endif
d19893da
FB		 329 return 0;
330}
5b6dd868 331
3f38f309 332bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
a8a826a3
BS		 333{
334 TranslationBlock *tb;
a5e99826 335 bool r = false;
a8a826a3 336
d8b2239b
AB		 337 /* A retaddr of zero is invalid so we really shouldn't have ended
338 * up here. The target code has likely forgotten to check retaddr
339 * != 0 before attempting to restore state. We return early to
340 * avoid blowing up on a recursive tb_lock(). The target must have
341 * previously survived a failed cpu_restore_state because
342 * tb_find_pc(0) would have failed anyway. It still should be
343 * fixed though.
344 */
345
346 if (!retaddr) {
347 return r;
348 }
349
a5e99826 350 tb_lock();
a8a826a3
BS		 351 tb = tb_find_pc(retaddr);
352 if (tb) {
74f10515 353 cpu_restore_state_from_tb(cpu, tb, retaddr);
d8a499f1
PD		 354 if (tb->cflags & CF_NOCACHE) {
355 /* one-shot translation, invalidate it immediately */
d8a499f1
PD		 356 tb_phys_invalidate(tb, -1);
357 tb_free(tb);
358 }
a5e99826 359 r = true;
a8a826a3 360 }
a5e99826
FK		 361 tb_unlock();
362
363 return r;
a8a826a3
BS		 364}
365
47c16ed5 366void page_size_init(void)
5b6dd868
BS		 367{
368 /* NOTE: we can always suppose that qemu_host_page_size >=
369 TARGET_PAGE_SIZE */
5b6dd868 370 qemu_real_host_page_size = getpagesize();
0c2d70c4 371 qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size;
5b6dd868
BS		 372 if (qemu_host_page_size == 0) {
373 qemu_host_page_size = qemu_real_host_page_size;
374 }
375 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
376 qemu_host_page_size = TARGET_PAGE_SIZE;
377 }
0c2d70c4 378 qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
47c16ed5 379}
5b6dd868 380
47c16ed5
AK		 381static void page_init(void)
382{
383 page_size_init();
66ec9f49
VK		 384 page_table_config_init();
385
5b6dd868
BS		 386#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
387 {
388#ifdef HAVE_KINFO_GETVMMAP
389 struct kinfo_vmentry *freep;
390 int i, cnt;
391
392 freep = kinfo_getvmmap(getpid(), &cnt);
393 if (freep) {
394 mmap_lock();
395 for (i = 0; i < cnt; i++) {
396 unsigned long startaddr, endaddr;
397
398 startaddr = freep[i].kve_start;
399 endaddr = freep[i].kve_end;
400 if (h2g_valid(startaddr)) {
401 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
402
403 if (h2g_valid(endaddr)) {
404 endaddr = h2g(endaddr);
405 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
406 } else {
407#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
408 endaddr = ~0ul;
409 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
410#endif
411 }
412 }
413 }
414 free(freep);
415 mmap_unlock();
416 }
417#else
418 FILE *f;
419
420 last_brk = (unsigned long)sbrk(0);
421
422 f = fopen("/compat/linux/proc/self/maps", "r");
423 if (f) {
424 mmap_lock();
425
426 do {
427 unsigned long startaddr, endaddr;
428 int n;
429
430 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
431
432 if (n == 2 && h2g_valid(startaddr)) {
433 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
434
435 if (h2g_valid(endaddr)) {
436 endaddr = h2g(endaddr);
437 } else {
438 endaddr = ~0ul;
439 }
440 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
441 }
442 } while (!feof(f));
443
444 fclose(f);
445 mmap_unlock();
446 }
447#endif
448 }
449#endif
450}
451
75692087 452/* If alloc=1:
7d7500d9 453 * Called with tb_lock held for system emulation.
75692087
PB		 454 * Called with mmap_lock held for user-mode emulation.
455 */
5b6dd868
BS		 456static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
457{
458 PageDesc *pd;
459 void **lp;
460 int i;
461
e505a063
AB		 462 if (alloc) {
463 assert_memory_lock();
464 }
465
5b6dd868 466 /* Level 1. Always allocated. */
66ec9f49 467 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
5b6dd868
BS		 468
469 /* Level 2..N-1. */
66ec9f49 470 for (i = v_l2_levels; i > 0; i--) {
6940fab8 471 void **p = atomic_rcu_read(lp);
5b6dd868
BS		 472
473 if (p == NULL) {
474 if (!alloc) {
475 return NULL;
476 }
e3a0abfd 477 p = g_new0(void *, V_L2_SIZE);
6940fab8 478 atomic_rcu_set(lp, p);
5b6dd868
BS		 479 }
480
03f49957 481 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
5b6dd868
BS		 482 }
483
6940fab8 484 pd = atomic_rcu_read(lp);
5b6dd868
BS		 485 if (pd == NULL) {
486 if (!alloc) {
487 return NULL;
488 }
e3a0abfd 489 pd = g_new0(PageDesc, V_L2_SIZE);
6940fab8 490 atomic_rcu_set(lp, pd);
5b6dd868
BS		 491 }
492
03f49957 493 return pd + (index & (V_L2_SIZE - 1));
5b6dd868
BS		 494}
495
496static inline PageDesc *page_find(tb_page_addr_t index)
497{
498 return page_find_alloc(index, 0);
499}
500
5b6dd868
BS		 501#if defined(CONFIG_USER_ONLY)
502/* Currently it is not recommended to allocate big chunks of data in
503 user mode. It will change when a dedicated libc will be used. */
504/* ??? 64-bit hosts ought to have no problem mmaping data outside the
505 region in which the guest needs to run. Revisit this. */
506#define USE_STATIC_CODE_GEN_BUFFER
507#endif
508
5b6dd868
BS		 509/* Minimum size of the code gen buffer. This number is randomly chosen,
510 but not so small that we can't have a fair number of TB's live. */
511#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
512
513/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
514 indicated, this is constrained by the range of direct branches on the
515 host cpu, as used by the TCG implementation of goto_tb. */
516#if defined(__x86_64__)
517# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
518#elif defined(__sparc__)
519# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
5bfd75a3
RH		 520#elif defined(__powerpc64__)
521# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
399f1648
SF		 522#elif defined(__powerpc__)
523# define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
4a136e0a
CF		 524#elif defined(__aarch64__)
525# define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
5b6dd868
BS		 526#elif defined(__arm__)
527# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
528#elif defined(__s390x__)
529 /* We have a +- 4GB range on the branches; leave some slop. */
530# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
479eb121
RH		 531#elif defined(__mips__)
532 /* We have a 256MB branch region, but leave room to make sure the
533 main executable is also within that region. */
534# define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
5b6dd868
BS		 535#else
536# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
537#endif
538
539#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
540
541#define DEFAULT_CODE_GEN_BUFFER_SIZE \
542 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
543 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
544
545static inline size_t size_code_gen_buffer(size_t tb_size)
546{
547 /* Size the buffer. */
548 if (tb_size == 0) {
549#ifdef USE_STATIC_CODE_GEN_BUFFER
550 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
551#else
552 /* ??? Needs adjustments. */
553 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
554 static buffer, we could size this on RESERVED_VA, on the text
555 segment size of the executable, or continue to use the default. */
556 tb_size = (unsigned long)(ram_size / 4);
557#endif
558 }
559 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
560 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
561 }
562 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
563 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
564 }
5b6dd868
BS		 565 return tb_size;
566}
567
483c76e1
RH		 568#ifdef __mips__
569/* In order to use J and JAL within the code_gen_buffer, we require
570 that the buffer not cross a 256MB boundary. */
571static inline bool cross_256mb(void *addr, size_t size)
572{
7ba6a512 573 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful;
483c76e1
RH		 574}
575
576/* We weren't able to allocate a buffer without crossing that boundary,
577 so make do with the larger portion of the buffer that doesn't cross.
578 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
579static inline void *split_cross_256mb(void *buf1, size_t size1)
580{
7ba6a512 581 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful);
483c76e1
RH		 582 size_t size2 = buf1 + size1 - buf2;
583
584 size1 = buf2 - buf1;
585 if (size1 < size2) {
586 size1 = size2;
587 buf1 = buf2;
588 }
589
590 tcg_ctx.code_gen_buffer_size = size1;
591 return buf1;
592}
593#endif
594
5b6dd868
BS		 595#ifdef USE_STATIC_CODE_GEN_BUFFER
596static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
597 __attribute__((aligned(CODE_GEN_ALIGN)));
598
f293709c
RH		 599# ifdef _WIN32
600static inline void do_protect(void *addr, long size, int prot)
601{
602 DWORD old_protect;
603 VirtualProtect(addr, size, prot, &old_protect);
604}
605
606static inline void map_exec(void *addr, long size)
607{
608 do_protect(addr, size, PAGE_EXECUTE_READWRITE);
609}
610
611static inline void map_none(void *addr, long size)
612{
613 do_protect(addr, size, PAGE_NOACCESS);
614}
615# else
616static inline void do_protect(void *addr, long size, int prot)
617{
618 uintptr_t start, end;
619
620 start = (uintptr_t)addr;
621 start &= qemu_real_host_page_mask;
622
623 end = (uintptr_t)addr + size;
624 end = ROUND_UP(end, qemu_real_host_page_size);
625
626 mprotect((void *)start, end - start, prot);
627}
628
629static inline void map_exec(void *addr, long size)
630{
631 do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC);
632}
633
634static inline void map_none(void *addr, long size)
635{
636 do_protect(addr, size, PROT_NONE);
637}
638# endif /* WIN32 */
639
5b6dd868
BS		 640static inline void *alloc_code_gen_buffer(void)
641{
483c76e1 642 void *buf = static_code_gen_buffer;
f293709c
RH		 643 size_t full_size, size;
644
645 /* The size of the buffer, rounded down to end on a page boundary. */
646 full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer))
647 & qemu_real_host_page_mask) - (uintptr_t)buf;
648
649 /* Reserve a guard page. */
650 size = full_size - qemu_real_host_page_size;
651
652 /* Honor a command-line option limiting the size of the buffer. */
653 if (size > tcg_ctx.code_gen_buffer_size) {
654 size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size)
655 & qemu_real_host_page_mask) - (uintptr_t)buf;
656 }
657 tcg_ctx.code_gen_buffer_size = size;
658
483c76e1 659#ifdef __mips__
f293709c
RH		 660 if (cross_256mb(buf, size)) {
661 buf = split_cross_256mb(buf, size);
662 size = tcg_ctx.code_gen_buffer_size;
483c76e1
RH		 663 }
664#endif
f293709c
RH		 665
666 map_exec(buf, size);
667 map_none(buf + size, qemu_real_host_page_size);
668 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
669
483c76e1 670 return buf;
5b6dd868 671}
f293709c
RH		 672#elif defined(_WIN32)
673static inline void *alloc_code_gen_buffer(void)
674{
675 size_t size = tcg_ctx.code_gen_buffer_size;
676 void *buf1, *buf2;
677
678 /* Perform the allocation in two steps, so that the guard page
679 is reserved but uncommitted. */
680 buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size,
681 MEM_RESERVE, PAGE_NOACCESS);
682 if (buf1 != NULL) {
683 buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
684 assert(buf1 == buf2);
685 }
686
687 return buf1;
688}
689#else
5b6dd868
BS		 690static inline void *alloc_code_gen_buffer(void)
691{
692 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
693 uintptr_t start = 0;
f293709c 694 size_t size = tcg_ctx.code_gen_buffer_size;
5b6dd868
BS		 695 void *buf;
696
697 /* Constrain the position of the buffer based on the host cpu.
698 Note that these addresses are chosen in concert with the
699 addresses assigned in the relevant linker script file. */
700# if defined(__PIE__) || defined(__PIC__)
701 /* Don't bother setting a preferred location if we're building
702 a position-independent executable. We're more likely to get
703 an address near the main executable if we let the kernel
704 choose the address. */
705# elif defined(__x86_64__) && defined(MAP_32BIT)
706 /* Force the memory down into low memory with the executable.
707 Leave the choice of exact location with the kernel. */
708 flags |= MAP_32BIT;
709 /* Cannot expect to map more than 800MB in low memory. */
f293709c
RH		 710 if (size > 800u * 1024 * 1024) {
711 tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024;
5b6dd868
BS		 712 }
713# elif defined(__sparc__)
714 start = 0x40000000ul;
715# elif defined(__s390x__)
716 start = 0x90000000ul;
479eb121 717# elif defined(__mips__)
f293709c 718# if _MIPS_SIM == _ABI64
479eb121
RH		 719 start = 0x128000000ul;
720# else
721 start = 0x08000000ul;
722# endif
5b6dd868
BS		 723# endif
724
f293709c
RH		 725 buf = mmap((void *)start, size + qemu_real_host_page_size,
726 PROT_NONE, flags, -1, 0);
483c76e1
RH		 727 if (buf == MAP_FAILED) {
728 return NULL;
729 }
730
731#ifdef __mips__
f293709c 732 if (cross_256mb(buf, size)) {
5d831be2 733 /* Try again, with the original still mapped, to avoid re-acquiring
483c76e1 734 that 256mb crossing. This time don't specify an address. */
f293709c
RH		 735 size_t size2;
736 void *buf2 = mmap(NULL, size + qemu_real_host_page_size,
737 PROT_NONE, flags, -1, 0);
f68808c7 738 switch ((int)(buf2 != MAP_FAILED)) {
f293709c
RH		 739 case 1:
740 if (!cross_256mb(buf2, size)) {
483c76e1 741 /* Success! Use the new buffer. */
8bdf4997 742 munmap(buf, size + qemu_real_host_page_size);
f293709c 743 break;
483c76e1
RH		 744 }
745 /* Failure. Work with what we had. */
8bdf4997 746 munmap(buf2, size + qemu_real_host_page_size);
f293709c
RH		 747 /* fallthru */
748 default:
749 /* Split the original buffer. Free the smaller half. */
750 buf2 = split_cross_256mb(buf, size);
751 size2 = tcg_ctx.code_gen_buffer_size;
752 if (buf == buf2) {
753 munmap(buf + size2 + qemu_real_host_page_size, size - size2);
754 } else {
755 munmap(buf, size - size2);
756 }
757 size = size2;
758 break;
483c76e1 759 }
f293709c 760 buf = buf2;
483c76e1
RH		 761 }
762#endif
763
f293709c
RH		 764 /* Make the final buffer accessible. The guard page at the end
765 will remain inaccessible with PROT_NONE. */
766 mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC);
483c76e1 767
f293709c
RH		 768 /* Request large pages for the buffer. */
769 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
483c76e1 770
5b6dd868
BS		 771 return buf;
772}
f293709c 773#endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
5b6dd868
BS		 774
775static inline void code_gen_alloc(size_t tb_size)
776{
0b0d3320
EV		 777 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
778 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
779 if (tcg_ctx.code_gen_buffer == NULL) {
5b6dd868
BS		 780 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
781 exit(1);
782 }
783
8163b749
RH		 784 /* Estimate a good size for the number of TBs we can support. We
785 still haven't deducted the prologue from the buffer size here,
786 but that's minimal and won't affect the estimate much. */
787 tcg_ctx.code_gen_max_blocks
788 = tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
789 tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock, tcg_ctx.code_gen_max_blocks);
790
677ef623 791 qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
5b6dd868
BS		 792}
793
909eaac9
EC		 794static void tb_htable_init(void)
795{
796 unsigned int mode = QHT_MODE_AUTO_RESIZE;
797
798 qht_init(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode);
799}
800
5b6dd868
BS		 801/* Must be called before using the QEMU cpus. 'tb_size' is the size
802 (in bytes) allocated to the translation buffer. Zero means default
803 size. */
804void tcg_exec_init(unsigned long tb_size)
805{
806 cpu_gen_init();
5b6dd868 807 page_init();
909eaac9 808 tb_htable_init();
f293709c 809 code_gen_alloc(tb_size);
4cbea598 810#if defined(CONFIG_SOFTMMU)
5b6dd868
BS		 811 /* There's no guest base to take into account, so go ahead and
812 initialize the prologue now. */
813 tcg_prologue_init(&tcg_ctx);
814#endif
815}
816
817bool tcg_enabled(void)
818{
0b0d3320 819 return tcg_ctx.code_gen_buffer != NULL;
5b6dd868
BS		 820}
821
7d7500d9
PB		 822/*
823 * Allocate a new translation block. Flush the translation buffer if
824 * too many translation blocks or too much generated code.
825 *
826 * Called with tb_lock held.
827 */
5b6dd868
BS		 828static TranslationBlock *tb_alloc(target_ulong pc)
829{
830 TranslationBlock *tb;
831
6ac3d7e8 832 assert_tb_locked();
e505a063 833
b125f9dc 834 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) {
5b6dd868
BS		 835 return NULL;
836 }
5e5f07e0 837 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
5b6dd868
BS		 838 tb->pc = pc;
839 tb->cflags = 0;
6d21e420 840 tb->invalid = false;
5b6dd868
BS		 841 return tb;
842}
843
7d7500d9 844/* Called with tb_lock held. */
5b6dd868
BS		 845void tb_free(TranslationBlock *tb)
846{
6ac3d7e8 847 assert_tb_locked();
e505a063 848
5b6dd868
BS		 849 /* In practice this is mostly used for single use temporary TB
850 Ignore the hard cases and just back up if this TB happens to
851 be the last one generated. */
5e5f07e0
EV		 852 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
853 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
0b0d3320 854 tcg_ctx.code_gen_ptr = tb->tc_ptr;
5e5f07e0 855 tcg_ctx.tb_ctx.nb_tbs--;
5b6dd868
BS		 856 }
857}
858
859static inline void invalidate_page_bitmap(PageDesc *p)
860{
6fad459c 861#ifdef CONFIG_SOFTMMU
012aef07
MA		 862 g_free(p->code_bitmap);
863 p->code_bitmap = NULL;
5b6dd868 864 p->code_write_count = 0;
6fad459c 865#endif
5b6dd868
BS		 866}
867
868/* Set to NULL all the 'first_tb' fields in all PageDescs. */
869static void page_flush_tb_1(int level, void **lp)
870{
871 int i;
872
873 if (*lp == NULL) {
874 return;
875 }
876 if (level == 0) {
877 PageDesc *pd = *lp;
878
03f49957 879 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 880 pd[i].first_tb = NULL;
881 invalidate_page_bitmap(pd + i);
882 }
883 } else {
884 void **pp = *lp;
885
03f49957 886 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 887 page_flush_tb_1(level - 1, pp + i);
888 }
889 }
890}
891
892static void page_flush_tb(void)
893{
66ec9f49 894 int i, l1_sz = v_l1_size;
5b6dd868 895
66ec9f49
VK		 896 for (i = 0; i < l1_sz; i++) {
897 page_flush_tb_1(v_l2_levels, l1_map + i);
5b6dd868
BS		 898 }
899}
900
901/* flush all the translation blocks */
14e6fe12 902static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
5b6dd868 903{
3359baad
SF		 904 tb_lock();
905
14e6fe12 906 /* If it is already been done on request of another CPU,
3359baad
SF		 907 * just retry.
908 */
14e6fe12 909 if (tcg_ctx.tb_ctx.tb_flush_count != tb_flush_count.host_int) {
3359baad 910 goto done;
135a972b 911 }
3359baad 912
955939a2 913#if defined(DEBUG_TB_FLUSH)
5b6dd868 914 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
0b0d3320 915 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
5e5f07e0 916 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
0b0d3320 917 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
5e5f07e0 918 tcg_ctx.tb_ctx.nb_tbs : 0);
5b6dd868 919#endif
0b0d3320
EV		 920 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
921 > tcg_ctx.code_gen_buffer_size) {
a47dddd7 922 cpu_abort(cpu, "Internal error: code buffer overflow\n");
5b6dd868 923 }
5b6dd868 924
bdc44640 925 CPU_FOREACH(cpu) {
89a16b1e
SF		 926 int i;
927
928 for (i = 0; i < TB_JMP_CACHE_SIZE; ++i) {
929 atomic_set(&cpu->tb_jmp_cache[i], NULL);
930 }
5b6dd868
BS		 931 }
932
118b0730 933 tcg_ctx.tb_ctx.nb_tbs = 0;
909eaac9 934 qht_reset_size(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
5b6dd868
BS		 935 page_flush_tb();
936
0b0d3320 937 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
5b6dd868
BS		 938 /* XXX: flush processor icache at this point if cache flush is
939 expensive */
3359baad
SF		 940 atomic_mb_set(&tcg_ctx.tb_ctx.tb_flush_count,
941 tcg_ctx.tb_ctx.tb_flush_count + 1);
942
943done:
944 tb_unlock();
945}
946
947void tb_flush(CPUState *cpu)
948{
949 if (tcg_enabled()) {
14e6fe12
PB		 950 unsigned tb_flush_count = atomic_mb_read(&tcg_ctx.tb_ctx.tb_flush_count);
951 async_safe_run_on_cpu(cpu, do_tb_flush,
952 RUN_ON_CPU_HOST_INT(tb_flush_count));
3359baad 953 }
5b6dd868
BS		 954}
955
956#ifdef DEBUG_TB_CHECK
957
909eaac9
EC		 958static void
959do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp)
5b6dd868 960{
909eaac9
EC		 961 TranslationBlock *tb = p;
962 target_ulong addr = *(target_ulong *)userp;
963
964 if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
965 printf("ERROR invalidate: address=" TARGET_FMT_lx
966 " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
967 }
968}
5b6dd868 969
7d7500d9
PB		 970/* verify that all the pages have correct rights for code
971 *
972 * Called with tb_lock held.
973 */
909eaac9
EC		 974static void tb_invalidate_check(target_ulong address)
975{
5b6dd868 976 address &= TARGET_PAGE_MASK;
909eaac9
EC		 977 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_invalidate_check, &address);
978}
979
980static void
981do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp)
982{
983 TranslationBlock *tb = p;
984 int flags1, flags2;
985
986 flags1 = page_get_flags(tb->pc);
987 flags2 = page_get_flags(tb->pc + tb->size - 1);
988 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
989 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
990 (long)tb->pc, tb->size, flags1, flags2);
5b6dd868
BS		 991 }
992}
993
994/* verify that all the pages have correct rights for code */
995static void tb_page_check(void)
996{
909eaac9 997 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_page_check, NULL);
5b6dd868
BS		 998}
999
1000#endif
1001
5b6dd868
BS		 1002static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
1003{
1004 TranslationBlock *tb1;
1005 unsigned int n1;
1006
1007 for (;;) {
1008 tb1 = *ptb;
1009 n1 = (uintptr_t)tb1 & 3;
1010 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1011 if (tb1 == tb) {
1012 *ptb = tb1->page_next[n1];
1013 break;
1014 }
1015 ptb = &tb1->page_next[n1];
1016 }
1017}
1018
13362678
SF		 1019/* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1020static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n)
5b6dd868 1021{
c37e6d7e
SF		 1022 TranslationBlock *tb1;
1023 uintptr_t *ptb, ntb;
5b6dd868
BS		 1024 unsigned int n1;
1025
f309101c 1026 ptb = &tb->jmp_list_next[n];
c37e6d7e 1027 if (*ptb) {
5b6dd868
BS		 1028 /* find tb(n) in circular list */
1029 for (;;) {
c37e6d7e
SF		 1030 ntb = *ptb;
1031 n1 = ntb & 3;
1032 tb1 = (TranslationBlock *)(ntb & ~3);
5b6dd868
BS		 1033 if (n1 == n && tb1 == tb) {
1034 break;
1035 }
1036 if (n1 == 2) {
f309101c 1037 ptb = &tb1->jmp_list_first;
5b6dd868 1038 } else {
f309101c 1039 ptb = &tb1->jmp_list_next[n1];
5b6dd868
BS		 1040 }
1041 }
1042 /* now we can suppress tb(n) from the list */
f309101c 1043 *ptb = tb->jmp_list_next[n];
5b6dd868 1044
c37e6d7e 1045 tb->jmp_list_next[n] = (uintptr_t)NULL;
5b6dd868
BS		 1046 }
1047}
1048
1049/* reset the jump entry 'n' of a TB so that it is not chained to
1050 another TB */
1051static inline void tb_reset_jump(TranslationBlock *tb, int n)
1052{
f309101c
SF		 1053 uintptr_t addr = (uintptr_t)(tb->tc_ptr + tb->jmp_reset_offset[n]);
1054 tb_set_jmp_target(tb, n, addr);
5b6dd868
BS		 1055}
1056
89bba496
SF		 1057/* remove any jumps to the TB */
1058static inline void tb_jmp_unlink(TranslationBlock *tb)
1059{
f9c5b66f
SF		 1060 TranslationBlock *tb1;
1061 uintptr_t *ptb, ntb;
89bba496
SF		 1062 unsigned int n1;
1063
f9c5b66f 1064 ptb = &tb->jmp_list_first;
89bba496 1065 for (;;) {
f9c5b66f
SF		 1066 ntb = *ptb;
1067 n1 = ntb & 3;
1068 tb1 = (TranslationBlock *)(ntb & ~3);
89bba496
SF		 1069 if (n1 == 2) {
1070 break;
1071 }
f9c5b66f
SF		 1072 tb_reset_jump(tb1, n1);
1073 *ptb = tb1->jmp_list_next[n1];
1074 tb1->jmp_list_next[n1] = (uintptr_t)NULL;
89bba496 1075 }
89bba496
SF		 1076}
1077
7d7500d9
PB		 1078/* invalidate one TB
1079 *
1080 * Called with tb_lock held.
1081 */
5b6dd868
BS		 1082void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
1083{
182735ef 1084 CPUState *cpu;
5b6dd868 1085 PageDesc *p;
42bd3228 1086 uint32_t h;
5b6dd868 1087 tb_page_addr_t phys_pc;
5b6dd868 1088
6ac3d7e8 1089 assert_tb_locked();
e505a063 1090
6d21e420
PB		 1091 atomic_set(&tb->invalid, true);
1092
5b6dd868
BS		 1093 /* remove the TB from the hash list */
1094 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
42bd3228 1095 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
909eaac9 1096 qht_remove(&tcg_ctx.tb_ctx.htable, tb, h);
5b6dd868
BS		 1097
1098 /* remove the TB from the page list */
1099 if (tb->page_addr[0] != page_addr) {
1100 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
1101 tb_page_remove(&p->first_tb, tb);
1102 invalidate_page_bitmap(p);
1103 }
1104 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
1105 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
1106 tb_page_remove(&p->first_tb, tb);
1107 invalidate_page_bitmap(p);
1108 }
1109
5b6dd868
BS		 1110 /* remove the TB from the hash list */
1111 h = tb_jmp_cache_hash_func(tb->pc);
bdc44640 1112 CPU_FOREACH(cpu) {
89a16b1e
SF		 1113 if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) {
1114 atomic_set(&cpu->tb_jmp_cache[h], NULL);
5b6dd868
BS		 1115 }
1116 }
1117
1118 /* suppress this TB from the two jump lists */
13362678
SF		 1119 tb_remove_from_jmp_list(tb, 0);
1120 tb_remove_from_jmp_list(tb, 1);
5b6dd868
BS		 1121
1122 /* suppress any remaining jumps to this TB */
89bba496 1123 tb_jmp_unlink(tb);
5b6dd868 1124
5e5f07e0 1125 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
5b6dd868
BS		 1126}
1127
6fad459c 1128#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 1129static void build_page_bitmap(PageDesc *p)
1130{
1131 int n, tb_start, tb_end;
1132 TranslationBlock *tb;
1133
510a647f 1134 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
5b6dd868
BS		 1135
1136 tb = p->first_tb;
1137 while (tb != NULL) {
1138 n = (uintptr_t)tb & 3;
1139 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1140 /* NOTE: this is subtle as a TB may span two physical pages */
1141 if (n == 0) {
1142 /* NOTE: tb_end may be after the end of the page, but
1143 it is not a problem */
1144 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1145 tb_end = tb_start + tb->size;
1146 if (tb_end > TARGET_PAGE_SIZE) {
1147 tb_end = TARGET_PAGE_SIZE;
e505a063 1148 }
5b6dd868
BS		 1149 } else {
1150 tb_start = 0;
1151 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1152 }
510a647f 1153 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
5b6dd868
BS		 1154 tb = tb->page_next[n];
1155 }
1156}
6fad459c 1157#endif
5b6dd868 1158
e90d96b1
SF		 1159/* add the tb in the target page and protect it if necessary
1160 *
1161 * Called with mmap_lock held for user-mode emulation.
1162 */
1163static inline void tb_alloc_page(TranslationBlock *tb,
1164 unsigned int n, tb_page_addr_t page_addr)
1165{
1166 PageDesc *p;
1167#ifndef CONFIG_USER_ONLY
1168 bool page_already_protected;
1169#endif
1170
e505a063
AB		 1171 assert_memory_lock();
1172
e90d96b1
SF		 1173 tb->page_addr[n] = page_addr;
1174 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1175 tb->page_next[n] = p->first_tb;
1176#ifndef CONFIG_USER_ONLY
1177 page_already_protected = p->first_tb != NULL;
1178#endif
1179 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1180 invalidate_page_bitmap(p);
1181
1182#if defined(CONFIG_USER_ONLY)
1183 if (p->flags & PAGE_WRITE) {
1184 target_ulong addr;
1185 PageDesc *p2;
1186 int prot;
1187
1188 /* force the host page as non writable (writes will have a
1189 page fault + mprotect overhead) */
1190 page_addr &= qemu_host_page_mask;
1191 prot = 0;
1192 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1193 addr += TARGET_PAGE_SIZE) {
1194
1195 p2 = page_find(addr >> TARGET_PAGE_BITS);
1196 if (!p2) {
1197 continue;
1198 }
1199 prot |= p2->flags;
1200 p2->flags &= ~PAGE_WRITE;
1201 }
1202 mprotect(g2h(page_addr), qemu_host_page_size,
1203 (prot & PAGE_BITS) & ~PAGE_WRITE);
1204#ifdef DEBUG_TB_INVALIDATE
1205 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1206 page_addr);
1207#endif
1208 }
1209#else
1210 /* if some code is already present, then the pages are already
1211 protected. So we handle the case where only the first TB is
1212 allocated in a physical page */
1213 if (!page_already_protected) {
1214 tlb_protect_code(page_addr);
1215 }
1216#endif
1217}
1218
1219/* add a new TB and link it to the physical page tables. phys_page2 is
1220 * (-1) to indicate that only one page contains the TB.
1221 *
1222 * Called with mmap_lock held for user-mode emulation.
1223 */
1224static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1225 tb_page_addr_t phys_page2)
1226{
42bd3228 1227 uint32_t h;
e90d96b1 1228
e505a063
AB		 1229 assert_memory_lock();
1230
e90d96b1
SF		 1231 /* add in the page list */
1232 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1233 if (phys_page2 != -1) {
1234 tb_alloc_page(tb, 1, phys_page2);
1235 } else {
1236 tb->page_addr[1] = -1;
1237 }
1238
2e1ae44a
AB		 1239 /* add in the hash table */
1240 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
1241 qht_insert(&tcg_ctx.tb_ctx.htable, tb, h);
1242
e90d96b1
SF		 1243#ifdef DEBUG_TB_CHECK
1244 tb_page_check();
1245#endif
1246}
1247
75692087 1248/* Called with mmap_lock held for user mode emulation. */
648f034c 1249TranslationBlock *tb_gen_code(CPUState *cpu,
5b6dd868 1250 target_ulong pc, target_ulong cs_base,
89fee74a 1251 uint32_t flags, int cflags)
5b6dd868 1252{
648f034c 1253 CPUArchState *env = cpu->env_ptr;
5b6dd868 1254 TranslationBlock *tb;
5b6dd868
BS		 1255 tb_page_addr_t phys_pc, phys_page2;
1256 target_ulong virt_page2;
fec88f64 1257 tcg_insn_unit *gen_code_buf;
fca8a500 1258 int gen_code_size, search_size;
fec88f64
RH		 1259#ifdef CONFIG_PROFILER
1260 int64_t ti;
1261#endif
e505a063 1262 assert_memory_lock();
5b6dd868
BS		 1263
1264 phys_pc = get_page_addr_code(env, pc);
56c0269a 1265 if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
0266359e
PB		 1266 cflags |= CF_USE_ICOUNT;
1267 }
b125f9dc 1268
5b6dd868 1269 tb = tb_alloc(pc);
b125f9dc
RH		 1270 if (unlikely(!tb)) {
1271 buffer_overflow:
5b6dd868 1272 /* flush must be done */
bbd77c18 1273 tb_flush(cpu);
3359baad 1274 mmap_unlock();
8499c8fc
PD		 1275 /* Make the execution loop process the flush as soon as possible. */
1276 cpu->exception_index = EXCP_INTERRUPT;
3359baad 1277 cpu_loop_exit(cpu);
5b6dd868 1278 }
fec88f64
RH		 1279
1280 gen_code_buf = tcg_ctx.code_gen_ptr;
1281 tb->tc_ptr = gen_code_buf;
5b6dd868
BS		 1282 tb->cs_base = cs_base;
1283 tb->flags = flags;
1284 tb->cflags = cflags;
fec88f64
RH		 1285
1286#ifdef CONFIG_PROFILER
1287 tcg_ctx.tb_count1++; /* includes aborted translations because of
1288 exceptions */
1289 ti = profile_getclock();
1290#endif
1291
1292 tcg_func_start(&tcg_ctx);
1293
7c255043 1294 tcg_ctx.cpu = ENV_GET_CPU(env);
fec88f64 1295 gen_intermediate_code(env, tb);
7c255043 1296 tcg_ctx.cpu = NULL;
fec88f64
RH		 1297
1298 trace_translate_block(tb, tb->pc, tb->tc_ptr);
1299
1300 /* generate machine code */
f309101c
SF		 1301 tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
1302 tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID;
1303 tcg_ctx.tb_jmp_reset_offset = tb->jmp_reset_offset;
fec88f64 1304#ifdef USE_DIRECT_JUMP
f309101c
SF		 1305 tcg_ctx.tb_jmp_insn_offset = tb->jmp_insn_offset;
1306 tcg_ctx.tb_jmp_target_addr = NULL;
fec88f64 1307#else
f309101c
SF		 1308 tcg_ctx.tb_jmp_insn_offset = NULL;
1309 tcg_ctx.tb_jmp_target_addr = tb->jmp_target_addr;
fec88f64
RH		 1310#endif
1311
1312#ifdef CONFIG_PROFILER
1313 tcg_ctx.tb_count++;
1314 tcg_ctx.interm_time += profile_getclock() - ti;
1315 tcg_ctx.code_time -= profile_getclock();
1316#endif
1317
b125f9dc
RH		 1318 /* ??? Overflow could be handled better here. In particular, we
1319 don't need to re-do gen_intermediate_code, nor should we re-do
1320 the tcg optimization currently hidden inside tcg_gen_code. All
1321 that should be required is to flush the TBs, allocate a new TB,
1322 re-initialize it per above, and re-do the actual code generation. */
5bd2ec3d 1323 gen_code_size = tcg_gen_code(&tcg_ctx, tb);
b125f9dc
RH		 1324 if (unlikely(gen_code_size < 0)) {
1325 goto buffer_overflow;
1326 }
fca8a500 1327 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
b125f9dc
RH		 1328 if (unlikely(search_size < 0)) {
1329 goto buffer_overflow;
1330 }
fec88f64
RH		 1331
1332#ifdef CONFIG_PROFILER
1333 tcg_ctx.code_time += profile_getclock();
1334 tcg_ctx.code_in_len += tb->size;
1335 tcg_ctx.code_out_len += gen_code_size;
fca8a500 1336 tcg_ctx.search_out_len += search_size;
fec88f64
RH		 1337#endif
1338
1339#ifdef DEBUG_DISAS
d977e1c2
AB		 1340 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
1341 qemu_log_in_addr_range(tb->pc)) {
1ee73216 1342 qemu_log_lock();
fec88f64
RH		 1343 qemu_log("OUT: [size=%d]\n", gen_code_size);
1344 log_disas(tb->tc_ptr, gen_code_size);
1345 qemu_log("\n");
1346 qemu_log_flush();
1ee73216 1347 qemu_log_unlock();
fec88f64
RH		 1348 }
1349#endif
1350
fca8a500
RH		 1351 tcg_ctx.code_gen_ptr = (void *)
1352 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
1353 CODE_GEN_ALIGN);
5b6dd868 1354
901bc3de
SF		 1355 /* init jump list */
1356 assert(((uintptr_t)tb & 3) == 0);
1357 tb->jmp_list_first = (uintptr_t)tb | 2;
1358 tb->jmp_list_next[0] = (uintptr_t)NULL;
1359 tb->jmp_list_next[1] = (uintptr_t)NULL;
1360
1361 /* init original jump addresses wich has been set during tcg_gen_code() */
1362 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
1363 tb_reset_jump(tb, 0);
1364 }
1365 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
1366 tb_reset_jump(tb, 1);
1367 }
1368
5b6dd868
BS		 1369 /* check next page if needed */
1370 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1371 phys_page2 = -1;
1372 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1373 phys_page2 = get_page_addr_code(env, virt_page2);
1374 }
901bc3de
SF		 1375 /* As long as consistency of the TB stuff is provided by tb_lock in user
1376 * mode and is implicit in single-threaded softmmu emulation, no explicit
1377 * memory barrier is required before tb_link_page() makes the TB visible
1378 * through the physical hash table and physical page list.
1379 */
5b6dd868
BS		 1380 tb_link_page(tb, phys_pc, phys_page2);
1381 return tb;
1382}
1383
1384/*
1385 * Invalidate all TBs which intersect with the target physical address range
1386 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1387 * 'is_cpu_write_access' should be true if called from a real cpu write
1388 * access: the virtual CPU will exit the current TB if code is modified inside
1389 * this TB.
75692087 1390 *
ba051fb5
AB		 1391 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1392 * Called with tb_lock held for system-mode emulation
5b6dd868 1393 */
ba051fb5 1394static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end)
5b6dd868
BS		 1395{
1396 while (start < end) {
35865339 1397 tb_invalidate_phys_page_range(start, end, 0);
5b6dd868
BS		 1398 start &= TARGET_PAGE_MASK;
1399 start += TARGET_PAGE_SIZE;
1400 }
1401}
1402
ba051fb5
AB		 1403#ifdef CONFIG_SOFTMMU
1404void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1405{
6ac3d7e8 1406 assert_tb_locked();
ba051fb5
AB		 1407 tb_invalidate_phys_range_1(start, end);
1408}
1409#else
1410void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1411{
1412 assert_memory_lock();
1413 tb_lock();
1414 tb_invalidate_phys_range_1(start, end);
1415 tb_unlock();
1416}
1417#endif
5b6dd868
BS		 1418/*
1419 * Invalidate all TBs which intersect with the target physical address range
1420 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1421 * 'is_cpu_write_access' should be true if called from a real cpu write
1422 * access: the virtual CPU will exit the current TB if code is modified inside
1423 * this TB.
75692087 1424 *
ba051fb5
AB		 1425 * Called with tb_lock/mmap_lock held for user-mode emulation
1426 * Called with tb_lock held for system-mode emulation
5b6dd868
BS		 1427 */
1428void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1429 int is_cpu_write_access)
1430{
3213525f 1431 TranslationBlock *tb, *tb_next;
baea4fae 1432#if defined(TARGET_HAS_PRECISE_SMC)
3213525f 1433 CPUState *cpu = current_cpu;
4917cf44
AF		 1434 CPUArchState *env = NULL;
1435#endif
5b6dd868
BS		 1436 tb_page_addr_t tb_start, tb_end;
1437 PageDesc *p;
1438 int n;
1439#ifdef TARGET_HAS_PRECISE_SMC
1440 int current_tb_not_found = is_cpu_write_access;
1441 TranslationBlock *current_tb = NULL;
1442 int current_tb_modified = 0;
1443 target_ulong current_pc = 0;
1444 target_ulong current_cs_base = 0;
89fee74a 1445 uint32_t current_flags = 0;
5b6dd868
BS		 1446#endif /* TARGET_HAS_PRECISE_SMC */
1447
e505a063 1448 assert_memory_lock();
6ac3d7e8 1449 assert_tb_locked();
e505a063 1450
5b6dd868
BS		 1451 p = page_find(start >> TARGET_PAGE_BITS);
1452 if (!p) {
1453 return;
1454 }
baea4fae 1455#if defined(TARGET_HAS_PRECISE_SMC)
4917cf44
AF		 1456 if (cpu != NULL) {
1457 env = cpu->env_ptr;
d77953b9 1458 }
4917cf44 1459#endif
5b6dd868
BS		 1460
1461 /* we remove all the TBs in the range [start, end[ */
1462 /* XXX: see if in some cases it could be faster to invalidate all
1463 the code */
1464 tb = p->first_tb;
1465 while (tb != NULL) {
1466 n = (uintptr_t)tb & 3;
1467 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1468 tb_next = tb->page_next[n];
1469 /* NOTE: this is subtle as a TB may span two physical pages */
1470 if (n == 0) {
1471 /* NOTE: tb_end may be after the end of the page, but
1472 it is not a problem */
1473 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1474 tb_end = tb_start + tb->size;
1475 } else {
1476 tb_start = tb->page_addr[1];
1477 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1478 }
1479 if (!(tb_end <= start || tb_start >= end)) {
1480#ifdef TARGET_HAS_PRECISE_SMC
1481 if (current_tb_not_found) {
1482 current_tb_not_found = 0;
1483 current_tb = NULL;
93afeade 1484 if (cpu->mem_io_pc) {
5b6dd868 1485 /* now we have a real cpu fault */
93afeade 1486 current_tb = tb_find_pc(cpu->mem_io_pc);
5b6dd868
BS		 1487 }
1488 }
1489 if (current_tb == tb &&
1490 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1491 /* If we are modifying the current TB, we must stop
1492 its execution. We could be more precise by checking
1493 that the modification is after the current PC, but it
1494 would require a specialized function to partially
1495 restore the CPU state */
1496
1497 current_tb_modified = 1;
74f10515 1498 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
5b6dd868
BS		 1499 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1500 &current_flags);
1501 }
1502#endif /* TARGET_HAS_PRECISE_SMC */
5b6dd868 1503 tb_phys_invalidate(tb, -1);
5b6dd868
BS		 1504 }
1505 tb = tb_next;
1506 }
1507#if !defined(CONFIG_USER_ONLY)
1508 /* if no code remaining, no need to continue to use slow writes */
1509 if (!p->first_tb) {
1510 invalidate_page_bitmap(p);
fc377bcf 1511 tlb_unprotect_code(start);
5b6dd868
BS		 1512 }
1513#endif
1514#ifdef TARGET_HAS_PRECISE_SMC
1515 if (current_tb_modified) {
1516 /* we generate a block containing just the instruction
1517 modifying the memory. It will ensure that it cannot modify
1518 itself */
648f034c 1519 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
6886b980 1520 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 1521 }
1522#endif
1523}
1524
6fad459c 1525#ifdef CONFIG_SOFTMMU
ba051fb5
AB		 1526/* len must be <= 8 and start must be a multiple of len.
1527 * Called via softmmu_template.h when code areas are written to with
8d04fb55 1528 * iothread mutex not held.
ba051fb5 1529 */
5b6dd868
BS		 1530void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1531{
1532 PageDesc *p;
5b6dd868
BS		 1533
1534#if 0
1535 if (1) {
1536 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1537 cpu_single_env->mem_io_vaddr, len,
1538 cpu_single_env->eip,
1539 cpu_single_env->eip +
1540 (intptr_t)cpu_single_env->segs[R_CS].base);
1541 }
1542#endif
ba051fb5
AB		 1543 assert_memory_lock();
1544
5b6dd868
BS		 1545 p = page_find(start >> TARGET_PAGE_BITS);
1546 if (!p) {
1547 return;
1548 }
fc377bcf
PB		 1549 if (!p->code_bitmap &&
1550 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
7d7500d9
PB		 1551 /* build code bitmap. FIXME: writes should be protected by
1552 * tb_lock, reads by tb_lock or RCU.
1553 */
fc377bcf
PB		 1554 build_page_bitmap(p);
1555 }
5b6dd868 1556 if (p->code_bitmap) {
510a647f
EC		 1557 unsigned int nr;
1558 unsigned long b;
1559
1560 nr = start & ~TARGET_PAGE_MASK;
1561 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
5b6dd868
BS		 1562 if (b & ((1 << len) - 1)) {
1563 goto do_invalidate;
1564 }
1565 } else {
1566 do_invalidate:
1567 tb_invalidate_phys_page_range(start, start + len, 1);
1568 }
1569}
6fad459c 1570#else
75809229
PM		 1571/* Called with mmap_lock held. If pc is not 0 then it indicates the
1572 * host PC of the faulting store instruction that caused this invalidate.
1573 * Returns true if the caller needs to abort execution of the current
1574 * TB (because it was modified by this store and the guest CPU has
1575 * precise-SMC semantics).
1576 */
1577static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
5b6dd868
BS		 1578{
1579 TranslationBlock *tb;
1580 PageDesc *p;
1581 int n;
1582#ifdef TARGET_HAS_PRECISE_SMC
1583 TranslationBlock *current_tb = NULL;
4917cf44
AF		 1584 CPUState *cpu = current_cpu;
1585 CPUArchState *env = NULL;
5b6dd868
BS		 1586 int current_tb_modified = 0;
1587 target_ulong current_pc = 0;
1588 target_ulong current_cs_base = 0;
89fee74a 1589 uint32_t current_flags = 0;
5b6dd868
BS		 1590#endif
1591
ba051fb5
AB		 1592 assert_memory_lock();
1593
5b6dd868
BS		 1594 addr &= TARGET_PAGE_MASK;
1595 p = page_find(addr >> TARGET_PAGE_BITS);
1596 if (!p) {
75809229 1597 return false;
5b6dd868 1598 }
a5e99826
FK		 1599
1600 tb_lock();
5b6dd868
BS		 1601 tb = p->first_tb;
1602#ifdef TARGET_HAS_PRECISE_SMC
1603 if (tb && pc != 0) {
1604 current_tb = tb_find_pc(pc);
1605 }
4917cf44
AF		 1606 if (cpu != NULL) {
1607 env = cpu->env_ptr;
d77953b9 1608 }
5b6dd868
BS		 1609#endif
1610 while (tb != NULL) {
1611 n = (uintptr_t)tb & 3;
1612 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1613#ifdef TARGET_HAS_PRECISE_SMC
1614 if (current_tb == tb &&
1615 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1616 /* If we are modifying the current TB, we must stop
1617 its execution. We could be more precise by checking
1618 that the modification is after the current PC, but it
1619 would require a specialized function to partially
1620 restore the CPU state */
1621
1622 current_tb_modified = 1;
74f10515 1623 cpu_restore_state_from_tb(cpu, current_tb, pc);
5b6dd868
BS		 1624 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1625 &current_flags);
1626 }
1627#endif /* TARGET_HAS_PRECISE_SMC */
1628 tb_phys_invalidate(tb, addr);
1629 tb = tb->page_next[n];
1630 }
1631 p->first_tb = NULL;
1632#ifdef TARGET_HAS_PRECISE_SMC
1633 if (current_tb_modified) {
1634 /* we generate a block containing just the instruction
1635 modifying the memory. It will ensure that it cannot modify
1636 itself */
648f034c 1637 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
a5e99826
FK		 1638 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1639 * back into the cpu_exec loop. */
75809229 1640 return true;
5b6dd868
BS		 1641 }
1642#endif
a5e99826
FK		 1643 tb_unlock();
1644
75809229 1645 return false;
5b6dd868
BS		 1646}
1647#endif
1648
5b6dd868
BS		 1649/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1650 tb[1].tc_ptr. Return NULL if not found */
a8a826a3 1651static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
5b6dd868
BS		 1652{
1653 int m_min, m_max, m;
1654 uintptr_t v;
1655 TranslationBlock *tb;
1656
5e5f07e0 1657 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
5b6dd868
BS		 1658 return NULL;
1659 }
0b0d3320
EV		 1660 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1661 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
5b6dd868
BS		 1662 return NULL;
1663 }
1664 /* binary search (cf Knuth) */
1665 m_min = 0;
5e5f07e0 1666 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
5b6dd868
BS		 1667 while (m_min <= m_max) {
1668 m = (m_min + m_max) >> 1;
5e5f07e0 1669 tb = &tcg_ctx.tb_ctx.tbs[m];
5b6dd868
BS		 1670 v = (uintptr_t)tb->tc_ptr;
1671 if (v == tc_ptr) {
1672 return tb;
1673 } else if (tc_ptr < v) {
1674 m_max = m - 1;
1675 } else {
1676 m_min = m + 1;
1677 }
1678 }
5e5f07e0 1679 return &tcg_ctx.tb_ctx.tbs[m_max];
5b6dd868
BS		 1680}
1681
ec53b45b 1682#if !defined(CONFIG_USER_ONLY)
29d8ec7b 1683void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
5b6dd868
BS		 1684{
1685 ram_addr_t ram_addr;
5c8a00ce 1686 MemoryRegion *mr;
149f54b5 1687 hwaddr l = 1;
5b6dd868 1688
41063e1e 1689 rcu_read_lock();
29d8ec7b 1690 mr = address_space_translate(as, addr, &addr, &l, false);
5c8a00ce
PB		 1691 if (!(memory_region_is_ram(mr)
1692 || memory_region_is_romd(mr))) {
41063e1e 1693 rcu_read_unlock();
5b6dd868
BS		 1694 return;
1695 }
e4e69794 1696 ram_addr = memory_region_get_ram_addr(mr) + addr;
ba051fb5 1697 tb_lock();
5b6dd868 1698 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
ba051fb5 1699 tb_unlock();
41063e1e 1700 rcu_read_unlock();
5b6dd868 1701}
ec53b45b 1702#endif /* !defined(CONFIG_USER_ONLY) */
5b6dd868 1703
7d7500d9 1704/* Called with tb_lock held. */
239c51a5 1705void tb_check_watchpoint(CPUState *cpu)
5b6dd868
BS		 1706{
1707 TranslationBlock *tb;
1708
93afeade 1709 tb = tb_find_pc(cpu->mem_io_pc);
8d302e76
AJ		 1710 if (tb) {
1711 /* We can use retranslation to find the PC. */
1712 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1713 tb_phys_invalidate(tb, -1);
1714 } else {
1715 /* The exception probably happened in a helper. The CPU state should
1716 have been saved before calling it. Fetch the PC from there. */
1717 CPUArchState *env = cpu->env_ptr;
1718 target_ulong pc, cs_base;
1719 tb_page_addr_t addr;
89fee74a 1720 uint32_t flags;
8d302e76
AJ		 1721
1722 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
1723 addr = get_page_addr_code(env, pc);
1724 tb_invalidate_phys_range(addr, addr + 1);
5b6dd868 1725 }
5b6dd868
BS		 1726}
1727
1728#ifndef CONFIG_USER_ONLY
5b6dd868 1729/* in deterministic execution mode, instructions doing device I/Os
8d04fb55
JK		 1730 * must be at the end of the TB.
1731 *
1732 * Called by softmmu_template.h, with iothread mutex not held.
1733 */
90b40a69 1734void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
5b6dd868 1735{
a47dddd7 1736#if defined(TARGET_MIPS) || defined(TARGET_SH4)
90b40a69 1737 CPUArchState *env = cpu->env_ptr;
a47dddd7 1738#endif
5b6dd868
BS		 1739 TranslationBlock *tb;
1740 uint32_t n, cflags;
1741 target_ulong pc, cs_base;
89fee74a 1742 uint32_t flags;
5b6dd868 1743
a5e99826 1744 tb_lock();
5b6dd868
BS		 1745 tb = tb_find_pc(retaddr);
1746 if (!tb) {
a47dddd7 1747 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
5b6dd868
BS		 1748 (void *)retaddr);
1749 }
28ecfd7a 1750 n = cpu->icount_decr.u16.low + tb->icount;
74f10515 1751 cpu_restore_state_from_tb(cpu, tb, retaddr);
5b6dd868
BS		 1752 /* Calculate how many instructions had been executed before the fault
1753 occurred. */
28ecfd7a 1754 n = n - cpu->icount_decr.u16.low;
5b6dd868
BS		 1755 /* Generate a new TB ending on the I/O insn. */
1756 n++;
1757 /* On MIPS and SH, delay slot instructions can only be restarted if
1758 they were already the first instruction in the TB. If this is not
1759 the first instruction in a TB then re-execute the preceding
1760 branch. */
1761#if defined(TARGET_MIPS)
1762 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
c3577479 1763 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
28ecfd7a 1764 cpu->icount_decr.u16.low++;
5b6dd868
BS		 1765 env->hflags &= ~MIPS_HFLAG_BMASK;
1766 }
1767#elif defined(TARGET_SH4)
1768 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1769 && n > 1) {
1770 env->pc -= 2;
28ecfd7a 1771 cpu->icount_decr.u16.low++;
5b6dd868
BS		 1772 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1773 }
1774#endif
1775 /* This should never happen. */
1776 if (n > CF_COUNT_MASK) {
a47dddd7 1777 cpu_abort(cpu, "TB too big during recompile");
5b6dd868
BS		 1778 }
1779
1780 cflags = n | CF_LAST_IO;
1781 pc = tb->pc;
1782 cs_base = tb->cs_base;
1783 flags = tb->flags;
1784 tb_phys_invalidate(tb, -1);
02d57ea1
SF		 1785 if (tb->cflags & CF_NOCACHE) {
1786 if (tb->orig_tb) {
1787 /* Invalidate original TB if this TB was generated in
1788 * cpu_exec_nocache() */
1789 tb_phys_invalidate(tb->orig_tb, -1);
1790 }
1791 tb_free(tb);
1792 }
5b6dd868
BS		 1793 /* FIXME: In theory this could raise an exception. In practice
1794 we have already translated the block once so it's probably ok. */
648f034c 1795 tb_gen_code(cpu, pc, cs_base, flags, cflags);
a5e99826 1796
5b6dd868 1797 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
a5e99826
FK		 1798 * the first in the TB) then we end up generating a whole new TB and
1799 * repeating the fault, which is horribly inefficient.
1800 * Better would be to execute just this insn uncached, or generate a
1801 * second new TB.
1802 *
1803 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1804 * tb_lock gets reset.
1805 */
6886b980 1806 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 1807}
1808
611d4f99 1809void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
5b6dd868
BS		 1810{
1811 unsigned int i;
1812
1813 /* Discard jump cache entries for any tb which might potentially
1814 overlap the flushed page. */
1815 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
8cd70437 1816 memset(&cpu->tb_jmp_cache[i], 0,
5b6dd868
BS		 1817 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1818
1819 i = tb_jmp_cache_hash_page(addr);
8cd70437 1820 memset(&cpu->tb_jmp_cache[i], 0,
5b6dd868
BS		 1821 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1822}
1823
7266ae91
EC		 1824static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf,
1825 struct qht_stats hst)
1826{
1827 uint32_t hgram_opts;
1828 size_t hgram_bins;
1829 char *hgram;
1830
1831 if (!hst.head_buckets) {
1832 return;
1833 }
1834 cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
1835 hst.used_head_buckets, hst.head_buckets,
1836 (double)hst.used_head_buckets / hst.head_buckets * 100);
1837
1838 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1839 hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT;
1840 if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) {
1841 hgram_opts |= QDIST_PR_NODECIMAL;
1842 }
1843 hgram = qdist_pr(&hst.occupancy, 10, hgram_opts);
1844 cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n",
1845 qdist_avg(&hst.occupancy) * 100, hgram);
1846 g_free(hgram);
1847
1848 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1849 hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain);
1850 if (hgram_bins > 10) {
1851 hgram_bins = 10;
1852 } else {
1853 hgram_bins = 0;
1854 hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE;
1855 }
1856 hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts);
1857 cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n",
1858 qdist_avg(&hst.chain), hgram);
1859 g_free(hgram);
1860}
1861
5b6dd868
BS		 1862void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1863{
1864 int i, target_code_size, max_target_code_size;
1865 int direct_jmp_count, direct_jmp2_count, cross_page;
1866 TranslationBlock *tb;
329844d4 1867 struct qht_stats hst;
5b6dd868 1868
a5e99826
FK		 1869 tb_lock();
1870
5b6dd868
BS		 1871 target_code_size = 0;
1872 max_target_code_size = 0;
1873 cross_page = 0;
1874 direct_jmp_count = 0;
1875 direct_jmp2_count = 0;
5e5f07e0
EV		 1876 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1877 tb = &tcg_ctx.tb_ctx.tbs[i];
5b6dd868
BS		 1878 target_code_size += tb->size;
1879 if (tb->size > max_target_code_size) {
1880 max_target_code_size = tb->size;
1881 }
1882 if (tb->page_addr[1] != -1) {
1883 cross_page++;
1884 }
f309101c 1885 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
5b6dd868 1886 direct_jmp_count++;
f309101c 1887 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
5b6dd868
BS		 1888 direct_jmp2_count++;
1889 }
1890 }
1891 }
1892 /* XXX: avoid using doubles ? */
1893 cpu_fprintf(f, "Translation buffer state:\n");
1894 cpu_fprintf(f, "gen code size %td/%zd\n",
0b0d3320 1895 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
b125f9dc 1896 tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer);
5b6dd868 1897 cpu_fprintf(f, "TB count %d/%d\n",
5e5f07e0 1898 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
5b6dd868 1899 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
5e5f07e0
EV		 1900 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1901 tcg_ctx.tb_ctx.nb_tbs : 0,
1902 max_target_code_size);
5b6dd868 1903 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
5e5f07e0
EV		 1904 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1905 tcg_ctx.code_gen_buffer) /
1906 tcg_ctx.tb_ctx.nb_tbs : 0,
1907 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1908 tcg_ctx.code_gen_buffer) /
1909 target_code_size : 0);
1910 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1911 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1912 tcg_ctx.tb_ctx.nb_tbs : 0);
5b6dd868
BS		 1913 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1914 direct_jmp_count,
5e5f07e0
EV		 1915 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1916 tcg_ctx.tb_ctx.nb_tbs : 0,
5b6dd868 1917 direct_jmp2_count,
5e5f07e0
EV		 1918 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1919 tcg_ctx.tb_ctx.nb_tbs : 0);
329844d4
EC		 1920
1921 qht_statistics_init(&tcg_ctx.tb_ctx.htable, &hst);
7266ae91 1922 print_qht_statistics(f, cpu_fprintf, hst);
329844d4
EC		 1923 qht_statistics_destroy(&hst);
1924
5b6dd868 1925 cpu_fprintf(f, "\nStatistics:\n");
3359baad
SF		 1926 cpu_fprintf(f, "TB flush count %u\n",
1927 atomic_read(&tcg_ctx.tb_ctx.tb_flush_count));
5e5f07e0
EV		 1928 cpu_fprintf(f, "TB invalidate count %d\n",
1929 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
5b6dd868
BS		 1930 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1931 tcg_dump_info(f, cpu_fprintf);
a5e99826
FK		 1932
1933 tb_unlock();
5b6dd868
BS		 1934}
1935
246ae24d
MF		 1936void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
1937{
1938 tcg_dump_op_count(f, cpu_fprintf);
1939}
1940
5b6dd868
BS		 1941#else /* CONFIG_USER_ONLY */
1942
c3affe56 1943void cpu_interrupt(CPUState *cpu, int mask)
5b6dd868 1944{
8d04fb55 1945 g_assert(qemu_mutex_iothread_locked());
259186a7 1946 cpu->interrupt_request |= mask;
1aab16c2 1947 cpu->icount_decr.u16.high = -1;
5b6dd868
BS		 1948}
1949
1950/*
1951 * Walks guest process memory "regions" one by one
1952 * and calls callback function 'fn' for each region.
1953 */
1954struct walk_memory_regions_data {
1955 walk_memory_regions_fn fn;
1956 void *priv;
1a1c4db9 1957 target_ulong start;
5b6dd868
BS		 1958 int prot;
1959};
1960
1961static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1a1c4db9 1962 target_ulong end, int new_prot)
5b6dd868 1963{
1a1c4db9 1964 if (data->start != -1u) {
5b6dd868
BS		 1965 int rc = data->fn(data->priv, data->start, end, data->prot);
1966 if (rc != 0) {
1967 return rc;
1968 }
1969 }
1970
1a1c4db9 1971 data->start = (new_prot ? end : -1u);
5b6dd868
BS		 1972 data->prot = new_prot;
1973
1974 return 0;
1975}
1976
1977static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1a1c4db9 1978 target_ulong base, int level, void **lp)
5b6dd868 1979{
1a1c4db9 1980 target_ulong pa;
5b6dd868
BS		 1981 int i, rc;
1982
1983 if (*lp == NULL) {
1984 return walk_memory_regions_end(data, base, 0);
1985 }
1986
1987 if (level == 0) {
1988 PageDesc *pd = *lp;
1989
03f49957 1990 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 1991 int prot = pd[i].flags;
1992
1993 pa = base | (i << TARGET_PAGE_BITS);
1994 if (prot != data->prot) {
1995 rc = walk_memory_regions_end(data, pa, prot);
1996 if (rc != 0) {
1997 return rc;
1998 }
1999 }
2000 }
2001 } else {
2002 void **pp = *lp;
2003
03f49957 2004 for (i = 0; i < V_L2_SIZE; ++i) {
1a1c4db9 2005 pa = base | ((target_ulong)i <<
03f49957 2006 (TARGET_PAGE_BITS + V_L2_BITS * level));
5b6dd868
BS		 2007 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2008 if (rc != 0) {
2009 return rc;
2010 }
2011 }
2012 }
2013
2014 return 0;
2015}
2016
2017int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2018{
2019 struct walk_memory_regions_data data;
66ec9f49 2020 uintptr_t i, l1_sz = v_l1_size;
5b6dd868
BS		 2021
2022 data.fn = fn;
2023 data.priv = priv;
1a1c4db9 2024 data.start = -1u;
5b6dd868
BS		 2025 data.prot = 0;
2026
66ec9f49
VK		 2027 for (i = 0; i < l1_sz; i++) {
2028 target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS);
2029 int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i);
5b6dd868
BS		 2030 if (rc != 0) {
2031 return rc;
2032 }
2033 }
2034
2035 return walk_memory_regions_end(&data, 0, 0);
2036}
2037
1a1c4db9
MI		 2038static int dump_region(void *priv, target_ulong start,
2039 target_ulong end, unsigned long prot)
5b6dd868
BS		 2040{
2041 FILE *f = (FILE *)priv;
2042
1a1c4db9
MI		 2043 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
2044 " "TARGET_FMT_lx" %c%c%c\n",
5b6dd868
BS		 2045 start, end, end - start,
2046 ((prot & PAGE_READ) ? 'r' : '-'),
2047 ((prot & PAGE_WRITE) ? 'w' : '-'),
2048 ((prot & PAGE_EXEC) ? 'x' : '-'));
2049
2050 return 0;
2051}
2052
2053/* dump memory mappings */
2054void page_dump(FILE *f)
2055{
1a1c4db9 2056 const int length = sizeof(target_ulong) * 2;
227b8175
SW		 2057 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
2058 length, "start", length, "end", length, "size", "prot");
5b6dd868
BS		 2059 walk_memory_regions(f, dump_region);
2060}
2061
2062int page_get_flags(target_ulong address)
2063{
2064 PageDesc *p;
2065
2066 p = page_find(address >> TARGET_PAGE_BITS);
2067 if (!p) {
2068 return 0;
2069 }
2070 return p->flags;
2071}
2072
2073/* Modify the flags of a page and invalidate the code if necessary.
2074 The flag PAGE_WRITE_ORG is positioned automatically depending
2075 on PAGE_WRITE. The mmap_lock should already be held. */
2076void page_set_flags(target_ulong start, target_ulong end, int flags)
2077{
2078 target_ulong addr, len;
2079
2080 /* This function should never be called with addresses outside the
2081 guest address space. If this assert fires, it probably indicates
2082 a missing call to h2g_valid. */
2083#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1a1c4db9 2084 assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
5b6dd868
BS		 2085#endif
2086 assert(start < end);
e505a063 2087 assert_memory_lock();
5b6dd868
BS		 2088
2089 start = start & TARGET_PAGE_MASK;
2090 end = TARGET_PAGE_ALIGN(end);
2091
2092 if (flags & PAGE_WRITE) {
2093 flags |= PAGE_WRITE_ORG;
2094 }
2095
2096 for (addr = start, len = end - start;
2097 len != 0;
2098 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2099 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2100
2101 /* If the write protection bit is set, then we invalidate
2102 the code inside. */
2103 if (!(p->flags & PAGE_WRITE) &&
2104 (flags & PAGE_WRITE) &&
2105 p->first_tb) {
75809229 2106 tb_invalidate_phys_page(addr, 0);
5b6dd868
BS		 2107 }
2108 p->flags = flags;
2109 }
2110}
2111
2112int page_check_range(target_ulong start, target_ulong len, int flags)
2113{
2114 PageDesc *p;
2115 target_ulong end;
2116 target_ulong addr;
2117
2118 /* This function should never be called with addresses outside the
2119 guest address space. If this assert fires, it probably indicates
2120 a missing call to h2g_valid. */
2121#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1a1c4db9 2122 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
5b6dd868
BS		 2123#endif
2124
2125 if (len == 0) {
2126 return 0;
2127 }
2128 if (start + len - 1 < start) {
2129 /* We've wrapped around. */
2130 return -1;
2131 }
2132
2133 /* must do before we loose bits in the next step */
2134 end = TARGET_PAGE_ALIGN(start + len);
2135 start = start & TARGET_PAGE_MASK;
2136
2137 for (addr = start, len = end - start;
2138 len != 0;
2139 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2140 p = page_find(addr >> TARGET_PAGE_BITS);
2141 if (!p) {
2142 return -1;
2143 }
2144 if (!(p->flags & PAGE_VALID)) {
2145 return -1;
2146 }
2147
2148 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
2149 return -1;
2150 }
2151 if (flags & PAGE_WRITE) {
2152 if (!(p->flags & PAGE_WRITE_ORG)) {
2153 return -1;
2154 }
2155 /* unprotect the page if it was put read-only because it
2156 contains translated code */
2157 if (!(p->flags & PAGE_WRITE)) {
f213e72f 2158 if (!page_unprotect(addr, 0)) {
5b6dd868
BS		 2159 return -1;
2160 }
2161 }
5b6dd868
BS		 2162 }
2163 }
2164 return 0;
2165}
2166
2167/* called from signal handler: invalidate the code and unprotect the
f213e72f
PM		 2168 * page. Return 0 if the fault was not handled, 1 if it was handled,
2169 * and 2 if it was handled but the caller must cause the TB to be
2170 * immediately exited. (We can only return 2 if the 'pc' argument is
2171 * non-zero.)
2172 */
2173int page_unprotect(target_ulong address, uintptr_t pc)
5b6dd868
BS		 2174{
2175 unsigned int prot;
7399a337 2176 bool current_tb_invalidated;
5b6dd868
BS		 2177 PageDesc *p;
2178 target_ulong host_start, host_end, addr;
2179
2180 /* Technically this isn't safe inside a signal handler. However we
2181 know this only ever happens in a synchronous SEGV handler, so in
2182 practice it seems to be ok. */
2183 mmap_lock();
2184
2185 p = page_find(address >> TARGET_PAGE_BITS);
2186 if (!p) {
2187 mmap_unlock();
2188 return 0;
2189 }
2190
2191 /* if the page was really writable, then we change its
2192 protection back to writable */
2193 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2194 host_start = address & qemu_host_page_mask;
2195 host_end = host_start + qemu_host_page_size;
2196
2197 prot = 0;
7399a337 2198 current_tb_invalidated = false;
5b6dd868
BS		 2199 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2200 p = page_find(addr >> TARGET_PAGE_BITS);
2201 p->flags |= PAGE_WRITE;
2202 prot |= p->flags;
2203
2204 /* and since the content will be modified, we must invalidate
2205 the corresponding translated code. */
7399a337 2206 current_tb_invalidated |= tb_invalidate_phys_page(addr, pc);
5b6dd868
BS		 2207#ifdef DEBUG_TB_CHECK
2208 tb_invalidate_check(addr);
2209#endif
2210 }
2211 mprotect((void *)g2h(host_start), qemu_host_page_size,
2212 prot & PAGE_BITS);
2213
2214 mmap_unlock();
7399a337
SS		 2215 /* If current TB was invalidated return to main loop */
2216 return current_tb_invalidated ? 2 : 1;
5b6dd868
BS		 2217 }
2218 mmap_unlock();
2219 return 0;
2220}
2221#endif /* CONFIG_USER_ONLY */
QEMU mirror