]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target-mips: replace cpu_save/cpu_load with VMStateDescription
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
cc9e98cb 29#include "hw/qdev.h"
1de7afc9 30#include "qemu/osdep.h"
9c17d615 31#include "sysemu/kvm.h"
2ff3de68 32#include "sysemu/sysemu.h"
0d09e41a 33#include "hw/xen/xen.h"
1de7afc9
PB		 34#include "qemu/timer.h"
35#include "qemu/config-file.h"
75a34036 36#include "qemu/error-report.h"
022c62cb 37#include "exec/memory.h"
9c17d615 38#include "sysemu/dma.h"
022c62cb 39#include "exec/address-spaces.h"
53a5960a
PB		 40#if defined(CONFIG_USER_ONLY)
41#include <qemu.h>
432d268c 42#else /* !CONFIG_USER_ONLY */
9c17d615 43#include "sysemu/xen-mapcache.h"
6506e4f9 44#include "trace.h"
53a5960a 45#endif
0d6d3c87 46#include "exec/cpu-all.h"
0dc3f44a 47#include "qemu/rcu_queue.h"
022c62cb 48#include "exec/cputlb.h"
5b6dd868 49#include "translate-all.h"
0cac1b66 50
022c62cb 51#include "exec/memory-internal.h"
220c3ebd 52#include "exec/ram_addr.h"
67d95c15 53
b35ba30f
MT		 54#include "qemu/range.h"
55
db7b5426 56//#define DEBUG_SUBPAGE
1196be37 57
e2eef170 58#if !defined(CONFIG_USER_ONLY)
981fdf23 59static bool in_migration;
94a6b54f 60
0dc3f44a
MD		 61/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
62 * are protected by the ramlist lock.
63 */
0d53d9fe 64RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 65
66static MemoryRegion *system_memory;
309cb471 67static MemoryRegion *system_io;
62152b8a 68
f6790af6
AK		 69AddressSpace address_space_io;
70AddressSpace address_space_memory;
2673a5da 71
0844e007 72MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 73static MemoryRegion io_mem_unassigned;
0e0df1e2 74
7bd4f430
PB		 75/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
76#define RAM_PREALLOC (1 << 0)
77
dbcb8981
PB		 78/* RAM is mmap-ed with MAP_SHARED */
79#define RAM_SHARED (1 << 1)
80
62be4e3a
MT		 81/* Only a portion of RAM (used_length) is actually used, and migrated.
82 * This used_length size can change across reboots.
83 */
84#define RAM_RESIZEABLE (1 << 2)
85
e2eef170 86#endif
9fa3e853 87
bdc44640 88struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 89/* current CPU in the current thread. It is only valid inside
90 cpu_exec() */
4917cf44 91DEFINE_TLS(CPUState *, current_cpu);
2e70f6ef 92/* 0 = Do not count executed instructions.
bf20dc07 93 1 = Precise instruction counting.
2e70f6ef 94 2 = Adaptive rate instruction counting. */
5708fc66 95int use_icount;
6a00d601 96
e2eef170 97#if !defined(CONFIG_USER_ONLY)
4346ae3e 98
1db8abb1
PB		 99typedef struct PhysPageEntry PhysPageEntry;
100
101struct PhysPageEntry {
9736e55b 102 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 103 uint32_t skip : 6;
9736e55b 104 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 105 uint32_t ptr : 26;
1db8abb1
PB		 106};
107
8b795765
MT		 108#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
109
03f49957 110/* Size of the L2 (and L3, etc) page tables. */
57271d63 111#define ADDR_SPACE_BITS 64
03f49957 112
026736ce 113#define P_L2_BITS 9
03f49957
PB		 114#define P_L2_SIZE (1 << P_L2_BITS)
115
116#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
117
118typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 119
53cb28cb 120typedef struct PhysPageMap {
79e2b9ae
PB		 121 struct rcu_head rcu;
122
53cb28cb
MA		 123 unsigned sections_nb;
124 unsigned sections_nb_alloc;
125 unsigned nodes_nb;
126 unsigned nodes_nb_alloc;
127 Node *nodes;
128 MemoryRegionSection *sections;
129} PhysPageMap;
130
1db8abb1 131struct AddressSpaceDispatch {
79e2b9ae
PB		 132 struct rcu_head rcu;
133
1db8abb1
PB		 134 /* This is a multi-level map on the physical address space.
135 * The bottom level has pointers to MemoryRegionSections.
136 */
137 PhysPageEntry phys_map;
53cb28cb 138 PhysPageMap map;
acc9d80b 139 AddressSpace *as;
1db8abb1
PB		 140};
141
90260c6c
JK		 142#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
143typedef struct subpage_t {
144 MemoryRegion iomem;
acc9d80b 145 AddressSpace *as;
90260c6c
JK		 146 hwaddr base;
147 uint16_t sub_section[TARGET_PAGE_SIZE];
148} subpage_t;
149
b41aac4f
LPF		 150#define PHYS_SECTION_UNASSIGNED 0
151#define PHYS_SECTION_NOTDIRTY 1
152#define PHYS_SECTION_ROM 2
153#define PHYS_SECTION_WATCH 3
5312bd8b 154
e2eef170 155static void io_mem_init(void);
62152b8a 156static void memory_map_init(void);
09daed84 157static void tcg_commit(MemoryListener *listener);
e2eef170 158
1ec9b909 159static MemoryRegion io_mem_watch;
6658ffb8 160#endif
fd6ce8f6 161
6d9a1304 162#if !defined(CONFIG_USER_ONLY)
d6f2ea22 163
53cb28cb 164static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 165{
53cb28cb
MA		 166 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
167 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
169 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 170 }
f7bf5461
AK		 171}
172
53cb28cb 173static uint32_t phys_map_node_alloc(PhysPageMap *map)
f7bf5461
AK		 174{
175 unsigned i;
8b795765 176 uint32_t ret;
f7bf5461 177
53cb28cb 178 ret = map->nodes_nb++;
f7bf5461 179 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 180 assert(ret != map->nodes_nb_alloc);
03f49957 181 for (i = 0; i < P_L2_SIZE; ++i) {
53cb28cb
MA		 182 map->nodes[ret][i].skip = 1;
183 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 184 }
f7bf5461 185 return ret;
d6f2ea22
AK		 186}
187
53cb28cb
MA		 188static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
189 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 190 int level)
f7bf5461
AK		 191{
192 PhysPageEntry *p;
193 int i;
03f49957 194 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 195
9736e55b 196 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
53cb28cb
MA		 197 lp->ptr = phys_map_node_alloc(map);
198 p = map->nodes[lp->ptr];
f7bf5461 199 if (level == 0) {
03f49957 200 for (i = 0; i < P_L2_SIZE; i++) {
9736e55b 201 p[i].skip = 0;
b41aac4f 202 p[i].ptr = PHYS_SECTION_UNASSIGNED;
4346ae3e 203 }
67c4d23c 204 }
f7bf5461 205 } else {
53cb28cb 206 p = map->nodes[lp->ptr];
92e873b9 207 }
03f49957 208 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 209
03f49957 210 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 211 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 212 lp->skip = 0;
c19e8800 213 lp->ptr = leaf;
07f07b31
AK		 214 *index += step;
215 *nb -= step;
2999097b 216 } else {
53cb28cb 217 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 218 }
219 ++lp;
f7bf5461
AK		 220 }
221}
222
ac1970fb 223static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 224 hwaddr index, hwaddr nb,
2999097b 225 uint16_t leaf)
f7bf5461 226{
2999097b 227 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 228 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 229
53cb28cb 230 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 231}
232
b35ba30f
MT		 233/* Compact a non leaf page entry. Simply detect that the entry has a single child,
234 * and update our entry so we can skip it and go directly to the destination.
235 */
236static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
237{
238 unsigned valid_ptr = P_L2_SIZE;
239 int valid = 0;
240 PhysPageEntry *p;
241 int i;
242
243 if (lp->ptr == PHYS_MAP_NODE_NIL) {
244 return;
245 }
246
247 p = nodes[lp->ptr];
248 for (i = 0; i < P_L2_SIZE; i++) {
249 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
250 continue;
251 }
252
253 valid_ptr = i;
254 valid++;
255 if (p[i].skip) {
256 phys_page_compact(&p[i], nodes, compacted);
257 }
258 }
259
260 /* We can only compress if there's only one child. */
261 if (valid != 1) {
262 return;
263 }
264
265 assert(valid_ptr < P_L2_SIZE);
266
267 /* Don't compress if it won't fit in the # of bits we have. */
268 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
269 return;
270 }
271
272 lp->ptr = p[valid_ptr].ptr;
273 if (!p[valid_ptr].skip) {
274 /* If our only child is a leaf, make this a leaf. */
275 /* By design, we should have made this node a leaf to begin with so we
276 * should never reach here.
277 * But since it's so simple to handle this, let's do it just in case we
278 * change this rule.
279 */
280 lp->skip = 0;
281 } else {
282 lp->skip += p[valid_ptr].skip;
283 }
284}
285
286static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
287{
288 DECLARE_BITMAP(compacted, nodes_nb);
289
290 if (d->phys_map.skip) {
53cb28cb 291 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 292 }
293}
294
97115a8d 295static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 296 Node *nodes, MemoryRegionSection *sections)
92e873b9 297{
31ab2b4a 298 PhysPageEntry *p;
97115a8d 299 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 300 int i;
f1f6e3b8 301
9736e55b 302 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 303 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 304 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 305 }
9affd6fc 306 p = nodes[lp.ptr];
03f49957 307 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 308 }
b35ba30f
MT		 309
310 if (sections[lp.ptr].size.hi ||
311 range_covers_byte(sections[lp.ptr].offset_within_address_space,
312 sections[lp.ptr].size.lo, addr)) {
313 return &sections[lp.ptr];
314 } else {
315 return &sections[PHYS_SECTION_UNASSIGNED];
316 }
f3705d53
AK		 317}
318
e5548617
BS		 319bool memory_region_is_unassigned(MemoryRegion *mr)
320{
2a8e7499 321 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 322 && mr != &io_mem_watch;
fd6ce8f6 323}
149f54b5 324
79e2b9ae 325/* Called from RCU critical section */
c7086b4a 326static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 327 hwaddr addr,
328 bool resolve_subpage)
9f029603 329{
90260c6c
JK		 330 MemoryRegionSection *section;
331 subpage_t *subpage;
332
53cb28cb 333 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 334 if (resolve_subpage && section->mr->subpage) {
335 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 336 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 337 }
338 return section;
9f029603
JK		 339}
340
79e2b9ae 341/* Called from RCU critical section */
90260c6c 342static MemoryRegionSection *
c7086b4a 343address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 344 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 345{
346 MemoryRegionSection *section;
a87f3954 347 Int128 diff;
149f54b5 348
c7086b4a 349 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 350 /* Compute offset within MemoryRegionSection */
351 addr -= section->offset_within_address_space;
352
353 /* Compute offset within MemoryRegion */
354 *xlat = addr + section->offset_within_region;
355
356 diff = int128_sub(section->mr->size, int128_make64(addr));
3752a036 357 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
149f54b5
PB		 358 return section;
359}
90260c6c 360
a87f3954
PB		 361static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
362{
363 if (memory_region_is_ram(mr)) {
364 return !(is_write && mr->readonly);
365 }
366 if (memory_region_is_romd(mr)) {
367 return !is_write;
368 }
369
370 return false;
371}
372
5c8a00ce
PB		 373MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
374 hwaddr *xlat, hwaddr *plen,
375 bool is_write)
90260c6c 376{
30951157
AK		 377 IOMMUTLBEntry iotlb;
378 MemoryRegionSection *section;
379 MemoryRegion *mr;
380 hwaddr len = *plen;
381
79e2b9ae 382 rcu_read_lock();
30951157 383 for (;;) {
79e2b9ae
PB		 384 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
385 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 386 mr = section->mr;
387
388 if (!mr->iommu_ops) {
389 break;
390 }
391
8d7b8cb9 392 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 393 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
394 | (addr & iotlb.addr_mask));
395 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
396 if (!(iotlb.perm & (1 << is_write))) {
397 mr = &io_mem_unassigned;
398 break;
399 }
400
401 as = iotlb.target_as;
402 }
403
fe680d0d 404 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954
PB		 405 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
406 len = MIN(page, len);
407 }
408
30951157
AK		 409 *plen = len;
410 *xlat = addr;
79e2b9ae 411 rcu_read_unlock();
30951157 412 return mr;
90260c6c
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416MemoryRegionSection *
9d82b5a7
PB		 417address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen)
90260c6c 419{
30951157 420 MemoryRegionSection *section;
9d82b5a7
PB		 421 section = address_space_translate_internal(cpu->memory_dispatch,
422 addr, xlat, plen, false);
30951157
AK		 423
424 assert(!section->mr->iommu_ops);
425 return section;
90260c6c 426}
5b6dd868 427#endif
fd6ce8f6 428
5b6dd868 429void cpu_exec_init_all(void)
fdbb84d1 430{
5b6dd868 431#if !defined(CONFIG_USER_ONLY)
b2a8658e 432 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 433 memory_map_init();
434 io_mem_init();
fdbb84d1 435#endif
5b6dd868 436}
fdbb84d1 437
b170fce3 438#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 439
440static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 441{
259186a7 442 CPUState *cpu = opaque;
a513fe19 443
5b6dd868
BS		 444 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
445 version_id is increased. */
259186a7 446 cpu->interrupt_request &= ~0x01;
c01a71c1 447 tlb_flush(cpu, 1);
5b6dd868
BS		 448
449 return 0;
a513fe19 450}
7501267e 451
6c3bff0e
PD		 452static int cpu_common_pre_load(void *opaque)
453{
454 CPUState *cpu = opaque;
455
adee6424 456 cpu->exception_index = -1;
6c3bff0e
PD		 457
458 return 0;
459}
460
461static bool cpu_common_exception_index_needed(void *opaque)
462{
463 CPUState *cpu = opaque;
464
adee6424 465 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 466}
467
468static const VMStateDescription vmstate_cpu_common_exception_index = {
469 .name = "cpu_common/exception_index",
470 .version_id = 1,
471 .minimum_version_id = 1,
472 .fields = (VMStateField[]) {
473 VMSTATE_INT32(exception_index, CPUState),
474 VMSTATE_END_OF_LIST()
475 }
476};
477
1a1562f5 478const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 479 .name = "cpu_common",
480 .version_id = 1,
481 .minimum_version_id = 1,
6c3bff0e 482 .pre_load = cpu_common_pre_load,
5b6dd868 483 .post_load = cpu_common_post_load,
35d08458 484 .fields = (VMStateField[]) {
259186a7
AF		 485 VMSTATE_UINT32(halted, CPUState),
486 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 487 VMSTATE_END_OF_LIST()
6c3bff0e
PD		 488 },
489 .subsections = (VMStateSubsection[]) {
490 {
491 .vmsd = &vmstate_cpu_common_exception_index,
492 .needed = cpu_common_exception_index_needed,
493 } , {
494 /* empty */
495 }
5b6dd868
BS		 496 }
497};
1a1562f5 498
5b6dd868 499#endif
ea041c0e 500
38d8f5c8 501CPUState *qemu_get_cpu(int index)
ea041c0e 502{
bdc44640 503 CPUState *cpu;
ea041c0e 504
bdc44640 505 CPU_FOREACH(cpu) {
55e5c285 506 if (cpu->cpu_index == index) {
bdc44640 507 return cpu;
55e5c285 508 }
ea041c0e 509 }
5b6dd868 510
bdc44640 511 return NULL;
ea041c0e
FB		 512}
513
09daed84
EI		 514#if !defined(CONFIG_USER_ONLY)
515void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
516{
517 /* We only support one address space per cpu at the moment. */
518 assert(cpu->as == as);
519
520 if (cpu->tcg_as_listener) {
521 memory_listener_unregister(cpu->tcg_as_listener);
522 } else {
523 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
524 }
525 cpu->tcg_as_listener->commit = tcg_commit;
526 memory_listener_register(cpu->tcg_as_listener, as);
527}
528#endif
529
5b6dd868 530void cpu_exec_init(CPUArchState *env)
ea041c0e 531{
5b6dd868 532 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 533 CPUClass *cc = CPU_GET_CLASS(cpu);
bdc44640 534 CPUState *some_cpu;
5b6dd868
BS		 535 int cpu_index;
536
537#if defined(CONFIG_USER_ONLY)
538 cpu_list_lock();
539#endif
5b6dd868 540 cpu_index = 0;
bdc44640 541 CPU_FOREACH(some_cpu) {
5b6dd868
BS		 542 cpu_index++;
543 }
55e5c285 544 cpu->cpu_index = cpu_index;
1b1ed8dc 545 cpu->numa_node = 0;
f0c3c505 546 QTAILQ_INIT(&cpu->breakpoints);
ff4700b0 547 QTAILQ_INIT(&cpu->watchpoints);
5b6dd868 548#ifndef CONFIG_USER_ONLY
09daed84 549 cpu->as = &address_space_memory;
5b6dd868 550 cpu->thread_id = qemu_get_thread_id();
cba70549 551 cpu_reload_memory_map(cpu);
5b6dd868 552#endif
bdc44640 553 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 554#if defined(CONFIG_USER_ONLY)
555 cpu_list_unlock();
556#endif
e0d47944
AF		 557 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
558 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
559 }
5b6dd868 560#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 561 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
562 cpu_save, cpu_load, env);
b170fce3 563 assert(cc->vmsd == NULL);
e0d47944 564 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 565#endif
b170fce3
AF		 566 if (cc->vmsd != NULL) {
567 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
568 }
ea041c0e
FB		 569}
570
94df27fd 571#if defined(CONFIG_USER_ONLY)
00b941e5 572static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 573{
574 tb_invalidate_phys_page_range(pc, pc + 1, 0);
575}
576#else
00b941e5 577static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 578{
e8262a1b
MF		 579 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
580 if (phys != -1) {
09daed84 581 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 582 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 583 }
1e7855a5 584}
c27004ec 585#endif
d720b93d 586
c527ee8f 587#if defined(CONFIG_USER_ONLY)
75a34036 588void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 589
590{
591}
592
3ee887e8
PM		 593int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
594 int flags)
595{
596 return -ENOSYS;
597}
598
599void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
600{
601}
602
75a34036 603int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 604 int flags, CPUWatchpoint **watchpoint)
605{
606 return -ENOSYS;
607}
608#else
6658ffb8 609/* Add a watchpoint. */
75a34036 610int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 611 int flags, CPUWatchpoint **watchpoint)
6658ffb8 612{
c0ce998e 613 CPUWatchpoint *wp;
6658ffb8 614
05068c0d 615 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 616 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 617 error_report("tried to set invalid watchpoint at %"
618 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 619 return -EINVAL;
620 }
7267c094 621 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 622
623 wp->vaddr = addr;
05068c0d 624 wp->len = len;
a1d1bb31
AL		 625 wp->flags = flags;
626
2dc9f411 627 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 628 if (flags & BP_GDB) {
629 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
630 } else {
631 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
632 }
6658ffb8 633
31b030d4 634 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 635
636 if (watchpoint)
637 *watchpoint = wp;
638 return 0;
6658ffb8
PB		 639}
640
a1d1bb31 641/* Remove a specific watchpoint. */
75a34036 642int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 643 int flags)
6658ffb8 644{
a1d1bb31 645 CPUWatchpoint *wp;
6658ffb8 646
ff4700b0 647 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 648 if (addr == wp->vaddr && len == wp->len
6e140f28 649 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 650 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 651 return 0;
652 }
653 }
a1d1bb31 654 return -ENOENT;
6658ffb8
PB		 655}
656
a1d1bb31 657/* Remove a specific watchpoint by reference. */
75a34036 658void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 659{
ff4700b0 660 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 661
31b030d4 662 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 663
7267c094 664 g_free(watchpoint);
a1d1bb31
AL		 665}
666
667/* Remove all matching watchpoints. */
75a34036 668void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 669{
c0ce998e 670 CPUWatchpoint *wp, *next;
a1d1bb31 671
ff4700b0 672 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 673 if (wp->flags & mask) {
674 cpu_watchpoint_remove_by_ref(cpu, wp);
675 }
c0ce998e 676 }
7d03f82f 677}
05068c0d
PM		 678
679/* Return true if this watchpoint address matches the specified
680 * access (ie the address range covered by the watchpoint overlaps
681 * partially or completely with the address range covered by the
682 * access).
683 */
684static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
685 vaddr addr,
686 vaddr len)
687{
688 /* We know the lengths are non-zero, but a little caution is
689 * required to avoid errors in the case where the range ends
690 * exactly at the top of the address space and so addr + len
691 * wraps round to zero.
692 */
693 vaddr wpend = wp->vaddr + wp->len - 1;
694 vaddr addrend = addr + len - 1;
695
696 return !(addr > wpend || wp->vaddr > addrend);
697}
698
c527ee8f 699#endif
7d03f82f 700
a1d1bb31 701/* Add a breakpoint. */
b3310ab3 702int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 703 CPUBreakpoint **breakpoint)
4c3a88a2 704{
c0ce998e 705 CPUBreakpoint *bp;
3b46e624 706
7267c094 707 bp = g_malloc(sizeof(*bp));
4c3a88a2 708
a1d1bb31
AL		 709 bp->pc = pc;
710 bp->flags = flags;
711
2dc9f411 712 /* keep all GDB-injected breakpoints in front */
00b941e5 713 if (flags & BP_GDB) {
f0c3c505 714 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 715 } else {
f0c3c505 716 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 717 }
3b46e624 718
f0c3c505 719 breakpoint_invalidate(cpu, pc);
a1d1bb31 720
00b941e5 721 if (breakpoint) {
a1d1bb31 722 *breakpoint = bp;
00b941e5 723 }
4c3a88a2 724 return 0;
4c3a88a2
FB		 725}
726
a1d1bb31 727/* Remove a specific breakpoint. */
b3310ab3 728int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 729{
a1d1bb31
AL		 730 CPUBreakpoint *bp;
731
f0c3c505 732 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 733 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 734 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 735 return 0;
736 }
7d03f82f 737 }
a1d1bb31 738 return -ENOENT;
7d03f82f
EI		 739}
740
a1d1bb31 741/* Remove a specific breakpoint by reference. */
b3310ab3 742void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 743{
f0c3c505
AF		 744 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
745
746 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 747
7267c094 748 g_free(breakpoint);
a1d1bb31
AL		 749}
750
751/* Remove all matching breakpoints. */
b3310ab3 752void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 753{
c0ce998e 754 CPUBreakpoint *bp, *next;
a1d1bb31 755
f0c3c505 756 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 757 if (bp->flags & mask) {
758 cpu_breakpoint_remove_by_ref(cpu, bp);
759 }
c0ce998e 760 }
4c3a88a2
FB		 761}
762
c33a346e
FB		 763/* enable or disable single step mode. EXCP_DEBUG is returned by the
764 CPU loop after each instruction */
3825b28f 765void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 766{
ed2803da
AF		 767 if (cpu->singlestep_enabled != enabled) {
768 cpu->singlestep_enabled = enabled;
769 if (kvm_enabled()) {
38e478ec 770 kvm_update_guest_debug(cpu, 0);
ed2803da 771 } else {
ccbb4d44 772 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 773 /* XXX: only flush what is necessary */
38e478ec 774 CPUArchState *env = cpu->env_ptr;
e22a25c9
AL		 775 tb_flush(env);
776 }
c33a346e 777 }
c33a346e
FB		 778}
779
a47dddd7 780void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 781{
782 va_list ap;
493ae1f0 783 va_list ap2;
7501267e
FB		 784
785 va_start(ap, fmt);
493ae1f0 786 va_copy(ap2, ap);
7501267e
FB		 787 fprintf(stderr, "qemu: fatal: ");
788 vfprintf(stderr, fmt, ap);
789 fprintf(stderr, "\n");
878096ee 790 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 791 if (qemu_log_enabled()) {
792 qemu_log("qemu: fatal: ");
793 qemu_log_vprintf(fmt, ap2);
794 qemu_log("\n");
a0762859 795 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 796 qemu_log_flush();
93fcfe39 797 qemu_log_close();
924edcae 798 }
493ae1f0 799 va_end(ap2);
f9373291 800 va_end(ap);
fd052bf6
RV		 801#if defined(CONFIG_USER_ONLY)
802 {
803 struct sigaction act;
804 sigfillset(&act.sa_mask);
805 act.sa_handler = SIG_DFL;
806 sigaction(SIGABRT, &act, NULL);
807 }
808#endif
7501267e
FB		 809 abort();
810}
811
0124311e 812#if !defined(CONFIG_USER_ONLY)
0dc3f44a 813/* Called from RCU critical section */
041603fe
PB		 814static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
815{
816 RAMBlock *block;
817
43771539 818 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 819 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 820 goto found;
821 }
0dc3f44a 822 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 823 if (addr - block->offset < block->max_length) {
041603fe
PB		 824 goto found;
825 }
826 }
827
828 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
829 abort();
830
831found:
43771539
PB		 832 /* It is safe to write mru_block outside the iothread lock. This
833 * is what happens:
834 *
835 * mru_block = xxx
836 * rcu_read_unlock()
837 * xxx removed from list
838 * rcu_read_lock()
839 * read mru_block
840 * mru_block = NULL;
841 * call_rcu(reclaim_ramblock, xxx);
842 * rcu_read_unlock()
843 *
844 * atomic_rcu_set is not needed here. The block was already published
845 * when it was placed into the list. Here we're just making an extra
846 * copy of the pointer.
847 */
041603fe
PB		 848 ram_list.mru_block = block;
849 return block;
850}
851
a2f4d5be 852static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 853{
041603fe 854 ram_addr_t start1;
a2f4d5be
JQ		 855 RAMBlock *block;
856 ram_addr_t end;
857
858 end = TARGET_PAGE_ALIGN(start + length);
859 start &= TARGET_PAGE_MASK;
d24981d3 860
0dc3f44a 861 rcu_read_lock();
041603fe
PB		 862 block = qemu_get_ram_block(start);
863 assert(block == qemu_get_ram_block(end - 1));
1240be24 864 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
041603fe 865 cpu_tlb_reset_dirty_all(start1, length);
0dc3f44a 866 rcu_read_unlock();
d24981d3
JQ		 867}
868
5579c7f3 869/* Note: start and end must be within the same ram block. */
a2f4d5be 870void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
52159192 871 unsigned client)
1ccde1cb 872{
1ccde1cb
FB		 873 if (length == 0)
874 return;
c8d6f66a 875 cpu_physical_memory_clear_dirty_range_type(start, length, client);
f23db169 876
d24981d3 877 if (tcg_enabled()) {
a2f4d5be 878 tlb_reset_dirty_range_all(start, length);
5579c7f3 879 }
1ccde1cb
FB		 880}
881
981fdf23 882static void cpu_physical_memory_set_dirty_tracking(bool enable)
74576198
AL		 883{
884 in_migration = enable;
74576198
AL		 885}
886
79e2b9ae 887/* Called from RCU critical section */
bb0e627a 888hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 889 MemoryRegionSection *section,
890 target_ulong vaddr,
891 hwaddr paddr, hwaddr xlat,
892 int prot,
893 target_ulong *address)
e5548617 894{
a8170e5e 895 hwaddr iotlb;
e5548617
BS		 896 CPUWatchpoint *wp;
897
cc5bea60 898 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 899 /* Normal RAM. */
900 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 901 + xlat;
e5548617 902 if (!section->readonly) {
b41aac4f 903 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 904 } else {
b41aac4f 905 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 906 }
907 } else {
1b3fb98f 908 iotlb = section - section->address_space->dispatch->map.sections;
149f54b5 909 iotlb += xlat;
e5548617
BS		 910 }
911
912 /* Make accesses to pages with watchpoints go via the
913 watchpoint trap routines. */
ff4700b0 914 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 915 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 916 /* Avoid trapping reads of pages with a write breakpoint. */
917 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 918 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 919 *address |= TLB_MMIO;
920 break;
921 }
922 }
923 }
924
925 return iotlb;
926}
9fa3e853
FB		 927#endif /* defined(CONFIG_USER_ONLY) */
928
e2eef170 929#if !defined(CONFIG_USER_ONLY)
8da3ff18 930
c227f099 931static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 932 uint16_t section);
acc9d80b 933static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 934
a2b257d6
IM		 935static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
936 qemu_anon_ram_alloc;
91138037
MA		 937
938/*
939 * Set a custom physical guest memory alloator.
940 * Accelerators with unusual needs may need this. Hopefully, we can
941 * get rid of it eventually.
942 */
a2b257d6 943void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 944{
945 phys_mem_alloc = alloc;
946}
947
53cb28cb
MA		 948static uint16_t phys_section_add(PhysPageMap *map,
949 MemoryRegionSection *section)
5312bd8b 950{
68f3f65b
PB		 951 /* The physical section number is ORed with a page-aligned
952 * pointer to produce the iotlb entries. Thus it should
953 * never overflow into the page-aligned value.
954 */
53cb28cb 955 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 956
53cb28cb
MA		 957 if (map->sections_nb == map->sections_nb_alloc) {
958 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
959 map->sections = g_renew(MemoryRegionSection, map->sections,
960 map->sections_nb_alloc);
5312bd8b 961 }
53cb28cb 962 map->sections[map->sections_nb] = *section;
dfde4e6e 963 memory_region_ref(section->mr);
53cb28cb 964 return map->sections_nb++;
5312bd8b
AK		 965}
966
058bc4b5
PB		 967static void phys_section_destroy(MemoryRegion *mr)
968{
dfde4e6e
PB		 969 memory_region_unref(mr);
970
058bc4b5
PB		 971 if (mr->subpage) {
972 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 973 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 974 g_free(subpage);
975 }
976}
977
6092666e 978static void phys_sections_free(PhysPageMap *map)
5312bd8b 979{
9affd6fc
PB		 980 while (map->sections_nb > 0) {
981 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 982 phys_section_destroy(section->mr);
983 }
9affd6fc
PB		 984 g_free(map->sections);
985 g_free(map->nodes);
5312bd8b
AK		 986}
987
ac1970fb 988static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 989{
990 subpage_t *subpage;
a8170e5e 991 hwaddr base = section->offset_within_address_space
0f0cb164 992 & TARGET_PAGE_MASK;
97115a8d 993 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 994 d->map.nodes, d->map.sections);
0f0cb164
AK		 995 MemoryRegionSection subsection = {
996 .offset_within_address_space = base,
052e87b0 997 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 998 };
a8170e5e 999 hwaddr start, end;
0f0cb164 1000
f3705d53 1001 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1002
f3705d53 1003 if (!(existing->mr->subpage)) {
acc9d80b 1004 subpage = subpage_init(d->as, base);
3be91e86 1005 subsection.address_space = d->as;
0f0cb164 1006 subsection.mr = &subpage->iomem;
ac1970fb 1007 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1008 phys_section_add(&d->map, &subsection));
0f0cb164 1009 } else {
f3705d53 1010 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1011 }
1012 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1013 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1014 subpage_register(subpage, start, end,
1015 phys_section_add(&d->map, section));
0f0cb164
AK		 1016}
1017
1018
052e87b0
PB		 1019static void register_multipage(AddressSpaceDispatch *d,
1020 MemoryRegionSection *section)
33417e70 1021{
a8170e5e 1022 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1023 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1024 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1025 TARGET_PAGE_BITS));
dd81124b 1026
733d5ef5
PB		 1027 assert(num_pages);
1028 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1029}
1030
ac1970fb 1031static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1032{
89ae337a 1033 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1034 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1035 MemoryRegionSection now = *section, remain = *section;
052e87b0 1036 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1037
733d5ef5
PB		 1038 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1039 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1040 - now.offset_within_address_space;
1041
052e87b0 1042 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1043 register_subpage(d, &now);
733d5ef5 1044 } else {
052e87b0 1045 now.size = int128_zero();
733d5ef5 1046 }
052e87b0
PB		 1047 while (int128_ne(remain.size, now.size)) {
1048 remain.size = int128_sub(remain.size, now.size);
1049 remain.offset_within_address_space += int128_get64(now.size);
1050 remain.offset_within_region += int128_get64(now.size);
69b67646 1051 now = remain;
052e87b0 1052 if (int128_lt(remain.size, page_size)) {
733d5ef5 1053 register_subpage(d, &now);
88266249 1054 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1055 now.size = page_size;
ac1970fb 1056 register_subpage(d, &now);
69b67646 1057 } else {
052e87b0 1058 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1059 register_multipage(d, &now);
69b67646 1060 }
0f0cb164
AK		 1061 }
1062}
1063
62a2744c
SY		 1064void qemu_flush_coalesced_mmio_buffer(void)
1065{
1066 if (kvm_enabled())
1067 kvm_flush_coalesced_mmio_buffer();
1068}
1069
b2a8658e
UD		 1070void qemu_mutex_lock_ramlist(void)
1071{
1072 qemu_mutex_lock(&ram_list.mutex);
1073}
1074
1075void qemu_mutex_unlock_ramlist(void)
1076{
1077 qemu_mutex_unlock(&ram_list.mutex);
1078}
1079
e1e84ba0 1080#ifdef __linux__
c902760f
MT		 1081
1082#include <sys/vfs.h>
1083
1084#define HUGETLBFS_MAGIC 0x958458f6
1085
fc7a5800 1086static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1087{
1088 struct statfs fs;
1089 int ret;
1090
1091 do {
9742bf26 1092 ret = statfs(path, &fs);
c902760f
MT		 1093 } while (ret != 0 && errno == EINTR);
1094
1095 if (ret != 0) {
fc7a5800
HT		 1096 error_setg_errno(errp, errno, "failed to get page size of file %s",
1097 path);
9742bf26 1098 return 0;
c902760f
MT		 1099 }
1100
1101 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1102 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1103
1104 return fs.f_bsize;
1105}
1106
04b16653
AW		 1107static void *file_ram_alloc(RAMBlock *block,
1108 ram_addr_t memory,
7f56e740
PB		 1109 const char *path,
1110 Error **errp)
c902760f
MT		 1111{
1112 char *filename;
8ca761f6
PF		 1113 char *sanitized_name;
1114 char *c;
557529dd 1115 void *area = NULL;
c902760f 1116 int fd;
557529dd 1117 uint64_t hpagesize;
fc7a5800 1118 Error *local_err = NULL;
c902760f 1119
fc7a5800
HT		 1120 hpagesize = gethugepagesize(path, &local_err);
1121 if (local_err) {
1122 error_propagate(errp, local_err);
f9a49dfa 1123 goto error;
c902760f 1124 }
a2b257d6 1125 block->mr->align = hpagesize;
c902760f
MT		 1126
1127 if (memory < hpagesize) {
557529dd
HT		 1128 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1129 "or larger than huge page size 0x%" PRIx64,
1130 memory, hpagesize);
1131 goto error;
c902760f
MT		 1132 }
1133
1134 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1135 error_setg(errp,
1136 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1137 goto error;
c902760f
MT		 1138 }
1139
8ca761f6 1140 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1141 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1142 for (c = sanitized_name; *c != '\0'; c++) {
1143 if (*c == '/')
1144 *c = '_';
1145 }
1146
1147 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1148 sanitized_name);
1149 g_free(sanitized_name);
c902760f
MT		 1150
1151 fd = mkstemp(filename);
1152 if (fd < 0) {
7f56e740
PB		 1153 error_setg_errno(errp, errno,
1154 "unable to create backing store for hugepages");
e4ada482 1155 g_free(filename);
f9a49dfa 1156 goto error;
c902760f
MT		 1157 }
1158 unlink(filename);
e4ada482 1159 g_free(filename);
c902760f
MT		 1160
1161 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1162
1163 /*
1164 * ftruncate is not supported by hugetlbfs in older
1165 * hosts, so don't bother bailing out on errors.
1166 * If anything goes wrong with it under other filesystems,
1167 * mmap will fail.
1168 */
7f56e740 1169 if (ftruncate(fd, memory)) {
9742bf26 1170 perror("ftruncate");
7f56e740 1171 }
c902760f 1172
dbcb8981
PB		 1173 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1174 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1175 fd, 0);
c902760f 1176 if (area == MAP_FAILED) {
7f56e740
PB		 1177 error_setg_errno(errp, errno,
1178 "unable to map backing store for hugepages");
9742bf26 1179 close(fd);
f9a49dfa 1180 goto error;
c902760f 1181 }
ef36fa14
MT		 1182
1183 if (mem_prealloc) {
38183310 1184 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1185 }
1186
04b16653 1187 block->fd = fd;
c902760f 1188 return area;
f9a49dfa
MT		 1189
1190error:
1191 if (mem_prealloc) {
81b07353 1192 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1193 exit(1);
1194 }
1195 return NULL;
c902760f
MT		 1196}
1197#endif
1198
0dc3f44a 1199/* Called with the ramlist lock held. */
d17b5288 1200static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1201{
1202 RAMBlock *block, *next_block;
3e837b2c 1203 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1204
49cd9ac6
SH		 1205 assert(size != 0); /* it would hand out same offset multiple times */
1206
0dc3f44a 1207 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1208 return 0;
0d53d9fe 1209 }
04b16653 1210
0dc3f44a 1211 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1212 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1213
62be4e3a 1214 end = block->offset + block->max_length;
04b16653 1215
0dc3f44a 1216 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1217 if (next_block->offset >= end) {
1218 next = MIN(next, next_block->offset);
1219 }
1220 }
1221 if (next - end >= size && next - end < mingap) {
3e837b2c 1222 offset = end;
04b16653
AW		 1223 mingap = next - end;
1224 }
1225 }
3e837b2c
AW		 1226
1227 if (offset == RAM_ADDR_MAX) {
1228 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1229 (uint64_t)size);
1230 abort();
1231 }
1232
04b16653
AW		 1233 return offset;
1234}
1235
652d7ec2 1236ram_addr_t last_ram_offset(void)
d17b5288
AW		 1237{
1238 RAMBlock *block;
1239 ram_addr_t last = 0;
1240
0dc3f44a
MD		 1241 rcu_read_lock();
1242 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1243 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1244 }
0dc3f44a 1245 rcu_read_unlock();
d17b5288
AW		 1246 return last;
1247}
1248
ddb97f1d
JB		 1249static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1250{
1251 int ret;
ddb97f1d
JB		 1252
1253 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2ff3de68
MA		 1254 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1255 "dump-guest-core", true)) {
ddb97f1d
JB		 1256 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1257 if (ret) {
1258 perror("qemu_madvise");
1259 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1260 "but dump_guest_core=off specified\n");
1261 }
1262 }
1263}
1264
0dc3f44a
MD		 1265/* Called within an RCU critical section, or while the ramlist lock
1266 * is held.
1267 */
20cfe881 1268static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1269{
20cfe881 1270 RAMBlock *block;
84b89d78 1271
0dc3f44a 1272 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1273 if (block->offset == addr) {
20cfe881 1274 return block;
c5705a77
AK		 1275 }
1276 }
20cfe881
HT		 1277
1278 return NULL;
1279}
1280
ae3a7047 1281/* Called with iothread lock held. */
20cfe881
HT		 1282void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1283{
ae3a7047 1284 RAMBlock *new_block, *block;
20cfe881 1285
0dc3f44a 1286 rcu_read_lock();
ae3a7047 1287 new_block = find_ram_block(addr);
c5705a77
AK		 1288 assert(new_block);
1289 assert(!new_block->idstr[0]);
84b89d78 1290
09e5ab63
AL		 1291 if (dev) {
1292 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1293 if (id) {
1294 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1295 g_free(id);
84b89d78
CM		 1296 }
1297 }
1298 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1299
0dc3f44a 1300 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1301 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1302 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1303 new_block->idstr);
1304 abort();
1305 }
1306 }
0dc3f44a 1307 rcu_read_unlock();
c5705a77
AK		 1308}
1309
ae3a7047 1310/* Called with iothread lock held. */
20cfe881
HT		 1311void qemu_ram_unset_idstr(ram_addr_t addr)
1312{
ae3a7047 1313 RAMBlock *block;
20cfe881 1314
ae3a7047
MD		 1315 /* FIXME: arch_init.c assumes that this is not called throughout
1316 * migration. Ignore the problem since hot-unplug during migration
1317 * does not work anyway.
1318 */
1319
0dc3f44a 1320 rcu_read_lock();
ae3a7047 1321 block = find_ram_block(addr);
20cfe881
HT		 1322 if (block) {
1323 memset(block->idstr, 0, sizeof(block->idstr));
1324 }
0dc3f44a 1325 rcu_read_unlock();
20cfe881
HT		 1326}
1327
8490fc78
LC		 1328static int memory_try_enable_merging(void *addr, size_t len)
1329{
2ff3de68 1330 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
8490fc78
LC		 1331 /* disabled by the user */
1332 return 0;
1333 }
1334
1335 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1336}
1337
62be4e3a
MT		 1338/* Only legal before guest might have detected the memory size: e.g. on
1339 * incoming migration, or right after reset.
1340 *
1341 * As memory core doesn't know how is memory accessed, it is up to
1342 * resize callback to update device state and/or add assertions to detect
1343 * misuse, if necessary.
1344 */
1345int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1346{
1347 RAMBlock *block = find_ram_block(base);
1348
1349 assert(block);
1350
129ddaf3
MT		 1351 newsize = TARGET_PAGE_ALIGN(newsize);
1352
62be4e3a
MT		 1353 if (block->used_length == newsize) {
1354 return 0;
1355 }
1356
1357 if (!(block->flags & RAM_RESIZEABLE)) {
1358 error_setg_errno(errp, EINVAL,
1359 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1360 " in != 0x" RAM_ADDR_FMT, block->idstr,
1361 newsize, block->used_length);
1362 return -EINVAL;
1363 }
1364
1365 if (block->max_length < newsize) {
1366 error_setg_errno(errp, EINVAL,
1367 "Length too large: %s: 0x" RAM_ADDR_FMT
1368 " > 0x" RAM_ADDR_FMT, block->idstr,
1369 newsize, block->max_length);
1370 return -EINVAL;
1371 }
1372
1373 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1374 block->used_length = newsize;
1375 cpu_physical_memory_set_dirty_range(block->offset, block->used_length);
1376 memory_region_set_size(block->mr, newsize);
1377 if (block->resized) {
1378 block->resized(block->idstr, newsize, block->host);
1379 }
1380 return 0;
1381}
1382
ef701d7b 1383static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1384{
e1c57ab8 1385 RAMBlock *block;
0d53d9fe 1386 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1387 ram_addr_t old_ram_size, new_ram_size;
1388
1389 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1390
b2a8658e 1391 qemu_mutex_lock_ramlist();
9b8424d5 1392 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1393
1394 if (!new_block->host) {
1395 if (xen_enabled()) {
9b8424d5
MT		 1396 xen_ram_alloc(new_block->offset, new_block->max_length,
1397 new_block->mr);
e1c57ab8 1398 } else {
9b8424d5 1399 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1400 &new_block->mr->align);
39228250 1401 if (!new_block->host) {
ef701d7b
HT		 1402 error_setg_errno(errp, errno,
1403 "cannot set up guest memory '%s'",
1404 memory_region_name(new_block->mr));
1405 qemu_mutex_unlock_ramlist();
1406 return -1;
39228250 1407 }
9b8424d5 1408 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1409 }
c902760f 1410 }
94a6b54f 1411
0d53d9fe
MD		 1412 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1413 * QLIST (which has an RCU-friendly variant) does not have insertion at
1414 * tail, so save the last element in last_block.
1415 */
0dc3f44a 1416 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1417 last_block = block;
9b8424d5 1418 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1419 break;
1420 }
1421 }
1422 if (block) {
0dc3f44a 1423 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1424 } else if (last_block) {
0dc3f44a 1425 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1426 } else { /* list is empty */
0dc3f44a 1427 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1428 }
0d6d3c87 1429 ram_list.mru_block = NULL;
94a6b54f 1430
0dc3f44a
MD		 1431 /* Write list before version */
1432 smp_wmb();
f798b07f 1433 ram_list.version++;
b2a8658e 1434 qemu_mutex_unlock_ramlist();
f798b07f 1435
2152f5ca
JQ		 1436 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1437
1438 if (new_ram_size > old_ram_size) {
1ab4c8ce 1439 int i;
ae3a7047
MD		 1440
1441 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1442 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1443 ram_list.dirty_memory[i] =
1444 bitmap_zero_extend(ram_list.dirty_memory[i],
1445 old_ram_size, new_ram_size);
1446 }
2152f5ca 1447 }
9b8424d5
MT		 1448 cpu_physical_memory_set_dirty_range(new_block->offset,
1449 new_block->used_length);
94a6b54f 1450
a904c911
PB		 1451 if (new_block->host) {
1452 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1453 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1454 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1455 if (kvm_enabled()) {
1456 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1457 }
e1c57ab8 1458 }
6f0437e8 1459
94a6b54f
PB		 1460 return new_block->offset;
1461}
e9a1ab19 1462
0b183fc8 1463#ifdef __linux__
e1c57ab8 1464ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1465 bool share, const char *mem_path,
7f56e740 1466 Error **errp)
e1c57ab8
PB		 1467{
1468 RAMBlock *new_block;
ef701d7b
HT		 1469 ram_addr_t addr;
1470 Error *local_err = NULL;
e1c57ab8
PB		 1471
1472 if (xen_enabled()) {
7f56e740
PB		 1473 error_setg(errp, "-mem-path not supported with Xen");
1474 return -1;
e1c57ab8
PB		 1475 }
1476
1477 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1478 /*
1479 * file_ram_alloc() needs to allocate just like
1480 * phys_mem_alloc, but we haven't bothered to provide
1481 * a hook there.
1482 */
7f56e740
PB		 1483 error_setg(errp,
1484 "-mem-path not supported with this accelerator");
1485 return -1;
e1c57ab8
PB		 1486 }
1487
1488 size = TARGET_PAGE_ALIGN(size);
1489 new_block = g_malloc0(sizeof(*new_block));
1490 new_block->mr = mr;
9b8424d5
MT		 1491 new_block->used_length = size;
1492 new_block->max_length = size;
dbcb8981 1493 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1494 new_block->host = file_ram_alloc(new_block, size,
1495 mem_path, errp);
1496 if (!new_block->host) {
1497 g_free(new_block);
1498 return -1;
1499 }
1500
ef701d7b
HT		 1501 addr = ram_block_add(new_block, &local_err);
1502 if (local_err) {
1503 g_free(new_block);
1504 error_propagate(errp, local_err);
1505 return -1;
1506 }
1507 return addr;
e1c57ab8 1508}
0b183fc8 1509#endif
e1c57ab8 1510
62be4e3a
MT		 1511static
1512ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1513 void (*resized)(const char*,
1514 uint64_t length,
1515 void *host),
1516 void *host, bool resizeable,
ef701d7b 1517 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1518{
1519 RAMBlock *new_block;
ef701d7b
HT		 1520 ram_addr_t addr;
1521 Error *local_err = NULL;
e1c57ab8
PB		 1522
1523 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1524 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1525 new_block = g_malloc0(sizeof(*new_block));
1526 new_block->mr = mr;
62be4e3a 1527 new_block->resized = resized;
9b8424d5
MT		 1528 new_block->used_length = size;
1529 new_block->max_length = max_size;
62be4e3a 1530 assert(max_size >= size);
e1c57ab8
PB		 1531 new_block->fd = -1;
1532 new_block->host = host;
1533 if (host) {
7bd4f430 1534 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1535 }
62be4e3a
MT		 1536 if (resizeable) {
1537 new_block->flags |= RAM_RESIZEABLE;
1538 }
ef701d7b
HT		 1539 addr = ram_block_add(new_block, &local_err);
1540 if (local_err) {
1541 g_free(new_block);
1542 error_propagate(errp, local_err);
1543 return -1;
1544 }
1545 return addr;
e1c57ab8
PB		 1546}
1547
62be4e3a
MT		 1548ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1549 MemoryRegion *mr, Error **errp)
1550{
1551 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1552}
1553
ef701d7b 1554ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1555{
62be4e3a
MT		 1556 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1557}
1558
1559ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1560 void (*resized)(const char*,
1561 uint64_t length,
1562 void *host),
1563 MemoryRegion *mr, Error **errp)
1564{
1565 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1566}
1567
1f2e98b6
AW		 1568void qemu_ram_free_from_ptr(ram_addr_t addr)
1569{
1570 RAMBlock *block;
1571
b2a8658e 1572 qemu_mutex_lock_ramlist();
0dc3f44a 1573 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1574 if (addr == block->offset) {
0dc3f44a 1575 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1576 ram_list.mru_block = NULL;
0dc3f44a
MD		 1577 /* Write list before version */
1578 smp_wmb();
f798b07f 1579 ram_list.version++;
43771539 1580 g_free_rcu(block, rcu);
b2a8658e 1581 break;
1f2e98b6
AW		 1582 }
1583 }
b2a8658e 1584 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1585}
1586
43771539
PB		 1587static void reclaim_ramblock(RAMBlock *block)
1588{
1589 if (block->flags & RAM_PREALLOC) {
1590 ;
1591 } else if (xen_enabled()) {
1592 xen_invalidate_map_cache_entry(block->host);
1593#ifndef _WIN32
1594 } else if (block->fd >= 0) {
1595 munmap(block->host, block->max_length);
1596 close(block->fd);
1597#endif
1598 } else {
1599 qemu_anon_ram_free(block->host, block->max_length);
1600 }
1601 g_free(block);
1602}
1603
c227f099 1604void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1605{
04b16653
AW		 1606 RAMBlock *block;
1607
b2a8658e 1608 qemu_mutex_lock_ramlist();
0dc3f44a 1609 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1610 if (addr == block->offset) {
0dc3f44a 1611 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1612 ram_list.mru_block = NULL;
0dc3f44a
MD		 1613 /* Write list before version */
1614 smp_wmb();
f798b07f 1615 ram_list.version++;
43771539 1616 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1617 break;
04b16653
AW		 1618 }
1619 }
b2a8658e 1620 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1621}
1622
cd19cfa2
HY		 1623#ifndef _WIN32
1624void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1625{
1626 RAMBlock *block;
1627 ram_addr_t offset;
1628 int flags;
1629 void *area, *vaddr;
1630
0dc3f44a 1631 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1632 offset = addr - block->offset;
9b8424d5 1633 if (offset < block->max_length) {
1240be24 1634 vaddr = ramblock_ptr(block, offset);
7bd4f430 1635 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1636 ;
dfeaf2ab
MA		 1637 } else if (xen_enabled()) {
1638 abort();
cd19cfa2
HY		 1639 } else {
1640 flags = MAP_FIXED;
1641 munmap(vaddr, length);
3435f395 1642 if (block->fd >= 0) {
dbcb8981
PB		 1643 flags |= (block->flags & RAM_SHARED ?
1644 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1645 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1646 flags, block->fd, offset);
cd19cfa2 1647 } else {
2eb9fbaa
MA		 1648 /*
1649 * Remap needs to match alloc. Accelerators that
1650 * set phys_mem_alloc never remap. If they did,
1651 * we'd need a remap hook here.
1652 */
1653 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1654
cd19cfa2
HY		 1655 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1656 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1657 flags, -1, 0);
cd19cfa2
HY		 1658 }
1659 if (area != vaddr) {
f15fbc4b
AP		 1660 fprintf(stderr, "Could not remap addr: "
1661 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1662 length, addr);
1663 exit(1);
1664 }
8490fc78 1665 memory_try_enable_merging(vaddr, length);
ddb97f1d 1666 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1667 }
cd19cfa2
HY		 1668 }
1669 }
1670}
1671#endif /* !_WIN32 */
1672
a35ba7be
PB		 1673int qemu_get_ram_fd(ram_addr_t addr)
1674{
ae3a7047
MD		 1675 RAMBlock *block;
1676 int fd;
a35ba7be 1677
0dc3f44a 1678 rcu_read_lock();
ae3a7047
MD		 1679 block = qemu_get_ram_block(addr);
1680 fd = block->fd;
0dc3f44a 1681 rcu_read_unlock();
ae3a7047 1682 return fd;
a35ba7be
PB		 1683}
1684
3fd74b84
DM		 1685void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1686{
ae3a7047
MD		 1687 RAMBlock *block;
1688 void *ptr;
3fd74b84 1689
0dc3f44a 1690 rcu_read_lock();
ae3a7047
MD		 1691 block = qemu_get_ram_block(addr);
1692 ptr = ramblock_ptr(block, 0);
0dc3f44a 1693 rcu_read_unlock();
ae3a7047 1694 return ptr;
3fd74b84
DM		 1695}
1696
1b5ec234 1697/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1698 * This should not be used for general purpose DMA. Use address_space_map
1699 * or address_space_rw instead. For local memory (e.g. video ram) that the
1700 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1701 *
1702 * By the time this function returns, the returned pointer is not protected
1703 * by RCU anymore. If the caller is not within an RCU critical section and
1704 * does not hold the iothread lock, it must have other means of protecting the
1705 * pointer, such as a reference to the region that includes the incoming
1706 * ram_addr_t.
1b5ec234
PB		 1707 */
1708void *qemu_get_ram_ptr(ram_addr_t addr)
1709{
ae3a7047
MD		 1710 RAMBlock *block;
1711 void *ptr;
1b5ec234 1712
0dc3f44a 1713 rcu_read_lock();
ae3a7047
MD		 1714 block = qemu_get_ram_block(addr);
1715
1716 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1717 /* We need to check if the requested address is in the RAM
1718 * because we don't want to map the entire memory in QEMU.
1719 * In that case just map until the end of the page.
1720 */
1721 if (block->offset == 0) {
ae3a7047 1722 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1723 goto unlock;
0d6d3c87 1724 }
ae3a7047
MD		 1725
1726 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1727 }
ae3a7047
MD		 1728 ptr = ramblock_ptr(block, addr - block->offset);
1729
0dc3f44a
MD		 1730unlock:
1731 rcu_read_unlock();
ae3a7047 1732 return ptr;
dc828ca1
PB		 1733}
1734
38bee5dc 1735/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1736 * but takes a size argument.
0dc3f44a
MD		 1737 *
1738 * By the time this function returns, the returned pointer is not protected
1739 * by RCU anymore. If the caller is not within an RCU critical section and
1740 * does not hold the iothread lock, it must have other means of protecting the
1741 * pointer, such as a reference to the region that includes the incoming
1742 * ram_addr_t.
ae3a7047 1743 */
cb85f7ab 1744static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1745{
ae3a7047 1746 void *ptr;
8ab934f9
SS		 1747 if (*size == 0) {
1748 return NULL;
1749 }
868bb33f 1750 if (xen_enabled()) {
e41d7c69 1751 return xen_map_cache(addr, *size, 1);
868bb33f 1752 } else {
38bee5dc 1753 RAMBlock *block;
0dc3f44a
MD		 1754 rcu_read_lock();
1755 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1756 if (addr - block->offset < block->max_length) {
1757 if (addr - block->offset + *size > block->max_length)
1758 *size = block->max_length - addr + block->offset;
ae3a7047 1759 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1760 rcu_read_unlock();
ae3a7047 1761 return ptr;
38bee5dc
SS		 1762 }
1763 }
1764
1765 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1766 abort();
38bee5dc
SS		 1767 }
1768}
1769
7443b437 1770/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1771 * (typically a TLB entry) back to a ram offset.
1772 *
1773 * By the time this function returns, the returned pointer is not protected
1774 * by RCU anymore. If the caller is not within an RCU critical section and
1775 * does not hold the iothread lock, it must have other means of protecting the
1776 * pointer, such as a reference to the region that includes the incoming
1777 * ram_addr_t.
1778 */
1b5ec234 1779MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1780{
94a6b54f
PB		 1781 RAMBlock *block;
1782 uint8_t *host = ptr;
ae3a7047 1783 MemoryRegion *mr;
94a6b54f 1784
868bb33f 1785 if (xen_enabled()) {
0dc3f44a 1786 rcu_read_lock();
e41d7c69 1787 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1788 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1789 rcu_read_unlock();
ae3a7047 1790 return mr;
712c2b41
SS		 1791 }
1792
0dc3f44a
MD		 1793 rcu_read_lock();
1794 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1795 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1796 goto found;
1797 }
1798
0dc3f44a 1799 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1800 /* This case append when the block is not mapped. */
1801 if (block->host == NULL) {
1802 continue;
1803 }
9b8424d5 1804 if (host - block->host < block->max_length) {
23887b79 1805 goto found;
f471a17e 1806 }
94a6b54f 1807 }
432d268c 1808
0dc3f44a 1809 rcu_read_unlock();
1b5ec234 1810 return NULL;
23887b79
PB		 1811
1812found:
1813 *ram_addr = block->offset + (host - block->host);
ae3a7047 1814 mr = block->mr;
0dc3f44a 1815 rcu_read_unlock();
ae3a7047 1816 return mr;
e890261f 1817}
f471a17e 1818
a8170e5e 1819static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1820 uint64_t val, unsigned size)
9fa3e853 1821{
52159192 1822 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1823 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1824 }
0e0df1e2
AK		 1825 switch (size) {
1826 case 1:
1827 stb_p(qemu_get_ram_ptr(ram_addr), val);
1828 break;
1829 case 2:
1830 stw_p(qemu_get_ram_ptr(ram_addr), val);
1831 break;
1832 case 4:
1833 stl_p(qemu_get_ram_ptr(ram_addr), val);
1834 break;
1835 default:
1836 abort();
3a7d929e 1837 }
6886867e 1838 cpu_physical_memory_set_dirty_range_nocode(ram_addr, size);
f23db169
FB		 1839 /* we remove the notdirty callback only if the code has been
1840 flushed */
a2cd8c85 1841 if (!cpu_physical_memory_is_clean(ram_addr)) {
4917cf44 1842 CPUArchState *env = current_cpu->env_ptr;
93afeade 1843 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
4917cf44 1844 }
9fa3e853
FB		 1845}
1846
b018ddf6
PB		 1847static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1848 unsigned size, bool is_write)
1849{
1850 return is_write;
1851}
1852
0e0df1e2 1853static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1854 .write = notdirty_mem_write,
b018ddf6 1855 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1856 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1857};
1858
0f459d16 1859/* Generate a debug exception if a watchpoint has been hit. */
05068c0d 1860static void check_watchpoint(int offset, int len, int flags)
0f459d16 1861{
93afeade
AF		 1862 CPUState *cpu = current_cpu;
1863 CPUArchState *env = cpu->env_ptr;
06d55cc1 1864 target_ulong pc, cs_base;
0f459d16 1865 target_ulong vaddr;
a1d1bb31 1866 CPUWatchpoint *wp;
06d55cc1 1867 int cpu_flags;
0f459d16 1868
ff4700b0 1869 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1870 /* We re-entered the check after replacing the TB. Now raise
1871 * the debug interrupt so that is will trigger after the
1872 * current instruction. */
93afeade 1873 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1874 return;
1875 }
93afeade 1876 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1877 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1878 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1879 && (wp->flags & flags)) {
08225676
PM		 1880 if (flags == BP_MEM_READ) {
1881 wp->flags |= BP_WATCHPOINT_HIT_READ;
1882 } else {
1883 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1884 }
1885 wp->hitaddr = vaddr;
ff4700b0
AF		 1886 if (!cpu->watchpoint_hit) {
1887 cpu->watchpoint_hit = wp;
239c51a5 1888 tb_check_watchpoint(cpu);
6e140f28 1889 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1890 cpu->exception_index = EXCP_DEBUG;
5638d180 1891 cpu_loop_exit(cpu);
6e140f28
AL		 1892 } else {
1893 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 1894 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 1895 cpu_resume_from_signal(cpu, NULL);
6e140f28 1896 }
06d55cc1 1897 }
6e140f28
AL		 1898 } else {
1899 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1900 }
1901 }
1902}
1903
6658ffb8
PB		 1904/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1905 so these check for a hit then pass through to the normal out-of-line
1906 phys routines. */
a8170e5e 1907static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1908 unsigned size)
6658ffb8 1909{
05068c0d 1910 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_READ);
1ec9b909 1911 switch (size) {
2c17449b 1912 case 1: return ldub_phys(&address_space_memory, addr);
41701aa4 1913 case 2: return lduw_phys(&address_space_memory, addr);
fdfba1a2 1914 case 4: return ldl_phys(&address_space_memory, addr);
1ec9b909
AK		 1915 default: abort();
1916 }
6658ffb8
PB		 1917}
1918
a8170e5e 1919static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1920 uint64_t val, unsigned size)
6658ffb8 1921{
05068c0d 1922 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_WRITE);
1ec9b909 1923 switch (size) {
67364150 1924 case 1:
db3be60d 1925 stb_phys(&address_space_memory, addr, val);
67364150
MF		 1926 break;
1927 case 2:
5ce5944d 1928 stw_phys(&address_space_memory, addr, val);
67364150
MF		 1929 break;
1930 case 4:
ab1da857 1931 stl_phys(&address_space_memory, addr, val);
67364150 1932 break;
1ec9b909
AK		 1933 default: abort();
1934 }
6658ffb8
PB		 1935}
1936
1ec9b909
AK		 1937static const MemoryRegionOps watch_mem_ops = {
1938 .read = watch_mem_read,
1939 .write = watch_mem_write,
1940 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1941};
6658ffb8 1942
a8170e5e 1943static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1944 unsigned len)
db7b5426 1945{
acc9d80b 1946 subpage_t *subpage = opaque;
ff6cff75 1947 uint8_t buf[8];
791af8c8 1948
db7b5426 1949#if defined(DEBUG_SUBPAGE)
016e9d62 1950 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 1951 subpage, len, addr);
db7b5426 1952#endif
acc9d80b
JK		 1953 address_space_read(subpage->as, addr + subpage->base, buf, len);
1954 switch (len) {
1955 case 1:
1956 return ldub_p(buf);
1957 case 2:
1958 return lduw_p(buf);
1959 case 4:
1960 return ldl_p(buf);
ff6cff75
PB		 1961 case 8:
1962 return ldq_p(buf);
acc9d80b
JK		 1963 default:
1964 abort();
1965 }
db7b5426
BS		 1966}
1967
a8170e5e 1968static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1969 uint64_t value, unsigned len)
db7b5426 1970{
acc9d80b 1971 subpage_t *subpage = opaque;
ff6cff75 1972 uint8_t buf[8];
acc9d80b 1973
db7b5426 1974#if defined(DEBUG_SUBPAGE)
016e9d62 1975 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 1976 " value %"PRIx64"\n",
1977 __func__, subpage, len, addr, value);
db7b5426 1978#endif
acc9d80b
JK		 1979 switch (len) {
1980 case 1:
1981 stb_p(buf, value);
1982 break;
1983 case 2:
1984 stw_p(buf, value);
1985 break;
1986 case 4:
1987 stl_p(buf, value);
1988 break;
ff6cff75
PB		 1989 case 8:
1990 stq_p(buf, value);
1991 break;
acc9d80b
JK		 1992 default:
1993 abort();
1994 }
1995 address_space_write(subpage->as, addr + subpage->base, buf, len);
db7b5426
BS		 1996}
1997
c353e4cc 1998static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 1999 unsigned len, bool is_write)
c353e4cc 2000{
acc9d80b 2001 subpage_t *subpage = opaque;
c353e4cc 2002#if defined(DEBUG_SUBPAGE)
016e9d62 2003 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2004 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2005#endif
2006
acc9d80b 2007 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2008 len, is_write);
c353e4cc
PB		 2009}
2010
70c68e44
AK		 2011static const MemoryRegionOps subpage_ops = {
2012 .read = subpage_read,
2013 .write = subpage_write,
ff6cff75
PB		 2014 .impl.min_access_size = 1,
2015 .impl.max_access_size = 8,
2016 .valid.min_access_size = 1,
2017 .valid.max_access_size = 8,
c353e4cc 2018 .valid.accepts = subpage_accepts,
70c68e44 2019 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2020};
2021
c227f099 2022static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2023 uint16_t section)
db7b5426
BS		 2024{
2025 int idx, eidx;
2026
2027 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2028 return -1;
2029 idx = SUBPAGE_IDX(start);
2030 eidx = SUBPAGE_IDX(end);
2031#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2032 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2033 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2034#endif
db7b5426 2035 for (; idx <= eidx; idx++) {
5312bd8b 2036 mmio->sub_section[idx] = section;
db7b5426
BS		 2037 }
2038
2039 return 0;
2040}
2041
acc9d80b 2042static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2043{
c227f099 2044 subpage_t *mmio;
db7b5426 2045
7267c094 2046 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2047
acc9d80b 2048 mmio->as = as;
1eec614b 2049 mmio->base = base;
2c9b15ca 2050 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2051 NULL, TARGET_PAGE_SIZE);
b3b00c78 2052 mmio->iomem.subpage = true;
db7b5426 2053#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2054 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2055 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2056#endif
b41aac4f 2057 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2058
2059 return mmio;
2060}
2061
a656e22f
PC		 2062static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2063 MemoryRegion *mr)
5312bd8b 2064{
a656e22f 2065 assert(as);
5312bd8b 2066 MemoryRegionSection section = {
a656e22f 2067 .address_space = as,
5312bd8b
AK		 2068 .mr = mr,
2069 .offset_within_address_space = 0,
2070 .offset_within_region = 0,
052e87b0 2071 .size = int128_2_64(),
5312bd8b
AK		 2072 };
2073
53cb28cb 2074 return phys_section_add(map, &section);
5312bd8b
AK		 2075}
2076
9d82b5a7 2077MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2078{
79e2b9ae
PB		 2079 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2080 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2081
2082 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2083}
2084
e9179ce1
AK		 2085static void io_mem_init(void)
2086{
1f6245e5 2087 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2088 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2089 NULL, UINT64_MAX);
2c9b15ca 2090 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2091 NULL, UINT64_MAX);
2c9b15ca 2092 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2093 NULL, UINT64_MAX);
e9179ce1
AK		 2094}
2095
ac1970fb 2096static void mem_begin(MemoryListener *listener)
00752703
PB		 2097{
2098 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2099 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2100 uint16_t n;
2101
a656e22f 2102 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2103 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2104 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2105 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2106 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2107 assert(n == PHYS_SECTION_ROM);
a656e22f 2108 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2109 assert(n == PHYS_SECTION_WATCH);
00752703 2110
9736e55b 2111 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2112 d->as = as;
2113 as->next_dispatch = d;
2114}
2115
79e2b9ae
PB		 2116static void address_space_dispatch_free(AddressSpaceDispatch *d)
2117{
2118 phys_sections_free(&d->map);
2119 g_free(d);
2120}
2121
00752703 2122static void mem_commit(MemoryListener *listener)
ac1970fb 2123{
89ae337a 2124 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2125 AddressSpaceDispatch *cur = as->dispatch;
2126 AddressSpaceDispatch *next = as->next_dispatch;
2127
53cb28cb 2128 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2129
79e2b9ae 2130 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2131 if (cur) {
79e2b9ae 2132 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2133 }
9affd6fc
PB		 2134}
2135
1d71148e 2136static void tcg_commit(MemoryListener *listener)
50c1e149 2137{
182735ef 2138 CPUState *cpu;
117712c3
AK		 2139
2140 /* since each CPU stores ram addresses in its TLB cache, we must
2141 reset the modified entries */
2142 /* XXX: slow ! */
bdc44640 2143 CPU_FOREACH(cpu) {
33bde2e1
EI		 2144 /* FIXME: Disentangle the cpu.h circular files deps so we can
2145 directly get the right CPU from listener. */
2146 if (cpu->tcg_as_listener != listener) {
2147 continue;
2148 }
76e5c76f 2149 cpu_reload_memory_map(cpu);
117712c3 2150 }
50c1e149
AK		 2151}
2152
93632747
AK		 2153static void core_log_global_start(MemoryListener *listener)
2154{
981fdf23 2155 cpu_physical_memory_set_dirty_tracking(true);
93632747
AK		 2156}
2157
2158static void core_log_global_stop(MemoryListener *listener)
2159{
981fdf23 2160 cpu_physical_memory_set_dirty_tracking(false);
93632747
AK		 2161}
2162
93632747 2163static MemoryListener core_memory_listener = {
93632747
AK		 2164 .log_global_start = core_log_global_start,
2165 .log_global_stop = core_log_global_stop,
ac1970fb 2166 .priority = 1,
93632747
AK		 2167};
2168
ac1970fb
AK		 2169void address_space_init_dispatch(AddressSpace *as)
2170{
00752703 2171 as->dispatch = NULL;
89ae337a 2172 as->dispatch_listener = (MemoryListener) {
ac1970fb 2173 .begin = mem_begin,
00752703 2174 .commit = mem_commit,
ac1970fb
AK		 2175 .region_add = mem_add,
2176 .region_nop = mem_add,
2177 .priority = 0,
2178 };
89ae337a 2179 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2180}
2181
6e48e8f9
PB		 2182void address_space_unregister(AddressSpace *as)
2183{
2184 memory_listener_unregister(&as->dispatch_listener);
2185}
2186
83f3c251
AK		 2187void address_space_destroy_dispatch(AddressSpace *as)
2188{
2189 AddressSpaceDispatch *d = as->dispatch;
2190
79e2b9ae
PB		 2191 atomic_rcu_set(&as->dispatch, NULL);
2192 if (d) {
2193 call_rcu(d, address_space_dispatch_free, rcu);
2194 }
83f3c251
AK		 2195}
2196
62152b8a
AK		 2197static void memory_map_init(void)
2198{
7267c094 2199 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2200
57271d63 2201 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2202 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2203
7267c094 2204 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2205 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2206 65536);
7dca8043 2207 address_space_init(&address_space_io, system_io, "I/O");
93632747 2208
f6790af6 2209 memory_listener_register(&core_memory_listener, &address_space_memory);
62152b8a
AK		 2210}
2211
2212MemoryRegion *get_system_memory(void)
2213{
2214 return system_memory;
2215}
2216
309cb471
AK		 2217MemoryRegion *get_system_io(void)
2218{
2219 return system_io;
2220}
2221
e2eef170
PB		 2222#endif /* !defined(CONFIG_USER_ONLY) */
2223
13eb76e0
FB		 2224/* physical memory access (slow version, mainly for debug) */
2225#if defined(CONFIG_USER_ONLY)
f17ec444 2226int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2227 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2228{
2229 int l, flags;
2230 target_ulong page;
53a5960a 2231 void * p;
13eb76e0
FB		 2232
2233 while (len > 0) {
2234 page = addr & TARGET_PAGE_MASK;
2235 l = (page + TARGET_PAGE_SIZE) - addr;
2236 if (l > len)
2237 l = len;
2238 flags = page_get_flags(page);
2239 if (!(flags & PAGE_VALID))
a68fe89c 2240 return -1;
13eb76e0
FB		 2241 if (is_write) {
2242 if (!(flags & PAGE_WRITE))
a68fe89c 2243 return -1;
579a97f7 2244 /* XXX: this code should not depend on lock_user */
72fb7daa 2245 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2246 return -1;
72fb7daa
AJ		 2247 memcpy(p, buf, l);
2248 unlock_user(p, addr, l);
13eb76e0
FB		 2249 } else {
2250 if (!(flags & PAGE_READ))
a68fe89c 2251 return -1;
579a97f7 2252 /* XXX: this code should not depend on lock_user */
72fb7daa 2253 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2254 return -1;
72fb7daa 2255 memcpy(buf, p, l);
5b257578 2256 unlock_user(p, addr, 0);
13eb76e0
FB		 2257 }
2258 len -= l;
2259 buf += l;
2260 addr += l;
2261 }
a68fe89c 2262 return 0;
13eb76e0 2263}
8df1cd07 2264
13eb76e0 2265#else
51d7a9eb 2266
a8170e5e
AK		 2267static void invalidate_and_set_dirty(hwaddr addr,
2268 hwaddr length)
51d7a9eb 2269{
f874bf90
PM		 2270 if (cpu_physical_memory_range_includes_clean(addr, length)) {
2271 tb_invalidate_phys_range(addr, addr + length, 0);
6886867e 2272 cpu_physical_memory_set_dirty_range_nocode(addr, length);
51d7a9eb 2273 }
e226939d 2274 xen_modified_memory(addr, length);
51d7a9eb
AP		 2275}
2276
23326164 2277static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2278{
e1622f4b 2279 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2280
2281 /* Regions are assumed to support 1-4 byte accesses unless
2282 otherwise specified. */
23326164
RH		 2283 if (access_size_max == 0) {
2284 access_size_max = 4;
2285 }
2286
2287 /* Bound the maximum access by the alignment of the address. */
2288 if (!mr->ops->impl.unaligned) {
2289 unsigned align_size_max = addr & -addr;
2290 if (align_size_max != 0 && align_size_max < access_size_max) {
2291 access_size_max = align_size_max;
2292 }
82f2563f 2293 }
23326164
RH		 2294
2295 /* Don't attempt accesses larger than the maximum. */
2296 if (l > access_size_max) {
2297 l = access_size_max;
82f2563f 2298 }
098178f2
PB		 2299 if (l & (l - 1)) {
2300 l = 1 << (qemu_fls(l) - 1);
2301 }
23326164
RH		 2302
2303 return l;
82f2563f
PB		 2304}
2305
fd8aaa76 2306bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 2307 int len, bool is_write)
13eb76e0 2308{
149f54b5 2309 hwaddr l;
13eb76e0 2310 uint8_t *ptr;
791af8c8 2311 uint64_t val;
149f54b5 2312 hwaddr addr1;
5c8a00ce 2313 MemoryRegion *mr;
fd8aaa76 2314 bool error = false;
3b46e624 2315
13eb76e0 2316 while (len > 0) {
149f54b5 2317 l = len;
5c8a00ce 2318 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2319
13eb76e0 2320 if (is_write) {
5c8a00ce
PB		 2321 if (!memory_access_is_direct(mr, is_write)) {
2322 l = memory_access_size(mr, l, addr1);
4917cf44 2323 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2324 potential bugs */
23326164
RH		 2325 switch (l) {
2326 case 8:
2327 /* 64 bit write access */
2328 val = ldq_p(buf);
2329 error |= io_mem_write(mr, addr1, val, 8);
2330 break;
2331 case 4:
1c213d19 2332 /* 32 bit write access */
c27004ec 2333 val = ldl_p(buf);
5c8a00ce 2334 error |= io_mem_write(mr, addr1, val, 4);
23326164
RH		 2335 break;
2336 case 2:
1c213d19 2337 /* 16 bit write access */
c27004ec 2338 val = lduw_p(buf);
5c8a00ce 2339 error |= io_mem_write(mr, addr1, val, 2);
23326164
RH		 2340 break;
2341 case 1:
1c213d19 2342 /* 8 bit write access */
c27004ec 2343 val = ldub_p(buf);
5c8a00ce 2344 error |= io_mem_write(mr, addr1, val, 1);
23326164
RH		 2345 break;
2346 default:
2347 abort();
13eb76e0 2348 }
2bbfa05d 2349 } else {
5c8a00ce 2350 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2351 /* RAM case */
5579c7f3 2352 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2353 memcpy(ptr, buf, l);
51d7a9eb 2354 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 2355 }
2356 } else {
5c8a00ce 2357 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2358 /* I/O case */
5c8a00ce 2359 l = memory_access_size(mr, l, addr1);
23326164
RH		 2360 switch (l) {
2361 case 8:
2362 /* 64 bit read access */
2363 error |= io_mem_read(mr, addr1, &val, 8);
2364 stq_p(buf, val);
2365 break;
2366 case 4:
13eb76e0 2367 /* 32 bit read access */
5c8a00ce 2368 error |= io_mem_read(mr, addr1, &val, 4);
c27004ec 2369 stl_p(buf, val);
23326164
RH		 2370 break;
2371 case 2:
13eb76e0 2372 /* 16 bit read access */
5c8a00ce 2373 error |= io_mem_read(mr, addr1, &val, 2);
c27004ec 2374 stw_p(buf, val);
23326164
RH		 2375 break;
2376 case 1:
1c213d19 2377 /* 8 bit read access */
5c8a00ce 2378 error |= io_mem_read(mr, addr1, &val, 1);
c27004ec 2379 stb_p(buf, val);
23326164
RH		 2380 break;
2381 default:
2382 abort();
13eb76e0
FB		 2383 }
2384 } else {
2385 /* RAM case */
5c8a00ce 2386 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2387 memcpy(buf, ptr, l);
13eb76e0
FB		 2388 }
2389 }
2390 len -= l;
2391 buf += l;
2392 addr += l;
2393 }
fd8aaa76
PB		 2394
2395 return error;
13eb76e0 2396}
8df1cd07 2397
fd8aaa76 2398bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 2399 const uint8_t *buf, int len)
2400{
fd8aaa76 2401 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 2402}
2403
fd8aaa76 2404bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 2405{
fd8aaa76 2406 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 2407}
2408
2409
a8170e5e 2410void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2411 int len, int is_write)
2412{
fd8aaa76 2413 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 2414}
2415
582b55a9
AG		 2416enum write_rom_type {
2417 WRITE_DATA,
2418 FLUSH_CACHE,
2419};
2420
2a221651 2421static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2422 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2423{
149f54b5 2424 hwaddr l;
d0ecd2aa 2425 uint8_t *ptr;
149f54b5 2426 hwaddr addr1;
5c8a00ce 2427 MemoryRegion *mr;
3b46e624 2428
d0ecd2aa 2429 while (len > 0) {
149f54b5 2430 l = len;
2a221651 2431 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2432
5c8a00ce
PB		 2433 if (!(memory_region_is_ram(mr) ||
2434 memory_region_is_romd(mr))) {
d0ecd2aa
FB		 2435 /* do nothing */
2436 } else {
5c8a00ce 2437 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2438 /* ROM/RAM case */
5579c7f3 2439 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2440 switch (type) {
2441 case WRITE_DATA:
2442 memcpy(ptr, buf, l);
2443 invalidate_and_set_dirty(addr1, l);
2444 break;
2445 case FLUSH_CACHE:
2446 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2447 break;
2448 }
d0ecd2aa
FB		 2449 }
2450 len -= l;
2451 buf += l;
2452 addr += l;
2453 }
2454}
2455
582b55a9 2456/* used for ROM loading : can write in RAM and ROM */
2a221651 2457void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2458 const uint8_t *buf, int len)
2459{
2a221651 2460 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2461}
2462
2463void cpu_flush_icache_range(hwaddr start, int len)
2464{
2465 /*
2466 * This function should do the same thing as an icache flush that was
2467 * triggered from within the guest. For TCG we are always cache coherent,
2468 * so there is no need to flush anything. For KVM / Xen we need to flush
2469 * the host's instruction cache at least.
2470 */
2471 if (tcg_enabled()) {
2472 return;
2473 }
2474
2a221651
EI		 2475 cpu_physical_memory_write_rom_internal(&address_space_memory,
2476 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2477}
2478
6d16c2f8 2479typedef struct {
d3e71559 2480 MemoryRegion *mr;
6d16c2f8 2481 void *buffer;
a8170e5e
AK		 2482 hwaddr addr;
2483 hwaddr len;
6d16c2f8
AL		 2484} BounceBuffer;
2485
2486static BounceBuffer bounce;
2487
ba223c29
AL		 2488typedef struct MapClient {
2489 void *opaque;
2490 void (*callback)(void *opaque);
72cf2d4f 2491 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2492} MapClient;
2493
72cf2d4f
BS		 2494static QLIST_HEAD(map_client_list, MapClient) map_client_list
2495 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2496
2497void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2498{
7267c094 2499 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2500
2501 client->opaque = opaque;
2502 client->callback = callback;
72cf2d4f 2503 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2504 return client;
2505}
2506
8b9c99d9 2507static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2508{
2509 MapClient *client = (MapClient *)_client;
2510
72cf2d4f 2511 QLIST_REMOVE(client, link);
7267c094 2512 g_free(client);
ba223c29
AL		 2513}
2514
2515static void cpu_notify_map_clients(void)
2516{
2517 MapClient *client;
2518
72cf2d4f
BS		 2519 while (!QLIST_EMPTY(&map_client_list)) {
2520 client = QLIST_FIRST(&map_client_list);
ba223c29 2521 client->callback(client->opaque);
34d5e948 2522 cpu_unregister_map_client(client);
ba223c29
AL		 2523 }
2524}
2525
51644ab7
PB		 2526bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2527{
5c8a00ce 2528 MemoryRegion *mr;
51644ab7
PB		 2529 hwaddr l, xlat;
2530
2531 while (len > 0) {
2532 l = len;
5c8a00ce
PB		 2533 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2534 if (!memory_access_is_direct(mr, is_write)) {
2535 l = memory_access_size(mr, l, addr);
2536 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2537 return false;
2538 }
2539 }
2540
2541 len -= l;
2542 addr += l;
2543 }
2544 return true;
2545}
2546
6d16c2f8
AL		 2547/* Map a physical memory region into a host virtual address.
2548 * May map a subset of the requested range, given by and returned in *plen.
2549 * May return NULL if resources needed to perform the mapping are exhausted.
2550 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2551 * Use cpu_register_map_client() to know when retrying the map operation is
2552 * likely to succeed.
6d16c2f8 2553 */
ac1970fb 2554void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2555 hwaddr addr,
2556 hwaddr *plen,
ac1970fb 2557 bool is_write)
6d16c2f8 2558{
a8170e5e 2559 hwaddr len = *plen;
e3127ae0
PB		 2560 hwaddr done = 0;
2561 hwaddr l, xlat, base;
2562 MemoryRegion *mr, *this_mr;
2563 ram_addr_t raddr;
6d16c2f8 2564
e3127ae0
PB		 2565 if (len == 0) {
2566 return NULL;
2567 }
38bee5dc 2568
e3127ae0
PB		 2569 l = len;
2570 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2571 if (!memory_access_is_direct(mr, is_write)) {
2572 if (bounce.buffer) {
2573 return NULL;
6d16c2f8 2574 }
e85d9db5
KW		 2575 /* Avoid unbounded allocations */
2576 l = MIN(l, TARGET_PAGE_SIZE);
2577 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2578 bounce.addr = addr;
2579 bounce.len = l;
d3e71559
PB		 2580
2581 memory_region_ref(mr);
2582 bounce.mr = mr;
e3127ae0
PB		 2583 if (!is_write) {
2584 address_space_read(as, addr, bounce.buffer, l);
8ab934f9 2585 }
6d16c2f8 2586
e3127ae0
PB		 2587 *plen = l;
2588 return bounce.buffer;
2589 }
2590
2591 base = xlat;
2592 raddr = memory_region_get_ram_addr(mr);
2593
2594 for (;;) {
6d16c2f8
AL		 2595 len -= l;
2596 addr += l;
e3127ae0
PB		 2597 done += l;
2598 if (len == 0) {
2599 break;
2600 }
2601
2602 l = len;
2603 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2604 if (this_mr != mr || xlat != base + done) {
2605 break;
2606 }
6d16c2f8 2607 }
e3127ae0 2608
d3e71559 2609 memory_region_ref(mr);
e3127ae0
PB		 2610 *plen = done;
2611 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2612}
2613
ac1970fb 2614/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2615 * Will also mark the memory as dirty if is_write == 1. access_len gives
2616 * the amount of memory that was actually read or written by the caller.
2617 */
a8170e5e
AK		 2618void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2619 int is_write, hwaddr access_len)
6d16c2f8
AL		 2620{
2621 if (buffer != bounce.buffer) {
d3e71559
PB		 2622 MemoryRegion *mr;
2623 ram_addr_t addr1;
2624
2625 mr = qemu_ram_addr_from_host(buffer, &addr1);
2626 assert(mr != NULL);
6d16c2f8 2627 if (is_write) {
6886867e 2628 invalidate_and_set_dirty(addr1, access_len);
6d16c2f8 2629 }
868bb33f 2630 if (xen_enabled()) {
e41d7c69 2631 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2632 }
d3e71559 2633 memory_region_unref(mr);
6d16c2f8
AL		 2634 return;
2635 }
2636 if (is_write) {
ac1970fb 2637 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2638 }
f8a83245 2639 qemu_vfree(bounce.buffer);
6d16c2f8 2640 bounce.buffer = NULL;
d3e71559 2641 memory_region_unref(bounce.mr);
ba223c29 2642 cpu_notify_map_clients();
6d16c2f8 2643}
d0ecd2aa 2644
a8170e5e
AK		 2645void *cpu_physical_memory_map(hwaddr addr,
2646 hwaddr *plen,
ac1970fb
AK		 2647 int is_write)
2648{
2649 return address_space_map(&address_space_memory, addr, plen, is_write);
2650}
2651
a8170e5e
AK		 2652void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2653 int is_write, hwaddr access_len)
ac1970fb
AK		 2654{
2655 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2656}
2657
8df1cd07 2658/* warning: addr must be aligned */
fdfba1a2 2659static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2660 enum device_endian endian)
8df1cd07 2661{
8df1cd07 2662 uint8_t *ptr;
791af8c8 2663 uint64_t val;
5c8a00ce 2664 MemoryRegion *mr;
149f54b5
PB		 2665 hwaddr l = 4;
2666 hwaddr addr1;
8df1cd07 2667
fdfba1a2 2668 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2669 if (l < 4 || !memory_access_is_direct(mr, false)) {
8df1cd07 2670 /* I/O case */
5c8a00ce 2671 io_mem_read(mr, addr1, &val, 4);
1e78bcc1
AG		 2672#if defined(TARGET_WORDS_BIGENDIAN)
2673 if (endian == DEVICE_LITTLE_ENDIAN) {
2674 val = bswap32(val);
2675 }
2676#else
2677 if (endian == DEVICE_BIG_ENDIAN) {
2678 val = bswap32(val);
2679 }
2680#endif
8df1cd07
FB		 2681 } else {
2682 /* RAM case */
5c8a00ce 2683 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2684 & TARGET_PAGE_MASK)
149f54b5 2685 + addr1);
1e78bcc1
AG		 2686 switch (endian) {
2687 case DEVICE_LITTLE_ENDIAN:
2688 val = ldl_le_p(ptr);
2689 break;
2690 case DEVICE_BIG_ENDIAN:
2691 val = ldl_be_p(ptr);
2692 break;
2693 default:
2694 val = ldl_p(ptr);
2695 break;
2696 }
8df1cd07
FB		 2697 }
2698 return val;
2699}
2700
fdfba1a2 2701uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2702{
fdfba1a2 2703 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2704}
2705
fdfba1a2 2706uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2707{
fdfba1a2 2708 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2709}
2710
fdfba1a2 2711uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2712{
fdfba1a2 2713 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2714}
2715
84b7b8e7 2716/* warning: addr must be aligned */
2c17449b 2717static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2718 enum device_endian endian)
84b7b8e7 2719{
84b7b8e7
FB		 2720 uint8_t *ptr;
2721 uint64_t val;
5c8a00ce 2722 MemoryRegion *mr;
149f54b5
PB		 2723 hwaddr l = 8;
2724 hwaddr addr1;
84b7b8e7 2725
2c17449b 2726 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2727 false);
2728 if (l < 8 || !memory_access_is_direct(mr, false)) {
84b7b8e7 2729 /* I/O case */
5c8a00ce 2730 io_mem_read(mr, addr1, &val, 8);
968a5627
PB		 2731#if defined(TARGET_WORDS_BIGENDIAN)
2732 if (endian == DEVICE_LITTLE_ENDIAN) {
2733 val = bswap64(val);
2734 }
2735#else
2736 if (endian == DEVICE_BIG_ENDIAN) {
2737 val = bswap64(val);
2738 }
84b7b8e7
FB		 2739#endif
2740 } else {
2741 /* RAM case */
5c8a00ce 2742 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2743 & TARGET_PAGE_MASK)
149f54b5 2744 + addr1);
1e78bcc1
AG		 2745 switch (endian) {
2746 case DEVICE_LITTLE_ENDIAN:
2747 val = ldq_le_p(ptr);
2748 break;
2749 case DEVICE_BIG_ENDIAN:
2750 val = ldq_be_p(ptr);
2751 break;
2752 default:
2753 val = ldq_p(ptr);
2754 break;
2755 }
84b7b8e7
FB		 2756 }
2757 return val;
2758}
2759
2c17449b 2760uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2761{
2c17449b 2762 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2763}
2764
2c17449b 2765uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2766{
2c17449b 2767 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2768}
2769
2c17449b 2770uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2771{
2c17449b 2772 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2773}
2774
aab33094 2775/* XXX: optimize */
2c17449b 2776uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
aab33094
FB		 2777{
2778 uint8_t val;
2c17449b 2779 address_space_rw(as, addr, &val, 1, 0);
aab33094
FB		 2780 return val;
2781}
2782
733f0b02 2783/* warning: addr must be aligned */
41701aa4 2784static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2785 enum device_endian endian)
aab33094 2786{
733f0b02
MT		 2787 uint8_t *ptr;
2788 uint64_t val;
5c8a00ce 2789 MemoryRegion *mr;
149f54b5
PB		 2790 hwaddr l = 2;
2791 hwaddr addr1;
733f0b02 2792
41701aa4 2793 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2794 false);
2795 if (l < 2 || !memory_access_is_direct(mr, false)) {
733f0b02 2796 /* I/O case */
5c8a00ce 2797 io_mem_read(mr, addr1, &val, 2);
1e78bcc1
AG		 2798#if defined(TARGET_WORDS_BIGENDIAN)
2799 if (endian == DEVICE_LITTLE_ENDIAN) {
2800 val = bswap16(val);
2801 }
2802#else
2803 if (endian == DEVICE_BIG_ENDIAN) {
2804 val = bswap16(val);
2805 }
2806#endif
733f0b02
MT		 2807 } else {
2808 /* RAM case */
5c8a00ce 2809 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2810 & TARGET_PAGE_MASK)
149f54b5 2811 + addr1);
1e78bcc1
AG		 2812 switch (endian) {
2813 case DEVICE_LITTLE_ENDIAN:
2814 val = lduw_le_p(ptr);
2815 break;
2816 case DEVICE_BIG_ENDIAN:
2817 val = lduw_be_p(ptr);
2818 break;
2819 default:
2820 val = lduw_p(ptr);
2821 break;
2822 }
733f0b02
MT		 2823 }
2824 return val;
aab33094
FB		 2825}
2826
41701aa4 2827uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2828{
41701aa4 2829 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2830}
2831
41701aa4 2832uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2833{
41701aa4 2834 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2835}
2836
41701aa4 2837uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2838{
41701aa4 2839 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2840}
2841
8df1cd07
FB		 2842/* warning: addr must be aligned. The ram page is not masked as dirty
2843 and the code inside is not invalidated. It is useful if the dirty
2844 bits are used to track modified PTEs */
2198a121 2845void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
8df1cd07 2846{
8df1cd07 2847 uint8_t *ptr;
5c8a00ce 2848 MemoryRegion *mr;
149f54b5
PB		 2849 hwaddr l = 4;
2850 hwaddr addr1;
8df1cd07 2851
2198a121 2852 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2853 true);
2854 if (l < 4 || !memory_access_is_direct(mr, true)) {
2855 io_mem_write(mr, addr1, val, 4);
8df1cd07 2856 } else {
5c8a00ce 2857 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2858 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2859 stl_p(ptr, val);
74576198
AL		 2860
2861 if (unlikely(in_migration)) {
a2cd8c85 2862 if (cpu_physical_memory_is_clean(addr1)) {
74576198
AL		 2863 /* invalidate code */
2864 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2865 /* set dirty bit */
6886867e 2866 cpu_physical_memory_set_dirty_range_nocode(addr1, 4);
74576198
AL		 2867 }
2868 }
8df1cd07
FB		 2869 }
2870}
2871
2872/* warning: addr must be aligned */
ab1da857
EI		 2873static inline void stl_phys_internal(AddressSpace *as,
2874 hwaddr addr, uint32_t val,
1e78bcc1 2875 enum device_endian endian)
8df1cd07 2876{
8df1cd07 2877 uint8_t *ptr;
5c8a00ce 2878 MemoryRegion *mr;
149f54b5
PB		 2879 hwaddr l = 4;
2880 hwaddr addr1;
8df1cd07 2881
ab1da857 2882 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2883 true);
2884 if (l < 4 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2885#if defined(TARGET_WORDS_BIGENDIAN)
2886 if (endian == DEVICE_LITTLE_ENDIAN) {
2887 val = bswap32(val);
2888 }
2889#else
2890 if (endian == DEVICE_BIG_ENDIAN) {
2891 val = bswap32(val);
2892 }
2893#endif
5c8a00ce 2894 io_mem_write(mr, addr1, val, 4);
8df1cd07 2895 } else {
8df1cd07 2896 /* RAM case */
5c8a00ce 2897 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2898 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2899 switch (endian) {
2900 case DEVICE_LITTLE_ENDIAN:
2901 stl_le_p(ptr, val);
2902 break;
2903 case DEVICE_BIG_ENDIAN:
2904 stl_be_p(ptr, val);
2905 break;
2906 default:
2907 stl_p(ptr, val);
2908 break;
2909 }
51d7a9eb 2910 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2911 }
2912}
2913
ab1da857 2914void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2915{
ab1da857 2916 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2917}
2918
ab1da857 2919void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2920{
ab1da857 2921 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2922}
2923
ab1da857 2924void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2925{
ab1da857 2926 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2927}
2928
aab33094 2929/* XXX: optimize */
db3be60d 2930void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
aab33094
FB		 2931{
2932 uint8_t v = val;
db3be60d 2933 address_space_rw(as, addr, &v, 1, 1);
aab33094
FB		 2934}
2935
733f0b02 2936/* warning: addr must be aligned */
5ce5944d
EI		 2937static inline void stw_phys_internal(AddressSpace *as,
2938 hwaddr addr, uint32_t val,
1e78bcc1 2939 enum device_endian endian)
aab33094 2940{
733f0b02 2941 uint8_t *ptr;
5c8a00ce 2942 MemoryRegion *mr;
149f54b5
PB		 2943 hwaddr l = 2;
2944 hwaddr addr1;
733f0b02 2945
5ce5944d 2946 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 2947 if (l < 2 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2948#if defined(TARGET_WORDS_BIGENDIAN)
2949 if (endian == DEVICE_LITTLE_ENDIAN) {
2950 val = bswap16(val);
2951 }
2952#else
2953 if (endian == DEVICE_BIG_ENDIAN) {
2954 val = bswap16(val);
2955 }
2956#endif
5c8a00ce 2957 io_mem_write(mr, addr1, val, 2);
733f0b02 2958 } else {
733f0b02 2959 /* RAM case */
5c8a00ce 2960 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 2961 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2962 switch (endian) {
2963 case DEVICE_LITTLE_ENDIAN:
2964 stw_le_p(ptr, val);
2965 break;
2966 case DEVICE_BIG_ENDIAN:
2967 stw_be_p(ptr, val);
2968 break;
2969 default:
2970 stw_p(ptr, val);
2971 break;
2972 }
51d7a9eb 2973 invalidate_and_set_dirty(addr1, 2);
733f0b02 2974 }
aab33094
FB		 2975}
2976
5ce5944d 2977void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2978{
5ce5944d 2979 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2980}
2981
5ce5944d 2982void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2983{
5ce5944d 2984 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2985}
2986
5ce5944d 2987void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2988{
5ce5944d 2989 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2990}
2991
aab33094 2992/* XXX: optimize */
f606604f 2993void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
aab33094
FB		 2994{
2995 val = tswap64(val);
f606604f 2996 address_space_rw(as, addr, (void *) &val, 8, 1);
aab33094
FB		 2997}
2998
f606604f 2999void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1
AG		 3000{
3001 val = cpu_to_le64(val);
f606604f 3002 address_space_rw(as, addr, (void *) &val, 8, 1);
1e78bcc1
AG		 3003}
3004
f606604f 3005void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1
AG		 3006{
3007 val = cpu_to_be64(val);
f606604f 3008 address_space_rw(as, addr, (void *) &val, 8, 1);
1e78bcc1
AG		 3009}
3010
5e2972fd 3011/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3012int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3013 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3014{
3015 int l;
a8170e5e 3016 hwaddr phys_addr;
9b3c35e0 3017 target_ulong page;
13eb76e0
FB		 3018
3019 while (len > 0) {
3020 page = addr & TARGET_PAGE_MASK;
f17ec444 3021 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3022 /* if no physical page mapped, return an error */
3023 if (phys_addr == -1)
3024 return -1;
3025 l = (page + TARGET_PAGE_SIZE) - addr;
3026 if (l > len)
3027 l = len;
5e2972fd 3028 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3029 if (is_write) {
3030 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3031 } else {
3032 address_space_rw(cpu->as, phys_addr, buf, l, 0);
3033 }
13eb76e0
FB		 3034 len -= l;
3035 buf += l;
3036 addr += l;
3037 }
3038 return 0;
3039}
a68fe89c 3040#endif
13eb76e0 3041
8e4a424b
BS		 3042/*
3043 * A helper function for the _utterly broken_ virtio device model to find out if
3044 * it's running on a big endian machine. Don't do this at home kids!
3045 */
98ed8ecf
GK		 3046bool target_words_bigendian(void);
3047bool target_words_bigendian(void)
8e4a424b
BS		 3048{
3049#if defined(TARGET_WORDS_BIGENDIAN)
3050 return true;
3051#else
3052 return false;
3053#endif
3054}
3055
76f35538 3056#ifndef CONFIG_USER_ONLY
a8170e5e 3057bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3058{
5c8a00ce 3059 MemoryRegion*mr;
149f54b5 3060 hwaddr l = 1;
76f35538 3061
5c8a00ce
PB		 3062 mr = address_space_translate(&address_space_memory,
3063 phys_addr, &phys_addr, &l, false);
76f35538 3064
5c8a00ce
PB		 3065 return !(memory_region_is_ram(mr) ||
3066 memory_region_is_romd(mr));
76f35538 3067}
bd2fa51f
MH		 3068
3069void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3070{
3071 RAMBlock *block;
3072
0dc3f44a
MD		 3073 rcu_read_lock();
3074 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 3075 func(block->host, block->offset, block->used_length, opaque);
bd2fa51f 3076 }
0dc3f44a 3077 rcu_read_unlock();
bd2fa51f 3078}
ec3f8c99 3079#endif
Empty description
This page took 1.470285 seconds and 4 git commands to generate.