]> git.proxmox.com Git - mirror_qemu.git/blame_incremental - exec.c
projects / mirror_qemu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
exec.c: Use cpu_get_phys_page_attrs_debug
[mirror_qemu.git] / exec.c
... / ...
CommitLineData
1/*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19#include "config.h"
20#ifndef _WIN32
21#include <sys/types.h>
22#include <sys/mman.h>
23#endif
24
25#include "qemu-common.h"
26#include "cpu.h"
27#include "tcg.h"
28#include "hw/hw.h"
29#if !defined(CONFIG_USER_ONLY)
30#include "hw/boards.h"
31#endif
32#include "hw/qdev.h"
33#include "qemu/osdep.h"
34#include "sysemu/kvm.h"
35#include "sysemu/sysemu.h"
36#include "hw/xen/xen.h"
37#include "qemu/timer.h"
38#include "qemu/config-file.h"
39#include "qemu/error-report.h"
40#include "exec/memory.h"
41#include "sysemu/dma.h"
42#include "exec/address-spaces.h"
43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
45#else /* !CONFIG_USER_ONLY */
46#include "sysemu/xen-mapcache.h"
47#include "trace.h"
48#endif
49#include "exec/cpu-all.h"
50#include "qemu/rcu_queue.h"
51#include "qemu/main-loop.h"
52#include "translate-all.h"
53#include "sysemu/replay.h"
54
55#include "exec/memory-internal.h"
56#include "exec/ram_addr.h"
57
58#include "qemu/range.h"
59#ifndef _WIN32
60#include "qemu/mmap-alloc.h"
61#endif
62
63//#define DEBUG_SUBPAGE
64
65#if !defined(CONFIG_USER_ONLY)
66/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71static MemoryRegion *system_memory;
72static MemoryRegion *system_io;
73
74AddressSpace address_space_io;
75AddressSpace address_space_memory;
76
77MemoryRegion io_mem_rom, io_mem_notdirty;
78static MemoryRegion io_mem_unassigned;
79
80/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81#define RAM_PREALLOC (1 << 0)
82
83/* RAM is mmap-ed with MAP_SHARED */
84#define RAM_SHARED (1 << 1)
85
86/* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89#define RAM_RESIZEABLE (1 << 2)
90
91#endif
92
93struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94/* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96__thread CPUState *current_cpu;
97/* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100int use_icount;
101
102#if !defined(CONFIG_USER_ONLY)
103
104typedef struct PhysPageEntry PhysPageEntry;
105
106struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111};
112
113#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115/* Size of the L2 (and L3, etc) page tables. */
116#define ADDR_SPACE_BITS 64
117
118#define P_L2_BITS 9
119#define P_L2_SIZE (1 << P_L2_BITS)
120
121#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123typedef PhysPageEntry Node[P_L2_SIZE];
124
125typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134} PhysPageMap;
135
136struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145};
146
147#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153} subpage_t;
154
155#define PHYS_SECTION_UNASSIGNED 0
156#define PHYS_SECTION_NOTDIRTY 1
157#define PHYS_SECTION_ROM 2
158#define PHYS_SECTION_WATCH 3
159
160static void io_mem_init(void);
161static void memory_map_init(void);
162static void tcg_commit(MemoryListener *listener);
163
164static MemoryRegion io_mem_watch;
165
166/**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178};
179
180#endif
181
182#if !defined(CONFIG_USER_ONLY)
183
184static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185{
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191}
192
193static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194{
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211}
212
213static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216{
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237}
238
239static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242{
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247}
248
249/* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253{
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300}
301
302static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303{
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309}
310
311static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313{
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333}
334
335bool memory_region_is_unassigned(MemoryRegion *mr)
336{
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339}
340
341/* Called from RCU critical section */
342static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345{
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355}
356
357/* Called from RCU critical section */
358static MemoryRegionSection *
359address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361{
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391}
392
393/* Called from RCU critical section */
394MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
397{
398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
401
402 for (;;) {
403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
425 *plen = MIN(page, *plen);
426 }
427
428 *xlat = addr;
429 return mr;
430}
431
432/* Called from RCU critical section */
433MemoryRegionSection *
434address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
436{
437 MemoryRegionSection *section;
438 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
439
440 section = address_space_translate_internal(d, addr, xlat, plen, false);
441
442 assert(!section->mr->iommu_ops);
443 return section;
444}
445#endif
446
447#if !defined(CONFIG_USER_ONLY)
448
449static int cpu_common_post_load(void *opaque, int version_id)
450{
451 CPUState *cpu = opaque;
452
453 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
454 version_id is increased. */
455 cpu->interrupt_request &= ~0x01;
456 tlb_flush(cpu, 1);
457
458 return 0;
459}
460
461static int cpu_common_pre_load(void *opaque)
462{
463 CPUState *cpu = opaque;
464
465 cpu->exception_index = -1;
466
467 return 0;
468}
469
470static bool cpu_common_exception_index_needed(void *opaque)
471{
472 CPUState *cpu = opaque;
473
474 return tcg_enabled() && cpu->exception_index != -1;
475}
476
477static const VMStateDescription vmstate_cpu_common_exception_index = {
478 .name = "cpu_common/exception_index",
479 .version_id = 1,
480 .minimum_version_id = 1,
481 .needed = cpu_common_exception_index_needed,
482 .fields = (VMStateField[]) {
483 VMSTATE_INT32(exception_index, CPUState),
484 VMSTATE_END_OF_LIST()
485 }
486};
487
488static bool cpu_common_crash_occurred_needed(void *opaque)
489{
490 CPUState *cpu = opaque;
491
492 return cpu->crash_occurred;
493}
494
495static const VMStateDescription vmstate_cpu_common_crash_occurred = {
496 .name = "cpu_common/crash_occurred",
497 .version_id = 1,
498 .minimum_version_id = 1,
499 .needed = cpu_common_crash_occurred_needed,
500 .fields = (VMStateField[]) {
501 VMSTATE_BOOL(crash_occurred, CPUState),
502 VMSTATE_END_OF_LIST()
503 }
504};
505
506const VMStateDescription vmstate_cpu_common = {
507 .name = "cpu_common",
508 .version_id = 1,
509 .minimum_version_id = 1,
510 .pre_load = cpu_common_pre_load,
511 .post_load = cpu_common_post_load,
512 .fields = (VMStateField[]) {
513 VMSTATE_UINT32(halted, CPUState),
514 VMSTATE_UINT32(interrupt_request, CPUState),
515 VMSTATE_END_OF_LIST()
516 },
517 .subsections = (const VMStateDescription*[]) {
518 &vmstate_cpu_common_exception_index,
519 &vmstate_cpu_common_crash_occurred,
520 NULL
521 }
522};
523
524#endif
525
526CPUState *qemu_get_cpu(int index)
527{
528 CPUState *cpu;
529
530 CPU_FOREACH(cpu) {
531 if (cpu->cpu_index == index) {
532 return cpu;
533 }
534 }
535
536 return NULL;
537}
538
539#if !defined(CONFIG_USER_ONLY)
540void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
541{
542 CPUAddressSpace *newas;
543
544 /* Target code should have set num_ases before calling us */
545 assert(asidx < cpu->num_ases);
546
547 if (asidx == 0) {
548 /* address space 0 gets the convenience alias */
549 cpu->as = as;
550 }
551
552 /* KVM cannot currently support multiple address spaces. */
553 assert(asidx == 0 || !kvm_enabled());
554
555 if (!cpu->cpu_ases) {
556 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
557 }
558
559 newas = &cpu->cpu_ases[asidx];
560 newas->cpu = cpu;
561 newas->as = as;
562 if (tcg_enabled()) {
563 newas->tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&newas->tcg_as_listener, as);
565 }
566}
567
568AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
569{
570 /* Return the AddressSpace corresponding to the specified index */
571 return cpu->cpu_ases[asidx].as;
572}
573#endif
574
575#ifndef CONFIG_USER_ONLY
576static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
577
578static int cpu_get_free_index(Error **errp)
579{
580 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
581
582 if (cpu >= MAX_CPUMASK_BITS) {
583 error_setg(errp, "Trying to use more CPUs than max of %d",
584 MAX_CPUMASK_BITS);
585 return -1;
586 }
587
588 bitmap_set(cpu_index_map, cpu, 1);
589 return cpu;
590}
591
592void cpu_exec_exit(CPUState *cpu)
593{
594 if (cpu->cpu_index == -1) {
595 /* cpu_index was never allocated by this @cpu or was already freed. */
596 return;
597 }
598
599 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
600 cpu->cpu_index = -1;
601}
602#else
603
604static int cpu_get_free_index(Error **errp)
605{
606 CPUState *some_cpu;
607 int cpu_index = 0;
608
609 CPU_FOREACH(some_cpu) {
610 cpu_index++;
611 }
612 return cpu_index;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617}
618#endif
619
620void cpu_exec_init(CPUState *cpu, Error **errp)
621{
622 CPUClass *cc = CPU_GET_CLASS(cpu);
623 int cpu_index;
624 Error *local_err = NULL;
625
626 cpu->as = NULL;
627 cpu->num_ases = 0;
628
629#ifndef CONFIG_USER_ONLY
630 cpu->thread_id = qemu_get_thread_id();
631#endif
632
633#if defined(CONFIG_USER_ONLY)
634 cpu_list_lock();
635#endif
636 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
637 if (local_err) {
638 error_propagate(errp, local_err);
639#if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641#endif
642 return;
643 }
644 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
645#if defined(CONFIG_USER_ONLY)
646 cpu_list_unlock();
647#endif
648 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
649 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
650 }
651#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
652 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
653 cpu_save, cpu_load, cpu->env_ptr);
654 assert(cc->vmsd == NULL);
655 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
656#endif
657 if (cc->vmsd != NULL) {
658 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
659 }
660}
661
662#if defined(CONFIG_USER_ONLY)
663static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
664{
665 tb_invalidate_phys_page_range(pc, pc + 1, 0);
666}
667#else
668static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
669{
670 MemTxAttrs attrs;
671 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
672 int asidx = cpu_asidx_from_attrs(cpu, attrs);
673 if (phys != -1) {
674 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
675 phys | (pc & ~TARGET_PAGE_MASK));
676 }
677}
678#endif
679
680#if defined(CONFIG_USER_ONLY)
681void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
682
683{
684}
685
686int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
687 int flags)
688{
689 return -ENOSYS;
690}
691
692void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
693{
694}
695
696int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
697 int flags, CPUWatchpoint **watchpoint)
698{
699 return -ENOSYS;
700}
701#else
702/* Add a watchpoint. */
703int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
704 int flags, CPUWatchpoint **watchpoint)
705{
706 CPUWatchpoint *wp;
707
708 /* forbid ranges which are empty or run off the end of the address space */
709 if (len == 0 || (addr + len - 1) < addr) {
710 error_report("tried to set invalid watchpoint at %"
711 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
712 return -EINVAL;
713 }
714 wp = g_malloc(sizeof(*wp));
715
716 wp->vaddr = addr;
717 wp->len = len;
718 wp->flags = flags;
719
720 /* keep all GDB-injected watchpoints in front */
721 if (flags & BP_GDB) {
722 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
723 } else {
724 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
725 }
726
727 tlb_flush_page(cpu, addr);
728
729 if (watchpoint)
730 *watchpoint = wp;
731 return 0;
732}
733
734/* Remove a specific watchpoint. */
735int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
736 int flags)
737{
738 CPUWatchpoint *wp;
739
740 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
741 if (addr == wp->vaddr && len == wp->len
742 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
743 cpu_watchpoint_remove_by_ref(cpu, wp);
744 return 0;
745 }
746 }
747 return -ENOENT;
748}
749
750/* Remove a specific watchpoint by reference. */
751void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
752{
753 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
754
755 tlb_flush_page(cpu, watchpoint->vaddr);
756
757 g_free(watchpoint);
758}
759
760/* Remove all matching watchpoints. */
761void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
762{
763 CPUWatchpoint *wp, *next;
764
765 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
766 if (wp->flags & mask) {
767 cpu_watchpoint_remove_by_ref(cpu, wp);
768 }
769 }
770}
771
772/* Return true if this watchpoint address matches the specified
773 * access (ie the address range covered by the watchpoint overlaps
774 * partially or completely with the address range covered by the
775 * access).
776 */
777static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
778 vaddr addr,
779 vaddr len)
780{
781 /* We know the lengths are non-zero, but a little caution is
782 * required to avoid errors in the case where the range ends
783 * exactly at the top of the address space and so addr + len
784 * wraps round to zero.
785 */
786 vaddr wpend = wp->vaddr + wp->len - 1;
787 vaddr addrend = addr + len - 1;
788
789 return !(addr > wpend || wp->vaddr > addrend);
790}
791
792#endif
793
794/* Add a breakpoint. */
795int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
796 CPUBreakpoint **breakpoint)
797{
798 CPUBreakpoint *bp;
799
800 bp = g_malloc(sizeof(*bp));
801
802 bp->pc = pc;
803 bp->flags = flags;
804
805 /* keep all GDB-injected breakpoints in front */
806 if (flags & BP_GDB) {
807 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
808 } else {
809 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
810 }
811
812 breakpoint_invalidate(cpu, pc);
813
814 if (breakpoint) {
815 *breakpoint = bp;
816 }
817 return 0;
818}
819
820/* Remove a specific breakpoint. */
821int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
822{
823 CPUBreakpoint *bp;
824
825 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
826 if (bp->pc == pc && bp->flags == flags) {
827 cpu_breakpoint_remove_by_ref(cpu, bp);
828 return 0;
829 }
830 }
831 return -ENOENT;
832}
833
834/* Remove a specific breakpoint by reference. */
835void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
836{
837 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
838
839 breakpoint_invalidate(cpu, breakpoint->pc);
840
841 g_free(breakpoint);
842}
843
844/* Remove all matching breakpoints. */
845void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
846{
847 CPUBreakpoint *bp, *next;
848
849 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
850 if (bp->flags & mask) {
851 cpu_breakpoint_remove_by_ref(cpu, bp);
852 }
853 }
854}
855
856/* enable or disable single step mode. EXCP_DEBUG is returned by the
857 CPU loop after each instruction */
858void cpu_single_step(CPUState *cpu, int enabled)
859{
860 if (cpu->singlestep_enabled != enabled) {
861 cpu->singlestep_enabled = enabled;
862 if (kvm_enabled()) {
863 kvm_update_guest_debug(cpu, 0);
864 } else {
865 /* must flush all the translated code to avoid inconsistencies */
866 /* XXX: only flush what is necessary */
867 tb_flush(cpu);
868 }
869 }
870}
871
872void cpu_abort(CPUState *cpu, const char *fmt, ...)
873{
874 va_list ap;
875 va_list ap2;
876
877 va_start(ap, fmt);
878 va_copy(ap2, ap);
879 fprintf(stderr, "qemu: fatal: ");
880 vfprintf(stderr, fmt, ap);
881 fprintf(stderr, "\n");
882 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
883 if (qemu_log_separate()) {
884 qemu_log("qemu: fatal: ");
885 qemu_log_vprintf(fmt, ap2);
886 qemu_log("\n");
887 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
888 qemu_log_flush();
889 qemu_log_close();
890 }
891 va_end(ap2);
892 va_end(ap);
893 replay_finish();
894#if defined(CONFIG_USER_ONLY)
895 {
896 struct sigaction act;
897 sigfillset(&act.sa_mask);
898 act.sa_handler = SIG_DFL;
899 sigaction(SIGABRT, &act, NULL);
900 }
901#endif
902 abort();
903}
904
905#if !defined(CONFIG_USER_ONLY)
906/* Called from RCU critical section */
907static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
908{
909 RAMBlock *block;
910
911 block = atomic_rcu_read(&ram_list.mru_block);
912 if (block && addr - block->offset < block->max_length) {
913 return block;
914 }
915 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
916 if (addr - block->offset < block->max_length) {
917 goto found;
918 }
919 }
920
921 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
922 abort();
923
924found:
925 /* It is safe to write mru_block outside the iothread lock. This
926 * is what happens:
927 *
928 * mru_block = xxx
929 * rcu_read_unlock()
930 * xxx removed from list
931 * rcu_read_lock()
932 * read mru_block
933 * mru_block = NULL;
934 * call_rcu(reclaim_ramblock, xxx);
935 * rcu_read_unlock()
936 *
937 * atomic_rcu_set is not needed here. The block was already published
938 * when it was placed into the list. Here we're just making an extra
939 * copy of the pointer.
940 */
941 ram_list.mru_block = block;
942 return block;
943}
944
945static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
946{
947 CPUState *cpu;
948 ram_addr_t start1;
949 RAMBlock *block;
950 ram_addr_t end;
951
952 end = TARGET_PAGE_ALIGN(start + length);
953 start &= TARGET_PAGE_MASK;
954
955 rcu_read_lock();
956 block = qemu_get_ram_block(start);
957 assert(block == qemu_get_ram_block(end - 1));
958 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
959 CPU_FOREACH(cpu) {
960 tlb_reset_dirty(cpu, start1, length);
961 }
962 rcu_read_unlock();
963}
964
965/* Note: start and end must be within the same ram block. */
966bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
967 ram_addr_t length,
968 unsigned client)
969{
970 unsigned long end, page;
971 bool dirty;
972
973 if (length == 0) {
974 return false;
975 }
976
977 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
978 page = start >> TARGET_PAGE_BITS;
979 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
980 page, end - page);
981
982 if (dirty && tcg_enabled()) {
983 tlb_reset_dirty_range_all(start, length);
984 }
985
986 return dirty;
987}
988
989/* Called from RCU critical section */
990hwaddr memory_region_section_get_iotlb(CPUState *cpu,
991 MemoryRegionSection *section,
992 target_ulong vaddr,
993 hwaddr paddr, hwaddr xlat,
994 int prot,
995 target_ulong *address)
996{
997 hwaddr iotlb;
998 CPUWatchpoint *wp;
999
1000 if (memory_region_is_ram(section->mr)) {
1001 /* Normal RAM. */
1002 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1003 + xlat;
1004 if (!section->readonly) {
1005 iotlb |= PHYS_SECTION_NOTDIRTY;
1006 } else {
1007 iotlb |= PHYS_SECTION_ROM;
1008 }
1009 } else {
1010 AddressSpaceDispatch *d;
1011
1012 d = atomic_rcu_read(&section->address_space->dispatch);
1013 iotlb = section - d->map.sections;
1014 iotlb += xlat;
1015 }
1016
1017 /* Make accesses to pages with watchpoints go via the
1018 watchpoint trap routines. */
1019 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1020 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1021 /* Avoid trapping reads of pages with a write breakpoint. */
1022 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1023 iotlb = PHYS_SECTION_WATCH + paddr;
1024 *address |= TLB_MMIO;
1025 break;
1026 }
1027 }
1028 }
1029
1030 return iotlb;
1031}
1032#endif /* defined(CONFIG_USER_ONLY) */
1033
1034#if !defined(CONFIG_USER_ONLY)
1035
1036static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1037 uint16_t section);
1038static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1039
1040static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1041 qemu_anon_ram_alloc;
1042
1043/*
1044 * Set a custom physical guest memory alloator.
1045 * Accelerators with unusual needs may need this. Hopefully, we can
1046 * get rid of it eventually.
1047 */
1048void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1049{
1050 phys_mem_alloc = alloc;
1051}
1052
1053static uint16_t phys_section_add(PhysPageMap *map,
1054 MemoryRegionSection *section)
1055{
1056 /* The physical section number is ORed with a page-aligned
1057 * pointer to produce the iotlb entries. Thus it should
1058 * never overflow into the page-aligned value.
1059 */
1060 assert(map->sections_nb < TARGET_PAGE_SIZE);
1061
1062 if (map->sections_nb == map->sections_nb_alloc) {
1063 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1064 map->sections = g_renew(MemoryRegionSection, map->sections,
1065 map->sections_nb_alloc);
1066 }
1067 map->sections[map->sections_nb] = *section;
1068 memory_region_ref(section->mr);
1069 return map->sections_nb++;
1070}
1071
1072static void phys_section_destroy(MemoryRegion *mr)
1073{
1074 bool have_sub_page = mr->subpage;
1075
1076 memory_region_unref(mr);
1077
1078 if (have_sub_page) {
1079 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1080 object_unref(OBJECT(&subpage->iomem));
1081 g_free(subpage);
1082 }
1083}
1084
1085static void phys_sections_free(PhysPageMap *map)
1086{
1087 while (map->sections_nb > 0) {
1088 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1089 phys_section_destroy(section->mr);
1090 }
1091 g_free(map->sections);
1092 g_free(map->nodes);
1093}
1094
1095static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1096{
1097 subpage_t *subpage;
1098 hwaddr base = section->offset_within_address_space
1099 & TARGET_PAGE_MASK;
1100 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1101 d->map.nodes, d->map.sections);
1102 MemoryRegionSection subsection = {
1103 .offset_within_address_space = base,
1104 .size = int128_make64(TARGET_PAGE_SIZE),
1105 };
1106 hwaddr start, end;
1107
1108 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1109
1110 if (!(existing->mr->subpage)) {
1111 subpage = subpage_init(d->as, base);
1112 subsection.address_space = d->as;
1113 subsection.mr = &subpage->iomem;
1114 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1115 phys_section_add(&d->map, &subsection));
1116 } else {
1117 subpage = container_of(existing->mr, subpage_t, iomem);
1118 }
1119 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1120 end = start + int128_get64(section->size) - 1;
1121 subpage_register(subpage, start, end,
1122 phys_section_add(&d->map, section));
1123}
1124
1125
1126static void register_multipage(AddressSpaceDispatch *d,
1127 MemoryRegionSection *section)
1128{
1129 hwaddr start_addr = section->offset_within_address_space;
1130 uint16_t section_index = phys_section_add(&d->map, section);
1131 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1132 TARGET_PAGE_BITS));
1133
1134 assert(num_pages);
1135 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1136}
1137
1138static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1139{
1140 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1141 AddressSpaceDispatch *d = as->next_dispatch;
1142 MemoryRegionSection now = *section, remain = *section;
1143 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1144
1145 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1146 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1147 - now.offset_within_address_space;
1148
1149 now.size = int128_min(int128_make64(left), now.size);
1150 register_subpage(d, &now);
1151 } else {
1152 now.size = int128_zero();
1153 }
1154 while (int128_ne(remain.size, now.size)) {
1155 remain.size = int128_sub(remain.size, now.size);
1156 remain.offset_within_address_space += int128_get64(now.size);
1157 remain.offset_within_region += int128_get64(now.size);
1158 now = remain;
1159 if (int128_lt(remain.size, page_size)) {
1160 register_subpage(d, &now);
1161 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1162 now.size = page_size;
1163 register_subpage(d, &now);
1164 } else {
1165 now.size = int128_and(now.size, int128_neg(page_size));
1166 register_multipage(d, &now);
1167 }
1168 }
1169}
1170
1171void qemu_flush_coalesced_mmio_buffer(void)
1172{
1173 if (kvm_enabled())
1174 kvm_flush_coalesced_mmio_buffer();
1175}
1176
1177void qemu_mutex_lock_ramlist(void)
1178{
1179 qemu_mutex_lock(&ram_list.mutex);
1180}
1181
1182void qemu_mutex_unlock_ramlist(void)
1183{
1184 qemu_mutex_unlock(&ram_list.mutex);
1185}
1186
1187#ifdef __linux__
1188
1189#include <sys/vfs.h>
1190
1191#define HUGETLBFS_MAGIC 0x958458f6
1192
1193static long gethugepagesize(const char *path, Error **errp)
1194{
1195 struct statfs fs;
1196 int ret;
1197
1198 do {
1199 ret = statfs(path, &fs);
1200 } while (ret != 0 && errno == EINTR);
1201
1202 if (ret != 0) {
1203 error_setg_errno(errp, errno, "failed to get page size of file %s",
1204 path);
1205 return 0;
1206 }
1207
1208 return fs.f_bsize;
1209}
1210
1211static void *file_ram_alloc(RAMBlock *block,
1212 ram_addr_t memory,
1213 const char *path,
1214 Error **errp)
1215{
1216 struct stat st;
1217 char *filename;
1218 char *sanitized_name;
1219 char *c;
1220 void *area;
1221 int fd;
1222 uint64_t hpagesize;
1223 Error *local_err = NULL;
1224
1225 hpagesize = gethugepagesize(path, &local_err);
1226 if (local_err) {
1227 error_propagate(errp, local_err);
1228 goto error;
1229 }
1230 block->mr->align = hpagesize;
1231
1232 if (memory < hpagesize) {
1233 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1234 "or larger than huge page size 0x%" PRIx64,
1235 memory, hpagesize);
1236 goto error;
1237 }
1238
1239 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1240 error_setg(errp,
1241 "host lacks kvm mmu notifiers, -mem-path unsupported");
1242 goto error;
1243 }
1244
1245 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1246 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1247 sanitized_name = g_strdup(memory_region_name(block->mr));
1248 for (c = sanitized_name; *c != '\0'; c++) {
1249 if (*c == '/') {
1250 *c = '_';
1251 }
1252 }
1253
1254 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1255 sanitized_name);
1256 g_free(sanitized_name);
1257
1258 fd = mkstemp(filename);
1259 if (fd >= 0) {
1260 unlink(filename);
1261 }
1262 g_free(filename);
1263 } else {
1264 fd = open(path, O_RDWR | O_CREAT, 0644);
1265 }
1266
1267 if (fd < 0) {
1268 error_setg_errno(errp, errno,
1269 "unable to create backing store for hugepages");
1270 goto error;
1271 }
1272
1273 memory = ROUND_UP(memory, hpagesize);
1274
1275 /*
1276 * ftruncate is not supported by hugetlbfs in older
1277 * hosts, so don't bother bailing out on errors.
1278 * If anything goes wrong with it under other filesystems,
1279 * mmap will fail.
1280 */
1281 if (ftruncate(fd, memory)) {
1282 perror("ftruncate");
1283 }
1284
1285 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1286 if (area == MAP_FAILED) {
1287 error_setg_errno(errp, errno,
1288 "unable to map backing store for hugepages");
1289 close(fd);
1290 goto error;
1291 }
1292
1293 if (mem_prealloc) {
1294 os_mem_prealloc(fd, area, memory);
1295 }
1296
1297 block->fd = fd;
1298 return area;
1299
1300error:
1301 return NULL;
1302}
1303#endif
1304
1305/* Called with the ramlist lock held. */
1306static ram_addr_t find_ram_offset(ram_addr_t size)
1307{
1308 RAMBlock *block, *next_block;
1309 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1310
1311 assert(size != 0); /* it would hand out same offset multiple times */
1312
1313 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1314 return 0;
1315 }
1316
1317 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1318 ram_addr_t end, next = RAM_ADDR_MAX;
1319
1320 end = block->offset + block->max_length;
1321
1322 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1323 if (next_block->offset >= end) {
1324 next = MIN(next, next_block->offset);
1325 }
1326 }
1327 if (next - end >= size && next - end < mingap) {
1328 offset = end;
1329 mingap = next - end;
1330 }
1331 }
1332
1333 if (offset == RAM_ADDR_MAX) {
1334 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1335 (uint64_t)size);
1336 abort();
1337 }
1338
1339 return offset;
1340}
1341
1342ram_addr_t last_ram_offset(void)
1343{
1344 RAMBlock *block;
1345 ram_addr_t last = 0;
1346
1347 rcu_read_lock();
1348 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1349 last = MAX(last, block->offset + block->max_length);
1350 }
1351 rcu_read_unlock();
1352 return last;
1353}
1354
1355static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1356{
1357 int ret;
1358
1359 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1360 if (!machine_dump_guest_core(current_machine)) {
1361 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1362 if (ret) {
1363 perror("qemu_madvise");
1364 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1365 "but dump_guest_core=off specified\n");
1366 }
1367 }
1368}
1369
1370/* Called within an RCU critical section, or while the ramlist lock
1371 * is held.
1372 */
1373static RAMBlock *find_ram_block(ram_addr_t addr)
1374{
1375 RAMBlock *block;
1376
1377 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1378 if (block->offset == addr) {
1379 return block;
1380 }
1381 }
1382
1383 return NULL;
1384}
1385
1386const char *qemu_ram_get_idstr(RAMBlock *rb)
1387{
1388 return rb->idstr;
1389}
1390
1391/* Called with iothread lock held. */
1392void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1393{
1394 RAMBlock *new_block, *block;
1395
1396 rcu_read_lock();
1397 new_block = find_ram_block(addr);
1398 assert(new_block);
1399 assert(!new_block->idstr[0]);
1400
1401 if (dev) {
1402 char *id = qdev_get_dev_path(dev);
1403 if (id) {
1404 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1405 g_free(id);
1406 }
1407 }
1408 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1409
1410 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1411 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1412 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1413 new_block->idstr);
1414 abort();
1415 }
1416 }
1417 rcu_read_unlock();
1418}
1419
1420/* Called with iothread lock held. */
1421void qemu_ram_unset_idstr(ram_addr_t addr)
1422{
1423 RAMBlock *block;
1424
1425 /* FIXME: arch_init.c assumes that this is not called throughout
1426 * migration. Ignore the problem since hot-unplug during migration
1427 * does not work anyway.
1428 */
1429
1430 rcu_read_lock();
1431 block = find_ram_block(addr);
1432 if (block) {
1433 memset(block->idstr, 0, sizeof(block->idstr));
1434 }
1435 rcu_read_unlock();
1436}
1437
1438static int memory_try_enable_merging(void *addr, size_t len)
1439{
1440 if (!machine_mem_merge(current_machine)) {
1441 /* disabled by the user */
1442 return 0;
1443 }
1444
1445 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1446}
1447
1448/* Only legal before guest might have detected the memory size: e.g. on
1449 * incoming migration, or right after reset.
1450 *
1451 * As memory core doesn't know how is memory accessed, it is up to
1452 * resize callback to update device state and/or add assertions to detect
1453 * misuse, if necessary.
1454 */
1455int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1456{
1457 RAMBlock *block = find_ram_block(base);
1458
1459 assert(block);
1460
1461 newsize = HOST_PAGE_ALIGN(newsize);
1462
1463 if (block->used_length == newsize) {
1464 return 0;
1465 }
1466
1467 if (!(block->flags & RAM_RESIZEABLE)) {
1468 error_setg_errno(errp, EINVAL,
1469 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1470 " in != 0x" RAM_ADDR_FMT, block->idstr,
1471 newsize, block->used_length);
1472 return -EINVAL;
1473 }
1474
1475 if (block->max_length < newsize) {
1476 error_setg_errno(errp, EINVAL,
1477 "Length too large: %s: 0x" RAM_ADDR_FMT
1478 " > 0x" RAM_ADDR_FMT, block->idstr,
1479 newsize, block->max_length);
1480 return -EINVAL;
1481 }
1482
1483 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1484 block->used_length = newsize;
1485 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1486 DIRTY_CLIENTS_ALL);
1487 memory_region_set_size(block->mr, newsize);
1488 if (block->resized) {
1489 block->resized(block->idstr, newsize, block->host);
1490 }
1491 return 0;
1492}
1493
1494static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1495{
1496 RAMBlock *block;
1497 RAMBlock *last_block = NULL;
1498 ram_addr_t old_ram_size, new_ram_size;
1499
1500 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1501
1502 qemu_mutex_lock_ramlist();
1503 new_block->offset = find_ram_offset(new_block->max_length);
1504
1505 if (!new_block->host) {
1506 if (xen_enabled()) {
1507 xen_ram_alloc(new_block->offset, new_block->max_length,
1508 new_block->mr);
1509 } else {
1510 new_block->host = phys_mem_alloc(new_block->max_length,
1511 &new_block->mr->align);
1512 if (!new_block->host) {
1513 error_setg_errno(errp, errno,
1514 "cannot set up guest memory '%s'",
1515 memory_region_name(new_block->mr));
1516 qemu_mutex_unlock_ramlist();
1517 return -1;
1518 }
1519 memory_try_enable_merging(new_block->host, new_block->max_length);
1520 }
1521 }
1522
1523 new_ram_size = MAX(old_ram_size,
1524 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1525 if (new_ram_size > old_ram_size) {
1526 migration_bitmap_extend(old_ram_size, new_ram_size);
1527 }
1528 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1529 * QLIST (which has an RCU-friendly variant) does not have insertion at
1530 * tail, so save the last element in last_block.
1531 */
1532 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1533 last_block = block;
1534 if (block->max_length < new_block->max_length) {
1535 break;
1536 }
1537 }
1538 if (block) {
1539 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1540 } else if (last_block) {
1541 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1542 } else { /* list is empty */
1543 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1544 }
1545 ram_list.mru_block = NULL;
1546
1547 /* Write list before version */
1548 smp_wmb();
1549 ram_list.version++;
1550 qemu_mutex_unlock_ramlist();
1551
1552 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1553
1554 if (new_ram_size > old_ram_size) {
1555 int i;
1556
1557 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1558 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1559 ram_list.dirty_memory[i] =
1560 bitmap_zero_extend(ram_list.dirty_memory[i],
1561 old_ram_size, new_ram_size);
1562 }
1563 }
1564 cpu_physical_memory_set_dirty_range(new_block->offset,
1565 new_block->used_length,
1566 DIRTY_CLIENTS_ALL);
1567
1568 if (new_block->host) {
1569 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1570 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1571 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1572 if (kvm_enabled()) {
1573 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1574 }
1575 }
1576
1577 return new_block->offset;
1578}
1579
1580#ifdef __linux__
1581ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1582 bool share, const char *mem_path,
1583 Error **errp)
1584{
1585 RAMBlock *new_block;
1586 ram_addr_t addr;
1587 Error *local_err = NULL;
1588
1589 if (xen_enabled()) {
1590 error_setg(errp, "-mem-path not supported with Xen");
1591 return -1;
1592 }
1593
1594 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1595 /*
1596 * file_ram_alloc() needs to allocate just like
1597 * phys_mem_alloc, but we haven't bothered to provide
1598 * a hook there.
1599 */
1600 error_setg(errp,
1601 "-mem-path not supported with this accelerator");
1602 return -1;
1603 }
1604
1605 size = HOST_PAGE_ALIGN(size);
1606 new_block = g_malloc0(sizeof(*new_block));
1607 new_block->mr = mr;
1608 new_block->used_length = size;
1609 new_block->max_length = size;
1610 new_block->flags = share ? RAM_SHARED : 0;
1611 new_block->host = file_ram_alloc(new_block, size,
1612 mem_path, errp);
1613 if (!new_block->host) {
1614 g_free(new_block);
1615 return -1;
1616 }
1617
1618 addr = ram_block_add(new_block, &local_err);
1619 if (local_err) {
1620 g_free(new_block);
1621 error_propagate(errp, local_err);
1622 return -1;
1623 }
1624 return addr;
1625}
1626#endif
1627
1628static
1629ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1630 void (*resized)(const char*,
1631 uint64_t length,
1632 void *host),
1633 void *host, bool resizeable,
1634 MemoryRegion *mr, Error **errp)
1635{
1636 RAMBlock *new_block;
1637 ram_addr_t addr;
1638 Error *local_err = NULL;
1639
1640 size = HOST_PAGE_ALIGN(size);
1641 max_size = HOST_PAGE_ALIGN(max_size);
1642 new_block = g_malloc0(sizeof(*new_block));
1643 new_block->mr = mr;
1644 new_block->resized = resized;
1645 new_block->used_length = size;
1646 new_block->max_length = max_size;
1647 assert(max_size >= size);
1648 new_block->fd = -1;
1649 new_block->host = host;
1650 if (host) {
1651 new_block->flags |= RAM_PREALLOC;
1652 }
1653 if (resizeable) {
1654 new_block->flags |= RAM_RESIZEABLE;
1655 }
1656 addr = ram_block_add(new_block, &local_err);
1657 if (local_err) {
1658 g_free(new_block);
1659 error_propagate(errp, local_err);
1660 return -1;
1661 }
1662 return addr;
1663}
1664
1665ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1666 MemoryRegion *mr, Error **errp)
1667{
1668 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1669}
1670
1671ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1672{
1673 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1674}
1675
1676ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1677 void (*resized)(const char*,
1678 uint64_t length,
1679 void *host),
1680 MemoryRegion *mr, Error **errp)
1681{
1682 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1683}
1684
1685static void reclaim_ramblock(RAMBlock *block)
1686{
1687 if (block->flags & RAM_PREALLOC) {
1688 ;
1689 } else if (xen_enabled()) {
1690 xen_invalidate_map_cache_entry(block->host);
1691#ifndef _WIN32
1692 } else if (block->fd >= 0) {
1693 qemu_ram_munmap(block->host, block->max_length);
1694 close(block->fd);
1695#endif
1696 } else {
1697 qemu_anon_ram_free(block->host, block->max_length);
1698 }
1699 g_free(block);
1700}
1701
1702void qemu_ram_free(ram_addr_t addr)
1703{
1704 RAMBlock *block;
1705
1706 qemu_mutex_lock_ramlist();
1707 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1708 if (addr == block->offset) {
1709 QLIST_REMOVE_RCU(block, next);
1710 ram_list.mru_block = NULL;
1711 /* Write list before version */
1712 smp_wmb();
1713 ram_list.version++;
1714 call_rcu(block, reclaim_ramblock, rcu);
1715 break;
1716 }
1717 }
1718 qemu_mutex_unlock_ramlist();
1719}
1720
1721#ifndef _WIN32
1722void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1723{
1724 RAMBlock *block;
1725 ram_addr_t offset;
1726 int flags;
1727 void *area, *vaddr;
1728
1729 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1730 offset = addr - block->offset;
1731 if (offset < block->max_length) {
1732 vaddr = ramblock_ptr(block, offset);
1733 if (block->flags & RAM_PREALLOC) {
1734 ;
1735 } else if (xen_enabled()) {
1736 abort();
1737 } else {
1738 flags = MAP_FIXED;
1739 if (block->fd >= 0) {
1740 flags |= (block->flags & RAM_SHARED ?
1741 MAP_SHARED : MAP_PRIVATE);
1742 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1743 flags, block->fd, offset);
1744 } else {
1745 /*
1746 * Remap needs to match alloc. Accelerators that
1747 * set phys_mem_alloc never remap. If they did,
1748 * we'd need a remap hook here.
1749 */
1750 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1751
1752 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1753 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1754 flags, -1, 0);
1755 }
1756 if (area != vaddr) {
1757 fprintf(stderr, "Could not remap addr: "
1758 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1759 length, addr);
1760 exit(1);
1761 }
1762 memory_try_enable_merging(vaddr, length);
1763 qemu_ram_setup_dump(vaddr, length);
1764 }
1765 }
1766 }
1767}
1768#endif /* !_WIN32 */
1769
1770int qemu_get_ram_fd(ram_addr_t addr)
1771{
1772 RAMBlock *block;
1773 int fd;
1774
1775 rcu_read_lock();
1776 block = qemu_get_ram_block(addr);
1777 fd = block->fd;
1778 rcu_read_unlock();
1779 return fd;
1780}
1781
1782void qemu_set_ram_fd(ram_addr_t addr, int fd)
1783{
1784 RAMBlock *block;
1785
1786 rcu_read_lock();
1787 block = qemu_get_ram_block(addr);
1788 block->fd = fd;
1789 rcu_read_unlock();
1790}
1791
1792void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1793{
1794 RAMBlock *block;
1795 void *ptr;
1796
1797 rcu_read_lock();
1798 block = qemu_get_ram_block(addr);
1799 ptr = ramblock_ptr(block, 0);
1800 rcu_read_unlock();
1801 return ptr;
1802}
1803
1804/* Return a host pointer to ram allocated with qemu_ram_alloc.
1805 * This should not be used for general purpose DMA. Use address_space_map
1806 * or address_space_rw instead. For local memory (e.g. video ram) that the
1807 * device owns, use memory_region_get_ram_ptr.
1808 *
1809 * Called within RCU critical section.
1810 */
1811void *qemu_get_ram_ptr(ram_addr_t addr)
1812{
1813 RAMBlock *block = qemu_get_ram_block(addr);
1814
1815 if (xen_enabled() && block->host == NULL) {
1816 /* We need to check if the requested address is in the RAM
1817 * because we don't want to map the entire memory in QEMU.
1818 * In that case just map until the end of the page.
1819 */
1820 if (block->offset == 0) {
1821 return xen_map_cache(addr, 0, 0);
1822 }
1823
1824 block->host = xen_map_cache(block->offset, block->max_length, 1);
1825 }
1826 return ramblock_ptr(block, addr - block->offset);
1827}
1828
1829/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1830 * but takes a size argument.
1831 *
1832 * Called within RCU critical section.
1833 */
1834static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1835{
1836 RAMBlock *block;
1837 ram_addr_t offset_inside_block;
1838 if (*size == 0) {
1839 return NULL;
1840 }
1841
1842 block = qemu_get_ram_block(addr);
1843 offset_inside_block = addr - block->offset;
1844 *size = MIN(*size, block->max_length - offset_inside_block);
1845
1846 if (xen_enabled() && block->host == NULL) {
1847 /* We need to check if the requested address is in the RAM
1848 * because we don't want to map the entire memory in QEMU.
1849 * In that case just map the requested area.
1850 */
1851 if (block->offset == 0) {
1852 return xen_map_cache(addr, *size, 1);
1853 }
1854
1855 block->host = xen_map_cache(block->offset, block->max_length, 1);
1856 }
1857
1858 return ramblock_ptr(block, offset_inside_block);
1859}
1860
1861/*
1862 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1863 * in that RAMBlock.
1864 *
1865 * ptr: Host pointer to look up
1866 * round_offset: If true round the result offset down to a page boundary
1867 * *ram_addr: set to result ram_addr
1868 * *offset: set to result offset within the RAMBlock
1869 *
1870 * Returns: RAMBlock (or NULL if not found)
1871 *
1872 * By the time this function returns, the returned pointer is not protected
1873 * by RCU anymore. If the caller is not within an RCU critical section and
1874 * does not hold the iothread lock, it must have other means of protecting the
1875 * pointer, such as a reference to the region that includes the incoming
1876 * ram_addr_t.
1877 */
1878RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1879 ram_addr_t *ram_addr,
1880 ram_addr_t *offset)
1881{
1882 RAMBlock *block;
1883 uint8_t *host = ptr;
1884
1885 if (xen_enabled()) {
1886 rcu_read_lock();
1887 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1888 block = qemu_get_ram_block(*ram_addr);
1889 if (block) {
1890 *offset = (host - block->host);
1891 }
1892 rcu_read_unlock();
1893 return block;
1894 }
1895
1896 rcu_read_lock();
1897 block = atomic_rcu_read(&ram_list.mru_block);
1898 if (block && block->host && host - block->host < block->max_length) {
1899 goto found;
1900 }
1901
1902 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1903 /* This case append when the block is not mapped. */
1904 if (block->host == NULL) {
1905 continue;
1906 }
1907 if (host - block->host < block->max_length) {
1908 goto found;
1909 }
1910 }
1911
1912 rcu_read_unlock();
1913 return NULL;
1914
1915found:
1916 *offset = (host - block->host);
1917 if (round_offset) {
1918 *offset &= TARGET_PAGE_MASK;
1919 }
1920 *ram_addr = block->offset + *offset;
1921 rcu_read_unlock();
1922 return block;
1923}
1924
1925/*
1926 * Finds the named RAMBlock
1927 *
1928 * name: The name of RAMBlock to find
1929 *
1930 * Returns: RAMBlock (or NULL if not found)
1931 */
1932RAMBlock *qemu_ram_block_by_name(const char *name)
1933{
1934 RAMBlock *block;
1935
1936 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1937 if (!strcmp(name, block->idstr)) {
1938 return block;
1939 }
1940 }
1941
1942 return NULL;
1943}
1944
1945/* Some of the softmmu routines need to translate from a host pointer
1946 (typically a TLB entry) back to a ram offset. */
1947MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1948{
1949 RAMBlock *block;
1950 ram_addr_t offset; /* Not used */
1951
1952 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1953
1954 if (!block) {
1955 return NULL;
1956 }
1957
1958 return block->mr;
1959}
1960
1961/* Called within RCU critical section. */
1962static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1963 uint64_t val, unsigned size)
1964{
1965 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1966 tb_invalidate_phys_page_fast(ram_addr, size);
1967 }
1968 switch (size) {
1969 case 1:
1970 stb_p(qemu_get_ram_ptr(ram_addr), val);
1971 break;
1972 case 2:
1973 stw_p(qemu_get_ram_ptr(ram_addr), val);
1974 break;
1975 case 4:
1976 stl_p(qemu_get_ram_ptr(ram_addr), val);
1977 break;
1978 default:
1979 abort();
1980 }
1981 /* Set both VGA and migration bits for simplicity and to remove
1982 * the notdirty callback faster.
1983 */
1984 cpu_physical_memory_set_dirty_range(ram_addr, size,
1985 DIRTY_CLIENTS_NOCODE);
1986 /* we remove the notdirty callback only if the code has been
1987 flushed */
1988 if (!cpu_physical_memory_is_clean(ram_addr)) {
1989 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1990 }
1991}
1992
1993static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1994 unsigned size, bool is_write)
1995{
1996 return is_write;
1997}
1998
1999static const MemoryRegionOps notdirty_mem_ops = {
2000 .write = notdirty_mem_write,
2001 .valid.accepts = notdirty_mem_accepts,
2002 .endianness = DEVICE_NATIVE_ENDIAN,
2003};
2004
2005/* Generate a debug exception if a watchpoint has been hit. */
2006static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2007{
2008 CPUState *cpu = current_cpu;
2009 CPUArchState *env = cpu->env_ptr;
2010 target_ulong pc, cs_base;
2011 target_ulong vaddr;
2012 CPUWatchpoint *wp;
2013 int cpu_flags;
2014
2015 if (cpu->watchpoint_hit) {
2016 /* We re-entered the check after replacing the TB. Now raise
2017 * the debug interrupt so that is will trigger after the
2018 * current instruction. */
2019 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2020 return;
2021 }
2022 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2023 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2024 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2025 && (wp->flags & flags)) {
2026 if (flags == BP_MEM_READ) {
2027 wp->flags |= BP_WATCHPOINT_HIT_READ;
2028 } else {
2029 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2030 }
2031 wp->hitaddr = vaddr;
2032 wp->hitattrs = attrs;
2033 if (!cpu->watchpoint_hit) {
2034 cpu->watchpoint_hit = wp;
2035 tb_check_watchpoint(cpu);
2036 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2037 cpu->exception_index = EXCP_DEBUG;
2038 cpu_loop_exit(cpu);
2039 } else {
2040 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2041 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2042 cpu_resume_from_signal(cpu, NULL);
2043 }
2044 }
2045 } else {
2046 wp->flags &= ~BP_WATCHPOINT_HIT;
2047 }
2048 }
2049}
2050
2051/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2052 so these check for a hit then pass through to the normal out-of-line
2053 phys routines. */
2054static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2055 unsigned size, MemTxAttrs attrs)
2056{
2057 MemTxResult res;
2058 uint64_t data;
2059
2060 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2061 switch (size) {
2062 case 1:
2063 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2064 break;
2065 case 2:
2066 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2067 break;
2068 case 4:
2069 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2070 break;
2071 default: abort();
2072 }
2073 *pdata = data;
2074 return res;
2075}
2076
2077static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2078 uint64_t val, unsigned size,
2079 MemTxAttrs attrs)
2080{
2081 MemTxResult res;
2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2084 switch (size) {
2085 case 1:
2086 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2087 break;
2088 case 2:
2089 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2090 break;
2091 case 4:
2092 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2093 break;
2094 default: abort();
2095 }
2096 return res;
2097}
2098
2099static const MemoryRegionOps watch_mem_ops = {
2100 .read_with_attrs = watch_mem_read,
2101 .write_with_attrs = watch_mem_write,
2102 .endianness = DEVICE_NATIVE_ENDIAN,
2103};
2104
2105static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2106 unsigned len, MemTxAttrs attrs)
2107{
2108 subpage_t *subpage = opaque;
2109 uint8_t buf[8];
2110 MemTxResult res;
2111
2112#if defined(DEBUG_SUBPAGE)
2113 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2114 subpage, len, addr);
2115#endif
2116 res = address_space_read(subpage->as, addr + subpage->base,
2117 attrs, buf, len);
2118 if (res) {
2119 return res;
2120 }
2121 switch (len) {
2122 case 1:
2123 *data = ldub_p(buf);
2124 return MEMTX_OK;
2125 case 2:
2126 *data = lduw_p(buf);
2127 return MEMTX_OK;
2128 case 4:
2129 *data = ldl_p(buf);
2130 return MEMTX_OK;
2131 case 8:
2132 *data = ldq_p(buf);
2133 return MEMTX_OK;
2134 default:
2135 abort();
2136 }
2137}
2138
2139static MemTxResult subpage_write(void *opaque, hwaddr addr,
2140 uint64_t value, unsigned len, MemTxAttrs attrs)
2141{
2142 subpage_t *subpage = opaque;
2143 uint8_t buf[8];
2144
2145#if defined(DEBUG_SUBPAGE)
2146 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2147 " value %"PRIx64"\n",
2148 __func__, subpage, len, addr, value);
2149#endif
2150 switch (len) {
2151 case 1:
2152 stb_p(buf, value);
2153 break;
2154 case 2:
2155 stw_p(buf, value);
2156 break;
2157 case 4:
2158 stl_p(buf, value);
2159 break;
2160 case 8:
2161 stq_p(buf, value);
2162 break;
2163 default:
2164 abort();
2165 }
2166 return address_space_write(subpage->as, addr + subpage->base,
2167 attrs, buf, len);
2168}
2169
2170static bool subpage_accepts(void *opaque, hwaddr addr,
2171 unsigned len, bool is_write)
2172{
2173 subpage_t *subpage = opaque;
2174#if defined(DEBUG_SUBPAGE)
2175 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2176 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2177#endif
2178
2179 return address_space_access_valid(subpage->as, addr + subpage->base,
2180 len, is_write);
2181}
2182
2183static const MemoryRegionOps subpage_ops = {
2184 .read_with_attrs = subpage_read,
2185 .write_with_attrs = subpage_write,
2186 .impl.min_access_size = 1,
2187 .impl.max_access_size = 8,
2188 .valid.min_access_size = 1,
2189 .valid.max_access_size = 8,
2190 .valid.accepts = subpage_accepts,
2191 .endianness = DEVICE_NATIVE_ENDIAN,
2192};
2193
2194static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2195 uint16_t section)
2196{
2197 int idx, eidx;
2198
2199 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2200 return -1;
2201 idx = SUBPAGE_IDX(start);
2202 eidx = SUBPAGE_IDX(end);
2203#if defined(DEBUG_SUBPAGE)
2204 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2205 __func__, mmio, start, end, idx, eidx, section);
2206#endif
2207 for (; idx <= eidx; idx++) {
2208 mmio->sub_section[idx] = section;
2209 }
2210
2211 return 0;
2212}
2213
2214static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2215{
2216 subpage_t *mmio;
2217
2218 mmio = g_malloc0(sizeof(subpage_t));
2219
2220 mmio->as = as;
2221 mmio->base = base;
2222 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2223 NULL, TARGET_PAGE_SIZE);
2224 mmio->iomem.subpage = true;
2225#if defined(DEBUG_SUBPAGE)
2226 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2227 mmio, base, TARGET_PAGE_SIZE);
2228#endif
2229 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2230
2231 return mmio;
2232}
2233
2234static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2235 MemoryRegion *mr)
2236{
2237 assert(as);
2238 MemoryRegionSection section = {
2239 .address_space = as,
2240 .mr = mr,
2241 .offset_within_address_space = 0,
2242 .offset_within_region = 0,
2243 .size = int128_2_64(),
2244 };
2245
2246 return phys_section_add(map, &section);
2247}
2248
2249MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2250{
2251 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2252 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2253 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2254 MemoryRegionSection *sections = d->map.sections;
2255
2256 return sections[index & ~TARGET_PAGE_MASK].mr;
2257}
2258
2259static void io_mem_init(void)
2260{
2261 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2262 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2263 NULL, UINT64_MAX);
2264 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2265 NULL, UINT64_MAX);
2266 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2267 NULL, UINT64_MAX);
2268}
2269
2270static void mem_begin(MemoryListener *listener)
2271{
2272 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2273 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2274 uint16_t n;
2275
2276 n = dummy_section(&d->map, as, &io_mem_unassigned);
2277 assert(n == PHYS_SECTION_UNASSIGNED);
2278 n = dummy_section(&d->map, as, &io_mem_notdirty);
2279 assert(n == PHYS_SECTION_NOTDIRTY);
2280 n = dummy_section(&d->map, as, &io_mem_rom);
2281 assert(n == PHYS_SECTION_ROM);
2282 n = dummy_section(&d->map, as, &io_mem_watch);
2283 assert(n == PHYS_SECTION_WATCH);
2284
2285 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2286 d->as = as;
2287 as->next_dispatch = d;
2288}
2289
2290static void address_space_dispatch_free(AddressSpaceDispatch *d)
2291{
2292 phys_sections_free(&d->map);
2293 g_free(d);
2294}
2295
2296static void mem_commit(MemoryListener *listener)
2297{
2298 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2299 AddressSpaceDispatch *cur = as->dispatch;
2300 AddressSpaceDispatch *next = as->next_dispatch;
2301
2302 phys_page_compact_all(next, next->map.nodes_nb);
2303
2304 atomic_rcu_set(&as->dispatch, next);
2305 if (cur) {
2306 call_rcu(cur, address_space_dispatch_free, rcu);
2307 }
2308}
2309
2310static void tcg_commit(MemoryListener *listener)
2311{
2312 CPUAddressSpace *cpuas;
2313 AddressSpaceDispatch *d;
2314
2315 /* since each CPU stores ram addresses in its TLB cache, we must
2316 reset the modified entries */
2317 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2318 cpu_reloading_memory_map();
2319 /* The CPU and TLB are protected by the iothread lock.
2320 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2321 * may have split the RCU critical section.
2322 */
2323 d = atomic_rcu_read(&cpuas->as->dispatch);
2324 cpuas->memory_dispatch = d;
2325 tlb_flush(cpuas->cpu, 1);
2326}
2327
2328void address_space_init_dispatch(AddressSpace *as)
2329{
2330 as->dispatch = NULL;
2331 as->dispatch_listener = (MemoryListener) {
2332 .begin = mem_begin,
2333 .commit = mem_commit,
2334 .region_add = mem_add,
2335 .region_nop = mem_add,
2336 .priority = 0,
2337 };
2338 memory_listener_register(&as->dispatch_listener, as);
2339}
2340
2341void address_space_unregister(AddressSpace *as)
2342{
2343 memory_listener_unregister(&as->dispatch_listener);
2344}
2345
2346void address_space_destroy_dispatch(AddressSpace *as)
2347{
2348 AddressSpaceDispatch *d = as->dispatch;
2349
2350 atomic_rcu_set(&as->dispatch, NULL);
2351 if (d) {
2352 call_rcu(d, address_space_dispatch_free, rcu);
2353 }
2354}
2355
2356static void memory_map_init(void)
2357{
2358 system_memory = g_malloc(sizeof(*system_memory));
2359
2360 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2361 address_space_init(&address_space_memory, system_memory, "memory");
2362
2363 system_io = g_malloc(sizeof(*system_io));
2364 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2365 65536);
2366 address_space_init(&address_space_io, system_io, "I/O");
2367}
2368
2369MemoryRegion *get_system_memory(void)
2370{
2371 return system_memory;
2372}
2373
2374MemoryRegion *get_system_io(void)
2375{
2376 return system_io;
2377}
2378
2379#endif /* !defined(CONFIG_USER_ONLY) */
2380
2381/* physical memory access (slow version, mainly for debug) */
2382#if defined(CONFIG_USER_ONLY)
2383int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2384 uint8_t *buf, int len, int is_write)
2385{
2386 int l, flags;
2387 target_ulong page;
2388 void * p;
2389
2390 while (len > 0) {
2391 page = addr & TARGET_PAGE_MASK;
2392 l = (page + TARGET_PAGE_SIZE) - addr;
2393 if (l > len)
2394 l = len;
2395 flags = page_get_flags(page);
2396 if (!(flags & PAGE_VALID))
2397 return -1;
2398 if (is_write) {
2399 if (!(flags & PAGE_WRITE))
2400 return -1;
2401 /* XXX: this code should not depend on lock_user */
2402 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2403 return -1;
2404 memcpy(p, buf, l);
2405 unlock_user(p, addr, l);
2406 } else {
2407 if (!(flags & PAGE_READ))
2408 return -1;
2409 /* XXX: this code should not depend on lock_user */
2410 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2411 return -1;
2412 memcpy(buf, p, l);
2413 unlock_user(p, addr, 0);
2414 }
2415 len -= l;
2416 buf += l;
2417 addr += l;
2418 }
2419 return 0;
2420}
2421
2422#else
2423
2424static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2425 hwaddr length)
2426{
2427 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2428 /* No early return if dirty_log_mask is or becomes 0, because
2429 * cpu_physical_memory_set_dirty_range will still call
2430 * xen_modified_memory.
2431 */
2432 if (dirty_log_mask) {
2433 dirty_log_mask =
2434 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2435 }
2436 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2437 tb_invalidate_phys_range(addr, addr + length);
2438 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2439 }
2440 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2441}
2442
2443static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2444{
2445 unsigned access_size_max = mr->ops->valid.max_access_size;
2446
2447 /* Regions are assumed to support 1-4 byte accesses unless
2448 otherwise specified. */
2449 if (access_size_max == 0) {
2450 access_size_max = 4;
2451 }
2452
2453 /* Bound the maximum access by the alignment of the address. */
2454 if (!mr->ops->impl.unaligned) {
2455 unsigned align_size_max = addr & -addr;
2456 if (align_size_max != 0 && align_size_max < access_size_max) {
2457 access_size_max = align_size_max;
2458 }
2459 }
2460
2461 /* Don't attempt accesses larger than the maximum. */
2462 if (l > access_size_max) {
2463 l = access_size_max;
2464 }
2465 l = pow2floor(l);
2466
2467 return l;
2468}
2469
2470static bool prepare_mmio_access(MemoryRegion *mr)
2471{
2472 bool unlocked = !qemu_mutex_iothread_locked();
2473 bool release_lock = false;
2474
2475 if (unlocked && mr->global_locking) {
2476 qemu_mutex_lock_iothread();
2477 unlocked = false;
2478 release_lock = true;
2479 }
2480 if (mr->flush_coalesced_mmio) {
2481 if (unlocked) {
2482 qemu_mutex_lock_iothread();
2483 }
2484 qemu_flush_coalesced_mmio_buffer();
2485 if (unlocked) {
2486 qemu_mutex_unlock_iothread();
2487 }
2488 }
2489
2490 return release_lock;
2491}
2492
2493/* Called within RCU critical section. */
2494static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2495 MemTxAttrs attrs,
2496 const uint8_t *buf,
2497 int len, hwaddr addr1,
2498 hwaddr l, MemoryRegion *mr)
2499{
2500 uint8_t *ptr;
2501 uint64_t val;
2502 MemTxResult result = MEMTX_OK;
2503 bool release_lock = false;
2504
2505 for (;;) {
2506 if (!memory_access_is_direct(mr, true)) {
2507 release_lock |= prepare_mmio_access(mr);
2508 l = memory_access_size(mr, l, addr1);
2509 /* XXX: could force current_cpu to NULL to avoid
2510 potential bugs */
2511 switch (l) {
2512 case 8:
2513 /* 64 bit write access */
2514 val = ldq_p(buf);
2515 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2516 attrs);
2517 break;
2518 case 4:
2519 /* 32 bit write access */
2520 val = ldl_p(buf);
2521 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2522 attrs);
2523 break;
2524 case 2:
2525 /* 16 bit write access */
2526 val = lduw_p(buf);
2527 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2528 attrs);
2529 break;
2530 case 1:
2531 /* 8 bit write access */
2532 val = ldub_p(buf);
2533 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2534 attrs);
2535 break;
2536 default:
2537 abort();
2538 }
2539 } else {
2540 addr1 += memory_region_get_ram_addr(mr);
2541 /* RAM case */
2542 ptr = qemu_get_ram_ptr(addr1);
2543 memcpy(ptr, buf, l);
2544 invalidate_and_set_dirty(mr, addr1, l);
2545 }
2546
2547 if (release_lock) {
2548 qemu_mutex_unlock_iothread();
2549 release_lock = false;
2550 }
2551
2552 len -= l;
2553 buf += l;
2554 addr += l;
2555
2556 if (!len) {
2557 break;
2558 }
2559
2560 l = len;
2561 mr = address_space_translate(as, addr, &addr1, &l, true);
2562 }
2563
2564 return result;
2565}
2566
2567MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2568 const uint8_t *buf, int len)
2569{
2570 hwaddr l;
2571 hwaddr addr1;
2572 MemoryRegion *mr;
2573 MemTxResult result = MEMTX_OK;
2574
2575 if (len > 0) {
2576 rcu_read_lock();
2577 l = len;
2578 mr = address_space_translate(as, addr, &addr1, &l, true);
2579 result = address_space_write_continue(as, addr, attrs, buf, len,
2580 addr1, l, mr);
2581 rcu_read_unlock();
2582 }
2583
2584 return result;
2585}
2586
2587/* Called within RCU critical section. */
2588MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2589 MemTxAttrs attrs, uint8_t *buf,
2590 int len, hwaddr addr1, hwaddr l,
2591 MemoryRegion *mr)
2592{
2593 uint8_t *ptr;
2594 uint64_t val;
2595 MemTxResult result = MEMTX_OK;
2596 bool release_lock = false;
2597
2598 for (;;) {
2599 if (!memory_access_is_direct(mr, false)) {
2600 /* I/O case */
2601 release_lock |= prepare_mmio_access(mr);
2602 l = memory_access_size(mr, l, addr1);
2603 switch (l) {
2604 case 8:
2605 /* 64 bit read access */
2606 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2607 attrs);
2608 stq_p(buf, val);
2609 break;
2610 case 4:
2611 /* 32 bit read access */
2612 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2613 attrs);
2614 stl_p(buf, val);
2615 break;
2616 case 2:
2617 /* 16 bit read access */
2618 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2619 attrs);
2620 stw_p(buf, val);
2621 break;
2622 case 1:
2623 /* 8 bit read access */
2624 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2625 attrs);
2626 stb_p(buf, val);
2627 break;
2628 default:
2629 abort();
2630 }
2631 } else {
2632 /* RAM case */
2633 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2634 memcpy(buf, ptr, l);
2635 }
2636
2637 if (release_lock) {
2638 qemu_mutex_unlock_iothread();
2639 release_lock = false;
2640 }
2641
2642 len -= l;
2643 buf += l;
2644 addr += l;
2645
2646 if (!len) {
2647 break;
2648 }
2649
2650 l = len;
2651 mr = address_space_translate(as, addr, &addr1, &l, false);
2652 }
2653
2654 return result;
2655}
2656
2657MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2658 MemTxAttrs attrs, uint8_t *buf, int len)
2659{
2660 hwaddr l;
2661 hwaddr addr1;
2662 MemoryRegion *mr;
2663 MemTxResult result = MEMTX_OK;
2664
2665 if (len > 0) {
2666 rcu_read_lock();
2667 l = len;
2668 mr = address_space_translate(as, addr, &addr1, &l, false);
2669 result = address_space_read_continue(as, addr, attrs, buf, len,
2670 addr1, l, mr);
2671 rcu_read_unlock();
2672 }
2673
2674 return result;
2675}
2676
2677MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2678 uint8_t *buf, int len, bool is_write)
2679{
2680 if (is_write) {
2681 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2682 } else {
2683 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2684 }
2685}
2686
2687void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2688 int len, int is_write)
2689{
2690 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2691 buf, len, is_write);
2692}
2693
2694enum write_rom_type {
2695 WRITE_DATA,
2696 FLUSH_CACHE,
2697};
2698
2699static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2700 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2701{
2702 hwaddr l;
2703 uint8_t *ptr;
2704 hwaddr addr1;
2705 MemoryRegion *mr;
2706
2707 rcu_read_lock();
2708 while (len > 0) {
2709 l = len;
2710 mr = address_space_translate(as, addr, &addr1, &l, true);
2711
2712 if (!(memory_region_is_ram(mr) ||
2713 memory_region_is_romd(mr))) {
2714 l = memory_access_size(mr, l, addr1);
2715 } else {
2716 addr1 += memory_region_get_ram_addr(mr);
2717 /* ROM/RAM case */
2718 ptr = qemu_get_ram_ptr(addr1);
2719 switch (type) {
2720 case WRITE_DATA:
2721 memcpy(ptr, buf, l);
2722 invalidate_and_set_dirty(mr, addr1, l);
2723 break;
2724 case FLUSH_CACHE:
2725 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2726 break;
2727 }
2728 }
2729 len -= l;
2730 buf += l;
2731 addr += l;
2732 }
2733 rcu_read_unlock();
2734}
2735
2736/* used for ROM loading : can write in RAM and ROM */
2737void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2738 const uint8_t *buf, int len)
2739{
2740 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2741}
2742
2743void cpu_flush_icache_range(hwaddr start, int len)
2744{
2745 /*
2746 * This function should do the same thing as an icache flush that was
2747 * triggered from within the guest. For TCG we are always cache coherent,
2748 * so there is no need to flush anything. For KVM / Xen we need to flush
2749 * the host's instruction cache at least.
2750 */
2751 if (tcg_enabled()) {
2752 return;
2753 }
2754
2755 cpu_physical_memory_write_rom_internal(&address_space_memory,
2756 start, NULL, len, FLUSH_CACHE);
2757}
2758
2759typedef struct {
2760 MemoryRegion *mr;
2761 void *buffer;
2762 hwaddr addr;
2763 hwaddr len;
2764 bool in_use;
2765} BounceBuffer;
2766
2767static BounceBuffer bounce;
2768
2769typedef struct MapClient {
2770 QEMUBH *bh;
2771 QLIST_ENTRY(MapClient) link;
2772} MapClient;
2773
2774QemuMutex map_client_list_lock;
2775static QLIST_HEAD(map_client_list, MapClient) map_client_list
2776 = QLIST_HEAD_INITIALIZER(map_client_list);
2777
2778static void cpu_unregister_map_client_do(MapClient *client)
2779{
2780 QLIST_REMOVE(client, link);
2781 g_free(client);
2782}
2783
2784static void cpu_notify_map_clients_locked(void)
2785{
2786 MapClient *client;
2787
2788 while (!QLIST_EMPTY(&map_client_list)) {
2789 client = QLIST_FIRST(&map_client_list);
2790 qemu_bh_schedule(client->bh);
2791 cpu_unregister_map_client_do(client);
2792 }
2793}
2794
2795void cpu_register_map_client(QEMUBH *bh)
2796{
2797 MapClient *client = g_malloc(sizeof(*client));
2798
2799 qemu_mutex_lock(&map_client_list_lock);
2800 client->bh = bh;
2801 QLIST_INSERT_HEAD(&map_client_list, client, link);
2802 if (!atomic_read(&bounce.in_use)) {
2803 cpu_notify_map_clients_locked();
2804 }
2805 qemu_mutex_unlock(&map_client_list_lock);
2806}
2807
2808void cpu_exec_init_all(void)
2809{
2810 qemu_mutex_init(&ram_list.mutex);
2811 io_mem_init();
2812 memory_map_init();
2813 qemu_mutex_init(&map_client_list_lock);
2814}
2815
2816void cpu_unregister_map_client(QEMUBH *bh)
2817{
2818 MapClient *client;
2819
2820 qemu_mutex_lock(&map_client_list_lock);
2821 QLIST_FOREACH(client, &map_client_list, link) {
2822 if (client->bh == bh) {
2823 cpu_unregister_map_client_do(client);
2824 break;
2825 }
2826 }
2827 qemu_mutex_unlock(&map_client_list_lock);
2828}
2829
2830static void cpu_notify_map_clients(void)
2831{
2832 qemu_mutex_lock(&map_client_list_lock);
2833 cpu_notify_map_clients_locked();
2834 qemu_mutex_unlock(&map_client_list_lock);
2835}
2836
2837bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2838{
2839 MemoryRegion *mr;
2840 hwaddr l, xlat;
2841
2842 rcu_read_lock();
2843 while (len > 0) {
2844 l = len;
2845 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2846 if (!memory_access_is_direct(mr, is_write)) {
2847 l = memory_access_size(mr, l, addr);
2848 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2849 return false;
2850 }
2851 }
2852
2853 len -= l;
2854 addr += l;
2855 }
2856 rcu_read_unlock();
2857 return true;
2858}
2859
2860/* Map a physical memory region into a host virtual address.
2861 * May map a subset of the requested range, given by and returned in *plen.
2862 * May return NULL if resources needed to perform the mapping are exhausted.
2863 * Use only for reads OR writes - not for read-modify-write operations.
2864 * Use cpu_register_map_client() to know when retrying the map operation is
2865 * likely to succeed.
2866 */
2867void *address_space_map(AddressSpace *as,
2868 hwaddr addr,
2869 hwaddr *plen,
2870 bool is_write)
2871{
2872 hwaddr len = *plen;
2873 hwaddr done = 0;
2874 hwaddr l, xlat, base;
2875 MemoryRegion *mr, *this_mr;
2876 ram_addr_t raddr;
2877 void *ptr;
2878
2879 if (len == 0) {
2880 return NULL;
2881 }
2882
2883 l = len;
2884 rcu_read_lock();
2885 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2886
2887 if (!memory_access_is_direct(mr, is_write)) {
2888 if (atomic_xchg(&bounce.in_use, true)) {
2889 rcu_read_unlock();
2890 return NULL;
2891 }
2892 /* Avoid unbounded allocations */
2893 l = MIN(l, TARGET_PAGE_SIZE);
2894 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2895 bounce.addr = addr;
2896 bounce.len = l;
2897
2898 memory_region_ref(mr);
2899 bounce.mr = mr;
2900 if (!is_write) {
2901 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2902 bounce.buffer, l);
2903 }
2904
2905 rcu_read_unlock();
2906 *plen = l;
2907 return bounce.buffer;
2908 }
2909
2910 base = xlat;
2911 raddr = memory_region_get_ram_addr(mr);
2912
2913 for (;;) {
2914 len -= l;
2915 addr += l;
2916 done += l;
2917 if (len == 0) {
2918 break;
2919 }
2920
2921 l = len;
2922 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2923 if (this_mr != mr || xlat != base + done) {
2924 break;
2925 }
2926 }
2927
2928 memory_region_ref(mr);
2929 *plen = done;
2930 ptr = qemu_ram_ptr_length(raddr + base, plen);
2931 rcu_read_unlock();
2932
2933 return ptr;
2934}
2935
2936/* Unmaps a memory region previously mapped by address_space_map().
2937 * Will also mark the memory as dirty if is_write == 1. access_len gives
2938 * the amount of memory that was actually read or written by the caller.
2939 */
2940void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2941 int is_write, hwaddr access_len)
2942{
2943 if (buffer != bounce.buffer) {
2944 MemoryRegion *mr;
2945 ram_addr_t addr1;
2946
2947 mr = qemu_ram_addr_from_host(buffer, &addr1);
2948 assert(mr != NULL);
2949 if (is_write) {
2950 invalidate_and_set_dirty(mr, addr1, access_len);
2951 }
2952 if (xen_enabled()) {
2953 xen_invalidate_map_cache_entry(buffer);
2954 }
2955 memory_region_unref(mr);
2956 return;
2957 }
2958 if (is_write) {
2959 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2960 bounce.buffer, access_len);
2961 }
2962 qemu_vfree(bounce.buffer);
2963 bounce.buffer = NULL;
2964 memory_region_unref(bounce.mr);
2965 atomic_mb_set(&bounce.in_use, false);
2966 cpu_notify_map_clients();
2967}
2968
2969void *cpu_physical_memory_map(hwaddr addr,
2970 hwaddr *plen,
2971 int is_write)
2972{
2973 return address_space_map(&address_space_memory, addr, plen, is_write);
2974}
2975
2976void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2977 int is_write, hwaddr access_len)
2978{
2979 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2980}
2981
2982/* warning: addr must be aligned */
2983static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs,
2985 MemTxResult *result,
2986 enum device_endian endian)
2987{
2988 uint8_t *ptr;
2989 uint64_t val;
2990 MemoryRegion *mr;
2991 hwaddr l = 4;
2992 hwaddr addr1;
2993 MemTxResult r;
2994 bool release_lock = false;
2995
2996 rcu_read_lock();
2997 mr = address_space_translate(as, addr, &addr1, &l, false);
2998 if (l < 4 || !memory_access_is_direct(mr, false)) {
2999 release_lock |= prepare_mmio_access(mr);
3000
3001 /* I/O case */
3002 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3003#if defined(TARGET_WORDS_BIGENDIAN)
3004 if (endian == DEVICE_LITTLE_ENDIAN) {
3005 val = bswap32(val);
3006 }
3007#else
3008 if (endian == DEVICE_BIG_ENDIAN) {
3009 val = bswap32(val);
3010 }
3011#endif
3012 } else {
3013 /* RAM case */
3014 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3015 & TARGET_PAGE_MASK)
3016 + addr1);
3017 switch (endian) {
3018 case DEVICE_LITTLE_ENDIAN:
3019 val = ldl_le_p(ptr);
3020 break;
3021 case DEVICE_BIG_ENDIAN:
3022 val = ldl_be_p(ptr);
3023 break;
3024 default:
3025 val = ldl_p(ptr);
3026 break;
3027 }
3028 r = MEMTX_OK;
3029 }
3030 if (result) {
3031 *result = r;
3032 }
3033 if (release_lock) {
3034 qemu_mutex_unlock_iothread();
3035 }
3036 rcu_read_unlock();
3037 return val;
3038}
3039
3040uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3041 MemTxAttrs attrs, MemTxResult *result)
3042{
3043 return address_space_ldl_internal(as, addr, attrs, result,
3044 DEVICE_NATIVE_ENDIAN);
3045}
3046
3047uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3048 MemTxAttrs attrs, MemTxResult *result)
3049{
3050 return address_space_ldl_internal(as, addr, attrs, result,
3051 DEVICE_LITTLE_ENDIAN);
3052}
3053
3054uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3055 MemTxAttrs attrs, MemTxResult *result)
3056{
3057 return address_space_ldl_internal(as, addr, attrs, result,
3058 DEVICE_BIG_ENDIAN);
3059}
3060
3061uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3062{
3063 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3064}
3065
3066uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3067{
3068 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3069}
3070
3071uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3072{
3073 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3074}
3075
3076/* warning: addr must be aligned */
3077static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3078 MemTxAttrs attrs,
3079 MemTxResult *result,
3080 enum device_endian endian)
3081{
3082 uint8_t *ptr;
3083 uint64_t val;
3084 MemoryRegion *mr;
3085 hwaddr l = 8;
3086 hwaddr addr1;
3087 MemTxResult r;
3088 bool release_lock = false;
3089
3090 rcu_read_lock();
3091 mr = address_space_translate(as, addr, &addr1, &l,
3092 false);
3093 if (l < 8 || !memory_access_is_direct(mr, false)) {
3094 release_lock |= prepare_mmio_access(mr);
3095
3096 /* I/O case */
3097 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3098#if defined(TARGET_WORDS_BIGENDIAN)
3099 if (endian == DEVICE_LITTLE_ENDIAN) {
3100 val = bswap64(val);
3101 }
3102#else
3103 if (endian == DEVICE_BIG_ENDIAN) {
3104 val = bswap64(val);
3105 }
3106#endif
3107 } else {
3108 /* RAM case */
3109 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3110 & TARGET_PAGE_MASK)
3111 + addr1);
3112 switch (endian) {
3113 case DEVICE_LITTLE_ENDIAN:
3114 val = ldq_le_p(ptr);
3115 break;
3116 case DEVICE_BIG_ENDIAN:
3117 val = ldq_be_p(ptr);
3118 break;
3119 default:
3120 val = ldq_p(ptr);
3121 break;
3122 }
3123 r = MEMTX_OK;
3124 }
3125 if (result) {
3126 *result = r;
3127 }
3128 if (release_lock) {
3129 qemu_mutex_unlock_iothread();
3130 }
3131 rcu_read_unlock();
3132 return val;
3133}
3134
3135uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3137{
3138 return address_space_ldq_internal(as, addr, attrs, result,
3139 DEVICE_NATIVE_ENDIAN);
3140}
3141
3142uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs, MemTxResult *result)
3144{
3145 return address_space_ldq_internal(as, addr, attrs, result,
3146 DEVICE_LITTLE_ENDIAN);
3147}
3148
3149uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3150 MemTxAttrs attrs, MemTxResult *result)
3151{
3152 return address_space_ldq_internal(as, addr, attrs, result,
3153 DEVICE_BIG_ENDIAN);
3154}
3155
3156uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3157{
3158 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3159}
3160
3161uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3162{
3163 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3164}
3165
3166uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3167{
3168 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3169}
3170
3171/* XXX: optimize */
3172uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3173 MemTxAttrs attrs, MemTxResult *result)
3174{
3175 uint8_t val;
3176 MemTxResult r;
3177
3178 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3179 if (result) {
3180 *result = r;
3181 }
3182 return val;
3183}
3184
3185uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3186{
3187 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3188}
3189
3190/* warning: addr must be aligned */
3191static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3192 hwaddr addr,
3193 MemTxAttrs attrs,
3194 MemTxResult *result,
3195 enum device_endian endian)
3196{
3197 uint8_t *ptr;
3198 uint64_t val;
3199 MemoryRegion *mr;
3200 hwaddr l = 2;
3201 hwaddr addr1;
3202 MemTxResult r;
3203 bool release_lock = false;
3204
3205 rcu_read_lock();
3206 mr = address_space_translate(as, addr, &addr1, &l,
3207 false);
3208 if (l < 2 || !memory_access_is_direct(mr, false)) {
3209 release_lock |= prepare_mmio_access(mr);
3210
3211 /* I/O case */
3212 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3213#if defined(TARGET_WORDS_BIGENDIAN)
3214 if (endian == DEVICE_LITTLE_ENDIAN) {
3215 val = bswap16(val);
3216 }
3217#else
3218 if (endian == DEVICE_BIG_ENDIAN) {
3219 val = bswap16(val);
3220 }
3221#endif
3222 } else {
3223 /* RAM case */
3224 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3225 & TARGET_PAGE_MASK)
3226 + addr1);
3227 switch (endian) {
3228 case DEVICE_LITTLE_ENDIAN:
3229 val = lduw_le_p(ptr);
3230 break;
3231 case DEVICE_BIG_ENDIAN:
3232 val = lduw_be_p(ptr);
3233 break;
3234 default:
3235 val = lduw_p(ptr);
3236 break;
3237 }
3238 r = MEMTX_OK;
3239 }
3240 if (result) {
3241 *result = r;
3242 }
3243 if (release_lock) {
3244 qemu_mutex_unlock_iothread();
3245 }
3246 rcu_read_unlock();
3247 return val;
3248}
3249
3250uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3251 MemTxAttrs attrs, MemTxResult *result)
3252{
3253 return address_space_lduw_internal(as, addr, attrs, result,
3254 DEVICE_NATIVE_ENDIAN);
3255}
3256
3257uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3258 MemTxAttrs attrs, MemTxResult *result)
3259{
3260 return address_space_lduw_internal(as, addr, attrs, result,
3261 DEVICE_LITTLE_ENDIAN);
3262}
3263
3264uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3265 MemTxAttrs attrs, MemTxResult *result)
3266{
3267 return address_space_lduw_internal(as, addr, attrs, result,
3268 DEVICE_BIG_ENDIAN);
3269}
3270
3271uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3272{
3273 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3274}
3275
3276uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3277{
3278 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3279}
3280
3281uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3282{
3283 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3284}
3285
3286/* warning: addr must be aligned. The ram page is not masked as dirty
3287 and the code inside is not invalidated. It is useful if the dirty
3288 bits are used to track modified PTEs */
3289void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
3291{
3292 uint8_t *ptr;
3293 MemoryRegion *mr;
3294 hwaddr l = 4;
3295 hwaddr addr1;
3296 MemTxResult r;
3297 uint8_t dirty_log_mask;
3298 bool release_lock = false;
3299
3300 rcu_read_lock();
3301 mr = address_space_translate(as, addr, &addr1, &l,
3302 true);
3303 if (l < 4 || !memory_access_is_direct(mr, true)) {
3304 release_lock |= prepare_mmio_access(mr);
3305
3306 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3307 } else {
3308 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3309 ptr = qemu_get_ram_ptr(addr1);
3310 stl_p(ptr, val);
3311
3312 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3313 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3314 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3315 r = MEMTX_OK;
3316 }
3317 if (result) {
3318 *result = r;
3319 }
3320 if (release_lock) {
3321 qemu_mutex_unlock_iothread();
3322 }
3323 rcu_read_unlock();
3324}
3325
3326void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3327{
3328 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3329}
3330
3331/* warning: addr must be aligned */
3332static inline void address_space_stl_internal(AddressSpace *as,
3333 hwaddr addr, uint32_t val,
3334 MemTxAttrs attrs,
3335 MemTxResult *result,
3336 enum device_endian endian)
3337{
3338 uint8_t *ptr;
3339 MemoryRegion *mr;
3340 hwaddr l = 4;
3341 hwaddr addr1;
3342 MemTxResult r;
3343 bool release_lock = false;
3344
3345 rcu_read_lock();
3346 mr = address_space_translate(as, addr, &addr1, &l,
3347 true);
3348 if (l < 4 || !memory_access_is_direct(mr, true)) {
3349 release_lock |= prepare_mmio_access(mr);
3350
3351#if defined(TARGET_WORDS_BIGENDIAN)
3352 if (endian == DEVICE_LITTLE_ENDIAN) {
3353 val = bswap32(val);
3354 }
3355#else
3356 if (endian == DEVICE_BIG_ENDIAN) {
3357 val = bswap32(val);
3358 }
3359#endif
3360 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3361 } else {
3362 /* RAM case */
3363 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3364 ptr = qemu_get_ram_ptr(addr1);
3365 switch (endian) {
3366 case DEVICE_LITTLE_ENDIAN:
3367 stl_le_p(ptr, val);
3368 break;
3369 case DEVICE_BIG_ENDIAN:
3370 stl_be_p(ptr, val);
3371 break;
3372 default:
3373 stl_p(ptr, val);
3374 break;
3375 }
3376 invalidate_and_set_dirty(mr, addr1, 4);
3377 r = MEMTX_OK;
3378 }
3379 if (result) {
3380 *result = r;
3381 }
3382 if (release_lock) {
3383 qemu_mutex_unlock_iothread();
3384 }
3385 rcu_read_unlock();
3386}
3387
3388void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3389 MemTxAttrs attrs, MemTxResult *result)
3390{
3391 address_space_stl_internal(as, addr, val, attrs, result,
3392 DEVICE_NATIVE_ENDIAN);
3393}
3394
3395void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3397{
3398 address_space_stl_internal(as, addr, val, attrs, result,
3399 DEVICE_LITTLE_ENDIAN);
3400}
3401
3402void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3403 MemTxAttrs attrs, MemTxResult *result)
3404{
3405 address_space_stl_internal(as, addr, val, attrs, result,
3406 DEVICE_BIG_ENDIAN);
3407}
3408
3409void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3410{
3411 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3412}
3413
3414void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3415{
3416 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3417}
3418
3419void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3420{
3421 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3422}
3423
3424/* XXX: optimize */
3425void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3426 MemTxAttrs attrs, MemTxResult *result)
3427{
3428 uint8_t v = val;
3429 MemTxResult r;
3430
3431 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3432 if (result) {
3433 *result = r;
3434 }
3435}
3436
3437void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3438{
3439 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3440}
3441
3442/* warning: addr must be aligned */
3443static inline void address_space_stw_internal(AddressSpace *as,
3444 hwaddr addr, uint32_t val,
3445 MemTxAttrs attrs,
3446 MemTxResult *result,
3447 enum device_endian endian)
3448{
3449 uint8_t *ptr;
3450 MemoryRegion *mr;
3451 hwaddr l = 2;
3452 hwaddr addr1;
3453 MemTxResult r;
3454 bool release_lock = false;
3455
3456 rcu_read_lock();
3457 mr = address_space_translate(as, addr, &addr1, &l, true);
3458 if (l < 2 || !memory_access_is_direct(mr, true)) {
3459 release_lock |= prepare_mmio_access(mr);
3460
3461#if defined(TARGET_WORDS_BIGENDIAN)
3462 if (endian == DEVICE_LITTLE_ENDIAN) {
3463 val = bswap16(val);
3464 }
3465#else
3466 if (endian == DEVICE_BIG_ENDIAN) {
3467 val = bswap16(val);
3468 }
3469#endif
3470 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3471 } else {
3472 /* RAM case */
3473 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3474 ptr = qemu_get_ram_ptr(addr1);
3475 switch (endian) {
3476 case DEVICE_LITTLE_ENDIAN:
3477 stw_le_p(ptr, val);
3478 break;
3479 case DEVICE_BIG_ENDIAN:
3480 stw_be_p(ptr, val);
3481 break;
3482 default:
3483 stw_p(ptr, val);
3484 break;
3485 }
3486 invalidate_and_set_dirty(mr, addr1, 2);
3487 r = MEMTX_OK;
3488 }
3489 if (result) {
3490 *result = r;
3491 }
3492 if (release_lock) {
3493 qemu_mutex_unlock_iothread();
3494 }
3495 rcu_read_unlock();
3496}
3497
3498void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3499 MemTxAttrs attrs, MemTxResult *result)
3500{
3501 address_space_stw_internal(as, addr, val, attrs, result,
3502 DEVICE_NATIVE_ENDIAN);
3503}
3504
3505void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3506 MemTxAttrs attrs, MemTxResult *result)
3507{
3508 address_space_stw_internal(as, addr, val, attrs, result,
3509 DEVICE_LITTLE_ENDIAN);
3510}
3511
3512void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3513 MemTxAttrs attrs, MemTxResult *result)
3514{
3515 address_space_stw_internal(as, addr, val, attrs, result,
3516 DEVICE_BIG_ENDIAN);
3517}
3518
3519void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3520{
3521 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3522}
3523
3524void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3525{
3526 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3527}
3528
3529void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3530{
3531 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3532}
3533
3534/* XXX: optimize */
3535void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3536 MemTxAttrs attrs, MemTxResult *result)
3537{
3538 MemTxResult r;
3539 val = tswap64(val);
3540 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3541 if (result) {
3542 *result = r;
3543 }
3544}
3545
3546void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3547 MemTxAttrs attrs, MemTxResult *result)
3548{
3549 MemTxResult r;
3550 val = cpu_to_le64(val);
3551 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3552 if (result) {
3553 *result = r;
3554 }
3555}
3556void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3557 MemTxAttrs attrs, MemTxResult *result)
3558{
3559 MemTxResult r;
3560 val = cpu_to_be64(val);
3561 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3562 if (result) {
3563 *result = r;
3564 }
3565}
3566
3567void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3568{
3569 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3570}
3571
3572void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3573{
3574 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3575}
3576
3577void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3578{
3579 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3580}
3581
3582/* virtual memory access for debug (includes writing to ROM) */
3583int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3584 uint8_t *buf, int len, int is_write)
3585{
3586 int l;
3587 hwaddr phys_addr;
3588 target_ulong page;
3589
3590 while (len > 0) {
3591 int asidx;
3592 MemTxAttrs attrs;
3593
3594 page = addr & TARGET_PAGE_MASK;
3595 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3596 asidx = cpu_asidx_from_attrs(cpu, attrs);
3597 /* if no physical page mapped, return an error */
3598 if (phys_addr == -1)
3599 return -1;
3600 l = (page + TARGET_PAGE_SIZE) - addr;
3601 if (l > len)
3602 l = len;
3603 phys_addr += (addr & ~TARGET_PAGE_MASK);
3604 if (is_write) {
3605 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3606 phys_addr, buf, l);
3607 } else {
3608 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3609 MEMTXATTRS_UNSPECIFIED,
3610 buf, l, 0);
3611 }
3612 len -= l;
3613 buf += l;
3614 addr += l;
3615 }
3616 return 0;
3617}
3618
3619/*
3620 * Allows code that needs to deal with migration bitmaps etc to still be built
3621 * target independent.
3622 */
3623size_t qemu_target_page_bits(void)
3624{
3625 return TARGET_PAGE_BITS;
3626}
3627
3628#endif
3629
3630/*
3631 * A helper function for the _utterly broken_ virtio device model to find out if
3632 * it's running on a big endian machine. Don't do this at home kids!
3633 */
3634bool target_words_bigendian(void);
3635bool target_words_bigendian(void)
3636{
3637#if defined(TARGET_WORDS_BIGENDIAN)
3638 return true;
3639#else
3640 return false;
3641#endif
3642}
3643
3644#ifndef CONFIG_USER_ONLY
3645bool cpu_physical_memory_is_io(hwaddr phys_addr)
3646{
3647 MemoryRegion*mr;
3648 hwaddr l = 1;
3649 bool res;
3650
3651 rcu_read_lock();
3652 mr = address_space_translate(&address_space_memory,
3653 phys_addr, &phys_addr, &l, false);
3654
3655 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3656 rcu_read_unlock();
3657 return res;
3658}
3659
3660int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3661{
3662 RAMBlock *block;
3663 int ret = 0;
3664
3665 rcu_read_lock();
3666 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3667 ret = func(block->idstr, block->host, block->offset,
3668 block->used_length, opaque);
3669 if (ret) {
3670 break;
3671 }
3672 }
3673 rcu_read_unlock();
3674 return ret;
3675}
3676#endif
QEMU mirror