]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
trace: emit name <-> ID mapping in simpletrace header
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #ifndef _WIN32
22 #endif
23
24 #include "qemu/cutils.h"
25 #include "cpu.h"
26 #include "exec/exec-all.h"
27 #include "tcg.h"
28 #include "hw/qdev-core.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
32 #endif
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include "qemu.h"
40 #else /* !CONFIG_USER_ONLY */
41 #include "hw/hw.h"
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57 #include "exec/log.h"
58
59 #include "migration/vmstate.h"
60
61 #include "qemu/range.h"
62 #ifndef _WIN32
63 #include "qemu/mmap-alloc.h"
64 #endif
65
66 //#define DEBUG_SUBPAGE
67
68 #if !defined(CONFIG_USER_ONLY)
69 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
72 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
73
74 static MemoryRegion *system_memory;
75 static MemoryRegion *system_io;
76
77 AddressSpace address_space_io;
78 AddressSpace address_space_memory;
79
80 MemoryRegion io_mem_rom, io_mem_notdirty;
81 static MemoryRegion io_mem_unassigned;
82
83 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84 #define RAM_PREALLOC (1 << 0)
85
86 /* RAM is mmap-ed with MAP_SHARED */
87 #define RAM_SHARED (1 << 1)
88
89 /* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92 #define RAM_RESIZEABLE (1 << 2)
93
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 MemoryRegionSection *mru_section;
143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
147 PhysPageMap map;
148 AddressSpace *as;
149 };
150
151 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152 typedef struct subpage_t {
153 MemoryRegion iomem;
154 AddressSpace *as;
155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157 } subpage_t;
158
159 #define PHYS_SECTION_UNASSIGNED 0
160 #define PHYS_SECTION_NOTDIRTY 1
161 #define PHYS_SECTION_ROM 2
162 #define PHYS_SECTION_WATCH 3
163
164 static void io_mem_init(void);
165 static void memory_map_init(void);
166 static void tcg_commit(MemoryListener *listener);
167
168 static MemoryRegion io_mem_watch;
169
170 /**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177 struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182 };
183
184 #endif
185
186 #if !defined(CONFIG_USER_ONLY)
187
188 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
189 {
190 static unsigned alloc_hint = 16;
191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
195 alloc_hint = map->nodes_nb_alloc;
196 }
197 }
198
199 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
200 {
201 unsigned i;
202 uint32_t ret;
203 PhysPageEntry e;
204 PhysPageEntry *p;
205
206 ret = map->nodes_nb++;
207 p = map->nodes[ret];
208 assert(ret != PHYS_MAP_NODE_NIL);
209 assert(ret != map->nodes_nb_alloc);
210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
213 for (i = 0; i < P_L2_SIZE; ++i) {
214 memcpy(&p[i], &e, sizeof(e));
215 }
216 return ret;
217 }
218
219 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
221 int level)
222 {
223 PhysPageEntry *p;
224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
225
226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
227 lp->ptr = phys_map_node_alloc(map, level == 0);
228 }
229 p = map->nodes[lp->ptr];
230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
231
232 while (*nb && lp < &p[P_L2_SIZE]) {
233 if ((*index & (step - 1)) == 0 && *nb >= step) {
234 lp->skip = 0;
235 lp->ptr = leaf;
236 *index += step;
237 *nb -= step;
238 } else {
239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
240 }
241 ++lp;
242 }
243 }
244
245 static void phys_page_set(AddressSpaceDispatch *d,
246 hwaddr index, hwaddr nb,
247 uint16_t leaf)
248 {
249 /* Wildly overreserve - it doesn't matter much. */
250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
251
252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
253 }
254
255 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258 static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
259 {
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306 }
307
308 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309 {
310 if (d->phys_map.skip) {
311 phys_page_compact(&d->phys_map, d->map.nodes);
312 }
313 }
314
315 static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317 {
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324 }
325
326 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
327 Node *nodes, MemoryRegionSection *sections)
328 {
329 PhysPageEntry *p;
330 hwaddr index = addr >> TARGET_PAGE_BITS;
331 int i;
332
333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
335 return &sections[PHYS_SECTION_UNASSIGNED];
336 }
337 p = nodes[lp.ptr];
338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
339 }
340
341 if (section_covers_addr(&sections[lp.ptr], addr)) {
342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
346 }
347
348 bool memory_region_is_unassigned(MemoryRegion *mr)
349 {
350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
351 && mr != &io_mem_watch;
352 }
353
354 /* Called from RCU critical section */
355 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
356 hwaddr addr,
357 bool resolve_subpage)
358 {
359 MemoryRegionSection *section = atomic_read(&d->mru_section);
360 subpage_t *subpage;
361 bool update;
362
363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
374 }
375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
378 return section;
379 }
380
381 /* Called from RCU critical section */
382 static MemoryRegionSection *
383 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
384 hwaddr *plen, bool resolve_subpage)
385 {
386 MemoryRegionSection *section;
387 MemoryRegion *mr;
388 Int128 diff;
389
390 section = address_space_lookup_region(d, addr, resolve_subpage);
391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
397 mr = section->mr;
398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
410 if (memory_region_is_ram(mr)) {
411 diff = int128_sub(section->size, int128_make64(addr));
412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
414 return section;
415 }
416
417 /* Called from RCU critical section */
418 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
421 {
422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
425
426 for (;;) {
427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
449 *plen = MIN(page, *plen);
450 }
451
452 *xlat = addr;
453 return mr;
454 }
455
456 /* Called from RCU critical section */
457 MemoryRegionSection *
458 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
459 hwaddr *xlat, hwaddr *plen)
460 {
461 MemoryRegionSection *section;
462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
465
466 assert(!section->mr->iommu_ops);
467 return section;
468 }
469 #endif
470
471 #if !defined(CONFIG_USER_ONLY)
472
473 static int cpu_common_post_load(void *opaque, int version_id)
474 {
475 CPUState *cpu = opaque;
476
477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
479 cpu->interrupt_request &= ~0x01;
480 tlb_flush(cpu, 1);
481
482 return 0;
483 }
484
485 static int cpu_common_pre_load(void *opaque)
486 {
487 CPUState *cpu = opaque;
488
489 cpu->exception_index = -1;
490
491 return 0;
492 }
493
494 static bool cpu_common_exception_index_needed(void *opaque)
495 {
496 CPUState *cpu = opaque;
497
498 return tcg_enabled() && cpu->exception_index != -1;
499 }
500
501 static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
505 .needed = cpu_common_exception_index_needed,
506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510 };
511
512 static bool cpu_common_crash_occurred_needed(void *opaque)
513 {
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517 }
518
519 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528 };
529
530 const VMStateDescription vmstate_cpu_common = {
531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
534 .pre_load = cpu_common_pre_load,
535 .post_load = cpu_common_post_load,
536 .fields = (VMStateField[]) {
537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
539 VMSTATE_END_OF_LIST()
540 },
541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
543 &vmstate_cpu_common_crash_occurred,
544 NULL
545 }
546 };
547
548 #endif
549
550 CPUState *qemu_get_cpu(int index)
551 {
552 CPUState *cpu;
553
554 CPU_FOREACH(cpu) {
555 if (cpu->cpu_index == index) {
556 return cpu;
557 }
558 }
559
560 return NULL;
561 }
562
563 #if !defined(CONFIG_USER_ONLY)
564 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
565 {
566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
578
579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
581 }
582
583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
586 if (tcg_enabled()) {
587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
589 }
590 }
591
592 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593 {
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596 }
597 #endif
598
599 void cpu_exec_exit(CPUState *cpu)
600 {
601 CPUClass *cc = CPU_GET_CLASS(cpu);
602
603 cpu_list_remove(cpu);
604
605 if (cc->vmsd != NULL) {
606 vmstate_unregister(NULL, cc->vmsd, cpu);
607 }
608 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
609 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
610 }
611 }
612
613 void cpu_exec_init(CPUState *cpu, Error **errp)
614 {
615 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
616 Error *local_err ATTRIBUTE_UNUSED = NULL;
617
618 cpu->as = NULL;
619 cpu->num_ases = 0;
620
621 #ifndef CONFIG_USER_ONLY
622 cpu->thread_id = qemu_get_thread_id();
623
624 /* This is a softmmu CPU object, so create a property for it
625 * so users can wire up its memory. (This can't go in qom/cpu.c
626 * because that file is compiled only once for both user-mode
627 * and system builds.) The default if no link is set up is to use
628 * the system address space.
629 */
630 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
631 (Object **)&cpu->memory,
632 qdev_prop_allow_set_link_before_realize,
633 OBJ_PROP_LINK_UNREF_ON_RELEASE,
634 &error_abort);
635 cpu->memory = system_memory;
636 object_ref(OBJECT(cpu->memory));
637 #endif
638
639 cpu_list_add(cpu);
640
641 #ifndef CONFIG_USER_ONLY
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
644 }
645 if (cc->vmsd != NULL) {
646 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
647 }
648 #endif
649 }
650
651 #if defined(CONFIG_USER_ONLY)
652 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
653 {
654 tb_invalidate_phys_page_range(pc, pc + 1, 0);
655 }
656 #else
657 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
658 {
659 MemTxAttrs attrs;
660 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
661 int asidx = cpu_asidx_from_attrs(cpu, attrs);
662 if (phys != -1) {
663 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
664 phys | (pc & ~TARGET_PAGE_MASK));
665 }
666 }
667 #endif
668
669 #if defined(CONFIG_USER_ONLY)
670 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
671
672 {
673 }
674
675 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
676 int flags)
677 {
678 return -ENOSYS;
679 }
680
681 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
682 {
683 }
684
685 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
686 int flags, CPUWatchpoint **watchpoint)
687 {
688 return -ENOSYS;
689 }
690 #else
691 /* Add a watchpoint. */
692 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
693 int flags, CPUWatchpoint **watchpoint)
694 {
695 CPUWatchpoint *wp;
696
697 /* forbid ranges which are empty or run off the end of the address space */
698 if (len == 0 || (addr + len - 1) < addr) {
699 error_report("tried to set invalid watchpoint at %"
700 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
701 return -EINVAL;
702 }
703 wp = g_malloc(sizeof(*wp));
704
705 wp->vaddr = addr;
706 wp->len = len;
707 wp->flags = flags;
708
709 /* keep all GDB-injected watchpoints in front */
710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
714 }
715
716 tlb_flush_page(cpu, addr);
717
718 if (watchpoint)
719 *watchpoint = wp;
720 return 0;
721 }
722
723 /* Remove a specific watchpoint. */
724 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
725 int flags)
726 {
727 CPUWatchpoint *wp;
728
729 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
730 if (addr == wp->vaddr && len == wp->len
731 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
732 cpu_watchpoint_remove_by_ref(cpu, wp);
733 return 0;
734 }
735 }
736 return -ENOENT;
737 }
738
739 /* Remove a specific watchpoint by reference. */
740 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
741 {
742 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
743
744 tlb_flush_page(cpu, watchpoint->vaddr);
745
746 g_free(watchpoint);
747 }
748
749 /* Remove all matching watchpoints. */
750 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
751 {
752 CPUWatchpoint *wp, *next;
753
754 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
755 if (wp->flags & mask) {
756 cpu_watchpoint_remove_by_ref(cpu, wp);
757 }
758 }
759 }
760
761 /* Return true if this watchpoint address matches the specified
762 * access (ie the address range covered by the watchpoint overlaps
763 * partially or completely with the address range covered by the
764 * access).
765 */
766 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
767 vaddr addr,
768 vaddr len)
769 {
770 /* We know the lengths are non-zero, but a little caution is
771 * required to avoid errors in the case where the range ends
772 * exactly at the top of the address space and so addr + len
773 * wraps round to zero.
774 */
775 vaddr wpend = wp->vaddr + wp->len - 1;
776 vaddr addrend = addr + len - 1;
777
778 return !(addr > wpend || wp->vaddr > addrend);
779 }
780
781 #endif
782
783 /* Add a breakpoint. */
784 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
785 CPUBreakpoint **breakpoint)
786 {
787 CPUBreakpoint *bp;
788
789 bp = g_malloc(sizeof(*bp));
790
791 bp->pc = pc;
792 bp->flags = flags;
793
794 /* keep all GDB-injected breakpoints in front */
795 if (flags & BP_GDB) {
796 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
797 } else {
798 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
799 }
800
801 breakpoint_invalidate(cpu, pc);
802
803 if (breakpoint) {
804 *breakpoint = bp;
805 }
806 return 0;
807 }
808
809 /* Remove a specific breakpoint. */
810 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
811 {
812 CPUBreakpoint *bp;
813
814 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
815 if (bp->pc == pc && bp->flags == flags) {
816 cpu_breakpoint_remove_by_ref(cpu, bp);
817 return 0;
818 }
819 }
820 return -ENOENT;
821 }
822
823 /* Remove a specific breakpoint by reference. */
824 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
825 {
826 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
827
828 breakpoint_invalidate(cpu, breakpoint->pc);
829
830 g_free(breakpoint);
831 }
832
833 /* Remove all matching breakpoints. */
834 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
835 {
836 CPUBreakpoint *bp, *next;
837
838 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
839 if (bp->flags & mask) {
840 cpu_breakpoint_remove_by_ref(cpu, bp);
841 }
842 }
843 }
844
845 /* enable or disable single step mode. EXCP_DEBUG is returned by the
846 CPU loop after each instruction */
847 void cpu_single_step(CPUState *cpu, int enabled)
848 {
849 if (cpu->singlestep_enabled != enabled) {
850 cpu->singlestep_enabled = enabled;
851 if (kvm_enabled()) {
852 kvm_update_guest_debug(cpu, 0);
853 } else {
854 /* must flush all the translated code to avoid inconsistencies */
855 /* XXX: only flush what is necessary */
856 tb_flush(cpu);
857 }
858 }
859 }
860
861 void cpu_abort(CPUState *cpu, const char *fmt, ...)
862 {
863 va_list ap;
864 va_list ap2;
865
866 va_start(ap, fmt);
867 va_copy(ap2, ap);
868 fprintf(stderr, "qemu: fatal: ");
869 vfprintf(stderr, fmt, ap);
870 fprintf(stderr, "\n");
871 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
872 if (qemu_log_separate()) {
873 qemu_log("qemu: fatal: ");
874 qemu_log_vprintf(fmt, ap2);
875 qemu_log("\n");
876 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
877 qemu_log_flush();
878 qemu_log_close();
879 }
880 va_end(ap2);
881 va_end(ap);
882 replay_finish();
883 #if defined(CONFIG_USER_ONLY)
884 {
885 struct sigaction act;
886 sigfillset(&act.sa_mask);
887 act.sa_handler = SIG_DFL;
888 sigaction(SIGABRT, &act, NULL);
889 }
890 #endif
891 abort();
892 }
893
894 #if !defined(CONFIG_USER_ONLY)
895 /* Called from RCU critical section */
896 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
897 {
898 RAMBlock *block;
899
900 block = atomic_rcu_read(&ram_list.mru_block);
901 if (block && addr - block->offset < block->max_length) {
902 return block;
903 }
904 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
905 if (addr - block->offset < block->max_length) {
906 goto found;
907 }
908 }
909
910 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
911 abort();
912
913 found:
914 /* It is safe to write mru_block outside the iothread lock. This
915 * is what happens:
916 *
917 * mru_block = xxx
918 * rcu_read_unlock()
919 * xxx removed from list
920 * rcu_read_lock()
921 * read mru_block
922 * mru_block = NULL;
923 * call_rcu(reclaim_ramblock, xxx);
924 * rcu_read_unlock()
925 *
926 * atomic_rcu_set is not needed here. The block was already published
927 * when it was placed into the list. Here we're just making an extra
928 * copy of the pointer.
929 */
930 ram_list.mru_block = block;
931 return block;
932 }
933
934 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
935 {
936 CPUState *cpu;
937 ram_addr_t start1;
938 RAMBlock *block;
939 ram_addr_t end;
940
941 end = TARGET_PAGE_ALIGN(start + length);
942 start &= TARGET_PAGE_MASK;
943
944 rcu_read_lock();
945 block = qemu_get_ram_block(start);
946 assert(block == qemu_get_ram_block(end - 1));
947 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
948 CPU_FOREACH(cpu) {
949 tlb_reset_dirty(cpu, start1, length);
950 }
951 rcu_read_unlock();
952 }
953
954 /* Note: start and end must be within the same ram block. */
955 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
956 ram_addr_t length,
957 unsigned client)
958 {
959 DirtyMemoryBlocks *blocks;
960 unsigned long end, page;
961 bool dirty = false;
962
963 if (length == 0) {
964 return false;
965 }
966
967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
969
970 rcu_read_lock();
971
972 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
973
974 while (page < end) {
975 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
976 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
977 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
978
979 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
980 offset, num);
981 page += num;
982 }
983
984 rcu_read_unlock();
985
986 if (dirty && tcg_enabled()) {
987 tlb_reset_dirty_range_all(start, length);
988 }
989
990 return dirty;
991 }
992
993 /* Called from RCU critical section */
994 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
995 MemoryRegionSection *section,
996 target_ulong vaddr,
997 hwaddr paddr, hwaddr xlat,
998 int prot,
999 target_ulong *address)
1000 {
1001 hwaddr iotlb;
1002 CPUWatchpoint *wp;
1003
1004 if (memory_region_is_ram(section->mr)) {
1005 /* Normal RAM. */
1006 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1007 if (!section->readonly) {
1008 iotlb |= PHYS_SECTION_NOTDIRTY;
1009 } else {
1010 iotlb |= PHYS_SECTION_ROM;
1011 }
1012 } else {
1013 AddressSpaceDispatch *d;
1014
1015 d = atomic_rcu_read(&section->address_space->dispatch);
1016 iotlb = section - d->map.sections;
1017 iotlb += xlat;
1018 }
1019
1020 /* Make accesses to pages with watchpoints go via the
1021 watchpoint trap routines. */
1022 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1023 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1024 /* Avoid trapping reads of pages with a write breakpoint. */
1025 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1026 iotlb = PHYS_SECTION_WATCH + paddr;
1027 *address |= TLB_MMIO;
1028 break;
1029 }
1030 }
1031 }
1032
1033 return iotlb;
1034 }
1035 #endif /* defined(CONFIG_USER_ONLY) */
1036
1037 #if !defined(CONFIG_USER_ONLY)
1038
1039 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1040 uint16_t section);
1041 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1042
1043 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1044 qemu_anon_ram_alloc;
1045
1046 /*
1047 * Set a custom physical guest memory alloator.
1048 * Accelerators with unusual needs may need this. Hopefully, we can
1049 * get rid of it eventually.
1050 */
1051 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1052 {
1053 phys_mem_alloc = alloc;
1054 }
1055
1056 static uint16_t phys_section_add(PhysPageMap *map,
1057 MemoryRegionSection *section)
1058 {
1059 /* The physical section number is ORed with a page-aligned
1060 * pointer to produce the iotlb entries. Thus it should
1061 * never overflow into the page-aligned value.
1062 */
1063 assert(map->sections_nb < TARGET_PAGE_SIZE);
1064
1065 if (map->sections_nb == map->sections_nb_alloc) {
1066 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1067 map->sections = g_renew(MemoryRegionSection, map->sections,
1068 map->sections_nb_alloc);
1069 }
1070 map->sections[map->sections_nb] = *section;
1071 memory_region_ref(section->mr);
1072 return map->sections_nb++;
1073 }
1074
1075 static void phys_section_destroy(MemoryRegion *mr)
1076 {
1077 bool have_sub_page = mr->subpage;
1078
1079 memory_region_unref(mr);
1080
1081 if (have_sub_page) {
1082 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1083 object_unref(OBJECT(&subpage->iomem));
1084 g_free(subpage);
1085 }
1086 }
1087
1088 static void phys_sections_free(PhysPageMap *map)
1089 {
1090 while (map->sections_nb > 0) {
1091 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1092 phys_section_destroy(section->mr);
1093 }
1094 g_free(map->sections);
1095 g_free(map->nodes);
1096 }
1097
1098 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1099 {
1100 subpage_t *subpage;
1101 hwaddr base = section->offset_within_address_space
1102 & TARGET_PAGE_MASK;
1103 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1104 d->map.nodes, d->map.sections);
1105 MemoryRegionSection subsection = {
1106 .offset_within_address_space = base,
1107 .size = int128_make64(TARGET_PAGE_SIZE),
1108 };
1109 hwaddr start, end;
1110
1111 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1112
1113 if (!(existing->mr->subpage)) {
1114 subpage = subpage_init(d->as, base);
1115 subsection.address_space = d->as;
1116 subsection.mr = &subpage->iomem;
1117 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1118 phys_section_add(&d->map, &subsection));
1119 } else {
1120 subpage = container_of(existing->mr, subpage_t, iomem);
1121 }
1122 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1123 end = start + int128_get64(section->size) - 1;
1124 subpage_register(subpage, start, end,
1125 phys_section_add(&d->map, section));
1126 }
1127
1128
1129 static void register_multipage(AddressSpaceDispatch *d,
1130 MemoryRegionSection *section)
1131 {
1132 hwaddr start_addr = section->offset_within_address_space;
1133 uint16_t section_index = phys_section_add(&d->map, section);
1134 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1135 TARGET_PAGE_BITS));
1136
1137 assert(num_pages);
1138 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1139 }
1140
1141 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1142 {
1143 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1144 AddressSpaceDispatch *d = as->next_dispatch;
1145 MemoryRegionSection now = *section, remain = *section;
1146 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1147
1148 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1149 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1150 - now.offset_within_address_space;
1151
1152 now.size = int128_min(int128_make64(left), now.size);
1153 register_subpage(d, &now);
1154 } else {
1155 now.size = int128_zero();
1156 }
1157 while (int128_ne(remain.size, now.size)) {
1158 remain.size = int128_sub(remain.size, now.size);
1159 remain.offset_within_address_space += int128_get64(now.size);
1160 remain.offset_within_region += int128_get64(now.size);
1161 now = remain;
1162 if (int128_lt(remain.size, page_size)) {
1163 register_subpage(d, &now);
1164 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1165 now.size = page_size;
1166 register_subpage(d, &now);
1167 } else {
1168 now.size = int128_and(now.size, int128_neg(page_size));
1169 register_multipage(d, &now);
1170 }
1171 }
1172 }
1173
1174 void qemu_flush_coalesced_mmio_buffer(void)
1175 {
1176 if (kvm_enabled())
1177 kvm_flush_coalesced_mmio_buffer();
1178 }
1179
1180 void qemu_mutex_lock_ramlist(void)
1181 {
1182 qemu_mutex_lock(&ram_list.mutex);
1183 }
1184
1185 void qemu_mutex_unlock_ramlist(void)
1186 {
1187 qemu_mutex_unlock(&ram_list.mutex);
1188 }
1189
1190 #ifdef __linux__
1191 static void *file_ram_alloc(RAMBlock *block,
1192 ram_addr_t memory,
1193 const char *path,
1194 Error **errp)
1195 {
1196 bool unlink_on_error = false;
1197 char *filename;
1198 char *sanitized_name;
1199 char *c;
1200 void *area = MAP_FAILED;
1201 int fd = -1;
1202 int64_t page_size;
1203
1204 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1205 error_setg(errp,
1206 "host lacks kvm mmu notifiers, -mem-path unsupported");
1207 return NULL;
1208 }
1209
1210 for (;;) {
1211 fd = open(path, O_RDWR);
1212 if (fd >= 0) {
1213 /* @path names an existing file, use it */
1214 break;
1215 }
1216 if (errno == ENOENT) {
1217 /* @path names a file that doesn't exist, create it */
1218 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1219 if (fd >= 0) {
1220 unlink_on_error = true;
1221 break;
1222 }
1223 } else if (errno == EISDIR) {
1224 /* @path names a directory, create a file there */
1225 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1226 sanitized_name = g_strdup(memory_region_name(block->mr));
1227 for (c = sanitized_name; *c != '\0'; c++) {
1228 if (*c == '/') {
1229 *c = '_';
1230 }
1231 }
1232
1233 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1234 sanitized_name);
1235 g_free(sanitized_name);
1236
1237 fd = mkstemp(filename);
1238 if (fd >= 0) {
1239 unlink(filename);
1240 g_free(filename);
1241 break;
1242 }
1243 g_free(filename);
1244 }
1245 if (errno != EEXIST && errno != EINTR) {
1246 error_setg_errno(errp, errno,
1247 "can't open backing store %s for guest RAM",
1248 path);
1249 goto error;
1250 }
1251 /*
1252 * Try again on EINTR and EEXIST. The latter happens when
1253 * something else creates the file between our two open().
1254 */
1255 }
1256
1257 page_size = qemu_fd_getpagesize(fd);
1258 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
1259
1260 if (memory < page_size) {
1261 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1262 "or larger than page size 0x%" PRIx64,
1263 memory, page_size);
1264 goto error;
1265 }
1266
1267 memory = ROUND_UP(memory, page_size);
1268
1269 /*
1270 * ftruncate is not supported by hugetlbfs in older
1271 * hosts, so don't bother bailing out on errors.
1272 * If anything goes wrong with it under other filesystems,
1273 * mmap will fail.
1274 */
1275 if (ftruncate(fd, memory)) {
1276 perror("ftruncate");
1277 }
1278
1279 area = qemu_ram_mmap(fd, memory, block->mr->align,
1280 block->flags & RAM_SHARED);
1281 if (area == MAP_FAILED) {
1282 error_setg_errno(errp, errno,
1283 "unable to map backing store for guest RAM");
1284 goto error;
1285 }
1286
1287 if (mem_prealloc) {
1288 os_mem_prealloc(fd, area, memory, errp);
1289 if (errp && *errp) {
1290 goto error;
1291 }
1292 }
1293
1294 block->fd = fd;
1295 return area;
1296
1297 error:
1298 if (area != MAP_FAILED) {
1299 qemu_ram_munmap(area, memory);
1300 }
1301 if (unlink_on_error) {
1302 unlink(path);
1303 }
1304 if (fd != -1) {
1305 close(fd);
1306 }
1307 return NULL;
1308 }
1309 #endif
1310
1311 /* Called with the ramlist lock held. */
1312 static ram_addr_t find_ram_offset(ram_addr_t size)
1313 {
1314 RAMBlock *block, *next_block;
1315 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1316
1317 assert(size != 0); /* it would hand out same offset multiple times */
1318
1319 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1320 return 0;
1321 }
1322
1323 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1324 ram_addr_t end, next = RAM_ADDR_MAX;
1325
1326 end = block->offset + block->max_length;
1327
1328 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1329 if (next_block->offset >= end) {
1330 next = MIN(next, next_block->offset);
1331 }
1332 }
1333 if (next - end >= size && next - end < mingap) {
1334 offset = end;
1335 mingap = next - end;
1336 }
1337 }
1338
1339 if (offset == RAM_ADDR_MAX) {
1340 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1341 (uint64_t)size);
1342 abort();
1343 }
1344
1345 return offset;
1346 }
1347
1348 ram_addr_t last_ram_offset(void)
1349 {
1350 RAMBlock *block;
1351 ram_addr_t last = 0;
1352
1353 rcu_read_lock();
1354 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1355 last = MAX(last, block->offset + block->max_length);
1356 }
1357 rcu_read_unlock();
1358 return last;
1359 }
1360
1361 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1362 {
1363 int ret;
1364
1365 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1366 if (!machine_dump_guest_core(current_machine)) {
1367 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1368 if (ret) {
1369 perror("qemu_madvise");
1370 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1371 "but dump_guest_core=off specified\n");
1372 }
1373 }
1374 }
1375
1376 const char *qemu_ram_get_idstr(RAMBlock *rb)
1377 {
1378 return rb->idstr;
1379 }
1380
1381 /* Called with iothread lock held. */
1382 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1383 {
1384 RAMBlock *block;
1385
1386 assert(new_block);
1387 assert(!new_block->idstr[0]);
1388
1389 if (dev) {
1390 char *id = qdev_get_dev_path(dev);
1391 if (id) {
1392 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1393 g_free(id);
1394 }
1395 }
1396 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1397
1398 rcu_read_lock();
1399 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1400 if (block != new_block &&
1401 !strcmp(block->idstr, new_block->idstr)) {
1402 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1403 new_block->idstr);
1404 abort();
1405 }
1406 }
1407 rcu_read_unlock();
1408 }
1409
1410 /* Called with iothread lock held. */
1411 void qemu_ram_unset_idstr(RAMBlock *block)
1412 {
1413 /* FIXME: arch_init.c assumes that this is not called throughout
1414 * migration. Ignore the problem since hot-unplug during migration
1415 * does not work anyway.
1416 */
1417 if (block) {
1418 memset(block->idstr, 0, sizeof(block->idstr));
1419 }
1420 }
1421
1422 static int memory_try_enable_merging(void *addr, size_t len)
1423 {
1424 if (!machine_mem_merge(current_machine)) {
1425 /* disabled by the user */
1426 return 0;
1427 }
1428
1429 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1430 }
1431
1432 /* Only legal before guest might have detected the memory size: e.g. on
1433 * incoming migration, or right after reset.
1434 *
1435 * As memory core doesn't know how is memory accessed, it is up to
1436 * resize callback to update device state and/or add assertions to detect
1437 * misuse, if necessary.
1438 */
1439 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1440 {
1441 assert(block);
1442
1443 newsize = HOST_PAGE_ALIGN(newsize);
1444
1445 if (block->used_length == newsize) {
1446 return 0;
1447 }
1448
1449 if (!(block->flags & RAM_RESIZEABLE)) {
1450 error_setg_errno(errp, EINVAL,
1451 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1452 " in != 0x" RAM_ADDR_FMT, block->idstr,
1453 newsize, block->used_length);
1454 return -EINVAL;
1455 }
1456
1457 if (block->max_length < newsize) {
1458 error_setg_errno(errp, EINVAL,
1459 "Length too large: %s: 0x" RAM_ADDR_FMT
1460 " > 0x" RAM_ADDR_FMT, block->idstr,
1461 newsize, block->max_length);
1462 return -EINVAL;
1463 }
1464
1465 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1466 block->used_length = newsize;
1467 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1468 DIRTY_CLIENTS_ALL);
1469 memory_region_set_size(block->mr, newsize);
1470 if (block->resized) {
1471 block->resized(block->idstr, newsize, block->host);
1472 }
1473 return 0;
1474 }
1475
1476 /* Called with ram_list.mutex held */
1477 static void dirty_memory_extend(ram_addr_t old_ram_size,
1478 ram_addr_t new_ram_size)
1479 {
1480 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1481 DIRTY_MEMORY_BLOCK_SIZE);
1482 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1483 DIRTY_MEMORY_BLOCK_SIZE);
1484 int i;
1485
1486 /* Only need to extend if block count increased */
1487 if (new_num_blocks <= old_num_blocks) {
1488 return;
1489 }
1490
1491 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1492 DirtyMemoryBlocks *old_blocks;
1493 DirtyMemoryBlocks *new_blocks;
1494 int j;
1495
1496 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1497 new_blocks = g_malloc(sizeof(*new_blocks) +
1498 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1499
1500 if (old_num_blocks) {
1501 memcpy(new_blocks->blocks, old_blocks->blocks,
1502 old_num_blocks * sizeof(old_blocks->blocks[0]));
1503 }
1504
1505 for (j = old_num_blocks; j < new_num_blocks; j++) {
1506 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1507 }
1508
1509 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1510
1511 if (old_blocks) {
1512 g_free_rcu(old_blocks, rcu);
1513 }
1514 }
1515 }
1516
1517 static void ram_block_add(RAMBlock *new_block, Error **errp)
1518 {
1519 RAMBlock *block;
1520 RAMBlock *last_block = NULL;
1521 ram_addr_t old_ram_size, new_ram_size;
1522 Error *err = NULL;
1523
1524 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1525
1526 qemu_mutex_lock_ramlist();
1527 new_block->offset = find_ram_offset(new_block->max_length);
1528
1529 if (!new_block->host) {
1530 if (xen_enabled()) {
1531 xen_ram_alloc(new_block->offset, new_block->max_length,
1532 new_block->mr, &err);
1533 if (err) {
1534 error_propagate(errp, err);
1535 qemu_mutex_unlock_ramlist();
1536 return;
1537 }
1538 } else {
1539 new_block->host = phys_mem_alloc(new_block->max_length,
1540 &new_block->mr->align);
1541 if (!new_block->host) {
1542 error_setg_errno(errp, errno,
1543 "cannot set up guest memory '%s'",
1544 memory_region_name(new_block->mr));
1545 qemu_mutex_unlock_ramlist();
1546 return;
1547 }
1548 memory_try_enable_merging(new_block->host, new_block->max_length);
1549 }
1550 }
1551
1552 new_ram_size = MAX(old_ram_size,
1553 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1554 if (new_ram_size > old_ram_size) {
1555 migration_bitmap_extend(old_ram_size, new_ram_size);
1556 dirty_memory_extend(old_ram_size, new_ram_size);
1557 }
1558 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1559 * QLIST (which has an RCU-friendly variant) does not have insertion at
1560 * tail, so save the last element in last_block.
1561 */
1562 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1563 last_block = block;
1564 if (block->max_length < new_block->max_length) {
1565 break;
1566 }
1567 }
1568 if (block) {
1569 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1570 } else if (last_block) {
1571 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1572 } else { /* list is empty */
1573 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1574 }
1575 ram_list.mru_block = NULL;
1576
1577 /* Write list before version */
1578 smp_wmb();
1579 ram_list.version++;
1580 qemu_mutex_unlock_ramlist();
1581
1582 cpu_physical_memory_set_dirty_range(new_block->offset,
1583 new_block->used_length,
1584 DIRTY_CLIENTS_ALL);
1585
1586 if (new_block->host) {
1587 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1588 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1589 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
1590 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1591 }
1592 }
1593
1594 #ifdef __linux__
1595 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1596 bool share, const char *mem_path,
1597 Error **errp)
1598 {
1599 RAMBlock *new_block;
1600 Error *local_err = NULL;
1601
1602 if (xen_enabled()) {
1603 error_setg(errp, "-mem-path not supported with Xen");
1604 return NULL;
1605 }
1606
1607 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1608 /*
1609 * file_ram_alloc() needs to allocate just like
1610 * phys_mem_alloc, but we haven't bothered to provide
1611 * a hook there.
1612 */
1613 error_setg(errp,
1614 "-mem-path not supported with this accelerator");
1615 return NULL;
1616 }
1617
1618 size = HOST_PAGE_ALIGN(size);
1619 new_block = g_malloc0(sizeof(*new_block));
1620 new_block->mr = mr;
1621 new_block->used_length = size;
1622 new_block->max_length = size;
1623 new_block->flags = share ? RAM_SHARED : 0;
1624 new_block->host = file_ram_alloc(new_block, size,
1625 mem_path, errp);
1626 if (!new_block->host) {
1627 g_free(new_block);
1628 return NULL;
1629 }
1630
1631 ram_block_add(new_block, &local_err);
1632 if (local_err) {
1633 g_free(new_block);
1634 error_propagate(errp, local_err);
1635 return NULL;
1636 }
1637 return new_block;
1638 }
1639 #endif
1640
1641 static
1642 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1643 void (*resized)(const char*,
1644 uint64_t length,
1645 void *host),
1646 void *host, bool resizeable,
1647 MemoryRegion *mr, Error **errp)
1648 {
1649 RAMBlock *new_block;
1650 Error *local_err = NULL;
1651
1652 size = HOST_PAGE_ALIGN(size);
1653 max_size = HOST_PAGE_ALIGN(max_size);
1654 new_block = g_malloc0(sizeof(*new_block));
1655 new_block->mr = mr;
1656 new_block->resized = resized;
1657 new_block->used_length = size;
1658 new_block->max_length = max_size;
1659 assert(max_size >= size);
1660 new_block->fd = -1;
1661 new_block->host = host;
1662 if (host) {
1663 new_block->flags |= RAM_PREALLOC;
1664 }
1665 if (resizeable) {
1666 new_block->flags |= RAM_RESIZEABLE;
1667 }
1668 ram_block_add(new_block, &local_err);
1669 if (local_err) {
1670 g_free(new_block);
1671 error_propagate(errp, local_err);
1672 return NULL;
1673 }
1674 return new_block;
1675 }
1676
1677 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1678 MemoryRegion *mr, Error **errp)
1679 {
1680 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1681 }
1682
1683 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1684 {
1685 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1686 }
1687
1688 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1689 void (*resized)(const char*,
1690 uint64_t length,
1691 void *host),
1692 MemoryRegion *mr, Error **errp)
1693 {
1694 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1695 }
1696
1697 static void reclaim_ramblock(RAMBlock *block)
1698 {
1699 if (block->flags & RAM_PREALLOC) {
1700 ;
1701 } else if (xen_enabled()) {
1702 xen_invalidate_map_cache_entry(block->host);
1703 #ifndef _WIN32
1704 } else if (block->fd >= 0) {
1705 qemu_ram_munmap(block->host, block->max_length);
1706 close(block->fd);
1707 #endif
1708 } else {
1709 qemu_anon_ram_free(block->host, block->max_length);
1710 }
1711 g_free(block);
1712 }
1713
1714 void qemu_ram_free(RAMBlock *block)
1715 {
1716 if (!block) {
1717 return;
1718 }
1719
1720 qemu_mutex_lock_ramlist();
1721 QLIST_REMOVE_RCU(block, next);
1722 ram_list.mru_block = NULL;
1723 /* Write list before version */
1724 smp_wmb();
1725 ram_list.version++;
1726 call_rcu(block, reclaim_ramblock, rcu);
1727 qemu_mutex_unlock_ramlist();
1728 }
1729
1730 #ifndef _WIN32
1731 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1732 {
1733 RAMBlock *block;
1734 ram_addr_t offset;
1735 int flags;
1736 void *area, *vaddr;
1737
1738 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1739 offset = addr - block->offset;
1740 if (offset < block->max_length) {
1741 vaddr = ramblock_ptr(block, offset);
1742 if (block->flags & RAM_PREALLOC) {
1743 ;
1744 } else if (xen_enabled()) {
1745 abort();
1746 } else {
1747 flags = MAP_FIXED;
1748 if (block->fd >= 0) {
1749 flags |= (block->flags & RAM_SHARED ?
1750 MAP_SHARED : MAP_PRIVATE);
1751 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1752 flags, block->fd, offset);
1753 } else {
1754 /*
1755 * Remap needs to match alloc. Accelerators that
1756 * set phys_mem_alloc never remap. If they did,
1757 * we'd need a remap hook here.
1758 */
1759 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1760
1761 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1762 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1763 flags, -1, 0);
1764 }
1765 if (area != vaddr) {
1766 fprintf(stderr, "Could not remap addr: "
1767 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1768 length, addr);
1769 exit(1);
1770 }
1771 memory_try_enable_merging(vaddr, length);
1772 qemu_ram_setup_dump(vaddr, length);
1773 }
1774 }
1775 }
1776 }
1777 #endif /* !_WIN32 */
1778
1779 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1780 * This should not be used for general purpose DMA. Use address_space_map
1781 * or address_space_rw instead. For local memory (e.g. video ram) that the
1782 * device owns, use memory_region_get_ram_ptr.
1783 *
1784 * Called within RCU critical section.
1785 */
1786 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1787 {
1788 RAMBlock *block = ram_block;
1789
1790 if (block == NULL) {
1791 block = qemu_get_ram_block(addr);
1792 addr -= block->offset;
1793 }
1794
1795 if (xen_enabled() && block->host == NULL) {
1796 /* We need to check if the requested address is in the RAM
1797 * because we don't want to map the entire memory in QEMU.
1798 * In that case just map until the end of the page.
1799 */
1800 if (block->offset == 0) {
1801 return xen_map_cache(addr, 0, 0);
1802 }
1803
1804 block->host = xen_map_cache(block->offset, block->max_length, 1);
1805 }
1806 return ramblock_ptr(block, addr);
1807 }
1808
1809 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
1810 * but takes a size argument.
1811 *
1812 * Called within RCU critical section.
1813 */
1814 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1815 hwaddr *size)
1816 {
1817 RAMBlock *block = ram_block;
1818 if (*size == 0) {
1819 return NULL;
1820 }
1821
1822 if (block == NULL) {
1823 block = qemu_get_ram_block(addr);
1824 addr -= block->offset;
1825 }
1826 *size = MIN(*size, block->max_length - addr);
1827
1828 if (xen_enabled() && block->host == NULL) {
1829 /* We need to check if the requested address is in the RAM
1830 * because we don't want to map the entire memory in QEMU.
1831 * In that case just map the requested area.
1832 */
1833 if (block->offset == 0) {
1834 return xen_map_cache(addr, *size, 1);
1835 }
1836
1837 block->host = xen_map_cache(block->offset, block->max_length, 1);
1838 }
1839
1840 return ramblock_ptr(block, addr);
1841 }
1842
1843 /*
1844 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1845 * in that RAMBlock.
1846 *
1847 * ptr: Host pointer to look up
1848 * round_offset: If true round the result offset down to a page boundary
1849 * *ram_addr: set to result ram_addr
1850 * *offset: set to result offset within the RAMBlock
1851 *
1852 * Returns: RAMBlock (or NULL if not found)
1853 *
1854 * By the time this function returns, the returned pointer is not protected
1855 * by RCU anymore. If the caller is not within an RCU critical section and
1856 * does not hold the iothread lock, it must have other means of protecting the
1857 * pointer, such as a reference to the region that includes the incoming
1858 * ram_addr_t.
1859 */
1860 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1861 ram_addr_t *offset)
1862 {
1863 RAMBlock *block;
1864 uint8_t *host = ptr;
1865
1866 if (xen_enabled()) {
1867 ram_addr_t ram_addr;
1868 rcu_read_lock();
1869 ram_addr = xen_ram_addr_from_mapcache(ptr);
1870 block = qemu_get_ram_block(ram_addr);
1871 if (block) {
1872 *offset = ram_addr - block->offset;
1873 }
1874 rcu_read_unlock();
1875 return block;
1876 }
1877
1878 rcu_read_lock();
1879 block = atomic_rcu_read(&ram_list.mru_block);
1880 if (block && block->host && host - block->host < block->max_length) {
1881 goto found;
1882 }
1883
1884 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1885 /* This case append when the block is not mapped. */
1886 if (block->host == NULL) {
1887 continue;
1888 }
1889 if (host - block->host < block->max_length) {
1890 goto found;
1891 }
1892 }
1893
1894 rcu_read_unlock();
1895 return NULL;
1896
1897 found:
1898 *offset = (host - block->host);
1899 if (round_offset) {
1900 *offset &= TARGET_PAGE_MASK;
1901 }
1902 rcu_read_unlock();
1903 return block;
1904 }
1905
1906 /*
1907 * Finds the named RAMBlock
1908 *
1909 * name: The name of RAMBlock to find
1910 *
1911 * Returns: RAMBlock (or NULL if not found)
1912 */
1913 RAMBlock *qemu_ram_block_by_name(const char *name)
1914 {
1915 RAMBlock *block;
1916
1917 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1918 if (!strcmp(name, block->idstr)) {
1919 return block;
1920 }
1921 }
1922
1923 return NULL;
1924 }
1925
1926 /* Some of the softmmu routines need to translate from a host pointer
1927 (typically a TLB entry) back to a ram offset. */
1928 ram_addr_t qemu_ram_addr_from_host(void *ptr)
1929 {
1930 RAMBlock *block;
1931 ram_addr_t offset;
1932
1933 block = qemu_ram_block_from_host(ptr, false, &offset);
1934 if (!block) {
1935 return RAM_ADDR_INVALID;
1936 }
1937
1938 return block->offset + offset;
1939 }
1940
1941 /* Called within RCU critical section. */
1942 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1943 uint64_t val, unsigned size)
1944 {
1945 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1946 tb_invalidate_phys_page_fast(ram_addr, size);
1947 }
1948 switch (size) {
1949 case 1:
1950 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1951 break;
1952 case 2:
1953 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1954 break;
1955 case 4:
1956 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1957 break;
1958 default:
1959 abort();
1960 }
1961 /* Set both VGA and migration bits for simplicity and to remove
1962 * the notdirty callback faster.
1963 */
1964 cpu_physical_memory_set_dirty_range(ram_addr, size,
1965 DIRTY_CLIENTS_NOCODE);
1966 /* we remove the notdirty callback only if the code has been
1967 flushed */
1968 if (!cpu_physical_memory_is_clean(ram_addr)) {
1969 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1970 }
1971 }
1972
1973 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1974 unsigned size, bool is_write)
1975 {
1976 return is_write;
1977 }
1978
1979 static const MemoryRegionOps notdirty_mem_ops = {
1980 .write = notdirty_mem_write,
1981 .valid.accepts = notdirty_mem_accepts,
1982 .endianness = DEVICE_NATIVE_ENDIAN,
1983 };
1984
1985 /* Generate a debug exception if a watchpoint has been hit. */
1986 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1987 {
1988 CPUState *cpu = current_cpu;
1989 CPUClass *cc = CPU_GET_CLASS(cpu);
1990 CPUArchState *env = cpu->env_ptr;
1991 target_ulong pc, cs_base;
1992 target_ulong vaddr;
1993 CPUWatchpoint *wp;
1994 uint32_t cpu_flags;
1995
1996 if (cpu->watchpoint_hit) {
1997 /* We re-entered the check after replacing the TB. Now raise
1998 * the debug interrupt so that is will trigger after the
1999 * current instruction. */
2000 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2001 return;
2002 }
2003 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2004 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2005 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2006 && (wp->flags & flags)) {
2007 if (flags == BP_MEM_READ) {
2008 wp->flags |= BP_WATCHPOINT_HIT_READ;
2009 } else {
2010 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2011 }
2012 wp->hitaddr = vaddr;
2013 wp->hitattrs = attrs;
2014 if (!cpu->watchpoint_hit) {
2015 if (wp->flags & BP_CPU &&
2016 !cc->debug_check_watchpoint(cpu, wp)) {
2017 wp->flags &= ~BP_WATCHPOINT_HIT;
2018 continue;
2019 }
2020 cpu->watchpoint_hit = wp;
2021 tb_check_watchpoint(cpu);
2022 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2023 cpu->exception_index = EXCP_DEBUG;
2024 cpu_loop_exit(cpu);
2025 } else {
2026 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2027 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2028 cpu_loop_exit_noexc(cpu);
2029 }
2030 }
2031 } else {
2032 wp->flags &= ~BP_WATCHPOINT_HIT;
2033 }
2034 }
2035 }
2036
2037 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2038 so these check for a hit then pass through to the normal out-of-line
2039 phys routines. */
2040 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2041 unsigned size, MemTxAttrs attrs)
2042 {
2043 MemTxResult res;
2044 uint64_t data;
2045 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2046 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2047
2048 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2049 switch (size) {
2050 case 1:
2051 data = address_space_ldub(as, addr, attrs, &res);
2052 break;
2053 case 2:
2054 data = address_space_lduw(as, addr, attrs, &res);
2055 break;
2056 case 4:
2057 data = address_space_ldl(as, addr, attrs, &res);
2058 break;
2059 default: abort();
2060 }
2061 *pdata = data;
2062 return res;
2063 }
2064
2065 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2066 uint64_t val, unsigned size,
2067 MemTxAttrs attrs)
2068 {
2069 MemTxResult res;
2070 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2071 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2072
2073 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2074 switch (size) {
2075 case 1:
2076 address_space_stb(as, addr, val, attrs, &res);
2077 break;
2078 case 2:
2079 address_space_stw(as, addr, val, attrs, &res);
2080 break;
2081 case 4:
2082 address_space_stl(as, addr, val, attrs, &res);
2083 break;
2084 default: abort();
2085 }
2086 return res;
2087 }
2088
2089 static const MemoryRegionOps watch_mem_ops = {
2090 .read_with_attrs = watch_mem_read,
2091 .write_with_attrs = watch_mem_write,
2092 .endianness = DEVICE_NATIVE_ENDIAN,
2093 };
2094
2095 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2096 unsigned len, MemTxAttrs attrs)
2097 {
2098 subpage_t *subpage = opaque;
2099 uint8_t buf[8];
2100 MemTxResult res;
2101
2102 #if defined(DEBUG_SUBPAGE)
2103 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2104 subpage, len, addr);
2105 #endif
2106 res = address_space_read(subpage->as, addr + subpage->base,
2107 attrs, buf, len);
2108 if (res) {
2109 return res;
2110 }
2111 switch (len) {
2112 case 1:
2113 *data = ldub_p(buf);
2114 return MEMTX_OK;
2115 case 2:
2116 *data = lduw_p(buf);
2117 return MEMTX_OK;
2118 case 4:
2119 *data = ldl_p(buf);
2120 return MEMTX_OK;
2121 case 8:
2122 *data = ldq_p(buf);
2123 return MEMTX_OK;
2124 default:
2125 abort();
2126 }
2127 }
2128
2129 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2130 uint64_t value, unsigned len, MemTxAttrs attrs)
2131 {
2132 subpage_t *subpage = opaque;
2133 uint8_t buf[8];
2134
2135 #if defined(DEBUG_SUBPAGE)
2136 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2137 " value %"PRIx64"\n",
2138 __func__, subpage, len, addr, value);
2139 #endif
2140 switch (len) {
2141 case 1:
2142 stb_p(buf, value);
2143 break;
2144 case 2:
2145 stw_p(buf, value);
2146 break;
2147 case 4:
2148 stl_p(buf, value);
2149 break;
2150 case 8:
2151 stq_p(buf, value);
2152 break;
2153 default:
2154 abort();
2155 }
2156 return address_space_write(subpage->as, addr + subpage->base,
2157 attrs, buf, len);
2158 }
2159
2160 static bool subpage_accepts(void *opaque, hwaddr addr,
2161 unsigned len, bool is_write)
2162 {
2163 subpage_t *subpage = opaque;
2164 #if defined(DEBUG_SUBPAGE)
2165 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2166 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2167 #endif
2168
2169 return address_space_access_valid(subpage->as, addr + subpage->base,
2170 len, is_write);
2171 }
2172
2173 static const MemoryRegionOps subpage_ops = {
2174 .read_with_attrs = subpage_read,
2175 .write_with_attrs = subpage_write,
2176 .impl.min_access_size = 1,
2177 .impl.max_access_size = 8,
2178 .valid.min_access_size = 1,
2179 .valid.max_access_size = 8,
2180 .valid.accepts = subpage_accepts,
2181 .endianness = DEVICE_NATIVE_ENDIAN,
2182 };
2183
2184 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2185 uint16_t section)
2186 {
2187 int idx, eidx;
2188
2189 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2190 return -1;
2191 idx = SUBPAGE_IDX(start);
2192 eidx = SUBPAGE_IDX(end);
2193 #if defined(DEBUG_SUBPAGE)
2194 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2195 __func__, mmio, start, end, idx, eidx, section);
2196 #endif
2197 for (; idx <= eidx; idx++) {
2198 mmio->sub_section[idx] = section;
2199 }
2200
2201 return 0;
2202 }
2203
2204 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2205 {
2206 subpage_t *mmio;
2207
2208 mmio = g_malloc0(sizeof(subpage_t));
2209
2210 mmio->as = as;
2211 mmio->base = base;
2212 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2213 NULL, TARGET_PAGE_SIZE);
2214 mmio->iomem.subpage = true;
2215 #if defined(DEBUG_SUBPAGE)
2216 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2217 mmio, base, TARGET_PAGE_SIZE);
2218 #endif
2219 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2220
2221 return mmio;
2222 }
2223
2224 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2225 MemoryRegion *mr)
2226 {
2227 assert(as);
2228 MemoryRegionSection section = {
2229 .address_space = as,
2230 .mr = mr,
2231 .offset_within_address_space = 0,
2232 .offset_within_region = 0,
2233 .size = int128_2_64(),
2234 };
2235
2236 return phys_section_add(map, &section);
2237 }
2238
2239 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2240 {
2241 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2242 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2243 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2244 MemoryRegionSection *sections = d->map.sections;
2245
2246 return sections[index & ~TARGET_PAGE_MASK].mr;
2247 }
2248
2249 static void io_mem_init(void)
2250 {
2251 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2252 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2253 NULL, UINT64_MAX);
2254 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2255 NULL, UINT64_MAX);
2256 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2257 NULL, UINT64_MAX);
2258 }
2259
2260 static void mem_begin(MemoryListener *listener)
2261 {
2262 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2263 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2264 uint16_t n;
2265
2266 n = dummy_section(&d->map, as, &io_mem_unassigned);
2267 assert(n == PHYS_SECTION_UNASSIGNED);
2268 n = dummy_section(&d->map, as, &io_mem_notdirty);
2269 assert(n == PHYS_SECTION_NOTDIRTY);
2270 n = dummy_section(&d->map, as, &io_mem_rom);
2271 assert(n == PHYS_SECTION_ROM);
2272 n = dummy_section(&d->map, as, &io_mem_watch);
2273 assert(n == PHYS_SECTION_WATCH);
2274
2275 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2276 d->as = as;
2277 as->next_dispatch = d;
2278 }
2279
2280 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2281 {
2282 phys_sections_free(&d->map);
2283 g_free(d);
2284 }
2285
2286 static void mem_commit(MemoryListener *listener)
2287 {
2288 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2289 AddressSpaceDispatch *cur = as->dispatch;
2290 AddressSpaceDispatch *next = as->next_dispatch;
2291
2292 phys_page_compact_all(next, next->map.nodes_nb);
2293
2294 atomic_rcu_set(&as->dispatch, next);
2295 if (cur) {
2296 call_rcu(cur, address_space_dispatch_free, rcu);
2297 }
2298 }
2299
2300 static void tcg_commit(MemoryListener *listener)
2301 {
2302 CPUAddressSpace *cpuas;
2303 AddressSpaceDispatch *d;
2304
2305 /* since each CPU stores ram addresses in its TLB cache, we must
2306 reset the modified entries */
2307 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2308 cpu_reloading_memory_map();
2309 /* The CPU and TLB are protected by the iothread lock.
2310 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2311 * may have split the RCU critical section.
2312 */
2313 d = atomic_rcu_read(&cpuas->as->dispatch);
2314 cpuas->memory_dispatch = d;
2315 tlb_flush(cpuas->cpu, 1);
2316 }
2317
2318 void address_space_init_dispatch(AddressSpace *as)
2319 {
2320 as->dispatch = NULL;
2321 as->dispatch_listener = (MemoryListener) {
2322 .begin = mem_begin,
2323 .commit = mem_commit,
2324 .region_add = mem_add,
2325 .region_nop = mem_add,
2326 .priority = 0,
2327 };
2328 memory_listener_register(&as->dispatch_listener, as);
2329 }
2330
2331 void address_space_unregister(AddressSpace *as)
2332 {
2333 memory_listener_unregister(&as->dispatch_listener);
2334 }
2335
2336 void address_space_destroy_dispatch(AddressSpace *as)
2337 {
2338 AddressSpaceDispatch *d = as->dispatch;
2339
2340 atomic_rcu_set(&as->dispatch, NULL);
2341 if (d) {
2342 call_rcu(d, address_space_dispatch_free, rcu);
2343 }
2344 }
2345
2346 static void memory_map_init(void)
2347 {
2348 system_memory = g_malloc(sizeof(*system_memory));
2349
2350 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2351 address_space_init(&address_space_memory, system_memory, "memory");
2352
2353 system_io = g_malloc(sizeof(*system_io));
2354 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2355 65536);
2356 address_space_init(&address_space_io, system_io, "I/O");
2357 }
2358
2359 MemoryRegion *get_system_memory(void)
2360 {
2361 return system_memory;
2362 }
2363
2364 MemoryRegion *get_system_io(void)
2365 {
2366 return system_io;
2367 }
2368
2369 #endif /* !defined(CONFIG_USER_ONLY) */
2370
2371 /* physical memory access (slow version, mainly for debug) */
2372 #if defined(CONFIG_USER_ONLY)
2373 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2374 uint8_t *buf, int len, int is_write)
2375 {
2376 int l, flags;
2377 target_ulong page;
2378 void * p;
2379
2380 while (len > 0) {
2381 page = addr & TARGET_PAGE_MASK;
2382 l = (page + TARGET_PAGE_SIZE) - addr;
2383 if (l > len)
2384 l = len;
2385 flags = page_get_flags(page);
2386 if (!(flags & PAGE_VALID))
2387 return -1;
2388 if (is_write) {
2389 if (!(flags & PAGE_WRITE))
2390 return -1;
2391 /* XXX: this code should not depend on lock_user */
2392 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2393 return -1;
2394 memcpy(p, buf, l);
2395 unlock_user(p, addr, l);
2396 } else {
2397 if (!(flags & PAGE_READ))
2398 return -1;
2399 /* XXX: this code should not depend on lock_user */
2400 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2401 return -1;
2402 memcpy(buf, p, l);
2403 unlock_user(p, addr, 0);
2404 }
2405 len -= l;
2406 buf += l;
2407 addr += l;
2408 }
2409 return 0;
2410 }
2411
2412 #else
2413
2414 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2415 hwaddr length)
2416 {
2417 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2418 addr += memory_region_get_ram_addr(mr);
2419
2420 /* No early return if dirty_log_mask is or becomes 0, because
2421 * cpu_physical_memory_set_dirty_range will still call
2422 * xen_modified_memory.
2423 */
2424 if (dirty_log_mask) {
2425 dirty_log_mask =
2426 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2427 }
2428 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2429 tb_invalidate_phys_range(addr, addr + length);
2430 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2431 }
2432 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2433 }
2434
2435 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2436 {
2437 unsigned access_size_max = mr->ops->valid.max_access_size;
2438
2439 /* Regions are assumed to support 1-4 byte accesses unless
2440 otherwise specified. */
2441 if (access_size_max == 0) {
2442 access_size_max = 4;
2443 }
2444
2445 /* Bound the maximum access by the alignment of the address. */
2446 if (!mr->ops->impl.unaligned) {
2447 unsigned align_size_max = addr & -addr;
2448 if (align_size_max != 0 && align_size_max < access_size_max) {
2449 access_size_max = align_size_max;
2450 }
2451 }
2452
2453 /* Don't attempt accesses larger than the maximum. */
2454 if (l > access_size_max) {
2455 l = access_size_max;
2456 }
2457 l = pow2floor(l);
2458
2459 return l;
2460 }
2461
2462 static bool prepare_mmio_access(MemoryRegion *mr)
2463 {
2464 bool unlocked = !qemu_mutex_iothread_locked();
2465 bool release_lock = false;
2466
2467 if (unlocked && mr->global_locking) {
2468 qemu_mutex_lock_iothread();
2469 unlocked = false;
2470 release_lock = true;
2471 }
2472 if (mr->flush_coalesced_mmio) {
2473 if (unlocked) {
2474 qemu_mutex_lock_iothread();
2475 }
2476 qemu_flush_coalesced_mmio_buffer();
2477 if (unlocked) {
2478 qemu_mutex_unlock_iothread();
2479 }
2480 }
2481
2482 return release_lock;
2483 }
2484
2485 /* Called within RCU critical section. */
2486 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2487 MemTxAttrs attrs,
2488 const uint8_t *buf,
2489 int len, hwaddr addr1,
2490 hwaddr l, MemoryRegion *mr)
2491 {
2492 uint8_t *ptr;
2493 uint64_t val;
2494 MemTxResult result = MEMTX_OK;
2495 bool release_lock = false;
2496
2497 for (;;) {
2498 if (!memory_access_is_direct(mr, true)) {
2499 release_lock |= prepare_mmio_access(mr);
2500 l = memory_access_size(mr, l, addr1);
2501 /* XXX: could force current_cpu to NULL to avoid
2502 potential bugs */
2503 switch (l) {
2504 case 8:
2505 /* 64 bit write access */
2506 val = ldq_p(buf);
2507 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2508 attrs);
2509 break;
2510 case 4:
2511 /* 32 bit write access */
2512 val = ldl_p(buf);
2513 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2514 attrs);
2515 break;
2516 case 2:
2517 /* 16 bit write access */
2518 val = lduw_p(buf);
2519 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2520 attrs);
2521 break;
2522 case 1:
2523 /* 8 bit write access */
2524 val = ldub_p(buf);
2525 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2526 attrs);
2527 break;
2528 default:
2529 abort();
2530 }
2531 } else {
2532 /* RAM case */
2533 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2534 memcpy(ptr, buf, l);
2535 invalidate_and_set_dirty(mr, addr1, l);
2536 }
2537
2538 if (release_lock) {
2539 qemu_mutex_unlock_iothread();
2540 release_lock = false;
2541 }
2542
2543 len -= l;
2544 buf += l;
2545 addr += l;
2546
2547 if (!len) {
2548 break;
2549 }
2550
2551 l = len;
2552 mr = address_space_translate(as, addr, &addr1, &l, true);
2553 }
2554
2555 return result;
2556 }
2557
2558 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2559 const uint8_t *buf, int len)
2560 {
2561 hwaddr l;
2562 hwaddr addr1;
2563 MemoryRegion *mr;
2564 MemTxResult result = MEMTX_OK;
2565
2566 if (len > 0) {
2567 rcu_read_lock();
2568 l = len;
2569 mr = address_space_translate(as, addr, &addr1, &l, true);
2570 result = address_space_write_continue(as, addr, attrs, buf, len,
2571 addr1, l, mr);
2572 rcu_read_unlock();
2573 }
2574
2575 return result;
2576 }
2577
2578 /* Called within RCU critical section. */
2579 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2580 MemTxAttrs attrs, uint8_t *buf,
2581 int len, hwaddr addr1, hwaddr l,
2582 MemoryRegion *mr)
2583 {
2584 uint8_t *ptr;
2585 uint64_t val;
2586 MemTxResult result = MEMTX_OK;
2587 bool release_lock = false;
2588
2589 for (;;) {
2590 if (!memory_access_is_direct(mr, false)) {
2591 /* I/O case */
2592 release_lock |= prepare_mmio_access(mr);
2593 l = memory_access_size(mr, l, addr1);
2594 switch (l) {
2595 case 8:
2596 /* 64 bit read access */
2597 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2598 attrs);
2599 stq_p(buf, val);
2600 break;
2601 case 4:
2602 /* 32 bit read access */
2603 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2604 attrs);
2605 stl_p(buf, val);
2606 break;
2607 case 2:
2608 /* 16 bit read access */
2609 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2610 attrs);
2611 stw_p(buf, val);
2612 break;
2613 case 1:
2614 /* 8 bit read access */
2615 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2616 attrs);
2617 stb_p(buf, val);
2618 break;
2619 default:
2620 abort();
2621 }
2622 } else {
2623 /* RAM case */
2624 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2625 memcpy(buf, ptr, l);
2626 }
2627
2628 if (release_lock) {
2629 qemu_mutex_unlock_iothread();
2630 release_lock = false;
2631 }
2632
2633 len -= l;
2634 buf += l;
2635 addr += l;
2636
2637 if (!len) {
2638 break;
2639 }
2640
2641 l = len;
2642 mr = address_space_translate(as, addr, &addr1, &l, false);
2643 }
2644
2645 return result;
2646 }
2647
2648 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2649 MemTxAttrs attrs, uint8_t *buf, int len)
2650 {
2651 hwaddr l;
2652 hwaddr addr1;
2653 MemoryRegion *mr;
2654 MemTxResult result = MEMTX_OK;
2655
2656 if (len > 0) {
2657 rcu_read_lock();
2658 l = len;
2659 mr = address_space_translate(as, addr, &addr1, &l, false);
2660 result = address_space_read_continue(as, addr, attrs, buf, len,
2661 addr1, l, mr);
2662 rcu_read_unlock();
2663 }
2664
2665 return result;
2666 }
2667
2668 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2669 uint8_t *buf, int len, bool is_write)
2670 {
2671 if (is_write) {
2672 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2673 } else {
2674 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2675 }
2676 }
2677
2678 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2679 int len, int is_write)
2680 {
2681 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2682 buf, len, is_write);
2683 }
2684
2685 enum write_rom_type {
2686 WRITE_DATA,
2687 FLUSH_CACHE,
2688 };
2689
2690 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2691 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2692 {
2693 hwaddr l;
2694 uint8_t *ptr;
2695 hwaddr addr1;
2696 MemoryRegion *mr;
2697
2698 rcu_read_lock();
2699 while (len > 0) {
2700 l = len;
2701 mr = address_space_translate(as, addr, &addr1, &l, true);
2702
2703 if (!(memory_region_is_ram(mr) ||
2704 memory_region_is_romd(mr))) {
2705 l = memory_access_size(mr, l, addr1);
2706 } else {
2707 /* ROM/RAM case */
2708 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2709 switch (type) {
2710 case WRITE_DATA:
2711 memcpy(ptr, buf, l);
2712 invalidate_and_set_dirty(mr, addr1, l);
2713 break;
2714 case FLUSH_CACHE:
2715 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2716 break;
2717 }
2718 }
2719 len -= l;
2720 buf += l;
2721 addr += l;
2722 }
2723 rcu_read_unlock();
2724 }
2725
2726 /* used for ROM loading : can write in RAM and ROM */
2727 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2728 const uint8_t *buf, int len)
2729 {
2730 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2731 }
2732
2733 void cpu_flush_icache_range(hwaddr start, int len)
2734 {
2735 /*
2736 * This function should do the same thing as an icache flush that was
2737 * triggered from within the guest. For TCG we are always cache coherent,
2738 * so there is no need to flush anything. For KVM / Xen we need to flush
2739 * the host's instruction cache at least.
2740 */
2741 if (tcg_enabled()) {
2742 return;
2743 }
2744
2745 cpu_physical_memory_write_rom_internal(&address_space_memory,
2746 start, NULL, len, FLUSH_CACHE);
2747 }
2748
2749 typedef struct {
2750 MemoryRegion *mr;
2751 void *buffer;
2752 hwaddr addr;
2753 hwaddr len;
2754 bool in_use;
2755 } BounceBuffer;
2756
2757 static BounceBuffer bounce;
2758
2759 typedef struct MapClient {
2760 QEMUBH *bh;
2761 QLIST_ENTRY(MapClient) link;
2762 } MapClient;
2763
2764 QemuMutex map_client_list_lock;
2765 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2766 = QLIST_HEAD_INITIALIZER(map_client_list);
2767
2768 static void cpu_unregister_map_client_do(MapClient *client)
2769 {
2770 QLIST_REMOVE(client, link);
2771 g_free(client);
2772 }
2773
2774 static void cpu_notify_map_clients_locked(void)
2775 {
2776 MapClient *client;
2777
2778 while (!QLIST_EMPTY(&map_client_list)) {
2779 client = QLIST_FIRST(&map_client_list);
2780 qemu_bh_schedule(client->bh);
2781 cpu_unregister_map_client_do(client);
2782 }
2783 }
2784
2785 void cpu_register_map_client(QEMUBH *bh)
2786 {
2787 MapClient *client = g_malloc(sizeof(*client));
2788
2789 qemu_mutex_lock(&map_client_list_lock);
2790 client->bh = bh;
2791 QLIST_INSERT_HEAD(&map_client_list, client, link);
2792 if (!atomic_read(&bounce.in_use)) {
2793 cpu_notify_map_clients_locked();
2794 }
2795 qemu_mutex_unlock(&map_client_list_lock);
2796 }
2797
2798 void cpu_exec_init_all(void)
2799 {
2800 qemu_mutex_init(&ram_list.mutex);
2801 io_mem_init();
2802 memory_map_init();
2803 qemu_mutex_init(&map_client_list_lock);
2804 }
2805
2806 void cpu_unregister_map_client(QEMUBH *bh)
2807 {
2808 MapClient *client;
2809
2810 qemu_mutex_lock(&map_client_list_lock);
2811 QLIST_FOREACH(client, &map_client_list, link) {
2812 if (client->bh == bh) {
2813 cpu_unregister_map_client_do(client);
2814 break;
2815 }
2816 }
2817 qemu_mutex_unlock(&map_client_list_lock);
2818 }
2819
2820 static void cpu_notify_map_clients(void)
2821 {
2822 qemu_mutex_lock(&map_client_list_lock);
2823 cpu_notify_map_clients_locked();
2824 qemu_mutex_unlock(&map_client_list_lock);
2825 }
2826
2827 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2828 {
2829 MemoryRegion *mr;
2830 hwaddr l, xlat;
2831
2832 rcu_read_lock();
2833 while (len > 0) {
2834 l = len;
2835 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2836 if (!memory_access_is_direct(mr, is_write)) {
2837 l = memory_access_size(mr, l, addr);
2838 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2839 return false;
2840 }
2841 }
2842
2843 len -= l;
2844 addr += l;
2845 }
2846 rcu_read_unlock();
2847 return true;
2848 }
2849
2850 /* Map a physical memory region into a host virtual address.
2851 * May map a subset of the requested range, given by and returned in *plen.
2852 * May return NULL if resources needed to perform the mapping are exhausted.
2853 * Use only for reads OR writes - not for read-modify-write operations.
2854 * Use cpu_register_map_client() to know when retrying the map operation is
2855 * likely to succeed.
2856 */
2857 void *address_space_map(AddressSpace *as,
2858 hwaddr addr,
2859 hwaddr *plen,
2860 bool is_write)
2861 {
2862 hwaddr len = *plen;
2863 hwaddr done = 0;
2864 hwaddr l, xlat, base;
2865 MemoryRegion *mr, *this_mr;
2866 void *ptr;
2867
2868 if (len == 0) {
2869 return NULL;
2870 }
2871
2872 l = len;
2873 rcu_read_lock();
2874 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2875
2876 if (!memory_access_is_direct(mr, is_write)) {
2877 if (atomic_xchg(&bounce.in_use, true)) {
2878 rcu_read_unlock();
2879 return NULL;
2880 }
2881 /* Avoid unbounded allocations */
2882 l = MIN(l, TARGET_PAGE_SIZE);
2883 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2884 bounce.addr = addr;
2885 bounce.len = l;
2886
2887 memory_region_ref(mr);
2888 bounce.mr = mr;
2889 if (!is_write) {
2890 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2891 bounce.buffer, l);
2892 }
2893
2894 rcu_read_unlock();
2895 *plen = l;
2896 return bounce.buffer;
2897 }
2898
2899 base = xlat;
2900
2901 for (;;) {
2902 len -= l;
2903 addr += l;
2904 done += l;
2905 if (len == 0) {
2906 break;
2907 }
2908
2909 l = len;
2910 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2911 if (this_mr != mr || xlat != base + done) {
2912 break;
2913 }
2914 }
2915
2916 memory_region_ref(mr);
2917 *plen = done;
2918 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
2919 rcu_read_unlock();
2920
2921 return ptr;
2922 }
2923
2924 /* Unmaps a memory region previously mapped by address_space_map().
2925 * Will also mark the memory as dirty if is_write == 1. access_len gives
2926 * the amount of memory that was actually read or written by the caller.
2927 */
2928 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2929 int is_write, hwaddr access_len)
2930 {
2931 if (buffer != bounce.buffer) {
2932 MemoryRegion *mr;
2933 ram_addr_t addr1;
2934
2935 mr = memory_region_from_host(buffer, &addr1);
2936 assert(mr != NULL);
2937 if (is_write) {
2938 invalidate_and_set_dirty(mr, addr1, access_len);
2939 }
2940 if (xen_enabled()) {
2941 xen_invalidate_map_cache_entry(buffer);
2942 }
2943 memory_region_unref(mr);
2944 return;
2945 }
2946 if (is_write) {
2947 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2948 bounce.buffer, access_len);
2949 }
2950 qemu_vfree(bounce.buffer);
2951 bounce.buffer = NULL;
2952 memory_region_unref(bounce.mr);
2953 atomic_mb_set(&bounce.in_use, false);
2954 cpu_notify_map_clients();
2955 }
2956
2957 void *cpu_physical_memory_map(hwaddr addr,
2958 hwaddr *plen,
2959 int is_write)
2960 {
2961 return address_space_map(&address_space_memory, addr, plen, is_write);
2962 }
2963
2964 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2965 int is_write, hwaddr access_len)
2966 {
2967 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2968 }
2969
2970 /* warning: addr must be aligned */
2971 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2972 MemTxAttrs attrs,
2973 MemTxResult *result,
2974 enum device_endian endian)
2975 {
2976 uint8_t *ptr;
2977 uint64_t val;
2978 MemoryRegion *mr;
2979 hwaddr l = 4;
2980 hwaddr addr1;
2981 MemTxResult r;
2982 bool release_lock = false;
2983
2984 rcu_read_lock();
2985 mr = address_space_translate(as, addr, &addr1, &l, false);
2986 if (l < 4 || !memory_access_is_direct(mr, false)) {
2987 release_lock |= prepare_mmio_access(mr);
2988
2989 /* I/O case */
2990 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2991 #if defined(TARGET_WORDS_BIGENDIAN)
2992 if (endian == DEVICE_LITTLE_ENDIAN) {
2993 val = bswap32(val);
2994 }
2995 #else
2996 if (endian == DEVICE_BIG_ENDIAN) {
2997 val = bswap32(val);
2998 }
2999 #endif
3000 } else {
3001 /* RAM case */
3002 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3003 switch (endian) {
3004 case DEVICE_LITTLE_ENDIAN:
3005 val = ldl_le_p(ptr);
3006 break;
3007 case DEVICE_BIG_ENDIAN:
3008 val = ldl_be_p(ptr);
3009 break;
3010 default:
3011 val = ldl_p(ptr);
3012 break;
3013 }
3014 r = MEMTX_OK;
3015 }
3016 if (result) {
3017 *result = r;
3018 }
3019 if (release_lock) {
3020 qemu_mutex_unlock_iothread();
3021 }
3022 rcu_read_unlock();
3023 return val;
3024 }
3025
3026 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3027 MemTxAttrs attrs, MemTxResult *result)
3028 {
3029 return address_space_ldl_internal(as, addr, attrs, result,
3030 DEVICE_NATIVE_ENDIAN);
3031 }
3032
3033 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3034 MemTxAttrs attrs, MemTxResult *result)
3035 {
3036 return address_space_ldl_internal(as, addr, attrs, result,
3037 DEVICE_LITTLE_ENDIAN);
3038 }
3039
3040 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3041 MemTxAttrs attrs, MemTxResult *result)
3042 {
3043 return address_space_ldl_internal(as, addr, attrs, result,
3044 DEVICE_BIG_ENDIAN);
3045 }
3046
3047 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3048 {
3049 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3050 }
3051
3052 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3053 {
3054 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3055 }
3056
3057 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3058 {
3059 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3060 }
3061
3062 /* warning: addr must be aligned */
3063 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3064 MemTxAttrs attrs,
3065 MemTxResult *result,
3066 enum device_endian endian)
3067 {
3068 uint8_t *ptr;
3069 uint64_t val;
3070 MemoryRegion *mr;
3071 hwaddr l = 8;
3072 hwaddr addr1;
3073 MemTxResult r;
3074 bool release_lock = false;
3075
3076 rcu_read_lock();
3077 mr = address_space_translate(as, addr, &addr1, &l,
3078 false);
3079 if (l < 8 || !memory_access_is_direct(mr, false)) {
3080 release_lock |= prepare_mmio_access(mr);
3081
3082 /* I/O case */
3083 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3084 #if defined(TARGET_WORDS_BIGENDIAN)
3085 if (endian == DEVICE_LITTLE_ENDIAN) {
3086 val = bswap64(val);
3087 }
3088 #else
3089 if (endian == DEVICE_BIG_ENDIAN) {
3090 val = bswap64(val);
3091 }
3092 #endif
3093 } else {
3094 /* RAM case */
3095 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3096 switch (endian) {
3097 case DEVICE_LITTLE_ENDIAN:
3098 val = ldq_le_p(ptr);
3099 break;
3100 case DEVICE_BIG_ENDIAN:
3101 val = ldq_be_p(ptr);
3102 break;
3103 default:
3104 val = ldq_p(ptr);
3105 break;
3106 }
3107 r = MEMTX_OK;
3108 }
3109 if (result) {
3110 *result = r;
3111 }
3112 if (release_lock) {
3113 qemu_mutex_unlock_iothread();
3114 }
3115 rcu_read_unlock();
3116 return val;
3117 }
3118
3119 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3120 MemTxAttrs attrs, MemTxResult *result)
3121 {
3122 return address_space_ldq_internal(as, addr, attrs, result,
3123 DEVICE_NATIVE_ENDIAN);
3124 }
3125
3126 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3127 MemTxAttrs attrs, MemTxResult *result)
3128 {
3129 return address_space_ldq_internal(as, addr, attrs, result,
3130 DEVICE_LITTLE_ENDIAN);
3131 }
3132
3133 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3134 MemTxAttrs attrs, MemTxResult *result)
3135 {
3136 return address_space_ldq_internal(as, addr, attrs, result,
3137 DEVICE_BIG_ENDIAN);
3138 }
3139
3140 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3141 {
3142 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3143 }
3144
3145 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3146 {
3147 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3148 }
3149
3150 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3151 {
3152 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3153 }
3154
3155 /* XXX: optimize */
3156 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3157 MemTxAttrs attrs, MemTxResult *result)
3158 {
3159 uint8_t val;
3160 MemTxResult r;
3161
3162 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3163 if (result) {
3164 *result = r;
3165 }
3166 return val;
3167 }
3168
3169 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3170 {
3171 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3172 }
3173
3174 /* warning: addr must be aligned */
3175 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3176 hwaddr addr,
3177 MemTxAttrs attrs,
3178 MemTxResult *result,
3179 enum device_endian endian)
3180 {
3181 uint8_t *ptr;
3182 uint64_t val;
3183 MemoryRegion *mr;
3184 hwaddr l = 2;
3185 hwaddr addr1;
3186 MemTxResult r;
3187 bool release_lock = false;
3188
3189 rcu_read_lock();
3190 mr = address_space_translate(as, addr, &addr1, &l,
3191 false);
3192 if (l < 2 || !memory_access_is_direct(mr, false)) {
3193 release_lock |= prepare_mmio_access(mr);
3194
3195 /* I/O case */
3196 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3197 #if defined(TARGET_WORDS_BIGENDIAN)
3198 if (endian == DEVICE_LITTLE_ENDIAN) {
3199 val = bswap16(val);
3200 }
3201 #else
3202 if (endian == DEVICE_BIG_ENDIAN) {
3203 val = bswap16(val);
3204 }
3205 #endif
3206 } else {
3207 /* RAM case */
3208 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3209 switch (endian) {
3210 case DEVICE_LITTLE_ENDIAN:
3211 val = lduw_le_p(ptr);
3212 break;
3213 case DEVICE_BIG_ENDIAN:
3214 val = lduw_be_p(ptr);
3215 break;
3216 default:
3217 val = lduw_p(ptr);
3218 break;
3219 }
3220 r = MEMTX_OK;
3221 }
3222 if (result) {
3223 *result = r;
3224 }
3225 if (release_lock) {
3226 qemu_mutex_unlock_iothread();
3227 }
3228 rcu_read_unlock();
3229 return val;
3230 }
3231
3232 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3233 MemTxAttrs attrs, MemTxResult *result)
3234 {
3235 return address_space_lduw_internal(as, addr, attrs, result,
3236 DEVICE_NATIVE_ENDIAN);
3237 }
3238
3239 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3240 MemTxAttrs attrs, MemTxResult *result)
3241 {
3242 return address_space_lduw_internal(as, addr, attrs, result,
3243 DEVICE_LITTLE_ENDIAN);
3244 }
3245
3246 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3247 MemTxAttrs attrs, MemTxResult *result)
3248 {
3249 return address_space_lduw_internal(as, addr, attrs, result,
3250 DEVICE_BIG_ENDIAN);
3251 }
3252
3253 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3254 {
3255 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3256 }
3257
3258 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3259 {
3260 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3261 }
3262
3263 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3264 {
3265 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3266 }
3267
3268 /* warning: addr must be aligned. The ram page is not masked as dirty
3269 and the code inside is not invalidated. It is useful if the dirty
3270 bits are used to track modified PTEs */
3271 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3272 MemTxAttrs attrs, MemTxResult *result)
3273 {
3274 uint8_t *ptr;
3275 MemoryRegion *mr;
3276 hwaddr l = 4;
3277 hwaddr addr1;
3278 MemTxResult r;
3279 uint8_t dirty_log_mask;
3280 bool release_lock = false;
3281
3282 rcu_read_lock();
3283 mr = address_space_translate(as, addr, &addr1, &l,
3284 true);
3285 if (l < 4 || !memory_access_is_direct(mr, true)) {
3286 release_lock |= prepare_mmio_access(mr);
3287
3288 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3289 } else {
3290 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3291 stl_p(ptr, val);
3292
3293 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3294 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3295 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3296 4, dirty_log_mask);
3297 r = MEMTX_OK;
3298 }
3299 if (result) {
3300 *result = r;
3301 }
3302 if (release_lock) {
3303 qemu_mutex_unlock_iothread();
3304 }
3305 rcu_read_unlock();
3306 }
3307
3308 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3309 {
3310 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3311 }
3312
3313 /* warning: addr must be aligned */
3314 static inline void address_space_stl_internal(AddressSpace *as,
3315 hwaddr addr, uint32_t val,
3316 MemTxAttrs attrs,
3317 MemTxResult *result,
3318 enum device_endian endian)
3319 {
3320 uint8_t *ptr;
3321 MemoryRegion *mr;
3322 hwaddr l = 4;
3323 hwaddr addr1;
3324 MemTxResult r;
3325 bool release_lock = false;
3326
3327 rcu_read_lock();
3328 mr = address_space_translate(as, addr, &addr1, &l,
3329 true);
3330 if (l < 4 || !memory_access_is_direct(mr, true)) {
3331 release_lock |= prepare_mmio_access(mr);
3332
3333 #if defined(TARGET_WORDS_BIGENDIAN)
3334 if (endian == DEVICE_LITTLE_ENDIAN) {
3335 val = bswap32(val);
3336 }
3337 #else
3338 if (endian == DEVICE_BIG_ENDIAN) {
3339 val = bswap32(val);
3340 }
3341 #endif
3342 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3343 } else {
3344 /* RAM case */
3345 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3346 switch (endian) {
3347 case DEVICE_LITTLE_ENDIAN:
3348 stl_le_p(ptr, val);
3349 break;
3350 case DEVICE_BIG_ENDIAN:
3351 stl_be_p(ptr, val);
3352 break;
3353 default:
3354 stl_p(ptr, val);
3355 break;
3356 }
3357 invalidate_and_set_dirty(mr, addr1, 4);
3358 r = MEMTX_OK;
3359 }
3360 if (result) {
3361 *result = r;
3362 }
3363 if (release_lock) {
3364 qemu_mutex_unlock_iothread();
3365 }
3366 rcu_read_unlock();
3367 }
3368
3369 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3370 MemTxAttrs attrs, MemTxResult *result)
3371 {
3372 address_space_stl_internal(as, addr, val, attrs, result,
3373 DEVICE_NATIVE_ENDIAN);
3374 }
3375
3376 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3377 MemTxAttrs attrs, MemTxResult *result)
3378 {
3379 address_space_stl_internal(as, addr, val, attrs, result,
3380 DEVICE_LITTLE_ENDIAN);
3381 }
3382
3383 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3384 MemTxAttrs attrs, MemTxResult *result)
3385 {
3386 address_space_stl_internal(as, addr, val, attrs, result,
3387 DEVICE_BIG_ENDIAN);
3388 }
3389
3390 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3391 {
3392 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3393 }
3394
3395 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3396 {
3397 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3398 }
3399
3400 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3401 {
3402 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3403 }
3404
3405 /* XXX: optimize */
3406 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3407 MemTxAttrs attrs, MemTxResult *result)
3408 {
3409 uint8_t v = val;
3410 MemTxResult r;
3411
3412 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3413 if (result) {
3414 *result = r;
3415 }
3416 }
3417
3418 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3419 {
3420 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3421 }
3422
3423 /* warning: addr must be aligned */
3424 static inline void address_space_stw_internal(AddressSpace *as,
3425 hwaddr addr, uint32_t val,
3426 MemTxAttrs attrs,
3427 MemTxResult *result,
3428 enum device_endian endian)
3429 {
3430 uint8_t *ptr;
3431 MemoryRegion *mr;
3432 hwaddr l = 2;
3433 hwaddr addr1;
3434 MemTxResult r;
3435 bool release_lock = false;
3436
3437 rcu_read_lock();
3438 mr = address_space_translate(as, addr, &addr1, &l, true);
3439 if (l < 2 || !memory_access_is_direct(mr, true)) {
3440 release_lock |= prepare_mmio_access(mr);
3441
3442 #if defined(TARGET_WORDS_BIGENDIAN)
3443 if (endian == DEVICE_LITTLE_ENDIAN) {
3444 val = bswap16(val);
3445 }
3446 #else
3447 if (endian == DEVICE_BIG_ENDIAN) {
3448 val = bswap16(val);
3449 }
3450 #endif
3451 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3452 } else {
3453 /* RAM case */
3454 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3455 switch (endian) {
3456 case DEVICE_LITTLE_ENDIAN:
3457 stw_le_p(ptr, val);
3458 break;
3459 case DEVICE_BIG_ENDIAN:
3460 stw_be_p(ptr, val);
3461 break;
3462 default:
3463 stw_p(ptr, val);
3464 break;
3465 }
3466 invalidate_and_set_dirty(mr, addr1, 2);
3467 r = MEMTX_OK;
3468 }
3469 if (result) {
3470 *result = r;
3471 }
3472 if (release_lock) {
3473 qemu_mutex_unlock_iothread();
3474 }
3475 rcu_read_unlock();
3476 }
3477
3478 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3479 MemTxAttrs attrs, MemTxResult *result)
3480 {
3481 address_space_stw_internal(as, addr, val, attrs, result,
3482 DEVICE_NATIVE_ENDIAN);
3483 }
3484
3485 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3486 MemTxAttrs attrs, MemTxResult *result)
3487 {
3488 address_space_stw_internal(as, addr, val, attrs, result,
3489 DEVICE_LITTLE_ENDIAN);
3490 }
3491
3492 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3493 MemTxAttrs attrs, MemTxResult *result)
3494 {
3495 address_space_stw_internal(as, addr, val, attrs, result,
3496 DEVICE_BIG_ENDIAN);
3497 }
3498
3499 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3500 {
3501 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3502 }
3503
3504 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3505 {
3506 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3507 }
3508
3509 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3510 {
3511 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3512 }
3513
3514 /* XXX: optimize */
3515 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3516 MemTxAttrs attrs, MemTxResult *result)
3517 {
3518 MemTxResult r;
3519 val = tswap64(val);
3520 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3521 if (result) {
3522 *result = r;
3523 }
3524 }
3525
3526 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3527 MemTxAttrs attrs, MemTxResult *result)
3528 {
3529 MemTxResult r;
3530 val = cpu_to_le64(val);
3531 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3532 if (result) {
3533 *result = r;
3534 }
3535 }
3536 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3537 MemTxAttrs attrs, MemTxResult *result)
3538 {
3539 MemTxResult r;
3540 val = cpu_to_be64(val);
3541 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3542 if (result) {
3543 *result = r;
3544 }
3545 }
3546
3547 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3548 {
3549 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3550 }
3551
3552 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3553 {
3554 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3555 }
3556
3557 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3558 {
3559 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3560 }
3561
3562 /* virtual memory access for debug (includes writing to ROM) */
3563 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3564 uint8_t *buf, int len, int is_write)
3565 {
3566 int l;
3567 hwaddr phys_addr;
3568 target_ulong page;
3569
3570 while (len > 0) {
3571 int asidx;
3572 MemTxAttrs attrs;
3573
3574 page = addr & TARGET_PAGE_MASK;
3575 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3576 asidx = cpu_asidx_from_attrs(cpu, attrs);
3577 /* if no physical page mapped, return an error */
3578 if (phys_addr == -1)
3579 return -1;
3580 l = (page + TARGET_PAGE_SIZE) - addr;
3581 if (l > len)
3582 l = len;
3583 phys_addr += (addr & ~TARGET_PAGE_MASK);
3584 if (is_write) {
3585 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3586 phys_addr, buf, l);
3587 } else {
3588 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3589 MEMTXATTRS_UNSPECIFIED,
3590 buf, l, 0);
3591 }
3592 len -= l;
3593 buf += l;
3594 addr += l;
3595 }
3596 return 0;
3597 }
3598
3599 /*
3600 * Allows code that needs to deal with migration bitmaps etc to still be built
3601 * target independent.
3602 */
3603 size_t qemu_target_page_bits(void)
3604 {
3605 return TARGET_PAGE_BITS;
3606 }
3607
3608 #endif
3609
3610 /*
3611 * A helper function for the _utterly broken_ virtio device model to find out if
3612 * it's running on a big endian machine. Don't do this at home kids!
3613 */
3614 bool target_words_bigendian(void);
3615 bool target_words_bigendian(void)
3616 {
3617 #if defined(TARGET_WORDS_BIGENDIAN)
3618 return true;
3619 #else
3620 return false;
3621 #endif
3622 }
3623
3624 #ifndef CONFIG_USER_ONLY
3625 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3626 {
3627 MemoryRegion*mr;
3628 hwaddr l = 1;
3629 bool res;
3630
3631 rcu_read_lock();
3632 mr = address_space_translate(&address_space_memory,
3633 phys_addr, &phys_addr, &l, false);
3634
3635 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3636 rcu_read_unlock();
3637 return res;
3638 }
3639
3640 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3641 {
3642 RAMBlock *block;
3643 int ret = 0;
3644
3645 rcu_read_lock();
3646 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3647 ret = func(block->idstr, block->host, block->offset,
3648 block->used_length, opaque);
3649 if (ret) {
3650 break;
3651 }
3652 }
3653 rcu_read_unlock();
3654 return ret;
3655 }
3656 #endif
QEMU mirror