]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vhost build fix for i386
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
53a5960a
PB		 36#if defined(CONFIG_USER_ONLY)
37#include <qemu.h>
f01576f1
JL		 38#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
39#include <sys/param.h>
40#if __FreeBSD_version >= 700104
41#define HAVE_KINFO_GETVMMAP
42#define sigqueue sigqueue_freebsd /* avoid redefinition */
43#include <sys/time.h>
44#include <sys/proc.h>
45#include <machine/profile.h>
46#define _KERNEL
47#include <sys/user.h>
48#undef _KERNEL
49#undef sigqueue
50#include <libutil.h>
51#endif
52#endif
432d268c
JN		 53#else /* !CONFIG_USER_ONLY */
54#include "xen-mapcache.h"
6506e4f9 55#include "trace.h"
53a5960a 56#endif
54936004 57
fd6ce8f6 58//#define DEBUG_TB_INVALIDATE
66e85a21 59//#define DEBUG_FLUSH
9fa3e853 60//#define DEBUG_TLB
67d3b957 61//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 62
63/* make various TB consistency checks */
5fafdf24
TS		 64//#define DEBUG_TB_CHECK
65//#define DEBUG_TLB_CHECK
fd6ce8f6 66
1196be37 67//#define DEBUG_IOPORT
db7b5426 68//#define DEBUG_SUBPAGE
1196be37 69
99773bd4
PB		 70#if !defined(CONFIG_USER_ONLY)
71/* TB consistency checks only implemented for usermode emulation. */
72#undef DEBUG_TB_CHECK
73#endif
74
9fa3e853
FB		 75#define SMC_BITMAP_USE_THRESHOLD 10
76
bdaf78e0 77static TranslationBlock *tbs;
24ab68ac 78static int code_gen_max_blocks;
9fa3e853 79TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 80static int nb_tbs;
eb51d102 81/* any access to the tbs or the page table must use this lock */
c227f099 82spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 83
141ac468
BS		 84#if defined(__arm__) || defined(__sparc_v9__)
85/* The prologue must be reachable with a direct jump. ARM and Sparc64
86 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 87 section close to code segment. */
88#define code_gen_section \
89 __attribute__((__section__(".gen_code"))) \
90 __attribute__((aligned (32)))
f8e2af11
SW		 91#elif defined(_WIN32)
92/* Maximum alignment for Win32 is 16. */
93#define code_gen_section \
94 __attribute__((aligned (16)))
d03d860b
BS		 95#else
96#define code_gen_section \
97 __attribute__((aligned (32)))
98#endif
99
100uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 101static uint8_t *code_gen_buffer;
102static unsigned long code_gen_buffer_size;
26a5f13b 103/* threshold to flush the translated code buffer */
bdaf78e0 104static unsigned long code_gen_buffer_max_size;
24ab68ac 105static uint8_t *code_gen_ptr;
fd6ce8f6 106
e2eef170 107#if !defined(CONFIG_USER_ONLY)
9fa3e853 108int phys_ram_fd;
74576198 109static int in_migration;
94a6b54f 110
f471a17e 111RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
e2eef170 112#endif
9fa3e853 113
6a00d601
FB		 114CPUState *first_cpu;
115/* current CPU in the current thread. It is only valid inside
116 cpu_exec() */
5fafdf24 117CPUState *cpu_single_env;
2e70f6ef 118/* 0 = Do not count executed instructions.
bf20dc07 119 1 = Precise instruction counting.
2e70f6ef
PB		 120 2 = Adaptive rate instruction counting. */
121int use_icount = 0;
122/* Current instruction counter. While executing translated code this may
123 include some instructions that have not yet been executed. */
124int64_t qemu_icount;
6a00d601 125
54936004 126typedef struct PageDesc {
92e873b9 127 /* list of TBs intersecting this ram page */
fd6ce8f6 128 TranslationBlock *first_tb;
9fa3e853
FB		 129 /* in order to optimize self modifying code, we count the number
130 of lookups we do to a given page to use a bitmap */
131 unsigned int code_write_count;
132 uint8_t *code_bitmap;
133#if defined(CONFIG_USER_ONLY)
134 unsigned long flags;
135#endif
54936004
FB		 136} PageDesc;
137
41c1b1c9 138/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 139 while in user mode we want it to be based on virtual addresses. */
140#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 141#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
142# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
143#else
5cd2c5b6 144# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 145#endif
bedb69ea 146#else
5cd2c5b6 147# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 148#endif
54936004 149
5cd2c5b6
RH		 150/* Size of the L2 (and L3, etc) page tables. */
151#define L2_BITS 10
54936004
FB		 152#define L2_SIZE (1 << L2_BITS)
153
5cd2c5b6
RH		 154/* The bits remaining after N lower levels of page tables. */
155#define P_L1_BITS_REM \
156 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
157#define V_L1_BITS_REM \
158 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
159
160/* Size of the L1 page table. Avoid silly small sizes. */
161#if P_L1_BITS_REM < 4
162#define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
163#else
164#define P_L1_BITS P_L1_BITS_REM
165#endif
166
167#if V_L1_BITS_REM < 4
168#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
169#else
170#define V_L1_BITS V_L1_BITS_REM
171#endif
172
173#define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
174#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
175
176#define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
177#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
178
83fb7adf
FB		 179unsigned long qemu_real_host_page_size;
180unsigned long qemu_host_page_bits;
181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 189typedef struct PhysPageDesc {
190 /* offset in host memory of the page + io_index in the low bits */
191 ram_addr_t phys_offset;
192 ram_addr_t region_offset;
193} PhysPageDesc;
194
5cd2c5b6
RH		 195/* This is a multi-level map on the physical address space.
196 The bottom level has pointers to PhysPageDesc. */
197static void *l1_phys_map[P_L1_SIZE];
6d9a1304 198
e2eef170
PB		 199static void io_mem_init(void);
200
33417e70 201/* io memory support */
33417e70
FB		 202CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
203CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
a4193c8a 204void *io_mem_opaque[IO_MEM_NB_ENTRIES];
511d2b14 205static char io_mem_used[IO_MEM_NB_ENTRIES];
6658ffb8
PB		 206static int io_mem_watch;
207#endif
33417e70 208
34865134 209/* log support */
1e8b27ca
JR		 210#ifdef WIN32
211static const char *logfilename = "qemu.log";
212#else
d9b630fd 213static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 214#endif
34865134
FB		 215FILE *logfile;
216int loglevel;
e735b91c 217static int log_append = 0;
34865134 218
e3db7226 219/* statistics */
b3755a91 220#if !defined(CONFIG_USER_ONLY)
e3db7226 221static int tlb_flush_count;
b3755a91 222#endif
e3db7226
FB		 223static int tb_flush_count;
224static int tb_phys_invalidate_count;
225
7cb69cae
FB		 226#ifdef _WIN32
227static void map_exec(void *addr, long size)
228{
229 DWORD old_protect;
230 VirtualProtect(addr, size,
231 PAGE_EXECUTE_READWRITE, &old_protect);
232
233}
234#else
235static void map_exec(void *addr, long size)
236{
4369415f 237 unsigned long start, end, page_size;
7cb69cae 238
4369415f 239 page_size = getpagesize();
7cb69cae 240 start = (unsigned long)addr;
4369415f 241 start &= ~(page_size - 1);
7cb69cae
FB		 242
243 end = (unsigned long)addr + size;
4369415f
FB		 244 end += page_size - 1;
245 end &= ~(page_size - 1);
7cb69cae
FB		 246
247 mprotect((void *)start, end - start,
248 PROT_READ | PROT_WRITE | PROT_EXEC);
249}
250#endif
251
b346ff46 252static void page_init(void)
54936004 253{
83fb7adf 254 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 255 TARGET_PAGE_SIZE */
c2b48b69
AL		 256#ifdef _WIN32
257 {
258 SYSTEM_INFO system_info;
259
260 GetSystemInfo(&system_info);
261 qemu_real_host_page_size = system_info.dwPageSize;
262 }
263#else
264 qemu_real_host_page_size = getpagesize();
265#endif
83fb7adf
FB		 266 if (qemu_host_page_size == 0)
267 qemu_host_page_size = qemu_real_host_page_size;
268 if (qemu_host_page_size < TARGET_PAGE_SIZE)
269 qemu_host_page_size = TARGET_PAGE_SIZE;
270 qemu_host_page_bits = 0;
271 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
272 qemu_host_page_bits++;
273 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 274
2e9a5713 275#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 276 {
f01576f1
JL		 277#ifdef HAVE_KINFO_GETVMMAP
278 struct kinfo_vmentry *freep;
279 int i, cnt;
280
281 freep = kinfo_getvmmap(getpid(), &cnt);
282 if (freep) {
283 mmap_lock();
284 for (i = 0; i < cnt; i++) {
285 unsigned long startaddr, endaddr;
286
287 startaddr = freep[i].kve_start;
288 endaddr = freep[i].kve_end;
289 if (h2g_valid(startaddr)) {
290 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
291
292 if (h2g_valid(endaddr)) {
293 endaddr = h2g(endaddr);
fd436907 294 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 295 } else {
296#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
297 endaddr = ~0ul;
fd436907 298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 299#endif
300 }
301 }
302 }
303 free(freep);
304 mmap_unlock();
305 }
306#else
50a9569b 307 FILE *f;
50a9569b 308
0776590d 309 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 310
fd436907 311 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 312 if (f) {
5cd2c5b6
RH		 313 mmap_lock();
314
50a9569b 315 do {
5cd2c5b6
RH		 316 unsigned long startaddr, endaddr;
317 int n;
318
319 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
320
321 if (n == 2 && h2g_valid(startaddr)) {
322 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
323
324 if (h2g_valid(endaddr)) {
325 endaddr = h2g(endaddr);
326 } else {
327 endaddr = ~0ul;
328 }
329 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 330 }
331 } while (!feof(f));
5cd2c5b6 332
50a9569b 333 fclose(f);
5cd2c5b6 334 mmap_unlock();
50a9569b 335 }
f01576f1 336#endif
50a9569b
AZ		 337 }
338#endif
54936004
FB		 339}
340
41c1b1c9 341static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 342{
41c1b1c9
PB		 343 PageDesc *pd;
344 void **lp;
345 int i;
346
5cd2c5b6 347#if defined(CONFIG_USER_ONLY)
2e9a5713 348 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 349# define ALLOC(P, SIZE) \
350 do { \
351 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
352 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 353 } while (0)
354#else
355# define ALLOC(P, SIZE) \
356 do { P = qemu_mallocz(SIZE); } while (0)
17e2377a 357#endif
434929bf 358
5cd2c5b6
RH		 359 /* Level 1. Always allocated. */
360 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
361
362 /* Level 2..N-1. */
363 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
364 void **p = *lp;
365
366 if (p == NULL) {
367 if (!alloc) {
368 return NULL;
369 }
370 ALLOC(p, sizeof(void *) * L2_SIZE);
371 *lp = p;
17e2377a 372 }
5cd2c5b6
RH		 373
374 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
375 }
376
377 pd = *lp;
378 if (pd == NULL) {
379 if (!alloc) {
380 return NULL;
381 }
382 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
383 *lp = pd;
54936004 384 }
5cd2c5b6
RH		 385
386#undef ALLOC
5cd2c5b6
RH		 387
388 return pd + (index & (L2_SIZE - 1));
54936004
FB		 389}
390
41c1b1c9 391static inline PageDesc *page_find(tb_page_addr_t index)
54936004 392{
5cd2c5b6 393 return page_find_alloc(index, 0);
fd6ce8f6
FB		 394}
395
6d9a1304 396#if !defined(CONFIG_USER_ONLY)
c227f099 397static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 398{
e3f4e2a4 399 PhysPageDesc *pd;
5cd2c5b6
RH		 400 void **lp;
401 int i;
92e873b9 402
5cd2c5b6
RH		 403 /* Level 1. Always allocated. */
404 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
108c49b8 405
5cd2c5b6
RH		 406 /* Level 2..N-1. */
407 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
408 void **p = *lp;
409 if (p == NULL) {
410 if (!alloc) {
411 return NULL;
412 }
413 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
414 }
415 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
108c49b8 416 }
5cd2c5b6 417
e3f4e2a4 418 pd = *lp;
5cd2c5b6 419 if (pd == NULL) {
e3f4e2a4 420 int i;
5cd2c5b6
RH		 421
422 if (!alloc) {
108c49b8 423 return NULL;
5cd2c5b6
RH		 424 }
425
426 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
427
67c4d23c 428 for (i = 0; i < L2_SIZE; i++) {
5cd2c5b6
RH		 429 pd[i].phys_offset = IO_MEM_UNASSIGNED;
430 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
67c4d23c 431 }
92e873b9 432 }
5cd2c5b6
RH		 433
434 return pd + (index & (L2_SIZE - 1));
92e873b9
FB		 435}
436
c227f099 437static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
92e873b9 438{
108c49b8 439 return phys_page_find_alloc(index, 0);
92e873b9
FB		 440}
441
c227f099
AL		 442static void tlb_protect_code(ram_addr_t ram_addr);
443static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 444 target_ulong vaddr);
c8a706fe
PB		 445#define mmap_lock() do { } while(0)
446#define mmap_unlock() do { } while(0)
9fa3e853 447#endif
fd6ce8f6 448
4369415f
FB		 449#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
450
451#if defined(CONFIG_USER_ONLY)
ccbb4d44 452/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 453 user mode. It will change when a dedicated libc will be used */
454#define USE_STATIC_CODE_GEN_BUFFER
455#endif
456
457#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 458static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
459 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 460#endif
461
8fcd3692 462static void code_gen_alloc(unsigned long tb_size)
26a5f13b 463{
4369415f
FB		 464#ifdef USE_STATIC_CODE_GEN_BUFFER
465 code_gen_buffer = static_code_gen_buffer;
466 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
467 map_exec(code_gen_buffer, code_gen_buffer_size);
468#else
26a5f13b
FB		 469 code_gen_buffer_size = tb_size;
470 if (code_gen_buffer_size == 0) {
4369415f
FB		 471#if defined(CONFIG_USER_ONLY)
472 /* in user mode, phys_ram_size is not meaningful */
473 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
474#else
ccbb4d44 475 /* XXX: needs adjustments */
94a6b54f 476 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 477#endif
26a5f13b
FB		 478 }
479 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
480 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
481 /* The code gen buffer location may have constraints depending on
482 the host cpu and OS */
483#if defined(__linux__)
484 {
485 int flags;
141ac468
BS		 486 void *start = NULL;
487
26a5f13b
FB		 488 flags = MAP_PRIVATE | MAP_ANONYMOUS;
489#if defined(__x86_64__)
490 flags |= MAP_32BIT;
491 /* Cannot map more than that */
492 if (code_gen_buffer_size > (800 * 1024 * 1024))
493 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 494#elif defined(__sparc_v9__)
495 // Map the buffer below 2G, so we can use direct calls and branches
496 flags |= MAP_FIXED;
497 start = (void *) 0x60000000UL;
498 if (code_gen_buffer_size > (512 * 1024 * 1024))
499 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 500#elif defined(__arm__)
63d41246 501 /* Map the buffer below 32M, so we can use direct calls and branches */
1cb0661e
AZ		 502 flags |= MAP_FIXED;
503 start = (void *) 0x01000000UL;
504 if (code_gen_buffer_size > 16 * 1024 * 1024)
505 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 506#elif defined(__s390x__)
507 /* Map the buffer so that we can use direct calls and branches. */
508 /* We have a +- 4GB range on the branches; leave some slop. */
509 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
510 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
511 }
512 start = (void *)0x90000000UL;
26a5f13b 513#endif
141ac468
BS		 514 code_gen_buffer = mmap(start, code_gen_buffer_size,
515 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 516 flags, -1, 0);
517 if (code_gen_buffer == MAP_FAILED) {
518 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
519 exit(1);
520 }
521 }
cbb608a5
B		 522#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
523 || defined(__DragonFly__) || defined(__OpenBSD__)
06e67a82
AL		 524 {
525 int flags;
526 void *addr = NULL;
527 flags = MAP_PRIVATE | MAP_ANONYMOUS;
528#if defined(__x86_64__)
529 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
530 * 0x40000000 is free */
531 flags |= MAP_FIXED;
532 addr = (void *)0x40000000;
533 /* Cannot map more than that */
534 if (code_gen_buffer_size > (800 * 1024 * 1024))
535 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 536#elif defined(__sparc_v9__)
537 // Map the buffer below 2G, so we can use direct calls and branches
538 flags |= MAP_FIXED;
539 addr = (void *) 0x60000000UL;
540 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
541 code_gen_buffer_size = (512 * 1024 * 1024);
542 }
06e67a82
AL		 543#endif
544 code_gen_buffer = mmap(addr, code_gen_buffer_size,
545 PROT_WRITE | PROT_READ | PROT_EXEC,
546 flags, -1, 0);
547 if (code_gen_buffer == MAP_FAILED) {
548 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
549 exit(1);
550 }
551 }
26a5f13b
FB		 552#else
553 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
26a5f13b
FB		 554 map_exec(code_gen_buffer, code_gen_buffer_size);
555#endif
4369415f 556#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 557 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 558 code_gen_buffer_max_size = code_gen_buffer_size -
559 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b
FB		 560 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
561 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
562}
563
564/* Must be called before using the QEMU cpus. 'tb_size' is the size
565 (in bytes) allocated to the translation buffer. Zero means default
566 size. */
567void cpu_exec_init_all(unsigned long tb_size)
568{
26a5f13b
FB		 569 cpu_gen_init();
570 code_gen_alloc(tb_size);
571 code_gen_ptr = code_gen_buffer;
4369415f 572 page_init();
e2eef170 573#if !defined(CONFIG_USER_ONLY)
26a5f13b 574 io_mem_init();
e2eef170 575#endif
9002ec79
RH		 576#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
577 /* There's no guest base to take into account, so go ahead and
578 initialize the prologue now. */
579 tcg_prologue_init(&tcg_ctx);
580#endif
26a5f13b
FB		 581}
582
9656f324
PB		 583#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
584
e59fb374 585static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 586{
587 CPUState *env = opaque;
9656f324 588
3098dba0
AJ		 589 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
590 version_id is increased. */
591 env->interrupt_request &= ~0x01;
9656f324
PB		 592 tlb_flush(env, 1);
593
594 return 0;
595}
e7f4eff7
JQ		 596
597static const VMStateDescription vmstate_cpu_common = {
598 .name = "cpu_common",
599 .version_id = 1,
600 .minimum_version_id = 1,
601 .minimum_version_id_old = 1,
e7f4eff7
JQ		 602 .post_load = cpu_common_post_load,
603 .fields = (VMStateField []) {
604 VMSTATE_UINT32(halted, CPUState),
605 VMSTATE_UINT32(interrupt_request, CPUState),
606 VMSTATE_END_OF_LIST()
607 }
608};
9656f324
PB		 609#endif
610
950f1472
GC		 611CPUState *qemu_get_cpu(int cpu)
612{
613 CPUState *env = first_cpu;
614
615 while (env) {
616 if (env->cpu_index == cpu)
617 break;
618 env = env->next_cpu;
619 }
620
621 return env;
622}
623
6a00d601 624void cpu_exec_init(CPUState *env)
fd6ce8f6 625{
6a00d601
FB		 626 CPUState **penv;
627 int cpu_index;
628
c2764719
PB		 629#if defined(CONFIG_USER_ONLY)
630 cpu_list_lock();
631#endif
6a00d601
FB		 632 env->next_cpu = NULL;
633 penv = &first_cpu;
634 cpu_index = 0;
635 while (*penv != NULL) {
1e9fa730 636 penv = &(*penv)->next_cpu;
6a00d601
FB		 637 cpu_index++;
638 }
639 env->cpu_index = cpu_index;
268a362c 640 env->numa_node = 0;
72cf2d4f
BS		 641 QTAILQ_INIT(&env->breakpoints);
642 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 643#ifndef CONFIG_USER_ONLY
644 env->thread_id = qemu_get_thread_id();
645#endif
6a00d601 646 *penv = env;
c2764719
PB		 647#if defined(CONFIG_USER_ONLY)
648 cpu_list_unlock();
649#endif
b3c7724c 650#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 651 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
652 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 653 cpu_save, cpu_load, env);
654#endif
fd6ce8f6
FB		 655}
656
d1a1eb74
TG		 657/* Allocate a new translation block. Flush the translation buffer if
658 too many translation blocks or too much generated code. */
659static TranslationBlock *tb_alloc(target_ulong pc)
660{
661 TranslationBlock *tb;
662
663 if (nb_tbs >= code_gen_max_blocks ||
664 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
665 return NULL;
666 tb = &tbs[nb_tbs++];
667 tb->pc = pc;
668 tb->cflags = 0;
669 return tb;
670}
671
672void tb_free(TranslationBlock *tb)
673{
674 /* In practice this is mostly used for single use temporary TB
675 Ignore the hard cases and just back up if this TB happens to
676 be the last one generated. */
677 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
678 code_gen_ptr = tb->tc_ptr;
679 nb_tbs--;
680 }
681}
682
9fa3e853
FB		 683static inline void invalidate_page_bitmap(PageDesc *p)
684{
685 if (p->code_bitmap) {
59817ccb 686 qemu_free(p->code_bitmap);
9fa3e853
FB		 687 p->code_bitmap = NULL;
688 }
689 p->code_write_count = 0;
690}
691
5cd2c5b6
RH		 692/* Set to NULL all the 'first_tb' fields in all PageDescs. */
693
694static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 695{
5cd2c5b6 696 int i;
fd6ce8f6 697
5cd2c5b6
RH		 698 if (*lp == NULL) {
699 return;
700 }
701 if (level == 0) {
702 PageDesc *pd = *lp;
7296abac 703 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 704 pd[i].first_tb = NULL;
705 invalidate_page_bitmap(pd + i);
fd6ce8f6 706 }
5cd2c5b6
RH		 707 } else {
708 void **pp = *lp;
7296abac 709 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 710 page_flush_tb_1 (level - 1, pp + i);
711 }
712 }
713}
714
715static void page_flush_tb(void)
716{
717 int i;
718 for (i = 0; i < V_L1_SIZE; i++) {
719 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 720 }
721}
722
723/* flush all the translation blocks */
d4e8164f 724/* XXX: tb_flush is currently not thread safe */
6a00d601 725void tb_flush(CPUState *env1)
fd6ce8f6 726{
6a00d601 727 CPUState *env;
0124311e 728#if defined(DEBUG_FLUSH)
ab3d1727
BS		 729 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
730 (unsigned long)(code_gen_ptr - code_gen_buffer),
731 nb_tbs, nb_tbs > 0 ?
732 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 733#endif
26a5f13b 734 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 735 cpu_abort(env1, "Internal error: code buffer overflow\n");
736
fd6ce8f6 737 nb_tbs = 0;
3b46e624 738
6a00d601
FB		 739 for(env = first_cpu; env != NULL; env = env->next_cpu) {
740 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
741 }
9fa3e853 742
8a8a608f 743 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 744 page_flush_tb();
9fa3e853 745
fd6ce8f6 746 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 747 /* XXX: flush processor icache at this point if cache flush is
748 expensive */
e3db7226 749 tb_flush_count++;
fd6ce8f6
FB		 750}
751
752#ifdef DEBUG_TB_CHECK
753
bc98a7ef 754static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 755{
756 TranslationBlock *tb;
757 int i;
758 address &= TARGET_PAGE_MASK;
99773bd4
PB		 759 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
760 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 761 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
762 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 763 printf("ERROR invalidate: address=" TARGET_FMT_lx
764 " PC=%08lx size=%04x\n",
99773bd4 765 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 766 }
767 }
768 }
769}
770
771/* verify that all the pages have correct rights for code */
772static void tb_page_check(void)
773{
774 TranslationBlock *tb;
775 int i, flags1, flags2;
3b46e624 776
99773bd4
PB		 777 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
778 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 779 flags1 = page_get_flags(tb->pc);
780 flags2 = page_get_flags(tb->pc + tb->size - 1);
781 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
782 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 783 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 784 }
785 }
786 }
787}
788
789#endif
790
791/* invalidate one TB */
792static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
793 int next_offset)
794{
795 TranslationBlock *tb1;
796 for(;;) {
797 tb1 = *ptb;
798 if (tb1 == tb) {
799 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
800 break;
801 }
802 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
803 }
804}
805
9fa3e853
FB		 806static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
807{
808 TranslationBlock *tb1;
809 unsigned int n1;
810
811 for(;;) {
812 tb1 = *ptb;
813 n1 = (long)tb1 & 3;
814 tb1 = (TranslationBlock *)((long)tb1 & ~3);
815 if (tb1 == tb) {
816 *ptb = tb1->page_next[n1];
817 break;
818 }
819 ptb = &tb1->page_next[n1];
820 }
821}
822
d4e8164f
FB		 823static inline void tb_jmp_remove(TranslationBlock *tb, int n)
824{
825 TranslationBlock *tb1, **ptb;
826 unsigned int n1;
827
828 ptb = &tb->jmp_next[n];
829 tb1 = *ptb;
830 if (tb1) {
831 /* find tb(n) in circular list */
832 for(;;) {
833 tb1 = *ptb;
834 n1 = (long)tb1 & 3;
835 tb1 = (TranslationBlock *)((long)tb1 & ~3);
836 if (n1 == n && tb1 == tb)
837 break;
838 if (n1 == 2) {
839 ptb = &tb1->jmp_first;
840 } else {
841 ptb = &tb1->jmp_next[n1];
842 }
843 }
844 /* now we can suppress tb(n) from the list */
845 *ptb = tb->jmp_next[n];
846
847 tb->jmp_next[n] = NULL;
848 }
849}
850
851/* reset the jump entry 'n' of a TB so that it is not chained to
852 another TB */
853static inline void tb_reset_jump(TranslationBlock *tb, int n)
854{
855 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
856}
857
41c1b1c9 858void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 859{
6a00d601 860 CPUState *env;
8a40a180 861 PageDesc *p;
d4e8164f 862 unsigned int h, n1;
41c1b1c9 863 tb_page_addr_t phys_pc;
8a40a180 864 TranslationBlock *tb1, *tb2;
3b46e624 865
8a40a180
FB		 866 /* remove the TB from the hash list */
867 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
868 h = tb_phys_hash_func(phys_pc);
5fafdf24 869 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 870 offsetof(TranslationBlock, phys_hash_next));
871
872 /* remove the TB from the page list */
873 if (tb->page_addr[0] != page_addr) {
874 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
875 tb_page_remove(&p->first_tb, tb);
876 invalidate_page_bitmap(p);
877 }
878 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
879 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
880 tb_page_remove(&p->first_tb, tb);
881 invalidate_page_bitmap(p);
882 }
883
36bdbe54 884 tb_invalidated_flag = 1;
59817ccb 885
fd6ce8f6 886 /* remove the TB from the hash list */
8a40a180 887 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 888 for(env = first_cpu; env != NULL; env = env->next_cpu) {
889 if (env->tb_jmp_cache[h] == tb)
890 env->tb_jmp_cache[h] = NULL;
891 }
d4e8164f
FB		 892
893 /* suppress this TB from the two jump lists */
894 tb_jmp_remove(tb, 0);
895 tb_jmp_remove(tb, 1);
896
897 /* suppress any remaining jumps to this TB */
898 tb1 = tb->jmp_first;
899 for(;;) {
900 n1 = (long)tb1 & 3;
901 if (n1 == 2)
902 break;
903 tb1 = (TranslationBlock *)((long)tb1 & ~3);
904 tb2 = tb1->jmp_next[n1];
905 tb_reset_jump(tb1, n1);
906 tb1->jmp_next[n1] = NULL;
907 tb1 = tb2;
908 }
909 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 910
e3db7226 911 tb_phys_invalidate_count++;
9fa3e853
FB		 912}
913
914static inline void set_bits(uint8_t *tab, int start, int len)
915{
916 int end, mask, end1;
917
918 end = start + len;
919 tab += start >> 3;
920 mask = 0xff << (start & 7);
921 if ((start & ~7) == (end & ~7)) {
922 if (start < end) {
923 mask &= ~(0xff << (end & 7));
924 *tab |= mask;
925 }
926 } else {
927 *tab++ |= mask;
928 start = (start + 8) & ~7;
929 end1 = end & ~7;
930 while (start < end1) {
931 *tab++ = 0xff;
932 start += 8;
933 }
934 if (start < end) {
935 mask = ~(0xff << (end & 7));
936 *tab |= mask;
937 }
938 }
939}
940
941static void build_page_bitmap(PageDesc *p)
942{
943 int n, tb_start, tb_end;
944 TranslationBlock *tb;
3b46e624 945
b2a7081a 946 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 947
948 tb = p->first_tb;
949 while (tb != NULL) {
950 n = (long)tb & 3;
951 tb = (TranslationBlock *)((long)tb & ~3);
952 /* NOTE: this is subtle as a TB may span two physical pages */
953 if (n == 0) {
954 /* NOTE: tb_end may be after the end of the page, but
955 it is not a problem */
956 tb_start = tb->pc & ~TARGET_PAGE_MASK;
957 tb_end = tb_start + tb->size;
958 if (tb_end > TARGET_PAGE_SIZE)
959 tb_end = TARGET_PAGE_SIZE;
960 } else {
961 tb_start = 0;
962 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
963 }
964 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
965 tb = tb->page_next[n];
966 }
967}
968
2e70f6ef
PB		 969TranslationBlock *tb_gen_code(CPUState *env,
970 target_ulong pc, target_ulong cs_base,
971 int flags, int cflags)
d720b93d
FB		 972{
973 TranslationBlock *tb;
974 uint8_t *tc_ptr;
41c1b1c9
PB		 975 tb_page_addr_t phys_pc, phys_page2;
976 target_ulong virt_page2;
d720b93d
FB		 977 int code_gen_size;
978
41c1b1c9 979 phys_pc = get_page_addr_code(env, pc);
c27004ec 980 tb = tb_alloc(pc);
d720b93d
FB		 981 if (!tb) {
982 /* flush must be done */
983 tb_flush(env);
984 /* cannot fail at this point */
c27004ec 985 tb = tb_alloc(pc);
2e70f6ef
PB		 986 /* Don't forget to invalidate previous TB info. */
987 tb_invalidated_flag = 1;
d720b93d
FB		 988 }
989 tc_ptr = code_gen_ptr;
990 tb->tc_ptr = tc_ptr;
991 tb->cs_base = cs_base;
992 tb->flags = flags;
993 tb->cflags = cflags;
d07bde88 994 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 995 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 996
d720b93d 997 /* check next page if needed */
c27004ec 998 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 999 phys_page2 = -1;
c27004ec 1000 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1001 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1002 }
41c1b1c9 1003 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1004 return tb;
d720b93d 1005}
3b46e624 1006
9fa3e853
FB		 1007/* invalidate all TBs which intersect with the target physical page
1008 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1009 the same physical page. 'is_cpu_write_access' should be true if called
1010 from a real cpu write access: the virtual CPU will exit the current
1011 TB if code is modified inside this TB. */
41c1b1c9 1012void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1013 int is_cpu_write_access)
1014{
6b917547 1015 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1016 CPUState *env = cpu_single_env;
41c1b1c9 1017 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1018 PageDesc *p;
1019 int n;
1020#ifdef TARGET_HAS_PRECISE_SMC
1021 int current_tb_not_found = is_cpu_write_access;
1022 TranslationBlock *current_tb = NULL;
1023 int current_tb_modified = 0;
1024 target_ulong current_pc = 0;
1025 target_ulong current_cs_base = 0;
1026 int current_flags = 0;
1027#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1028
1029 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1030 if (!p)
9fa3e853 1031 return;
5fafdf24 1032 if (!p->code_bitmap &&
d720b93d
FB		 1033 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1034 is_cpu_write_access) {
9fa3e853
FB		 1035 /* build code bitmap */
1036 build_page_bitmap(p);
1037 }
1038
1039 /* we remove all the TBs in the range [start, end[ */
1040 /* XXX: see if in some cases it could be faster to invalidate all the code */
1041 tb = p->first_tb;
1042 while (tb != NULL) {
1043 n = (long)tb & 3;
1044 tb = (TranslationBlock *)((long)tb & ~3);
1045 tb_next = tb->page_next[n];
1046 /* NOTE: this is subtle as a TB may span two physical pages */
1047 if (n == 0) {
1048 /* NOTE: tb_end may be after the end of the page, but
1049 it is not a problem */
1050 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1051 tb_end = tb_start + tb->size;
1052 } else {
1053 tb_start = tb->page_addr[1];
1054 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1055 }
1056 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1057#ifdef TARGET_HAS_PRECISE_SMC
1058 if (current_tb_not_found) {
1059 current_tb_not_found = 0;
1060 current_tb = NULL;
2e70f6ef 1061 if (env->mem_io_pc) {
d720b93d 1062 /* now we have a real cpu fault */
2e70f6ef 1063 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1064 }
1065 }
1066 if (current_tb == tb &&
2e70f6ef 1067 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1068 /* If we are modifying the current TB, we must stop
1069 its execution. We could be more precise by checking
1070 that the modification is after the current PC, but it
1071 would require a specialized function to partially
1072 restore the CPU state */
3b46e624 1073
d720b93d 1074 current_tb_modified = 1;
618ba8e6 1075 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1076 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1077 &current_flags);
d720b93d
FB		 1078 }
1079#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1080 /* we need to do that to handle the case where a signal
1081 occurs while doing tb_phys_invalidate() */
1082 saved_tb = NULL;
1083 if (env) {
1084 saved_tb = env->current_tb;
1085 env->current_tb = NULL;
1086 }
9fa3e853 1087 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1088 if (env) {
1089 env->current_tb = saved_tb;
1090 if (env->interrupt_request && env->current_tb)
1091 cpu_interrupt(env, env->interrupt_request);
1092 }
9fa3e853
FB		 1093 }
1094 tb = tb_next;
1095 }
1096#if !defined(CONFIG_USER_ONLY)
1097 /* if no code remaining, no need to continue to use slow writes */
1098 if (!p->first_tb) {
1099 invalidate_page_bitmap(p);
d720b93d 1100 if (is_cpu_write_access) {
2e70f6ef 1101 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1102 }
1103 }
1104#endif
1105#ifdef TARGET_HAS_PRECISE_SMC
1106 if (current_tb_modified) {
1107 /* we generate a block containing just the instruction
1108 modifying the memory. It will ensure that it cannot modify
1109 itself */
ea1c1802 1110 env->current_tb = NULL;
2e70f6ef 1111 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1112 cpu_resume_from_signal(env, NULL);
9fa3e853 1113 }
fd6ce8f6 1114#endif
9fa3e853 1115}
fd6ce8f6 1116
9fa3e853 1117/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1118static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1119{
1120 PageDesc *p;
1121 int offset, b;
59817ccb 1122#if 0
a4193c8a 1123 if (1) {
93fcfe39
AL		 1124 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1125 cpu_single_env->mem_io_vaddr, len,
1126 cpu_single_env->eip,
1127 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1128 }
1129#endif
9fa3e853 1130 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1131 if (!p)
9fa3e853
FB		 1132 return;
1133 if (p->code_bitmap) {
1134 offset = start & ~TARGET_PAGE_MASK;
1135 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1136 if (b & ((1 << len) - 1))
1137 goto do_invalidate;
1138 } else {
1139 do_invalidate:
d720b93d 1140 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1141 }
1142}
1143
9fa3e853 1144#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1145static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1146 unsigned long pc, void *puc)
9fa3e853 1147{
6b917547 1148 TranslationBlock *tb;
9fa3e853 1149 PageDesc *p;
6b917547 1150 int n;
d720b93d 1151#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1152 TranslationBlock *current_tb = NULL;
d720b93d 1153 CPUState *env = cpu_single_env;
6b917547
AL		 1154 int current_tb_modified = 0;
1155 target_ulong current_pc = 0;
1156 target_ulong current_cs_base = 0;
1157 int current_flags = 0;
d720b93d 1158#endif
9fa3e853
FB		 1159
1160 addr &= TARGET_PAGE_MASK;
1161 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1162 if (!p)
9fa3e853
FB		 1163 return;
1164 tb = p->first_tb;
d720b93d
FB		 1165#ifdef TARGET_HAS_PRECISE_SMC
1166 if (tb && pc != 0) {
1167 current_tb = tb_find_pc(pc);
1168 }
1169#endif
9fa3e853
FB		 1170 while (tb != NULL) {
1171 n = (long)tb & 3;
1172 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1173#ifdef TARGET_HAS_PRECISE_SMC
1174 if (current_tb == tb &&
2e70f6ef 1175 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1176 /* If we are modifying the current TB, we must stop
1177 its execution. We could be more precise by checking
1178 that the modification is after the current PC, but it
1179 would require a specialized function to partially
1180 restore the CPU state */
3b46e624 1181
d720b93d 1182 current_tb_modified = 1;
618ba8e6 1183 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1184 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1185 &current_flags);
d720b93d
FB		 1186 }
1187#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1188 tb_phys_invalidate(tb, addr);
1189 tb = tb->page_next[n];
1190 }
fd6ce8f6 1191 p->first_tb = NULL;
d720b93d
FB		 1192#ifdef TARGET_HAS_PRECISE_SMC
1193 if (current_tb_modified) {
1194 /* we generate a block containing just the instruction
1195 modifying the memory. It will ensure that it cannot modify
1196 itself */
ea1c1802 1197 env->current_tb = NULL;
2e70f6ef 1198 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1199 cpu_resume_from_signal(env, puc);
1200 }
1201#endif
fd6ce8f6 1202}
9fa3e853 1203#endif
fd6ce8f6
FB		 1204
1205/* add the tb in the target page and protect it if necessary */
5fafdf24 1206static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1207 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1208{
1209 PageDesc *p;
4429ab44
JQ		 1210#ifndef CONFIG_USER_ONLY
1211 bool page_already_protected;
1212#endif
9fa3e853
FB		 1213
1214 tb->page_addr[n] = page_addr;
5cd2c5b6 1215 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1216 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1217#ifndef CONFIG_USER_ONLY
1218 page_already_protected = p->first_tb != NULL;
1219#endif
9fa3e853
FB		 1220 p->first_tb = (TranslationBlock *)((long)tb | n);
1221 invalidate_page_bitmap(p);
fd6ce8f6 1222
107db443 1223#if defined(TARGET_HAS_SMC) || 1
d720b93d 1224
9fa3e853 1225#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1226 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1227 target_ulong addr;
1228 PageDesc *p2;
9fa3e853
FB		 1229 int prot;
1230
fd6ce8f6
FB		 1231 /* force the host page as non writable (writes will have a
1232 page fault + mprotect overhead) */
53a5960a 1233 page_addr &= qemu_host_page_mask;
fd6ce8f6 1234 prot = 0;
53a5960a
PB		 1235 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1236 addr += TARGET_PAGE_SIZE) {
1237
1238 p2 = page_find (addr >> TARGET_PAGE_BITS);
1239 if (!p2)
1240 continue;
1241 prot |= p2->flags;
1242 p2->flags &= ~PAGE_WRITE;
53a5960a 1243 }
5fafdf24 1244 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1245 (prot & PAGE_BITS) & ~PAGE_WRITE);
1246#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1247 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1248 page_addr);
fd6ce8f6 1249#endif
fd6ce8f6 1250 }
9fa3e853
FB		 1251#else
1252 /* if some code is already present, then the pages are already
1253 protected. So we handle the case where only the first TB is
1254 allocated in a physical page */
4429ab44 1255 if (!page_already_protected) {
6a00d601 1256 tlb_protect_code(page_addr);
9fa3e853
FB		 1257 }
1258#endif
d720b93d
FB		 1259
1260#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1261}
1262
9fa3e853
FB		 1263/* add a new TB and link it to the physical page tables. phys_page2 is
1264 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1265void tb_link_page(TranslationBlock *tb,
1266 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1267{
9fa3e853
FB		 1268 unsigned int h;
1269 TranslationBlock **ptb;
1270
c8a706fe
PB		 1271 /* Grab the mmap lock to stop another thread invalidating this TB
1272 before we are done. */
1273 mmap_lock();
9fa3e853
FB		 1274 /* add in the physical hash table */
1275 h = tb_phys_hash_func(phys_pc);
1276 ptb = &tb_phys_hash[h];
1277 tb->phys_hash_next = *ptb;
1278 *ptb = tb;
fd6ce8f6
FB		 1279
1280 /* add in the page list */
9fa3e853
FB		 1281 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1282 if (phys_page2 != -1)
1283 tb_alloc_page(tb, 1, phys_page2);
1284 else
1285 tb->page_addr[1] = -1;
9fa3e853 1286
d4e8164f
FB		 1287 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1288 tb->jmp_next[0] = NULL;
1289 tb->jmp_next[1] = NULL;
1290
1291 /* init original jump addresses */
1292 if (tb->tb_next_offset[0] != 0xffff)
1293 tb_reset_jump(tb, 0);
1294 if (tb->tb_next_offset[1] != 0xffff)
1295 tb_reset_jump(tb, 1);
8a40a180
FB		 1296
1297#ifdef DEBUG_TB_CHECK
1298 tb_page_check();
1299#endif
c8a706fe 1300 mmap_unlock();
fd6ce8f6
FB		 1301}
1302
9fa3e853
FB		 1303/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1304 tb[1].tc_ptr. Return NULL if not found */
1305TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1306{
9fa3e853
FB		 1307 int m_min, m_max, m;
1308 unsigned long v;
1309 TranslationBlock *tb;
a513fe19
FB		 1310
1311 if (nb_tbs <= 0)
1312 return NULL;
1313 if (tc_ptr < (unsigned long)code_gen_buffer ||
1314 tc_ptr >= (unsigned long)code_gen_ptr)
1315 return NULL;
1316 /* binary search (cf Knuth) */
1317 m_min = 0;
1318 m_max = nb_tbs - 1;
1319 while (m_min <= m_max) {
1320 m = (m_min + m_max) >> 1;
1321 tb = &tbs[m];
1322 v = (unsigned long)tb->tc_ptr;
1323 if (v == tc_ptr)
1324 return tb;
1325 else if (tc_ptr < v) {
1326 m_max = m - 1;
1327 } else {
1328 m_min = m + 1;
1329 }
5fafdf24 1330 }
a513fe19
FB		 1331 return &tbs[m_max];
1332}
7501267e 1333
ea041c0e
FB		 1334static void tb_reset_jump_recursive(TranslationBlock *tb);
1335
1336static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1337{
1338 TranslationBlock *tb1, *tb_next, **ptb;
1339 unsigned int n1;
1340
1341 tb1 = tb->jmp_next[n];
1342 if (tb1 != NULL) {
1343 /* find head of list */
1344 for(;;) {
1345 n1 = (long)tb1 & 3;
1346 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1347 if (n1 == 2)
1348 break;
1349 tb1 = tb1->jmp_next[n1];
1350 }
1351 /* we are now sure now that tb jumps to tb1 */
1352 tb_next = tb1;
1353
1354 /* remove tb from the jmp_first list */
1355 ptb = &tb_next->jmp_first;
1356 for(;;) {
1357 tb1 = *ptb;
1358 n1 = (long)tb1 & 3;
1359 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1360 if (n1 == n && tb1 == tb)
1361 break;
1362 ptb = &tb1->jmp_next[n1];
1363 }
1364 *ptb = tb->jmp_next[n];
1365 tb->jmp_next[n] = NULL;
3b46e624 1366
ea041c0e
FB		 1367 /* suppress the jump to next tb in generated code */
1368 tb_reset_jump(tb, n);
1369
0124311e 1370 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1371 tb_reset_jump_recursive(tb_next);
1372 }
1373}
1374
1375static void tb_reset_jump_recursive(TranslationBlock *tb)
1376{
1377 tb_reset_jump_recursive2(tb, 0);
1378 tb_reset_jump_recursive2(tb, 1);
1379}
1380
1fddef4b 1381#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1382#if defined(CONFIG_USER_ONLY)
1383static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1384{
1385 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1386}
1387#else
d720b93d
FB		 1388static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1389{
c227f099 1390 target_phys_addr_t addr;
9b3c35e0 1391 target_ulong pd;
c227f099 1392 ram_addr_t ram_addr;
c2f07f81 1393 PhysPageDesc *p;
d720b93d 1394
c2f07f81
PB		 1395 addr = cpu_get_phys_page_debug(env, pc);
1396 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1397 if (!p) {
1398 pd = IO_MEM_UNASSIGNED;
1399 } else {
1400 pd = p->phys_offset;
1401 }
1402 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1403 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1404}
c27004ec 1405#endif
94df27fd 1406#endif /* TARGET_HAS_ICE */
d720b93d 1407
c527ee8f
PB		 1408#if defined(CONFIG_USER_ONLY)
1409void cpu_watchpoint_remove_all(CPUState *env, int mask)
1410
1411{
1412}
1413
1414int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1415 int flags, CPUWatchpoint **watchpoint)
1416{
1417 return -ENOSYS;
1418}
1419#else
6658ffb8 1420/* Add a watchpoint. */
a1d1bb31
AL		 1421int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1422 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1423{
b4051334 1424 target_ulong len_mask = ~(len - 1);
c0ce998e 1425 CPUWatchpoint *wp;
6658ffb8 1426
b4051334
AL		 1427 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1428 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1429 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1430 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1431 return -EINVAL;
1432 }
a1d1bb31 1433 wp = qemu_malloc(sizeof(*wp));
a1d1bb31
AL		 1434
1435 wp->vaddr = addr;
b4051334 1436 wp->len_mask = len_mask;
a1d1bb31
AL		 1437 wp->flags = flags;
1438
2dc9f411 1439 /* keep all GDB-injected watchpoints in front */
c0ce998e 1440 if (flags & BP_GDB)
72cf2d4f 1441 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1442 else
72cf2d4f 1443 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1444
6658ffb8 1445 tlb_flush_page(env, addr);
a1d1bb31
AL		 1446
1447 if (watchpoint)
1448 *watchpoint = wp;
1449 return 0;
6658ffb8
PB		 1450}
1451
a1d1bb31
AL		 1452/* Remove a specific watchpoint. */
1453int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1454 int flags)
6658ffb8 1455{
b4051334 1456 target_ulong len_mask = ~(len - 1);
a1d1bb31 1457 CPUWatchpoint *wp;
6658ffb8 1458
72cf2d4f 1459 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1460 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1461 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1462 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1463 return 0;
1464 }
1465 }
a1d1bb31 1466 return -ENOENT;
6658ffb8
PB		 1467}
1468
a1d1bb31
AL		 1469/* Remove a specific watchpoint by reference. */
1470void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1471{
72cf2d4f 1472 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1473
a1d1bb31
AL		 1474 tlb_flush_page(env, watchpoint->vaddr);
1475
1476 qemu_free(watchpoint);
1477}
1478
1479/* Remove all matching watchpoints. */
1480void cpu_watchpoint_remove_all(CPUState *env, int mask)
1481{
c0ce998e 1482 CPUWatchpoint *wp, *next;
a1d1bb31 1483
72cf2d4f 1484 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1485 if (wp->flags & mask)
1486 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1487 }
7d03f82f 1488}
c527ee8f 1489#endif
7d03f82f 1490
a1d1bb31
AL		 1491/* Add a breakpoint. */
1492int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1493 CPUBreakpoint **breakpoint)
4c3a88a2 1494{
1fddef4b 1495#if defined(TARGET_HAS_ICE)
c0ce998e 1496 CPUBreakpoint *bp;
3b46e624 1497
a1d1bb31 1498 bp = qemu_malloc(sizeof(*bp));
4c3a88a2 1499
a1d1bb31
AL		 1500 bp->pc = pc;
1501 bp->flags = flags;
1502
2dc9f411 1503 /* keep all GDB-injected breakpoints in front */
c0ce998e 1504 if (flags & BP_GDB)
72cf2d4f 1505 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1506 else
72cf2d4f 1507 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1508
d720b93d 1509 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1510
1511 if (breakpoint)
1512 *breakpoint = bp;
4c3a88a2
FB		 1513 return 0;
1514#else
a1d1bb31 1515 return -ENOSYS;
4c3a88a2
FB		 1516#endif
1517}
1518
a1d1bb31
AL		 1519/* Remove a specific breakpoint. */
1520int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1521{
7d03f82f 1522#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1523 CPUBreakpoint *bp;
1524
72cf2d4f 1525 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1526 if (bp->pc == pc && bp->flags == flags) {
1527 cpu_breakpoint_remove_by_ref(env, bp);
1528 return 0;
1529 }
7d03f82f 1530 }
a1d1bb31
AL		 1531 return -ENOENT;
1532#else
1533 return -ENOSYS;
7d03f82f
EI		 1534#endif
1535}
1536
a1d1bb31
AL		 1537/* Remove a specific breakpoint by reference. */
1538void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1539{
1fddef4b 1540#if defined(TARGET_HAS_ICE)
72cf2d4f 1541 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1542
a1d1bb31
AL		 1543 breakpoint_invalidate(env, breakpoint->pc);
1544
1545 qemu_free(breakpoint);
1546#endif
1547}
1548
1549/* Remove all matching breakpoints. */
1550void cpu_breakpoint_remove_all(CPUState *env, int mask)
1551{
1552#if defined(TARGET_HAS_ICE)
c0ce998e 1553 CPUBreakpoint *bp, *next;
a1d1bb31 1554
72cf2d4f 1555 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1556 if (bp->flags & mask)
1557 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1558 }
4c3a88a2
FB		 1559#endif
1560}
1561
c33a346e
FB		 1562/* enable or disable single step mode. EXCP_DEBUG is returned by the
1563 CPU loop after each instruction */
1564void cpu_single_step(CPUState *env, int enabled)
1565{
1fddef4b 1566#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1567 if (env->singlestep_enabled != enabled) {
1568 env->singlestep_enabled = enabled;
e22a25c9
AL		 1569 if (kvm_enabled())
1570 kvm_update_guest_debug(env, 0);
1571 else {
ccbb4d44 1572 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1573 /* XXX: only flush what is necessary */
1574 tb_flush(env);
1575 }
c33a346e
FB		 1576 }
1577#endif
1578}
1579
34865134
FB		 1580/* enable or disable low levels log */
1581void cpu_set_log(int log_flags)
1582{
1583 loglevel = log_flags;
1584 if (loglevel && !logfile) {
11fcfab4 1585 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1586 if (!logfile) {
1587 perror(logfilename);
1588 _exit(1);
1589 }
9fa3e853
FB		 1590#if !defined(CONFIG_SOFTMMU)
1591 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1592 {
b55266b5 1593 static char logfile_buf[4096];
9fa3e853
FB		 1594 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1595 }
bf65f53f
FN		 1596#elif !defined(_WIN32)
1597 /* Win32 doesn't support line-buffering and requires size >= 2 */
34865134 1598 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1599#endif
e735b91c
PB		 1600 log_append = 1;
1601 }
1602 if (!loglevel && logfile) {
1603 fclose(logfile);
1604 logfile = NULL;
34865134
FB		 1605 }
1606}
1607
1608void cpu_set_log_filename(const char *filename)
1609{
1610 logfilename = strdup(filename);
e735b91c
PB		 1611 if (logfile) {
1612 fclose(logfile);
1613 logfile = NULL;
1614 }
1615 cpu_set_log(loglevel);
34865134 1616}
c33a346e 1617
3098dba0 1618static void cpu_unlink_tb(CPUState *env)
ea041c0e 1619{
3098dba0
AJ		 1620 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1621 problem and hope the cpu will stop of its own accord. For userspace
1622 emulation this often isn't actually as bad as it sounds. Often
1623 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1624 TranslationBlock *tb;
c227f099 1625 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1626
cab1b4bd 1627 spin_lock(&interrupt_lock);
3098dba0
AJ		 1628 tb = env->current_tb;
1629 /* if the cpu is currently executing code, we must unlink it and
1630 all the potentially executing TB */
f76cfe56 1631 if (tb) {
3098dba0
AJ		 1632 env->current_tb = NULL;
1633 tb_reset_jump_recursive(tb);
be214e6c 1634 }
cab1b4bd 1635 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1636}
1637
97ffbd8d 1638#ifndef CONFIG_USER_ONLY
3098dba0 1639/* mask must never be zero, except for A20 change call */
ec6959d0 1640static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1641{
1642 int old_mask;
be214e6c 1643
2e70f6ef 1644 old_mask = env->interrupt_request;
68a79315 1645 env->interrupt_request |= mask;
3098dba0 1646
8edac960
AL		 1647 /*
1648 * If called from iothread context, wake the target cpu in
1649 * case its halted.
1650 */
b7680cb6 1651 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1652 qemu_cpu_kick(env);
1653 return;
1654 }
8edac960 1655
2e70f6ef 1656 if (use_icount) {
266910c4 1657 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1658 if (!can_do_io(env)
be214e6c 1659 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1660 cpu_abort(env, "Raised interrupt while not in I/O function");
1661 }
2e70f6ef 1662 } else {
3098dba0 1663 cpu_unlink_tb(env);
ea041c0e
FB		 1664 }
1665}
1666
ec6959d0
JK		 1667CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1668
97ffbd8d
JK		 1669#else /* CONFIG_USER_ONLY */
1670
1671void cpu_interrupt(CPUState *env, int mask)
1672{
1673 env->interrupt_request |= mask;
1674 cpu_unlink_tb(env);
1675}
1676#endif /* CONFIG_USER_ONLY */
1677
b54ad049
FB		 1678void cpu_reset_interrupt(CPUState *env, int mask)
1679{
1680 env->interrupt_request &= ~mask;
1681}
1682
3098dba0
AJ		 1683void cpu_exit(CPUState *env)
1684{
1685 env->exit_request = 1;
1686 cpu_unlink_tb(env);
1687}
1688
c7cd6a37 1689const CPULogItem cpu_log_items[] = {
5fafdf24 1690 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1691 "show generated host assembly code for each compiled TB" },
1692 { CPU_LOG_TB_IN_ASM, "in_asm",
1693 "show target assembly code for each compiled TB" },
5fafdf24 1694 { CPU_LOG_TB_OP, "op",
57fec1fe 1695 "show micro ops for each compiled TB" },
f193c797 1696 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1697 "show micro ops "
1698#ifdef TARGET_I386
1699 "before eflags optimization and "
f193c797 1700#endif
e01a1157 1701 "after liveness analysis" },
f193c797
FB		 1702 { CPU_LOG_INT, "int",
1703 "show interrupts/exceptions in short format" },
1704 { CPU_LOG_EXEC, "exec",
1705 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1706 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1707 "show CPU state before block translation" },
f193c797
FB		 1708#ifdef TARGET_I386
1709 { CPU_LOG_PCALL, "pcall",
1710 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1711 { CPU_LOG_RESET, "cpu_reset",
1712 "show CPU state before CPU resets" },
f193c797 1713#endif
8e3a9fd2 1714#ifdef DEBUG_IOPORT
fd872598
FB		 1715 { CPU_LOG_IOPORT, "ioport",
1716 "show all i/o ports accesses" },
8e3a9fd2 1717#endif
f193c797
FB		 1718 { 0, NULL, NULL },
1719};
1720
f6f3fbca
MT		 1721#ifndef CONFIG_USER_ONLY
1722static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1723 = QLIST_HEAD_INITIALIZER(memory_client_list);
1724
1725static void cpu_notify_set_memory(target_phys_addr_t start_addr,
9742bf26 1726 ram_addr_t size,
0fd542fb
MT		 1727 ram_addr_t phys_offset,
1728 bool log_dirty)
f6f3fbca
MT		 1729{
1730 CPUPhysMemoryClient *client;
1731 QLIST_FOREACH(client, &memory_client_list, list) {
0fd542fb 1732 client->set_memory(client, start_addr, size, phys_offset, log_dirty);
f6f3fbca
MT		 1733 }
1734}
1735
1736static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
9742bf26 1737 target_phys_addr_t end)
f6f3fbca
MT		 1738{
1739 CPUPhysMemoryClient *client;
1740 QLIST_FOREACH(client, &memory_client_list, list) {
1741 int r = client->sync_dirty_bitmap(client, start, end);
1742 if (r < 0)
1743 return r;
1744 }
1745 return 0;
1746}
1747
1748static int cpu_notify_migration_log(int enable)
1749{
1750 CPUPhysMemoryClient *client;
1751 QLIST_FOREACH(client, &memory_client_list, list) {
1752 int r = client->migration_log(client, enable);
1753 if (r < 0)
1754 return r;
1755 }
1756 return 0;
1757}
1758
2173a75f
AW		 1759struct last_map {
1760 target_phys_addr_t start_addr;
1761 ram_addr_t size;
1762 ram_addr_t phys_offset;
1763};
1764
8d4c78e7
AW		 1765/* The l1_phys_map provides the upper P_L1_BITs of the guest physical
1766 * address. Each intermediate table provides the next L2_BITs of guest
1767 * physical address space. The number of levels vary based on host and
1768 * guest configuration, making it efficient to build the final guest
1769 * physical address by seeding the L1 offset and shifting and adding in
1770 * each L2 offset as we recurse through them. */
2173a75f
AW		 1771static void phys_page_for_each_1(CPUPhysMemoryClient *client, int level,
1772 void **lp, target_phys_addr_t addr,
1773 struct last_map *map)
f6f3fbca 1774{
5cd2c5b6 1775 int i;
f6f3fbca 1776
5cd2c5b6
RH		 1777 if (*lp == NULL) {
1778 return;
1779 }
1780 if (level == 0) {
1781 PhysPageDesc *pd = *lp;
8d4c78e7 1782 addr <<= L2_BITS + TARGET_PAGE_BITS;
7296abac 1783 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6 1784 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
2173a75f
AW		 1785 target_phys_addr_t start_addr = addr | i << TARGET_PAGE_BITS;
1786
1787 if (map->size &&
1788 start_addr == map->start_addr + map->size &&
1789 pd[i].phys_offset == map->phys_offset + map->size) {
1790
1791 map->size += TARGET_PAGE_SIZE;
1792 continue;
1793 } else if (map->size) {
1794 client->set_memory(client, map->start_addr,
1795 map->size, map->phys_offset, false);
1796 }
1797
1798 map->start_addr = start_addr;
1799 map->size = TARGET_PAGE_SIZE;
1800 map->phys_offset = pd[i].phys_offset;
f6f3fbca 1801 }
5cd2c5b6
RH		 1802 }
1803 } else {
1804 void **pp = *lp;
7296abac 1805 for (i = 0; i < L2_SIZE; ++i) {
8d4c78e7 1806 phys_page_for_each_1(client, level - 1, pp + i,
2173a75f 1807 (addr << L2_BITS) | i, map);
f6f3fbca
MT		 1808 }
1809 }
1810}
1811
1812static void phys_page_for_each(CPUPhysMemoryClient *client)
1813{
5cd2c5b6 1814 int i;
2173a75f
AW		 1815 struct last_map map = { };
1816
5cd2c5b6
RH		 1817 for (i = 0; i < P_L1_SIZE; ++i) {
1818 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
2173a75f
AW		 1819 l1_phys_map + i, i, &map);
1820 }
1821 if (map.size) {
1822 client->set_memory(client, map.start_addr, map.size, map.phys_offset,
1823 false);
f6f3fbca 1824 }
f6f3fbca
MT		 1825}
1826
1827void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1828{
1829 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1830 phys_page_for_each(client);
1831}
1832
1833void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1834{
1835 QLIST_REMOVE(client, list);
1836}
1837#endif
1838
f193c797
FB		 1839static int cmp1(const char *s1, int n, const char *s2)
1840{
1841 if (strlen(s2) != n)
1842 return 0;
1843 return memcmp(s1, s2, n) == 0;
1844}
3b46e624 1845
f193c797
FB		 1846/* takes a comma separated list of log masks. Return 0 if error. */
1847int cpu_str_to_log_mask(const char *str)
1848{
c7cd6a37 1849 const CPULogItem *item;
f193c797
FB		 1850 int mask;
1851 const char *p, *p1;
1852
1853 p = str;
1854 mask = 0;
1855 for(;;) {
1856 p1 = strchr(p, ',');
1857 if (!p1)
1858 p1 = p + strlen(p);
9742bf26
YT		 1859 if(cmp1(p,p1-p,"all")) {
1860 for(item = cpu_log_items; item->mask != 0; item++) {
1861 mask |= item->mask;
1862 }
1863 } else {
1864 for(item = cpu_log_items; item->mask != 0; item++) {
1865 if (cmp1(p, p1 - p, item->name))
1866 goto found;
1867 }
1868 return 0;
f193c797 1869 }
f193c797
FB		 1870 found:
1871 mask |= item->mask;
1872 if (*p1 != ',')
1873 break;
1874 p = p1 + 1;
1875 }
1876 return mask;
1877}
ea041c0e 1878
7501267e
FB		 1879void cpu_abort(CPUState *env, const char *fmt, ...)
1880{
1881 va_list ap;
493ae1f0 1882 va_list ap2;
7501267e
FB		 1883
1884 va_start(ap, fmt);
493ae1f0 1885 va_copy(ap2, ap);
7501267e
FB		 1886 fprintf(stderr, "qemu: fatal: ");
1887 vfprintf(stderr, fmt, ap);
1888 fprintf(stderr, "\n");
1889#ifdef TARGET_I386
7fe48483
FB		 1890 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1891#else
1892 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1893#endif
93fcfe39
AL		 1894 if (qemu_log_enabled()) {
1895 qemu_log("qemu: fatal: ");
1896 qemu_log_vprintf(fmt, ap2);
1897 qemu_log("\n");
f9373291 1898#ifdef TARGET_I386
93fcfe39 1899 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1900#else
93fcfe39 1901 log_cpu_state(env, 0);
f9373291 1902#endif
31b1a7b4 1903 qemu_log_flush();
93fcfe39 1904 qemu_log_close();
924edcae 1905 }
493ae1f0 1906 va_end(ap2);
f9373291 1907 va_end(ap);
fd052bf6
RV		 1908#if defined(CONFIG_USER_ONLY)
1909 {
1910 struct sigaction act;
1911 sigfillset(&act.sa_mask);
1912 act.sa_handler = SIG_DFL;
1913 sigaction(SIGABRT, &act, NULL);
1914 }
1915#endif
7501267e
FB		 1916 abort();
1917}
1918
c5be9f08
TS		 1919CPUState *cpu_copy(CPUState *env)
1920{
01ba9816 1921 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1922 CPUState *next_cpu = new_env->next_cpu;
1923 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1924#if defined(TARGET_HAS_ICE)
1925 CPUBreakpoint *bp;
1926 CPUWatchpoint *wp;
1927#endif
1928
c5be9f08 1929 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1930
1931 /* Preserve chaining and index. */
c5be9f08
TS		 1932 new_env->next_cpu = next_cpu;
1933 new_env->cpu_index = cpu_index;
5a38f081
AL		 1934
1935 /* Clone all break/watchpoints.
1936 Note: Once we support ptrace with hw-debug register access, make sure
1937 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1938 QTAILQ_INIT(&env->breakpoints);
1939 QTAILQ_INIT(&env->watchpoints);
5a38f081 1940#if defined(TARGET_HAS_ICE)
72cf2d4f 1941 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1942 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1943 }
72cf2d4f 1944 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1945 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1946 wp->flags, NULL);
1947 }
1948#endif
1949
c5be9f08
TS		 1950 return new_env;
1951}
1952
0124311e
FB		 1953#if !defined(CONFIG_USER_ONLY)
1954
5c751e99
EI		 1955static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1956{
1957 unsigned int i;
1958
1959 /* Discard jump cache entries for any tb which might potentially
1960 overlap the flushed page. */
1961 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1962 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1963 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1964
1965 i = tb_jmp_cache_hash_page(addr);
1966 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1967 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1968}
1969
08738984
IK		 1970static CPUTLBEntry s_cputlb_empty_entry = {
1971 .addr_read = -1,
1972 .addr_write = -1,
1973 .addr_code = -1,
1974 .addend = -1,
1975};
1976
ee8b7021
FB		 1977/* NOTE: if flush_global is true, also flush global entries (not
1978 implemented yet) */
1979void tlb_flush(CPUState *env, int flush_global)
33417e70 1980{
33417e70 1981 int i;
0124311e 1982
9fa3e853
FB		 1983#if defined(DEBUG_TLB)
1984 printf("tlb_flush:\n");
1985#endif
0124311e
FB		 1986 /* must reset current TB so that interrupts cannot modify the
1987 links while we are modifying them */
1988 env->current_tb = NULL;
1989
33417e70 1990 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1991 int mmu_idx;
1992 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1993 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1994 }
33417e70 1995 }
9fa3e853 1996
8a40a180 1997 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1998
d4c430a8
PB		 1999 env->tlb_flush_addr = -1;
2000 env->tlb_flush_mask = 0;
e3db7226 2001 tlb_flush_count++;
33417e70
FB		 2002}
2003
274da6b2 2004static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 2005{
5fafdf24 2006 if (addr == (tlb_entry->addr_read &
84b7b8e7 2007 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 2008 addr == (tlb_entry->addr_write &
84b7b8e7 2009 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 2010 addr == (tlb_entry->addr_code &
84b7b8e7 2011 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 2012 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 2013 }
61382a50
FB		 2014}
2015
2e12669a 2016void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 2017{
8a40a180 2018 int i;
cfde4bd9 2019 int mmu_idx;
0124311e 2020
9fa3e853 2021#if defined(DEBUG_TLB)
108c49b8 2022 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 2023#endif
d4c430a8
PB		 2024 /* Check if we need to flush due to large pages. */
2025 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
2026#if defined(DEBUG_TLB)
2027 printf("tlb_flush_page: forced full flush ("
2028 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2029 env->tlb_flush_addr, env->tlb_flush_mask);
2030#endif
2031 tlb_flush(env, 1);
2032 return;
2033 }
0124311e
FB		 2034 /* must reset current TB so that interrupts cannot modify the
2035 links while we are modifying them */
2036 env->current_tb = NULL;
61382a50
FB		 2037
2038 addr &= TARGET_PAGE_MASK;
2039 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2040 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2041 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 2042
5c751e99 2043 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 2044}
2045
9fa3e853
FB		 2046/* update the TLBs so that writes to code in the virtual page 'addr'
2047 can be detected */
c227f099 2048static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 2049{
5fafdf24 2050 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 2051 ram_addr + TARGET_PAGE_SIZE,
2052 CODE_DIRTY_FLAG);
9fa3e853
FB		 2053}
2054
9fa3e853 2055/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 2056 tested for self modifying code */
c227f099 2057static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 2058 target_ulong vaddr)
9fa3e853 2059{
f7c11b53 2060 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 2061}
2062
5fafdf24 2063static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 2064 unsigned long start, unsigned long length)
2065{
2066 unsigned long addr;
84b7b8e7
FB		 2067 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2068 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 2069 if ((addr - start) < length) {
0f459d16 2070 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 2071 }
2072 }
2073}
2074
5579c7f3 2075/* Note: start and end must be within the same ram block. */
c227f099 2076void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 2077 int dirty_flags)
1ccde1cb
FB		 2078{
2079 CPUState *env;
4f2ac237 2080 unsigned long length, start1;
f7c11b53 2081 int i;
1ccde1cb
FB		 2082
2083 start &= TARGET_PAGE_MASK;
2084 end = TARGET_PAGE_ALIGN(end);
2085
2086 length = end - start;
2087 if (length == 0)
2088 return;
f7c11b53 2089 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2090
1ccde1cb
FB		 2091 /* we modify the TLB cache so that the dirty bit will be set again
2092 when accessing the range */
b2e0a138 2093 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2094 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2095 address comparisons below. */
b2e0a138 2096 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2097 != (end - 1) - start) {
2098 abort();
2099 }
2100
6a00d601 2101 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2102 int mmu_idx;
2103 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2104 for(i = 0; i < CPU_TLB_SIZE; i++)
2105 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2106 start1, length);
2107 }
6a00d601 2108 }
1ccde1cb
FB		 2109}
2110
74576198
AL		 2111int cpu_physical_memory_set_dirty_tracking(int enable)
2112{
f6f3fbca 2113 int ret = 0;
74576198 2114 in_migration = enable;
f6f3fbca
MT		 2115 ret = cpu_notify_migration_log(!!enable);
2116 return ret;
74576198
AL		 2117}
2118
2119int cpu_physical_memory_get_dirty_tracking(void)
2120{
2121 return in_migration;
2122}
2123
c227f099
AL		 2124int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2125 target_phys_addr_t end_addr)
2bec46dc 2126{
7b8f3b78 2127 int ret;
151f7749 2128
f6f3fbca 2129 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
151f7749 2130 return ret;
2bec46dc
AL		 2131}
2132
e5896b12
AP		 2133int cpu_physical_log_start(target_phys_addr_t start_addr,
2134 ram_addr_t size)
2135{
2136 CPUPhysMemoryClient *client;
2137 QLIST_FOREACH(client, &memory_client_list, list) {
2138 if (client->log_start) {
2139 int r = client->log_start(client, start_addr, size);
2140 if (r < 0) {
2141 return r;
2142 }
2143 }
2144 }
2145 return 0;
2146}
2147
2148int cpu_physical_log_stop(target_phys_addr_t start_addr,
2149 ram_addr_t size)
2150{
2151 CPUPhysMemoryClient *client;
2152 QLIST_FOREACH(client, &memory_client_list, list) {
2153 if (client->log_stop) {
2154 int r = client->log_stop(client, start_addr, size);
2155 if (r < 0) {
2156 return r;
2157 }
2158 }
2159 }
2160 return 0;
2161}
2162
3a7d929e
FB		 2163static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2164{
c227f099 2165 ram_addr_t ram_addr;
5579c7f3 2166 void *p;
3a7d929e 2167
84b7b8e7 2168 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
5579c7f3
PB		 2169 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2170 + tlb_entry->addend);
e890261f 2171 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2172 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2173 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2174 }
2175 }
2176}
2177
2178/* update the TLB according to the current state of the dirty bits */
2179void cpu_tlb_update_dirty(CPUState *env)
2180{
2181 int i;
cfde4bd9
IY		 2182 int mmu_idx;
2183 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2184 for(i = 0; i < CPU_TLB_SIZE; i++)
2185 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2186 }
3a7d929e
FB		 2187}
2188
0f459d16 2189static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2190{
0f459d16
PB		 2191 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2192 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2193}
2194
0f459d16
PB		 2195/* update the TLB corresponding to virtual page vaddr
2196 so that it is no longer dirty */
2197static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2198{
1ccde1cb 2199 int i;
cfde4bd9 2200 int mmu_idx;
1ccde1cb 2201
0f459d16 2202 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2203 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2204 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2205 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2206}
2207
d4c430a8
PB		 2208/* Our TLB does not support large pages, so remember the area covered by
2209 large pages and trigger a full TLB flush if these are invalidated. */
2210static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2211 target_ulong size)
2212{
2213 target_ulong mask = ~(size - 1);
2214
2215 if (env->tlb_flush_addr == (target_ulong)-1) {
2216 env->tlb_flush_addr = vaddr & mask;
2217 env->tlb_flush_mask = mask;
2218 return;
2219 }
2220 /* Extend the existing region to include the new page.
2221 This is a compromise between unnecessary flushes and the cost
2222 of maintaining a full variable size TLB. */
2223 mask &= env->tlb_flush_mask;
2224 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2225 mask <<= 1;
2226 }
2227 env->tlb_flush_addr &= mask;
2228 env->tlb_flush_mask = mask;
2229}
2230
2231/* Add a new TLB entry. At most one entry for a given virtual address
2232 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2233 supplied size is only used by tlb_flush_page. */
2234void tlb_set_page(CPUState *env, target_ulong vaddr,
2235 target_phys_addr_t paddr, int prot,
2236 int mmu_idx, target_ulong size)
9fa3e853 2237{
92e873b9 2238 PhysPageDesc *p;
4f2ac237 2239 unsigned long pd;
9fa3e853 2240 unsigned int index;
4f2ac237 2241 target_ulong address;
0f459d16 2242 target_ulong code_address;
355b1943 2243 unsigned long addend;
84b7b8e7 2244 CPUTLBEntry *te;
a1d1bb31 2245 CPUWatchpoint *wp;
c227f099 2246 target_phys_addr_t iotlb;
9fa3e853 2247
d4c430a8
PB		 2248 assert(size >= TARGET_PAGE_SIZE);
2249 if (size != TARGET_PAGE_SIZE) {
2250 tlb_add_large_page(env, vaddr, size);
2251 }
92e873b9 2252 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
9fa3e853
FB		 2253 if (!p) {
2254 pd = IO_MEM_UNASSIGNED;
9fa3e853
FB		 2255 } else {
2256 pd = p->phys_offset;
9fa3e853
FB		 2257 }
2258#if defined(DEBUG_TLB)
7fd3f494
SW		 2259 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2260 " prot=%x idx=%d pd=0x%08lx\n",
2261 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2262#endif
2263
0f459d16
PB		 2264 address = vaddr;
2265 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2266 /* IO memory case (romd handled later) */
2267 address |= TLB_MMIO;
2268 }
5579c7f3 2269 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
0f459d16
PB		 2270 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2271 /* Normal RAM. */
2272 iotlb = pd & TARGET_PAGE_MASK;
2273 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2274 iotlb |= IO_MEM_NOTDIRTY;
2275 else
2276 iotlb |= IO_MEM_ROM;
2277 } else {
ccbb4d44 2278 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2279 It would be nice to pass an offset from the base address
2280 of that region. This would avoid having to special case RAM,
2281 and avoid full address decoding in every device.
2282 We can't use the high bits of pd for this because
2283 IO_MEM_ROMD uses these as a ram address. */
8da3ff18
PB		 2284 iotlb = (pd & ~TARGET_PAGE_MASK);
2285 if (p) {
8da3ff18
PB		 2286 iotlb += p->region_offset;
2287 } else {
2288 iotlb += paddr;
2289 }
0f459d16
PB		 2290 }
2291
2292 code_address = address;
2293 /* Make accesses to pages with watchpoints go via the
2294 watchpoint trap routines. */
72cf2d4f 2295 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2296 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2297 /* Avoid trapping reads of pages with a write breakpoint. */
2298 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2299 iotlb = io_mem_watch + paddr;
2300 address |= TLB_MMIO;
2301 break;
2302 }
6658ffb8 2303 }
0f459d16 2304 }
d79acba4 2305
0f459d16
PB		 2306 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2307 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2308 te = &env->tlb_table[mmu_idx][index];
2309 te->addend = addend - vaddr;
2310 if (prot & PAGE_READ) {
2311 te->addr_read = address;
2312 } else {
2313 te->addr_read = -1;
2314 }
5c751e99 2315
0f459d16
PB		 2316 if (prot & PAGE_EXEC) {
2317 te->addr_code = code_address;
2318 } else {
2319 te->addr_code = -1;
2320 }
2321 if (prot & PAGE_WRITE) {
2322 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2323 (pd & IO_MEM_ROMD)) {
2324 /* Write access calls the I/O callback. */
2325 te->addr_write = address | TLB_MMIO;
2326 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2327 !cpu_physical_memory_is_dirty(pd)) {
2328 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2329 } else {
0f459d16 2330 te->addr_write = address;
9fa3e853 2331 }
0f459d16
PB		 2332 } else {
2333 te->addr_write = -1;
9fa3e853 2334 }
9fa3e853
FB		 2335}
2336
0124311e
FB		 2337#else
2338
ee8b7021 2339void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2340{
2341}
2342
2e12669a 2343void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2344{
2345}
2346
edf8e2af
MW		 2347/*
2348 * Walks guest process memory "regions" one by one
2349 * and calls callback function 'fn' for each region.
2350 */
5cd2c5b6
RH		 2351
2352struct walk_memory_regions_data
2353{
2354 walk_memory_regions_fn fn;
2355 void *priv;
2356 unsigned long start;
2357 int prot;
2358};
2359
2360static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2361 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2362{
2363 if (data->start != -1ul) {
2364 int rc = data->fn(data->priv, data->start, end, data->prot);
2365 if (rc != 0) {
2366 return rc;
2367 }
2368 }
2369
2370 data->start = (new_prot ? end : -1ul);
2371 data->prot = new_prot;
2372
2373 return 0;
2374}
2375
2376static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2377 abi_ulong base, int level, void **lp)
5cd2c5b6 2378{
b480d9b7 2379 abi_ulong pa;
5cd2c5b6
RH		 2380 int i, rc;
2381
2382 if (*lp == NULL) {
2383 return walk_memory_regions_end(data, base, 0);
2384 }
2385
2386 if (level == 0) {
2387 PageDesc *pd = *lp;
7296abac 2388 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2389 int prot = pd[i].flags;
2390
2391 pa = base | (i << TARGET_PAGE_BITS);
2392 if (prot != data->prot) {
2393 rc = walk_memory_regions_end(data, pa, prot);
2394 if (rc != 0) {
2395 return rc;
9fa3e853 2396 }
9fa3e853 2397 }
5cd2c5b6
RH		 2398 }
2399 } else {
2400 void **pp = *lp;
7296abac 2401 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2402 pa = base | ((abi_ulong)i <<
2403 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2404 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2405 if (rc != 0) {
2406 return rc;
2407 }
2408 }
2409 }
2410
2411 return 0;
2412}
2413
2414int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2415{
2416 struct walk_memory_regions_data data;
2417 unsigned long i;
2418
2419 data.fn = fn;
2420 data.priv = priv;
2421 data.start = -1ul;
2422 data.prot = 0;
2423
2424 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2425 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2426 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2427 if (rc != 0) {
2428 return rc;
9fa3e853 2429 }
33417e70 2430 }
5cd2c5b6
RH		 2431
2432 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2433}
2434
b480d9b7
PB		 2435static int dump_region(void *priv, abi_ulong start,
2436 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2437{
2438 FILE *f = (FILE *)priv;
2439
b480d9b7
PB		 2440 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2441 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2442 start, end, end - start,
2443 ((prot & PAGE_READ) ? 'r' : '-'),
2444 ((prot & PAGE_WRITE) ? 'w' : '-'),
2445 ((prot & PAGE_EXEC) ? 'x' : '-'));
2446
2447 return (0);
2448}
2449
2450/* dump memory mappings */
2451void page_dump(FILE *f)
2452{
2453 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2454 "start", "end", "size", "prot");
2455 walk_memory_regions(f, dump_region);
33417e70
FB		 2456}
2457
53a5960a 2458int page_get_flags(target_ulong address)
33417e70 2459{
9fa3e853
FB		 2460 PageDesc *p;
2461
2462 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2463 if (!p)
9fa3e853
FB		 2464 return 0;
2465 return p->flags;
2466}
2467
376a7909
RH		 2468/* Modify the flags of a page and invalidate the code if necessary.
2469 The flag PAGE_WRITE_ORG is positioned automatically depending
2470 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2471void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2472{
376a7909
RH		 2473 target_ulong addr, len;
2474
2475 /* This function should never be called with addresses outside the
2476 guest address space. If this assert fires, it probably indicates
2477 a missing call to h2g_valid. */
b480d9b7
PB		 2478#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2479 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2480#endif
2481 assert(start < end);
9fa3e853
FB		 2482
2483 start = start & TARGET_PAGE_MASK;
2484 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2485
2486 if (flags & PAGE_WRITE) {
9fa3e853 2487 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2488 }
2489
2490 for (addr = start, len = end - start;
2491 len != 0;
2492 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2493 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2494
2495 /* If the write protection bit is set, then we invalidate
2496 the code inside. */
5fafdf24 2497 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2498 (flags & PAGE_WRITE) &&
2499 p->first_tb) {
d720b93d 2500 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2501 }
2502 p->flags = flags;
2503 }
33417e70
FB		 2504}
2505
3d97b40b
TS		 2506int page_check_range(target_ulong start, target_ulong len, int flags)
2507{
2508 PageDesc *p;
2509 target_ulong end;
2510 target_ulong addr;
2511
376a7909
RH		 2512 /* This function should never be called with addresses outside the
2513 guest address space. If this assert fires, it probably indicates
2514 a missing call to h2g_valid. */
338e9e6c
BS		 2515#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2516 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2517#endif
2518
3e0650a9
RH		 2519 if (len == 0) {
2520 return 0;
2521 }
376a7909
RH		 2522 if (start + len - 1 < start) {
2523 /* We've wrapped around. */
55f280c9 2524 return -1;
376a7909 2525 }
55f280c9 2526
3d97b40b
TS		 2527 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2528 start = start & TARGET_PAGE_MASK;
2529
376a7909
RH		 2530 for (addr = start, len = end - start;
2531 len != 0;
2532 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2533 p = page_find(addr >> TARGET_PAGE_BITS);
2534 if( !p )
2535 return -1;
2536 if( !(p->flags & PAGE_VALID) )
2537 return -1;
2538
dae3270c 2539 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2540 return -1;
dae3270c
FB		 2541 if (flags & PAGE_WRITE) {
2542 if (!(p->flags & PAGE_WRITE_ORG))
2543 return -1;
2544 /* unprotect the page if it was put read-only because it
2545 contains translated code */
2546 if (!(p->flags & PAGE_WRITE)) {
2547 if (!page_unprotect(addr, 0, NULL))
2548 return -1;
2549 }
2550 return 0;
2551 }
3d97b40b
TS		 2552 }
2553 return 0;
2554}
2555
9fa3e853 2556/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2557 page. Return TRUE if the fault was successfully handled. */
53a5960a 2558int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2559{
45d679d6
AJ		 2560 unsigned int prot;
2561 PageDesc *p;
53a5960a 2562 target_ulong host_start, host_end, addr;
9fa3e853 2563
c8a706fe
PB		 2564 /* Technically this isn't safe inside a signal handler. However we
2565 know this only ever happens in a synchronous SEGV handler, so in
2566 practice it seems to be ok. */
2567 mmap_lock();
2568
45d679d6
AJ		 2569 p = page_find(address >> TARGET_PAGE_BITS);
2570 if (!p) {
c8a706fe 2571 mmap_unlock();
9fa3e853 2572 return 0;
c8a706fe 2573 }
45d679d6 2574
9fa3e853
FB		 2575 /* if the page was really writable, then we change its
2576 protection back to writable */
45d679d6
AJ		 2577 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2578 host_start = address & qemu_host_page_mask;
2579 host_end = host_start + qemu_host_page_size;
2580
2581 prot = 0;
2582 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2583 p = page_find(addr >> TARGET_PAGE_BITS);
2584 p->flags |= PAGE_WRITE;
2585 prot |= p->flags;
2586
9fa3e853
FB		 2587 /* and since the content will be modified, we must invalidate
2588 the corresponding translated code. */
45d679d6 2589 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2590#ifdef DEBUG_TB_CHECK
45d679d6 2591 tb_invalidate_check(addr);
9fa3e853 2592#endif
9fa3e853 2593 }
45d679d6
AJ		 2594 mprotect((void *)g2h(host_start), qemu_host_page_size,
2595 prot & PAGE_BITS);
2596
2597 mmap_unlock();
2598 return 1;
9fa3e853 2599 }
c8a706fe 2600 mmap_unlock();
9fa3e853
FB		 2601 return 0;
2602}
2603
6a00d601
FB		 2604static inline void tlb_set_dirty(CPUState *env,
2605 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2606{
2607}
9fa3e853
FB		 2608#endif /* defined(CONFIG_USER_ONLY) */
2609
e2eef170 2610#if !defined(CONFIG_USER_ONLY)
8da3ff18 2611
c04b2b78
PB		 2612#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2613typedef struct subpage_t {
2614 target_phys_addr_t base;
f6405247
RH		 2615 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2616 ram_addr_t region_offset[TARGET_PAGE_SIZE];
c04b2b78
PB		 2617} subpage_t;
2618
c227f099
AL		 2619static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2620 ram_addr_t memory, ram_addr_t region_offset);
f6405247
RH		 2621static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2622 ram_addr_t orig_memory,
2623 ram_addr_t region_offset);
db7b5426
BS		 2624#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2625 need_subpage) \
2626 do { \
2627 if (addr > start_addr) \
2628 start_addr2 = 0; \
2629 else { \
2630 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2631 if (start_addr2 > 0) \
2632 need_subpage = 1; \
2633 } \
2634 \
49e9fba2 2635 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2636 end_addr2 = TARGET_PAGE_SIZE - 1; \
2637 else { \
2638 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2639 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2640 need_subpage = 1; \
2641 } \
2642 } while (0)
2643
8f2498f9
MT		 2644/* register physical memory.
2645 For RAM, 'size' must be a multiple of the target page size.
2646 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2647 io memory page. The address used when calling the IO function is
2648 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2649 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2650 before calculating this offset. This should not be a problem unless
2651 the low bits of start_addr and region_offset differ. */
0fd542fb 2652void cpu_register_physical_memory_log(target_phys_addr_t start_addr,
c227f099
AL		 2653 ram_addr_t size,
2654 ram_addr_t phys_offset,
0fd542fb
MT		 2655 ram_addr_t region_offset,
2656 bool log_dirty)
33417e70 2657{
c227f099 2658 target_phys_addr_t addr, end_addr;
92e873b9 2659 PhysPageDesc *p;
9d42037b 2660 CPUState *env;
c227f099 2661 ram_addr_t orig_size = size;
f6405247 2662 subpage_t *subpage;
33417e70 2663
3b8e6a2d 2664 assert(size);
0fd542fb 2665 cpu_notify_set_memory(start_addr, size, phys_offset, log_dirty);
f6f3fbca 2666
67c4d23c
PB		 2667 if (phys_offset == IO_MEM_UNASSIGNED) {
2668 region_offset = start_addr;
2669 }
8da3ff18 2670 region_offset &= TARGET_PAGE_MASK;
5fd386f6 2671 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2672 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2673
2674 addr = start_addr;
2675 do {
db7b5426
BS		 2676 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2677 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
c227f099
AL		 2678 ram_addr_t orig_memory = p->phys_offset;
2679 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2680 int need_subpage = 0;
2681
2682 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2683 need_subpage);
f6405247 2684 if (need_subpage) {
db7b5426
BS		 2685 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2686 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18
PB		 2687 &p->phys_offset, orig_memory,
2688 p->region_offset);
db7b5426
BS		 2689 } else {
2690 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2691 >> IO_MEM_SHIFT];
2692 }
8da3ff18
PB		 2693 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2694 region_offset);
2695 p->region_offset = 0;
db7b5426
BS		 2696 } else {
2697 p->phys_offset = phys_offset;
2698 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2699 (phys_offset & IO_MEM_ROMD))
2700 phys_offset += TARGET_PAGE_SIZE;
2701 }
2702 } else {
2703 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2704 p->phys_offset = phys_offset;
8da3ff18 2705 p->region_offset = region_offset;
db7b5426 2706 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
8da3ff18 2707 (phys_offset & IO_MEM_ROMD)) {
db7b5426 2708 phys_offset += TARGET_PAGE_SIZE;
0e8f0967 2709 } else {
c227f099 2710 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2711 int need_subpage = 0;
2712
2713 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2714 end_addr2, need_subpage);
2715
f6405247 2716 if (need_subpage) {
db7b5426 2717 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18 2718 &p->phys_offset, IO_MEM_UNASSIGNED,
67c4d23c 2719 addr & TARGET_PAGE_MASK);
db7b5426 2720 subpage_register(subpage, start_addr2, end_addr2,
8da3ff18
PB		 2721 phys_offset, region_offset);
2722 p->region_offset = 0;
db7b5426
BS		 2723 }
2724 }
2725 }
8da3ff18 2726 region_offset += TARGET_PAGE_SIZE;
3b8e6a2d
EI		 2727 addr += TARGET_PAGE_SIZE;
2728 } while (addr != end_addr);
3b46e624 2729
9d42037b
FB		 2730 /* since each CPU stores ram addresses in its TLB cache, we must
2731 reset the modified entries */
2732 /* XXX: slow ! */
2733 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2734 tlb_flush(env, 1);
2735 }
33417e70
FB		 2736}
2737
ba863458 2738/* XXX: temporary until new memory mapping API */
c227f099 2739ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
ba863458
FB		 2740{
2741 PhysPageDesc *p;
2742
2743 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2744 if (!p)
2745 return IO_MEM_UNASSIGNED;
2746 return p->phys_offset;
2747}
2748
c227f099 2749void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2750{
2751 if (kvm_enabled())
2752 kvm_coalesce_mmio_region(addr, size);
2753}
2754
c227f099 2755void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2756{
2757 if (kvm_enabled())
2758 kvm_uncoalesce_mmio_region(addr, size);
2759}
2760
62a2744c
SY		 2761void qemu_flush_coalesced_mmio_buffer(void)
2762{
2763 if (kvm_enabled())
2764 kvm_flush_coalesced_mmio_buffer();
2765}
2766
c902760f
MT		 2767#if defined(__linux__) && !defined(TARGET_S390X)
2768
2769#include <sys/vfs.h>
2770
2771#define HUGETLBFS_MAGIC 0x958458f6
2772
2773static long gethugepagesize(const char *path)
2774{
2775 struct statfs fs;
2776 int ret;
2777
2778 do {
9742bf26 2779 ret = statfs(path, &fs);
c902760f
MT		 2780 } while (ret != 0 && errno == EINTR);
2781
2782 if (ret != 0) {
9742bf26
YT		 2783 perror(path);
2784 return 0;
c902760f
MT		 2785 }
2786
2787 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2788 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2789
2790 return fs.f_bsize;
2791}
2792
04b16653
AW		 2793static void *file_ram_alloc(RAMBlock *block,
2794 ram_addr_t memory,
2795 const char *path)
c902760f
MT		 2796{
2797 char *filename;
2798 void *area;
2799 int fd;
2800#ifdef MAP_POPULATE
2801 int flags;
2802#endif
2803 unsigned long hpagesize;
2804
2805 hpagesize = gethugepagesize(path);
2806 if (!hpagesize) {
9742bf26 2807 return NULL;
c902760f
MT		 2808 }
2809
2810 if (memory < hpagesize) {
2811 return NULL;
2812 }
2813
2814 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2815 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2816 return NULL;
2817 }
2818
2819 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2820 return NULL;
c902760f
MT		 2821 }
2822
2823 fd = mkstemp(filename);
2824 if (fd < 0) {
9742bf26
YT		 2825 perror("unable to create backing store for hugepages");
2826 free(filename);
2827 return NULL;
c902760f
MT		 2828 }
2829 unlink(filename);
2830 free(filename);
2831
2832 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2833
2834 /*
2835 * ftruncate is not supported by hugetlbfs in older
2836 * hosts, so don't bother bailing out on errors.
2837 * If anything goes wrong with it under other filesystems,
2838 * mmap will fail.
2839 */
2840 if (ftruncate(fd, memory))
9742bf26 2841 perror("ftruncate");
c902760f
MT		 2842
2843#ifdef MAP_POPULATE
2844 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2845 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2846 * to sidestep this quirk.
2847 */
2848 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2849 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2850#else
2851 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2852#endif
2853 if (area == MAP_FAILED) {
9742bf26
YT		 2854 perror("file_ram_alloc: can't mmap RAM pages");
2855 close(fd);
2856 return (NULL);
c902760f 2857 }
04b16653 2858 block->fd = fd;
c902760f
MT		 2859 return area;
2860}
2861#endif
2862
d17b5288 2863static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2864{
2865 RAMBlock *block, *next_block;
09d7ae90 2866 ram_addr_t offset = 0, mingap = ULONG_MAX;
04b16653
AW		 2867
2868 if (QLIST_EMPTY(&ram_list.blocks))
2869 return 0;
2870
2871 QLIST_FOREACH(block, &ram_list.blocks, next) {
2872 ram_addr_t end, next = ULONG_MAX;
2873
2874 end = block->offset + block->length;
2875
2876 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2877 if (next_block->offset >= end) {
2878 next = MIN(next, next_block->offset);
2879 }
2880 }
2881 if (next - end >= size && next - end < mingap) {
2882 offset = end;
2883 mingap = next - end;
2884 }
2885 }
2886 return offset;
2887}
2888
2889static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2890{
2891 RAMBlock *block;
2892 ram_addr_t last = 0;
2893
2894 QLIST_FOREACH(block, &ram_list.blocks, next)
2895 last = MAX(last, block->offset + block->length);
2896
2897 return last;
2898}
2899
84b89d78 2900ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
6977dfe6 2901 ram_addr_t size, void *host)
84b89d78
CM		 2902{
2903 RAMBlock *new_block, *block;
2904
2905 size = TARGET_PAGE_ALIGN(size);
2906 new_block = qemu_mallocz(sizeof(*new_block));
2907
2908 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2909 char *id = dev->parent_bus->info->get_dev_path(dev);
2910 if (id) {
2911 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2912 qemu_free(id);
2913 }
2914 }
2915 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2916
2917 QLIST_FOREACH(block, &ram_list.blocks, next) {
2918 if (!strcmp(block->idstr, new_block->idstr)) {
2919 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2920 new_block->idstr);
2921 abort();
2922 }
2923 }
2924
432d268c 2925 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2926 if (host) {
2927 new_block->host = host;
cd19cfa2 2928 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2929 } else {
2930 if (mem_path) {
c902760f 2931#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2932 new_block->host = file_ram_alloc(new_block, size, mem_path);
2933 if (!new_block->host) {
2934 new_block->host = qemu_vmalloc(size);
e78815a5 2935 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2936 }
c902760f 2937#else
6977dfe6
YT		 2938 fprintf(stderr, "-mem-path option unsupported\n");
2939 exit(1);
c902760f 2940#endif
6977dfe6 2941 } else {
6b02494d 2942#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2943 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2944 an system defined value, which is at least 256GB. Larger systems
2945 have larger values. We put the guest between the end of data
2946 segment (system break) and this value. We use 32GB as a base to
2947 have enough room for the system break to grow. */
2948 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2949 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2950 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2951 if (new_block->host == MAP_FAILED) {
2952 fprintf(stderr, "Allocating RAM failed\n");
2953 abort();
2954 }
6b02494d 2955#else
868bb33f 2956 if (xen_enabled()) {
432d268c
JN		 2957 xen_ram_alloc(new_block->offset, size);
2958 } else {
2959 new_block->host = qemu_vmalloc(size);
2960 }
6b02494d 2961#endif
e78815a5 2962 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2963 }
c902760f 2964 }
94a6b54f
PB		 2965 new_block->length = size;
2966
f471a17e 2967 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2968
f471a17e 2969 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
04b16653 2970 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2971 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2972 0xff, size >> TARGET_PAGE_BITS);
2973
6f0437e8
JK		 2974 if (kvm_enabled())
2975 kvm_setup_guest_memory(new_block->host, size);
2976
94a6b54f
PB		 2977 return new_block->offset;
2978}
e9a1ab19 2979
6977dfe6
YT		 2980ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2981{
2982 return qemu_ram_alloc_from_ptr(dev, name, size, NULL);
2983}
2984
1f2e98b6
AW		 2985void qemu_ram_free_from_ptr(ram_addr_t addr)
2986{
2987 RAMBlock *block;
2988
2989 QLIST_FOREACH(block, &ram_list.blocks, next) {
2990 if (addr == block->offset) {
2991 QLIST_REMOVE(block, next);
2992 qemu_free(block);
2993 return;
2994 }
2995 }
2996}
2997
c227f099 2998void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2999{
04b16653
AW		 3000 RAMBlock *block;
3001
3002 QLIST_FOREACH(block, &ram_list.blocks, next) {
3003 if (addr == block->offset) {
3004 QLIST_REMOVE(block, next);
cd19cfa2
HY		 3005 if (block->flags & RAM_PREALLOC_MASK) {
3006 ;
3007 } else if (mem_path) {
04b16653
AW		 3008#if defined (__linux__) && !defined(TARGET_S390X)
3009 if (block->fd) {
3010 munmap(block->host, block->length);
3011 close(block->fd);
3012 } else {
3013 qemu_vfree(block->host);
3014 }
fd28aa13
JK		 3015#else
3016 abort();
04b16653
AW		 3017#endif
3018 } else {
3019#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3020 munmap(block->host, block->length);
3021#else
868bb33f 3022 if (xen_enabled()) {
e41d7c69 3023 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 3024 } else {
3025 qemu_vfree(block->host);
3026 }
04b16653
AW		 3027#endif
3028 }
3029 qemu_free(block);
3030 return;
3031 }
3032 }
3033
e9a1ab19
FB		 3034}
3035
cd19cfa2
HY		 3036#ifndef _WIN32
3037void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3038{
3039 RAMBlock *block;
3040 ram_addr_t offset;
3041 int flags;
3042 void *area, *vaddr;
3043
3044 QLIST_FOREACH(block, &ram_list.blocks, next) {
3045 offset = addr - block->offset;
3046 if (offset < block->length) {
3047 vaddr = block->host + offset;
3048 if (block->flags & RAM_PREALLOC_MASK) {
3049 ;
3050 } else {
3051 flags = MAP_FIXED;
3052 munmap(vaddr, length);
3053 if (mem_path) {
3054#if defined(__linux__) && !defined(TARGET_S390X)
3055 if (block->fd) {
3056#ifdef MAP_POPULATE
3057 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3058 MAP_PRIVATE;
3059#else
3060 flags |= MAP_PRIVATE;
3061#endif
3062 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3063 flags, block->fd, offset);
3064 } else {
3065 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3066 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3067 flags, -1, 0);
3068 }
fd28aa13
JK		 3069#else
3070 abort();
cd19cfa2
HY		 3071#endif
3072 } else {
3073#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3074 flags |= MAP_SHARED | MAP_ANONYMOUS;
3075 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3076 flags, -1, 0);
3077#else
3078 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3079 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3080 flags, -1, 0);
3081#endif
3082 }
3083 if (area != vaddr) {
3084 fprintf(stderr, "Could not remap addr: %lx@%lx\n",
3085 length, addr);
3086 exit(1);
3087 }
3088 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3089 }
3090 return;
3091 }
3092 }
3093}
3094#endif /* !_WIN32 */
3095
dc828ca1 3096/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3097 With the exception of the softmmu code in this file, this should
3098 only be used for local memory (e.g. video ram) that the device owns,
3099 and knows it isn't going to access beyond the end of the block.
3100
3101 It should not be used for general purpose DMA.
3102 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3103 */
c227f099 3104void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3105{
94a6b54f
PB		 3106 RAMBlock *block;
3107
f471a17e
AW		 3108 QLIST_FOREACH(block, &ram_list.blocks, next) {
3109 if (addr - block->offset < block->length) {
7d82af38
VP		 3110 /* Move this entry to to start of the list. */
3111 if (block != QLIST_FIRST(&ram_list.blocks)) {
3112 QLIST_REMOVE(block, next);
3113 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3114 }
868bb33f 3115 if (xen_enabled()) {
432d268c
JN		 3116 /* We need to check if the requested address is in the RAM
3117 * because we don't want to map the entire memory in QEMU.
712c2b41 3118 * In that case just map until the end of the page.
432d268c
JN		 3119 */
3120 if (block->offset == 0) {
e41d7c69 3121 return xen_map_cache(addr, 0, 0);
432d268c 3122 } else if (block->host == NULL) {
e41d7c69
JK		 3123 block->host =
3124 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3125 }
3126 }
f471a17e
AW		 3127 return block->host + (addr - block->offset);
3128 }
94a6b54f 3129 }
f471a17e
AW		 3130
3131 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3132 abort();
3133
3134 return NULL;
dc828ca1
PB		 3135}
3136
b2e0a138
MT		 3137/* Return a host pointer to ram allocated with qemu_ram_alloc.
3138 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3139 */
3140void *qemu_safe_ram_ptr(ram_addr_t addr)
3141{
3142 RAMBlock *block;
3143
3144 QLIST_FOREACH(block, &ram_list.blocks, next) {
3145 if (addr - block->offset < block->length) {
868bb33f 3146 if (xen_enabled()) {
432d268c
JN		 3147 /* We need to check if the requested address is in the RAM
3148 * because we don't want to map the entire memory in QEMU.
712c2b41 3149 * In that case just map until the end of the page.
432d268c
JN		 3150 */
3151 if (block->offset == 0) {
e41d7c69 3152 return xen_map_cache(addr, 0, 0);
432d268c 3153 } else if (block->host == NULL) {
e41d7c69
JK		 3154 block->host =
3155 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3156 }
3157 }
b2e0a138
MT		 3158 return block->host + (addr - block->offset);
3159 }
3160 }
3161
3162 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3163 abort();
3164
3165 return NULL;
3166}
3167
38bee5dc
SS		 3168/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3169 * but takes a size argument */
8ab934f9 3170void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3171{
8ab934f9
SS		 3172 if (*size == 0) {
3173 return NULL;
3174 }
868bb33f 3175 if (xen_enabled()) {
e41d7c69 3176 return xen_map_cache(addr, *size, 1);
868bb33f 3177 } else {
38bee5dc
SS		 3178 RAMBlock *block;
3179
3180 QLIST_FOREACH(block, &ram_list.blocks, next) {
3181 if (addr - block->offset < block->length) {
3182 if (addr - block->offset + *size > block->length)
3183 *size = block->length - addr + block->offset;
3184 return block->host + (addr - block->offset);
3185 }
3186 }
3187
3188 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3189 abort();
38bee5dc
SS		 3190 }
3191}
3192
050a0ddf
AP		 3193void qemu_put_ram_ptr(void *addr)
3194{
3195 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3196}
3197
e890261f 3198int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3199{
94a6b54f
PB		 3200 RAMBlock *block;
3201 uint8_t *host = ptr;
3202
868bb33f 3203 if (xen_enabled()) {
e41d7c69 3204 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3205 return 0;
3206 }
3207
f471a17e 3208 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3209 /* This case append when the block is not mapped. */
3210 if (block->host == NULL) {
3211 continue;
3212 }
f471a17e 3213 if (host - block->host < block->length) {
e890261f
MT		 3214 *ram_addr = block->offset + (host - block->host);
3215 return 0;
f471a17e 3216 }
94a6b54f 3217 }
432d268c 3218
e890261f
MT		 3219 return -1;
3220}
f471a17e 3221
e890261f
MT		 3222/* Some of the softmmu routines need to translate from a host pointer
3223 (typically a TLB entry) back to a ram offset. */
3224ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3225{
3226 ram_addr_t ram_addr;
f471a17e 3227
e890261f
MT		 3228 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3229 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3230 abort();
3231 }
3232 return ram_addr;
5579c7f3
PB		 3233}
3234
c227f099 3235static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
33417e70 3236{
67d3b957 3237#ifdef DEBUG_UNASSIGNED
ab3d1727 3238 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
b4f0a316 3239#endif
5b450407 3240#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3241 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 1);
e18231a3
BS		 3242#endif
3243 return 0;
3244}
3245
c227f099 3246static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
e18231a3
BS		 3247{
3248#ifdef DEBUG_UNASSIGNED
3249 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3250#endif
5b450407 3251#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3252 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 2);
e18231a3
BS		 3253#endif
3254 return 0;
3255}
3256
c227f099 3257static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
e18231a3
BS		 3258{
3259#ifdef DEBUG_UNASSIGNED
3260 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3261#endif
5b450407 3262#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3263 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 4);
67d3b957 3264#endif
33417e70
FB		 3265 return 0;
3266}
3267
c227f099 3268static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
33417e70 3269{
67d3b957 3270#ifdef DEBUG_UNASSIGNED
ab3d1727 3271 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
67d3b957 3272#endif
5b450407 3273#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3274 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 1);
e18231a3
BS		 3275#endif
3276}
3277
c227f099 3278static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
e18231a3
BS		 3279{
3280#ifdef DEBUG_UNASSIGNED
3281 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3282#endif
5b450407 3283#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3284 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 2);
e18231a3
BS		 3285#endif
3286}
3287
c227f099 3288static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
e18231a3
BS		 3289{
3290#ifdef DEBUG_UNASSIGNED
3291 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3292#endif
5b450407 3293#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3294 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 4);
b4f0a316 3295#endif
33417e70
FB		 3296}
3297
d60efc6b 3298static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
33417e70 3299 unassigned_mem_readb,
e18231a3
BS		 3300 unassigned_mem_readw,
3301 unassigned_mem_readl,
33417e70
FB		 3302};
3303
d60efc6b 3304static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
33417e70 3305 unassigned_mem_writeb,
e18231a3
BS		 3306 unassigned_mem_writew,
3307 unassigned_mem_writel,
33417e70
FB		 3308};
3309
c227f099 3310static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
0f459d16 3311 uint32_t val)
9fa3e853 3312{
3a7d929e 3313 int dirty_flags;
f7c11b53 3314 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3315 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3316#if !defined(CONFIG_USER_ONLY)
3a7d929e 3317 tb_invalidate_phys_page_fast(ram_addr, 1);
f7c11b53 3318 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3319#endif
3a7d929e 3320 }
5579c7f3 3321 stb_p(qemu_get_ram_ptr(ram_addr), val);
f23db169 3322 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3323 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3324 /* we remove the notdirty callback only if the code has been
3325 flushed */
3326 if (dirty_flags == 0xff)
2e70f6ef 3327 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3328}
3329
c227f099 3330static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
0f459d16 3331 uint32_t val)
9fa3e853 3332{
3a7d929e 3333 int dirty_flags;
f7c11b53 3334 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3335 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3336#if !defined(CONFIG_USER_ONLY)
3a7d929e 3337 tb_invalidate_phys_page_fast(ram_addr, 2);
f7c11b53 3338 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3339#endif
3a7d929e 3340 }
5579c7f3 3341 stw_p(qemu_get_ram_ptr(ram_addr), val);
f23db169 3342 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3343 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3344 /* we remove the notdirty callback only if the code has been
3345 flushed */
3346 if (dirty_flags == 0xff)
2e70f6ef 3347 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3348}
3349
c227f099 3350static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
0f459d16 3351 uint32_t val)
9fa3e853 3352{
3a7d929e 3353 int dirty_flags;
f7c11b53 3354 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3355 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3356#if !defined(CONFIG_USER_ONLY)
3a7d929e 3357 tb_invalidate_phys_page_fast(ram_addr, 4);
f7c11b53 3358 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3359#endif
3a7d929e 3360 }
5579c7f3 3361 stl_p(qemu_get_ram_ptr(ram_addr), val);
f23db169 3362 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3363 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3364 /* we remove the notdirty callback only if the code has been
3365 flushed */
3366 if (dirty_flags == 0xff)
2e70f6ef 3367 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3368}
3369
d60efc6b 3370static CPUReadMemoryFunc * const error_mem_read[3] = {
9fa3e853
FB		 3371 NULL, /* never used */
3372 NULL, /* never used */
3373 NULL, /* never used */
3374};
3375
d60efc6b 3376static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
1ccde1cb
FB		 3377 notdirty_mem_writeb,
3378 notdirty_mem_writew,
3379 notdirty_mem_writel,
3380};
3381
0f459d16 3382/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3383static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3384{
3385 CPUState *env = cpu_single_env;
06d55cc1
AL		 3386 target_ulong pc, cs_base;
3387 TranslationBlock *tb;
0f459d16 3388 target_ulong vaddr;
a1d1bb31 3389 CPUWatchpoint *wp;
06d55cc1 3390 int cpu_flags;
0f459d16 3391
06d55cc1
AL		 3392 if (env->watchpoint_hit) {
3393 /* We re-entered the check after replacing the TB. Now raise
3394 * the debug interrupt so that is will trigger after the
3395 * current instruction. */
3396 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3397 return;
3398 }
2e70f6ef 3399 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3400 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3401 if ((vaddr == (wp->vaddr & len_mask) ||
3402 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3403 wp->flags |= BP_WATCHPOINT_HIT;
3404 if (!env->watchpoint_hit) {
3405 env->watchpoint_hit = wp;
3406 tb = tb_find_pc(env->mem_io_pc);
3407 if (!tb) {
3408 cpu_abort(env, "check_watchpoint: could not find TB for "
3409 "pc=%p", (void *)env->mem_io_pc);
3410 }
618ba8e6 3411 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3412 tb_phys_invalidate(tb, -1);
3413 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3414 env->exception_index = EXCP_DEBUG;
3415 } else {
3416 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3417 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3418 }
3419 cpu_resume_from_signal(env, NULL);
06d55cc1 3420 }
6e140f28
AL		 3421 } else {
3422 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3423 }
3424 }
3425}
3426
6658ffb8
PB		 3427/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3428 so these check for a hit then pass through to the normal out-of-line
3429 phys routines. */
c227f099 3430static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
6658ffb8 3431{
b4051334 3432 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
6658ffb8
PB		 3433 return ldub_phys(addr);
3434}
3435
c227f099 3436static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
6658ffb8 3437{
b4051334 3438 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
6658ffb8
PB		 3439 return lduw_phys(addr);
3440}
3441
c227f099 3442static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
6658ffb8 3443{
b4051334 3444 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
6658ffb8
PB		 3445 return ldl_phys(addr);
3446}
3447
c227f099 3448static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
6658ffb8
PB		 3449 uint32_t val)
3450{
b4051334 3451 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
6658ffb8
PB		 3452 stb_phys(addr, val);
3453}
3454
c227f099 3455static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
6658ffb8
PB		 3456 uint32_t val)
3457{
b4051334 3458 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
6658ffb8
PB		 3459 stw_phys(addr, val);
3460}
3461
c227f099 3462static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
6658ffb8
PB		 3463 uint32_t val)
3464{
b4051334 3465 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
6658ffb8
PB		 3466 stl_phys(addr, val);
3467}
3468
d60efc6b 3469static CPUReadMemoryFunc * const watch_mem_read[3] = {
6658ffb8
PB		 3470 watch_mem_readb,
3471 watch_mem_readw,
3472 watch_mem_readl,
3473};
3474
d60efc6b 3475static CPUWriteMemoryFunc * const watch_mem_write[3] = {
6658ffb8
PB		 3476 watch_mem_writeb,
3477 watch_mem_writew,
3478 watch_mem_writel,
3479};
6658ffb8 3480
f6405247
RH		 3481static inline uint32_t subpage_readlen (subpage_t *mmio,
3482 target_phys_addr_t addr,
3483 unsigned int len)
db7b5426 3484{
f6405247 3485 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426
BS		 3486#if defined(DEBUG_SUBPAGE)
3487 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3488 mmio, len, addr, idx);
3489#endif
db7b5426 3490
f6405247
RH		 3491 addr += mmio->region_offset[idx];
3492 idx = mmio->sub_io_index[idx];
3493 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
db7b5426
BS		 3494}
3495
c227f099 3496static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
f6405247 3497 uint32_t value, unsigned int len)
db7b5426 3498{
f6405247 3499 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426 3500#if defined(DEBUG_SUBPAGE)
f6405247
RH		 3501 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3502 __func__, mmio, len, addr, idx, value);
db7b5426 3503#endif
f6405247
RH		 3504
3505 addr += mmio->region_offset[idx];
3506 idx = mmio->sub_io_index[idx];
3507 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
db7b5426
BS		 3508}
3509
c227f099 3510static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
db7b5426 3511{
db7b5426
BS		 3512 return subpage_readlen(opaque, addr, 0);
3513}
3514
c227f099 3515static void subpage_writeb (void *opaque, target_phys_addr_t addr,
db7b5426
BS		 3516 uint32_t value)
3517{
db7b5426
BS		 3518 subpage_writelen(opaque, addr, value, 0);
3519}
3520
c227f099 3521static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
db7b5426 3522{
db7b5426
BS		 3523 return subpage_readlen(opaque, addr, 1);
3524}
3525
c227f099 3526static void subpage_writew (void *opaque, target_phys_addr_t addr,
db7b5426
BS		 3527 uint32_t value)
3528{
db7b5426
BS		 3529 subpage_writelen(opaque, addr, value, 1);
3530}
3531
c227f099 3532static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
db7b5426 3533{
db7b5426
BS		 3534 return subpage_readlen(opaque, addr, 2);
3535}
3536
f6405247
RH		 3537static void subpage_writel (void *opaque, target_phys_addr_t addr,
3538 uint32_t value)
db7b5426 3539{
db7b5426
BS		 3540 subpage_writelen(opaque, addr, value, 2);
3541}
3542
d60efc6b 3543static CPUReadMemoryFunc * const subpage_read[] = {
db7b5426
BS		 3544 &subpage_readb,
3545 &subpage_readw,
3546 &subpage_readl,
3547};
3548
d60efc6b 3549static CPUWriteMemoryFunc * const subpage_write[] = {
db7b5426
BS		 3550 &subpage_writeb,
3551 &subpage_writew,
3552 &subpage_writel,
3553};
3554
c227f099
AL		 3555static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3556 ram_addr_t memory, ram_addr_t region_offset)
db7b5426
BS		 3557{
3558 int idx, eidx;
3559
3560 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3561 return -1;
3562 idx = SUBPAGE_IDX(start);
3563 eidx = SUBPAGE_IDX(end);
3564#if defined(DEBUG_SUBPAGE)
0bf9e31a 3565 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3566 mmio, start, end, idx, eidx, memory);
3567#endif
95c318f5
GN		 3568 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
3569 memory = IO_MEM_UNASSIGNED;
f6405247 3570 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
db7b5426 3571 for (; idx <= eidx; idx++) {
f6405247
RH		 3572 mmio->sub_io_index[idx] = memory;
3573 mmio->region_offset[idx] = region_offset;
db7b5426
BS		 3574 }
3575
3576 return 0;
3577}
3578
f6405247
RH		 3579static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3580 ram_addr_t orig_memory,
3581 ram_addr_t region_offset)
db7b5426 3582{
c227f099 3583 subpage_t *mmio;
db7b5426
BS		 3584 int subpage_memory;
3585
c227f099 3586 mmio = qemu_mallocz(sizeof(subpage_t));
1eec614b
AL		 3587
3588 mmio->base = base;
2507c12a
AG		 3589 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio,
3590 DEVICE_NATIVE_ENDIAN);
db7b5426 3591#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3592 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3593 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3594#endif
1eec614b 3595 *phys = subpage_memory | IO_MEM_SUBPAGE;
f6405247 3596 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
db7b5426
BS		 3597
3598 return mmio;
3599}
3600
88715657
AL		 3601static int get_free_io_mem_idx(void)
3602{
3603 int i;
3604
3605 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3606 if (!io_mem_used[i]) {
3607 io_mem_used[i] = 1;
3608 return i;
3609 }
c6703b47 3610 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3611 return -1;
3612}
3613
dd310534
AG		 3614/*
3615 * Usually, devices operate in little endian mode. There are devices out
3616 * there that operate in big endian too. Each device gets byte swapped
3617 * mmio if plugged onto a CPU that does the other endianness.
3618 *
3619 * CPU Device swap?
3620 *
3621 * little little no
3622 * little big yes
3623 * big little yes
3624 * big big no
3625 */
3626
3627typedef struct SwapEndianContainer {
3628 CPUReadMemoryFunc *read[3];
3629 CPUWriteMemoryFunc *write[3];
3630 void *opaque;
3631} SwapEndianContainer;
3632
3633static uint32_t swapendian_mem_readb (void *opaque, target_phys_addr_t addr)
3634{
3635 uint32_t val;
3636 SwapEndianContainer *c = opaque;
3637 val = c->read[0](c->opaque, addr);
3638 return val;
3639}
3640
3641static uint32_t swapendian_mem_readw(void *opaque, target_phys_addr_t addr)
3642{
3643 uint32_t val;
3644 SwapEndianContainer *c = opaque;
3645 val = bswap16(c->read[1](c->opaque, addr));
3646 return val;
3647}
3648
3649static uint32_t swapendian_mem_readl(void *opaque, target_phys_addr_t addr)
3650{
3651 uint32_t val;
3652 SwapEndianContainer *c = opaque;
3653 val = bswap32(c->read[2](c->opaque, addr));
3654 return val;
3655}
3656
3657static CPUReadMemoryFunc * const swapendian_readfn[3]={
3658 swapendian_mem_readb,
3659 swapendian_mem_readw,
3660 swapendian_mem_readl
3661};
3662
3663static void swapendian_mem_writeb(void *opaque, target_phys_addr_t addr,
3664 uint32_t val)
3665{
3666 SwapEndianContainer *c = opaque;
3667 c->write[0](c->opaque, addr, val);
3668}
3669
3670static void swapendian_mem_writew(void *opaque, target_phys_addr_t addr,
3671 uint32_t val)
3672{
3673 SwapEndianContainer *c = opaque;
3674 c->write[1](c->opaque, addr, bswap16(val));
3675}
3676
3677static void swapendian_mem_writel(void *opaque, target_phys_addr_t addr,
3678 uint32_t val)
3679{
3680 SwapEndianContainer *c = opaque;
3681 c->write[2](c->opaque, addr, bswap32(val));
3682}
3683
3684static CPUWriteMemoryFunc * const swapendian_writefn[3]={
3685 swapendian_mem_writeb,
3686 swapendian_mem_writew,
3687 swapendian_mem_writel
3688};
3689
3690static void swapendian_init(int io_index)
3691{
3692 SwapEndianContainer *c = qemu_malloc(sizeof(SwapEndianContainer));
3693 int i;
3694
3695 /* Swap mmio for big endian targets */
3696 c->opaque = io_mem_opaque[io_index];
3697 for (i = 0; i < 3; i++) {
3698 c->read[i] = io_mem_read[io_index][i];
3699 c->write[i] = io_mem_write[io_index][i];
3700
3701 io_mem_read[io_index][i] = swapendian_readfn[i];
3702 io_mem_write[io_index][i] = swapendian_writefn[i];
3703 }
3704 io_mem_opaque[io_index] = c;
3705}
3706
3707static void swapendian_del(int io_index)
3708{
3709 if (io_mem_read[io_index][0] == swapendian_readfn[0]) {
3710 qemu_free(io_mem_opaque[io_index]);
3711 }
3712}
3713
33417e70
FB		 3714/* mem_read and mem_write are arrays of functions containing the
3715 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3716 2). Functions can be omitted with a NULL function pointer.
3ee89922 3717 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3718 modified. If it is zero, a new io zone is allocated. The return
3719 value can be used with cpu_register_physical_memory(). (-1) is
3720 returned if error. */
1eed09cb 3721static int cpu_register_io_memory_fixed(int io_index,
d60efc6b
BS		 3722 CPUReadMemoryFunc * const *mem_read,
3723 CPUWriteMemoryFunc * const *mem_write,
dd310534 3724 void *opaque, enum device_endian endian)
33417e70 3725{
3cab721d
RH		 3726 int i;
3727
33417e70 3728 if (io_index <= 0) {
88715657
AL		 3729 io_index = get_free_io_mem_idx();
3730 if (io_index == -1)
3731 return io_index;
33417e70 3732 } else {
1eed09cb 3733 io_index >>= IO_MEM_SHIFT;
33417e70
FB		 3734 if (io_index >= IO_MEM_NB_ENTRIES)
3735 return -1;
3736 }
b5ff1b31 3737
3cab721d
RH		 3738 for (i = 0; i < 3; ++i) {
3739 io_mem_read[io_index][i]
3740 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3741 }
3742 for (i = 0; i < 3; ++i) {
3743 io_mem_write[io_index][i]
3744 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3745 }
a4193c8a 3746 io_mem_opaque[io_index] = opaque;
f6405247 3747
dd310534
AG		 3748 switch (endian) {
3749 case DEVICE_BIG_ENDIAN:
3750#ifndef TARGET_WORDS_BIGENDIAN
3751 swapendian_init(io_index);
3752#endif
3753 break;
3754 case DEVICE_LITTLE_ENDIAN:
3755#ifdef TARGET_WORDS_BIGENDIAN
3756 swapendian_init(io_index);
3757#endif
3758 break;
3759 case DEVICE_NATIVE_ENDIAN:
3760 default:
3761 break;
3762 }
3763
f6405247 3764 return (io_index << IO_MEM_SHIFT);
33417e70 3765}
61382a50 3766
d60efc6b
BS		 3767int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3768 CPUWriteMemoryFunc * const *mem_write,
dd310534 3769 void *opaque, enum device_endian endian)
1eed09cb 3770{
2507c12a 3771 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque, endian);
1eed09cb
AK		 3772}
3773
88715657
AL		 3774void cpu_unregister_io_memory(int io_table_address)
3775{
3776 int i;
3777 int io_index = io_table_address >> IO_MEM_SHIFT;
3778
dd310534
AG		 3779 swapendian_del(io_index);
3780
88715657
AL		 3781 for (i=0;i < 3; i++) {
3782 io_mem_read[io_index][i] = unassigned_mem_read[i];
3783 io_mem_write[io_index][i] = unassigned_mem_write[i];
3784 }
3785 io_mem_opaque[io_index] = NULL;
3786 io_mem_used[io_index] = 0;
3787}
3788
e9179ce1
AK		 3789static void io_mem_init(void)
3790{
3791 int i;
3792
2507c12a
AG		 3793 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read,
3794 unassigned_mem_write, NULL,
3795 DEVICE_NATIVE_ENDIAN);
3796 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read,
3797 unassigned_mem_write, NULL,
3798 DEVICE_NATIVE_ENDIAN);
3799 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read,
3800 notdirty_mem_write, NULL,
3801 DEVICE_NATIVE_ENDIAN);
e9179ce1
AK		 3802 for (i=0; i<5; i++)
3803 io_mem_used[i] = 1;
3804
3805 io_mem_watch = cpu_register_io_memory(watch_mem_read,
2507c12a
AG		 3806 watch_mem_write, NULL,
3807 DEVICE_NATIVE_ENDIAN);
e9179ce1
AK		 3808}
3809
e2eef170
PB		 3810#endif /* !defined(CONFIG_USER_ONLY) */
3811
13eb76e0
FB		 3812/* physical memory access (slow version, mainly for debug) */
3813#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3814int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3815 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3816{
3817 int l, flags;
3818 target_ulong page;
53a5960a 3819 void * p;
13eb76e0
FB		 3820
3821 while (len > 0) {
3822 page = addr & TARGET_PAGE_MASK;
3823 l = (page + TARGET_PAGE_SIZE) - addr;
3824 if (l > len)
3825 l = len;
3826 flags = page_get_flags(page);
3827 if (!(flags & PAGE_VALID))
a68fe89c 3828 return -1;
13eb76e0
FB		 3829 if (is_write) {
3830 if (!(flags & PAGE_WRITE))
a68fe89c 3831 return -1;
579a97f7 3832 /* XXX: this code should not depend on lock_user */
72fb7daa 3833 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3834 return -1;
72fb7daa
AJ		 3835 memcpy(p, buf, l);
3836 unlock_user(p, addr, l);
13eb76e0
FB		 3837 } else {
3838 if (!(flags & PAGE_READ))
a68fe89c 3839 return -1;
579a97f7 3840 /* XXX: this code should not depend on lock_user */
72fb7daa 3841 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3842 return -1;
72fb7daa 3843 memcpy(buf, p, l);
5b257578 3844 unlock_user(p, addr, 0);
13eb76e0
FB		 3845 }
3846 len -= l;
3847 buf += l;
3848 addr += l;
3849 }
a68fe89c 3850 return 0;
13eb76e0 3851}
8df1cd07 3852
13eb76e0 3853#else
c227f099 3854void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3855 int len, int is_write)
3856{
3857 int l, io_index;
3858 uint8_t *ptr;
3859 uint32_t val;
c227f099 3860 target_phys_addr_t page;
2e12669a 3861 unsigned long pd;
92e873b9 3862 PhysPageDesc *p;
3b46e624 3863
13eb76e0
FB		 3864 while (len > 0) {
3865 page = addr & TARGET_PAGE_MASK;
3866 l = (page + TARGET_PAGE_SIZE) - addr;
3867 if (l > len)
3868 l = len;
92e873b9 3869 p = phys_page_find(page >> TARGET_PAGE_BITS);
13eb76e0
FB		 3870 if (!p) {
3871 pd = IO_MEM_UNASSIGNED;
3872 } else {
3873 pd = p->phys_offset;
3874 }
3b46e624 3875
13eb76e0 3876 if (is_write) {
3a7d929e 3877 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
c227f099 3878 target_phys_addr_t addr1 = addr;
13eb76e0 3879 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18 3880 if (p)
6c2934db 3881 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
6a00d601
FB		 3882 /* XXX: could force cpu_single_env to NULL to avoid
3883 potential bugs */
6c2934db 3884 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3885 /* 32 bit write access */
c27004ec 3886 val = ldl_p(buf);
6c2934db 3887 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
13eb76e0 3888 l = 4;
6c2934db 3889 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3890 /* 16 bit write access */
c27004ec 3891 val = lduw_p(buf);
6c2934db 3892 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
13eb76e0
FB		 3893 l = 2;
3894 } else {
1c213d19 3895 /* 8 bit write access */
c27004ec 3896 val = ldub_p(buf);
6c2934db 3897 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
13eb76e0
FB		 3898 l = 1;
3899 }
3900 } else {
b448f2f3
FB		 3901 unsigned long addr1;
3902 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3903 /* RAM case */
5579c7f3 3904 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3905 memcpy(ptr, buf, l);
3a7d929e
FB		 3906 if (!cpu_physical_memory_is_dirty(addr1)) {
3907 /* invalidate code */
3908 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3909 /* set dirty bit */
f7c11b53
YT		 3910 cpu_physical_memory_set_dirty_flags(
3911 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3912 }
050a0ddf 3913 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3914 }
3915 } else {
5fafdf24 3916 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2a4188a3 3917 !(pd & IO_MEM_ROMD)) {
c227f099 3918 target_phys_addr_t addr1 = addr;
13eb76e0
FB		 3919 /* I/O case */
3920 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18 3921 if (p)
6c2934db
AJ		 3922 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3923 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3924 /* 32 bit read access */
6c2934db 3925 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
c27004ec 3926 stl_p(buf, val);
13eb76e0 3927 l = 4;
6c2934db 3928 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3929 /* 16 bit read access */
6c2934db 3930 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
c27004ec 3931 stw_p(buf, val);
13eb76e0
FB		 3932 l = 2;
3933 } else {
1c213d19 3934 /* 8 bit read access */
6c2934db 3935 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
c27004ec 3936 stb_p(buf, val);
13eb76e0
FB		 3937 l = 1;
3938 }
3939 } else {
3940 /* RAM case */
050a0ddf
AP		 3941 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3942 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3943 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3944 }
3945 }
3946 len -= l;
3947 buf += l;
3948 addr += l;
3949 }
3950}
8df1cd07 3951
d0ecd2aa 3952/* used for ROM loading : can write in RAM and ROM */
c227f099 3953void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3954 const uint8_t *buf, int len)
3955{
3956 int l;
3957 uint8_t *ptr;
c227f099 3958 target_phys_addr_t page;
d0ecd2aa
FB		 3959 unsigned long pd;
3960 PhysPageDesc *p;
3b46e624 3961
d0ecd2aa
FB		 3962 while (len > 0) {
3963 page = addr & TARGET_PAGE_MASK;
3964 l = (page + TARGET_PAGE_SIZE) - addr;
3965 if (l > len)
3966 l = len;
3967 p = phys_page_find(page >> TARGET_PAGE_BITS);
3968 if (!p) {
3969 pd = IO_MEM_UNASSIGNED;
3970 } else {
3971 pd = p->phys_offset;
3972 }
3b46e624 3973
d0ecd2aa 3974 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2a4188a3
FB		 3975 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3976 !(pd & IO_MEM_ROMD)) {
d0ecd2aa
FB		 3977 /* do nothing */
3978 } else {
3979 unsigned long addr1;
3980 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3981 /* ROM/RAM case */
5579c7f3 3982 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3983 memcpy(ptr, buf, l);
050a0ddf 3984 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3985 }
3986 len -= l;
3987 buf += l;
3988 addr += l;
3989 }
3990}
3991
6d16c2f8
AL		 3992typedef struct {
3993 void *buffer;
c227f099
AL		 3994 target_phys_addr_t addr;
3995 target_phys_addr_t len;
6d16c2f8
AL		 3996} BounceBuffer;
3997
3998static BounceBuffer bounce;
3999
ba223c29
AL		 4000typedef struct MapClient {
4001 void *opaque;
4002 void (*callback)(void *opaque);
72cf2d4f 4003 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 4004} MapClient;
4005
72cf2d4f
BS		 4006static QLIST_HEAD(map_client_list, MapClient) map_client_list
4007 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 4008
4009void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
4010{
4011 MapClient *client = qemu_malloc(sizeof(*client));
4012
4013 client->opaque = opaque;
4014 client->callback = callback;
72cf2d4f 4015 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 4016 return client;
4017}
4018
4019void cpu_unregister_map_client(void *_client)
4020{
4021 MapClient *client = (MapClient *)_client;
4022
72cf2d4f 4023 QLIST_REMOVE(client, link);
34d5e948 4024 qemu_free(client);
ba223c29
AL		 4025}
4026
4027static void cpu_notify_map_clients(void)
4028{
4029 MapClient *client;
4030
72cf2d4f
BS		 4031 while (!QLIST_EMPTY(&map_client_list)) {
4032 client = QLIST_FIRST(&map_client_list);
ba223c29 4033 client->callback(client->opaque);
34d5e948 4034 cpu_unregister_map_client(client);
ba223c29
AL		 4035 }
4036}
4037
6d16c2f8
AL		 4038/* Map a physical memory region into a host virtual address.
4039 * May map a subset of the requested range, given by and returned in *plen.
4040 * May return NULL if resources needed to perform the mapping are exhausted.
4041 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 4042 * Use cpu_register_map_client() to know when retrying the map operation is
4043 * likely to succeed.
6d16c2f8 4044 */
c227f099
AL		 4045void *cpu_physical_memory_map(target_phys_addr_t addr,
4046 target_phys_addr_t *plen,
6d16c2f8
AL		 4047 int is_write)
4048{
c227f099 4049 target_phys_addr_t len = *plen;
38bee5dc 4050 target_phys_addr_t todo = 0;
6d16c2f8 4051 int l;
c227f099 4052 target_phys_addr_t page;
6d16c2f8
AL		 4053 unsigned long pd;
4054 PhysPageDesc *p;
8ab934f9
SS		 4055 ram_addr_t raddr = ULONG_MAX;
4056 ram_addr_t rlen;
4057 void *ret;
6d16c2f8
AL		 4058
4059 while (len > 0) {
4060 page = addr & TARGET_PAGE_MASK;
4061 l = (page + TARGET_PAGE_SIZE) - addr;
4062 if (l > len)
4063 l = len;
4064 p = phys_page_find(page >> TARGET_PAGE_BITS);
4065 if (!p) {
4066 pd = IO_MEM_UNASSIGNED;
4067 } else {
4068 pd = p->phys_offset;
4069 }
4070
4071 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
38bee5dc 4072 if (todo || bounce.buffer) {
6d16c2f8
AL		 4073 break;
4074 }
4075 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4076 bounce.addr = addr;
4077 bounce.len = l;
4078 if (!is_write) {
54f7b4a3 4079 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 4080 }
38bee5dc
SS		 4081
4082 *plen = l;
4083 return bounce.buffer;
6d16c2f8 4084 }
8ab934f9
SS		 4085 if (!todo) {
4086 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4087 }
6d16c2f8
AL		 4088
4089 len -= l;
4090 addr += l;
38bee5dc 4091 todo += l;
6d16c2f8 4092 }
8ab934f9
SS		 4093 rlen = todo;
4094 ret = qemu_ram_ptr_length(raddr, &rlen);
4095 *plen = rlen;
4096 return ret;
6d16c2f8
AL		 4097}
4098
4099/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4100 * Will also mark the memory as dirty if is_write == 1. access_len gives
4101 * the amount of memory that was actually read or written by the caller.
4102 */
c227f099
AL		 4103void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4104 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4105{
4106 if (buffer != bounce.buffer) {
4107 if (is_write) {
e890261f 4108 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4109 while (access_len) {
4110 unsigned l;
4111 l = TARGET_PAGE_SIZE;
4112 if (l > access_len)
4113 l = access_len;
4114 if (!cpu_physical_memory_is_dirty(addr1)) {
4115 /* invalidate code */
4116 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4117 /* set dirty bit */
f7c11b53
YT		 4118 cpu_physical_memory_set_dirty_flags(
4119 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4120 }
4121 addr1 += l;
4122 access_len -= l;
4123 }
4124 }
868bb33f 4125 if (xen_enabled()) {
e41d7c69 4126 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4127 }
6d16c2f8
AL		 4128 return;
4129 }
4130 if (is_write) {
4131 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4132 }
f8a83245 4133 qemu_vfree(bounce.buffer);
6d16c2f8 4134 bounce.buffer = NULL;
ba223c29 4135 cpu_notify_map_clients();
6d16c2f8 4136}
d0ecd2aa 4137
8df1cd07 4138/* warning: addr must be aligned */
1e78bcc1
AG		 4139static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4140 enum device_endian endian)
8df1cd07
FB		 4141{
4142 int io_index;
4143 uint8_t *ptr;
4144 uint32_t val;
4145 unsigned long pd;
4146 PhysPageDesc *p;
4147
4148 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4149 if (!p) {
4150 pd = IO_MEM_UNASSIGNED;
4151 } else {
4152 pd = p->phys_offset;
4153 }
3b46e624 4154
5fafdf24 4155 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2a4188a3 4156 !(pd & IO_MEM_ROMD)) {
8df1cd07
FB		 4157 /* I/O case */
4158 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4159 if (p)
4160 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
8df1cd07 4161 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
1e78bcc1
AG		 4162#if defined(TARGET_WORDS_BIGENDIAN)
4163 if (endian == DEVICE_LITTLE_ENDIAN) {
4164 val = bswap32(val);
4165 }
4166#else
4167 if (endian == DEVICE_BIG_ENDIAN) {
4168 val = bswap32(val);
4169 }
4170#endif
8df1cd07
FB		 4171 } else {
4172 /* RAM case */
5579c7f3 4173 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4174 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4175 switch (endian) {
4176 case DEVICE_LITTLE_ENDIAN:
4177 val = ldl_le_p(ptr);
4178 break;
4179 case DEVICE_BIG_ENDIAN:
4180 val = ldl_be_p(ptr);
4181 break;
4182 default:
4183 val = ldl_p(ptr);
4184 break;
4185 }
8df1cd07
FB		 4186 }
4187 return val;
4188}
4189
1e78bcc1
AG		 4190uint32_t ldl_phys(target_phys_addr_t addr)
4191{
4192 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4193}
4194
4195uint32_t ldl_le_phys(target_phys_addr_t addr)
4196{
4197 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4198}
4199
4200uint32_t ldl_be_phys(target_phys_addr_t addr)
4201{
4202 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4203}
4204
84b7b8e7 4205/* warning: addr must be aligned */
1e78bcc1
AG		 4206static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4207 enum device_endian endian)
84b7b8e7
FB		 4208{
4209 int io_index;
4210 uint8_t *ptr;
4211 uint64_t val;
4212 unsigned long pd;
4213 PhysPageDesc *p;
4214
4215 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4216 if (!p) {
4217 pd = IO_MEM_UNASSIGNED;
4218 } else {
4219 pd = p->phys_offset;
4220 }
3b46e624 4221
2a4188a3
FB		 4222 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4223 !(pd & IO_MEM_ROMD)) {
84b7b8e7
FB		 4224 /* I/O case */
4225 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4226 if (p)
4227 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
1e78bcc1
AG		 4228
4229 /* XXX This is broken when device endian != cpu endian.
4230 Fix and add "endian" variable check */
84b7b8e7
FB		 4231#ifdef TARGET_WORDS_BIGENDIAN
4232 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
4233 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
4234#else
4235 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4236 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
4237#endif
4238 } else {
4239 /* RAM case */
5579c7f3 4240 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4241 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4242 switch (endian) {
4243 case DEVICE_LITTLE_ENDIAN:
4244 val = ldq_le_p(ptr);
4245 break;
4246 case DEVICE_BIG_ENDIAN:
4247 val = ldq_be_p(ptr);
4248 break;
4249 default:
4250 val = ldq_p(ptr);
4251 break;
4252 }
84b7b8e7
FB		 4253 }
4254 return val;
4255}
4256
1e78bcc1
AG		 4257uint64_t ldq_phys(target_phys_addr_t addr)
4258{
4259 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4260}
4261
4262uint64_t ldq_le_phys(target_phys_addr_t addr)
4263{
4264 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4265}
4266
4267uint64_t ldq_be_phys(target_phys_addr_t addr)
4268{
4269 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4270}
4271
aab33094 4272/* XXX: optimize */
c227f099 4273uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4274{
4275 uint8_t val;
4276 cpu_physical_memory_read(addr, &val, 1);
4277 return val;
4278}
4279
733f0b02 4280/* warning: addr must be aligned */
1e78bcc1
AG		 4281static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4282 enum device_endian endian)
aab33094 4283{
733f0b02
MT		 4284 int io_index;
4285 uint8_t *ptr;
4286 uint64_t val;
4287 unsigned long pd;
4288 PhysPageDesc *p;
4289
4290 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4291 if (!p) {
4292 pd = IO_MEM_UNASSIGNED;
4293 } else {
4294 pd = p->phys_offset;
4295 }
4296
4297 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4298 !(pd & IO_MEM_ROMD)) {
4299 /* I/O case */
4300 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4301 if (p)
4302 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4303 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
1e78bcc1
AG		 4304#if defined(TARGET_WORDS_BIGENDIAN)
4305 if (endian == DEVICE_LITTLE_ENDIAN) {
4306 val = bswap16(val);
4307 }
4308#else
4309 if (endian == DEVICE_BIG_ENDIAN) {
4310 val = bswap16(val);
4311 }
4312#endif
733f0b02
MT		 4313 } else {
4314 /* RAM case */
4315 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4316 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4317 switch (endian) {
4318 case DEVICE_LITTLE_ENDIAN:
4319 val = lduw_le_p(ptr);
4320 break;
4321 case DEVICE_BIG_ENDIAN:
4322 val = lduw_be_p(ptr);
4323 break;
4324 default:
4325 val = lduw_p(ptr);
4326 break;
4327 }
733f0b02
MT		 4328 }
4329 return val;
aab33094
FB		 4330}
4331
1e78bcc1
AG		 4332uint32_t lduw_phys(target_phys_addr_t addr)
4333{
4334 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4335}
4336
4337uint32_t lduw_le_phys(target_phys_addr_t addr)
4338{
4339 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4340}
4341
4342uint32_t lduw_be_phys(target_phys_addr_t addr)
4343{
4344 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4345}
4346
8df1cd07
FB		 4347/* warning: addr must be aligned. The ram page is not masked as dirty
4348 and the code inside is not invalidated. It is useful if the dirty
4349 bits are used to track modified PTEs */
c227f099 4350void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4351{
4352 int io_index;
4353 uint8_t *ptr;
4354 unsigned long pd;
4355 PhysPageDesc *p;
4356
4357 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4358 if (!p) {
4359 pd = IO_MEM_UNASSIGNED;
4360 } else {
4361 pd = p->phys_offset;
4362 }
3b46e624 4363
3a7d929e 4364 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
8df1cd07 4365 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4366 if (p)
4367 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
8df1cd07
FB		 4368 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4369 } else {
74576198 4370 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4371 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4372 stl_p(ptr, val);
74576198
AL		 4373
4374 if (unlikely(in_migration)) {
4375 if (!cpu_physical_memory_is_dirty(addr1)) {
4376 /* invalidate code */
4377 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4378 /* set dirty bit */
f7c11b53
YT		 4379 cpu_physical_memory_set_dirty_flags(
4380 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4381 }
4382 }
8df1cd07
FB		 4383 }
4384}
4385
c227f099 4386void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4387{
4388 int io_index;
4389 uint8_t *ptr;
4390 unsigned long pd;
4391 PhysPageDesc *p;
4392
4393 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4394 if (!p) {
4395 pd = IO_MEM_UNASSIGNED;
4396 } else {
4397 pd = p->phys_offset;
4398 }
3b46e624 4399
bc98a7ef
JM		 4400 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4401 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4402 if (p)
4403 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
bc98a7ef
JM		 4404#ifdef TARGET_WORDS_BIGENDIAN
4405 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
4406 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
4407#else
4408 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4409 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
4410#endif
4411 } else {
5579c7f3 4412 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4413 (addr & ~TARGET_PAGE_MASK);
4414 stq_p(ptr, val);
4415 }
4416}
4417
8df1cd07 4418/* warning: addr must be aligned */
1e78bcc1
AG		 4419static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4420 enum device_endian endian)
8df1cd07
FB		 4421{
4422 int io_index;
4423 uint8_t *ptr;
4424 unsigned long pd;
4425 PhysPageDesc *p;
4426
4427 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4428 if (!p) {
4429 pd = IO_MEM_UNASSIGNED;
4430 } else {
4431 pd = p->phys_offset;
4432 }
3b46e624 4433
3a7d929e 4434 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
8df1cd07 4435 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4436 if (p)
4437 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
1e78bcc1
AG		 4438#if defined(TARGET_WORDS_BIGENDIAN)
4439 if (endian == DEVICE_LITTLE_ENDIAN) {
4440 val = bswap32(val);
4441 }
4442#else
4443 if (endian == DEVICE_BIG_ENDIAN) {
4444 val = bswap32(val);
4445 }
4446#endif
8df1cd07
FB		 4447 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4448 } else {
4449 unsigned long addr1;
4450 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4451 /* RAM case */
5579c7f3 4452 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4453 switch (endian) {
4454 case DEVICE_LITTLE_ENDIAN:
4455 stl_le_p(ptr, val);
4456 break;
4457 case DEVICE_BIG_ENDIAN:
4458 stl_be_p(ptr, val);
4459 break;
4460 default:
4461 stl_p(ptr, val);
4462 break;
4463 }
3a7d929e
FB		 4464 if (!cpu_physical_memory_is_dirty(addr1)) {
4465 /* invalidate code */
4466 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4467 /* set dirty bit */
f7c11b53
YT		 4468 cpu_physical_memory_set_dirty_flags(addr1,
4469 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4470 }
8df1cd07
FB		 4471 }
4472}
4473
1e78bcc1
AG		 4474void stl_phys(target_phys_addr_t addr, uint32_t val)
4475{
4476 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4477}
4478
4479void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4480{
4481 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4482}
4483
4484void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4485{
4486 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4487}
4488
aab33094 4489/* XXX: optimize */
c227f099 4490void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4491{
4492 uint8_t v = val;
4493 cpu_physical_memory_write(addr, &v, 1);
4494}
4495
733f0b02 4496/* warning: addr must be aligned */
1e78bcc1
AG		 4497static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4498 enum device_endian endian)
aab33094 4499{
733f0b02
MT		 4500 int io_index;
4501 uint8_t *ptr;
4502 unsigned long pd;
4503 PhysPageDesc *p;
4504
4505 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4506 if (!p) {
4507 pd = IO_MEM_UNASSIGNED;
4508 } else {
4509 pd = p->phys_offset;
4510 }
4511
4512 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4513 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4514 if (p)
4515 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
1e78bcc1
AG		 4516#if defined(TARGET_WORDS_BIGENDIAN)
4517 if (endian == DEVICE_LITTLE_ENDIAN) {
4518 val = bswap16(val);
4519 }
4520#else
4521 if (endian == DEVICE_BIG_ENDIAN) {
4522 val = bswap16(val);
4523 }
4524#endif
733f0b02
MT		 4525 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4526 } else {
4527 unsigned long addr1;
4528 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4529 /* RAM case */
4530 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4531 switch (endian) {
4532 case DEVICE_LITTLE_ENDIAN:
4533 stw_le_p(ptr, val);
4534 break;
4535 case DEVICE_BIG_ENDIAN:
4536 stw_be_p(ptr, val);
4537 break;
4538 default:
4539 stw_p(ptr, val);
4540 break;
4541 }
733f0b02
MT		 4542 if (!cpu_physical_memory_is_dirty(addr1)) {
4543 /* invalidate code */
4544 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4545 /* set dirty bit */
4546 cpu_physical_memory_set_dirty_flags(addr1,
4547 (0xff & ~CODE_DIRTY_FLAG));
4548 }
4549 }
aab33094
FB		 4550}
4551
1e78bcc1
AG		 4552void stw_phys(target_phys_addr_t addr, uint32_t val)
4553{
4554 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4555}
4556
4557void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4558{
4559 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4560}
4561
4562void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4563{
4564 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4565}
4566
aab33094 4567/* XXX: optimize */
c227f099 4568void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4569{
4570 val = tswap64(val);
71d2b725 4571 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4572}
4573
1e78bcc1
AG		 4574void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4575{
4576 val = cpu_to_le64(val);
4577 cpu_physical_memory_write(addr, &val, 8);
4578}
4579
4580void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4581{
4582 val = cpu_to_be64(val);
4583 cpu_physical_memory_write(addr, &val, 8);
4584}
4585
5e2972fd 4586/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4587int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4588 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4589{
4590 int l;
c227f099 4591 target_phys_addr_t phys_addr;
9b3c35e0 4592 target_ulong page;
13eb76e0
FB		 4593
4594 while (len > 0) {
4595 page = addr & TARGET_PAGE_MASK;
4596 phys_addr = cpu_get_phys_page_debug(env, page);
4597 /* if no physical page mapped, return an error */
4598 if (phys_addr == -1)
4599 return -1;
4600 l = (page + TARGET_PAGE_SIZE) - addr;
4601 if (l > len)
4602 l = len;
5e2972fd 4603 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4604 if (is_write)
4605 cpu_physical_memory_write_rom(phys_addr, buf, l);
4606 else
5e2972fd 4607 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4608 len -= l;
4609 buf += l;
4610 addr += l;
4611 }
4612 return 0;
4613}
a68fe89c 4614#endif
13eb76e0 4615
2e70f6ef
PB		 4616/* in deterministic execution mode, instructions doing device I/Os
4617 must be at the end of the TB */
4618void cpu_io_recompile(CPUState *env, void *retaddr)
4619{
4620 TranslationBlock *tb;
4621 uint32_t n, cflags;
4622 target_ulong pc, cs_base;
4623 uint64_t flags;
4624
4625 tb = tb_find_pc((unsigned long)retaddr);
4626 if (!tb) {
4627 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4628 retaddr);
4629 }
4630 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4631 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4632 /* Calculate how many instructions had been executed before the fault
bf20dc07 4633 occurred. */
2e70f6ef
PB		 4634 n = n - env->icount_decr.u16.low;
4635 /* Generate a new TB ending on the I/O insn. */
4636 n++;
4637 /* On MIPS and SH, delay slot instructions can only be restarted if
4638 they were already the first instruction in the TB. If this is not
bf20dc07 4639 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4640 branch. */
4641#if defined(TARGET_MIPS)
4642 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4643 env->active_tc.PC -= 4;
4644 env->icount_decr.u16.low++;
4645 env->hflags &= ~MIPS_HFLAG_BMASK;
4646 }
4647#elif defined(TARGET_SH4)
4648 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4649 && n > 1) {
4650 env->pc -= 2;
4651 env->icount_decr.u16.low++;
4652 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4653 }
4654#endif
4655 /* This should never happen. */
4656 if (n > CF_COUNT_MASK)
4657 cpu_abort(env, "TB too big during recompile");
4658
4659 cflags = n | CF_LAST_IO;
4660 pc = tb->pc;
4661 cs_base = tb->cs_base;
4662 flags = tb->flags;
4663 tb_phys_invalidate(tb, -1);
4664 /* FIXME: In theory this could raise an exception. In practice
4665 we have already translated the block once so it's probably ok. */
4666 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4667 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4668 the first in the TB) then we end up generating a whole new TB and
4669 repeating the fault, which is horribly inefficient.
4670 Better would be to execute just this insn uncached, or generate a
4671 second new TB. */
4672 cpu_resume_from_signal(env, NULL);
4673}
4674
b3755a91
PB		 4675#if !defined(CONFIG_USER_ONLY)
4676
055403b2 4677void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4678{
4679 int i, target_code_size, max_target_code_size;
4680 int direct_jmp_count, direct_jmp2_count, cross_page;
4681 TranslationBlock *tb;
3b46e624 4682
e3db7226
FB		 4683 target_code_size = 0;
4684 max_target_code_size = 0;
4685 cross_page = 0;
4686 direct_jmp_count = 0;
4687 direct_jmp2_count = 0;
4688 for(i = 0; i < nb_tbs; i++) {
4689 tb = &tbs[i];
4690 target_code_size += tb->size;
4691 if (tb->size > max_target_code_size)
4692 max_target_code_size = tb->size;
4693 if (tb->page_addr[1] != -1)
4694 cross_page++;
4695 if (tb->tb_next_offset[0] != 0xffff) {
4696 direct_jmp_count++;
4697 if (tb->tb_next_offset[1] != 0xffff) {
4698 direct_jmp2_count++;
4699 }
4700 }
4701 }
4702 /* XXX: avoid using doubles ? */
57fec1fe 4703 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4704 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4705 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4706 cpu_fprintf(f, "TB count %d/%d\n",
4707 nb_tbs, code_gen_max_blocks);
5fafdf24 4708 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4709 nb_tbs ? target_code_size / nb_tbs : 0,
4710 max_target_code_size);
055403b2 4711 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4712 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4713 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4714 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4715 cross_page,
e3db7226
FB		 4716 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4717 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4718 direct_jmp_count,
e3db7226
FB		 4719 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4720 direct_jmp2_count,
4721 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4722 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4723 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4724 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4725 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4726 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4727}
4728
61382a50
FB		 4729#define MMUSUFFIX _cmmu
4730#define GETPC() NULL
4731#define env cpu_single_env
b769d8fe 4732#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4733
4734#define SHIFT 0
4735#include "softmmu_template.h"
4736
4737#define SHIFT 1
4738#include "softmmu_template.h"
4739
4740#define SHIFT 2
4741#include "softmmu_template.h"
4742
4743#define SHIFT 3
4744#include "softmmu_template.h"
4745
4746#undef env
4747
4748#endif
Qemu copy for testing