]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: unify phys_map last level with intermediate levels
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 189typedef struct PhysPageDesc {
190 /* offset in host memory of the page + io_index in the low bits */
191 ram_addr_t phys_offset;
192 ram_addr_t region_offset;
193} PhysPageDesc;
194
4346ae3e
AK		 195typedef struct PhysPageEntry PhysPageEntry;
196
197struct PhysPageEntry {
198 union {
199 PhysPageDesc leaf;
200 PhysPageEntry *node;
201 } u;
202};
203
5cd2c5b6
RH		 204/* This is a multi-level map on the physical address space.
205 The bottom level has pointers to PhysPageDesc. */
4346ae3e 206static PhysPageEntry phys_map;
6d9a1304 207
e2eef170 208static void io_mem_init(void);
62152b8a 209static void memory_map_init(void);
e2eef170 210
33417e70 211/* io memory support */
a621f38d 212MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 213static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 214static MemoryRegion io_mem_watch;
6658ffb8 215#endif
33417e70 216
34865134 217/* log support */
1e8b27ca
JR		 218#ifdef WIN32
219static const char *logfilename = "qemu.log";
220#else
d9b630fd 221static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 222#endif
34865134
FB		 223FILE *logfile;
224int loglevel;
e735b91c 225static int log_append = 0;
34865134 226
e3db7226 227/* statistics */
b3755a91 228#if !defined(CONFIG_USER_ONLY)
e3db7226 229static int tlb_flush_count;
b3755a91 230#endif
e3db7226
FB		 231static int tb_flush_count;
232static int tb_phys_invalidate_count;
233
7cb69cae
FB		 234#ifdef _WIN32
235static void map_exec(void *addr, long size)
236{
237 DWORD old_protect;
238 VirtualProtect(addr, size,
239 PAGE_EXECUTE_READWRITE, &old_protect);
240
241}
242#else
243static void map_exec(void *addr, long size)
244{
4369415f 245 unsigned long start, end, page_size;
7cb69cae 246
4369415f 247 page_size = getpagesize();
7cb69cae 248 start = (unsigned long)addr;
4369415f 249 start &= ~(page_size - 1);
7cb69cae
FB		 250
251 end = (unsigned long)addr + size;
4369415f
FB		 252 end += page_size - 1;
253 end &= ~(page_size - 1);
7cb69cae
FB		 254
255 mprotect((void *)start, end - start,
256 PROT_READ | PROT_WRITE | PROT_EXEC);
257}
258#endif
259
b346ff46 260static void page_init(void)
54936004 261{
83fb7adf 262 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 263 TARGET_PAGE_SIZE */
c2b48b69
AL		 264#ifdef _WIN32
265 {
266 SYSTEM_INFO system_info;
267
268 GetSystemInfo(&system_info);
269 qemu_real_host_page_size = system_info.dwPageSize;
270 }
271#else
272 qemu_real_host_page_size = getpagesize();
273#endif
83fb7adf
FB		 274 if (qemu_host_page_size == 0)
275 qemu_host_page_size = qemu_real_host_page_size;
276 if (qemu_host_page_size < TARGET_PAGE_SIZE)
277 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 278 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 279
2e9a5713 280#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 281 {
f01576f1
JL		 282#ifdef HAVE_KINFO_GETVMMAP
283 struct kinfo_vmentry *freep;
284 int i, cnt;
285
286 freep = kinfo_getvmmap(getpid(), &cnt);
287 if (freep) {
288 mmap_lock();
289 for (i = 0; i < cnt; i++) {
290 unsigned long startaddr, endaddr;
291
292 startaddr = freep[i].kve_start;
293 endaddr = freep[i].kve_end;
294 if (h2g_valid(startaddr)) {
295 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
296
297 if (h2g_valid(endaddr)) {
298 endaddr = h2g(endaddr);
fd436907 299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 300 } else {
301#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
302 endaddr = ~0ul;
fd436907 303 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 304#endif
305 }
306 }
307 }
308 free(freep);
309 mmap_unlock();
310 }
311#else
50a9569b 312 FILE *f;
50a9569b 313
0776590d 314 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 315
fd436907 316 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 317 if (f) {
5cd2c5b6
RH		 318 mmap_lock();
319
50a9569b 320 do {
5cd2c5b6
RH		 321 unsigned long startaddr, endaddr;
322 int n;
323
324 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
325
326 if (n == 2 && h2g_valid(startaddr)) {
327 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
328
329 if (h2g_valid(endaddr)) {
330 endaddr = h2g(endaddr);
331 } else {
332 endaddr = ~0ul;
333 }
334 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 335 }
336 } while (!feof(f));
5cd2c5b6 337
50a9569b 338 fclose(f);
5cd2c5b6 339 mmap_unlock();
50a9569b 340 }
f01576f1 341#endif
50a9569b
AZ		 342 }
343#endif
54936004
FB		 344}
345
41c1b1c9 346static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 347{
41c1b1c9
PB		 348 PageDesc *pd;
349 void **lp;
350 int i;
351
5cd2c5b6 352#if defined(CONFIG_USER_ONLY)
7267c094 353 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 354# define ALLOC(P, SIZE) \
355 do { \
356 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
357 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 358 } while (0)
359#else
360# define ALLOC(P, SIZE) \
7267c094 361 do { P = g_malloc0(SIZE); } while (0)
17e2377a 362#endif
434929bf 363
5cd2c5b6
RH		 364 /* Level 1. Always allocated. */
365 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
366
367 /* Level 2..N-1. */
368 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
369 void **p = *lp;
370
371 if (p == NULL) {
372 if (!alloc) {
373 return NULL;
374 }
375 ALLOC(p, sizeof(void *) * L2_SIZE);
376 *lp = p;
17e2377a 377 }
5cd2c5b6
RH		 378
379 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
380 }
381
382 pd = *lp;
383 if (pd == NULL) {
384 if (!alloc) {
385 return NULL;
386 }
387 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
388 *lp = pd;
54936004 389 }
5cd2c5b6
RH		 390
391#undef ALLOC
5cd2c5b6
RH		 392
393 return pd + (index & (L2_SIZE - 1));
54936004
FB		 394}
395
41c1b1c9 396static inline PageDesc *page_find(tb_page_addr_t index)
54936004 397{
5cd2c5b6 398 return page_find_alloc(index, 0);
fd6ce8f6
FB		 399}
400
6d9a1304 401#if !defined(CONFIG_USER_ONLY)
c227f099 402static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 403{
4346ae3e
AK		 404 PhysPageEntry *lp, *p;
405 int i, j;
92e873b9 406
3eef53df 407 lp = &phys_map;
108c49b8 408
4346ae3e
AK		 409 /* Level 1..N. */
410 for (i = P_L2_LEVELS - 1; i >= 0; i--) {
411 if (lp->u.node == NULL) {
5cd2c5b6
RH		 412 if (!alloc) {
413 return NULL;
414 }
4346ae3e
AK		 415 lp->u.node = p = g_malloc0(sizeof(PhysPageEntry) * L2_SIZE);
416 if (i == 0) {
417 int first_index = index & ~(L2_SIZE - 1);
418 for (j = 0; j < L2_SIZE; j++) {
419 p[j].u.leaf.phys_offset = io_mem_unassigned.ram_addr;
420 p[j].u.leaf.region_offset
421 = (first_index + j) << TARGET_PAGE_BITS;
422 }
423 }
67c4d23c 424 }
4346ae3e 425 lp = &lp->u.node[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
92e873b9 426 }
5cd2c5b6 427
4346ae3e 428 return &lp->u.leaf;
92e873b9
FB		 429}
430
f1f6e3b8 431static inline PhysPageDesc phys_page_find(target_phys_addr_t index)
92e873b9 432{
f1f6e3b8
AK		 433 PhysPageDesc *p = phys_page_find_alloc(index, 0);
434
435 if (p) {
436 return *p;
437 } else {
438 return (PhysPageDesc) {
0e0df1e2 439 .phys_offset = io_mem_unassigned.ram_addr,
f1f6e3b8
AK		 440 .region_offset = index << TARGET_PAGE_BITS,
441 };
442 }
92e873b9
FB		 443}
444
c227f099
AL		 445static void tlb_protect_code(ram_addr_t ram_addr);
446static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 447 target_ulong vaddr);
c8a706fe
PB		 448#define mmap_lock() do { } while(0)
449#define mmap_unlock() do { } while(0)
9fa3e853 450#endif
fd6ce8f6 451
4369415f
FB		 452#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
453
454#if defined(CONFIG_USER_ONLY)
ccbb4d44 455/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 456 user mode. It will change when a dedicated libc will be used */
457#define USE_STATIC_CODE_GEN_BUFFER
458#endif
459
460#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 461static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
462 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 463#endif
464
8fcd3692 465static void code_gen_alloc(unsigned long tb_size)
26a5f13b 466{
4369415f
FB		 467#ifdef USE_STATIC_CODE_GEN_BUFFER
468 code_gen_buffer = static_code_gen_buffer;
469 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
470 map_exec(code_gen_buffer, code_gen_buffer_size);
471#else
26a5f13b
FB		 472 code_gen_buffer_size = tb_size;
473 if (code_gen_buffer_size == 0) {
4369415f 474#if defined(CONFIG_USER_ONLY)
4369415f
FB		 475 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
476#else
ccbb4d44 477 /* XXX: needs adjustments */
94a6b54f 478 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 479#endif
26a5f13b
FB		 480 }
481 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
482 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
483 /* The code gen buffer location may have constraints depending on
484 the host cpu and OS */
485#if defined(__linux__)
486 {
487 int flags;
141ac468
BS		 488 void *start = NULL;
489
26a5f13b
FB		 490 flags = MAP_PRIVATE | MAP_ANONYMOUS;
491#if defined(__x86_64__)
492 flags |= MAP_32BIT;
493 /* Cannot map more than that */
494 if (code_gen_buffer_size > (800 * 1024 * 1024))
495 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 496#elif defined(__sparc_v9__)
497 // Map the buffer below 2G, so we can use direct calls and branches
498 flags |= MAP_FIXED;
499 start = (void *) 0x60000000UL;
500 if (code_gen_buffer_size > (512 * 1024 * 1024))
501 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 502#elif defined(__arm__)
5c84bd90 503 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 504 if (code_gen_buffer_size > 16 * 1024 * 1024)
505 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 506#elif defined(__s390x__)
507 /* Map the buffer so that we can use direct calls and branches. */
508 /* We have a +- 4GB range on the branches; leave some slop. */
509 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
510 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
511 }
512 start = (void *)0x90000000UL;
26a5f13b 513#endif
141ac468
BS		 514 code_gen_buffer = mmap(start, code_gen_buffer_size,
515 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 516 flags, -1, 0);
517 if (code_gen_buffer == MAP_FAILED) {
518 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
519 exit(1);
520 }
521 }
cbb608a5 522#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 523 || defined(__DragonFly__) || defined(__OpenBSD__) \
524 || defined(__NetBSD__)
06e67a82
AL		 525 {
526 int flags;
527 void *addr = NULL;
528 flags = MAP_PRIVATE | MAP_ANONYMOUS;
529#if defined(__x86_64__)
530 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
531 * 0x40000000 is free */
532 flags |= MAP_FIXED;
533 addr = (void *)0x40000000;
534 /* Cannot map more than that */
535 if (code_gen_buffer_size > (800 * 1024 * 1024))
536 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 537#elif defined(__sparc_v9__)
538 // Map the buffer below 2G, so we can use direct calls and branches
539 flags |= MAP_FIXED;
540 addr = (void *) 0x60000000UL;
541 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
542 code_gen_buffer_size = (512 * 1024 * 1024);
543 }
06e67a82
AL		 544#endif
545 code_gen_buffer = mmap(addr, code_gen_buffer_size,
546 PROT_WRITE | PROT_READ | PROT_EXEC,
547 flags, -1, 0);
548 if (code_gen_buffer == MAP_FAILED) {
549 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
550 exit(1);
551 }
552 }
26a5f13b 553#else
7267c094 554 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 555 map_exec(code_gen_buffer, code_gen_buffer_size);
556#endif
4369415f 557#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 558 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 559 code_gen_buffer_max_size = code_gen_buffer_size -
560 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 561 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 562 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 563}
564
565/* Must be called before using the QEMU cpus. 'tb_size' is the size
566 (in bytes) allocated to the translation buffer. Zero means default
567 size. */
d5ab9713 568void tcg_exec_init(unsigned long tb_size)
26a5f13b 569{
26a5f13b
FB		 570 cpu_gen_init();
571 code_gen_alloc(tb_size);
572 code_gen_ptr = code_gen_buffer;
4369415f 573 page_init();
9002ec79
RH		 574#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
575 /* There's no guest base to take into account, so go ahead and
576 initialize the prologue now. */
577 tcg_prologue_init(&tcg_ctx);
578#endif
26a5f13b
FB		 579}
580
d5ab9713
JK		 581bool tcg_enabled(void)
582{
583 return code_gen_buffer != NULL;
584}
585
586void cpu_exec_init_all(void)
587{
588#if !defined(CONFIG_USER_ONLY)
589 memory_map_init();
590 io_mem_init();
591#endif
592}
593
9656f324
PB		 594#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
595
e59fb374 596static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 597{
598 CPUState *env = opaque;
9656f324 599
3098dba0
AJ		 600 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
601 version_id is increased. */
602 env->interrupt_request &= ~0x01;
9656f324
PB		 603 tlb_flush(env, 1);
604
605 return 0;
606}
e7f4eff7
JQ		 607
608static const VMStateDescription vmstate_cpu_common = {
609 .name = "cpu_common",
610 .version_id = 1,
611 .minimum_version_id = 1,
612 .minimum_version_id_old = 1,
e7f4eff7
JQ		 613 .post_load = cpu_common_post_load,
614 .fields = (VMStateField []) {
615 VMSTATE_UINT32(halted, CPUState),
616 VMSTATE_UINT32(interrupt_request, CPUState),
617 VMSTATE_END_OF_LIST()
618 }
619};
9656f324
PB		 620#endif
621
950f1472
GC		 622CPUState *qemu_get_cpu(int cpu)
623{
624 CPUState *env = first_cpu;
625
626 while (env) {
627 if (env->cpu_index == cpu)
628 break;
629 env = env->next_cpu;
630 }
631
632 return env;
633}
634
6a00d601 635void cpu_exec_init(CPUState *env)
fd6ce8f6 636{
6a00d601
FB		 637 CPUState **penv;
638 int cpu_index;
639
c2764719
PB		 640#if defined(CONFIG_USER_ONLY)
641 cpu_list_lock();
642#endif
6a00d601
FB		 643 env->next_cpu = NULL;
644 penv = &first_cpu;
645 cpu_index = 0;
646 while (*penv != NULL) {
1e9fa730 647 penv = &(*penv)->next_cpu;
6a00d601
FB		 648 cpu_index++;
649 }
650 env->cpu_index = cpu_index;
268a362c 651 env->numa_node = 0;
72cf2d4f
BS		 652 QTAILQ_INIT(&env->breakpoints);
653 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 654#ifndef CONFIG_USER_ONLY
655 env->thread_id = qemu_get_thread_id();
656#endif
6a00d601 657 *penv = env;
c2764719
PB		 658#if defined(CONFIG_USER_ONLY)
659 cpu_list_unlock();
660#endif
b3c7724c 661#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 662 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
663 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 664 cpu_save, cpu_load, env);
665#endif
fd6ce8f6
FB		 666}
667
d1a1eb74
TG		 668/* Allocate a new translation block. Flush the translation buffer if
669 too many translation blocks or too much generated code. */
670static TranslationBlock *tb_alloc(target_ulong pc)
671{
672 TranslationBlock *tb;
673
674 if (nb_tbs >= code_gen_max_blocks ||
675 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
676 return NULL;
677 tb = &tbs[nb_tbs++];
678 tb->pc = pc;
679 tb->cflags = 0;
680 return tb;
681}
682
683void tb_free(TranslationBlock *tb)
684{
685 /* In practice this is mostly used for single use temporary TB
686 Ignore the hard cases and just back up if this TB happens to
687 be the last one generated. */
688 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
689 code_gen_ptr = tb->tc_ptr;
690 nb_tbs--;
691 }
692}
693
9fa3e853
FB		 694static inline void invalidate_page_bitmap(PageDesc *p)
695{
696 if (p->code_bitmap) {
7267c094 697 g_free(p->code_bitmap);
9fa3e853
FB		 698 p->code_bitmap = NULL;
699 }
700 p->code_write_count = 0;
701}
702
5cd2c5b6
RH		 703/* Set to NULL all the 'first_tb' fields in all PageDescs. */
704
705static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 706{
5cd2c5b6 707 int i;
fd6ce8f6 708
5cd2c5b6
RH		 709 if (*lp == NULL) {
710 return;
711 }
712 if (level == 0) {
713 PageDesc *pd = *lp;
7296abac 714 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 715 pd[i].first_tb = NULL;
716 invalidate_page_bitmap(pd + i);
fd6ce8f6 717 }
5cd2c5b6
RH		 718 } else {
719 void **pp = *lp;
7296abac 720 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 721 page_flush_tb_1 (level - 1, pp + i);
722 }
723 }
724}
725
726static void page_flush_tb(void)
727{
728 int i;
729 for (i = 0; i < V_L1_SIZE; i++) {
730 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 731 }
732}
733
734/* flush all the translation blocks */
d4e8164f 735/* XXX: tb_flush is currently not thread safe */
6a00d601 736void tb_flush(CPUState *env1)
fd6ce8f6 737{
6a00d601 738 CPUState *env;
0124311e 739#if defined(DEBUG_FLUSH)
ab3d1727
BS		 740 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
741 (unsigned long)(code_gen_ptr - code_gen_buffer),
742 nb_tbs, nb_tbs > 0 ?
743 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 744#endif
26a5f13b 745 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 746 cpu_abort(env1, "Internal error: code buffer overflow\n");
747
fd6ce8f6 748 nb_tbs = 0;
3b46e624 749
6a00d601
FB		 750 for(env = first_cpu; env != NULL; env = env->next_cpu) {
751 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
752 }
9fa3e853 753
8a8a608f 754 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 755 page_flush_tb();
9fa3e853 756
fd6ce8f6 757 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 758 /* XXX: flush processor icache at this point if cache flush is
759 expensive */
e3db7226 760 tb_flush_count++;
fd6ce8f6
FB		 761}
762
763#ifdef DEBUG_TB_CHECK
764
bc98a7ef 765static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 766{
767 TranslationBlock *tb;
768 int i;
769 address &= TARGET_PAGE_MASK;
99773bd4
PB		 770 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
771 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 772 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
773 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 774 printf("ERROR invalidate: address=" TARGET_FMT_lx
775 " PC=%08lx size=%04x\n",
99773bd4 776 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 777 }
778 }
779 }
780}
781
782/* verify that all the pages have correct rights for code */
783static void tb_page_check(void)
784{
785 TranslationBlock *tb;
786 int i, flags1, flags2;
3b46e624 787
99773bd4
PB		 788 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
789 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 790 flags1 = page_get_flags(tb->pc);
791 flags2 = page_get_flags(tb->pc + tb->size - 1);
792 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
793 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 794 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 795 }
796 }
797 }
798}
799
800#endif
801
802/* invalidate one TB */
803static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
804 int next_offset)
805{
806 TranslationBlock *tb1;
807 for(;;) {
808 tb1 = *ptb;
809 if (tb1 == tb) {
810 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
811 break;
812 }
813 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
814 }
815}
816
9fa3e853
FB		 817static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
818{
819 TranslationBlock *tb1;
820 unsigned int n1;
821
822 for(;;) {
823 tb1 = *ptb;
824 n1 = (long)tb1 & 3;
825 tb1 = (TranslationBlock *)((long)tb1 & ~3);
826 if (tb1 == tb) {
827 *ptb = tb1->page_next[n1];
828 break;
829 }
830 ptb = &tb1->page_next[n1];
831 }
832}
833
d4e8164f
FB		 834static inline void tb_jmp_remove(TranslationBlock *tb, int n)
835{
836 TranslationBlock *tb1, **ptb;
837 unsigned int n1;
838
839 ptb = &tb->jmp_next[n];
840 tb1 = *ptb;
841 if (tb1) {
842 /* find tb(n) in circular list */
843 for(;;) {
844 tb1 = *ptb;
845 n1 = (long)tb1 & 3;
846 tb1 = (TranslationBlock *)((long)tb1 & ~3);
847 if (n1 == n && tb1 == tb)
848 break;
849 if (n1 == 2) {
850 ptb = &tb1->jmp_first;
851 } else {
852 ptb = &tb1->jmp_next[n1];
853 }
854 }
855 /* now we can suppress tb(n) from the list */
856 *ptb = tb->jmp_next[n];
857
858 tb->jmp_next[n] = NULL;
859 }
860}
861
862/* reset the jump entry 'n' of a TB so that it is not chained to
863 another TB */
864static inline void tb_reset_jump(TranslationBlock *tb, int n)
865{
866 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
867}
868
41c1b1c9 869void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 870{
6a00d601 871 CPUState *env;
8a40a180 872 PageDesc *p;
d4e8164f 873 unsigned int h, n1;
41c1b1c9 874 tb_page_addr_t phys_pc;
8a40a180 875 TranslationBlock *tb1, *tb2;
3b46e624 876
8a40a180
FB		 877 /* remove the TB from the hash list */
878 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
879 h = tb_phys_hash_func(phys_pc);
5fafdf24 880 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 881 offsetof(TranslationBlock, phys_hash_next));
882
883 /* remove the TB from the page list */
884 if (tb->page_addr[0] != page_addr) {
885 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
886 tb_page_remove(&p->first_tb, tb);
887 invalidate_page_bitmap(p);
888 }
889 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
890 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
891 tb_page_remove(&p->first_tb, tb);
892 invalidate_page_bitmap(p);
893 }
894
36bdbe54 895 tb_invalidated_flag = 1;
59817ccb 896
fd6ce8f6 897 /* remove the TB from the hash list */
8a40a180 898 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 899 for(env = first_cpu; env != NULL; env = env->next_cpu) {
900 if (env->tb_jmp_cache[h] == tb)
901 env->tb_jmp_cache[h] = NULL;
902 }
d4e8164f
FB		 903
904 /* suppress this TB from the two jump lists */
905 tb_jmp_remove(tb, 0);
906 tb_jmp_remove(tb, 1);
907
908 /* suppress any remaining jumps to this TB */
909 tb1 = tb->jmp_first;
910 for(;;) {
911 n1 = (long)tb1 & 3;
912 if (n1 == 2)
913 break;
914 tb1 = (TranslationBlock *)((long)tb1 & ~3);
915 tb2 = tb1->jmp_next[n1];
916 tb_reset_jump(tb1, n1);
917 tb1->jmp_next[n1] = NULL;
918 tb1 = tb2;
919 }
920 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 921
e3db7226 922 tb_phys_invalidate_count++;
9fa3e853
FB		 923}
924
925static inline void set_bits(uint8_t *tab, int start, int len)
926{
927 int end, mask, end1;
928
929 end = start + len;
930 tab += start >> 3;
931 mask = 0xff << (start & 7);
932 if ((start & ~7) == (end & ~7)) {
933 if (start < end) {
934 mask &= ~(0xff << (end & 7));
935 *tab |= mask;
936 }
937 } else {
938 *tab++ |= mask;
939 start = (start + 8) & ~7;
940 end1 = end & ~7;
941 while (start < end1) {
942 *tab++ = 0xff;
943 start += 8;
944 }
945 if (start < end) {
946 mask = ~(0xff << (end & 7));
947 *tab |= mask;
948 }
949 }
950}
951
952static void build_page_bitmap(PageDesc *p)
953{
954 int n, tb_start, tb_end;
955 TranslationBlock *tb;
3b46e624 956
7267c094 957 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 958
959 tb = p->first_tb;
960 while (tb != NULL) {
961 n = (long)tb & 3;
962 tb = (TranslationBlock *)((long)tb & ~3);
963 /* NOTE: this is subtle as a TB may span two physical pages */
964 if (n == 0) {
965 /* NOTE: tb_end may be after the end of the page, but
966 it is not a problem */
967 tb_start = tb->pc & ~TARGET_PAGE_MASK;
968 tb_end = tb_start + tb->size;
969 if (tb_end > TARGET_PAGE_SIZE)
970 tb_end = TARGET_PAGE_SIZE;
971 } else {
972 tb_start = 0;
973 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
974 }
975 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
976 tb = tb->page_next[n];
977 }
978}
979
2e70f6ef
PB		 980TranslationBlock *tb_gen_code(CPUState *env,
981 target_ulong pc, target_ulong cs_base,
982 int flags, int cflags)
d720b93d
FB		 983{
984 TranslationBlock *tb;
985 uint8_t *tc_ptr;
41c1b1c9
PB		 986 tb_page_addr_t phys_pc, phys_page2;
987 target_ulong virt_page2;
d720b93d
FB		 988 int code_gen_size;
989
41c1b1c9 990 phys_pc = get_page_addr_code(env, pc);
c27004ec 991 tb = tb_alloc(pc);
d720b93d
FB		 992 if (!tb) {
993 /* flush must be done */
994 tb_flush(env);
995 /* cannot fail at this point */
c27004ec 996 tb = tb_alloc(pc);
2e70f6ef
PB		 997 /* Don't forget to invalidate previous TB info. */
998 tb_invalidated_flag = 1;
d720b93d
FB		 999 }
1000 tc_ptr = code_gen_ptr;
1001 tb->tc_ptr = tc_ptr;
1002 tb->cs_base = cs_base;
1003 tb->flags = flags;
1004 tb->cflags = cflags;
d07bde88 1005 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1006 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1007
d720b93d 1008 /* check next page if needed */
c27004ec 1009 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1010 phys_page2 = -1;
c27004ec 1011 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1012 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1013 }
41c1b1c9 1014 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1015 return tb;
d720b93d 1016}
3b46e624 1017
9fa3e853
FB		 1018/* invalidate all TBs which intersect with the target physical page
1019 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1020 the same physical page. 'is_cpu_write_access' should be true if called
1021 from a real cpu write access: the virtual CPU will exit the current
1022 TB if code is modified inside this TB. */
41c1b1c9 1023void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1024 int is_cpu_write_access)
1025{
6b917547 1026 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1027 CPUState *env = cpu_single_env;
41c1b1c9 1028 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1029 PageDesc *p;
1030 int n;
1031#ifdef TARGET_HAS_PRECISE_SMC
1032 int current_tb_not_found = is_cpu_write_access;
1033 TranslationBlock *current_tb = NULL;
1034 int current_tb_modified = 0;
1035 target_ulong current_pc = 0;
1036 target_ulong current_cs_base = 0;
1037 int current_flags = 0;
1038#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1039
1040 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1041 if (!p)
9fa3e853 1042 return;
5fafdf24 1043 if (!p->code_bitmap &&
d720b93d
FB		 1044 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1045 is_cpu_write_access) {
9fa3e853
FB		 1046 /* build code bitmap */
1047 build_page_bitmap(p);
1048 }
1049
1050 /* we remove all the TBs in the range [start, end[ */
1051 /* XXX: see if in some cases it could be faster to invalidate all the code */
1052 tb = p->first_tb;
1053 while (tb != NULL) {
1054 n = (long)tb & 3;
1055 tb = (TranslationBlock *)((long)tb & ~3);
1056 tb_next = tb->page_next[n];
1057 /* NOTE: this is subtle as a TB may span two physical pages */
1058 if (n == 0) {
1059 /* NOTE: tb_end may be after the end of the page, but
1060 it is not a problem */
1061 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1062 tb_end = tb_start + tb->size;
1063 } else {
1064 tb_start = tb->page_addr[1];
1065 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1066 }
1067 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1068#ifdef TARGET_HAS_PRECISE_SMC
1069 if (current_tb_not_found) {
1070 current_tb_not_found = 0;
1071 current_tb = NULL;
2e70f6ef 1072 if (env->mem_io_pc) {
d720b93d 1073 /* now we have a real cpu fault */
2e70f6ef 1074 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1075 }
1076 }
1077 if (current_tb == tb &&
2e70f6ef 1078 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1079 /* If we are modifying the current TB, we must stop
1080 its execution. We could be more precise by checking
1081 that the modification is after the current PC, but it
1082 would require a specialized function to partially
1083 restore the CPU state */
3b46e624 1084
d720b93d 1085 current_tb_modified = 1;
618ba8e6 1086 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1087 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1088 &current_flags);
d720b93d
FB		 1089 }
1090#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1091 /* we need to do that to handle the case where a signal
1092 occurs while doing tb_phys_invalidate() */
1093 saved_tb = NULL;
1094 if (env) {
1095 saved_tb = env->current_tb;
1096 env->current_tb = NULL;
1097 }
9fa3e853 1098 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1099 if (env) {
1100 env->current_tb = saved_tb;
1101 if (env->interrupt_request && env->current_tb)
1102 cpu_interrupt(env, env->interrupt_request);
1103 }
9fa3e853
FB		 1104 }
1105 tb = tb_next;
1106 }
1107#if !defined(CONFIG_USER_ONLY)
1108 /* if no code remaining, no need to continue to use slow writes */
1109 if (!p->first_tb) {
1110 invalidate_page_bitmap(p);
d720b93d 1111 if (is_cpu_write_access) {
2e70f6ef 1112 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1113 }
1114 }
1115#endif
1116#ifdef TARGET_HAS_PRECISE_SMC
1117 if (current_tb_modified) {
1118 /* we generate a block containing just the instruction
1119 modifying the memory. It will ensure that it cannot modify
1120 itself */
ea1c1802 1121 env->current_tb = NULL;
2e70f6ef 1122 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1123 cpu_resume_from_signal(env, NULL);
9fa3e853 1124 }
fd6ce8f6 1125#endif
9fa3e853 1126}
fd6ce8f6 1127
9fa3e853 1128/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1129static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1130{
1131 PageDesc *p;
1132 int offset, b;
59817ccb 1133#if 0
a4193c8a 1134 if (1) {
93fcfe39
AL		 1135 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1136 cpu_single_env->mem_io_vaddr, len,
1137 cpu_single_env->eip,
1138 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1139 }
1140#endif
9fa3e853 1141 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1142 if (!p)
9fa3e853
FB		 1143 return;
1144 if (p->code_bitmap) {
1145 offset = start & ~TARGET_PAGE_MASK;
1146 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1147 if (b & ((1 << len) - 1))
1148 goto do_invalidate;
1149 } else {
1150 do_invalidate:
d720b93d 1151 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1152 }
1153}
1154
9fa3e853 1155#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1156static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1157 unsigned long pc, void *puc)
9fa3e853 1158{
6b917547 1159 TranslationBlock *tb;
9fa3e853 1160 PageDesc *p;
6b917547 1161 int n;
d720b93d 1162#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1163 TranslationBlock *current_tb = NULL;
d720b93d 1164 CPUState *env = cpu_single_env;
6b917547
AL		 1165 int current_tb_modified = 0;
1166 target_ulong current_pc = 0;
1167 target_ulong current_cs_base = 0;
1168 int current_flags = 0;
d720b93d 1169#endif
9fa3e853
FB		 1170
1171 addr &= TARGET_PAGE_MASK;
1172 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1173 if (!p)
9fa3e853
FB		 1174 return;
1175 tb = p->first_tb;
d720b93d
FB		 1176#ifdef TARGET_HAS_PRECISE_SMC
1177 if (tb && pc != 0) {
1178 current_tb = tb_find_pc(pc);
1179 }
1180#endif
9fa3e853
FB		 1181 while (tb != NULL) {
1182 n = (long)tb & 3;
1183 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1184#ifdef TARGET_HAS_PRECISE_SMC
1185 if (current_tb == tb &&
2e70f6ef 1186 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1187 /* If we are modifying the current TB, we must stop
1188 its execution. We could be more precise by checking
1189 that the modification is after the current PC, but it
1190 would require a specialized function to partially
1191 restore the CPU state */
3b46e624 1192
d720b93d 1193 current_tb_modified = 1;
618ba8e6 1194 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1195 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1196 &current_flags);
d720b93d
FB		 1197 }
1198#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1199 tb_phys_invalidate(tb, addr);
1200 tb = tb->page_next[n];
1201 }
fd6ce8f6 1202 p->first_tb = NULL;
d720b93d
FB		 1203#ifdef TARGET_HAS_PRECISE_SMC
1204 if (current_tb_modified) {
1205 /* we generate a block containing just the instruction
1206 modifying the memory. It will ensure that it cannot modify
1207 itself */
ea1c1802 1208 env->current_tb = NULL;
2e70f6ef 1209 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1210 cpu_resume_from_signal(env, puc);
1211 }
1212#endif
fd6ce8f6 1213}
9fa3e853 1214#endif
fd6ce8f6
FB		 1215
1216/* add the tb in the target page and protect it if necessary */
5fafdf24 1217static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1218 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1219{
1220 PageDesc *p;
4429ab44
JQ		 1221#ifndef CONFIG_USER_ONLY
1222 bool page_already_protected;
1223#endif
9fa3e853
FB		 1224
1225 tb->page_addr[n] = page_addr;
5cd2c5b6 1226 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1227 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1228#ifndef CONFIG_USER_ONLY
1229 page_already_protected = p->first_tb != NULL;
1230#endif
9fa3e853
FB		 1231 p->first_tb = (TranslationBlock *)((long)tb | n);
1232 invalidate_page_bitmap(p);
fd6ce8f6 1233
107db443 1234#if defined(TARGET_HAS_SMC) || 1
d720b93d 1235
9fa3e853 1236#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1237 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1238 target_ulong addr;
1239 PageDesc *p2;
9fa3e853
FB		 1240 int prot;
1241
fd6ce8f6
FB		 1242 /* force the host page as non writable (writes will have a
1243 page fault + mprotect overhead) */
53a5960a 1244 page_addr &= qemu_host_page_mask;
fd6ce8f6 1245 prot = 0;
53a5960a
PB		 1246 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1247 addr += TARGET_PAGE_SIZE) {
1248
1249 p2 = page_find (addr >> TARGET_PAGE_BITS);
1250 if (!p2)
1251 continue;
1252 prot |= p2->flags;
1253 p2->flags &= ~PAGE_WRITE;
53a5960a 1254 }
5fafdf24 1255 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1256 (prot & PAGE_BITS) & ~PAGE_WRITE);
1257#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1258 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1259 page_addr);
fd6ce8f6 1260#endif
fd6ce8f6 1261 }
9fa3e853
FB		 1262#else
1263 /* if some code is already present, then the pages are already
1264 protected. So we handle the case where only the first TB is
1265 allocated in a physical page */
4429ab44 1266 if (!page_already_protected) {
6a00d601 1267 tlb_protect_code(page_addr);
9fa3e853
FB		 1268 }
1269#endif
d720b93d
FB		 1270
1271#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1272}
1273
9fa3e853
FB		 1274/* add a new TB and link it to the physical page tables. phys_page2 is
1275 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1276void tb_link_page(TranslationBlock *tb,
1277 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1278{
9fa3e853
FB		 1279 unsigned int h;
1280 TranslationBlock **ptb;
1281
c8a706fe
PB		 1282 /* Grab the mmap lock to stop another thread invalidating this TB
1283 before we are done. */
1284 mmap_lock();
9fa3e853
FB		 1285 /* add in the physical hash table */
1286 h = tb_phys_hash_func(phys_pc);
1287 ptb = &tb_phys_hash[h];
1288 tb->phys_hash_next = *ptb;
1289 *ptb = tb;
fd6ce8f6
FB		 1290
1291 /* add in the page list */
9fa3e853
FB		 1292 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1293 if (phys_page2 != -1)
1294 tb_alloc_page(tb, 1, phys_page2);
1295 else
1296 tb->page_addr[1] = -1;
9fa3e853 1297
d4e8164f
FB		 1298 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1299 tb->jmp_next[0] = NULL;
1300 tb->jmp_next[1] = NULL;
1301
1302 /* init original jump addresses */
1303 if (tb->tb_next_offset[0] != 0xffff)
1304 tb_reset_jump(tb, 0);
1305 if (tb->tb_next_offset[1] != 0xffff)
1306 tb_reset_jump(tb, 1);
8a40a180
FB		 1307
1308#ifdef DEBUG_TB_CHECK
1309 tb_page_check();
1310#endif
c8a706fe 1311 mmap_unlock();
fd6ce8f6
FB		 1312}
1313
9fa3e853
FB		 1314/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1315 tb[1].tc_ptr. Return NULL if not found */
1316TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1317{
9fa3e853
FB		 1318 int m_min, m_max, m;
1319 unsigned long v;
1320 TranslationBlock *tb;
a513fe19
FB		 1321
1322 if (nb_tbs <= 0)
1323 return NULL;
1324 if (tc_ptr < (unsigned long)code_gen_buffer ||
1325 tc_ptr >= (unsigned long)code_gen_ptr)
1326 return NULL;
1327 /* binary search (cf Knuth) */
1328 m_min = 0;
1329 m_max = nb_tbs - 1;
1330 while (m_min <= m_max) {
1331 m = (m_min + m_max) >> 1;
1332 tb = &tbs[m];
1333 v = (unsigned long)tb->tc_ptr;
1334 if (v == tc_ptr)
1335 return tb;
1336 else if (tc_ptr < v) {
1337 m_max = m - 1;
1338 } else {
1339 m_min = m + 1;
1340 }
5fafdf24 1341 }
a513fe19
FB		 1342 return &tbs[m_max];
1343}
7501267e 1344
ea041c0e
FB		 1345static void tb_reset_jump_recursive(TranslationBlock *tb);
1346
1347static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1348{
1349 TranslationBlock *tb1, *tb_next, **ptb;
1350 unsigned int n1;
1351
1352 tb1 = tb->jmp_next[n];
1353 if (tb1 != NULL) {
1354 /* find head of list */
1355 for(;;) {
1356 n1 = (long)tb1 & 3;
1357 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1358 if (n1 == 2)
1359 break;
1360 tb1 = tb1->jmp_next[n1];
1361 }
1362 /* we are now sure now that tb jumps to tb1 */
1363 tb_next = tb1;
1364
1365 /* remove tb from the jmp_first list */
1366 ptb = &tb_next->jmp_first;
1367 for(;;) {
1368 tb1 = *ptb;
1369 n1 = (long)tb1 & 3;
1370 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1371 if (n1 == n && tb1 == tb)
1372 break;
1373 ptb = &tb1->jmp_next[n1];
1374 }
1375 *ptb = tb->jmp_next[n];
1376 tb->jmp_next[n] = NULL;
3b46e624 1377
ea041c0e
FB		 1378 /* suppress the jump to next tb in generated code */
1379 tb_reset_jump(tb, n);
1380
0124311e 1381 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1382 tb_reset_jump_recursive(tb_next);
1383 }
1384}
1385
1386static void tb_reset_jump_recursive(TranslationBlock *tb)
1387{
1388 tb_reset_jump_recursive2(tb, 0);
1389 tb_reset_jump_recursive2(tb, 1);
1390}
1391
1fddef4b 1392#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1393#if defined(CONFIG_USER_ONLY)
1394static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1395{
1396 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1397}
1398#else
d720b93d
FB		 1399static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1400{
c227f099 1401 target_phys_addr_t addr;
9b3c35e0 1402 target_ulong pd;
c227f099 1403 ram_addr_t ram_addr;
f1f6e3b8 1404 PhysPageDesc p;
d720b93d 1405
c2f07f81
PB		 1406 addr = cpu_get_phys_page_debug(env, pc);
1407 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 1408 pd = p.phys_offset;
c2f07f81 1409 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1410 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1411}
c27004ec 1412#endif
94df27fd 1413#endif /* TARGET_HAS_ICE */
d720b93d 1414
c527ee8f
PB		 1415#if defined(CONFIG_USER_ONLY)
1416void cpu_watchpoint_remove_all(CPUState *env, int mask)
1417
1418{
1419}
1420
1421int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1422 int flags, CPUWatchpoint **watchpoint)
1423{
1424 return -ENOSYS;
1425}
1426#else
6658ffb8 1427/* Add a watchpoint. */
a1d1bb31
AL		 1428int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1429 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1430{
b4051334 1431 target_ulong len_mask = ~(len - 1);
c0ce998e 1432 CPUWatchpoint *wp;
6658ffb8 1433
b4051334
AL		 1434 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1435 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1436 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1437 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1438 return -EINVAL;
1439 }
7267c094 1440 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1441
1442 wp->vaddr = addr;
b4051334 1443 wp->len_mask = len_mask;
a1d1bb31
AL		 1444 wp->flags = flags;
1445
2dc9f411 1446 /* keep all GDB-injected watchpoints in front */
c0ce998e 1447 if (flags & BP_GDB)
72cf2d4f 1448 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1449 else
72cf2d4f 1450 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1451
6658ffb8 1452 tlb_flush_page(env, addr);
a1d1bb31
AL		 1453
1454 if (watchpoint)
1455 *watchpoint = wp;
1456 return 0;
6658ffb8
PB		 1457}
1458
a1d1bb31
AL		 1459/* Remove a specific watchpoint. */
1460int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1461 int flags)
6658ffb8 1462{
b4051334 1463 target_ulong len_mask = ~(len - 1);
a1d1bb31 1464 CPUWatchpoint *wp;
6658ffb8 1465
72cf2d4f 1466 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1467 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1468 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1469 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1470 return 0;
1471 }
1472 }
a1d1bb31 1473 return -ENOENT;
6658ffb8
PB		 1474}
1475
a1d1bb31
AL		 1476/* Remove a specific watchpoint by reference. */
1477void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1478{
72cf2d4f 1479 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1480
a1d1bb31
AL		 1481 tlb_flush_page(env, watchpoint->vaddr);
1482
7267c094 1483 g_free(watchpoint);
a1d1bb31
AL		 1484}
1485
1486/* Remove all matching watchpoints. */
1487void cpu_watchpoint_remove_all(CPUState *env, int mask)
1488{
c0ce998e 1489 CPUWatchpoint *wp, *next;
a1d1bb31 1490
72cf2d4f 1491 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1492 if (wp->flags & mask)
1493 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1494 }
7d03f82f 1495}
c527ee8f 1496#endif
7d03f82f 1497
a1d1bb31
AL		 1498/* Add a breakpoint. */
1499int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1500 CPUBreakpoint **breakpoint)
4c3a88a2 1501{
1fddef4b 1502#if defined(TARGET_HAS_ICE)
c0ce998e 1503 CPUBreakpoint *bp;
3b46e624 1504
7267c094 1505 bp = g_malloc(sizeof(*bp));
4c3a88a2 1506
a1d1bb31
AL		 1507 bp->pc = pc;
1508 bp->flags = flags;
1509
2dc9f411 1510 /* keep all GDB-injected breakpoints in front */
c0ce998e 1511 if (flags & BP_GDB)
72cf2d4f 1512 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1513 else
72cf2d4f 1514 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1515
d720b93d 1516 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1517
1518 if (breakpoint)
1519 *breakpoint = bp;
4c3a88a2
FB		 1520 return 0;
1521#else
a1d1bb31 1522 return -ENOSYS;
4c3a88a2
FB		 1523#endif
1524}
1525
a1d1bb31
AL		 1526/* Remove a specific breakpoint. */
1527int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1528{
7d03f82f 1529#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1530 CPUBreakpoint *bp;
1531
72cf2d4f 1532 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1533 if (bp->pc == pc && bp->flags == flags) {
1534 cpu_breakpoint_remove_by_ref(env, bp);
1535 return 0;
1536 }
7d03f82f 1537 }
a1d1bb31
AL		 1538 return -ENOENT;
1539#else
1540 return -ENOSYS;
7d03f82f
EI		 1541#endif
1542}
1543
a1d1bb31
AL		 1544/* Remove a specific breakpoint by reference. */
1545void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1546{
1fddef4b 1547#if defined(TARGET_HAS_ICE)
72cf2d4f 1548 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1549
a1d1bb31
AL		 1550 breakpoint_invalidate(env, breakpoint->pc);
1551
7267c094 1552 g_free(breakpoint);
a1d1bb31
AL		 1553#endif
1554}
1555
1556/* Remove all matching breakpoints. */
1557void cpu_breakpoint_remove_all(CPUState *env, int mask)
1558{
1559#if defined(TARGET_HAS_ICE)
c0ce998e 1560 CPUBreakpoint *bp, *next;
a1d1bb31 1561
72cf2d4f 1562 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1563 if (bp->flags & mask)
1564 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1565 }
4c3a88a2
FB		 1566#endif
1567}
1568
c33a346e
FB		 1569/* enable or disable single step mode. EXCP_DEBUG is returned by the
1570 CPU loop after each instruction */
1571void cpu_single_step(CPUState *env, int enabled)
1572{
1fddef4b 1573#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1574 if (env->singlestep_enabled != enabled) {
1575 env->singlestep_enabled = enabled;
e22a25c9
AL		 1576 if (kvm_enabled())
1577 kvm_update_guest_debug(env, 0);
1578 else {
ccbb4d44 1579 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1580 /* XXX: only flush what is necessary */
1581 tb_flush(env);
1582 }
c33a346e
FB		 1583 }
1584#endif
1585}
1586
34865134
FB		 1587/* enable or disable low levels log */
1588void cpu_set_log(int log_flags)
1589{
1590 loglevel = log_flags;
1591 if (loglevel && !logfile) {
11fcfab4 1592 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1593 if (!logfile) {
1594 perror(logfilename);
1595 _exit(1);
1596 }
9fa3e853
FB		 1597#if !defined(CONFIG_SOFTMMU)
1598 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1599 {
b55266b5 1600 static char logfile_buf[4096];
9fa3e853
FB		 1601 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1602 }
daf767b1
SW		 1603#elif defined(_WIN32)
1604 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1605 setvbuf(logfile, NULL, _IONBF, 0);
1606#else
34865134 1607 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1608#endif
e735b91c
PB		 1609 log_append = 1;
1610 }
1611 if (!loglevel && logfile) {
1612 fclose(logfile);
1613 logfile = NULL;
34865134
FB		 1614 }
1615}
1616
1617void cpu_set_log_filename(const char *filename)
1618{
1619 logfilename = strdup(filename);
e735b91c
PB		 1620 if (logfile) {
1621 fclose(logfile);
1622 logfile = NULL;
1623 }
1624 cpu_set_log(loglevel);
34865134 1625}
c33a346e 1626
3098dba0 1627static void cpu_unlink_tb(CPUState *env)
ea041c0e 1628{
3098dba0
AJ		 1629 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1630 problem and hope the cpu will stop of its own accord. For userspace
1631 emulation this often isn't actually as bad as it sounds. Often
1632 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1633 TranslationBlock *tb;
c227f099 1634 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1635
cab1b4bd 1636 spin_lock(&interrupt_lock);
3098dba0
AJ		 1637 tb = env->current_tb;
1638 /* if the cpu is currently executing code, we must unlink it and
1639 all the potentially executing TB */
f76cfe56 1640 if (tb) {
3098dba0
AJ		 1641 env->current_tb = NULL;
1642 tb_reset_jump_recursive(tb);
be214e6c 1643 }
cab1b4bd 1644 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1645}
1646
97ffbd8d 1647#ifndef CONFIG_USER_ONLY
3098dba0 1648/* mask must never be zero, except for A20 change call */
ec6959d0 1649static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1650{
1651 int old_mask;
be214e6c 1652
2e70f6ef 1653 old_mask = env->interrupt_request;
68a79315 1654 env->interrupt_request |= mask;
3098dba0 1655
8edac960
AL		 1656 /*
1657 * If called from iothread context, wake the target cpu in
1658 * case its halted.
1659 */
b7680cb6 1660 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1661 qemu_cpu_kick(env);
1662 return;
1663 }
8edac960 1664
2e70f6ef 1665 if (use_icount) {
266910c4 1666 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1667 if (!can_do_io(env)
be214e6c 1668 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1669 cpu_abort(env, "Raised interrupt while not in I/O function");
1670 }
2e70f6ef 1671 } else {
3098dba0 1672 cpu_unlink_tb(env);
ea041c0e
FB		 1673 }
1674}
1675
ec6959d0
JK		 1676CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1677
97ffbd8d
JK		 1678#else /* CONFIG_USER_ONLY */
1679
1680void cpu_interrupt(CPUState *env, int mask)
1681{
1682 env->interrupt_request |= mask;
1683 cpu_unlink_tb(env);
1684}
1685#endif /* CONFIG_USER_ONLY */
1686
b54ad049
FB		 1687void cpu_reset_interrupt(CPUState *env, int mask)
1688{
1689 env->interrupt_request &= ~mask;
1690}
1691
3098dba0
AJ		 1692void cpu_exit(CPUState *env)
1693{
1694 env->exit_request = 1;
1695 cpu_unlink_tb(env);
1696}
1697
c7cd6a37 1698const CPULogItem cpu_log_items[] = {
5fafdf24 1699 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1700 "show generated host assembly code for each compiled TB" },
1701 { CPU_LOG_TB_IN_ASM, "in_asm",
1702 "show target assembly code for each compiled TB" },
5fafdf24 1703 { CPU_LOG_TB_OP, "op",
57fec1fe 1704 "show micro ops for each compiled TB" },
f193c797 1705 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1706 "show micro ops "
1707#ifdef TARGET_I386
1708 "before eflags optimization and "
f193c797 1709#endif
e01a1157 1710 "after liveness analysis" },
f193c797
FB		 1711 { CPU_LOG_INT, "int",
1712 "show interrupts/exceptions in short format" },
1713 { CPU_LOG_EXEC, "exec",
1714 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1715 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1716 "show CPU state before block translation" },
f193c797
FB		 1717#ifdef TARGET_I386
1718 { CPU_LOG_PCALL, "pcall",
1719 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1720 { CPU_LOG_RESET, "cpu_reset",
1721 "show CPU state before CPU resets" },
f193c797 1722#endif
8e3a9fd2 1723#ifdef DEBUG_IOPORT
fd872598
FB		 1724 { CPU_LOG_IOPORT, "ioport",
1725 "show all i/o ports accesses" },
8e3a9fd2 1726#endif
f193c797
FB		 1727 { 0, NULL, NULL },
1728};
1729
1730static int cmp1(const char *s1, int n, const char *s2)
1731{
1732 if (strlen(s2) != n)
1733 return 0;
1734 return memcmp(s1, s2, n) == 0;
1735}
3b46e624 1736
f193c797
FB		 1737/* takes a comma separated list of log masks. Return 0 if error. */
1738int cpu_str_to_log_mask(const char *str)
1739{
c7cd6a37 1740 const CPULogItem *item;
f193c797
FB		 1741 int mask;
1742 const char *p, *p1;
1743
1744 p = str;
1745 mask = 0;
1746 for(;;) {
1747 p1 = strchr(p, ',');
1748 if (!p1)
1749 p1 = p + strlen(p);
9742bf26
YT		 1750 if(cmp1(p,p1-p,"all")) {
1751 for(item = cpu_log_items; item->mask != 0; item++) {
1752 mask |= item->mask;
1753 }
1754 } else {
1755 for(item = cpu_log_items; item->mask != 0; item++) {
1756 if (cmp1(p, p1 - p, item->name))
1757 goto found;
1758 }
1759 return 0;
f193c797 1760 }
f193c797
FB		 1761 found:
1762 mask |= item->mask;
1763 if (*p1 != ',')
1764 break;
1765 p = p1 + 1;
1766 }
1767 return mask;
1768}
ea041c0e 1769
7501267e
FB		 1770void cpu_abort(CPUState *env, const char *fmt, ...)
1771{
1772 va_list ap;
493ae1f0 1773 va_list ap2;
7501267e
FB		 1774
1775 va_start(ap, fmt);
493ae1f0 1776 va_copy(ap2, ap);
7501267e
FB		 1777 fprintf(stderr, "qemu: fatal: ");
1778 vfprintf(stderr, fmt, ap);
1779 fprintf(stderr, "\n");
1780#ifdef TARGET_I386
7fe48483
FB		 1781 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1782#else
1783 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1784#endif
93fcfe39
AL		 1785 if (qemu_log_enabled()) {
1786 qemu_log("qemu: fatal: ");
1787 qemu_log_vprintf(fmt, ap2);
1788 qemu_log("\n");
f9373291 1789#ifdef TARGET_I386
93fcfe39 1790 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1791#else
93fcfe39 1792 log_cpu_state(env, 0);
f9373291 1793#endif
31b1a7b4 1794 qemu_log_flush();
93fcfe39 1795 qemu_log_close();
924edcae 1796 }
493ae1f0 1797 va_end(ap2);
f9373291 1798 va_end(ap);
fd052bf6
RV		 1799#if defined(CONFIG_USER_ONLY)
1800 {
1801 struct sigaction act;
1802 sigfillset(&act.sa_mask);
1803 act.sa_handler = SIG_DFL;
1804 sigaction(SIGABRT, &act, NULL);
1805 }
1806#endif
7501267e
FB		 1807 abort();
1808}
1809
c5be9f08
TS		 1810CPUState *cpu_copy(CPUState *env)
1811{
01ba9816 1812 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1813 CPUState *next_cpu = new_env->next_cpu;
1814 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1815#if defined(TARGET_HAS_ICE)
1816 CPUBreakpoint *bp;
1817 CPUWatchpoint *wp;
1818#endif
1819
c5be9f08 1820 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1821
1822 /* Preserve chaining and index. */
c5be9f08
TS		 1823 new_env->next_cpu = next_cpu;
1824 new_env->cpu_index = cpu_index;
5a38f081
AL		 1825
1826 /* Clone all break/watchpoints.
1827 Note: Once we support ptrace with hw-debug register access, make sure
1828 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1829 QTAILQ_INIT(&env->breakpoints);
1830 QTAILQ_INIT(&env->watchpoints);
5a38f081 1831#if defined(TARGET_HAS_ICE)
72cf2d4f 1832 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1833 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1834 }
72cf2d4f 1835 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1836 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1837 wp->flags, NULL);
1838 }
1839#endif
1840
c5be9f08
TS		 1841 return new_env;
1842}
1843
0124311e
FB		 1844#if !defined(CONFIG_USER_ONLY)
1845
5c751e99
EI		 1846static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1847{
1848 unsigned int i;
1849
1850 /* Discard jump cache entries for any tb which might potentially
1851 overlap the flushed page. */
1852 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1853 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1854 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1855
1856 i = tb_jmp_cache_hash_page(addr);
1857 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1858 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1859}
1860
08738984
IK		 1861static CPUTLBEntry s_cputlb_empty_entry = {
1862 .addr_read = -1,
1863 .addr_write = -1,
1864 .addr_code = -1,
1865 .addend = -1,
1866};
1867
771124e1
PM		 1868/* NOTE:
1869 * If flush_global is true (the usual case), flush all tlb entries.
1870 * If flush_global is false, flush (at least) all tlb entries not
1871 * marked global.
1872 *
1873 * Since QEMU doesn't currently implement a global/not-global flag
1874 * for tlb entries, at the moment tlb_flush() will also flush all
1875 * tlb entries in the flush_global == false case. This is OK because
1876 * CPU architectures generally permit an implementation to drop
1877 * entries from the TLB at any time, so flushing more entries than
1878 * required is only an efficiency issue, not a correctness issue.
1879 */
ee8b7021 1880void tlb_flush(CPUState *env, int flush_global)
33417e70 1881{
33417e70 1882 int i;
0124311e 1883
9fa3e853
FB		 1884#if defined(DEBUG_TLB)
1885 printf("tlb_flush:\n");
1886#endif
0124311e
FB		 1887 /* must reset current TB so that interrupts cannot modify the
1888 links while we are modifying them */
1889 env->current_tb = NULL;
1890
33417e70 1891 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1892 int mmu_idx;
1893 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1894 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1895 }
33417e70 1896 }
9fa3e853 1897
8a40a180 1898 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1899
d4c430a8
PB		 1900 env->tlb_flush_addr = -1;
1901 env->tlb_flush_mask = 0;
e3db7226 1902 tlb_flush_count++;
33417e70
FB		 1903}
1904
274da6b2 1905static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1906{
5fafdf24 1907 if (addr == (tlb_entry->addr_read &
84b7b8e7 1908 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1909 addr == (tlb_entry->addr_write &
84b7b8e7 1910 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1911 addr == (tlb_entry->addr_code &
84b7b8e7 1912 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1913 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1914 }
61382a50
FB		 1915}
1916
2e12669a 1917void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1918{
8a40a180 1919 int i;
cfde4bd9 1920 int mmu_idx;
0124311e 1921
9fa3e853 1922#if defined(DEBUG_TLB)
108c49b8 1923 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1924#endif
d4c430a8
PB		 1925 /* Check if we need to flush due to large pages. */
1926 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1927#if defined(DEBUG_TLB)
1928 printf("tlb_flush_page: forced full flush ("
1929 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1930 env->tlb_flush_addr, env->tlb_flush_mask);
1931#endif
1932 tlb_flush(env, 1);
1933 return;
1934 }
0124311e
FB		 1935 /* must reset current TB so that interrupts cannot modify the
1936 links while we are modifying them */
1937 env->current_tb = NULL;
61382a50
FB		 1938
1939 addr &= TARGET_PAGE_MASK;
1940 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 1941 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1942 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 1943
5c751e99 1944 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 1945}
1946
9fa3e853
FB		 1947/* update the TLBs so that writes to code in the virtual page 'addr'
1948 can be detected */
c227f099 1949static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 1950{
5fafdf24 1951 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 1952 ram_addr + TARGET_PAGE_SIZE,
1953 CODE_DIRTY_FLAG);
9fa3e853
FB		 1954}
1955
9fa3e853 1956/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 1957 tested for self modifying code */
c227f099 1958static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 1959 target_ulong vaddr)
9fa3e853 1960{
f7c11b53 1961 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 1962}
1963
5fafdf24 1964static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 1965 unsigned long start, unsigned long length)
1966{
1967 unsigned long addr;
0e0df1e2 1968 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 1969 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 1970 if ((addr - start) < length) {
0f459d16 1971 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 1972 }
1973 }
1974}
1975
5579c7f3 1976/* Note: start and end must be within the same ram block. */
c227f099 1977void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1978 int dirty_flags)
1ccde1cb
FB		 1979{
1980 CPUState *env;
4f2ac237 1981 unsigned long length, start1;
f7c11b53 1982 int i;
1ccde1cb
FB		 1983
1984 start &= TARGET_PAGE_MASK;
1985 end = TARGET_PAGE_ALIGN(end);
1986
1987 length = end - start;
1988 if (length == 0)
1989 return;
f7c11b53 1990 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1991
1ccde1cb
FB		 1992 /* we modify the TLB cache so that the dirty bit will be set again
1993 when accessing the range */
b2e0a138 1994 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 1995 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 1996 address comparisons below. */
b2e0a138 1997 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 1998 != (end - 1) - start) {
1999 abort();
2000 }
2001
6a00d601 2002 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2003 int mmu_idx;
2004 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2005 for(i = 0; i < CPU_TLB_SIZE; i++)
2006 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2007 start1, length);
2008 }
6a00d601 2009 }
1ccde1cb
FB		 2010}
2011
74576198
AL		 2012int cpu_physical_memory_set_dirty_tracking(int enable)
2013{
f6f3fbca 2014 int ret = 0;
74576198 2015 in_migration = enable;
f6f3fbca 2016 return ret;
74576198
AL		 2017}
2018
3a7d929e
FB		 2019static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2020{
c227f099 2021 ram_addr_t ram_addr;
5579c7f3 2022 void *p;
3a7d929e 2023
0e0df1e2 2024 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2025 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2026 + tlb_entry->addend);
e890261f 2027 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2028 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2029 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2030 }
2031 }
2032}
2033
2034/* update the TLB according to the current state of the dirty bits */
2035void cpu_tlb_update_dirty(CPUState *env)
2036{
2037 int i;
cfde4bd9
IY		 2038 int mmu_idx;
2039 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2040 for(i = 0; i < CPU_TLB_SIZE; i++)
2041 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2042 }
3a7d929e
FB		 2043}
2044
0f459d16 2045static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2046{
0f459d16
PB		 2047 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2048 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2049}
2050
0f459d16
PB		 2051/* update the TLB corresponding to virtual page vaddr
2052 so that it is no longer dirty */
2053static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2054{
1ccde1cb 2055 int i;
cfde4bd9 2056 int mmu_idx;
1ccde1cb 2057
0f459d16 2058 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2059 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2060 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2061 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2062}
2063
d4c430a8
PB		 2064/* Our TLB does not support large pages, so remember the area covered by
2065 large pages and trigger a full TLB flush if these are invalidated. */
2066static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2067 target_ulong size)
2068{
2069 target_ulong mask = ~(size - 1);
2070
2071 if (env->tlb_flush_addr == (target_ulong)-1) {
2072 env->tlb_flush_addr = vaddr & mask;
2073 env->tlb_flush_mask = mask;
2074 return;
2075 }
2076 /* Extend the existing region to include the new page.
2077 This is a compromise between unnecessary flushes and the cost
2078 of maintaining a full variable size TLB. */
2079 mask &= env->tlb_flush_mask;
2080 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2081 mask <<= 1;
2082 }
2083 env->tlb_flush_addr &= mask;
2084 env->tlb_flush_mask = mask;
2085}
2086
1d393fa2
AK		 2087static bool is_ram_rom(ram_addr_t pd)
2088{
2089 pd &= ~TARGET_PAGE_MASK;
0e0df1e2 2090 return pd == io_mem_ram.ram_addr || pd == io_mem_rom.ram_addr;
1d393fa2
AK		 2091}
2092
75c578dc
AK		 2093static bool is_romd(ram_addr_t pd)
2094{
2095 MemoryRegion *mr;
2096
2097 pd &= ~TARGET_PAGE_MASK;
11c7ef0c 2098 mr = io_mem_region[pd];
75c578dc
AK		 2099 return mr->rom_device && mr->readable;
2100}
2101
1d393fa2
AK		 2102static bool is_ram_rom_romd(ram_addr_t pd)
2103{
75c578dc 2104 return is_ram_rom(pd) || is_romd(pd);
1d393fa2
AK		 2105}
2106
d4c430a8
PB		 2107/* Add a new TLB entry. At most one entry for a given virtual address
2108 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2109 supplied size is only used by tlb_flush_page. */
2110void tlb_set_page(CPUState *env, target_ulong vaddr,
2111 target_phys_addr_t paddr, int prot,
2112 int mmu_idx, target_ulong size)
9fa3e853 2113{
f1f6e3b8 2114 PhysPageDesc p;
4f2ac237 2115 unsigned long pd;
9fa3e853 2116 unsigned int index;
4f2ac237 2117 target_ulong address;
0f459d16 2118 target_ulong code_address;
355b1943 2119 unsigned long addend;
84b7b8e7 2120 CPUTLBEntry *te;
a1d1bb31 2121 CPUWatchpoint *wp;
c227f099 2122 target_phys_addr_t iotlb;
9fa3e853 2123
d4c430a8
PB		 2124 assert(size >= TARGET_PAGE_SIZE);
2125 if (size != TARGET_PAGE_SIZE) {
2126 tlb_add_large_page(env, vaddr, size);
2127 }
92e873b9 2128 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
f1f6e3b8 2129 pd = p.phys_offset;
9fa3e853 2130#if defined(DEBUG_TLB)
7fd3f494
SW		 2131 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2132 " prot=%x idx=%d pd=0x%08lx\n",
2133 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2134#endif
2135
0f459d16 2136 address = vaddr;
1d393fa2 2137 if (!is_ram_rom_romd(pd)) {
0f459d16
PB		 2138 /* IO memory case (romd handled later) */
2139 address |= TLB_MMIO;
2140 }
5579c7f3 2141 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
1d393fa2 2142 if (is_ram_rom(pd)) {
0f459d16
PB		 2143 /* Normal RAM. */
2144 iotlb = pd & TARGET_PAGE_MASK;
0e0df1e2
AK		 2145 if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr)
2146 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2147 else
0e0df1e2 2148 iotlb |= io_mem_rom.ram_addr;
0f459d16 2149 } else {
ccbb4d44 2150 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2151 It would be nice to pass an offset from the base address
2152 of that region. This would avoid having to special case RAM,
2153 and avoid full address decoding in every device.
2154 We can't use the high bits of pd for this because
2155 IO_MEM_ROMD uses these as a ram address. */
8da3ff18 2156 iotlb = (pd & ~TARGET_PAGE_MASK);
f1f6e3b8 2157 iotlb += p.region_offset;
0f459d16
PB		 2158 }
2159
2160 code_address = address;
2161 /* Make accesses to pages with watchpoints go via the
2162 watchpoint trap routines. */
72cf2d4f 2163 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2164 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2165 /* Avoid trapping reads of pages with a write breakpoint. */
2166 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2167 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2168 address |= TLB_MMIO;
2169 break;
2170 }
6658ffb8 2171 }
0f459d16 2172 }
d79acba4 2173
0f459d16
PB		 2174 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2175 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2176 te = &env->tlb_table[mmu_idx][index];
2177 te->addend = addend - vaddr;
2178 if (prot & PAGE_READ) {
2179 te->addr_read = address;
2180 } else {
2181 te->addr_read = -1;
2182 }
5c751e99 2183
0f459d16
PB		 2184 if (prot & PAGE_EXEC) {
2185 te->addr_code = code_address;
2186 } else {
2187 te->addr_code = -1;
2188 }
2189 if (prot & PAGE_WRITE) {
75c578dc 2190 if ((pd & ~TARGET_PAGE_MASK) == io_mem_rom.ram_addr || is_romd(pd)) {
0f459d16
PB		 2191 /* Write access calls the I/O callback. */
2192 te->addr_write = address | TLB_MMIO;
0e0df1e2 2193 } else if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr &&
0f459d16
PB		 2194 !cpu_physical_memory_is_dirty(pd)) {
2195 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2196 } else {
0f459d16 2197 te->addr_write = address;
9fa3e853 2198 }
0f459d16
PB		 2199 } else {
2200 te->addr_write = -1;
9fa3e853 2201 }
9fa3e853
FB		 2202}
2203
0124311e
FB		 2204#else
2205
ee8b7021 2206void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2207{
2208}
2209
2e12669a 2210void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2211{
2212}
2213
edf8e2af
MW		 2214/*
2215 * Walks guest process memory "regions" one by one
2216 * and calls callback function 'fn' for each region.
2217 */
5cd2c5b6
RH		 2218
2219struct walk_memory_regions_data
2220{
2221 walk_memory_regions_fn fn;
2222 void *priv;
2223 unsigned long start;
2224 int prot;
2225};
2226
2227static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2228 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2229{
2230 if (data->start != -1ul) {
2231 int rc = data->fn(data->priv, data->start, end, data->prot);
2232 if (rc != 0) {
2233 return rc;
2234 }
2235 }
2236
2237 data->start = (new_prot ? end : -1ul);
2238 data->prot = new_prot;
2239
2240 return 0;
2241}
2242
2243static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2244 abi_ulong base, int level, void **lp)
5cd2c5b6 2245{
b480d9b7 2246 abi_ulong pa;
5cd2c5b6
RH		 2247 int i, rc;
2248
2249 if (*lp == NULL) {
2250 return walk_memory_regions_end(data, base, 0);
2251 }
2252
2253 if (level == 0) {
2254 PageDesc *pd = *lp;
7296abac 2255 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2256 int prot = pd[i].flags;
2257
2258 pa = base | (i << TARGET_PAGE_BITS);
2259 if (prot != data->prot) {
2260 rc = walk_memory_regions_end(data, pa, prot);
2261 if (rc != 0) {
2262 return rc;
9fa3e853 2263 }
9fa3e853 2264 }
5cd2c5b6
RH		 2265 }
2266 } else {
2267 void **pp = *lp;
7296abac 2268 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2269 pa = base | ((abi_ulong)i <<
2270 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2271 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2272 if (rc != 0) {
2273 return rc;
2274 }
2275 }
2276 }
2277
2278 return 0;
2279}
2280
2281int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2282{
2283 struct walk_memory_regions_data data;
2284 unsigned long i;
2285
2286 data.fn = fn;
2287 data.priv = priv;
2288 data.start = -1ul;
2289 data.prot = 0;
2290
2291 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2292 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2293 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2294 if (rc != 0) {
2295 return rc;
9fa3e853 2296 }
33417e70 2297 }
5cd2c5b6
RH		 2298
2299 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2300}
2301
b480d9b7
PB		 2302static int dump_region(void *priv, abi_ulong start,
2303 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2304{
2305 FILE *f = (FILE *)priv;
2306
b480d9b7
PB		 2307 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2308 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2309 start, end, end - start,
2310 ((prot & PAGE_READ) ? 'r' : '-'),
2311 ((prot & PAGE_WRITE) ? 'w' : '-'),
2312 ((prot & PAGE_EXEC) ? 'x' : '-'));
2313
2314 return (0);
2315}
2316
2317/* dump memory mappings */
2318void page_dump(FILE *f)
2319{
2320 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2321 "start", "end", "size", "prot");
2322 walk_memory_regions(f, dump_region);
33417e70
FB		 2323}
2324
53a5960a 2325int page_get_flags(target_ulong address)
33417e70 2326{
9fa3e853
FB		 2327 PageDesc *p;
2328
2329 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2330 if (!p)
9fa3e853
FB		 2331 return 0;
2332 return p->flags;
2333}
2334
376a7909
RH		 2335/* Modify the flags of a page and invalidate the code if necessary.
2336 The flag PAGE_WRITE_ORG is positioned automatically depending
2337 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2338void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2339{
376a7909
RH		 2340 target_ulong addr, len;
2341
2342 /* This function should never be called with addresses outside the
2343 guest address space. If this assert fires, it probably indicates
2344 a missing call to h2g_valid. */
b480d9b7
PB		 2345#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2346 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2347#endif
2348 assert(start < end);
9fa3e853
FB		 2349
2350 start = start & TARGET_PAGE_MASK;
2351 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2352
2353 if (flags & PAGE_WRITE) {
9fa3e853 2354 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2355 }
2356
2357 for (addr = start, len = end - start;
2358 len != 0;
2359 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2360 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2361
2362 /* If the write protection bit is set, then we invalidate
2363 the code inside. */
5fafdf24 2364 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2365 (flags & PAGE_WRITE) &&
2366 p->first_tb) {
d720b93d 2367 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2368 }
2369 p->flags = flags;
2370 }
33417e70
FB		 2371}
2372
3d97b40b
TS		 2373int page_check_range(target_ulong start, target_ulong len, int flags)
2374{
2375 PageDesc *p;
2376 target_ulong end;
2377 target_ulong addr;
2378
376a7909
RH		 2379 /* This function should never be called with addresses outside the
2380 guest address space. If this assert fires, it probably indicates
2381 a missing call to h2g_valid. */
338e9e6c
BS		 2382#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2383 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2384#endif
2385
3e0650a9
RH		 2386 if (len == 0) {
2387 return 0;
2388 }
376a7909
RH		 2389 if (start + len - 1 < start) {
2390 /* We've wrapped around. */
55f280c9 2391 return -1;
376a7909 2392 }
55f280c9 2393
3d97b40b
TS		 2394 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2395 start = start & TARGET_PAGE_MASK;
2396
376a7909
RH		 2397 for (addr = start, len = end - start;
2398 len != 0;
2399 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2400 p = page_find(addr >> TARGET_PAGE_BITS);
2401 if( !p )
2402 return -1;
2403 if( !(p->flags & PAGE_VALID) )
2404 return -1;
2405
dae3270c 2406 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2407 return -1;
dae3270c
FB		 2408 if (flags & PAGE_WRITE) {
2409 if (!(p->flags & PAGE_WRITE_ORG))
2410 return -1;
2411 /* unprotect the page if it was put read-only because it
2412 contains translated code */
2413 if (!(p->flags & PAGE_WRITE)) {
2414 if (!page_unprotect(addr, 0, NULL))
2415 return -1;
2416 }
2417 return 0;
2418 }
3d97b40b
TS		 2419 }
2420 return 0;
2421}
2422
9fa3e853 2423/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2424 page. Return TRUE if the fault was successfully handled. */
53a5960a 2425int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2426{
45d679d6
AJ		 2427 unsigned int prot;
2428 PageDesc *p;
53a5960a 2429 target_ulong host_start, host_end, addr;
9fa3e853 2430
c8a706fe
PB		 2431 /* Technically this isn't safe inside a signal handler. However we
2432 know this only ever happens in a synchronous SEGV handler, so in
2433 practice it seems to be ok. */
2434 mmap_lock();
2435
45d679d6
AJ		 2436 p = page_find(address >> TARGET_PAGE_BITS);
2437 if (!p) {
c8a706fe 2438 mmap_unlock();
9fa3e853 2439 return 0;
c8a706fe 2440 }
45d679d6 2441
9fa3e853
FB		 2442 /* if the page was really writable, then we change its
2443 protection back to writable */
45d679d6
AJ		 2444 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2445 host_start = address & qemu_host_page_mask;
2446 host_end = host_start + qemu_host_page_size;
2447
2448 prot = 0;
2449 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2450 p = page_find(addr >> TARGET_PAGE_BITS);
2451 p->flags |= PAGE_WRITE;
2452 prot |= p->flags;
2453
9fa3e853
FB		 2454 /* and since the content will be modified, we must invalidate
2455 the corresponding translated code. */
45d679d6 2456 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2457#ifdef DEBUG_TB_CHECK
45d679d6 2458 tb_invalidate_check(addr);
9fa3e853 2459#endif
9fa3e853 2460 }
45d679d6
AJ		 2461 mprotect((void *)g2h(host_start), qemu_host_page_size,
2462 prot & PAGE_BITS);
2463
2464 mmap_unlock();
2465 return 1;
9fa3e853 2466 }
c8a706fe 2467 mmap_unlock();
9fa3e853
FB		 2468 return 0;
2469}
2470
6a00d601
FB		 2471static inline void tlb_set_dirty(CPUState *env,
2472 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2473{
2474}
9fa3e853
FB		 2475#endif /* defined(CONFIG_USER_ONLY) */
2476
e2eef170 2477#if !defined(CONFIG_USER_ONLY)
8da3ff18 2478
c04b2b78
PB		 2479#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2480typedef struct subpage_t {
70c68e44 2481 MemoryRegion iomem;
c04b2b78 2482 target_phys_addr_t base;
f6405247
RH		 2483 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2484 ram_addr_t region_offset[TARGET_PAGE_SIZE];
c04b2b78
PB		 2485} subpage_t;
2486
c227f099
AL		 2487static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2488 ram_addr_t memory, ram_addr_t region_offset);
f6405247
RH		 2489static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2490 ram_addr_t orig_memory,
2491 ram_addr_t region_offset);
db7b5426
BS		 2492#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2493 need_subpage) \
2494 do { \
2495 if (addr > start_addr) \
2496 start_addr2 = 0; \
2497 else { \
2498 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2499 if (start_addr2 > 0) \
2500 need_subpage = 1; \
2501 } \
2502 \
49e9fba2 2503 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2504 end_addr2 = TARGET_PAGE_SIZE - 1; \
2505 else { \
2506 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2507 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2508 need_subpage = 1; \
2509 } \
2510 } while (0)
2511
54688b1e
AK		 2512static void destroy_page_desc(PhysPageDesc pd)
2513{
2514 unsigned io_index = pd.phys_offset & ~TARGET_PAGE_MASK;
2515 MemoryRegion *mr = io_mem_region[io_index];
2516
2517 if (mr->subpage) {
2518 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2519 memory_region_destroy(&subpage->iomem);
2520 g_free(subpage);
2521 }
2522}
2523
4346ae3e 2524static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2525{
2526 unsigned i;
4346ae3e 2527 PhysPageEntry *p = lp->u.node;
54688b1e 2528
4346ae3e 2529 if (!p) {
54688b1e
AK		 2530 return;
2531 }
2532
4346ae3e
AK		 2533 for (i = 0; i < L2_SIZE; ++i) {
2534 if (level > 0) {
54688b1e 2535 destroy_l2_mapping(&p[i], level - 1);
4346ae3e
AK		 2536 } else {
2537 destroy_page_desc(p[i].u.leaf);
54688b1e 2538 }
54688b1e 2539 }
4346ae3e
AK		 2540 g_free(p);
2541 lp->u.node = NULL;
54688b1e
AK		 2542}
2543
2544static void destroy_all_mappings(void)
2545{
3eef53df 2546 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
54688b1e
AK		 2547}
2548
8f2498f9
MT		 2549/* register physical memory.
2550 For RAM, 'size' must be a multiple of the target page size.
2551 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2552 io memory page. The address used when calling the IO function is
2553 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2554 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2555 before calculating this offset. This should not be a problem unless
2556 the low bits of start_addr and region_offset differ. */
dd81124b 2557void cpu_register_physical_memory_log(MemoryRegionSection *section,
d7ec83e6 2558 bool readonly)
33417e70 2559{
dd81124b
AK		 2560 target_phys_addr_t start_addr = section->offset_within_address_space;
2561 ram_addr_t size = section->size;
2562 ram_addr_t phys_offset = section->mr->ram_addr;
2563 ram_addr_t region_offset = section->offset_within_region;
c227f099 2564 target_phys_addr_t addr, end_addr;
92e873b9 2565 PhysPageDesc *p;
9d42037b 2566 CPUState *env;
c227f099 2567 ram_addr_t orig_size = size;
f6405247 2568 subpage_t *subpage;
33417e70 2569
dd81124b
AK		 2570 if (memory_region_is_ram(section->mr)) {
2571 phys_offset += region_offset;
2572 region_offset = 0;
2573 }
2574
dd81124b
AK		 2575 if (readonly) {
2576 phys_offset |= io_mem_rom.ram_addr;
2577 }
2578
3b8e6a2d 2579 assert(size);
f6f3fbca 2580
0e0df1e2 2581 if (phys_offset == io_mem_unassigned.ram_addr) {
67c4d23c
PB		 2582 region_offset = start_addr;
2583 }
8da3ff18 2584 region_offset &= TARGET_PAGE_MASK;
5fd386f6 2585 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2586 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2587
2588 addr = start_addr;
2589 do {
f1f6e3b8 2590 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 0);
0e0df1e2 2591 if (p && p->phys_offset != io_mem_unassigned.ram_addr) {
c227f099
AL		 2592 ram_addr_t orig_memory = p->phys_offset;
2593 target_phys_addr_t start_addr2, end_addr2;
db7b5426 2594 int need_subpage = 0;
11c7ef0c 2595 MemoryRegion *mr = io_mem_region[orig_memory & ~TARGET_PAGE_MASK];
db7b5426
BS		 2596
2597 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2598 need_subpage);
f6405247 2599 if (need_subpage) {
b3b00c78 2600 if (!(mr->subpage)) {
db7b5426 2601 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18
PB		 2602 &p->phys_offset, orig_memory,
2603 p->region_offset);
db7b5426 2604 } else {
a621f38d 2605 subpage = container_of(mr, subpage_t, iomem);
db7b5426 2606 }
8da3ff18
PB		 2607 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2608 region_offset);
2609 p->region_offset = 0;
db7b5426
BS		 2610 } else {
2611 p->phys_offset = phys_offset;
2774c6d0 2612 p->region_offset = region_offset;
1d393fa2 2613 if (is_ram_rom_romd(phys_offset))
db7b5426
BS		 2614 phys_offset += TARGET_PAGE_SIZE;
2615 }
2616 } else {
2617 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2618 p->phys_offset = phys_offset;
8da3ff18 2619 p->region_offset = region_offset;
1d393fa2 2620 if (is_ram_rom_romd(phys_offset)) {
db7b5426 2621 phys_offset += TARGET_PAGE_SIZE;
0e8f0967 2622 } else {
c227f099 2623 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2624 int need_subpage = 0;
2625
2626 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2627 end_addr2, need_subpage);
2628
f6405247 2629 if (need_subpage) {
db7b5426 2630 subpage = subpage_init((addr & TARGET_PAGE_MASK),
0e0df1e2
AK		 2631 &p->phys_offset,
2632 io_mem_unassigned.ram_addr,
67c4d23c 2633 addr & TARGET_PAGE_MASK);
db7b5426 2634 subpage_register(subpage, start_addr2, end_addr2,
8da3ff18
PB		 2635 phys_offset, region_offset);
2636 p->region_offset = 0;
db7b5426
BS		 2637 }
2638 }
2639 }
8da3ff18 2640 region_offset += TARGET_PAGE_SIZE;
3b8e6a2d
EI		 2641 addr += TARGET_PAGE_SIZE;
2642 } while (addr != end_addr);
3b46e624 2643
9d42037b
FB		 2644 /* since each CPU stores ram addresses in its TLB cache, we must
2645 reset the modified entries */
2646 /* XXX: slow ! */
2647 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2648 tlb_flush(env, 1);
2649 }
33417e70
FB		 2650}
2651
c227f099 2652void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2653{
2654 if (kvm_enabled())
2655 kvm_coalesce_mmio_region(addr, size);
2656}
2657
c227f099 2658void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2659{
2660 if (kvm_enabled())
2661 kvm_uncoalesce_mmio_region(addr, size);
2662}
2663
62a2744c
SY		 2664void qemu_flush_coalesced_mmio_buffer(void)
2665{
2666 if (kvm_enabled())
2667 kvm_flush_coalesced_mmio_buffer();
2668}
2669
c902760f
MT		 2670#if defined(__linux__) && !defined(TARGET_S390X)
2671
2672#include <sys/vfs.h>
2673
2674#define HUGETLBFS_MAGIC 0x958458f6
2675
2676static long gethugepagesize(const char *path)
2677{
2678 struct statfs fs;
2679 int ret;
2680
2681 do {
9742bf26 2682 ret = statfs(path, &fs);
c902760f
MT		 2683 } while (ret != 0 && errno == EINTR);
2684
2685 if (ret != 0) {
9742bf26
YT		 2686 perror(path);
2687 return 0;
c902760f
MT		 2688 }
2689
2690 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2691 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2692
2693 return fs.f_bsize;
2694}
2695
04b16653
AW		 2696static void *file_ram_alloc(RAMBlock *block,
2697 ram_addr_t memory,
2698 const char *path)
c902760f
MT		 2699{
2700 char *filename;
2701 void *area;
2702 int fd;
2703#ifdef MAP_POPULATE
2704 int flags;
2705#endif
2706 unsigned long hpagesize;
2707
2708 hpagesize = gethugepagesize(path);
2709 if (!hpagesize) {
9742bf26 2710 return NULL;
c902760f
MT		 2711 }
2712
2713 if (memory < hpagesize) {
2714 return NULL;
2715 }
2716
2717 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2718 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2719 return NULL;
2720 }
2721
2722 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2723 return NULL;
c902760f
MT		 2724 }
2725
2726 fd = mkstemp(filename);
2727 if (fd < 0) {
9742bf26
YT		 2728 perror("unable to create backing store for hugepages");
2729 free(filename);
2730 return NULL;
c902760f
MT		 2731 }
2732 unlink(filename);
2733 free(filename);
2734
2735 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2736
2737 /*
2738 * ftruncate is not supported by hugetlbfs in older
2739 * hosts, so don't bother bailing out on errors.
2740 * If anything goes wrong with it under other filesystems,
2741 * mmap will fail.
2742 */
2743 if (ftruncate(fd, memory))
9742bf26 2744 perror("ftruncate");
c902760f
MT		 2745
2746#ifdef MAP_POPULATE
2747 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2748 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2749 * to sidestep this quirk.
2750 */
2751 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2752 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2753#else
2754 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2755#endif
2756 if (area == MAP_FAILED) {
9742bf26
YT		 2757 perror("file_ram_alloc: can't mmap RAM pages");
2758 close(fd);
2759 return (NULL);
c902760f 2760 }
04b16653 2761 block->fd = fd;
c902760f
MT		 2762 return area;
2763}
2764#endif
2765
d17b5288 2766static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2767{
2768 RAMBlock *block, *next_block;
3e837b2c 2769 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2770
2771 if (QLIST_EMPTY(&ram_list.blocks))
2772 return 0;
2773
2774 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2775 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2776
2777 end = block->offset + block->length;
2778
2779 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2780 if (next_block->offset >= end) {
2781 next = MIN(next, next_block->offset);
2782 }
2783 }
2784 if (next - end >= size && next - end < mingap) {
3e837b2c 2785 offset = end;
04b16653
AW		 2786 mingap = next - end;
2787 }
2788 }
3e837b2c
AW		 2789
2790 if (offset == RAM_ADDR_MAX) {
2791 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2792 (uint64_t)size);
2793 abort();
2794 }
2795
04b16653
AW		 2796 return offset;
2797}
2798
2799static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2800{
2801 RAMBlock *block;
2802 ram_addr_t last = 0;
2803
2804 QLIST_FOREACH(block, &ram_list.blocks, next)
2805 last = MAX(last, block->offset + block->length);
2806
2807 return last;
2808}
2809
c5705a77 2810void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2811{
2812 RAMBlock *new_block, *block;
2813
c5705a77
AK		 2814 new_block = NULL;
2815 QLIST_FOREACH(block, &ram_list.blocks, next) {
2816 if (block->offset == addr) {
2817 new_block = block;
2818 break;
2819 }
2820 }
2821 assert(new_block);
2822 assert(!new_block->idstr[0]);
84b89d78
CM		 2823
2824 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2825 char *id = dev->parent_bus->info->get_dev_path(dev);
2826 if (id) {
2827 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2828 g_free(id);
84b89d78
CM		 2829 }
2830 }
2831 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2832
2833 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2834 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2835 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2836 new_block->idstr);
2837 abort();
2838 }
2839 }
c5705a77
AK		 2840}
2841
2842ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2843 MemoryRegion *mr)
2844{
2845 RAMBlock *new_block;
2846
2847 size = TARGET_PAGE_ALIGN(size);
2848 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2849
7c637366 2850 new_block->mr = mr;
432d268c 2851 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2852 if (host) {
2853 new_block->host = host;
cd19cfa2 2854 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2855 } else {
2856 if (mem_path) {
c902760f 2857#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2858 new_block->host = file_ram_alloc(new_block, size, mem_path);
2859 if (!new_block->host) {
2860 new_block->host = qemu_vmalloc(size);
e78815a5 2861 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2862 }
c902760f 2863#else
6977dfe6
YT		 2864 fprintf(stderr, "-mem-path option unsupported\n");
2865 exit(1);
c902760f 2866#endif
6977dfe6 2867 } else {
6b02494d 2868#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2869 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2870 an system defined value, which is at least 256GB. Larger systems
2871 have larger values. We put the guest between the end of data
2872 segment (system break) and this value. We use 32GB as a base to
2873 have enough room for the system break to grow. */
2874 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2875 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2876 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2877 if (new_block->host == MAP_FAILED) {
2878 fprintf(stderr, "Allocating RAM failed\n");
2879 abort();
2880 }
6b02494d 2881#else
868bb33f 2882 if (xen_enabled()) {
fce537d4 2883 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2884 } else {
2885 new_block->host = qemu_vmalloc(size);
2886 }
6b02494d 2887#endif
e78815a5 2888 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2889 }
c902760f 2890 }
94a6b54f
PB		 2891 new_block->length = size;
2892
f471a17e 2893 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2894
7267c094 2895 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2896 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2897 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2898 0xff, size >> TARGET_PAGE_BITS);
2899
6f0437e8
JK		 2900 if (kvm_enabled())
2901 kvm_setup_guest_memory(new_block->host, size);
2902
94a6b54f
PB		 2903 return new_block->offset;
2904}
e9a1ab19 2905
c5705a77 2906ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2907{
c5705a77 2908 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2909}
2910
1f2e98b6
AW		 2911void qemu_ram_free_from_ptr(ram_addr_t addr)
2912{
2913 RAMBlock *block;
2914
2915 QLIST_FOREACH(block, &ram_list.blocks, next) {
2916 if (addr == block->offset) {
2917 QLIST_REMOVE(block, next);
7267c094 2918 g_free(block);
1f2e98b6
AW		 2919 return;
2920 }
2921 }
2922}
2923
c227f099 2924void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2925{
04b16653
AW		 2926 RAMBlock *block;
2927
2928 QLIST_FOREACH(block, &ram_list.blocks, next) {
2929 if (addr == block->offset) {
2930 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2931 if (block->flags & RAM_PREALLOC_MASK) {
2932 ;
2933 } else if (mem_path) {
04b16653
AW		 2934#if defined (__linux__) && !defined(TARGET_S390X)
2935 if (block->fd) {
2936 munmap(block->host, block->length);
2937 close(block->fd);
2938 } else {
2939 qemu_vfree(block->host);
2940 }
fd28aa13
JK		 2941#else
2942 abort();
04b16653
AW		 2943#endif
2944 } else {
2945#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2946 munmap(block->host, block->length);
2947#else
868bb33f 2948 if (xen_enabled()) {
e41d7c69 2949 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2950 } else {
2951 qemu_vfree(block->host);
2952 }
04b16653
AW		 2953#endif
2954 }
7267c094 2955 g_free(block);
04b16653
AW		 2956 return;
2957 }
2958 }
2959
e9a1ab19
FB		 2960}
2961
cd19cfa2
HY		 2962#ifndef _WIN32
2963void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2964{
2965 RAMBlock *block;
2966 ram_addr_t offset;
2967 int flags;
2968 void *area, *vaddr;
2969
2970 QLIST_FOREACH(block, &ram_list.blocks, next) {
2971 offset = addr - block->offset;
2972 if (offset < block->length) {
2973 vaddr = block->host + offset;
2974 if (block->flags & RAM_PREALLOC_MASK) {
2975 ;
2976 } else {
2977 flags = MAP_FIXED;
2978 munmap(vaddr, length);
2979 if (mem_path) {
2980#if defined(__linux__) && !defined(TARGET_S390X)
2981 if (block->fd) {
2982#ifdef MAP_POPULATE
2983 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2984 MAP_PRIVATE;
2985#else
2986 flags |= MAP_PRIVATE;
2987#endif
2988 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2989 flags, block->fd, offset);
2990 } else {
2991 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2992 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2993 flags, -1, 0);
2994 }
fd28aa13
JK		 2995#else
2996 abort();
cd19cfa2
HY		 2997#endif
2998 } else {
2999#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3000 flags |= MAP_SHARED | MAP_ANONYMOUS;
3001 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3002 flags, -1, 0);
3003#else
3004 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3005 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3006 flags, -1, 0);
3007#endif
3008 }
3009 if (area != vaddr) {
f15fbc4b
AP		 3010 fprintf(stderr, "Could not remap addr: "
3011 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3012 length, addr);
3013 exit(1);
3014 }
3015 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3016 }
3017 return;
3018 }
3019 }
3020}
3021#endif /* !_WIN32 */
3022
dc828ca1 3023/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3024 With the exception of the softmmu code in this file, this should
3025 only be used for local memory (e.g. video ram) that the device owns,
3026 and knows it isn't going to access beyond the end of the block.
3027
3028 It should not be used for general purpose DMA.
3029 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3030 */
c227f099 3031void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3032{
94a6b54f
PB		 3033 RAMBlock *block;
3034
f471a17e
AW		 3035 QLIST_FOREACH(block, &ram_list.blocks, next) {
3036 if (addr - block->offset < block->length) {
7d82af38
VP		 3037 /* Move this entry to to start of the list. */
3038 if (block != QLIST_FIRST(&ram_list.blocks)) {
3039 QLIST_REMOVE(block, next);
3040 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3041 }
868bb33f 3042 if (xen_enabled()) {
432d268c
JN		 3043 /* We need to check if the requested address is in the RAM
3044 * because we don't want to map the entire memory in QEMU.
712c2b41 3045 * In that case just map until the end of the page.
432d268c
JN		 3046 */
3047 if (block->offset == 0) {
e41d7c69 3048 return xen_map_cache(addr, 0, 0);
432d268c 3049 } else if (block->host == NULL) {
e41d7c69
JK		 3050 block->host =
3051 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3052 }
3053 }
f471a17e
AW		 3054 return block->host + (addr - block->offset);
3055 }
94a6b54f 3056 }
f471a17e
AW		 3057
3058 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3059 abort();
3060
3061 return NULL;
dc828ca1
PB		 3062}
3063
b2e0a138
MT		 3064/* Return a host pointer to ram allocated with qemu_ram_alloc.
3065 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3066 */
3067void *qemu_safe_ram_ptr(ram_addr_t addr)
3068{
3069 RAMBlock *block;
3070
3071 QLIST_FOREACH(block, &ram_list.blocks, next) {
3072 if (addr - block->offset < block->length) {
868bb33f 3073 if (xen_enabled()) {
432d268c
JN		 3074 /* We need to check if the requested address is in the RAM
3075 * because we don't want to map the entire memory in QEMU.
712c2b41 3076 * In that case just map until the end of the page.
432d268c
JN		 3077 */
3078 if (block->offset == 0) {
e41d7c69 3079 return xen_map_cache(addr, 0, 0);
432d268c 3080 } else if (block->host == NULL) {
e41d7c69
JK		 3081 block->host =
3082 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3083 }
3084 }
b2e0a138
MT		 3085 return block->host + (addr - block->offset);
3086 }
3087 }
3088
3089 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3090 abort();
3091
3092 return NULL;
3093}
3094
38bee5dc
SS		 3095/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3096 * but takes a size argument */
8ab934f9 3097void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3098{
8ab934f9
SS		 3099 if (*size == 0) {
3100 return NULL;
3101 }
868bb33f 3102 if (xen_enabled()) {
e41d7c69 3103 return xen_map_cache(addr, *size, 1);
868bb33f 3104 } else {
38bee5dc
SS		 3105 RAMBlock *block;
3106
3107 QLIST_FOREACH(block, &ram_list.blocks, next) {
3108 if (addr - block->offset < block->length) {
3109 if (addr - block->offset + *size > block->length)
3110 *size = block->length - addr + block->offset;
3111 return block->host + (addr - block->offset);
3112 }
3113 }
3114
3115 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3116 abort();
38bee5dc
SS		 3117 }
3118}
3119
050a0ddf
AP		 3120void qemu_put_ram_ptr(void *addr)
3121{
3122 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3123}
3124
e890261f 3125int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3126{
94a6b54f
PB		 3127 RAMBlock *block;
3128 uint8_t *host = ptr;
3129
868bb33f 3130 if (xen_enabled()) {
e41d7c69 3131 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3132 return 0;
3133 }
3134
f471a17e 3135 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3136 /* This case append when the block is not mapped. */
3137 if (block->host == NULL) {
3138 continue;
3139 }
f471a17e 3140 if (host - block->host < block->length) {
e890261f
MT		 3141 *ram_addr = block->offset + (host - block->host);
3142 return 0;
f471a17e 3143 }
94a6b54f 3144 }
432d268c 3145
e890261f
MT		 3146 return -1;
3147}
f471a17e 3148
e890261f
MT		 3149/* Some of the softmmu routines need to translate from a host pointer
3150 (typically a TLB entry) back to a ram offset. */
3151ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3152{
3153 ram_addr_t ram_addr;
f471a17e 3154
e890261f
MT		 3155 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3156 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3157 abort();
3158 }
3159 return ram_addr;
5579c7f3
PB		 3160}
3161
0e0df1e2
AK		 3162static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3163 unsigned size)
e18231a3
BS		 3164{
3165#ifdef DEBUG_UNASSIGNED
3166 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3167#endif
5b450407 3168#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3169 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3170#endif
3171 return 0;
3172}
3173
0e0df1e2
AK		 3174static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3175 uint64_t val, unsigned size)
e18231a3
BS		 3176{
3177#ifdef DEBUG_UNASSIGNED
0e0df1e2 3178 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3179#endif
5b450407 3180#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3181 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3182#endif
33417e70
FB		 3183}
3184
0e0df1e2
AK		 3185static const MemoryRegionOps unassigned_mem_ops = {
3186 .read = unassigned_mem_read,
3187 .write = unassigned_mem_write,
3188 .endianness = DEVICE_NATIVE_ENDIAN,
3189};
e18231a3 3190
0e0df1e2
AK		 3191static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3192 unsigned size)
e18231a3 3193{
0e0df1e2 3194 abort();
e18231a3
BS		 3195}
3196
0e0df1e2
AK		 3197static void error_mem_write(void *opaque, target_phys_addr_t addr,
3198 uint64_t value, unsigned size)
e18231a3 3199{
0e0df1e2 3200 abort();
33417e70
FB		 3201}
3202
0e0df1e2
AK		 3203static const MemoryRegionOps error_mem_ops = {
3204 .read = error_mem_read,
3205 .write = error_mem_write,
3206 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3207};
3208
0e0df1e2
AK		 3209static const MemoryRegionOps rom_mem_ops = {
3210 .read = error_mem_read,
3211 .write = unassigned_mem_write,
3212 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3213};
3214
0e0df1e2
AK		 3215static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3216 uint64_t val, unsigned size)
9fa3e853 3217{
3a7d929e 3218 int dirty_flags;
f7c11b53 3219 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3220 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3221#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3222 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3223 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3224#endif
3a7d929e 3225 }
0e0df1e2
AK		 3226 switch (size) {
3227 case 1:
3228 stb_p(qemu_get_ram_ptr(ram_addr), val);
3229 break;
3230 case 2:
3231 stw_p(qemu_get_ram_ptr(ram_addr), val);
3232 break;
3233 case 4:
3234 stl_p(qemu_get_ram_ptr(ram_addr), val);
3235 break;
3236 default:
3237 abort();
3a7d929e 3238 }
f23db169 3239 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3240 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3241 /* we remove the notdirty callback only if the code has been
3242 flushed */
3243 if (dirty_flags == 0xff)
2e70f6ef 3244 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3245}
3246
0e0df1e2
AK		 3247static const MemoryRegionOps notdirty_mem_ops = {
3248 .read = error_mem_read,
3249 .write = notdirty_mem_write,
3250 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3251};
3252
0f459d16 3253/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3254static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3255{
3256 CPUState *env = cpu_single_env;
06d55cc1
AL		 3257 target_ulong pc, cs_base;
3258 TranslationBlock *tb;
0f459d16 3259 target_ulong vaddr;
a1d1bb31 3260 CPUWatchpoint *wp;
06d55cc1 3261 int cpu_flags;
0f459d16 3262
06d55cc1
AL		 3263 if (env->watchpoint_hit) {
3264 /* We re-entered the check after replacing the TB. Now raise
3265 * the debug interrupt so that is will trigger after the
3266 * current instruction. */
3267 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3268 return;
3269 }
2e70f6ef 3270 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3271 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3272 if ((vaddr == (wp->vaddr & len_mask) ||
3273 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3274 wp->flags |= BP_WATCHPOINT_HIT;
3275 if (!env->watchpoint_hit) {
3276 env->watchpoint_hit = wp;
3277 tb = tb_find_pc(env->mem_io_pc);
3278 if (!tb) {
3279 cpu_abort(env, "check_watchpoint: could not find TB for "
3280 "pc=%p", (void *)env->mem_io_pc);
3281 }
618ba8e6 3282 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3283 tb_phys_invalidate(tb, -1);
3284 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3285 env->exception_index = EXCP_DEBUG;
3286 } else {
3287 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3288 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3289 }
3290 cpu_resume_from_signal(env, NULL);
06d55cc1 3291 }
6e140f28
AL		 3292 } else {
3293 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3294 }
3295 }
3296}
3297
6658ffb8
PB		 3298/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3299 so these check for a hit then pass through to the normal out-of-line
3300 phys routines. */
1ec9b909
AK		 3301static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3302 unsigned size)
6658ffb8 3303{
1ec9b909
AK		 3304 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3305 switch (size) {
3306 case 1: return ldub_phys(addr);
3307 case 2: return lduw_phys(addr);
3308 case 4: return ldl_phys(addr);
3309 default: abort();
3310 }
6658ffb8
PB		 3311}
3312
1ec9b909
AK		 3313static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3314 uint64_t val, unsigned size)
6658ffb8 3315{
1ec9b909
AK		 3316 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3317 switch (size) {
3318 case 1: stb_phys(addr, val);
3319 case 2: stw_phys(addr, val);
3320 case 4: stl_phys(addr, val);
3321 default: abort();
3322 }
6658ffb8
PB		 3323}
3324
1ec9b909
AK		 3325static const MemoryRegionOps watch_mem_ops = {
3326 .read = watch_mem_read,
3327 .write = watch_mem_write,
3328 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3329};
6658ffb8 3330
70c68e44
AK		 3331static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3332 unsigned len)
db7b5426 3333{
70c68e44 3334 subpage_t *mmio = opaque;
f6405247 3335 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426
BS		 3336#if defined(DEBUG_SUBPAGE)
3337 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3338 mmio, len, addr, idx);
3339#endif
db7b5426 3340
f6405247
RH		 3341 addr += mmio->region_offset[idx];
3342 idx = mmio->sub_io_index[idx];
70c68e44 3343 return io_mem_read(idx, addr, len);
db7b5426
BS		 3344}
3345
70c68e44
AK		 3346static void subpage_write(void *opaque, target_phys_addr_t addr,
3347 uint64_t value, unsigned len)
db7b5426 3348{
70c68e44 3349 subpage_t *mmio = opaque;
f6405247 3350 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426 3351#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3352 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3353 " idx %d value %"PRIx64"\n",
f6405247 3354 __func__, mmio, len, addr, idx, value);
db7b5426 3355#endif
f6405247
RH		 3356
3357 addr += mmio->region_offset[idx];
3358 idx = mmio->sub_io_index[idx];
70c68e44 3359 io_mem_write(idx, addr, value, len);
db7b5426
BS		 3360}
3361
70c68e44
AK		 3362static const MemoryRegionOps subpage_ops = {
3363 .read = subpage_read,
3364 .write = subpage_write,
3365 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3366};
3367
de712f94
AK		 3368static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3369 unsigned size)
56384e8b
AF		 3370{
3371 ram_addr_t raddr = addr;
3372 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3373 switch (size) {
3374 case 1: return ldub_p(ptr);
3375 case 2: return lduw_p(ptr);
3376 case 4: return ldl_p(ptr);
3377 default: abort();
3378 }
56384e8b
AF		 3379}
3380
de712f94
AK		 3381static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3382 uint64_t value, unsigned size)
56384e8b
AF		 3383{
3384 ram_addr_t raddr = addr;
3385 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3386 switch (size) {
3387 case 1: return stb_p(ptr, value);
3388 case 2: return stw_p(ptr, value);
3389 case 4: return stl_p(ptr, value);
3390 default: abort();
3391 }
56384e8b
AF		 3392}
3393
de712f94
AK		 3394static const MemoryRegionOps subpage_ram_ops = {
3395 .read = subpage_ram_read,
3396 .write = subpage_ram_write,
3397 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3398};
3399
c227f099
AL		 3400static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3401 ram_addr_t memory, ram_addr_t region_offset)
db7b5426
BS		 3402{
3403 int idx, eidx;
3404
3405 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3406 return -1;
3407 idx = SUBPAGE_IDX(start);
3408 eidx = SUBPAGE_IDX(end);
3409#if defined(DEBUG_SUBPAGE)
0bf9e31a 3410 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3411 mmio, start, end, idx, eidx, memory);
3412#endif
0e0df1e2 3413 if ((memory & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
de712f94 3414 memory = io_mem_subpage_ram.ram_addr;
56384e8b 3415 }
11c7ef0c 3416 memory &= IO_MEM_NB_ENTRIES - 1;
db7b5426 3417 for (; idx <= eidx; idx++) {
f6405247
RH		 3418 mmio->sub_io_index[idx] = memory;
3419 mmio->region_offset[idx] = region_offset;
db7b5426
BS		 3420 }
3421
3422 return 0;
3423}
3424
f6405247
RH		 3425static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3426 ram_addr_t orig_memory,
3427 ram_addr_t region_offset)
db7b5426 3428{
c227f099 3429 subpage_t *mmio;
db7b5426
BS		 3430 int subpage_memory;
3431
7267c094 3432 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3433
3434 mmio->base = base;
70c68e44
AK		 3435 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3436 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3437 mmio->iomem.subpage = true;
70c68e44 3438 subpage_memory = mmio->iomem.ram_addr;
db7b5426 3439#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3440 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3441 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3442#endif
b3b00c78 3443 *phys = subpage_memory;
f6405247 3444 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
db7b5426
BS		 3445
3446 return mmio;
3447}
3448
88715657
AL		 3449static int get_free_io_mem_idx(void)
3450{
3451 int i;
3452
3453 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3454 if (!io_mem_used[i]) {
3455 io_mem_used[i] = 1;
3456 return i;
3457 }
c6703b47 3458 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3459 return -1;
3460}
3461
33417e70
FB		 3462/* mem_read and mem_write are arrays of functions containing the
3463 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3464 2). Functions can be omitted with a NULL function pointer.
3ee89922 3465 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3466 modified. If it is zero, a new io zone is allocated. The return
3467 value can be used with cpu_register_physical_memory(). (-1) is
3468 returned if error. */
a621f38d 3469static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3470{
33417e70 3471 if (io_index <= 0) {
88715657
AL		 3472 io_index = get_free_io_mem_idx();
3473 if (io_index == -1)
3474 return io_index;
33417e70
FB		 3475 } else {
3476 if (io_index >= IO_MEM_NB_ENTRIES)
3477 return -1;
3478 }
b5ff1b31 3479
a621f38d 3480 io_mem_region[io_index] = mr;
f6405247 3481
11c7ef0c 3482 return io_index;
33417e70 3483}
61382a50 3484
a621f38d 3485int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3486{
a621f38d 3487 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3488}
3489
11c7ef0c 3490void cpu_unregister_io_memory(int io_index)
88715657 3491{
a621f38d 3492 io_mem_region[io_index] = NULL;
88715657
AL		 3493 io_mem_used[io_index] = 0;
3494}
3495
e9179ce1
AK		 3496static void io_mem_init(void)
3497{
3498 int i;
3499
0e0df1e2
AK		 3500 /* Must be first: */
3501 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3502 assert(io_mem_ram.ram_addr == 0);
3503 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3504 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3505 "unassigned", UINT64_MAX);
3506 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3507 "notdirty", UINT64_MAX);
de712f94
AK		 3508 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3509 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3510 for (i=0; i<5; i++)
3511 io_mem_used[i] = 1;
3512
1ec9b909
AK		 3513 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3514 "watch", UINT64_MAX);
e9179ce1
AK		 3515}
3516
50c1e149
AK		 3517static void core_begin(MemoryListener *listener)
3518{
54688b1e 3519 destroy_all_mappings();
50c1e149
AK		 3520}
3521
3522static void core_commit(MemoryListener *listener)
3523{
3524}
3525
93632747
AK		 3526static void core_region_add(MemoryListener *listener,
3527 MemoryRegionSection *section)
3528{
4855d41a 3529 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3530}
3531
3532static void core_region_del(MemoryListener *listener,
3533 MemoryRegionSection *section)
3534{
93632747
AK		 3535}
3536
50c1e149
AK		 3537static void core_region_nop(MemoryListener *listener,
3538 MemoryRegionSection *section)
3539{
54688b1e 3540 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3541}
3542
93632747
AK		 3543static void core_log_start(MemoryListener *listener,
3544 MemoryRegionSection *section)
3545{
3546}
3547
3548static void core_log_stop(MemoryListener *listener,
3549 MemoryRegionSection *section)
3550{
3551}
3552
3553static void core_log_sync(MemoryListener *listener,
3554 MemoryRegionSection *section)
3555{
3556}
3557
3558static void core_log_global_start(MemoryListener *listener)
3559{
3560 cpu_physical_memory_set_dirty_tracking(1);
3561}
3562
3563static void core_log_global_stop(MemoryListener *listener)
3564{
3565 cpu_physical_memory_set_dirty_tracking(0);
3566}
3567
3568static void core_eventfd_add(MemoryListener *listener,
3569 MemoryRegionSection *section,
3570 bool match_data, uint64_t data, int fd)
3571{
3572}
3573
3574static void core_eventfd_del(MemoryListener *listener,
3575 MemoryRegionSection *section,
3576 bool match_data, uint64_t data, int fd)
3577{
3578}
3579
50c1e149
AK		 3580static void io_begin(MemoryListener *listener)
3581{
3582}
3583
3584static void io_commit(MemoryListener *listener)
3585{
3586}
3587
4855d41a
AK		 3588static void io_region_add(MemoryListener *listener,
3589 MemoryRegionSection *section)
3590{
3591 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3592 section->offset_within_address_space, section->size);
3593 ioport_register(&section->mr->iorange);
3594}
3595
3596static void io_region_del(MemoryListener *listener,
3597 MemoryRegionSection *section)
3598{
3599 isa_unassign_ioport(section->offset_within_address_space, section->size);
3600}
3601
50c1e149
AK		 3602static void io_region_nop(MemoryListener *listener,
3603 MemoryRegionSection *section)
3604{
3605}
3606
4855d41a
AK		 3607static void io_log_start(MemoryListener *listener,
3608 MemoryRegionSection *section)
3609{
3610}
3611
3612static void io_log_stop(MemoryListener *listener,
3613 MemoryRegionSection *section)
3614{
3615}
3616
3617static void io_log_sync(MemoryListener *listener,
3618 MemoryRegionSection *section)
3619{
3620}
3621
3622static void io_log_global_start(MemoryListener *listener)
3623{
3624}
3625
3626static void io_log_global_stop(MemoryListener *listener)
3627{
3628}
3629
3630static void io_eventfd_add(MemoryListener *listener,
3631 MemoryRegionSection *section,
3632 bool match_data, uint64_t data, int fd)
3633{
3634}
3635
3636static void io_eventfd_del(MemoryListener *listener,
3637 MemoryRegionSection *section,
3638 bool match_data, uint64_t data, int fd)
3639{
3640}
3641
93632747 3642static MemoryListener core_memory_listener = {
50c1e149
AK		 3643 .begin = core_begin,
3644 .commit = core_commit,
93632747
AK		 3645 .region_add = core_region_add,
3646 .region_del = core_region_del,
50c1e149 3647 .region_nop = core_region_nop,
93632747
AK		 3648 .log_start = core_log_start,
3649 .log_stop = core_log_stop,
3650 .log_sync = core_log_sync,
3651 .log_global_start = core_log_global_start,
3652 .log_global_stop = core_log_global_stop,
3653 .eventfd_add = core_eventfd_add,
3654 .eventfd_del = core_eventfd_del,
3655 .priority = 0,
3656};
3657
4855d41a 3658static MemoryListener io_memory_listener = {
50c1e149
AK		 3659 .begin = io_begin,
3660 .commit = io_commit,
4855d41a
AK		 3661 .region_add = io_region_add,
3662 .region_del = io_region_del,
50c1e149 3663 .region_nop = io_region_nop,
4855d41a
AK		 3664 .log_start = io_log_start,
3665 .log_stop = io_log_stop,
3666 .log_sync = io_log_sync,
3667 .log_global_start = io_log_global_start,
3668 .log_global_stop = io_log_global_stop,
3669 .eventfd_add = io_eventfd_add,
3670 .eventfd_del = io_eventfd_del,
3671 .priority = 0,
3672};
3673
62152b8a
AK		 3674static void memory_map_init(void)
3675{
7267c094 3676 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3677 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3678 set_system_memory_map(system_memory);
309cb471 3679
7267c094 3680 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3681 memory_region_init(system_io, "io", 65536);
3682 set_system_io_map(system_io);
93632747 3683
4855d41a
AK		 3684 memory_listener_register(&core_memory_listener, system_memory);
3685 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3686}
3687
3688MemoryRegion *get_system_memory(void)
3689{
3690 return system_memory;
3691}
3692
309cb471
AK		 3693MemoryRegion *get_system_io(void)
3694{
3695 return system_io;
3696}
3697
e2eef170
PB		 3698#endif /* !defined(CONFIG_USER_ONLY) */
3699
13eb76e0
FB		 3700/* physical memory access (slow version, mainly for debug) */
3701#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3702int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3703 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3704{
3705 int l, flags;
3706 target_ulong page;
53a5960a 3707 void * p;
13eb76e0
FB		 3708
3709 while (len > 0) {
3710 page = addr & TARGET_PAGE_MASK;
3711 l = (page + TARGET_PAGE_SIZE) - addr;
3712 if (l > len)
3713 l = len;
3714 flags = page_get_flags(page);
3715 if (!(flags & PAGE_VALID))
a68fe89c 3716 return -1;
13eb76e0
FB		 3717 if (is_write) {
3718 if (!(flags & PAGE_WRITE))
a68fe89c 3719 return -1;
579a97f7 3720 /* XXX: this code should not depend on lock_user */
72fb7daa 3721 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3722 return -1;
72fb7daa
AJ		 3723 memcpy(p, buf, l);
3724 unlock_user(p, addr, l);
13eb76e0
FB		 3725 } else {
3726 if (!(flags & PAGE_READ))
a68fe89c 3727 return -1;
579a97f7 3728 /* XXX: this code should not depend on lock_user */
72fb7daa 3729 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3730 return -1;
72fb7daa 3731 memcpy(buf, p, l);
5b257578 3732 unlock_user(p, addr, 0);
13eb76e0
FB		 3733 }
3734 len -= l;
3735 buf += l;
3736 addr += l;
3737 }
a68fe89c 3738 return 0;
13eb76e0 3739}
8df1cd07 3740
13eb76e0 3741#else
c227f099 3742void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3743 int len, int is_write)
3744{
3745 int l, io_index;
3746 uint8_t *ptr;
3747 uint32_t val;
c227f099 3748 target_phys_addr_t page;
8ca5692d 3749 ram_addr_t pd;
f1f6e3b8 3750 PhysPageDesc p;
3b46e624 3751
13eb76e0
FB		 3752 while (len > 0) {
3753 page = addr & TARGET_PAGE_MASK;
3754 l = (page + TARGET_PAGE_SIZE) - addr;
3755 if (l > len)
3756 l = len;
92e873b9 3757 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3758 pd = p.phys_offset;
3b46e624 3759
13eb76e0 3760 if (is_write) {
0e0df1e2 3761 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
f1f6e3b8 3762 target_phys_addr_t addr1;
11c7ef0c 3763 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3764 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6a00d601
FB		 3765 /* XXX: could force cpu_single_env to NULL to avoid
3766 potential bugs */
6c2934db 3767 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3768 /* 32 bit write access */
c27004ec 3769 val = ldl_p(buf);
acbbec5d 3770 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3771 l = 4;
6c2934db 3772 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3773 /* 16 bit write access */
c27004ec 3774 val = lduw_p(buf);
acbbec5d 3775 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3776 l = 2;
3777 } else {
1c213d19 3778 /* 8 bit write access */
c27004ec 3779 val = ldub_p(buf);
acbbec5d 3780 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3781 l = 1;
3782 }
3783 } else {
8ca5692d 3784 ram_addr_t addr1;
b448f2f3 3785 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3786 /* RAM case */
5579c7f3 3787 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3788 memcpy(ptr, buf, l);
3a7d929e
FB		 3789 if (!cpu_physical_memory_is_dirty(addr1)) {
3790 /* invalidate code */
3791 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3792 /* set dirty bit */
f7c11b53
YT		 3793 cpu_physical_memory_set_dirty_flags(
3794 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3795 }
050a0ddf 3796 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3797 }
3798 } else {
1d393fa2 3799 if (!is_ram_rom_romd(pd)) {
f1f6e3b8 3800 target_phys_addr_t addr1;
13eb76e0 3801 /* I/O case */
11c7ef0c 3802 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3803 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6c2934db 3804 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3805 /* 32 bit read access */
acbbec5d 3806 val = io_mem_read(io_index, addr1, 4);
c27004ec 3807 stl_p(buf, val);
13eb76e0 3808 l = 4;
6c2934db 3809 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3810 /* 16 bit read access */
acbbec5d 3811 val = io_mem_read(io_index, addr1, 2);
c27004ec 3812 stw_p(buf, val);
13eb76e0
FB		 3813 l = 2;
3814 } else {
1c213d19 3815 /* 8 bit read access */
acbbec5d 3816 val = io_mem_read(io_index, addr1, 1);
c27004ec 3817 stb_p(buf, val);
13eb76e0
FB		 3818 l = 1;
3819 }
3820 } else {
3821 /* RAM case */
050a0ddf
AP		 3822 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3823 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3824 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3825 }
3826 }
3827 len -= l;
3828 buf += l;
3829 addr += l;
3830 }
3831}
8df1cd07 3832
d0ecd2aa 3833/* used for ROM loading : can write in RAM and ROM */
c227f099 3834void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3835 const uint8_t *buf, int len)
3836{
3837 int l;
3838 uint8_t *ptr;
c227f099 3839 target_phys_addr_t page;
d0ecd2aa 3840 unsigned long pd;
f1f6e3b8 3841 PhysPageDesc p;
3b46e624 3842
d0ecd2aa
FB		 3843 while (len > 0) {
3844 page = addr & TARGET_PAGE_MASK;
3845 l = (page + TARGET_PAGE_SIZE) - addr;
3846 if (l > len)
3847 l = len;
3848 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3849 pd = p.phys_offset;
3b46e624 3850
1d393fa2 3851 if (!is_ram_rom_romd(pd)) {
d0ecd2aa
FB		 3852 /* do nothing */
3853 } else {
3854 unsigned long addr1;
3855 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3856 /* ROM/RAM case */
5579c7f3 3857 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3858 memcpy(ptr, buf, l);
050a0ddf 3859 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3860 }
3861 len -= l;
3862 buf += l;
3863 addr += l;
3864 }
3865}
3866
6d16c2f8
AL		 3867typedef struct {
3868 void *buffer;
c227f099
AL		 3869 target_phys_addr_t addr;
3870 target_phys_addr_t len;
6d16c2f8
AL		 3871} BounceBuffer;
3872
3873static BounceBuffer bounce;
3874
ba223c29
AL		 3875typedef struct MapClient {
3876 void *opaque;
3877 void (*callback)(void *opaque);
72cf2d4f 3878 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3879} MapClient;
3880
72cf2d4f
BS		 3881static QLIST_HEAD(map_client_list, MapClient) map_client_list
3882 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3883
3884void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3885{
7267c094 3886 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3887
3888 client->opaque = opaque;
3889 client->callback = callback;
72cf2d4f 3890 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3891 return client;
3892}
3893
3894void cpu_unregister_map_client(void *_client)
3895{
3896 MapClient *client = (MapClient *)_client;
3897
72cf2d4f 3898 QLIST_REMOVE(client, link);
7267c094 3899 g_free(client);
ba223c29
AL		 3900}
3901
3902static void cpu_notify_map_clients(void)
3903{
3904 MapClient *client;
3905
72cf2d4f
BS		 3906 while (!QLIST_EMPTY(&map_client_list)) {
3907 client = QLIST_FIRST(&map_client_list);
ba223c29 3908 client->callback(client->opaque);
34d5e948 3909 cpu_unregister_map_client(client);
ba223c29
AL		 3910 }
3911}
3912
6d16c2f8
AL		 3913/* Map a physical memory region into a host virtual address.
3914 * May map a subset of the requested range, given by and returned in *plen.
3915 * May return NULL if resources needed to perform the mapping are exhausted.
3916 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3917 * Use cpu_register_map_client() to know when retrying the map operation is
3918 * likely to succeed.
6d16c2f8 3919 */
c227f099
AL		 3920void *cpu_physical_memory_map(target_phys_addr_t addr,
3921 target_phys_addr_t *plen,
6d16c2f8
AL		 3922 int is_write)
3923{
c227f099 3924 target_phys_addr_t len = *plen;
38bee5dc 3925 target_phys_addr_t todo = 0;
6d16c2f8 3926 int l;
c227f099 3927 target_phys_addr_t page;
6d16c2f8 3928 unsigned long pd;
f1f6e3b8 3929 PhysPageDesc p;
f15fbc4b 3930 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3931 ram_addr_t rlen;
3932 void *ret;
6d16c2f8
AL		 3933
3934 while (len > 0) {
3935 page = addr & TARGET_PAGE_MASK;
3936 l = (page + TARGET_PAGE_SIZE) - addr;
3937 if (l > len)
3938 l = len;
3939 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3940 pd = p.phys_offset;
6d16c2f8 3941
0e0df1e2 3942 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
38bee5dc 3943 if (todo || bounce.buffer) {
6d16c2f8
AL		 3944 break;
3945 }
3946 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3947 bounce.addr = addr;
3948 bounce.len = l;
3949 if (!is_write) {
54f7b4a3 3950 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3951 }
38bee5dc
SS		 3952
3953 *plen = l;
3954 return bounce.buffer;
6d16c2f8 3955 }
8ab934f9
SS		 3956 if (!todo) {
3957 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3958 }
6d16c2f8
AL		 3959
3960 len -= l;
3961 addr += l;
38bee5dc 3962 todo += l;
6d16c2f8 3963 }
8ab934f9
SS		 3964 rlen = todo;
3965 ret = qemu_ram_ptr_length(raddr, &rlen);
3966 *plen = rlen;
3967 return ret;
6d16c2f8
AL		 3968}
3969
3970/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3971 * Will also mark the memory as dirty if is_write == 1. access_len gives
3972 * the amount of memory that was actually read or written by the caller.
3973 */
c227f099
AL		 3974void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3975 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3976{
3977 if (buffer != bounce.buffer) {
3978 if (is_write) {
e890261f 3979 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3980 while (access_len) {
3981 unsigned l;
3982 l = TARGET_PAGE_SIZE;
3983 if (l > access_len)
3984 l = access_len;
3985 if (!cpu_physical_memory_is_dirty(addr1)) {
3986 /* invalidate code */
3987 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3988 /* set dirty bit */
f7c11b53
YT		 3989 cpu_physical_memory_set_dirty_flags(
3990 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 3991 }
3992 addr1 += l;
3993 access_len -= l;
3994 }
3995 }
868bb33f 3996 if (xen_enabled()) {
e41d7c69 3997 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3998 }
6d16c2f8
AL		 3999 return;
4000 }
4001 if (is_write) {
4002 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4003 }
f8a83245 4004 qemu_vfree(bounce.buffer);
6d16c2f8 4005 bounce.buffer = NULL;
ba223c29 4006 cpu_notify_map_clients();
6d16c2f8 4007}
d0ecd2aa 4008
8df1cd07 4009/* warning: addr must be aligned */
1e78bcc1
AG		 4010static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4011 enum device_endian endian)
8df1cd07
FB		 4012{
4013 int io_index;
4014 uint8_t *ptr;
4015 uint32_t val;
4016 unsigned long pd;
f1f6e3b8 4017 PhysPageDesc p;
8df1cd07
FB		 4018
4019 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4020 pd = p.phys_offset;
3b46e624 4021
1d393fa2 4022 if (!is_ram_rom_romd(pd)) {
8df1cd07 4023 /* I/O case */
11c7ef0c 4024 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4025 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4026 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4027#if defined(TARGET_WORDS_BIGENDIAN)
4028 if (endian == DEVICE_LITTLE_ENDIAN) {
4029 val = bswap32(val);
4030 }
4031#else
4032 if (endian == DEVICE_BIG_ENDIAN) {
4033 val = bswap32(val);
4034 }
4035#endif
8df1cd07
FB		 4036 } else {
4037 /* RAM case */
5579c7f3 4038 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4039 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4040 switch (endian) {
4041 case DEVICE_LITTLE_ENDIAN:
4042 val = ldl_le_p(ptr);
4043 break;
4044 case DEVICE_BIG_ENDIAN:
4045 val = ldl_be_p(ptr);
4046 break;
4047 default:
4048 val = ldl_p(ptr);
4049 break;
4050 }
8df1cd07
FB		 4051 }
4052 return val;
4053}
4054
1e78bcc1
AG		 4055uint32_t ldl_phys(target_phys_addr_t addr)
4056{
4057 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4058}
4059
4060uint32_t ldl_le_phys(target_phys_addr_t addr)
4061{
4062 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4063}
4064
4065uint32_t ldl_be_phys(target_phys_addr_t addr)
4066{
4067 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4068}
4069
84b7b8e7 4070/* warning: addr must be aligned */
1e78bcc1
AG		 4071static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4072 enum device_endian endian)
84b7b8e7
FB		 4073{
4074 int io_index;
4075 uint8_t *ptr;
4076 uint64_t val;
4077 unsigned long pd;
f1f6e3b8 4078 PhysPageDesc p;
84b7b8e7
FB		 4079
4080 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4081 pd = p.phys_offset;
3b46e624 4082
1d393fa2 4083 if (!is_ram_rom_romd(pd)) {
84b7b8e7 4084 /* I/O case */
11c7ef0c 4085 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4086 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4087
4088 /* XXX This is broken when device endian != cpu endian.
4089 Fix and add "endian" variable check */
84b7b8e7 4090#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4091 val = io_mem_read(io_index, addr, 4) << 32;
4092 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4093#else
acbbec5d
AK		 4094 val = io_mem_read(io_index, addr, 4);
4095 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4096#endif
4097 } else {
4098 /* RAM case */
5579c7f3 4099 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4100 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4101 switch (endian) {
4102 case DEVICE_LITTLE_ENDIAN:
4103 val = ldq_le_p(ptr);
4104 break;
4105 case DEVICE_BIG_ENDIAN:
4106 val = ldq_be_p(ptr);
4107 break;
4108 default:
4109 val = ldq_p(ptr);
4110 break;
4111 }
84b7b8e7
FB		 4112 }
4113 return val;
4114}
4115
1e78bcc1
AG		 4116uint64_t ldq_phys(target_phys_addr_t addr)
4117{
4118 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4119}
4120
4121uint64_t ldq_le_phys(target_phys_addr_t addr)
4122{
4123 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4124}
4125
4126uint64_t ldq_be_phys(target_phys_addr_t addr)
4127{
4128 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4129}
4130
aab33094 4131/* XXX: optimize */
c227f099 4132uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4133{
4134 uint8_t val;
4135 cpu_physical_memory_read(addr, &val, 1);
4136 return val;
4137}
4138
733f0b02 4139/* warning: addr must be aligned */
1e78bcc1
AG		 4140static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4141 enum device_endian endian)
aab33094 4142{
733f0b02
MT		 4143 int io_index;
4144 uint8_t *ptr;
4145 uint64_t val;
4146 unsigned long pd;
f1f6e3b8 4147 PhysPageDesc p;
733f0b02
MT		 4148
4149 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4150 pd = p.phys_offset;
733f0b02 4151
1d393fa2 4152 if (!is_ram_rom_romd(pd)) {
733f0b02 4153 /* I/O case */
11c7ef0c 4154 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4155 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4156 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4157#if defined(TARGET_WORDS_BIGENDIAN)
4158 if (endian == DEVICE_LITTLE_ENDIAN) {
4159 val = bswap16(val);
4160 }
4161#else
4162 if (endian == DEVICE_BIG_ENDIAN) {
4163 val = bswap16(val);
4164 }
4165#endif
733f0b02
MT		 4166 } else {
4167 /* RAM case */
4168 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4169 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4170 switch (endian) {
4171 case DEVICE_LITTLE_ENDIAN:
4172 val = lduw_le_p(ptr);
4173 break;
4174 case DEVICE_BIG_ENDIAN:
4175 val = lduw_be_p(ptr);
4176 break;
4177 default:
4178 val = lduw_p(ptr);
4179 break;
4180 }
733f0b02
MT		 4181 }
4182 return val;
aab33094
FB		 4183}
4184
1e78bcc1
AG		 4185uint32_t lduw_phys(target_phys_addr_t addr)
4186{
4187 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4188}
4189
4190uint32_t lduw_le_phys(target_phys_addr_t addr)
4191{
4192 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4193}
4194
4195uint32_t lduw_be_phys(target_phys_addr_t addr)
4196{
4197 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4198}
4199
8df1cd07
FB		 4200/* warning: addr must be aligned. The ram page is not masked as dirty
4201 and the code inside is not invalidated. It is useful if the dirty
4202 bits are used to track modified PTEs */
c227f099 4203void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4204{
4205 int io_index;
4206 uint8_t *ptr;
4207 unsigned long pd;
f1f6e3b8 4208 PhysPageDesc p;
8df1cd07
FB		 4209
4210 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4211 pd = p.phys_offset;
3b46e624 4212
0e0df1e2 4213 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4214 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4215 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4216 io_mem_write(io_index, addr, val, 4);
8df1cd07 4217 } else {
74576198 4218 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4219 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4220 stl_p(ptr, val);
74576198
AL		 4221
4222 if (unlikely(in_migration)) {
4223 if (!cpu_physical_memory_is_dirty(addr1)) {
4224 /* invalidate code */
4225 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4226 /* set dirty bit */
f7c11b53
YT		 4227 cpu_physical_memory_set_dirty_flags(
4228 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4229 }
4230 }
8df1cd07
FB		 4231 }
4232}
4233
c227f099 4234void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4235{
4236 int io_index;
4237 uint8_t *ptr;
4238 unsigned long pd;
f1f6e3b8 4239 PhysPageDesc p;
bc98a7ef
JM		 4240
4241 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4242 pd = p.phys_offset;
3b46e624 4243
0e0df1e2 4244 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4245 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4246 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
bc98a7ef 4247#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4248 io_mem_write(io_index, addr, val >> 32, 4);
4249 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4250#else
acbbec5d
AK		 4251 io_mem_write(io_index, addr, (uint32_t)val, 4);
4252 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4253#endif
4254 } else {
5579c7f3 4255 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4256 (addr & ~TARGET_PAGE_MASK);
4257 stq_p(ptr, val);
4258 }
4259}
4260
8df1cd07 4261/* warning: addr must be aligned */
1e78bcc1
AG		 4262static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4263 enum device_endian endian)
8df1cd07
FB		 4264{
4265 int io_index;
4266 uint8_t *ptr;
4267 unsigned long pd;
f1f6e3b8 4268 PhysPageDesc p;
8df1cd07
FB		 4269
4270 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4271 pd = p.phys_offset;
3b46e624 4272
0e0df1e2 4273 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4274 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4275 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4276#if defined(TARGET_WORDS_BIGENDIAN)
4277 if (endian == DEVICE_LITTLE_ENDIAN) {
4278 val = bswap32(val);
4279 }
4280#else
4281 if (endian == DEVICE_BIG_ENDIAN) {
4282 val = bswap32(val);
4283 }
4284#endif
acbbec5d 4285 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4286 } else {
4287 unsigned long addr1;
4288 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4289 /* RAM case */
5579c7f3 4290 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4291 switch (endian) {
4292 case DEVICE_LITTLE_ENDIAN:
4293 stl_le_p(ptr, val);
4294 break;
4295 case DEVICE_BIG_ENDIAN:
4296 stl_be_p(ptr, val);
4297 break;
4298 default:
4299 stl_p(ptr, val);
4300 break;
4301 }
3a7d929e
FB		 4302 if (!cpu_physical_memory_is_dirty(addr1)) {
4303 /* invalidate code */
4304 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4305 /* set dirty bit */
f7c11b53
YT		 4306 cpu_physical_memory_set_dirty_flags(addr1,
4307 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4308 }
8df1cd07
FB		 4309 }
4310}
4311
1e78bcc1
AG		 4312void stl_phys(target_phys_addr_t addr, uint32_t val)
4313{
4314 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4315}
4316
4317void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4318{
4319 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4320}
4321
4322void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4323{
4324 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4325}
4326
aab33094 4327/* XXX: optimize */
c227f099 4328void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4329{
4330 uint8_t v = val;
4331 cpu_physical_memory_write(addr, &v, 1);
4332}
4333
733f0b02 4334/* warning: addr must be aligned */
1e78bcc1
AG		 4335static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4336 enum device_endian endian)
aab33094 4337{
733f0b02
MT		 4338 int io_index;
4339 uint8_t *ptr;
4340 unsigned long pd;
f1f6e3b8 4341 PhysPageDesc p;
733f0b02
MT		 4342
4343 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4344 pd = p.phys_offset;
733f0b02 4345
0e0df1e2 4346 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4347 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4348 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4349#if defined(TARGET_WORDS_BIGENDIAN)
4350 if (endian == DEVICE_LITTLE_ENDIAN) {
4351 val = bswap16(val);
4352 }
4353#else
4354 if (endian == DEVICE_BIG_ENDIAN) {
4355 val = bswap16(val);
4356 }
4357#endif
acbbec5d 4358 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4359 } else {
4360 unsigned long addr1;
4361 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4362 /* RAM case */
4363 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4364 switch (endian) {
4365 case DEVICE_LITTLE_ENDIAN:
4366 stw_le_p(ptr, val);
4367 break;
4368 case DEVICE_BIG_ENDIAN:
4369 stw_be_p(ptr, val);
4370 break;
4371 default:
4372 stw_p(ptr, val);
4373 break;
4374 }
733f0b02
MT		 4375 if (!cpu_physical_memory_is_dirty(addr1)) {
4376 /* invalidate code */
4377 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4378 /* set dirty bit */
4379 cpu_physical_memory_set_dirty_flags(addr1,
4380 (0xff & ~CODE_DIRTY_FLAG));
4381 }
4382 }
aab33094
FB		 4383}
4384
1e78bcc1
AG		 4385void stw_phys(target_phys_addr_t addr, uint32_t val)
4386{
4387 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4388}
4389
4390void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4391{
4392 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4393}
4394
4395void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4396{
4397 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4398}
4399
aab33094 4400/* XXX: optimize */
c227f099 4401void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4402{
4403 val = tswap64(val);
71d2b725 4404 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4405}
4406
1e78bcc1
AG		 4407void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4408{
4409 val = cpu_to_le64(val);
4410 cpu_physical_memory_write(addr, &val, 8);
4411}
4412
4413void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4414{
4415 val = cpu_to_be64(val);
4416 cpu_physical_memory_write(addr, &val, 8);
4417}
4418
5e2972fd 4419/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4420int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4421 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4422{
4423 int l;
c227f099 4424 target_phys_addr_t phys_addr;
9b3c35e0 4425 target_ulong page;
13eb76e0
FB		 4426
4427 while (len > 0) {
4428 page = addr & TARGET_PAGE_MASK;
4429 phys_addr = cpu_get_phys_page_debug(env, page);
4430 /* if no physical page mapped, return an error */
4431 if (phys_addr == -1)
4432 return -1;
4433 l = (page + TARGET_PAGE_SIZE) - addr;
4434 if (l > len)
4435 l = len;
5e2972fd 4436 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4437 if (is_write)
4438 cpu_physical_memory_write_rom(phys_addr, buf, l);
4439 else
5e2972fd 4440 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4441 len -= l;
4442 buf += l;
4443 addr += l;
4444 }
4445 return 0;
4446}
a68fe89c 4447#endif
13eb76e0 4448
2e70f6ef
PB		 4449/* in deterministic execution mode, instructions doing device I/Os
4450 must be at the end of the TB */
4451void cpu_io_recompile(CPUState *env, void *retaddr)
4452{
4453 TranslationBlock *tb;
4454 uint32_t n, cflags;
4455 target_ulong pc, cs_base;
4456 uint64_t flags;
4457
4458 tb = tb_find_pc((unsigned long)retaddr);
4459 if (!tb) {
4460 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4461 retaddr);
4462 }
4463 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4464 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4465 /* Calculate how many instructions had been executed before the fault
bf20dc07 4466 occurred. */
2e70f6ef
PB		 4467 n = n - env->icount_decr.u16.low;
4468 /* Generate a new TB ending on the I/O insn. */
4469 n++;
4470 /* On MIPS and SH, delay slot instructions can only be restarted if
4471 they were already the first instruction in the TB. If this is not
bf20dc07 4472 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4473 branch. */
4474#if defined(TARGET_MIPS)
4475 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4476 env->active_tc.PC -= 4;
4477 env->icount_decr.u16.low++;
4478 env->hflags &= ~MIPS_HFLAG_BMASK;
4479 }
4480#elif defined(TARGET_SH4)
4481 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4482 && n > 1) {
4483 env->pc -= 2;
4484 env->icount_decr.u16.low++;
4485 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4486 }
4487#endif
4488 /* This should never happen. */
4489 if (n > CF_COUNT_MASK)
4490 cpu_abort(env, "TB too big during recompile");
4491
4492 cflags = n | CF_LAST_IO;
4493 pc = tb->pc;
4494 cs_base = tb->cs_base;
4495 flags = tb->flags;
4496 tb_phys_invalidate(tb, -1);
4497 /* FIXME: In theory this could raise an exception. In practice
4498 we have already translated the block once so it's probably ok. */
4499 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4500 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4501 the first in the TB) then we end up generating a whole new TB and
4502 repeating the fault, which is horribly inefficient.
4503 Better would be to execute just this insn uncached, or generate a
4504 second new TB. */
4505 cpu_resume_from_signal(env, NULL);
4506}
4507
b3755a91
PB		 4508#if !defined(CONFIG_USER_ONLY)
4509
055403b2 4510void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4511{
4512 int i, target_code_size, max_target_code_size;
4513 int direct_jmp_count, direct_jmp2_count, cross_page;
4514 TranslationBlock *tb;
3b46e624 4515
e3db7226
FB		 4516 target_code_size = 0;
4517 max_target_code_size = 0;
4518 cross_page = 0;
4519 direct_jmp_count = 0;
4520 direct_jmp2_count = 0;
4521 for(i = 0; i < nb_tbs; i++) {
4522 tb = &tbs[i];
4523 target_code_size += tb->size;
4524 if (tb->size > max_target_code_size)
4525 max_target_code_size = tb->size;
4526 if (tb->page_addr[1] != -1)
4527 cross_page++;
4528 if (tb->tb_next_offset[0] != 0xffff) {
4529 direct_jmp_count++;
4530 if (tb->tb_next_offset[1] != 0xffff) {
4531 direct_jmp2_count++;
4532 }
4533 }
4534 }
4535 /* XXX: avoid using doubles ? */
57fec1fe 4536 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4537 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4538 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4539 cpu_fprintf(f, "TB count %d/%d\n",
4540 nb_tbs, code_gen_max_blocks);
5fafdf24 4541 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4542 nb_tbs ? target_code_size / nb_tbs : 0,
4543 max_target_code_size);
055403b2 4544 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4545 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4546 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4547 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4548 cross_page,
e3db7226
FB		 4549 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4550 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4551 direct_jmp_count,
e3db7226
FB		 4552 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4553 direct_jmp2_count,
4554 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4555 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4556 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4557 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4558 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4559 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4560}
4561
d39e8222
AK		 4562/* NOTE: this function can trigger an exception */
4563/* NOTE2: the returned address is not exactly the physical address: it
4564 is the offset relative to phys_ram_base */
4565tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4566{
4567 int mmu_idx, page_index, pd;
4568 void *p;
4569
4570 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4571 mmu_idx = cpu_mmu_index(env1);
4572 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4573 (addr & TARGET_PAGE_MASK))) {
4574 ldub_code(addr);
4575 }
4576 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4577 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
75c578dc 4578 && !is_romd(pd)) {
d39e8222
AK		 4579#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4580 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4581#else
4582 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4583#endif
4584 }
4585 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4586 return qemu_ram_addr_from_host_nofail(p);
4587}
4588
82afa586
BH		 4589/*
4590 * A helper function for the _utterly broken_ virtio device model to find out if
4591 * it's running on a big endian machine. Don't do this at home kids!
4592 */
4593bool virtio_is_big_endian(void);
4594bool virtio_is_big_endian(void)
4595{
4596#if defined(TARGET_WORDS_BIGENDIAN)
4597 return true;
4598#else
4599 return false;
4600#endif
4601}
4602
61382a50 4603#define MMUSUFFIX _cmmu
3917149d 4604#undef GETPC
61382a50
FB		 4605#define GETPC() NULL
4606#define env cpu_single_env
b769d8fe 4607#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4608
4609#define SHIFT 0
4610#include "softmmu_template.h"
4611
4612#define SHIFT 1
4613#include "softmmu_template.h"
4614
4615#define SHIFT 2
4616#include "softmmu_template.h"
4617
4618#define SHIFT 3
4619#include "softmmu_template.h"
4620
4621#undef env
4622
4623#endif
Qemu copy for testing