]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
README: fill out some useful quickstart information
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
0cac1b66 53
022c62cb 54#include "exec/memory-internal.h"
220c3ebd 55#include "exec/ram_addr.h"
67d95c15 56
b35ba30f
MT		 57#include "qemu/range.h"
58
db7b5426 59//#define DEBUG_SUBPAGE
1196be37 60
e2eef170 61#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 62/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
0d53d9fe 65RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 66
67static MemoryRegion *system_memory;
309cb471 68static MemoryRegion *system_io;
62152b8a 69
f6790af6
AK		 70AddressSpace address_space_io;
71AddressSpace address_space_memory;
2673a5da 72
0844e007 73MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 74static MemoryRegion io_mem_unassigned;
0e0df1e2 75
7bd4f430
PB		 76/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77#define RAM_PREALLOC (1 << 0)
78
dbcb8981
PB		 79/* RAM is mmap-ed with MAP_SHARED */
80#define RAM_SHARED (1 << 1)
81
62be4e3a
MT		 82/* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85#define RAM_RESIZEABLE (1 << 2)
86
8561c924
MT		 87/* An extra page is mapped on top of this RAM.
88 */
89#define RAM_EXTRA (1 << 3)
e2eef170 90#endif
9fa3e853 91
bdc44640 92struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 93/* current CPU in the current thread. It is only valid inside
94 cpu_exec() */
f240eb6f 95__thread CPUState *current_cpu;
2e70f6ef 96/* 0 = Do not count executed instructions.
bf20dc07 97 1 = Precise instruction counting.
2e70f6ef 98 2 = Adaptive rate instruction counting. */
5708fc66 99int use_icount;
6a00d601 100
e2eef170 101#if !defined(CONFIG_USER_ONLY)
4346ae3e 102
1db8abb1
PB		 103typedef struct PhysPageEntry PhysPageEntry;
104
105struct PhysPageEntry {
9736e55b 106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 107 uint32_t skip : 6;
9736e55b 108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 109 uint32_t ptr : 26;
1db8abb1
PB		 110};
111
8b795765
MT		 112#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113
03f49957 114/* Size of the L2 (and L3, etc) page tables. */
57271d63 115#define ADDR_SPACE_BITS 64
03f49957 116
026736ce 117#define P_L2_BITS 9
03f49957
PB		 118#define P_L2_SIZE (1 << P_L2_BITS)
119
120#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121
122typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 123
53cb28cb 124typedef struct PhysPageMap {
79e2b9ae
PB		 125 struct rcu_head rcu;
126
53cb28cb
MA		 127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
129 unsigned nodes_nb;
130 unsigned nodes_nb_alloc;
131 Node *nodes;
132 MemoryRegionSection *sections;
133} PhysPageMap;
134
1db8abb1 135struct AddressSpaceDispatch {
79e2b9ae
PB		 136 struct rcu_head rcu;
137
1db8abb1
PB		 138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
140 */
141 PhysPageEntry phys_map;
53cb28cb 142 PhysPageMap map;
acc9d80b 143 AddressSpace *as;
1db8abb1
PB		 144};
145
90260c6c
JK		 146#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147typedef struct subpage_t {
148 MemoryRegion iomem;
acc9d80b 149 AddressSpace *as;
90260c6c
JK		 150 hwaddr base;
151 uint16_t sub_section[TARGET_PAGE_SIZE];
152} subpage_t;
153
b41aac4f
LPF		 154#define PHYS_SECTION_UNASSIGNED 0
155#define PHYS_SECTION_NOTDIRTY 1
156#define PHYS_SECTION_ROM 2
157#define PHYS_SECTION_WATCH 3
5312bd8b 158
e2eef170 159static void io_mem_init(void);
62152b8a 160static void memory_map_init(void);
09daed84 161static void tcg_commit(MemoryListener *listener);
e2eef170 162
1ec9b909 163static MemoryRegion io_mem_watch;
32857f4d
PM		 164
165/**
166 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
167 * @cpu: the CPU whose AddressSpace this is
168 * @as: the AddressSpace itself
169 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
170 * @tcg_as_listener: listener for tracking changes to the AddressSpace
171 */
172struct CPUAddressSpace {
173 CPUState *cpu;
174 AddressSpace *as;
175 struct AddressSpaceDispatch *memory_dispatch;
176 MemoryListener tcg_as_listener;
177};
178
6658ffb8 179#endif
fd6ce8f6 180
6d9a1304 181#if !defined(CONFIG_USER_ONLY)
d6f2ea22 182
53cb28cb 183static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 184{
53cb28cb
MA		 185 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
186 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
188 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 189 }
f7bf5461
AK		 190}
191
db94604b 192static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 193{
194 unsigned i;
8b795765 195 uint32_t ret;
db94604b
PB		 196 PhysPageEntry e;
197 PhysPageEntry *p;
f7bf5461 198
53cb28cb 199 ret = map->nodes_nb++;
db94604b 200 p = map->nodes[ret];
f7bf5461 201 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 202 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 203
204 e.skip = leaf ? 0 : 1;
205 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 206 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 207 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 208 }
f7bf5461 209 return ret;
d6f2ea22
AK		 210}
211
53cb28cb
MA		 212static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
213 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 214 int level)
f7bf5461
AK		 215{
216 PhysPageEntry *p;
03f49957 217 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 218
9736e55b 219 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 220 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 221 }
db94604b 222 p = map->nodes[lp->ptr];
03f49957 223 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 224
03f49957 225 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 226 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 227 lp->skip = 0;
c19e8800 228 lp->ptr = leaf;
07f07b31
AK		 229 *index += step;
230 *nb -= step;
2999097b 231 } else {
53cb28cb 232 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 233 }
234 ++lp;
f7bf5461
AK		 235 }
236}
237
ac1970fb 238static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 239 hwaddr index, hwaddr nb,
2999097b 240 uint16_t leaf)
f7bf5461 241{
2999097b 242 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 243 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 244
53cb28cb 245 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 246}
247
b35ba30f
MT		 248/* Compact a non leaf page entry. Simply detect that the entry has a single child,
249 * and update our entry so we can skip it and go directly to the destination.
250 */
251static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
252{
253 unsigned valid_ptr = P_L2_SIZE;
254 int valid = 0;
255 PhysPageEntry *p;
256 int i;
257
258 if (lp->ptr == PHYS_MAP_NODE_NIL) {
259 return;
260 }
261
262 p = nodes[lp->ptr];
263 for (i = 0; i < P_L2_SIZE; i++) {
264 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
265 continue;
266 }
267
268 valid_ptr = i;
269 valid++;
270 if (p[i].skip) {
271 phys_page_compact(&p[i], nodes, compacted);
272 }
273 }
274
275 /* We can only compress if there's only one child. */
276 if (valid != 1) {
277 return;
278 }
279
280 assert(valid_ptr < P_L2_SIZE);
281
282 /* Don't compress if it won't fit in the # of bits we have. */
283 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
284 return;
285 }
286
287 lp->ptr = p[valid_ptr].ptr;
288 if (!p[valid_ptr].skip) {
289 /* If our only child is a leaf, make this a leaf. */
290 /* By design, we should have made this node a leaf to begin with so we
291 * should never reach here.
292 * But since it's so simple to handle this, let's do it just in case we
293 * change this rule.
294 */
295 lp->skip = 0;
296 } else {
297 lp->skip += p[valid_ptr].skip;
298 }
299}
300
301static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
302{
303 DECLARE_BITMAP(compacted, nodes_nb);
304
305 if (d->phys_map.skip) {
53cb28cb 306 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 307 }
308}
309
97115a8d 310static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 311 Node *nodes, MemoryRegionSection *sections)
92e873b9 312{
31ab2b4a 313 PhysPageEntry *p;
97115a8d 314 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 315 int i;
f1f6e3b8 316
9736e55b 317 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 318 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 319 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 320 }
9affd6fc 321 p = nodes[lp.ptr];
03f49957 322 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 323 }
b35ba30f
MT		 324
325 if (sections[lp.ptr].size.hi ||
326 range_covers_byte(sections[lp.ptr].offset_within_address_space,
327 sections[lp.ptr].size.lo, addr)) {
328 return &sections[lp.ptr];
329 } else {
330 return &sections[PHYS_SECTION_UNASSIGNED];
331 }
f3705d53
AK		 332}
333
e5548617
BS		 334bool memory_region_is_unassigned(MemoryRegion *mr)
335{
2a8e7499 336 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 337 && mr != &io_mem_watch;
fd6ce8f6 338}
149f54b5 339
79e2b9ae 340/* Called from RCU critical section */
c7086b4a 341static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 342 hwaddr addr,
343 bool resolve_subpage)
9f029603 344{
90260c6c
JK		 345 MemoryRegionSection *section;
346 subpage_t *subpage;
347
53cb28cb 348 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 349 if (resolve_subpage && section->mr->subpage) {
350 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 351 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 352 }
353 return section;
9f029603
JK		 354}
355
79e2b9ae 356/* Called from RCU critical section */
90260c6c 357static MemoryRegionSection *
c7086b4a 358address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 359 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 360{
361 MemoryRegionSection *section;
965eb2fc 362 MemoryRegion *mr;
a87f3954 363 Int128 diff;
149f54b5 364
c7086b4a 365 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 366 /* Compute offset within MemoryRegionSection */
367 addr -= section->offset_within_address_space;
368
369 /* Compute offset within MemoryRegion */
370 *xlat = addr + section->offset_within_region;
371
965eb2fc 372 mr = section->mr;
b242e0e0
PB		 373
374 /* MMIO registers can be expected to perform full-width accesses based only
375 * on their address, without considering adjacent registers that could
376 * decode to completely different MemoryRegions. When such registers
377 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
378 * regions overlap wildly. For this reason we cannot clamp the accesses
379 * here.
380 *
381 * If the length is small (as is the case for address_space_ldl/stl),
382 * everything works fine. If the incoming length is large, however,
383 * the caller really has to do the clamping through memory_access_size.
384 */
965eb2fc 385 if (memory_region_is_ram(mr)) {
e4a511f8 386 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 387 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
388 }
149f54b5
PB		 389 return section;
390}
90260c6c 391
a87f3954
PB		 392static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
393{
394 if (memory_region_is_ram(mr)) {
395 return !(is_write && mr->readonly);
396 }
397 if (memory_region_is_romd(mr)) {
398 return !is_write;
399 }
400
401 return false;
402}
403
41063e1e 404/* Called from RCU critical section */
5c8a00ce
PB		 405MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
406 hwaddr *xlat, hwaddr *plen,
407 bool is_write)
90260c6c 408{
30951157
AK		 409 IOMMUTLBEntry iotlb;
410 MemoryRegionSection *section;
411 MemoryRegion *mr;
30951157
AK		 412
413 for (;;) {
79e2b9ae
PB		 414 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
415 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 416 mr = section->mr;
417
418 if (!mr->iommu_ops) {
419 break;
420 }
421
8d7b8cb9 422 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 423 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
424 | (addr & iotlb.addr_mask));
23820dbf 425 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 426 if (!(iotlb.perm & (1 << is_write))) {
427 mr = &io_mem_unassigned;
428 break;
429 }
430
431 as = iotlb.target_as;
432 }
433
fe680d0d 434 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 435 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 436 *plen = MIN(page, *plen);
a87f3954
PB		 437 }
438
30951157
AK		 439 *xlat = addr;
440 return mr;
90260c6c
JK		 441}
442
79e2b9ae 443/* Called from RCU critical section */
90260c6c 444MemoryRegionSection *
9d82b5a7
PB		 445address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
446 hwaddr *xlat, hwaddr *plen)
90260c6c 447{
30951157 448 MemoryRegionSection *section;
32857f4d 449 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 450 addr, xlat, plen, false);
30951157
AK		 451
452 assert(!section->mr->iommu_ops);
453 return section;
90260c6c 454}
5b6dd868 455#endif
fd6ce8f6 456
b170fce3 457#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 458
459static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 460{
259186a7 461 CPUState *cpu = opaque;
a513fe19 462
5b6dd868
BS		 463 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
464 version_id is increased. */
259186a7 465 cpu->interrupt_request &= ~0x01;
c01a71c1 466 tlb_flush(cpu, 1);
5b6dd868
BS		 467
468 return 0;
a513fe19 469}
7501267e 470
6c3bff0e
PD		 471static int cpu_common_pre_load(void *opaque)
472{
473 CPUState *cpu = opaque;
474
adee6424 475 cpu->exception_index = -1;
6c3bff0e
PD		 476
477 return 0;
478}
479
480static bool cpu_common_exception_index_needed(void *opaque)
481{
482 CPUState *cpu = opaque;
483
adee6424 484 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 485}
486
487static const VMStateDescription vmstate_cpu_common_exception_index = {
488 .name = "cpu_common/exception_index",
489 .version_id = 1,
490 .minimum_version_id = 1,
5cd8cada 491 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 492 .fields = (VMStateField[]) {
493 VMSTATE_INT32(exception_index, CPUState),
494 VMSTATE_END_OF_LIST()
495 }
496};
497
bac05aa9
AS		 498static bool cpu_common_crash_occurred_needed(void *opaque)
499{
500 CPUState *cpu = opaque;
501
502 return cpu->crash_occurred;
503}
504
505static const VMStateDescription vmstate_cpu_common_crash_occurred = {
506 .name = "cpu_common/crash_occurred",
507 .version_id = 1,
508 .minimum_version_id = 1,
509 .needed = cpu_common_crash_occurred_needed,
510 .fields = (VMStateField[]) {
511 VMSTATE_BOOL(crash_occurred, CPUState),
512 VMSTATE_END_OF_LIST()
513 }
514};
515
1a1562f5 516const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 517 .name = "cpu_common",
518 .version_id = 1,
519 .minimum_version_id = 1,
6c3bff0e 520 .pre_load = cpu_common_pre_load,
5b6dd868 521 .post_load = cpu_common_post_load,
35d08458 522 .fields = (VMStateField[]) {
259186a7
AF		 523 VMSTATE_UINT32(halted, CPUState),
524 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 525 VMSTATE_END_OF_LIST()
6c3bff0e 526 },
5cd8cada
JQ		 527 .subsections = (const VMStateDescription*[]) {
528 &vmstate_cpu_common_exception_index,
bac05aa9 529 &vmstate_cpu_common_crash_occurred,
5cd8cada 530 NULL
5b6dd868
BS		 531 }
532};
1a1562f5 533
5b6dd868 534#endif
ea041c0e 535
38d8f5c8 536CPUState *qemu_get_cpu(int index)
ea041c0e 537{
bdc44640 538 CPUState *cpu;
ea041c0e 539
bdc44640 540 CPU_FOREACH(cpu) {
55e5c285 541 if (cpu->cpu_index == index) {
bdc44640 542 return cpu;
55e5c285 543 }
ea041c0e 544 }
5b6dd868 545
bdc44640 546 return NULL;
ea041c0e
FB		 547}
548
09daed84
EI		 549#if !defined(CONFIG_USER_ONLY)
550void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
551{
552 /* We only support one address space per cpu at the moment. */
553 assert(cpu->as == as);
554
32857f4d
PM		 555 if (cpu->cpu_ases) {
556 /* We've already registered the listener for our only AS */
557 return;
09daed84 558 }
32857f4d
PM		 559
560 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
561 cpu->cpu_ases[0].cpu = cpu;
562 cpu->cpu_ases[0].as = as;
563 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 565}
566#endif
567
b7bca733
BR		 568#ifndef CONFIG_USER_ONLY
569static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
570
571static int cpu_get_free_index(Error **errp)
572{
573 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
574
575 if (cpu >= MAX_CPUMASK_BITS) {
576 error_setg(errp, "Trying to use more CPUs than max of %d",
577 MAX_CPUMASK_BITS);
578 return -1;
579 }
580
581 bitmap_set(cpu_index_map, cpu, 1);
582 return cpu;
583}
584
585void cpu_exec_exit(CPUState *cpu)
586{
587 if (cpu->cpu_index == -1) {
588 /* cpu_index was never allocated by this @cpu or was already freed. */
589 return;
590 }
591
592 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
593 cpu->cpu_index = -1;
594}
595#else
596
597static int cpu_get_free_index(Error **errp)
598{
599 CPUState *some_cpu;
600 int cpu_index = 0;
601
602 CPU_FOREACH(some_cpu) {
603 cpu_index++;
604 }
605 return cpu_index;
606}
607
608void cpu_exec_exit(CPUState *cpu)
609{
610}
611#endif
612
4bad9e39 613void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 614{
b170fce3 615 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 616 int cpu_index;
b7bca733 617 Error *local_err = NULL;
5b6dd868 618
291135b5
EH		 619#ifndef CONFIG_USER_ONLY
620 cpu->as = &address_space_memory;
621 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 622#endif
623
5b6dd868
BS		 624#if defined(CONFIG_USER_ONLY)
625 cpu_list_lock();
626#endif
b7bca733
BR		 627 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
628 if (local_err) {
629 error_propagate(errp, local_err);
630#if defined(CONFIG_USER_ONLY)
631 cpu_list_unlock();
632#endif
633 return;
5b6dd868 634 }
bdc44640 635 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 636#if defined(CONFIG_USER_ONLY)
637 cpu_list_unlock();
638#endif
e0d47944
AF		 639 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
640 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
641 }
5b6dd868 642#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 643 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 644 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 645 assert(cc->vmsd == NULL);
e0d47944 646 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 647#endif
b170fce3
AF		 648 if (cc->vmsd != NULL) {
649 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
650 }
ea041c0e
FB		 651}
652
94df27fd 653#if defined(CONFIG_USER_ONLY)
00b941e5 654static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 655{
656 tb_invalidate_phys_page_range(pc, pc + 1, 0);
657}
658#else
00b941e5 659static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 660{
e8262a1b
MF		 661 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
662 if (phys != -1) {
09daed84 663 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 664 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 665 }
1e7855a5 666}
c27004ec 667#endif
d720b93d 668
c527ee8f 669#if defined(CONFIG_USER_ONLY)
75a34036 670void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 671
672{
673}
674
3ee887e8
PM		 675int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
676 int flags)
677{
678 return -ENOSYS;
679}
680
681void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
682{
683}
684
75a34036 685int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 686 int flags, CPUWatchpoint **watchpoint)
687{
688 return -ENOSYS;
689}
690#else
6658ffb8 691/* Add a watchpoint. */
75a34036 692int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 693 int flags, CPUWatchpoint **watchpoint)
6658ffb8 694{
c0ce998e 695 CPUWatchpoint *wp;
6658ffb8 696
05068c0d 697 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 698 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 699 error_report("tried to set invalid watchpoint at %"
700 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 701 return -EINVAL;
702 }
7267c094 703 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 704
705 wp->vaddr = addr;
05068c0d 706 wp->len = len;
a1d1bb31
AL		 707 wp->flags = flags;
708
2dc9f411 709 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
714 }
6658ffb8 715
31b030d4 716 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 717
718 if (watchpoint)
719 *watchpoint = wp;
720 return 0;
6658ffb8
PB		 721}
722
a1d1bb31 723/* Remove a specific watchpoint. */
75a34036 724int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 725 int flags)
6658ffb8 726{
a1d1bb31 727 CPUWatchpoint *wp;
6658ffb8 728
ff4700b0 729 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 730 if (addr == wp->vaddr && len == wp->len
6e140f28 731 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 732 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 733 return 0;
734 }
735 }
a1d1bb31 736 return -ENOENT;
6658ffb8
PB		 737}
738
a1d1bb31 739/* Remove a specific watchpoint by reference. */
75a34036 740void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 741{
ff4700b0 742 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 743
31b030d4 744 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 745
7267c094 746 g_free(watchpoint);
a1d1bb31
AL		 747}
748
749/* Remove all matching watchpoints. */
75a34036 750void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 751{
c0ce998e 752 CPUWatchpoint *wp, *next;
a1d1bb31 753
ff4700b0 754 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 755 if (wp->flags & mask) {
756 cpu_watchpoint_remove_by_ref(cpu, wp);
757 }
c0ce998e 758 }
7d03f82f 759}
05068c0d
PM		 760
761/* Return true if this watchpoint address matches the specified
762 * access (ie the address range covered by the watchpoint overlaps
763 * partially or completely with the address range covered by the
764 * access).
765 */
766static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
767 vaddr addr,
768 vaddr len)
769{
770 /* We know the lengths are non-zero, but a little caution is
771 * required to avoid errors in the case where the range ends
772 * exactly at the top of the address space and so addr + len
773 * wraps round to zero.
774 */
775 vaddr wpend = wp->vaddr + wp->len - 1;
776 vaddr addrend = addr + len - 1;
777
778 return !(addr > wpend || wp->vaddr > addrend);
779}
780
c527ee8f 781#endif
7d03f82f 782
a1d1bb31 783/* Add a breakpoint. */
b3310ab3 784int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 785 CPUBreakpoint **breakpoint)
4c3a88a2 786{
c0ce998e 787 CPUBreakpoint *bp;
3b46e624 788
7267c094 789 bp = g_malloc(sizeof(*bp));
4c3a88a2 790
a1d1bb31
AL		 791 bp->pc = pc;
792 bp->flags = flags;
793
2dc9f411 794 /* keep all GDB-injected breakpoints in front */
00b941e5 795 if (flags & BP_GDB) {
f0c3c505 796 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 797 } else {
f0c3c505 798 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 799 }
3b46e624 800
f0c3c505 801 breakpoint_invalidate(cpu, pc);
a1d1bb31 802
00b941e5 803 if (breakpoint) {
a1d1bb31 804 *breakpoint = bp;
00b941e5 805 }
4c3a88a2 806 return 0;
4c3a88a2
FB		 807}
808
a1d1bb31 809/* Remove a specific breakpoint. */
b3310ab3 810int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 811{
a1d1bb31
AL		 812 CPUBreakpoint *bp;
813
f0c3c505 814 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 815 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 816 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 817 return 0;
818 }
7d03f82f 819 }
a1d1bb31 820 return -ENOENT;
7d03f82f
EI		 821}
822
a1d1bb31 823/* Remove a specific breakpoint by reference. */
b3310ab3 824void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 825{
f0c3c505
AF		 826 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
827
828 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 829
7267c094 830 g_free(breakpoint);
a1d1bb31
AL		 831}
832
833/* Remove all matching breakpoints. */
b3310ab3 834void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 835{
c0ce998e 836 CPUBreakpoint *bp, *next;
a1d1bb31 837
f0c3c505 838 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 839 if (bp->flags & mask) {
840 cpu_breakpoint_remove_by_ref(cpu, bp);
841 }
c0ce998e 842 }
4c3a88a2
FB		 843}
844
c33a346e
FB		 845/* enable or disable single step mode. EXCP_DEBUG is returned by the
846 CPU loop after each instruction */
3825b28f 847void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 848{
ed2803da
AF		 849 if (cpu->singlestep_enabled != enabled) {
850 cpu->singlestep_enabled = enabled;
851 if (kvm_enabled()) {
38e478ec 852 kvm_update_guest_debug(cpu, 0);
ed2803da 853 } else {
ccbb4d44 854 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 855 /* XXX: only flush what is necessary */
bbd77c18 856 tb_flush(cpu);
e22a25c9 857 }
c33a346e 858 }
c33a346e
FB		 859}
860
a47dddd7 861void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 862{
863 va_list ap;
493ae1f0 864 va_list ap2;
7501267e
FB		 865
866 va_start(ap, fmt);
493ae1f0 867 va_copy(ap2, ap);
7501267e
FB		 868 fprintf(stderr, "qemu: fatal: ");
869 vfprintf(stderr, fmt, ap);
870 fprintf(stderr, "\n");
878096ee 871 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 872 if (qemu_log_enabled()) {
873 qemu_log("qemu: fatal: ");
874 qemu_log_vprintf(fmt, ap2);
875 qemu_log("\n");
a0762859 876 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 877 qemu_log_flush();
93fcfe39 878 qemu_log_close();
924edcae 879 }
493ae1f0 880 va_end(ap2);
f9373291 881 va_end(ap);
fd052bf6
RV		 882#if defined(CONFIG_USER_ONLY)
883 {
884 struct sigaction act;
885 sigfillset(&act.sa_mask);
886 act.sa_handler = SIG_DFL;
887 sigaction(SIGABRT, &act, NULL);
888 }
889#endif
7501267e
FB		 890 abort();
891}
892
0124311e 893#if !defined(CONFIG_USER_ONLY)
0dc3f44a 894/* Called from RCU critical section */
041603fe
PB		 895static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
896{
897 RAMBlock *block;
898
43771539 899 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 900 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 901 goto found;
902 }
0dc3f44a 903 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 904 if (addr - block->offset < block->max_length) {
041603fe
PB		 905 goto found;
906 }
907 }
908
909 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
910 abort();
911
912found:
43771539
PB		 913 /* It is safe to write mru_block outside the iothread lock. This
914 * is what happens:
915 *
916 * mru_block = xxx
917 * rcu_read_unlock()
918 * xxx removed from list
919 * rcu_read_lock()
920 * read mru_block
921 * mru_block = NULL;
922 * call_rcu(reclaim_ramblock, xxx);
923 * rcu_read_unlock()
924 *
925 * atomic_rcu_set is not needed here. The block was already published
926 * when it was placed into the list. Here we're just making an extra
927 * copy of the pointer.
928 */
041603fe
PB		 929 ram_list.mru_block = block;
930 return block;
931}
932
a2f4d5be 933static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 934{
9a13565d 935 CPUState *cpu;
041603fe 936 ram_addr_t start1;
a2f4d5be
JQ		 937 RAMBlock *block;
938 ram_addr_t end;
939
940 end = TARGET_PAGE_ALIGN(start + length);
941 start &= TARGET_PAGE_MASK;
d24981d3 942
0dc3f44a 943 rcu_read_lock();
041603fe
PB		 944 block = qemu_get_ram_block(start);
945 assert(block == qemu_get_ram_block(end - 1));
1240be24 946 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 947 CPU_FOREACH(cpu) {
948 tlb_reset_dirty(cpu, start1, length);
949 }
0dc3f44a 950 rcu_read_unlock();
d24981d3
JQ		 951}
952
5579c7f3 953/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 954bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
955 ram_addr_t length,
956 unsigned client)
1ccde1cb 957{
03eebc9e
SH		 958 unsigned long end, page;
959 bool dirty;
960
961 if (length == 0) {
962 return false;
963 }
f23db169 964
03eebc9e
SH		 965 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
966 page = start >> TARGET_PAGE_BITS;
967 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
968 page, end - page);
969
970 if (dirty && tcg_enabled()) {
a2f4d5be 971 tlb_reset_dirty_range_all(start, length);
5579c7f3 972 }
03eebc9e
SH		 973
974 return dirty;
1ccde1cb
FB		 975}
976
79e2b9ae 977/* Called from RCU critical section */
bb0e627a 978hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 979 MemoryRegionSection *section,
980 target_ulong vaddr,
981 hwaddr paddr, hwaddr xlat,
982 int prot,
983 target_ulong *address)
e5548617 984{
a8170e5e 985 hwaddr iotlb;
e5548617
BS		 986 CPUWatchpoint *wp;
987
cc5bea60 988 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 989 /* Normal RAM. */
990 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 991 + xlat;
e5548617 992 if (!section->readonly) {
b41aac4f 993 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 994 } else {
b41aac4f 995 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 996 }
997 } else {
0b8e2c10
PM		 998 AddressSpaceDispatch *d;
999
1000 d = atomic_rcu_read(&section->address_space->dispatch);
1001 iotlb = section - d->map.sections;
149f54b5 1002 iotlb += xlat;
e5548617
BS		 1003 }
1004
1005 /* Make accesses to pages with watchpoints go via the
1006 watchpoint trap routines. */
ff4700b0 1007 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1008 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1009 /* Avoid trapping reads of pages with a write breakpoint. */
1010 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1011 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1012 *address |= TLB_MMIO;
1013 break;
1014 }
1015 }
1016 }
1017
1018 return iotlb;
1019}
9fa3e853
FB		 1020#endif /* defined(CONFIG_USER_ONLY) */
1021
e2eef170 1022#if !defined(CONFIG_USER_ONLY)
8da3ff18 1023
c227f099 1024static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1025 uint16_t section);
acc9d80b 1026static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1027
a2b257d6
IM		 1028static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1029 qemu_anon_ram_alloc;
91138037
MA		 1030
1031/*
1032 * Set a custom physical guest memory alloator.
1033 * Accelerators with unusual needs may need this. Hopefully, we can
1034 * get rid of it eventually.
1035 */
a2b257d6 1036void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1037{
1038 phys_mem_alloc = alloc;
1039}
1040
53cb28cb
MA		 1041static uint16_t phys_section_add(PhysPageMap *map,
1042 MemoryRegionSection *section)
5312bd8b 1043{
68f3f65b
PB		 1044 /* The physical section number is ORed with a page-aligned
1045 * pointer to produce the iotlb entries. Thus it should
1046 * never overflow into the page-aligned value.
1047 */
53cb28cb 1048 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1049
53cb28cb
MA		 1050 if (map->sections_nb == map->sections_nb_alloc) {
1051 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1052 map->sections = g_renew(MemoryRegionSection, map->sections,
1053 map->sections_nb_alloc);
5312bd8b 1054 }
53cb28cb 1055 map->sections[map->sections_nb] = *section;
dfde4e6e 1056 memory_region_ref(section->mr);
53cb28cb 1057 return map->sections_nb++;
5312bd8b
AK		 1058}
1059
058bc4b5
PB		 1060static void phys_section_destroy(MemoryRegion *mr)
1061{
dfde4e6e
PB		 1062 memory_region_unref(mr);
1063
058bc4b5
PB		 1064 if (mr->subpage) {
1065 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1066 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1067 g_free(subpage);
1068 }
1069}
1070
6092666e 1071static void phys_sections_free(PhysPageMap *map)
5312bd8b 1072{
9affd6fc
PB		 1073 while (map->sections_nb > 0) {
1074 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1075 phys_section_destroy(section->mr);
1076 }
9affd6fc
PB		 1077 g_free(map->sections);
1078 g_free(map->nodes);
5312bd8b
AK		 1079}
1080
ac1970fb 1081static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1082{
1083 subpage_t *subpage;
a8170e5e 1084 hwaddr base = section->offset_within_address_space
0f0cb164 1085 & TARGET_PAGE_MASK;
97115a8d 1086 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1087 d->map.nodes, d->map.sections);
0f0cb164
AK		 1088 MemoryRegionSection subsection = {
1089 .offset_within_address_space = base,
052e87b0 1090 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1091 };
a8170e5e 1092 hwaddr start, end;
0f0cb164 1093
f3705d53 1094 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1095
f3705d53 1096 if (!(existing->mr->subpage)) {
acc9d80b 1097 subpage = subpage_init(d->as, base);
3be91e86 1098 subsection.address_space = d->as;
0f0cb164 1099 subsection.mr = &subpage->iomem;
ac1970fb 1100 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1101 phys_section_add(&d->map, &subsection));
0f0cb164 1102 } else {
f3705d53 1103 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1104 }
1105 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1106 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1107 subpage_register(subpage, start, end,
1108 phys_section_add(&d->map, section));
0f0cb164
AK		 1109}
1110
1111
052e87b0
PB		 1112static void register_multipage(AddressSpaceDispatch *d,
1113 MemoryRegionSection *section)
33417e70 1114{
a8170e5e 1115 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1116 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1117 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1118 TARGET_PAGE_BITS));
dd81124b 1119
733d5ef5
PB		 1120 assert(num_pages);
1121 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1122}
1123
ac1970fb 1124static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1125{
89ae337a 1126 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1127 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1128 MemoryRegionSection now = *section, remain = *section;
052e87b0 1129 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1130
733d5ef5
PB		 1131 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1132 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1133 - now.offset_within_address_space;
1134
052e87b0 1135 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1136 register_subpage(d, &now);
733d5ef5 1137 } else {
052e87b0 1138 now.size = int128_zero();
733d5ef5 1139 }
052e87b0
PB		 1140 while (int128_ne(remain.size, now.size)) {
1141 remain.size = int128_sub(remain.size, now.size);
1142 remain.offset_within_address_space += int128_get64(now.size);
1143 remain.offset_within_region += int128_get64(now.size);
69b67646 1144 now = remain;
052e87b0 1145 if (int128_lt(remain.size, page_size)) {
733d5ef5 1146 register_subpage(d, &now);
88266249 1147 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1148 now.size = page_size;
ac1970fb 1149 register_subpage(d, &now);
69b67646 1150 } else {
052e87b0 1151 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1152 register_multipage(d, &now);
69b67646 1153 }
0f0cb164
AK		 1154 }
1155}
1156
62a2744c
SY		 1157void qemu_flush_coalesced_mmio_buffer(void)
1158{
1159 if (kvm_enabled())
1160 kvm_flush_coalesced_mmio_buffer();
1161}
1162
b2a8658e
UD		 1163void qemu_mutex_lock_ramlist(void)
1164{
1165 qemu_mutex_lock(&ram_list.mutex);
1166}
1167
1168void qemu_mutex_unlock_ramlist(void)
1169{
1170 qemu_mutex_unlock(&ram_list.mutex);
1171}
1172
e1e84ba0 1173#ifdef __linux__
c902760f
MT		 1174
1175#include <sys/vfs.h>
1176
1177#define HUGETLBFS_MAGIC 0x958458f6
1178
fc7a5800 1179static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1180{
1181 struct statfs fs;
1182 int ret;
1183
1184 do {
9742bf26 1185 ret = statfs(path, &fs);
c902760f
MT		 1186 } while (ret != 0 && errno == EINTR);
1187
1188 if (ret != 0) {
fc7a5800
HT		 1189 error_setg_errno(errp, errno, "failed to get page size of file %s",
1190 path);
9742bf26 1191 return 0;
c902760f
MT		 1192 }
1193
1194 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1195 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1196
1197 return fs.f_bsize;
1198}
1199
04b16653
AW		 1200static void *file_ram_alloc(RAMBlock *block,
1201 ram_addr_t memory,
7f56e740
PB		 1202 const char *path,
1203 Error **errp)
c902760f
MT		 1204{
1205 char *filename;
8ca761f6
PF		 1206 char *sanitized_name;
1207 char *c;
8561c924 1208 void *ptr;
557529dd 1209 void *area = NULL;
c902760f 1210 int fd;
557529dd 1211 uint64_t hpagesize;
8561c924 1212 uint64_t total;
fc7a5800 1213 Error *local_err = NULL;
8561c924 1214 size_t offset;
c902760f 1215
fc7a5800
HT		 1216 hpagesize = gethugepagesize(path, &local_err);
1217 if (local_err) {
1218 error_propagate(errp, local_err);
f9a49dfa 1219 goto error;
c902760f 1220 }
a2b257d6 1221 block->mr->align = hpagesize;
c902760f
MT		 1222
1223 if (memory < hpagesize) {
557529dd
HT		 1224 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1225 "or larger than huge page size 0x%" PRIx64,
1226 memory, hpagesize);
1227 goto error;
c902760f
MT		 1228 }
1229
1230 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1231 error_setg(errp,
1232 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1233 goto error;
c902760f
MT		 1234 }
1235
8ca761f6 1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1237 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/')
1240 *c = '_';
1241 }
1242
1243 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1244 sanitized_name);
1245 g_free(sanitized_name);
c902760f
MT		 1246
1247 fd = mkstemp(filename);
1248 if (fd < 0) {
7f56e740
PB		 1249 error_setg_errno(errp, errno,
1250 "unable to create backing store for hugepages");
e4ada482 1251 g_free(filename);
f9a49dfa 1252 goto error;
c902760f
MT		 1253 }
1254 unlink(filename);
e4ada482 1255 g_free(filename);
c902760f 1256
9284f319 1257 memory = ROUND_UP(memory, hpagesize);
8561c924 1258 total = memory + hpagesize;
c902760f
MT		 1259
1260 /*
1261 * ftruncate is not supported by hugetlbfs in older
1262 * hosts, so don't bother bailing out on errors.
1263 * If anything goes wrong with it under other filesystems,
1264 * mmap will fail.
1265 */
7f56e740 1266 if (ftruncate(fd, memory)) {
9742bf26 1267 perror("ftruncate");
7f56e740 1268 }
c902760f 1269
8561c924
MT		 1270 ptr = mmap(0, total, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS,
1271 -1, 0);
1272 if (ptr == MAP_FAILED) {
1273 error_setg_errno(errp, errno,
1274 "unable to allocate memory range for hugepages");
1275 close(fd);
1276 goto error;
1277 }
1278
1279 offset = QEMU_ALIGN_UP((uintptr_t)ptr, hpagesize) - (uintptr_t)ptr;
1280
1281 area = mmap(ptr + offset, memory, PROT_READ | PROT_WRITE,
1282 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE) |
1283 MAP_FIXED,
dbcb8981 1284 fd, 0);
c902760f 1285 if (area == MAP_FAILED) {
7f56e740
PB		 1286 error_setg_errno(errp, errno,
1287 "unable to map backing store for hugepages");
8561c924 1288 munmap(ptr, total);
9742bf26 1289 close(fd);
f9a49dfa 1290 goto error;
c902760f 1291 }
ef36fa14 1292
8561c924
MT		 1293 if (offset > 0) {
1294 munmap(ptr, offset);
1295 }
1296 ptr += offset;
1297 total -= offset;
1298
1299 if (total > memory + getpagesize()) {
1300 munmap(ptr + memory + getpagesize(),
1301 total - memory - getpagesize());
1302 }
1303
ef36fa14 1304 if (mem_prealloc) {
38183310 1305 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1306 }
1307
04b16653 1308 block->fd = fd;
c902760f 1309 return area;
f9a49dfa
MT		 1310
1311error:
1312 if (mem_prealloc) {
81b07353 1313 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1314 exit(1);
1315 }
1316 return NULL;
c902760f
MT		 1317}
1318#endif
1319
0dc3f44a 1320/* Called with the ramlist lock held. */
d17b5288 1321static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1322{
1323 RAMBlock *block, *next_block;
3e837b2c 1324 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1325
49cd9ac6
SH		 1326 assert(size != 0); /* it would hand out same offset multiple times */
1327
0dc3f44a 1328 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1329 return 0;
0d53d9fe 1330 }
04b16653 1331
0dc3f44a 1332 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1333 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1334
62be4e3a 1335 end = block->offset + block->max_length;
04b16653 1336
0dc3f44a 1337 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1338 if (next_block->offset >= end) {
1339 next = MIN(next, next_block->offset);
1340 }
1341 }
1342 if (next - end >= size && next - end < mingap) {
3e837b2c 1343 offset = end;
04b16653
AW		 1344 mingap = next - end;
1345 }
1346 }
3e837b2c
AW		 1347
1348 if (offset == RAM_ADDR_MAX) {
1349 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1350 (uint64_t)size);
1351 abort();
1352 }
1353
04b16653
AW		 1354 return offset;
1355}
1356
652d7ec2 1357ram_addr_t last_ram_offset(void)
d17b5288
AW		 1358{
1359 RAMBlock *block;
1360 ram_addr_t last = 0;
1361
0dc3f44a
MD		 1362 rcu_read_lock();
1363 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1364 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1365 }
0dc3f44a 1366 rcu_read_unlock();
d17b5288
AW		 1367 return last;
1368}
1369
ddb97f1d
JB		 1370static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1371{
1372 int ret;
ddb97f1d
JB		 1373
1374 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1375 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1376 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1377 if (ret) {
1378 perror("qemu_madvise");
1379 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1380 "but dump_guest_core=off specified\n");
1381 }
1382 }
1383}
1384
0dc3f44a
MD		 1385/* Called within an RCU critical section, or while the ramlist lock
1386 * is held.
1387 */
20cfe881 1388static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1389{
20cfe881 1390 RAMBlock *block;
84b89d78 1391
0dc3f44a 1392 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1393 if (block->offset == addr) {
20cfe881 1394 return block;
c5705a77
AK		 1395 }
1396 }
20cfe881
HT		 1397
1398 return NULL;
1399}
1400
ae3a7047 1401/* Called with iothread lock held. */
20cfe881
HT		 1402void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1403{
ae3a7047 1404 RAMBlock *new_block, *block;
20cfe881 1405
0dc3f44a 1406 rcu_read_lock();
ae3a7047 1407 new_block = find_ram_block(addr);
c5705a77
AK		 1408 assert(new_block);
1409 assert(!new_block->idstr[0]);
84b89d78 1410
09e5ab63
AL		 1411 if (dev) {
1412 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1413 if (id) {
1414 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1415 g_free(id);
84b89d78
CM		 1416 }
1417 }
1418 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1419
0dc3f44a 1420 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1421 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1422 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1423 new_block->idstr);
1424 abort();
1425 }
1426 }
0dc3f44a 1427 rcu_read_unlock();
c5705a77
AK		 1428}
1429
ae3a7047 1430/* Called with iothread lock held. */
20cfe881
HT		 1431void qemu_ram_unset_idstr(ram_addr_t addr)
1432{
ae3a7047 1433 RAMBlock *block;
20cfe881 1434
ae3a7047
MD		 1435 /* FIXME: arch_init.c assumes that this is not called throughout
1436 * migration. Ignore the problem since hot-unplug during migration
1437 * does not work anyway.
1438 */
1439
0dc3f44a 1440 rcu_read_lock();
ae3a7047 1441 block = find_ram_block(addr);
20cfe881
HT		 1442 if (block) {
1443 memset(block->idstr, 0, sizeof(block->idstr));
1444 }
0dc3f44a 1445 rcu_read_unlock();
20cfe881
HT		 1446}
1447
8490fc78
LC		 1448static int memory_try_enable_merging(void *addr, size_t len)
1449{
75cc7f01 1450 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1451 /* disabled by the user */
1452 return 0;
1453 }
1454
1455 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1456}
1457
62be4e3a
MT		 1458/* Only legal before guest might have detected the memory size: e.g. on
1459 * incoming migration, or right after reset.
1460 *
1461 * As memory core doesn't know how is memory accessed, it is up to
1462 * resize callback to update device state and/or add assertions to detect
1463 * misuse, if necessary.
1464 */
1465int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1466{
1467 RAMBlock *block = find_ram_block(base);
1468
1469 assert(block);
1470
129ddaf3
MT		 1471 newsize = TARGET_PAGE_ALIGN(newsize);
1472
62be4e3a
MT		 1473 if (block->used_length == newsize) {
1474 return 0;
1475 }
1476
1477 if (!(block->flags & RAM_RESIZEABLE)) {
1478 error_setg_errno(errp, EINVAL,
1479 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1480 " in != 0x" RAM_ADDR_FMT, block->idstr,
1481 newsize, block->used_length);
1482 return -EINVAL;
1483 }
1484
1485 if (block->max_length < newsize) {
1486 error_setg_errno(errp, EINVAL,
1487 "Length too large: %s: 0x" RAM_ADDR_FMT
1488 " > 0x" RAM_ADDR_FMT, block->idstr,
1489 newsize, block->max_length);
1490 return -EINVAL;
1491 }
1492
1493 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1494 block->used_length = newsize;
58d2707e
PB		 1495 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1496 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1497 memory_region_set_size(block->mr, newsize);
1498 if (block->resized) {
1499 block->resized(block->idstr, newsize, block->host);
1500 }
1501 return 0;
1502}
1503
ef701d7b 1504static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1505{
e1c57ab8 1506 RAMBlock *block;
0d53d9fe 1507 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1508 ram_addr_t old_ram_size, new_ram_size;
1509
1510 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1511
b2a8658e 1512 qemu_mutex_lock_ramlist();
9b8424d5 1513 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1514
1515 if (!new_block->host) {
1516 if (xen_enabled()) {
9b8424d5
MT		 1517 xen_ram_alloc(new_block->offset, new_block->max_length,
1518 new_block->mr);
e1c57ab8 1519 } else {
9b8424d5 1520 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1521 &new_block->mr->align);
39228250 1522 if (!new_block->host) {
ef701d7b
HT		 1523 error_setg_errno(errp, errno,
1524 "cannot set up guest memory '%s'",
1525 memory_region_name(new_block->mr));
1526 qemu_mutex_unlock_ramlist();
1527 return -1;
39228250 1528 }
9b8424d5 1529 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1530 }
c902760f 1531 }
94a6b54f 1532
dd631697
LZ		 1533 new_ram_size = MAX(old_ram_size,
1534 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1535 if (new_ram_size > old_ram_size) {
1536 migration_bitmap_extend(old_ram_size, new_ram_size);
1537 }
0d53d9fe
MD		 1538 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1539 * QLIST (which has an RCU-friendly variant) does not have insertion at
1540 * tail, so save the last element in last_block.
1541 */
0dc3f44a 1542 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1543 last_block = block;
9b8424d5 1544 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1545 break;
1546 }
1547 }
1548 if (block) {
0dc3f44a 1549 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1550 } else if (last_block) {
0dc3f44a 1551 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1552 } else { /* list is empty */
0dc3f44a 1553 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1554 }
0d6d3c87 1555 ram_list.mru_block = NULL;
94a6b54f 1556
0dc3f44a
MD		 1557 /* Write list before version */
1558 smp_wmb();
f798b07f 1559 ram_list.version++;
b2a8658e 1560 qemu_mutex_unlock_ramlist();
f798b07f 1561
2152f5ca
JQ		 1562 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1563
1564 if (new_ram_size > old_ram_size) {
1ab4c8ce 1565 int i;
ae3a7047
MD		 1566
1567 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1568 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1569 ram_list.dirty_memory[i] =
1570 bitmap_zero_extend(ram_list.dirty_memory[i],
1571 old_ram_size, new_ram_size);
1572 }
2152f5ca 1573 }
9b8424d5 1574 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1575 new_block->used_length,
1576 DIRTY_CLIENTS_ALL);
94a6b54f 1577
a904c911
PB		 1578 if (new_block->host) {
1579 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1580 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1581 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1582 if (kvm_enabled()) {
1583 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1584 }
e1c57ab8 1585 }
6f0437e8 1586
94a6b54f
PB		 1587 return new_block->offset;
1588}
e9a1ab19 1589
0b183fc8 1590#ifdef __linux__
e1c57ab8 1591ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1592 bool share, const char *mem_path,
7f56e740 1593 Error **errp)
e1c57ab8
PB		 1594{
1595 RAMBlock *new_block;
ef701d7b
HT		 1596 ram_addr_t addr;
1597 Error *local_err = NULL;
e1c57ab8
PB		 1598
1599 if (xen_enabled()) {
7f56e740
PB		 1600 error_setg(errp, "-mem-path not supported with Xen");
1601 return -1;
e1c57ab8
PB		 1602 }
1603
1604 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1605 /*
1606 * file_ram_alloc() needs to allocate just like
1607 * phys_mem_alloc, but we haven't bothered to provide
1608 * a hook there.
1609 */
7f56e740
PB		 1610 error_setg(errp,
1611 "-mem-path not supported with this accelerator");
1612 return -1;
e1c57ab8
PB		 1613 }
1614
1615 size = TARGET_PAGE_ALIGN(size);
1616 new_block = g_malloc0(sizeof(*new_block));
1617 new_block->mr = mr;
9b8424d5
MT		 1618 new_block->used_length = size;
1619 new_block->max_length = size;
dbcb8981 1620 new_block->flags = share ? RAM_SHARED : 0;
8561c924 1621 new_block->flags |= RAM_EXTRA;
7f56e740
PB		 1622 new_block->host = file_ram_alloc(new_block, size,
1623 mem_path, errp);
1624 if (!new_block->host) {
1625 g_free(new_block);
1626 return -1;
1627 }
1628
ef701d7b
HT		 1629 addr = ram_block_add(new_block, &local_err);
1630 if (local_err) {
1631 g_free(new_block);
1632 error_propagate(errp, local_err);
1633 return -1;
1634 }
1635 return addr;
e1c57ab8 1636}
0b183fc8 1637#endif
e1c57ab8 1638
62be4e3a
MT		 1639static
1640ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1641 void (*resized)(const char*,
1642 uint64_t length,
1643 void *host),
1644 void *host, bool resizeable,
ef701d7b 1645 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1646{
1647 RAMBlock *new_block;
ef701d7b
HT		 1648 ram_addr_t addr;
1649 Error *local_err = NULL;
e1c57ab8
PB		 1650
1651 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1652 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1653 new_block = g_malloc0(sizeof(*new_block));
1654 new_block->mr = mr;
62be4e3a 1655 new_block->resized = resized;
9b8424d5
MT		 1656 new_block->used_length = size;
1657 new_block->max_length = max_size;
62be4e3a 1658 assert(max_size >= size);
e1c57ab8
PB		 1659 new_block->fd = -1;
1660 new_block->host = host;
1661 if (host) {
7bd4f430 1662 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1663 }
62be4e3a
MT		 1664 if (resizeable) {
1665 new_block->flags |= RAM_RESIZEABLE;
1666 }
ef701d7b
HT		 1667 addr = ram_block_add(new_block, &local_err);
1668 if (local_err) {
1669 g_free(new_block);
1670 error_propagate(errp, local_err);
1671 return -1;
1672 }
1673 return addr;
e1c57ab8
PB		 1674}
1675
62be4e3a
MT		 1676ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1677 MemoryRegion *mr, Error **errp)
1678{
1679 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1680}
1681
ef701d7b 1682ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1683{
62be4e3a
MT		 1684 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1685}
1686
1687ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1688 void (*resized)(const char*,
1689 uint64_t length,
1690 void *host),
1691 MemoryRegion *mr, Error **errp)
1692{
1693 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1694}
1695
1f2e98b6
AW		 1696void qemu_ram_free_from_ptr(ram_addr_t addr)
1697{
1698 RAMBlock *block;
1699
b2a8658e 1700 qemu_mutex_lock_ramlist();
0dc3f44a 1701 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1702 if (addr == block->offset) {
0dc3f44a 1703 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1704 ram_list.mru_block = NULL;
0dc3f44a
MD		 1705 /* Write list before version */
1706 smp_wmb();
f798b07f 1707 ram_list.version++;
43771539 1708 g_free_rcu(block, rcu);
b2a8658e 1709 break;
1f2e98b6
AW		 1710 }
1711 }
b2a8658e 1712 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1713}
1714
43771539
PB		 1715static void reclaim_ramblock(RAMBlock *block)
1716{
1717 if (block->flags & RAM_PREALLOC) {
1718 ;
1719 } else if (xen_enabled()) {
1720 xen_invalidate_map_cache_entry(block->host);
1721#ifndef _WIN32
1722 } else if (block->fd >= 0) {
8561c924
MT		 1723 if (block->flags & RAM_EXTRA) {
1724 munmap(block->host, block->max_length + getpagesize());
1725 } else {
1726 munmap(block->host, block->max_length);
1727 }
43771539
PB		 1728 close(block->fd);
1729#endif
1730 } else {
1731 qemu_anon_ram_free(block->host, block->max_length);
1732 }
1733 g_free(block);
1734}
1735
c227f099 1736void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1737{
04b16653
AW		 1738 RAMBlock *block;
1739
b2a8658e 1740 qemu_mutex_lock_ramlist();
0dc3f44a 1741 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1742 if (addr == block->offset) {
0dc3f44a 1743 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1744 ram_list.mru_block = NULL;
0dc3f44a
MD		 1745 /* Write list before version */
1746 smp_wmb();
f798b07f 1747 ram_list.version++;
43771539 1748 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1749 break;
04b16653
AW		 1750 }
1751 }
b2a8658e 1752 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1753}
1754
cd19cfa2
HY		 1755#ifndef _WIN32
1756void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1757{
1758 RAMBlock *block;
1759 ram_addr_t offset;
1760 int flags;
1761 void *area, *vaddr;
1762
0dc3f44a 1763 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1764 offset = addr - block->offset;
9b8424d5 1765 if (offset < block->max_length) {
1240be24 1766 vaddr = ramblock_ptr(block, offset);
7bd4f430 1767 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1768 ;
dfeaf2ab
MA		 1769 } else if (xen_enabled()) {
1770 abort();
cd19cfa2
HY		 1771 } else {
1772 flags = MAP_FIXED;
3435f395 1773 if (block->fd >= 0) {
dbcb8981
PB		 1774 flags |= (block->flags & RAM_SHARED ?
1775 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1776 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1777 flags, block->fd, offset);
cd19cfa2 1778 } else {
2eb9fbaa
MA		 1779 /*
1780 * Remap needs to match alloc. Accelerators that
1781 * set phys_mem_alloc never remap. If they did,
1782 * we'd need a remap hook here.
1783 */
1784 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1785
cd19cfa2
HY		 1786 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1787 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1788 flags, -1, 0);
cd19cfa2
HY		 1789 }
1790 if (area != vaddr) {
f15fbc4b
AP		 1791 fprintf(stderr, "Could not remap addr: "
1792 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1793 length, addr);
1794 exit(1);
1795 }
8490fc78 1796 memory_try_enable_merging(vaddr, length);
ddb97f1d 1797 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1798 }
cd19cfa2
HY		 1799 }
1800 }
1801}
1802#endif /* !_WIN32 */
1803
a35ba7be
PB		 1804int qemu_get_ram_fd(ram_addr_t addr)
1805{
ae3a7047
MD		 1806 RAMBlock *block;
1807 int fd;
a35ba7be 1808
0dc3f44a 1809 rcu_read_lock();
ae3a7047
MD		 1810 block = qemu_get_ram_block(addr);
1811 fd = block->fd;
0dc3f44a 1812 rcu_read_unlock();
ae3a7047 1813 return fd;
a35ba7be
PB		 1814}
1815
3fd74b84
DM		 1816void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1817{
ae3a7047
MD		 1818 RAMBlock *block;
1819 void *ptr;
3fd74b84 1820
0dc3f44a 1821 rcu_read_lock();
ae3a7047
MD		 1822 block = qemu_get_ram_block(addr);
1823 ptr = ramblock_ptr(block, 0);
0dc3f44a 1824 rcu_read_unlock();
ae3a7047 1825 return ptr;
3fd74b84
DM		 1826}
1827
1b5ec234 1828/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1829 * This should not be used for general purpose DMA. Use address_space_map
1830 * or address_space_rw instead. For local memory (e.g. video ram) that the
1831 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1832 *
1833 * By the time this function returns, the returned pointer is not protected
1834 * by RCU anymore. If the caller is not within an RCU critical section and
1835 * does not hold the iothread lock, it must have other means of protecting the
1836 * pointer, such as a reference to the region that includes the incoming
1837 * ram_addr_t.
1b5ec234
PB		 1838 */
1839void *qemu_get_ram_ptr(ram_addr_t addr)
1840{
ae3a7047
MD		 1841 RAMBlock *block;
1842 void *ptr;
1b5ec234 1843
0dc3f44a 1844 rcu_read_lock();
ae3a7047
MD		 1845 block = qemu_get_ram_block(addr);
1846
1847 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1848 /* We need to check if the requested address is in the RAM
1849 * because we don't want to map the entire memory in QEMU.
1850 * In that case just map until the end of the page.
1851 */
1852 if (block->offset == 0) {
ae3a7047 1853 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1854 goto unlock;
0d6d3c87 1855 }
ae3a7047
MD		 1856
1857 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1858 }
ae3a7047
MD		 1859 ptr = ramblock_ptr(block, addr - block->offset);
1860
0dc3f44a
MD		 1861unlock:
1862 rcu_read_unlock();
ae3a7047 1863 return ptr;
dc828ca1
PB		 1864}
1865
38bee5dc 1866/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1867 * but takes a size argument.
0dc3f44a
MD		 1868 *
1869 * By the time this function returns, the returned pointer is not protected
1870 * by RCU anymore. If the caller is not within an RCU critical section and
1871 * does not hold the iothread lock, it must have other means of protecting the
1872 * pointer, such as a reference to the region that includes the incoming
1873 * ram_addr_t.
ae3a7047 1874 */
cb85f7ab 1875static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1876{
ae3a7047 1877 void *ptr;
8ab934f9
SS		 1878 if (*size == 0) {
1879 return NULL;
1880 }
868bb33f 1881 if (xen_enabled()) {
e41d7c69 1882 return xen_map_cache(addr, *size, 1);
868bb33f 1883 } else {
38bee5dc 1884 RAMBlock *block;
0dc3f44a
MD		 1885 rcu_read_lock();
1886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1887 if (addr - block->offset < block->max_length) {
1888 if (addr - block->offset + *size > block->max_length)
1889 *size = block->max_length - addr + block->offset;
ae3a7047 1890 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1891 rcu_read_unlock();
ae3a7047 1892 return ptr;
38bee5dc
SS		 1893 }
1894 }
1895
1896 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1897 abort();
38bee5dc
SS		 1898 }
1899}
1900
7443b437 1901/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1902 * (typically a TLB entry) back to a ram offset.
1903 *
1904 * By the time this function returns, the returned pointer is not protected
1905 * by RCU anymore. If the caller is not within an RCU critical section and
1906 * does not hold the iothread lock, it must have other means of protecting the
1907 * pointer, such as a reference to the region that includes the incoming
1908 * ram_addr_t.
1909 */
1b5ec234 1910MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1911{
94a6b54f
PB		 1912 RAMBlock *block;
1913 uint8_t *host = ptr;
ae3a7047 1914 MemoryRegion *mr;
94a6b54f 1915
868bb33f 1916 if (xen_enabled()) {
0dc3f44a 1917 rcu_read_lock();
e41d7c69 1918 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1919 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1920 rcu_read_unlock();
ae3a7047 1921 return mr;
712c2b41
SS		 1922 }
1923
0dc3f44a
MD		 1924 rcu_read_lock();
1925 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1926 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1927 goto found;
1928 }
1929
0dc3f44a 1930 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1931 /* This case append when the block is not mapped. */
1932 if (block->host == NULL) {
1933 continue;
1934 }
9b8424d5 1935 if (host - block->host < block->max_length) {
23887b79 1936 goto found;
f471a17e 1937 }
94a6b54f 1938 }
432d268c 1939
0dc3f44a 1940 rcu_read_unlock();
1b5ec234 1941 return NULL;
23887b79
PB		 1942
1943found:
1944 *ram_addr = block->offset + (host - block->host);
ae3a7047 1945 mr = block->mr;
0dc3f44a 1946 rcu_read_unlock();
ae3a7047 1947 return mr;
e890261f 1948}
f471a17e 1949
a8170e5e 1950static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1951 uint64_t val, unsigned size)
9fa3e853 1952{
52159192 1953 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1954 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1955 }
0e0df1e2
AK		 1956 switch (size) {
1957 case 1:
1958 stb_p(qemu_get_ram_ptr(ram_addr), val);
1959 break;
1960 case 2:
1961 stw_p(qemu_get_ram_ptr(ram_addr), val);
1962 break;
1963 case 4:
1964 stl_p(qemu_get_ram_ptr(ram_addr), val);
1965 break;
1966 default:
1967 abort();
3a7d929e 1968 }
58d2707e
PB		 1969 /* Set both VGA and migration bits for simplicity and to remove
1970 * the notdirty callback faster.
1971 */
1972 cpu_physical_memory_set_dirty_range(ram_addr, size,
1973 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1974 /* we remove the notdirty callback only if the code has been
1975 flushed */
a2cd8c85 1976 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1977 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1978 }
9fa3e853
FB		 1979}
1980
b018ddf6
PB		 1981static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1982 unsigned size, bool is_write)
1983{
1984 return is_write;
1985}
1986
0e0df1e2 1987static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1988 .write = notdirty_mem_write,
b018ddf6 1989 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1990 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1991};
1992
0f459d16 1993/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1994static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1995{
93afeade
AF		 1996 CPUState *cpu = current_cpu;
1997 CPUArchState *env = cpu->env_ptr;
06d55cc1 1998 target_ulong pc, cs_base;
0f459d16 1999 target_ulong vaddr;
a1d1bb31 2000 CPUWatchpoint *wp;
06d55cc1 2001 int cpu_flags;
0f459d16 2002
ff4700b0 2003 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2004 /* We re-entered the check after replacing the TB. Now raise
2005 * the debug interrupt so that is will trigger after the
2006 * current instruction. */
93afeade 2007 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2008 return;
2009 }
93afeade 2010 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2011 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2012 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2013 && (wp->flags & flags)) {
08225676
PM		 2014 if (flags == BP_MEM_READ) {
2015 wp->flags |= BP_WATCHPOINT_HIT_READ;
2016 } else {
2017 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2018 }
2019 wp->hitaddr = vaddr;
66b9b43c 2020 wp->hitattrs = attrs;
ff4700b0
AF		 2021 if (!cpu->watchpoint_hit) {
2022 cpu->watchpoint_hit = wp;
239c51a5 2023 tb_check_watchpoint(cpu);
6e140f28 2024 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2025 cpu->exception_index = EXCP_DEBUG;
5638d180 2026 cpu_loop_exit(cpu);
6e140f28
AL		 2027 } else {
2028 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2029 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2030 cpu_resume_from_signal(cpu, NULL);
6e140f28 2031 }
06d55cc1 2032 }
6e140f28
AL		 2033 } else {
2034 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2035 }
2036 }
2037}
2038
6658ffb8
PB		 2039/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2040 so these check for a hit then pass through to the normal out-of-line
2041 phys routines. */
66b9b43c
PM		 2042static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2043 unsigned size, MemTxAttrs attrs)
6658ffb8 2044{
66b9b43c
PM		 2045 MemTxResult res;
2046 uint64_t data;
2047
2048 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2049 switch (size) {
66b9b43c
PM		 2050 case 1:
2051 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2052 break;
2053 case 2:
2054 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2055 break;
2056 case 4:
2057 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2058 break;
1ec9b909
AK		 2059 default: abort();
2060 }
66b9b43c
PM		 2061 *pdata = data;
2062 return res;
6658ffb8
PB		 2063}
2064
66b9b43c
PM		 2065static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2066 uint64_t val, unsigned size,
2067 MemTxAttrs attrs)
6658ffb8 2068{
66b9b43c
PM		 2069 MemTxResult res;
2070
2071 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2072 switch (size) {
67364150 2073 case 1:
66b9b43c 2074 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2075 break;
2076 case 2:
66b9b43c 2077 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2078 break;
2079 case 4:
66b9b43c 2080 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2081 break;
1ec9b909
AK		 2082 default: abort();
2083 }
66b9b43c 2084 return res;
6658ffb8
PB		 2085}
2086
1ec9b909 2087static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2088 .read_with_attrs = watch_mem_read,
2089 .write_with_attrs = watch_mem_write,
1ec9b909 2090 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2091};
6658ffb8 2092
f25a49e0
PM		 2093static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2094 unsigned len, MemTxAttrs attrs)
db7b5426 2095{
acc9d80b 2096 subpage_t *subpage = opaque;
ff6cff75 2097 uint8_t buf[8];
5c9eb028 2098 MemTxResult res;
791af8c8 2099
db7b5426 2100#if defined(DEBUG_SUBPAGE)
016e9d62 2101 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2102 subpage, len, addr);
db7b5426 2103#endif
5c9eb028
PM		 2104 res = address_space_read(subpage->as, addr + subpage->base,
2105 attrs, buf, len);
2106 if (res) {
2107 return res;
f25a49e0 2108 }
acc9d80b
JK		 2109 switch (len) {
2110 case 1:
f25a49e0
PM		 2111 *data = ldub_p(buf);
2112 return MEMTX_OK;
acc9d80b 2113 case 2:
f25a49e0
PM		 2114 *data = lduw_p(buf);
2115 return MEMTX_OK;
acc9d80b 2116 case 4:
f25a49e0
PM		 2117 *data = ldl_p(buf);
2118 return MEMTX_OK;
ff6cff75 2119 case 8:
f25a49e0
PM		 2120 *data = ldq_p(buf);
2121 return MEMTX_OK;
acc9d80b
JK		 2122 default:
2123 abort();
2124 }
db7b5426
BS		 2125}
2126
f25a49e0
PM		 2127static MemTxResult subpage_write(void *opaque, hwaddr addr,
2128 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2129{
acc9d80b 2130 subpage_t *subpage = opaque;
ff6cff75 2131 uint8_t buf[8];
acc9d80b 2132
db7b5426 2133#if defined(DEBUG_SUBPAGE)
016e9d62 2134 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2135 " value %"PRIx64"\n",
2136 __func__, subpage, len, addr, value);
db7b5426 2137#endif
acc9d80b
JK		 2138 switch (len) {
2139 case 1:
2140 stb_p(buf, value);
2141 break;
2142 case 2:
2143 stw_p(buf, value);
2144 break;
2145 case 4:
2146 stl_p(buf, value);
2147 break;
ff6cff75
PB		 2148 case 8:
2149 stq_p(buf, value);
2150 break;
acc9d80b
JK		 2151 default:
2152 abort();
2153 }
5c9eb028
PM		 2154 return address_space_write(subpage->as, addr + subpage->base,
2155 attrs, buf, len);
db7b5426
BS		 2156}
2157
c353e4cc 2158static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2159 unsigned len, bool is_write)
c353e4cc 2160{
acc9d80b 2161 subpage_t *subpage = opaque;
c353e4cc 2162#if defined(DEBUG_SUBPAGE)
016e9d62 2163 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2164 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2165#endif
2166
acc9d80b 2167 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2168 len, is_write);
c353e4cc
PB		 2169}
2170
70c68e44 2171static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2172 .read_with_attrs = subpage_read,
2173 .write_with_attrs = subpage_write,
ff6cff75
PB		 2174 .impl.min_access_size = 1,
2175 .impl.max_access_size = 8,
2176 .valid.min_access_size = 1,
2177 .valid.max_access_size = 8,
c353e4cc 2178 .valid.accepts = subpage_accepts,
70c68e44 2179 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2180};
2181
c227f099 2182static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2183 uint16_t section)
db7b5426
BS		 2184{
2185 int idx, eidx;
2186
2187 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2188 return -1;
2189 idx = SUBPAGE_IDX(start);
2190 eidx = SUBPAGE_IDX(end);
2191#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2192 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2193 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2194#endif
db7b5426 2195 for (; idx <= eidx; idx++) {
5312bd8b 2196 mmio->sub_section[idx] = section;
db7b5426
BS		 2197 }
2198
2199 return 0;
2200}
2201
acc9d80b 2202static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2203{
c227f099 2204 subpage_t *mmio;
db7b5426 2205
7267c094 2206 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2207
acc9d80b 2208 mmio->as = as;
1eec614b 2209 mmio->base = base;
2c9b15ca 2210 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2211 NULL, TARGET_PAGE_SIZE);
b3b00c78 2212 mmio->iomem.subpage = true;
db7b5426 2213#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2214 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2215 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2216#endif
b41aac4f 2217 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2218
2219 return mmio;
2220}
2221
a656e22f
PC		 2222static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2223 MemoryRegion *mr)
5312bd8b 2224{
a656e22f 2225 assert(as);
5312bd8b 2226 MemoryRegionSection section = {
a656e22f 2227 .address_space = as,
5312bd8b
AK		 2228 .mr = mr,
2229 .offset_within_address_space = 0,
2230 .offset_within_region = 0,
052e87b0 2231 .size = int128_2_64(),
5312bd8b
AK		 2232 };
2233
53cb28cb 2234 return phys_section_add(map, &section);
5312bd8b
AK		 2235}
2236
9d82b5a7 2237MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2238{
32857f4d
PM		 2239 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2240 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2241 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2242
2243 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2244}
2245
e9179ce1
AK		 2246static void io_mem_init(void)
2247{
1f6245e5 2248 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2249 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2250 NULL, UINT64_MAX);
2c9b15ca 2251 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2252 NULL, UINT64_MAX);
2c9b15ca 2253 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2254 NULL, UINT64_MAX);
e9179ce1
AK		 2255}
2256
ac1970fb 2257static void mem_begin(MemoryListener *listener)
00752703
PB		 2258{
2259 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2260 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2261 uint16_t n;
2262
a656e22f 2263 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2264 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2265 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2266 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2267 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2268 assert(n == PHYS_SECTION_ROM);
a656e22f 2269 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2270 assert(n == PHYS_SECTION_WATCH);
00752703 2271
9736e55b 2272 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2273 d->as = as;
2274 as->next_dispatch = d;
2275}
2276
79e2b9ae
PB		 2277static void address_space_dispatch_free(AddressSpaceDispatch *d)
2278{
2279 phys_sections_free(&d->map);
2280 g_free(d);
2281}
2282
00752703 2283static void mem_commit(MemoryListener *listener)
ac1970fb 2284{
89ae337a 2285 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2286 AddressSpaceDispatch *cur = as->dispatch;
2287 AddressSpaceDispatch *next = as->next_dispatch;
2288
53cb28cb 2289 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2290
79e2b9ae 2291 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2292 if (cur) {
79e2b9ae 2293 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2294 }
9affd6fc
PB		 2295}
2296
1d71148e 2297static void tcg_commit(MemoryListener *listener)
50c1e149 2298{
32857f4d
PM		 2299 CPUAddressSpace *cpuas;
2300 AddressSpaceDispatch *d;
117712c3
AK		 2301
2302 /* since each CPU stores ram addresses in its TLB cache, we must
2303 reset the modified entries */
32857f4d
PM		 2304 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2305 cpu_reloading_memory_map();
2306 /* The CPU and TLB are protected by the iothread lock.
2307 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2308 * may have split the RCU critical section.
2309 */
2310 d = atomic_rcu_read(&cpuas->as->dispatch);
2311 cpuas->memory_dispatch = d;
2312 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2313}
2314
ac1970fb
AK		 2315void address_space_init_dispatch(AddressSpace *as)
2316{
00752703 2317 as->dispatch = NULL;
89ae337a 2318 as->dispatch_listener = (MemoryListener) {
ac1970fb 2319 .begin = mem_begin,
00752703 2320 .commit = mem_commit,
ac1970fb
AK		 2321 .region_add = mem_add,
2322 .region_nop = mem_add,
2323 .priority = 0,
2324 };
89ae337a 2325 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2326}
2327
6e48e8f9
PB		 2328void address_space_unregister(AddressSpace *as)
2329{
2330 memory_listener_unregister(&as->dispatch_listener);
2331}
2332
83f3c251
AK		 2333void address_space_destroy_dispatch(AddressSpace *as)
2334{
2335 AddressSpaceDispatch *d = as->dispatch;
2336
79e2b9ae
PB		 2337 atomic_rcu_set(&as->dispatch, NULL);
2338 if (d) {
2339 call_rcu(d, address_space_dispatch_free, rcu);
2340 }
83f3c251
AK		 2341}
2342
62152b8a
AK		 2343static void memory_map_init(void)
2344{
7267c094 2345 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2346
57271d63 2347 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2348 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2349
7267c094 2350 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2351 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2352 65536);
7dca8043 2353 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2354}
2355
2356MemoryRegion *get_system_memory(void)
2357{
2358 return system_memory;
2359}
2360
309cb471
AK		 2361MemoryRegion *get_system_io(void)
2362{
2363 return system_io;
2364}
2365
e2eef170
PB		 2366#endif /* !defined(CONFIG_USER_ONLY) */
2367
13eb76e0
FB		 2368/* physical memory access (slow version, mainly for debug) */
2369#if defined(CONFIG_USER_ONLY)
f17ec444 2370int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2371 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2372{
2373 int l, flags;
2374 target_ulong page;
53a5960a 2375 void * p;
13eb76e0
FB		 2376
2377 while (len > 0) {
2378 page = addr & TARGET_PAGE_MASK;
2379 l = (page + TARGET_PAGE_SIZE) - addr;
2380 if (l > len)
2381 l = len;
2382 flags = page_get_flags(page);
2383 if (!(flags & PAGE_VALID))
a68fe89c 2384 return -1;
13eb76e0
FB		 2385 if (is_write) {
2386 if (!(flags & PAGE_WRITE))
a68fe89c 2387 return -1;
579a97f7 2388 /* XXX: this code should not depend on lock_user */
72fb7daa 2389 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2390 return -1;
72fb7daa
AJ		 2391 memcpy(p, buf, l);
2392 unlock_user(p, addr, l);
13eb76e0
FB		 2393 } else {
2394 if (!(flags & PAGE_READ))
a68fe89c 2395 return -1;
579a97f7 2396 /* XXX: this code should not depend on lock_user */
72fb7daa 2397 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2398 return -1;
72fb7daa 2399 memcpy(buf, p, l);
5b257578 2400 unlock_user(p, addr, 0);
13eb76e0
FB		 2401 }
2402 len -= l;
2403 buf += l;
2404 addr += l;
2405 }
a68fe89c 2406 return 0;
13eb76e0 2407}
8df1cd07 2408
13eb76e0 2409#else
51d7a9eb 2410
845b6214 2411static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2412 hwaddr length)
51d7a9eb 2413{
e87f7778
PB		 2414 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2415 /* No early return if dirty_log_mask is or becomes 0, because
2416 * cpu_physical_memory_set_dirty_range will still call
2417 * xen_modified_memory.
2418 */
2419 if (dirty_log_mask) {
2420 dirty_log_mask =
2421 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2422 }
2423 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2424 tb_invalidate_phys_range(addr, addr + length);
2425 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2426 }
e87f7778 2427 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2428}
2429
23326164 2430static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2431{
e1622f4b 2432 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2433
2434 /* Regions are assumed to support 1-4 byte accesses unless
2435 otherwise specified. */
23326164
RH		 2436 if (access_size_max == 0) {
2437 access_size_max = 4;
2438 }
2439
2440 /* Bound the maximum access by the alignment of the address. */
2441 if (!mr->ops->impl.unaligned) {
2442 unsigned align_size_max = addr & -addr;
2443 if (align_size_max != 0 && align_size_max < access_size_max) {
2444 access_size_max = align_size_max;
2445 }
82f2563f 2446 }
23326164
RH		 2447
2448 /* Don't attempt accesses larger than the maximum. */
2449 if (l > access_size_max) {
2450 l = access_size_max;
82f2563f 2451 }
6554f5c0 2452 l = pow2floor(l);
23326164
RH		 2453
2454 return l;
82f2563f
PB		 2455}
2456
4840f10e 2457static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2458{
4840f10e
JK		 2459 bool unlocked = !qemu_mutex_iothread_locked();
2460 bool release_lock = false;
2461
2462 if (unlocked && mr->global_locking) {
2463 qemu_mutex_lock_iothread();
2464 unlocked = false;
2465 release_lock = true;
2466 }
125b3806 2467 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2468 if (unlocked) {
2469 qemu_mutex_lock_iothread();
2470 }
125b3806 2471 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2472 if (unlocked) {
2473 qemu_mutex_unlock_iothread();
2474 }
125b3806 2475 }
4840f10e
JK		 2476
2477 return release_lock;
125b3806
PB		 2478}
2479
5c9eb028
PM		 2480MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2481 uint8_t *buf, int len, bool is_write)
13eb76e0 2482{
149f54b5 2483 hwaddr l;
13eb76e0 2484 uint8_t *ptr;
791af8c8 2485 uint64_t val;
149f54b5 2486 hwaddr addr1;
5c8a00ce 2487 MemoryRegion *mr;
3b643495 2488 MemTxResult result = MEMTX_OK;
4840f10e 2489 bool release_lock = false;
3b46e624 2490
41063e1e 2491 rcu_read_lock();
13eb76e0 2492 while (len > 0) {
149f54b5 2493 l = len;
5c8a00ce 2494 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2495
13eb76e0 2496 if (is_write) {
5c8a00ce 2497 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2498 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2499 l = memory_access_size(mr, l, addr1);
4917cf44 2500 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2501 potential bugs */
23326164
RH		 2502 switch (l) {
2503 case 8:
2504 /* 64 bit write access */
2505 val = ldq_p(buf);
3b643495
PM		 2506 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2507 attrs);
23326164
RH		 2508 break;
2509 case 4:
1c213d19 2510 /* 32 bit write access */
c27004ec 2511 val = ldl_p(buf);
3b643495
PM		 2512 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2513 attrs);
23326164
RH		 2514 break;
2515 case 2:
1c213d19 2516 /* 16 bit write access */
c27004ec 2517 val = lduw_p(buf);
3b643495
PM		 2518 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2519 attrs);
23326164
RH		 2520 break;
2521 case 1:
1c213d19 2522 /* 8 bit write access */
c27004ec 2523 val = ldub_p(buf);
3b643495
PM		 2524 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2525 attrs);
23326164
RH		 2526 break;
2527 default:
2528 abort();
13eb76e0 2529 }
2bbfa05d 2530 } else {
5c8a00ce 2531 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2532 /* RAM case */
5579c7f3 2533 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2534 memcpy(ptr, buf, l);
845b6214 2535 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2536 }
2537 } else {
5c8a00ce 2538 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2539 /* I/O case */
4840f10e 2540 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2541 l = memory_access_size(mr, l, addr1);
23326164
RH		 2542 switch (l) {
2543 case 8:
2544 /* 64 bit read access */
3b643495
PM		 2545 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2546 attrs);
23326164
RH		 2547 stq_p(buf, val);
2548 break;
2549 case 4:
13eb76e0 2550 /* 32 bit read access */
3b643495
PM		 2551 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2552 attrs);
c27004ec 2553 stl_p(buf, val);
23326164
RH		 2554 break;
2555 case 2:
13eb76e0 2556 /* 16 bit read access */
3b643495
PM		 2557 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2558 attrs);
c27004ec 2559 stw_p(buf, val);
23326164
RH		 2560 break;
2561 case 1:
1c213d19 2562 /* 8 bit read access */
3b643495
PM		 2563 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2564 attrs);
c27004ec 2565 stb_p(buf, val);
23326164
RH		 2566 break;
2567 default:
2568 abort();
13eb76e0
FB		 2569 }
2570 } else {
2571 /* RAM case */
5c8a00ce 2572 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2573 memcpy(buf, ptr, l);
13eb76e0
FB		 2574 }
2575 }
4840f10e
JK		 2576
2577 if (release_lock) {
2578 qemu_mutex_unlock_iothread();
2579 release_lock = false;
2580 }
2581
13eb76e0
FB		 2582 len -= l;
2583 buf += l;
2584 addr += l;
2585 }
41063e1e 2586 rcu_read_unlock();
fd8aaa76 2587
3b643495 2588 return result;
13eb76e0 2589}
8df1cd07 2590
5c9eb028
PM		 2591MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2592 const uint8_t *buf, int len)
ac1970fb 2593{
5c9eb028 2594 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2595}
2596
5c9eb028
PM		 2597MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2598 uint8_t *buf, int len)
ac1970fb 2599{
5c9eb028 2600 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2601}
2602
2603
a8170e5e 2604void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2605 int len, int is_write)
2606{
5c9eb028
PM		 2607 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2608 buf, len, is_write);
ac1970fb
AK		 2609}
2610
582b55a9
AG		 2611enum write_rom_type {
2612 WRITE_DATA,
2613 FLUSH_CACHE,
2614};
2615
2a221651 2616static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2617 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2618{
149f54b5 2619 hwaddr l;
d0ecd2aa 2620 uint8_t *ptr;
149f54b5 2621 hwaddr addr1;
5c8a00ce 2622 MemoryRegion *mr;
3b46e624 2623
41063e1e 2624 rcu_read_lock();
d0ecd2aa 2625 while (len > 0) {
149f54b5 2626 l = len;
2a221651 2627 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2628
5c8a00ce
PB		 2629 if (!(memory_region_is_ram(mr) ||
2630 memory_region_is_romd(mr))) {
b242e0e0 2631 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2632 } else {
5c8a00ce 2633 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2634 /* ROM/RAM case */
5579c7f3 2635 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2636 switch (type) {
2637 case WRITE_DATA:
2638 memcpy(ptr, buf, l);
845b6214 2639 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2640 break;
2641 case FLUSH_CACHE:
2642 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2643 break;
2644 }
d0ecd2aa
FB		 2645 }
2646 len -= l;
2647 buf += l;
2648 addr += l;
2649 }
41063e1e 2650 rcu_read_unlock();
d0ecd2aa
FB		 2651}
2652
582b55a9 2653/* used for ROM loading : can write in RAM and ROM */
2a221651 2654void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2655 const uint8_t *buf, int len)
2656{
2a221651 2657 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2658}
2659
2660void cpu_flush_icache_range(hwaddr start, int len)
2661{
2662 /*
2663 * This function should do the same thing as an icache flush that was
2664 * triggered from within the guest. For TCG we are always cache coherent,
2665 * so there is no need to flush anything. For KVM / Xen we need to flush
2666 * the host's instruction cache at least.
2667 */
2668 if (tcg_enabled()) {
2669 return;
2670 }
2671
2a221651
EI		 2672 cpu_physical_memory_write_rom_internal(&address_space_memory,
2673 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2674}
2675
6d16c2f8 2676typedef struct {
d3e71559 2677 MemoryRegion *mr;
6d16c2f8 2678 void *buffer;
a8170e5e
AK		 2679 hwaddr addr;
2680 hwaddr len;
c2cba0ff 2681 bool in_use;
6d16c2f8
AL		 2682} BounceBuffer;
2683
2684static BounceBuffer bounce;
2685
ba223c29 2686typedef struct MapClient {
e95205e1 2687 QEMUBH *bh;
72cf2d4f 2688 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2689} MapClient;
2690
38e047b5 2691QemuMutex map_client_list_lock;
72cf2d4f
BS		 2692static QLIST_HEAD(map_client_list, MapClient) map_client_list
2693 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2694
e95205e1
FZ		 2695static void cpu_unregister_map_client_do(MapClient *client)
2696{
2697 QLIST_REMOVE(client, link);
2698 g_free(client);
2699}
2700
33b6c2ed
FZ		 2701static void cpu_notify_map_clients_locked(void)
2702{
2703 MapClient *client;
2704
2705 while (!QLIST_EMPTY(&map_client_list)) {
2706 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2707 qemu_bh_schedule(client->bh);
2708 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2709 }
2710}
2711
e95205e1 2712void cpu_register_map_client(QEMUBH *bh)
ba223c29 2713{
7267c094 2714 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2715
38e047b5 2716 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2717 client->bh = bh;
72cf2d4f 2718 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2719 if (!atomic_read(&bounce.in_use)) {
2720 cpu_notify_map_clients_locked();
2721 }
38e047b5 2722 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2723}
2724
38e047b5 2725void cpu_exec_init_all(void)
ba223c29 2726{
38e047b5
FZ		 2727 qemu_mutex_init(&ram_list.mutex);
2728 memory_map_init();
2729 io_mem_init();
2730 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2731}
2732
e95205e1 2733void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2734{
2735 MapClient *client;
2736
e95205e1
FZ		 2737 qemu_mutex_lock(&map_client_list_lock);
2738 QLIST_FOREACH(client, &map_client_list, link) {
2739 if (client->bh == bh) {
2740 cpu_unregister_map_client_do(client);
2741 break;
2742 }
ba223c29 2743 }
e95205e1 2744 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2745}
2746
2747static void cpu_notify_map_clients(void)
2748{
38e047b5 2749 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2750 cpu_notify_map_clients_locked();
38e047b5 2751 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2752}
2753
51644ab7
PB		 2754bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2755{
5c8a00ce 2756 MemoryRegion *mr;
51644ab7
PB		 2757 hwaddr l, xlat;
2758
41063e1e 2759 rcu_read_lock();
51644ab7
PB		 2760 while (len > 0) {
2761 l = len;
5c8a00ce
PB		 2762 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2763 if (!memory_access_is_direct(mr, is_write)) {
2764 l = memory_access_size(mr, l, addr);
2765 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2766 return false;
2767 }
2768 }
2769
2770 len -= l;
2771 addr += l;
2772 }
41063e1e 2773 rcu_read_unlock();
51644ab7
PB		 2774 return true;
2775}
2776
6d16c2f8
AL		 2777/* Map a physical memory region into a host virtual address.
2778 * May map a subset of the requested range, given by and returned in *plen.
2779 * May return NULL if resources needed to perform the mapping are exhausted.
2780 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2781 * Use cpu_register_map_client() to know when retrying the map operation is
2782 * likely to succeed.
6d16c2f8 2783 */
ac1970fb 2784void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2785 hwaddr addr,
2786 hwaddr *plen,
ac1970fb 2787 bool is_write)
6d16c2f8 2788{
a8170e5e 2789 hwaddr len = *plen;
e3127ae0
PB		 2790 hwaddr done = 0;
2791 hwaddr l, xlat, base;
2792 MemoryRegion *mr, *this_mr;
2793 ram_addr_t raddr;
6d16c2f8 2794
e3127ae0
PB		 2795 if (len == 0) {
2796 return NULL;
2797 }
38bee5dc 2798
e3127ae0 2799 l = len;
41063e1e 2800 rcu_read_lock();
e3127ae0 2801 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2802
e3127ae0 2803 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2804 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2805 rcu_read_unlock();
e3127ae0 2806 return NULL;
6d16c2f8 2807 }
e85d9db5
KW		 2808 /* Avoid unbounded allocations */
2809 l = MIN(l, TARGET_PAGE_SIZE);
2810 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2811 bounce.addr = addr;
2812 bounce.len = l;
d3e71559
PB		 2813
2814 memory_region_ref(mr);
2815 bounce.mr = mr;
e3127ae0 2816 if (!is_write) {
5c9eb028
PM		 2817 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2818 bounce.buffer, l);
8ab934f9 2819 }
6d16c2f8 2820
41063e1e 2821 rcu_read_unlock();
e3127ae0
PB		 2822 *plen = l;
2823 return bounce.buffer;
2824 }
2825
2826 base = xlat;
2827 raddr = memory_region_get_ram_addr(mr);
2828
2829 for (;;) {
6d16c2f8
AL		 2830 len -= l;
2831 addr += l;
e3127ae0
PB		 2832 done += l;
2833 if (len == 0) {
2834 break;
2835 }
2836
2837 l = len;
2838 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2839 if (this_mr != mr || xlat != base + done) {
2840 break;
2841 }
6d16c2f8 2842 }
e3127ae0 2843
d3e71559 2844 memory_region_ref(mr);
41063e1e 2845 rcu_read_unlock();
e3127ae0
PB		 2846 *plen = done;
2847 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2848}
2849
ac1970fb 2850/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2851 * Will also mark the memory as dirty if is_write == 1. access_len gives
2852 * the amount of memory that was actually read or written by the caller.
2853 */
a8170e5e
AK		 2854void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2855 int is_write, hwaddr access_len)
6d16c2f8
AL		 2856{
2857 if (buffer != bounce.buffer) {
d3e71559
PB		 2858 MemoryRegion *mr;
2859 ram_addr_t addr1;
2860
2861 mr = qemu_ram_addr_from_host(buffer, &addr1);
2862 assert(mr != NULL);
6d16c2f8 2863 if (is_write) {
845b6214 2864 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2865 }
868bb33f 2866 if (xen_enabled()) {
e41d7c69 2867 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2868 }
d3e71559 2869 memory_region_unref(mr);
6d16c2f8
AL		 2870 return;
2871 }
2872 if (is_write) {
5c9eb028
PM		 2873 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2874 bounce.buffer, access_len);
6d16c2f8 2875 }
f8a83245 2876 qemu_vfree(bounce.buffer);
6d16c2f8 2877 bounce.buffer = NULL;
d3e71559 2878 memory_region_unref(bounce.mr);
c2cba0ff 2879 atomic_mb_set(&bounce.in_use, false);
ba223c29 2880 cpu_notify_map_clients();
6d16c2f8 2881}
d0ecd2aa 2882
a8170e5e
AK		 2883void *cpu_physical_memory_map(hwaddr addr,
2884 hwaddr *plen,
ac1970fb
AK		 2885 int is_write)
2886{
2887 return address_space_map(&address_space_memory, addr, plen, is_write);
2888}
2889
a8170e5e
AK		 2890void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2891 int is_write, hwaddr access_len)
ac1970fb
AK		 2892{
2893 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2894}
2895
8df1cd07 2896/* warning: addr must be aligned */
50013115
PM		 2897static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2898 MemTxAttrs attrs,
2899 MemTxResult *result,
2900 enum device_endian endian)
8df1cd07 2901{
8df1cd07 2902 uint8_t *ptr;
791af8c8 2903 uint64_t val;
5c8a00ce 2904 MemoryRegion *mr;
149f54b5
PB		 2905 hwaddr l = 4;
2906 hwaddr addr1;
50013115 2907 MemTxResult r;
4840f10e 2908 bool release_lock = false;
8df1cd07 2909
41063e1e 2910 rcu_read_lock();
fdfba1a2 2911 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2912 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2913 release_lock |= prepare_mmio_access(mr);
125b3806 2914
8df1cd07 2915 /* I/O case */
50013115 2916 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2917#if defined(TARGET_WORDS_BIGENDIAN)
2918 if (endian == DEVICE_LITTLE_ENDIAN) {
2919 val = bswap32(val);
2920 }
2921#else
2922 if (endian == DEVICE_BIG_ENDIAN) {
2923 val = bswap32(val);
2924 }
2925#endif
8df1cd07
FB		 2926 } else {
2927 /* RAM case */
5c8a00ce 2928 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2929 & TARGET_PAGE_MASK)
149f54b5 2930 + addr1);
1e78bcc1
AG		 2931 switch (endian) {
2932 case DEVICE_LITTLE_ENDIAN:
2933 val = ldl_le_p(ptr);
2934 break;
2935 case DEVICE_BIG_ENDIAN:
2936 val = ldl_be_p(ptr);
2937 break;
2938 default:
2939 val = ldl_p(ptr);
2940 break;
2941 }
50013115
PM		 2942 r = MEMTX_OK;
2943 }
2944 if (result) {
2945 *result = r;
8df1cd07 2946 }
4840f10e
JK		 2947 if (release_lock) {
2948 qemu_mutex_unlock_iothread();
2949 }
41063e1e 2950 rcu_read_unlock();
8df1cd07
FB		 2951 return val;
2952}
2953
50013115
PM		 2954uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2955 MemTxAttrs attrs, MemTxResult *result)
2956{
2957 return address_space_ldl_internal(as, addr, attrs, result,
2958 DEVICE_NATIVE_ENDIAN);
2959}
2960
2961uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2962 MemTxAttrs attrs, MemTxResult *result)
2963{
2964 return address_space_ldl_internal(as, addr, attrs, result,
2965 DEVICE_LITTLE_ENDIAN);
2966}
2967
2968uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2969 MemTxAttrs attrs, MemTxResult *result)
2970{
2971 return address_space_ldl_internal(as, addr, attrs, result,
2972 DEVICE_BIG_ENDIAN);
2973}
2974
fdfba1a2 2975uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2976{
50013115 2977 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2978}
2979
fdfba1a2 2980uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2981{
50013115 2982 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2983}
2984
fdfba1a2 2985uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2986{
50013115 2987 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2988}
2989
84b7b8e7 2990/* warning: addr must be aligned */
50013115
PM		 2991static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2992 MemTxAttrs attrs,
2993 MemTxResult *result,
2994 enum device_endian endian)
84b7b8e7 2995{
84b7b8e7
FB		 2996 uint8_t *ptr;
2997 uint64_t val;
5c8a00ce 2998 MemoryRegion *mr;
149f54b5
PB		 2999 hwaddr l = 8;
3000 hwaddr addr1;
50013115 3001 MemTxResult r;
4840f10e 3002 bool release_lock = false;
84b7b8e7 3003
41063e1e 3004 rcu_read_lock();
2c17449b 3005 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3006 false);
3007 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3008 release_lock |= prepare_mmio_access(mr);
125b3806 3009
84b7b8e7 3010 /* I/O case */
50013115 3011 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3012#if defined(TARGET_WORDS_BIGENDIAN)
3013 if (endian == DEVICE_LITTLE_ENDIAN) {
3014 val = bswap64(val);
3015 }
3016#else
3017 if (endian == DEVICE_BIG_ENDIAN) {
3018 val = bswap64(val);
3019 }
84b7b8e7
FB		 3020#endif
3021 } else {
3022 /* RAM case */
5c8a00ce 3023 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3024 & TARGET_PAGE_MASK)
149f54b5 3025 + addr1);
1e78bcc1
AG		 3026 switch (endian) {
3027 case DEVICE_LITTLE_ENDIAN:
3028 val = ldq_le_p(ptr);
3029 break;
3030 case DEVICE_BIG_ENDIAN:
3031 val = ldq_be_p(ptr);
3032 break;
3033 default:
3034 val = ldq_p(ptr);
3035 break;
3036 }
50013115
PM		 3037 r = MEMTX_OK;
3038 }
3039 if (result) {
3040 *result = r;
84b7b8e7 3041 }
4840f10e
JK		 3042 if (release_lock) {
3043 qemu_mutex_unlock_iothread();
3044 }
41063e1e 3045 rcu_read_unlock();
84b7b8e7
FB		 3046 return val;
3047}
3048
50013115
PM		 3049uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3050 MemTxAttrs attrs, MemTxResult *result)
3051{
3052 return address_space_ldq_internal(as, addr, attrs, result,
3053 DEVICE_NATIVE_ENDIAN);
3054}
3055
3056uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3057 MemTxAttrs attrs, MemTxResult *result)
3058{
3059 return address_space_ldq_internal(as, addr, attrs, result,
3060 DEVICE_LITTLE_ENDIAN);
3061}
3062
3063uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3064 MemTxAttrs attrs, MemTxResult *result)
3065{
3066 return address_space_ldq_internal(as, addr, attrs, result,
3067 DEVICE_BIG_ENDIAN);
3068}
3069
2c17449b 3070uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3071{
50013115 3072 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3073}
3074
2c17449b 3075uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3076{
50013115 3077 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3078}
3079
2c17449b 3080uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3081{
50013115 3082 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3083}
3084
aab33094 3085/* XXX: optimize */
50013115
PM		 3086uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3087 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3088{
3089 uint8_t val;
50013115
PM		 3090 MemTxResult r;
3091
3092 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3093 if (result) {
3094 *result = r;
3095 }
aab33094
FB		 3096 return val;
3097}
3098
50013115
PM		 3099uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3100{
3101 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3102}
3103
733f0b02 3104/* warning: addr must be aligned */
50013115
PM		 3105static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3106 hwaddr addr,
3107 MemTxAttrs attrs,
3108 MemTxResult *result,
3109 enum device_endian endian)
aab33094 3110{
733f0b02
MT		 3111 uint8_t *ptr;
3112 uint64_t val;
5c8a00ce 3113 MemoryRegion *mr;
149f54b5
PB		 3114 hwaddr l = 2;
3115 hwaddr addr1;
50013115 3116 MemTxResult r;
4840f10e 3117 bool release_lock = false;
733f0b02 3118
41063e1e 3119 rcu_read_lock();
41701aa4 3120 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3121 false);
3122 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3123 release_lock |= prepare_mmio_access(mr);
125b3806 3124
733f0b02 3125 /* I/O case */
50013115 3126 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3127#if defined(TARGET_WORDS_BIGENDIAN)
3128 if (endian == DEVICE_LITTLE_ENDIAN) {
3129 val = bswap16(val);
3130 }
3131#else
3132 if (endian == DEVICE_BIG_ENDIAN) {
3133 val = bswap16(val);
3134 }
3135#endif
733f0b02
MT		 3136 } else {
3137 /* RAM case */
5c8a00ce 3138 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3139 & TARGET_PAGE_MASK)
149f54b5 3140 + addr1);
1e78bcc1
AG		 3141 switch (endian) {
3142 case DEVICE_LITTLE_ENDIAN:
3143 val = lduw_le_p(ptr);
3144 break;
3145 case DEVICE_BIG_ENDIAN:
3146 val = lduw_be_p(ptr);
3147 break;
3148 default:
3149 val = lduw_p(ptr);
3150 break;
3151 }
50013115
PM		 3152 r = MEMTX_OK;
3153 }
3154 if (result) {
3155 *result = r;
733f0b02 3156 }
4840f10e
JK		 3157 if (release_lock) {
3158 qemu_mutex_unlock_iothread();
3159 }
41063e1e 3160 rcu_read_unlock();
733f0b02 3161 return val;
aab33094
FB		 3162}
3163
50013115
PM		 3164uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3165 MemTxAttrs attrs, MemTxResult *result)
3166{
3167 return address_space_lduw_internal(as, addr, attrs, result,
3168 DEVICE_NATIVE_ENDIAN);
3169}
3170
3171uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3172 MemTxAttrs attrs, MemTxResult *result)
3173{
3174 return address_space_lduw_internal(as, addr, attrs, result,
3175 DEVICE_LITTLE_ENDIAN);
3176}
3177
3178uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3179 MemTxAttrs attrs, MemTxResult *result)
3180{
3181 return address_space_lduw_internal(as, addr, attrs, result,
3182 DEVICE_BIG_ENDIAN);
3183}
3184
41701aa4 3185uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3186{
50013115 3187 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3188}
3189
41701aa4 3190uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3191{
50013115 3192 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3193}
3194
41701aa4 3195uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3196{
50013115 3197 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3198}
3199
8df1cd07
FB		 3200/* warning: addr must be aligned. The ram page is not masked as dirty
3201 and the code inside is not invalidated. It is useful if the dirty
3202 bits are used to track modified PTEs */
50013115
PM		 3203void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3204 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3205{
8df1cd07 3206 uint8_t *ptr;
5c8a00ce 3207 MemoryRegion *mr;
149f54b5
PB		 3208 hwaddr l = 4;
3209 hwaddr addr1;
50013115 3210 MemTxResult r;
845b6214 3211 uint8_t dirty_log_mask;
4840f10e 3212 bool release_lock = false;
8df1cd07 3213
41063e1e 3214 rcu_read_lock();
2198a121 3215 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3216 true);
3217 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3218 release_lock |= prepare_mmio_access(mr);
125b3806 3219
50013115 3220 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3221 } else {
5c8a00ce 3222 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3223 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3224 stl_p(ptr, val);
74576198 3225
845b6214
PB		 3226 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3227 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3228 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3229 r = MEMTX_OK;
3230 }
3231 if (result) {
3232 *result = r;
8df1cd07 3233 }
4840f10e
JK		 3234 if (release_lock) {
3235 qemu_mutex_unlock_iothread();
3236 }
41063e1e 3237 rcu_read_unlock();
8df1cd07
FB		 3238}
3239
50013115
PM		 3240void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3241{
3242 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3243}
3244
8df1cd07 3245/* warning: addr must be aligned */
50013115
PM		 3246static inline void address_space_stl_internal(AddressSpace *as,
3247 hwaddr addr, uint32_t val,
3248 MemTxAttrs attrs,
3249 MemTxResult *result,
3250 enum device_endian endian)
8df1cd07 3251{
8df1cd07 3252 uint8_t *ptr;
5c8a00ce 3253 MemoryRegion *mr;
149f54b5
PB		 3254 hwaddr l = 4;
3255 hwaddr addr1;
50013115 3256 MemTxResult r;
4840f10e 3257 bool release_lock = false;
8df1cd07 3258
41063e1e 3259 rcu_read_lock();
ab1da857 3260 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3261 true);
3262 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3263 release_lock |= prepare_mmio_access(mr);
125b3806 3264
1e78bcc1
AG		 3265#if defined(TARGET_WORDS_BIGENDIAN)
3266 if (endian == DEVICE_LITTLE_ENDIAN) {
3267 val = bswap32(val);
3268 }
3269#else
3270 if (endian == DEVICE_BIG_ENDIAN) {
3271 val = bswap32(val);
3272 }
3273#endif
50013115 3274 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3275 } else {
8df1cd07 3276 /* RAM case */
5c8a00ce 3277 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3278 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3279 switch (endian) {
3280 case DEVICE_LITTLE_ENDIAN:
3281 stl_le_p(ptr, val);
3282 break;
3283 case DEVICE_BIG_ENDIAN:
3284 stl_be_p(ptr, val);
3285 break;
3286 default:
3287 stl_p(ptr, val);
3288 break;
3289 }
845b6214 3290 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3291 r = MEMTX_OK;
3292 }
3293 if (result) {
3294 *result = r;
8df1cd07 3295 }
4840f10e
JK		 3296 if (release_lock) {
3297 qemu_mutex_unlock_iothread();
3298 }
41063e1e 3299 rcu_read_unlock();
8df1cd07
FB		 3300}
3301
50013115
PM		 3302void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3303 MemTxAttrs attrs, MemTxResult *result)
3304{
3305 address_space_stl_internal(as, addr, val, attrs, result,
3306 DEVICE_NATIVE_ENDIAN);
3307}
3308
3309void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3310 MemTxAttrs attrs, MemTxResult *result)
3311{
3312 address_space_stl_internal(as, addr, val, attrs, result,
3313 DEVICE_LITTLE_ENDIAN);
3314}
3315
3316void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3317 MemTxAttrs attrs, MemTxResult *result)
3318{
3319 address_space_stl_internal(as, addr, val, attrs, result,
3320 DEVICE_BIG_ENDIAN);
3321}
3322
ab1da857 3323void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3324{
50013115 3325 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3326}
3327
ab1da857 3328void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3329{
50013115 3330 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3331}
3332
ab1da857 3333void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3334{
50013115 3335 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3336}
3337
aab33094 3338/* XXX: optimize */
50013115
PM		 3339void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3340 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3341{
3342 uint8_t v = val;
50013115
PM		 3343 MemTxResult r;
3344
3345 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3346 if (result) {
3347 *result = r;
3348 }
3349}
3350
3351void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3352{
3353 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3354}
3355
733f0b02 3356/* warning: addr must be aligned */
50013115
PM		 3357static inline void address_space_stw_internal(AddressSpace *as,
3358 hwaddr addr, uint32_t val,
3359 MemTxAttrs attrs,
3360 MemTxResult *result,
3361 enum device_endian endian)
aab33094 3362{
733f0b02 3363 uint8_t *ptr;
5c8a00ce 3364 MemoryRegion *mr;
149f54b5
PB		 3365 hwaddr l = 2;
3366 hwaddr addr1;
50013115 3367 MemTxResult r;
4840f10e 3368 bool release_lock = false;
733f0b02 3369
41063e1e 3370 rcu_read_lock();
5ce5944d 3371 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3372 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3373 release_lock |= prepare_mmio_access(mr);
125b3806 3374
1e78bcc1
AG		 3375#if defined(TARGET_WORDS_BIGENDIAN)
3376 if (endian == DEVICE_LITTLE_ENDIAN) {
3377 val = bswap16(val);
3378 }
3379#else
3380 if (endian == DEVICE_BIG_ENDIAN) {
3381 val = bswap16(val);
3382 }
3383#endif
50013115 3384 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3385 } else {
733f0b02 3386 /* RAM case */
5c8a00ce 3387 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3388 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3389 switch (endian) {
3390 case DEVICE_LITTLE_ENDIAN:
3391 stw_le_p(ptr, val);
3392 break;
3393 case DEVICE_BIG_ENDIAN:
3394 stw_be_p(ptr, val);
3395 break;
3396 default:
3397 stw_p(ptr, val);
3398 break;
3399 }
845b6214 3400 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3401 r = MEMTX_OK;
3402 }
3403 if (result) {
3404 *result = r;
733f0b02 3405 }
4840f10e
JK		 3406 if (release_lock) {
3407 qemu_mutex_unlock_iothread();
3408 }
41063e1e 3409 rcu_read_unlock();
aab33094
FB		 3410}
3411
50013115
PM		 3412void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3413 MemTxAttrs attrs, MemTxResult *result)
3414{
3415 address_space_stw_internal(as, addr, val, attrs, result,
3416 DEVICE_NATIVE_ENDIAN);
3417}
3418
3419void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3420 MemTxAttrs attrs, MemTxResult *result)
3421{
3422 address_space_stw_internal(as, addr, val, attrs, result,
3423 DEVICE_LITTLE_ENDIAN);
3424}
3425
3426void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3427 MemTxAttrs attrs, MemTxResult *result)
3428{
3429 address_space_stw_internal(as, addr, val, attrs, result,
3430 DEVICE_BIG_ENDIAN);
3431}
3432
5ce5944d 3433void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3434{
50013115 3435 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3436}
3437
5ce5944d 3438void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3439{
50013115 3440 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3441}
3442
5ce5944d 3443void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3444{
50013115 3445 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3446}
3447
aab33094 3448/* XXX: optimize */
50013115
PM		 3449void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3450 MemTxAttrs attrs, MemTxResult *result)
aab33094 3451{
50013115 3452 MemTxResult r;
aab33094 3453 val = tswap64(val);
50013115
PM		 3454 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3455 if (result) {
3456 *result = r;
3457 }
aab33094
FB		 3458}
3459
50013115
PM		 3460void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3461 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3462{
50013115 3463 MemTxResult r;
1e78bcc1 3464 val = cpu_to_le64(val);
50013115
PM		 3465 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3466 if (result) {
3467 *result = r;
3468 }
3469}
3470void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3471 MemTxAttrs attrs, MemTxResult *result)
3472{
3473 MemTxResult r;
3474 val = cpu_to_be64(val);
3475 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3476 if (result) {
3477 *result = r;
3478 }
3479}
3480
3481void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3482{
3483 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3484}
3485
3486void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3487{
3488 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3489}
3490
f606604f 3491void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3492{
50013115 3493 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3494}
3495
5e2972fd 3496/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3497int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3498 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3499{
3500 int l;
a8170e5e 3501 hwaddr phys_addr;
9b3c35e0 3502 target_ulong page;
13eb76e0
FB		 3503
3504 while (len > 0) {
3505 page = addr & TARGET_PAGE_MASK;
f17ec444 3506 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3507 /* if no physical page mapped, return an error */
3508 if (phys_addr == -1)
3509 return -1;
3510 l = (page + TARGET_PAGE_SIZE) - addr;
3511 if (l > len)
3512 l = len;
5e2972fd 3513 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3514 if (is_write) {
3515 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3516 } else {
5c9eb028
PM		 3517 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3518 buf, l, 0);
2e38847b 3519 }
13eb76e0
FB		 3520 len -= l;
3521 buf += l;
3522 addr += l;
3523 }
3524 return 0;
3525}
a68fe89c 3526#endif
13eb76e0 3527
8e4a424b
BS		 3528/*
3529 * A helper function for the _utterly broken_ virtio device model to find out if
3530 * it's running on a big endian machine. Don't do this at home kids!
3531 */
98ed8ecf
GK		 3532bool target_words_bigendian(void);
3533bool target_words_bigendian(void)
8e4a424b
BS		 3534{
3535#if defined(TARGET_WORDS_BIGENDIAN)
3536 return true;
3537#else
3538 return false;
3539#endif
3540}
3541
76f35538 3542#ifndef CONFIG_USER_ONLY
a8170e5e 3543bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3544{
5c8a00ce 3545 MemoryRegion*mr;
149f54b5 3546 hwaddr l = 1;
41063e1e 3547 bool res;
76f35538 3548
41063e1e 3549 rcu_read_lock();
5c8a00ce
PB		 3550 mr = address_space_translate(&address_space_memory,
3551 phys_addr, &phys_addr, &l, false);
76f35538 3552
41063e1e
PB		 3553 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3554 rcu_read_unlock();
3555 return res;
76f35538 3556}
bd2fa51f 3557
e3807054 3558int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3559{
3560 RAMBlock *block;
e3807054 3561 int ret = 0;
bd2fa51f 3562
0dc3f44a
MD		 3563 rcu_read_lock();
3564 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3565 ret = func(block->idstr, block->host, block->offset,
3566 block->used_length, opaque);
3567 if (ret) {
3568 break;
3569 }
bd2fa51f 3570 }
0dc3f44a 3571 rcu_read_unlock();
e3807054 3572 return ret;
bd2fa51f 3573}
ec3f8c99 3574#endif
Empty description
This page took 1.526329 seconds and 4 git commands to generate.