]> git.proxmox.com Git - qemu.git/blob - exec.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ide-test: Fix endianness problems
[qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52
53 //#define DEBUG_UNASSIGNED
54 //#define DEBUG_SUBPAGE
55
56 #if !defined(CONFIG_USER_ONLY)
57 int phys_ram_fd;
58 static int in_migration;
59
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
64
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
67 DMAContext dma_context_memory;
68
69 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
70 static MemoryRegion io_mem_subpage_ram;
71
72 #endif
73
74 CPUArchState *first_cpu;
75 /* current CPU in the current thread. It is only valid inside
76 cpu_exec() */
77 DEFINE_TLS(CPUArchState *,cpu_single_env);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
81 int use_icount;
82
83 #if !defined(CONFIG_USER_ONLY)
84
85 static MemoryRegionSection *phys_sections;
86 static unsigned phys_sections_nb, phys_sections_nb_alloc;
87 static uint16_t phys_section_unassigned;
88 static uint16_t phys_section_notdirty;
89 static uint16_t phys_section_rom;
90 static uint16_t phys_section_watch;
91
92 /* Simple allocator for PhysPageEntry nodes */
93 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
94 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
95
96 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
97
98 static void io_mem_init(void);
99 static void memory_map_init(void);
100 static void *qemu_safe_ram_ptr(ram_addr_t addr);
101
102 static MemoryRegion io_mem_watch;
103 #endif
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 static void phys_map_node_reserve(unsigned nodes)
108 {
109 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
110 typedef PhysPageEntry Node[L2_SIZE];
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
112 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
113 phys_map_nodes_nb + nodes);
114 phys_map_nodes = g_renew(Node, phys_map_nodes,
115 phys_map_nodes_nb_alloc);
116 }
117 }
118
119 static uint16_t phys_map_node_alloc(void)
120 {
121 unsigned i;
122 uint16_t ret;
123
124 ret = phys_map_nodes_nb++;
125 assert(ret != PHYS_MAP_NODE_NIL);
126 assert(ret != phys_map_nodes_nb_alloc);
127 for (i = 0; i < L2_SIZE; ++i) {
128 phys_map_nodes[ret][i].is_leaf = 0;
129 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
130 }
131 return ret;
132 }
133
134 static void phys_map_nodes_reset(void)
135 {
136 phys_map_nodes_nb = 0;
137 }
138
139
140 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
141 hwaddr *nb, uint16_t leaf,
142 int level)
143 {
144 PhysPageEntry *p;
145 int i;
146 hwaddr step = (hwaddr)1 << (level * L2_BITS);
147
148 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
149 lp->ptr = phys_map_node_alloc();
150 p = phys_map_nodes[lp->ptr];
151 if (level == 0) {
152 for (i = 0; i < L2_SIZE; i++) {
153 p[i].is_leaf = 1;
154 p[i].ptr = phys_section_unassigned;
155 }
156 }
157 } else {
158 p = phys_map_nodes[lp->ptr];
159 }
160 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
161
162 while (*nb && lp < &p[L2_SIZE]) {
163 if ((*index & (step - 1)) == 0 && *nb >= step) {
164 lp->is_leaf = true;
165 lp->ptr = leaf;
166 *index += step;
167 *nb -= step;
168 } else {
169 phys_page_set_level(lp, index, nb, leaf, level - 1);
170 }
171 ++lp;
172 }
173 }
174
175 static void phys_page_set(AddressSpaceDispatch *d,
176 hwaddr index, hwaddr nb,
177 uint16_t leaf)
178 {
179 /* Wildly overreserve - it doesn't matter much. */
180 phys_map_node_reserve(3 * P_L2_LEVELS);
181
182 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
183 }
184
185 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
186 {
187 PhysPageEntry lp = d->phys_map;
188 PhysPageEntry *p;
189 int i;
190 uint16_t s_index = phys_section_unassigned;
191
192 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
193 if (lp.ptr == PHYS_MAP_NODE_NIL) {
194 goto not_found;
195 }
196 p = phys_map_nodes[lp.ptr];
197 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
198 }
199
200 s_index = lp.ptr;
201 not_found:
202 return &phys_sections[s_index];
203 }
204
205 bool memory_region_is_unassigned(MemoryRegion *mr)
206 {
207 return mr != &io_mem_ram && mr != &io_mem_rom
208 && mr != &io_mem_notdirty && !mr->rom_device
209 && mr != &io_mem_watch;
210 }
211 #endif
212
213 void cpu_exec_init_all(void)
214 {
215 #if !defined(CONFIG_USER_ONLY)
216 qemu_mutex_init(&ram_list.mutex);
217 memory_map_init();
218 io_mem_init();
219 #endif
220 }
221
222 #if !defined(CONFIG_USER_ONLY)
223
224 static int cpu_common_post_load(void *opaque, int version_id)
225 {
226 CPUState *cpu = opaque;
227
228 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
229 version_id is increased. */
230 cpu->interrupt_request &= ~0x01;
231 tlb_flush(cpu->env_ptr, 1);
232
233 return 0;
234 }
235
236 static const VMStateDescription vmstate_cpu_common = {
237 .name = "cpu_common",
238 .version_id = 1,
239 .minimum_version_id = 1,
240 .minimum_version_id_old = 1,
241 .post_load = cpu_common_post_load,
242 .fields = (VMStateField []) {
243 VMSTATE_UINT32(halted, CPUState),
244 VMSTATE_UINT32(interrupt_request, CPUState),
245 VMSTATE_END_OF_LIST()
246 }
247 };
248 #else
249 #define vmstate_cpu_common vmstate_dummy
250 #endif
251
252 CPUState *qemu_get_cpu(int index)
253 {
254 CPUArchState *env = first_cpu;
255 CPUState *cpu = NULL;
256
257 while (env) {
258 cpu = ENV_GET_CPU(env);
259 if (cpu->cpu_index == index) {
260 break;
261 }
262 env = env->next_cpu;
263 }
264
265 return env ? cpu : NULL;
266 }
267
268 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
269 {
270 CPUArchState *env = first_cpu;
271
272 while (env) {
273 func(ENV_GET_CPU(env), data);
274 env = env->next_cpu;
275 }
276 }
277
278 void cpu_exec_init(CPUArchState *env)
279 {
280 CPUState *cpu = ENV_GET_CPU(env);
281 CPUClass *cc = CPU_GET_CLASS(cpu);
282 CPUArchState **penv;
283 int cpu_index;
284
285 #if defined(CONFIG_USER_ONLY)
286 cpu_list_lock();
287 #endif
288 env->next_cpu = NULL;
289 penv = &first_cpu;
290 cpu_index = 0;
291 while (*penv != NULL) {
292 penv = &(*penv)->next_cpu;
293 cpu_index++;
294 }
295 cpu->cpu_index = cpu_index;
296 cpu->numa_node = 0;
297 QTAILQ_INIT(&env->breakpoints);
298 QTAILQ_INIT(&env->watchpoints);
299 #ifndef CONFIG_USER_ONLY
300 cpu->thread_id = qemu_get_thread_id();
301 #endif
302 *penv = env;
303 #if defined(CONFIG_USER_ONLY)
304 cpu_list_unlock();
305 #endif
306 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
307 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
308 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
309 cpu_save, cpu_load, env);
310 assert(cc->vmsd == NULL);
311 #endif
312 if (cc->vmsd != NULL) {
313 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
314 }
315 }
316
317 #if defined(TARGET_HAS_ICE)
318 #if defined(CONFIG_USER_ONLY)
319 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
320 {
321 tb_invalidate_phys_page_range(pc, pc + 1, 0);
322 }
323 #else
324 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
325 {
326 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
327 (pc & ~TARGET_PAGE_MASK));
328 }
329 #endif
330 #endif /* TARGET_HAS_ICE */
331
332 #if defined(CONFIG_USER_ONLY)
333 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
334
335 {
336 }
337
338 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
339 int flags, CPUWatchpoint **watchpoint)
340 {
341 return -ENOSYS;
342 }
343 #else
344 /* Add a watchpoint. */
345 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
346 int flags, CPUWatchpoint **watchpoint)
347 {
348 target_ulong len_mask = ~(len - 1);
349 CPUWatchpoint *wp;
350
351 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
352 if ((len & (len - 1)) || (addr & ~len_mask) ||
353 len == 0 || len > TARGET_PAGE_SIZE) {
354 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
355 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
356 return -EINVAL;
357 }
358 wp = g_malloc(sizeof(*wp));
359
360 wp->vaddr = addr;
361 wp->len_mask = len_mask;
362 wp->flags = flags;
363
364 /* keep all GDB-injected watchpoints in front */
365 if (flags & BP_GDB)
366 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
367 else
368 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
369
370 tlb_flush_page(env, addr);
371
372 if (watchpoint)
373 *watchpoint = wp;
374 return 0;
375 }
376
377 /* Remove a specific watchpoint. */
378 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
379 int flags)
380 {
381 target_ulong len_mask = ~(len - 1);
382 CPUWatchpoint *wp;
383
384 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
385 if (addr == wp->vaddr && len_mask == wp->len_mask
386 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
387 cpu_watchpoint_remove_by_ref(env, wp);
388 return 0;
389 }
390 }
391 return -ENOENT;
392 }
393
394 /* Remove a specific watchpoint by reference. */
395 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
396 {
397 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
398
399 tlb_flush_page(env, watchpoint->vaddr);
400
401 g_free(watchpoint);
402 }
403
404 /* Remove all matching watchpoints. */
405 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
406 {
407 CPUWatchpoint *wp, *next;
408
409 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
410 if (wp->flags & mask)
411 cpu_watchpoint_remove_by_ref(env, wp);
412 }
413 }
414 #endif
415
416 /* Add a breakpoint. */
417 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
418 CPUBreakpoint **breakpoint)
419 {
420 #if defined(TARGET_HAS_ICE)
421 CPUBreakpoint *bp;
422
423 bp = g_malloc(sizeof(*bp));
424
425 bp->pc = pc;
426 bp->flags = flags;
427
428 /* keep all GDB-injected breakpoints in front */
429 if (flags & BP_GDB)
430 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
431 else
432 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
433
434 breakpoint_invalidate(env, pc);
435
436 if (breakpoint)
437 *breakpoint = bp;
438 return 0;
439 #else
440 return -ENOSYS;
441 #endif
442 }
443
444 /* Remove a specific breakpoint. */
445 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
446 {
447 #if defined(TARGET_HAS_ICE)
448 CPUBreakpoint *bp;
449
450 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
451 if (bp->pc == pc && bp->flags == flags) {
452 cpu_breakpoint_remove_by_ref(env, bp);
453 return 0;
454 }
455 }
456 return -ENOENT;
457 #else
458 return -ENOSYS;
459 #endif
460 }
461
462 /* Remove a specific breakpoint by reference. */
463 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
464 {
465 #if defined(TARGET_HAS_ICE)
466 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
467
468 breakpoint_invalidate(env, breakpoint->pc);
469
470 g_free(breakpoint);
471 #endif
472 }
473
474 /* Remove all matching breakpoints. */
475 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
476 {
477 #if defined(TARGET_HAS_ICE)
478 CPUBreakpoint *bp, *next;
479
480 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
481 if (bp->flags & mask)
482 cpu_breakpoint_remove_by_ref(env, bp);
483 }
484 #endif
485 }
486
487 /* enable or disable single step mode. EXCP_DEBUG is returned by the
488 CPU loop after each instruction */
489 void cpu_single_step(CPUArchState *env, int enabled)
490 {
491 #if defined(TARGET_HAS_ICE)
492 if (env->singlestep_enabled != enabled) {
493 env->singlestep_enabled = enabled;
494 if (kvm_enabled())
495 kvm_update_guest_debug(env, 0);
496 else {
497 /* must flush all the translated code to avoid inconsistencies */
498 /* XXX: only flush what is necessary */
499 tb_flush(env);
500 }
501 }
502 #endif
503 }
504
505 void cpu_exit(CPUArchState *env)
506 {
507 CPUState *cpu = ENV_GET_CPU(env);
508
509 cpu->exit_request = 1;
510 cpu->tcg_exit_req = 1;
511 }
512
513 void cpu_abort(CPUArchState *env, const char *fmt, ...)
514 {
515 va_list ap;
516 va_list ap2;
517
518 va_start(ap, fmt);
519 va_copy(ap2, ap);
520 fprintf(stderr, "qemu: fatal: ");
521 vfprintf(stderr, fmt, ap);
522 fprintf(stderr, "\n");
523 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
524 if (qemu_log_enabled()) {
525 qemu_log("qemu: fatal: ");
526 qemu_log_vprintf(fmt, ap2);
527 qemu_log("\n");
528 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
529 qemu_log_flush();
530 qemu_log_close();
531 }
532 va_end(ap2);
533 va_end(ap);
534 #if defined(CONFIG_USER_ONLY)
535 {
536 struct sigaction act;
537 sigfillset(&act.sa_mask);
538 act.sa_handler = SIG_DFL;
539 sigaction(SIGABRT, &act, NULL);
540 }
541 #endif
542 abort();
543 }
544
545 CPUArchState *cpu_copy(CPUArchState *env)
546 {
547 CPUArchState *new_env = cpu_init(env->cpu_model_str);
548 CPUArchState *next_cpu = new_env->next_cpu;
549 #if defined(TARGET_HAS_ICE)
550 CPUBreakpoint *bp;
551 CPUWatchpoint *wp;
552 #endif
553
554 memcpy(new_env, env, sizeof(CPUArchState));
555
556 /* Preserve chaining. */
557 new_env->next_cpu = next_cpu;
558
559 /* Clone all break/watchpoints.
560 Note: Once we support ptrace with hw-debug register access, make sure
561 BP_CPU break/watchpoints are handled correctly on clone. */
562 QTAILQ_INIT(&env->breakpoints);
563 QTAILQ_INIT(&env->watchpoints);
564 #if defined(TARGET_HAS_ICE)
565 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
566 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
567 }
568 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
569 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
570 wp->flags, NULL);
571 }
572 #endif
573
574 return new_env;
575 }
576
577 #if !defined(CONFIG_USER_ONLY)
578 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
579 uintptr_t length)
580 {
581 uintptr_t start1;
582
583 /* we modify the TLB cache so that the dirty bit will be set again
584 when accessing the range */
585 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
586 /* Check that we don't span multiple blocks - this breaks the
587 address comparisons below. */
588 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
589 != (end - 1) - start) {
590 abort();
591 }
592 cpu_tlb_reset_dirty_all(start1, length);
593
594 }
595
596 /* Note: start and end must be within the same ram block. */
597 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
598 int dirty_flags)
599 {
600 uintptr_t length;
601
602 start &= TARGET_PAGE_MASK;
603 end = TARGET_PAGE_ALIGN(end);
604
605 length = end - start;
606 if (length == 0)
607 return;
608 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
609
610 if (tcg_enabled()) {
611 tlb_reset_dirty_range_all(start, end, length);
612 }
613 }
614
615 static int cpu_physical_memory_set_dirty_tracking(int enable)
616 {
617 int ret = 0;
618 in_migration = enable;
619 return ret;
620 }
621
622 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
623 MemoryRegionSection *section,
624 target_ulong vaddr,
625 hwaddr paddr,
626 int prot,
627 target_ulong *address)
628 {
629 hwaddr iotlb;
630 CPUWatchpoint *wp;
631
632 if (memory_region_is_ram(section->mr)) {
633 /* Normal RAM. */
634 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
635 + memory_region_section_addr(section, paddr);
636 if (!section->readonly) {
637 iotlb |= phys_section_notdirty;
638 } else {
639 iotlb |= phys_section_rom;
640 }
641 } else {
642 /* IO handlers are currently passed a physical address.
643 It would be nice to pass an offset from the base address
644 of that region. This would avoid having to special case RAM,
645 and avoid full address decoding in every device.
646 We can't use the high bits of pd for this because
647 IO_MEM_ROMD uses these as a ram address. */
648 iotlb = section - phys_sections;
649 iotlb += memory_region_section_addr(section, paddr);
650 }
651
652 /* Make accesses to pages with watchpoints go via the
653 watchpoint trap routines. */
654 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
655 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
656 /* Avoid trapping reads of pages with a write breakpoint. */
657 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
658 iotlb = phys_section_watch + paddr;
659 *address |= TLB_MMIO;
660 break;
661 }
662 }
663 }
664
665 return iotlb;
666 }
667 #endif /* defined(CONFIG_USER_ONLY) */
668
669 #if !defined(CONFIG_USER_ONLY)
670
671 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
672 typedef struct subpage_t {
673 MemoryRegion iomem;
674 hwaddr base;
675 uint16_t sub_section[TARGET_PAGE_SIZE];
676 } subpage_t;
677
678 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
679 uint16_t section);
680 static subpage_t *subpage_init(hwaddr base);
681 static void destroy_page_desc(uint16_t section_index)
682 {
683 MemoryRegionSection *section = &phys_sections[section_index];
684 MemoryRegion *mr = section->mr;
685
686 if (mr->subpage) {
687 subpage_t *subpage = container_of(mr, subpage_t, iomem);
688 memory_region_destroy(&subpage->iomem);
689 g_free(subpage);
690 }
691 }
692
693 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
694 {
695 unsigned i;
696 PhysPageEntry *p;
697
698 if (lp->ptr == PHYS_MAP_NODE_NIL) {
699 return;
700 }
701
702 p = phys_map_nodes[lp->ptr];
703 for (i = 0; i < L2_SIZE; ++i) {
704 if (!p[i].is_leaf) {
705 destroy_l2_mapping(&p[i], level - 1);
706 } else {
707 destroy_page_desc(p[i].ptr);
708 }
709 }
710 lp->is_leaf = 0;
711 lp->ptr = PHYS_MAP_NODE_NIL;
712 }
713
714 static void destroy_all_mappings(AddressSpaceDispatch *d)
715 {
716 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
717 phys_map_nodes_reset();
718 }
719
720 static uint16_t phys_section_add(MemoryRegionSection *section)
721 {
722 if (phys_sections_nb == phys_sections_nb_alloc) {
723 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
724 phys_sections = g_renew(MemoryRegionSection, phys_sections,
725 phys_sections_nb_alloc);
726 }
727 phys_sections[phys_sections_nb] = *section;
728 return phys_sections_nb++;
729 }
730
731 static void phys_sections_clear(void)
732 {
733 phys_sections_nb = 0;
734 }
735
736 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
737 {
738 subpage_t *subpage;
739 hwaddr base = section->offset_within_address_space
740 & TARGET_PAGE_MASK;
741 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
742 MemoryRegionSection subsection = {
743 .offset_within_address_space = base,
744 .size = TARGET_PAGE_SIZE,
745 };
746 hwaddr start, end;
747
748 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
749
750 if (!(existing->mr->subpage)) {
751 subpage = subpage_init(base);
752 subsection.mr = &subpage->iomem;
753 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
754 phys_section_add(&subsection));
755 } else {
756 subpage = container_of(existing->mr, subpage_t, iomem);
757 }
758 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
759 end = start + section->size - 1;
760 subpage_register(subpage, start, end, phys_section_add(section));
761 }
762
763
764 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
765 {
766 hwaddr start_addr = section->offset_within_address_space;
767 ram_addr_t size = section->size;
768 hwaddr addr;
769 uint16_t section_index = phys_section_add(section);
770
771 assert(size);
772
773 addr = start_addr;
774 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
775 section_index);
776 }
777
778 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
779 {
780 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
781 MemoryRegionSection now = *section, remain = *section;
782
783 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
784 || (now.size < TARGET_PAGE_SIZE)) {
785 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
786 - now.offset_within_address_space,
787 now.size);
788 register_subpage(d, &now);
789 remain.size -= now.size;
790 remain.offset_within_address_space += now.size;
791 remain.offset_within_region += now.size;
792 }
793 while (remain.size >= TARGET_PAGE_SIZE) {
794 now = remain;
795 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
796 now.size = TARGET_PAGE_SIZE;
797 register_subpage(d, &now);
798 } else {
799 now.size &= TARGET_PAGE_MASK;
800 register_multipage(d, &now);
801 }
802 remain.size -= now.size;
803 remain.offset_within_address_space += now.size;
804 remain.offset_within_region += now.size;
805 }
806 now = remain;
807 if (now.size) {
808 register_subpage(d, &now);
809 }
810 }
811
812 void qemu_flush_coalesced_mmio_buffer(void)
813 {
814 if (kvm_enabled())
815 kvm_flush_coalesced_mmio_buffer();
816 }
817
818 void qemu_mutex_lock_ramlist(void)
819 {
820 qemu_mutex_lock(&ram_list.mutex);
821 }
822
823 void qemu_mutex_unlock_ramlist(void)
824 {
825 qemu_mutex_unlock(&ram_list.mutex);
826 }
827
828 #if defined(__linux__) && !defined(TARGET_S390X)
829
830 #include <sys/vfs.h>
831
832 #define HUGETLBFS_MAGIC 0x958458f6
833
834 static long gethugepagesize(const char *path)
835 {
836 struct statfs fs;
837 int ret;
838
839 do {
840 ret = statfs(path, &fs);
841 } while (ret != 0 && errno == EINTR);
842
843 if (ret != 0) {
844 perror(path);
845 return 0;
846 }
847
848 if (fs.f_type != HUGETLBFS_MAGIC)
849 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
850
851 return fs.f_bsize;
852 }
853
854 static void *file_ram_alloc(RAMBlock *block,
855 ram_addr_t memory,
856 const char *path)
857 {
858 char *filename;
859 char *sanitized_name;
860 char *c;
861 void *area;
862 int fd;
863 #ifdef MAP_POPULATE
864 int flags;
865 #endif
866 unsigned long hpagesize;
867
868 hpagesize = gethugepagesize(path);
869 if (!hpagesize) {
870 return NULL;
871 }
872
873 if (memory < hpagesize) {
874 return NULL;
875 }
876
877 if (kvm_enabled() && !kvm_has_sync_mmu()) {
878 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
879 return NULL;
880 }
881
882 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
883 sanitized_name = g_strdup(block->mr->name);
884 for (c = sanitized_name; *c != '\0'; c++) {
885 if (*c == '/')
886 *c = '_';
887 }
888
889 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
890 sanitized_name);
891 g_free(sanitized_name);
892
893 fd = mkstemp(filename);
894 if (fd < 0) {
895 perror("unable to create backing store for hugepages");
896 g_free(filename);
897 return NULL;
898 }
899 unlink(filename);
900 g_free(filename);
901
902 memory = (memory+hpagesize-1) & ~(hpagesize-1);
903
904 /*
905 * ftruncate is not supported by hugetlbfs in older
906 * hosts, so don't bother bailing out on errors.
907 * If anything goes wrong with it under other filesystems,
908 * mmap will fail.
909 */
910 if (ftruncate(fd, memory))
911 perror("ftruncate");
912
913 #ifdef MAP_POPULATE
914 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
915 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
916 * to sidestep this quirk.
917 */
918 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
919 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
920 #else
921 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
922 #endif
923 if (area == MAP_FAILED) {
924 perror("file_ram_alloc: can't mmap RAM pages");
925 close(fd);
926 return (NULL);
927 }
928 block->fd = fd;
929 return area;
930 }
931 #endif
932
933 static ram_addr_t find_ram_offset(ram_addr_t size)
934 {
935 RAMBlock *block, *next_block;
936 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
937
938 assert(size != 0); /* it would hand out same offset multiple times */
939
940 if (QTAILQ_EMPTY(&ram_list.blocks))
941 return 0;
942
943 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
944 ram_addr_t end, next = RAM_ADDR_MAX;
945
946 end = block->offset + block->length;
947
948 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
949 if (next_block->offset >= end) {
950 next = MIN(next, next_block->offset);
951 }
952 }
953 if (next - end >= size && next - end < mingap) {
954 offset = end;
955 mingap = next - end;
956 }
957 }
958
959 if (offset == RAM_ADDR_MAX) {
960 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
961 (uint64_t)size);
962 abort();
963 }
964
965 return offset;
966 }
967
968 ram_addr_t last_ram_offset(void)
969 {
970 RAMBlock *block;
971 ram_addr_t last = 0;
972
973 QTAILQ_FOREACH(block, &ram_list.blocks, next)
974 last = MAX(last, block->offset + block->length);
975
976 return last;
977 }
978
979 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
980 {
981 int ret;
982 QemuOpts *machine_opts;
983
984 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
985 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
986 if (machine_opts &&
987 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
988 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
989 if (ret) {
990 perror("qemu_madvise");
991 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
992 "but dump_guest_core=off specified\n");
993 }
994 }
995 }
996
997 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
998 {
999 RAMBlock *new_block, *block;
1000
1001 new_block = NULL;
1002 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1003 if (block->offset == addr) {
1004 new_block = block;
1005 break;
1006 }
1007 }
1008 assert(new_block);
1009 assert(!new_block->idstr[0]);
1010
1011 if (dev) {
1012 char *id = qdev_get_dev_path(dev);
1013 if (id) {
1014 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1015 g_free(id);
1016 }
1017 }
1018 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1019
1020 /* This assumes the iothread lock is taken here too. */
1021 qemu_mutex_lock_ramlist();
1022 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1023 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1024 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1025 new_block->idstr);
1026 abort();
1027 }
1028 }
1029 qemu_mutex_unlock_ramlist();
1030 }
1031
1032 static int memory_try_enable_merging(void *addr, size_t len)
1033 {
1034 QemuOpts *opts;
1035
1036 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1037 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1038 /* disabled by the user */
1039 return 0;
1040 }
1041
1042 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1043 }
1044
1045 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1046 MemoryRegion *mr)
1047 {
1048 RAMBlock *block, *new_block;
1049
1050 size = TARGET_PAGE_ALIGN(size);
1051 new_block = g_malloc0(sizeof(*new_block));
1052
1053 /* This assumes the iothread lock is taken here too. */
1054 qemu_mutex_lock_ramlist();
1055 new_block->mr = mr;
1056 new_block->offset = find_ram_offset(size);
1057 if (host) {
1058 new_block->host = host;
1059 new_block->flags |= RAM_PREALLOC_MASK;
1060 } else {
1061 if (mem_path) {
1062 #if defined (__linux__) && !defined(TARGET_S390X)
1063 new_block->host = file_ram_alloc(new_block, size, mem_path);
1064 if (!new_block->host) {
1065 new_block->host = qemu_anon_ram_alloc(size);
1066 memory_try_enable_merging(new_block->host, size);
1067 }
1068 #else
1069 fprintf(stderr, "-mem-path option unsupported\n");
1070 exit(1);
1071 #endif
1072 } else {
1073 if (xen_enabled()) {
1074 xen_ram_alloc(new_block->offset, size, mr);
1075 } else if (kvm_enabled()) {
1076 /* some s390/kvm configurations have special constraints */
1077 new_block->host = kvm_ram_alloc(size);
1078 } else {
1079 new_block->host = qemu_anon_ram_alloc(size);
1080 }
1081 memory_try_enable_merging(new_block->host, size);
1082 }
1083 }
1084 new_block->length = size;
1085
1086 /* Keep the list sorted from biggest to smallest block. */
1087 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1088 if (block->length < new_block->length) {
1089 break;
1090 }
1091 }
1092 if (block) {
1093 QTAILQ_INSERT_BEFORE(block, new_block, next);
1094 } else {
1095 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1096 }
1097 ram_list.mru_block = NULL;
1098
1099 ram_list.version++;
1100 qemu_mutex_unlock_ramlist();
1101
1102 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1103 last_ram_offset() >> TARGET_PAGE_BITS);
1104 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1105 0, size >> TARGET_PAGE_BITS);
1106 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1107
1108 qemu_ram_setup_dump(new_block->host, size);
1109 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1110
1111 if (kvm_enabled())
1112 kvm_setup_guest_memory(new_block->host, size);
1113
1114 return new_block->offset;
1115 }
1116
1117 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1118 {
1119 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1120 }
1121
1122 void qemu_ram_free_from_ptr(ram_addr_t addr)
1123 {
1124 RAMBlock *block;
1125
1126 /* This assumes the iothread lock is taken here too. */
1127 qemu_mutex_lock_ramlist();
1128 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1129 if (addr == block->offset) {
1130 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1131 ram_list.mru_block = NULL;
1132 ram_list.version++;
1133 g_free(block);
1134 break;
1135 }
1136 }
1137 qemu_mutex_unlock_ramlist();
1138 }
1139
1140 void qemu_ram_free(ram_addr_t addr)
1141 {
1142 RAMBlock *block;
1143
1144 /* This assumes the iothread lock is taken here too. */
1145 qemu_mutex_lock_ramlist();
1146 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1147 if (addr == block->offset) {
1148 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1149 ram_list.mru_block = NULL;
1150 ram_list.version++;
1151 if (block->flags & RAM_PREALLOC_MASK) {
1152 ;
1153 } else if (mem_path) {
1154 #if defined (__linux__) && !defined(TARGET_S390X)
1155 if (block->fd) {
1156 munmap(block->host, block->length);
1157 close(block->fd);
1158 } else {
1159 qemu_anon_ram_free(block->host, block->length);
1160 }
1161 #else
1162 abort();
1163 #endif
1164 } else {
1165 if (xen_enabled()) {
1166 xen_invalidate_map_cache_entry(block->host);
1167 } else {
1168 qemu_anon_ram_free(block->host, block->length);
1169 }
1170 }
1171 g_free(block);
1172 break;
1173 }
1174 }
1175 qemu_mutex_unlock_ramlist();
1176
1177 }
1178
1179 #ifndef _WIN32
1180 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1181 {
1182 RAMBlock *block;
1183 ram_addr_t offset;
1184 int flags;
1185 void *area, *vaddr;
1186
1187 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1188 offset = addr - block->offset;
1189 if (offset < block->length) {
1190 vaddr = block->host + offset;
1191 if (block->flags & RAM_PREALLOC_MASK) {
1192 ;
1193 } else {
1194 flags = MAP_FIXED;
1195 munmap(vaddr, length);
1196 if (mem_path) {
1197 #if defined(__linux__) && !defined(TARGET_S390X)
1198 if (block->fd) {
1199 #ifdef MAP_POPULATE
1200 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1201 MAP_PRIVATE;
1202 #else
1203 flags |= MAP_PRIVATE;
1204 #endif
1205 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1206 flags, block->fd, offset);
1207 } else {
1208 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1209 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1210 flags, -1, 0);
1211 }
1212 #else
1213 abort();
1214 #endif
1215 } else {
1216 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1217 flags |= MAP_SHARED | MAP_ANONYMOUS;
1218 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1219 flags, -1, 0);
1220 #else
1221 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1222 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1223 flags, -1, 0);
1224 #endif
1225 }
1226 if (area != vaddr) {
1227 fprintf(stderr, "Could not remap addr: "
1228 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1229 length, addr);
1230 exit(1);
1231 }
1232 memory_try_enable_merging(vaddr, length);
1233 qemu_ram_setup_dump(vaddr, length);
1234 }
1235 return;
1236 }
1237 }
1238 }
1239 #endif /* !_WIN32 */
1240
1241 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1242 With the exception of the softmmu code in this file, this should
1243 only be used for local memory (e.g. video ram) that the device owns,
1244 and knows it isn't going to access beyond the end of the block.
1245
1246 It should not be used for general purpose DMA.
1247 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1248 */
1249 void *qemu_get_ram_ptr(ram_addr_t addr)
1250 {
1251 RAMBlock *block;
1252
1253 /* The list is protected by the iothread lock here. */
1254 block = ram_list.mru_block;
1255 if (block && addr - block->offset < block->length) {
1256 goto found;
1257 }
1258 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1259 if (addr - block->offset < block->length) {
1260 goto found;
1261 }
1262 }
1263
1264 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1265 abort();
1266
1267 found:
1268 ram_list.mru_block = block;
1269 if (xen_enabled()) {
1270 /* We need to check if the requested address is in the RAM
1271 * because we don't want to map the entire memory in QEMU.
1272 * In that case just map until the end of the page.
1273 */
1274 if (block->offset == 0) {
1275 return xen_map_cache(addr, 0, 0);
1276 } else if (block->host == NULL) {
1277 block->host =
1278 xen_map_cache(block->offset, block->length, 1);
1279 }
1280 }
1281 return block->host + (addr - block->offset);
1282 }
1283
1284 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1285 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1286 *
1287 * ??? Is this still necessary?
1288 */
1289 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1290 {
1291 RAMBlock *block;
1292
1293 /* The list is protected by the iothread lock here. */
1294 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1295 if (addr - block->offset < block->length) {
1296 if (xen_enabled()) {
1297 /* We need to check if the requested address is in the RAM
1298 * because we don't want to map the entire memory in QEMU.
1299 * In that case just map until the end of the page.
1300 */
1301 if (block->offset == 0) {
1302 return xen_map_cache(addr, 0, 0);
1303 } else if (block->host == NULL) {
1304 block->host =
1305 xen_map_cache(block->offset, block->length, 1);
1306 }
1307 }
1308 return block->host + (addr - block->offset);
1309 }
1310 }
1311
1312 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1313 abort();
1314
1315 return NULL;
1316 }
1317
1318 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1319 * but takes a size argument */
1320 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1321 {
1322 if (*size == 0) {
1323 return NULL;
1324 }
1325 if (xen_enabled()) {
1326 return xen_map_cache(addr, *size, 1);
1327 } else {
1328 RAMBlock *block;
1329
1330 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1331 if (addr - block->offset < block->length) {
1332 if (addr - block->offset + *size > block->length)
1333 *size = block->length - addr + block->offset;
1334 return block->host + (addr - block->offset);
1335 }
1336 }
1337
1338 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1339 abort();
1340 }
1341 }
1342
1343 void qemu_put_ram_ptr(void *addr)
1344 {
1345 trace_qemu_put_ram_ptr(addr);
1346 }
1347
1348 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1349 {
1350 RAMBlock *block;
1351 uint8_t *host = ptr;
1352
1353 if (xen_enabled()) {
1354 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1355 return 0;
1356 }
1357
1358 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1359 /* This case append when the block is not mapped. */
1360 if (block->host == NULL) {
1361 continue;
1362 }
1363 if (host - block->host < block->length) {
1364 *ram_addr = block->offset + (host - block->host);
1365 return 0;
1366 }
1367 }
1368
1369 return -1;
1370 }
1371
1372 /* Some of the softmmu routines need to translate from a host pointer
1373 (typically a TLB entry) back to a ram offset. */
1374 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1375 {
1376 ram_addr_t ram_addr;
1377
1378 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1379 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1380 abort();
1381 }
1382 return ram_addr;
1383 }
1384
1385 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1386 unsigned size)
1387 {
1388 #ifdef DEBUG_UNASSIGNED
1389 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1390 #endif
1391 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1392 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1393 #endif
1394 return 0;
1395 }
1396
1397 static void unassigned_mem_write(void *opaque, hwaddr addr,
1398 uint64_t val, unsigned size)
1399 {
1400 #ifdef DEBUG_UNASSIGNED
1401 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1402 #endif
1403 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1404 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1405 #endif
1406 }
1407
1408 static const MemoryRegionOps unassigned_mem_ops = {
1409 .read = unassigned_mem_read,
1410 .write = unassigned_mem_write,
1411 .endianness = DEVICE_NATIVE_ENDIAN,
1412 };
1413
1414 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1415 unsigned size)
1416 {
1417 abort();
1418 }
1419
1420 static void error_mem_write(void *opaque, hwaddr addr,
1421 uint64_t value, unsigned size)
1422 {
1423 abort();
1424 }
1425
1426 static const MemoryRegionOps error_mem_ops = {
1427 .read = error_mem_read,
1428 .write = error_mem_write,
1429 .endianness = DEVICE_NATIVE_ENDIAN,
1430 };
1431
1432 static const MemoryRegionOps rom_mem_ops = {
1433 .read = error_mem_read,
1434 .write = unassigned_mem_write,
1435 .endianness = DEVICE_NATIVE_ENDIAN,
1436 };
1437
1438 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1439 uint64_t val, unsigned size)
1440 {
1441 int dirty_flags;
1442 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1443 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1444 #if !defined(CONFIG_USER_ONLY)
1445 tb_invalidate_phys_page_fast(ram_addr, size);
1446 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1447 #endif
1448 }
1449 switch (size) {
1450 case 1:
1451 stb_p(qemu_get_ram_ptr(ram_addr), val);
1452 break;
1453 case 2:
1454 stw_p(qemu_get_ram_ptr(ram_addr), val);
1455 break;
1456 case 4:
1457 stl_p(qemu_get_ram_ptr(ram_addr), val);
1458 break;
1459 default:
1460 abort();
1461 }
1462 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1463 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1464 /* we remove the notdirty callback only if the code has been
1465 flushed */
1466 if (dirty_flags == 0xff)
1467 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1468 }
1469
1470 static const MemoryRegionOps notdirty_mem_ops = {
1471 .read = error_mem_read,
1472 .write = notdirty_mem_write,
1473 .endianness = DEVICE_NATIVE_ENDIAN,
1474 };
1475
1476 /* Generate a debug exception if a watchpoint has been hit. */
1477 static void check_watchpoint(int offset, int len_mask, int flags)
1478 {
1479 CPUArchState *env = cpu_single_env;
1480 target_ulong pc, cs_base;
1481 target_ulong vaddr;
1482 CPUWatchpoint *wp;
1483 int cpu_flags;
1484
1485 if (env->watchpoint_hit) {
1486 /* We re-entered the check after replacing the TB. Now raise
1487 * the debug interrupt so that is will trigger after the
1488 * current instruction. */
1489 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1490 return;
1491 }
1492 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1493 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1494 if ((vaddr == (wp->vaddr & len_mask) ||
1495 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1496 wp->flags |= BP_WATCHPOINT_HIT;
1497 if (!env->watchpoint_hit) {
1498 env->watchpoint_hit = wp;
1499 tb_check_watchpoint(env);
1500 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1501 env->exception_index = EXCP_DEBUG;
1502 cpu_loop_exit(env);
1503 } else {
1504 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1505 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1506 cpu_resume_from_signal(env, NULL);
1507 }
1508 }
1509 } else {
1510 wp->flags &= ~BP_WATCHPOINT_HIT;
1511 }
1512 }
1513 }
1514
1515 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1516 so these check for a hit then pass through to the normal out-of-line
1517 phys routines. */
1518 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1519 unsigned size)
1520 {
1521 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1522 switch (size) {
1523 case 1: return ldub_phys(addr);
1524 case 2: return lduw_phys(addr);
1525 case 4: return ldl_phys(addr);
1526 default: abort();
1527 }
1528 }
1529
1530 static void watch_mem_write(void *opaque, hwaddr addr,
1531 uint64_t val, unsigned size)
1532 {
1533 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1534 switch (size) {
1535 case 1:
1536 stb_phys(addr, val);
1537 break;
1538 case 2:
1539 stw_phys(addr, val);
1540 break;
1541 case 4:
1542 stl_phys(addr, val);
1543 break;
1544 default: abort();
1545 }
1546 }
1547
1548 static const MemoryRegionOps watch_mem_ops = {
1549 .read = watch_mem_read,
1550 .write = watch_mem_write,
1551 .endianness = DEVICE_NATIVE_ENDIAN,
1552 };
1553
1554 static uint64_t subpage_read(void *opaque, hwaddr addr,
1555 unsigned len)
1556 {
1557 subpage_t *mmio = opaque;
1558 unsigned int idx = SUBPAGE_IDX(addr);
1559 MemoryRegionSection *section;
1560 #if defined(DEBUG_SUBPAGE)
1561 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1562 mmio, len, addr, idx);
1563 #endif
1564
1565 section = &phys_sections[mmio->sub_section[idx]];
1566 addr += mmio->base;
1567 addr -= section->offset_within_address_space;
1568 addr += section->offset_within_region;
1569 return io_mem_read(section->mr, addr, len);
1570 }
1571
1572 static void subpage_write(void *opaque, hwaddr addr,
1573 uint64_t value, unsigned len)
1574 {
1575 subpage_t *mmio = opaque;
1576 unsigned int idx = SUBPAGE_IDX(addr);
1577 MemoryRegionSection *section;
1578 #if defined(DEBUG_SUBPAGE)
1579 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1580 " idx %d value %"PRIx64"\n",
1581 __func__, mmio, len, addr, idx, value);
1582 #endif
1583
1584 section = &phys_sections[mmio->sub_section[idx]];
1585 addr += mmio->base;
1586 addr -= section->offset_within_address_space;
1587 addr += section->offset_within_region;
1588 io_mem_write(section->mr, addr, value, len);
1589 }
1590
1591 static const MemoryRegionOps subpage_ops = {
1592 .read = subpage_read,
1593 .write = subpage_write,
1594 .endianness = DEVICE_NATIVE_ENDIAN,
1595 };
1596
1597 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1598 unsigned size)
1599 {
1600 ram_addr_t raddr = addr;
1601 void *ptr = qemu_get_ram_ptr(raddr);
1602 switch (size) {
1603 case 1: return ldub_p(ptr);
1604 case 2: return lduw_p(ptr);
1605 case 4: return ldl_p(ptr);
1606 default: abort();
1607 }
1608 }
1609
1610 static void subpage_ram_write(void *opaque, hwaddr addr,
1611 uint64_t value, unsigned size)
1612 {
1613 ram_addr_t raddr = addr;
1614 void *ptr = qemu_get_ram_ptr(raddr);
1615 switch (size) {
1616 case 1: return stb_p(ptr, value);
1617 case 2: return stw_p(ptr, value);
1618 case 4: return stl_p(ptr, value);
1619 default: abort();
1620 }
1621 }
1622
1623 static const MemoryRegionOps subpage_ram_ops = {
1624 .read = subpage_ram_read,
1625 .write = subpage_ram_write,
1626 .endianness = DEVICE_NATIVE_ENDIAN,
1627 };
1628
1629 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1630 uint16_t section)
1631 {
1632 int idx, eidx;
1633
1634 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1635 return -1;
1636 idx = SUBPAGE_IDX(start);
1637 eidx = SUBPAGE_IDX(end);
1638 #if defined(DEBUG_SUBPAGE)
1639 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1640 mmio, start, end, idx, eidx, memory);
1641 #endif
1642 if (memory_region_is_ram(phys_sections[section].mr)) {
1643 MemoryRegionSection new_section = phys_sections[section];
1644 new_section.mr = &io_mem_subpage_ram;
1645 section = phys_section_add(&new_section);
1646 }
1647 for (; idx <= eidx; idx++) {
1648 mmio->sub_section[idx] = section;
1649 }
1650
1651 return 0;
1652 }
1653
1654 static subpage_t *subpage_init(hwaddr base)
1655 {
1656 subpage_t *mmio;
1657
1658 mmio = g_malloc0(sizeof(subpage_t));
1659
1660 mmio->base = base;
1661 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1662 "subpage", TARGET_PAGE_SIZE);
1663 mmio->iomem.subpage = true;
1664 #if defined(DEBUG_SUBPAGE)
1665 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1666 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1667 #endif
1668 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1669
1670 return mmio;
1671 }
1672
1673 static uint16_t dummy_section(MemoryRegion *mr)
1674 {
1675 MemoryRegionSection section = {
1676 .mr = mr,
1677 .offset_within_address_space = 0,
1678 .offset_within_region = 0,
1679 .size = UINT64_MAX,
1680 };
1681
1682 return phys_section_add(&section);
1683 }
1684
1685 MemoryRegion *iotlb_to_region(hwaddr index)
1686 {
1687 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1688 }
1689
1690 static void io_mem_init(void)
1691 {
1692 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
1693 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1694 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1695 "unassigned", UINT64_MAX);
1696 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1697 "notdirty", UINT64_MAX);
1698 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1699 "subpage-ram", UINT64_MAX);
1700 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1701 "watch", UINT64_MAX);
1702 }
1703
1704 static void mem_begin(MemoryListener *listener)
1705 {
1706 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1707
1708 destroy_all_mappings(d);
1709 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1710 }
1711
1712 static void core_begin(MemoryListener *listener)
1713 {
1714 phys_sections_clear();
1715 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1716 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1717 phys_section_rom = dummy_section(&io_mem_rom);
1718 phys_section_watch = dummy_section(&io_mem_watch);
1719 }
1720
1721 static void tcg_commit(MemoryListener *listener)
1722 {
1723 CPUArchState *env;
1724
1725 /* since each CPU stores ram addresses in its TLB cache, we must
1726 reset the modified entries */
1727 /* XXX: slow ! */
1728 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1729 tlb_flush(env, 1);
1730 }
1731 }
1732
1733 static void core_log_global_start(MemoryListener *listener)
1734 {
1735 cpu_physical_memory_set_dirty_tracking(1);
1736 }
1737
1738 static void core_log_global_stop(MemoryListener *listener)
1739 {
1740 cpu_physical_memory_set_dirty_tracking(0);
1741 }
1742
1743 static void io_region_add(MemoryListener *listener,
1744 MemoryRegionSection *section)
1745 {
1746 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1747
1748 mrio->mr = section->mr;
1749 mrio->offset = section->offset_within_region;
1750 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1751 section->offset_within_address_space, section->size);
1752 ioport_register(&mrio->iorange);
1753 }
1754
1755 static void io_region_del(MemoryListener *listener,
1756 MemoryRegionSection *section)
1757 {
1758 isa_unassign_ioport(section->offset_within_address_space, section->size);
1759 }
1760
1761 static MemoryListener core_memory_listener = {
1762 .begin = core_begin,
1763 .log_global_start = core_log_global_start,
1764 .log_global_stop = core_log_global_stop,
1765 .priority = 1,
1766 };
1767
1768 static MemoryListener io_memory_listener = {
1769 .region_add = io_region_add,
1770 .region_del = io_region_del,
1771 .priority = 0,
1772 };
1773
1774 static MemoryListener tcg_memory_listener = {
1775 .commit = tcg_commit,
1776 };
1777
1778 void address_space_init_dispatch(AddressSpace *as)
1779 {
1780 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1781
1782 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1783 d->listener = (MemoryListener) {
1784 .begin = mem_begin,
1785 .region_add = mem_add,
1786 .region_nop = mem_add,
1787 .priority = 0,
1788 };
1789 as->dispatch = d;
1790 memory_listener_register(&d->listener, as);
1791 }
1792
1793 void address_space_destroy_dispatch(AddressSpace *as)
1794 {
1795 AddressSpaceDispatch *d = as->dispatch;
1796
1797 memory_listener_unregister(&d->listener);
1798 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1799 g_free(d);
1800 as->dispatch = NULL;
1801 }
1802
1803 static void memory_map_init(void)
1804 {
1805 system_memory = g_malloc(sizeof(*system_memory));
1806 memory_region_init(system_memory, "system", INT64_MAX);
1807 address_space_init(&address_space_memory, system_memory);
1808 address_space_memory.name = "memory";
1809
1810 system_io = g_malloc(sizeof(*system_io));
1811 memory_region_init(system_io, "io", 65536);
1812 address_space_init(&address_space_io, system_io);
1813 address_space_io.name = "I/O";
1814
1815 memory_listener_register(&core_memory_listener, &address_space_memory);
1816 memory_listener_register(&io_memory_listener, &address_space_io);
1817 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1818
1819 dma_context_init(&dma_context_memory, &address_space_memory,
1820 NULL, NULL, NULL);
1821 }
1822
1823 MemoryRegion *get_system_memory(void)
1824 {
1825 return system_memory;
1826 }
1827
1828 MemoryRegion *get_system_io(void)
1829 {
1830 return system_io;
1831 }
1832
1833 #endif /* !defined(CONFIG_USER_ONLY) */
1834
1835 /* physical memory access (slow version, mainly for debug) */
1836 #if defined(CONFIG_USER_ONLY)
1837 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1838 uint8_t *buf, int len, int is_write)
1839 {
1840 int l, flags;
1841 target_ulong page;
1842 void * p;
1843
1844 while (len > 0) {
1845 page = addr & TARGET_PAGE_MASK;
1846 l = (page + TARGET_PAGE_SIZE) - addr;
1847 if (l > len)
1848 l = len;
1849 flags = page_get_flags(page);
1850 if (!(flags & PAGE_VALID))
1851 return -1;
1852 if (is_write) {
1853 if (!(flags & PAGE_WRITE))
1854 return -1;
1855 /* XXX: this code should not depend on lock_user */
1856 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1857 return -1;
1858 memcpy(p, buf, l);
1859 unlock_user(p, addr, l);
1860 } else {
1861 if (!(flags & PAGE_READ))
1862 return -1;
1863 /* XXX: this code should not depend on lock_user */
1864 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1865 return -1;
1866 memcpy(buf, p, l);
1867 unlock_user(p, addr, 0);
1868 }
1869 len -= l;
1870 buf += l;
1871 addr += l;
1872 }
1873 return 0;
1874 }
1875
1876 #else
1877
1878 static void invalidate_and_set_dirty(hwaddr addr,
1879 hwaddr length)
1880 {
1881 if (!cpu_physical_memory_is_dirty(addr)) {
1882 /* invalidate code */
1883 tb_invalidate_phys_page_range(addr, addr + length, 0);
1884 /* set dirty bit */
1885 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1886 }
1887 xen_modified_memory(addr, length);
1888 }
1889
1890 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1891 int len, bool is_write)
1892 {
1893 AddressSpaceDispatch *d = as->dispatch;
1894 int l;
1895 uint8_t *ptr;
1896 uint32_t val;
1897 hwaddr page;
1898 MemoryRegionSection *section;
1899
1900 while (len > 0) {
1901 page = addr & TARGET_PAGE_MASK;
1902 l = (page + TARGET_PAGE_SIZE) - addr;
1903 if (l > len)
1904 l = len;
1905 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1906
1907 if (is_write) {
1908 if (!memory_region_is_ram(section->mr)) {
1909 hwaddr addr1;
1910 addr1 = memory_region_section_addr(section, addr);
1911 /* XXX: could force cpu_single_env to NULL to avoid
1912 potential bugs */
1913 if (l >= 4 && ((addr1 & 3) == 0)) {
1914 /* 32 bit write access */
1915 val = ldl_p(buf);
1916 io_mem_write(section->mr, addr1, val, 4);
1917 l = 4;
1918 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1919 /* 16 bit write access */
1920 val = lduw_p(buf);
1921 io_mem_write(section->mr, addr1, val, 2);
1922 l = 2;
1923 } else {
1924 /* 8 bit write access */
1925 val = ldub_p(buf);
1926 io_mem_write(section->mr, addr1, val, 1);
1927 l = 1;
1928 }
1929 } else if (!section->readonly) {
1930 ram_addr_t addr1;
1931 addr1 = memory_region_get_ram_addr(section->mr)
1932 + memory_region_section_addr(section, addr);
1933 /* RAM case */
1934 ptr = qemu_get_ram_ptr(addr1);
1935 memcpy(ptr, buf, l);
1936 invalidate_and_set_dirty(addr1, l);
1937 qemu_put_ram_ptr(ptr);
1938 }
1939 } else {
1940 if (!(memory_region_is_ram(section->mr) ||
1941 memory_region_is_romd(section->mr))) {
1942 hwaddr addr1;
1943 /* I/O case */
1944 addr1 = memory_region_section_addr(section, addr);
1945 if (l >= 4 && ((addr1 & 3) == 0)) {
1946 /* 32 bit read access */
1947 val = io_mem_read(section->mr, addr1, 4);
1948 stl_p(buf, val);
1949 l = 4;
1950 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1951 /* 16 bit read access */
1952 val = io_mem_read(section->mr, addr1, 2);
1953 stw_p(buf, val);
1954 l = 2;
1955 } else {
1956 /* 8 bit read access */
1957 val = io_mem_read(section->mr, addr1, 1);
1958 stb_p(buf, val);
1959 l = 1;
1960 }
1961 } else {
1962 /* RAM case */
1963 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1964 + memory_region_section_addr(section,
1965 addr));
1966 memcpy(buf, ptr, l);
1967 qemu_put_ram_ptr(ptr);
1968 }
1969 }
1970 len -= l;
1971 buf += l;
1972 addr += l;
1973 }
1974 }
1975
1976 void address_space_write(AddressSpace *as, hwaddr addr,
1977 const uint8_t *buf, int len)
1978 {
1979 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1980 }
1981
1982 /**
1983 * address_space_read: read from an address space.
1984 *
1985 * @as: #AddressSpace to be accessed
1986 * @addr: address within that address space
1987 * @buf: buffer with the data transferred
1988 */
1989 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1990 {
1991 address_space_rw(as, addr, buf, len, false);
1992 }
1993
1994
1995 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1996 int len, int is_write)
1997 {
1998 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1999 }
2000
2001 /* used for ROM loading : can write in RAM and ROM */
2002 void cpu_physical_memory_write_rom(hwaddr addr,
2003 const uint8_t *buf, int len)
2004 {
2005 AddressSpaceDispatch *d = address_space_memory.dispatch;
2006 int l;
2007 uint8_t *ptr;
2008 hwaddr page;
2009 MemoryRegionSection *section;
2010
2011 while (len > 0) {
2012 page = addr & TARGET_PAGE_MASK;
2013 l = (page + TARGET_PAGE_SIZE) - addr;
2014 if (l > len)
2015 l = len;
2016 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2017
2018 if (!(memory_region_is_ram(section->mr) ||
2019 memory_region_is_romd(section->mr))) {
2020 /* do nothing */
2021 } else {
2022 unsigned long addr1;
2023 addr1 = memory_region_get_ram_addr(section->mr)
2024 + memory_region_section_addr(section, addr);
2025 /* ROM/RAM case */
2026 ptr = qemu_get_ram_ptr(addr1);
2027 memcpy(ptr, buf, l);
2028 invalidate_and_set_dirty(addr1, l);
2029 qemu_put_ram_ptr(ptr);
2030 }
2031 len -= l;
2032 buf += l;
2033 addr += l;
2034 }
2035 }
2036
2037 typedef struct {
2038 void *buffer;
2039 hwaddr addr;
2040 hwaddr len;
2041 } BounceBuffer;
2042
2043 static BounceBuffer bounce;
2044
2045 typedef struct MapClient {
2046 void *opaque;
2047 void (*callback)(void *opaque);
2048 QLIST_ENTRY(MapClient) link;
2049 } MapClient;
2050
2051 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2052 = QLIST_HEAD_INITIALIZER(map_client_list);
2053
2054 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2055 {
2056 MapClient *client = g_malloc(sizeof(*client));
2057
2058 client->opaque = opaque;
2059 client->callback = callback;
2060 QLIST_INSERT_HEAD(&map_client_list, client, link);
2061 return client;
2062 }
2063
2064 static void cpu_unregister_map_client(void *_client)
2065 {
2066 MapClient *client = (MapClient *)_client;
2067
2068 QLIST_REMOVE(client, link);
2069 g_free(client);
2070 }
2071
2072 static void cpu_notify_map_clients(void)
2073 {
2074 MapClient *client;
2075
2076 while (!QLIST_EMPTY(&map_client_list)) {
2077 client = QLIST_FIRST(&map_client_list);
2078 client->callback(client->opaque);
2079 cpu_unregister_map_client(client);
2080 }
2081 }
2082
2083 /* Map a physical memory region into a host virtual address.
2084 * May map a subset of the requested range, given by and returned in *plen.
2085 * May return NULL if resources needed to perform the mapping are exhausted.
2086 * Use only for reads OR writes - not for read-modify-write operations.
2087 * Use cpu_register_map_client() to know when retrying the map operation is
2088 * likely to succeed.
2089 */
2090 void *address_space_map(AddressSpace *as,
2091 hwaddr addr,
2092 hwaddr *plen,
2093 bool is_write)
2094 {
2095 AddressSpaceDispatch *d = as->dispatch;
2096 hwaddr len = *plen;
2097 hwaddr todo = 0;
2098 int l;
2099 hwaddr page;
2100 MemoryRegionSection *section;
2101 ram_addr_t raddr = RAM_ADDR_MAX;
2102 ram_addr_t rlen;
2103 void *ret;
2104
2105 while (len > 0) {
2106 page = addr & TARGET_PAGE_MASK;
2107 l = (page + TARGET_PAGE_SIZE) - addr;
2108 if (l > len)
2109 l = len;
2110 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2111
2112 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2113 if (todo || bounce.buffer) {
2114 break;
2115 }
2116 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2117 bounce.addr = addr;
2118 bounce.len = l;
2119 if (!is_write) {
2120 address_space_read(as, addr, bounce.buffer, l);
2121 }
2122
2123 *plen = l;
2124 return bounce.buffer;
2125 }
2126 if (!todo) {
2127 raddr = memory_region_get_ram_addr(section->mr)
2128 + memory_region_section_addr(section, addr);
2129 }
2130
2131 len -= l;
2132 addr += l;
2133 todo += l;
2134 }
2135 rlen = todo;
2136 ret = qemu_ram_ptr_length(raddr, &rlen);
2137 *plen = rlen;
2138 return ret;
2139 }
2140
2141 /* Unmaps a memory region previously mapped by address_space_map().
2142 * Will also mark the memory as dirty if is_write == 1. access_len gives
2143 * the amount of memory that was actually read or written by the caller.
2144 */
2145 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2146 int is_write, hwaddr access_len)
2147 {
2148 if (buffer != bounce.buffer) {
2149 if (is_write) {
2150 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2151 while (access_len) {
2152 unsigned l;
2153 l = TARGET_PAGE_SIZE;
2154 if (l > access_len)
2155 l = access_len;
2156 invalidate_and_set_dirty(addr1, l);
2157 addr1 += l;
2158 access_len -= l;
2159 }
2160 }
2161 if (xen_enabled()) {
2162 xen_invalidate_map_cache_entry(buffer);
2163 }
2164 return;
2165 }
2166 if (is_write) {
2167 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2168 }
2169 qemu_vfree(bounce.buffer);
2170 bounce.buffer = NULL;
2171 cpu_notify_map_clients();
2172 }
2173
2174 void *cpu_physical_memory_map(hwaddr addr,
2175 hwaddr *plen,
2176 int is_write)
2177 {
2178 return address_space_map(&address_space_memory, addr, plen, is_write);
2179 }
2180
2181 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2182 int is_write, hwaddr access_len)
2183 {
2184 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2185 }
2186
2187 /* warning: addr must be aligned */
2188 static inline uint32_t ldl_phys_internal(hwaddr addr,
2189 enum device_endian endian)
2190 {
2191 uint8_t *ptr;
2192 uint32_t val;
2193 MemoryRegionSection *section;
2194
2195 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2196
2197 if (!(memory_region_is_ram(section->mr) ||
2198 memory_region_is_romd(section->mr))) {
2199 /* I/O case */
2200 addr = memory_region_section_addr(section, addr);
2201 val = io_mem_read(section->mr, addr, 4);
2202 #if defined(TARGET_WORDS_BIGENDIAN)
2203 if (endian == DEVICE_LITTLE_ENDIAN) {
2204 val = bswap32(val);
2205 }
2206 #else
2207 if (endian == DEVICE_BIG_ENDIAN) {
2208 val = bswap32(val);
2209 }
2210 #endif
2211 } else {
2212 /* RAM case */
2213 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2214 & TARGET_PAGE_MASK)
2215 + memory_region_section_addr(section, addr));
2216 switch (endian) {
2217 case DEVICE_LITTLE_ENDIAN:
2218 val = ldl_le_p(ptr);
2219 break;
2220 case DEVICE_BIG_ENDIAN:
2221 val = ldl_be_p(ptr);
2222 break;
2223 default:
2224 val = ldl_p(ptr);
2225 break;
2226 }
2227 }
2228 return val;
2229 }
2230
2231 uint32_t ldl_phys(hwaddr addr)
2232 {
2233 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2234 }
2235
2236 uint32_t ldl_le_phys(hwaddr addr)
2237 {
2238 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2239 }
2240
2241 uint32_t ldl_be_phys(hwaddr addr)
2242 {
2243 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2244 }
2245
2246 /* warning: addr must be aligned */
2247 static inline uint64_t ldq_phys_internal(hwaddr addr,
2248 enum device_endian endian)
2249 {
2250 uint8_t *ptr;
2251 uint64_t val;
2252 MemoryRegionSection *section;
2253
2254 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2255
2256 if (!(memory_region_is_ram(section->mr) ||
2257 memory_region_is_romd(section->mr))) {
2258 /* I/O case */
2259 addr = memory_region_section_addr(section, addr);
2260
2261 /* XXX This is broken when device endian != cpu endian.
2262 Fix and add "endian" variable check */
2263 #ifdef TARGET_WORDS_BIGENDIAN
2264 val = io_mem_read(section->mr, addr, 4) << 32;
2265 val |= io_mem_read(section->mr, addr + 4, 4);
2266 #else
2267 val = io_mem_read(section->mr, addr, 4);
2268 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2269 #endif
2270 } else {
2271 /* RAM case */
2272 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2273 & TARGET_PAGE_MASK)
2274 + memory_region_section_addr(section, addr));
2275 switch (endian) {
2276 case DEVICE_LITTLE_ENDIAN:
2277 val = ldq_le_p(ptr);
2278 break;
2279 case DEVICE_BIG_ENDIAN:
2280 val = ldq_be_p(ptr);
2281 break;
2282 default:
2283 val = ldq_p(ptr);
2284 break;
2285 }
2286 }
2287 return val;
2288 }
2289
2290 uint64_t ldq_phys(hwaddr addr)
2291 {
2292 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2293 }
2294
2295 uint64_t ldq_le_phys(hwaddr addr)
2296 {
2297 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2298 }
2299
2300 uint64_t ldq_be_phys(hwaddr addr)
2301 {
2302 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2303 }
2304
2305 /* XXX: optimize */
2306 uint32_t ldub_phys(hwaddr addr)
2307 {
2308 uint8_t val;
2309 cpu_physical_memory_read(addr, &val, 1);
2310 return val;
2311 }
2312
2313 /* warning: addr must be aligned */
2314 static inline uint32_t lduw_phys_internal(hwaddr addr,
2315 enum device_endian endian)
2316 {
2317 uint8_t *ptr;
2318 uint64_t val;
2319 MemoryRegionSection *section;
2320
2321 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2322
2323 if (!(memory_region_is_ram(section->mr) ||
2324 memory_region_is_romd(section->mr))) {
2325 /* I/O case */
2326 addr = memory_region_section_addr(section, addr);
2327 val = io_mem_read(section->mr, addr, 2);
2328 #if defined(TARGET_WORDS_BIGENDIAN)
2329 if (endian == DEVICE_LITTLE_ENDIAN) {
2330 val = bswap16(val);
2331 }
2332 #else
2333 if (endian == DEVICE_BIG_ENDIAN) {
2334 val = bswap16(val);
2335 }
2336 #endif
2337 } else {
2338 /* RAM case */
2339 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2340 & TARGET_PAGE_MASK)
2341 + memory_region_section_addr(section, addr));
2342 switch (endian) {
2343 case DEVICE_LITTLE_ENDIAN:
2344 val = lduw_le_p(ptr);
2345 break;
2346 case DEVICE_BIG_ENDIAN:
2347 val = lduw_be_p(ptr);
2348 break;
2349 default:
2350 val = lduw_p(ptr);
2351 break;
2352 }
2353 }
2354 return val;
2355 }
2356
2357 uint32_t lduw_phys(hwaddr addr)
2358 {
2359 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2360 }
2361
2362 uint32_t lduw_le_phys(hwaddr addr)
2363 {
2364 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2365 }
2366
2367 uint32_t lduw_be_phys(hwaddr addr)
2368 {
2369 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2370 }
2371
2372 /* warning: addr must be aligned. The ram page is not masked as dirty
2373 and the code inside is not invalidated. It is useful if the dirty
2374 bits are used to track modified PTEs */
2375 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2376 {
2377 uint8_t *ptr;
2378 MemoryRegionSection *section;
2379
2380 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2381
2382 if (!memory_region_is_ram(section->mr) || section->readonly) {
2383 addr = memory_region_section_addr(section, addr);
2384 if (memory_region_is_ram(section->mr)) {
2385 section = &phys_sections[phys_section_rom];
2386 }
2387 io_mem_write(section->mr, addr, val, 4);
2388 } else {
2389 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2390 & TARGET_PAGE_MASK)
2391 + memory_region_section_addr(section, addr);
2392 ptr = qemu_get_ram_ptr(addr1);
2393 stl_p(ptr, val);
2394
2395 if (unlikely(in_migration)) {
2396 if (!cpu_physical_memory_is_dirty(addr1)) {
2397 /* invalidate code */
2398 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2399 /* set dirty bit */
2400 cpu_physical_memory_set_dirty_flags(
2401 addr1, (0xff & ~CODE_DIRTY_FLAG));
2402 }
2403 }
2404 }
2405 }
2406
2407 void stq_phys_notdirty(hwaddr addr, uint64_t val)
2408 {
2409 uint8_t *ptr;
2410 MemoryRegionSection *section;
2411
2412 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2413
2414 if (!memory_region_is_ram(section->mr) || section->readonly) {
2415 addr = memory_region_section_addr(section, addr);
2416 if (memory_region_is_ram(section->mr)) {
2417 section = &phys_sections[phys_section_rom];
2418 }
2419 #ifdef TARGET_WORDS_BIGENDIAN
2420 io_mem_write(section->mr, addr, val >> 32, 4);
2421 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
2422 #else
2423 io_mem_write(section->mr, addr, (uint32_t)val, 4);
2424 io_mem_write(section->mr, addr + 4, val >> 32, 4);
2425 #endif
2426 } else {
2427 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2428 & TARGET_PAGE_MASK)
2429 + memory_region_section_addr(section, addr));
2430 stq_p(ptr, val);
2431 }
2432 }
2433
2434 /* warning: addr must be aligned */
2435 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2436 enum device_endian endian)
2437 {
2438 uint8_t *ptr;
2439 MemoryRegionSection *section;
2440
2441 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2442
2443 if (!memory_region_is_ram(section->mr) || section->readonly) {
2444 addr = memory_region_section_addr(section, addr);
2445 if (memory_region_is_ram(section->mr)) {
2446 section = &phys_sections[phys_section_rom];
2447 }
2448 #if defined(TARGET_WORDS_BIGENDIAN)
2449 if (endian == DEVICE_LITTLE_ENDIAN) {
2450 val = bswap32(val);
2451 }
2452 #else
2453 if (endian == DEVICE_BIG_ENDIAN) {
2454 val = bswap32(val);
2455 }
2456 #endif
2457 io_mem_write(section->mr, addr, val, 4);
2458 } else {
2459 unsigned long addr1;
2460 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2461 + memory_region_section_addr(section, addr);
2462 /* RAM case */
2463 ptr = qemu_get_ram_ptr(addr1);
2464 switch (endian) {
2465 case DEVICE_LITTLE_ENDIAN:
2466 stl_le_p(ptr, val);
2467 break;
2468 case DEVICE_BIG_ENDIAN:
2469 stl_be_p(ptr, val);
2470 break;
2471 default:
2472 stl_p(ptr, val);
2473 break;
2474 }
2475 invalidate_and_set_dirty(addr1, 4);
2476 }
2477 }
2478
2479 void stl_phys(hwaddr addr, uint32_t val)
2480 {
2481 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2482 }
2483
2484 void stl_le_phys(hwaddr addr, uint32_t val)
2485 {
2486 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2487 }
2488
2489 void stl_be_phys(hwaddr addr, uint32_t val)
2490 {
2491 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2492 }
2493
2494 /* XXX: optimize */
2495 void stb_phys(hwaddr addr, uint32_t val)
2496 {
2497 uint8_t v = val;
2498 cpu_physical_memory_write(addr, &v, 1);
2499 }
2500
2501 /* warning: addr must be aligned */
2502 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2503 enum device_endian endian)
2504 {
2505 uint8_t *ptr;
2506 MemoryRegionSection *section;
2507
2508 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2509
2510 if (!memory_region_is_ram(section->mr) || section->readonly) {
2511 addr = memory_region_section_addr(section, addr);
2512 if (memory_region_is_ram(section->mr)) {
2513 section = &phys_sections[phys_section_rom];
2514 }
2515 #if defined(TARGET_WORDS_BIGENDIAN)
2516 if (endian == DEVICE_LITTLE_ENDIAN) {
2517 val = bswap16(val);
2518 }
2519 #else
2520 if (endian == DEVICE_BIG_ENDIAN) {
2521 val = bswap16(val);
2522 }
2523 #endif
2524 io_mem_write(section->mr, addr, val, 2);
2525 } else {
2526 unsigned long addr1;
2527 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2528 + memory_region_section_addr(section, addr);
2529 /* RAM case */
2530 ptr = qemu_get_ram_ptr(addr1);
2531 switch (endian) {
2532 case DEVICE_LITTLE_ENDIAN:
2533 stw_le_p(ptr, val);
2534 break;
2535 case DEVICE_BIG_ENDIAN:
2536 stw_be_p(ptr, val);
2537 break;
2538 default:
2539 stw_p(ptr, val);
2540 break;
2541 }
2542 invalidate_and_set_dirty(addr1, 2);
2543 }
2544 }
2545
2546 void stw_phys(hwaddr addr, uint32_t val)
2547 {
2548 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2549 }
2550
2551 void stw_le_phys(hwaddr addr, uint32_t val)
2552 {
2553 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2554 }
2555
2556 void stw_be_phys(hwaddr addr, uint32_t val)
2557 {
2558 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2559 }
2560
2561 /* XXX: optimize */
2562 void stq_phys(hwaddr addr, uint64_t val)
2563 {
2564 val = tswap64(val);
2565 cpu_physical_memory_write(addr, &val, 8);
2566 }
2567
2568 void stq_le_phys(hwaddr addr, uint64_t val)
2569 {
2570 val = cpu_to_le64(val);
2571 cpu_physical_memory_write(addr, &val, 8);
2572 }
2573
2574 void stq_be_phys(hwaddr addr, uint64_t val)
2575 {
2576 val = cpu_to_be64(val);
2577 cpu_physical_memory_write(addr, &val, 8);
2578 }
2579
2580 /* virtual memory access for debug (includes writing to ROM) */
2581 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2582 uint8_t *buf, int len, int is_write)
2583 {
2584 int l;
2585 hwaddr phys_addr;
2586 target_ulong page;
2587
2588 while (len > 0) {
2589 page = addr & TARGET_PAGE_MASK;
2590 phys_addr = cpu_get_phys_page_debug(env, page);
2591 /* if no physical page mapped, return an error */
2592 if (phys_addr == -1)
2593 return -1;
2594 l = (page + TARGET_PAGE_SIZE) - addr;
2595 if (l > len)
2596 l = len;
2597 phys_addr += (addr & ~TARGET_PAGE_MASK);
2598 if (is_write)
2599 cpu_physical_memory_write_rom(phys_addr, buf, l);
2600 else
2601 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2602 len -= l;
2603 buf += l;
2604 addr += l;
2605 }
2606 return 0;
2607 }
2608 #endif
2609
2610 #if !defined(CONFIG_USER_ONLY)
2611
2612 /*
2613 * A helper function for the _utterly broken_ virtio device model to find out if
2614 * it's running on a big endian machine. Don't do this at home kids!
2615 */
2616 bool virtio_is_big_endian(void);
2617 bool virtio_is_big_endian(void)
2618 {
2619 #if defined(TARGET_WORDS_BIGENDIAN)
2620 return true;
2621 #else
2622 return false;
2623 #endif
2624 }
2625
2626 #endif
2627
2628 #ifndef CONFIG_USER_ONLY
2629 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2630 {
2631 MemoryRegionSection *section;
2632
2633 section = phys_page_find(address_space_memory.dispatch,
2634 phys_addr >> TARGET_PAGE_BITS);
2635
2636 return !(memory_region_is_ram(section->mr) ||
2637 memory_region_is_romd(section->mr));
2638 }
2639 #endif
Qemu copy for testing