]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
machine: query dump-guest-core machine property
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
47c8ca53 29#include "hw/boards.h"
cc9e98cb 30#include "hw/qdev.h"
1de7afc9 31#include "qemu/osdep.h"
9c17d615 32#include "sysemu/kvm.h"
2ff3de68 33#include "sysemu/sysemu.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
0dc3f44a 48#include "qemu/rcu_queue.h"
022c62cb 49#include "exec/cputlb.h"
5b6dd868 50#include "translate-all.h"
0cac1b66 51
022c62cb 52#include "exec/memory-internal.h"
220c3ebd 53#include "exec/ram_addr.h"
67d95c15 54
b35ba30f
MT		 55#include "qemu/range.h"
56
db7b5426 57//#define DEBUG_SUBPAGE
1196be37 58
e2eef170 59#if !defined(CONFIG_USER_ONLY)
981fdf23 60static bool in_migration;
94a6b54f 61
0dc3f44a
MD		 62/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
0d53d9fe 65RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 66
67static MemoryRegion *system_memory;
309cb471 68static MemoryRegion *system_io;
62152b8a 69
f6790af6
AK		 70AddressSpace address_space_io;
71AddressSpace address_space_memory;
2673a5da 72
0844e007 73MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 74static MemoryRegion io_mem_unassigned;
0e0df1e2 75
7bd4f430
PB		 76/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77#define RAM_PREALLOC (1 << 0)
78
dbcb8981
PB		 79/* RAM is mmap-ed with MAP_SHARED */
80#define RAM_SHARED (1 << 1)
81
62be4e3a
MT		 82/* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85#define RAM_RESIZEABLE (1 << 2)
86
e2eef170 87#endif
9fa3e853 88
bdc44640 89struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 90/* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
4917cf44 92DEFINE_TLS(CPUState *, current_cpu);
2e70f6ef 93/* 0 = Do not count executed instructions.
bf20dc07 94 1 = Precise instruction counting.
2e70f6ef 95 2 = Adaptive rate instruction counting. */
5708fc66 96int use_icount;
6a00d601 97
e2eef170 98#if !defined(CONFIG_USER_ONLY)
4346ae3e 99
1db8abb1
PB		 100typedef struct PhysPageEntry PhysPageEntry;
101
102struct PhysPageEntry {
9736e55b 103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 104 uint32_t skip : 6;
9736e55b 105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 106 uint32_t ptr : 26;
1db8abb1
PB		 107};
108
8b795765
MT		 109#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
110
03f49957 111/* Size of the L2 (and L3, etc) page tables. */
57271d63 112#define ADDR_SPACE_BITS 64
03f49957 113
026736ce 114#define P_L2_BITS 9
03f49957
PB		 115#define P_L2_SIZE (1 << P_L2_BITS)
116
117#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
118
119typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 120
53cb28cb 121typedef struct PhysPageMap {
79e2b9ae
PB		 122 struct rcu_head rcu;
123
53cb28cb
MA		 124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130} PhysPageMap;
131
1db8abb1 132struct AddressSpaceDispatch {
79e2b9ae
PB		 133 struct rcu_head rcu;
134
1db8abb1
PB		 135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
137 */
138 PhysPageEntry phys_map;
53cb28cb 139 PhysPageMap map;
acc9d80b 140 AddressSpace *as;
1db8abb1
PB		 141};
142
90260c6c
JK		 143#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144typedef struct subpage_t {
145 MemoryRegion iomem;
acc9d80b 146 AddressSpace *as;
90260c6c
JK		 147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149} subpage_t;
150
b41aac4f
LPF		 151#define PHYS_SECTION_UNASSIGNED 0
152#define PHYS_SECTION_NOTDIRTY 1
153#define PHYS_SECTION_ROM 2
154#define PHYS_SECTION_WATCH 3
5312bd8b 155
e2eef170 156static void io_mem_init(void);
62152b8a 157static void memory_map_init(void);
09daed84 158static void tcg_commit(MemoryListener *listener);
e2eef170 159
1ec9b909 160static MemoryRegion io_mem_watch;
6658ffb8 161#endif
fd6ce8f6 162
6d9a1304 163#if !defined(CONFIG_USER_ONLY)
d6f2ea22 164
53cb28cb 165static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 166{
53cb28cb
MA		 167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 171 }
f7bf5461
AK		 172}
173
53cb28cb 174static uint32_t phys_map_node_alloc(PhysPageMap *map)
f7bf5461
AK		 175{
176 unsigned i;
8b795765 177 uint32_t ret;
f7bf5461 178
53cb28cb 179 ret = map->nodes_nb++;
f7bf5461 180 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 181 assert(ret != map->nodes_nb_alloc);
03f49957 182 for (i = 0; i < P_L2_SIZE; ++i) {
53cb28cb
MA		 183 map->nodes[ret][i].skip = 1;
184 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 185 }
f7bf5461 186 return ret;
d6f2ea22
AK		 187}
188
53cb28cb
MA		 189static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
190 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 191 int level)
f7bf5461
AK		 192{
193 PhysPageEntry *p;
194 int i;
03f49957 195 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 196
9736e55b 197 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
53cb28cb
MA		 198 lp->ptr = phys_map_node_alloc(map);
199 p = map->nodes[lp->ptr];
f7bf5461 200 if (level == 0) {
03f49957 201 for (i = 0; i < P_L2_SIZE; i++) {
9736e55b 202 p[i].skip = 0;
b41aac4f 203 p[i].ptr = PHYS_SECTION_UNASSIGNED;
4346ae3e 204 }
67c4d23c 205 }
f7bf5461 206 } else {
53cb28cb 207 p = map->nodes[lp->ptr];
92e873b9 208 }
03f49957 209 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 210
03f49957 211 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 212 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 213 lp->skip = 0;
c19e8800 214 lp->ptr = leaf;
07f07b31
AK		 215 *index += step;
216 *nb -= step;
2999097b 217 } else {
53cb28cb 218 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 219 }
220 ++lp;
f7bf5461
AK		 221 }
222}
223
ac1970fb 224static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 225 hwaddr index, hwaddr nb,
2999097b 226 uint16_t leaf)
f7bf5461 227{
2999097b 228 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 229 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 230
53cb28cb 231 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 232}
233
b35ba30f
MT		 234/* Compact a non leaf page entry. Simply detect that the entry has a single child,
235 * and update our entry so we can skip it and go directly to the destination.
236 */
237static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
238{
239 unsigned valid_ptr = P_L2_SIZE;
240 int valid = 0;
241 PhysPageEntry *p;
242 int i;
243
244 if (lp->ptr == PHYS_MAP_NODE_NIL) {
245 return;
246 }
247
248 p = nodes[lp->ptr];
249 for (i = 0; i < P_L2_SIZE; i++) {
250 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
251 continue;
252 }
253
254 valid_ptr = i;
255 valid++;
256 if (p[i].skip) {
257 phys_page_compact(&p[i], nodes, compacted);
258 }
259 }
260
261 /* We can only compress if there's only one child. */
262 if (valid != 1) {
263 return;
264 }
265
266 assert(valid_ptr < P_L2_SIZE);
267
268 /* Don't compress if it won't fit in the # of bits we have. */
269 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
270 return;
271 }
272
273 lp->ptr = p[valid_ptr].ptr;
274 if (!p[valid_ptr].skip) {
275 /* If our only child is a leaf, make this a leaf. */
276 /* By design, we should have made this node a leaf to begin with so we
277 * should never reach here.
278 * But since it's so simple to handle this, let's do it just in case we
279 * change this rule.
280 */
281 lp->skip = 0;
282 } else {
283 lp->skip += p[valid_ptr].skip;
284 }
285}
286
287static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
288{
289 DECLARE_BITMAP(compacted, nodes_nb);
290
291 if (d->phys_map.skip) {
53cb28cb 292 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 293 }
294}
295
97115a8d 296static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 297 Node *nodes, MemoryRegionSection *sections)
92e873b9 298{
31ab2b4a 299 PhysPageEntry *p;
97115a8d 300 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 301 int i;
f1f6e3b8 302
9736e55b 303 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 304 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 305 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 306 }
9affd6fc 307 p = nodes[lp.ptr];
03f49957 308 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 309 }
b35ba30f
MT		 310
311 if (sections[lp.ptr].size.hi ||
312 range_covers_byte(sections[lp.ptr].offset_within_address_space,
313 sections[lp.ptr].size.lo, addr)) {
314 return &sections[lp.ptr];
315 } else {
316 return &sections[PHYS_SECTION_UNASSIGNED];
317 }
f3705d53
AK		 318}
319
e5548617
BS		 320bool memory_region_is_unassigned(MemoryRegion *mr)
321{
2a8e7499 322 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 323 && mr != &io_mem_watch;
fd6ce8f6 324}
149f54b5 325
79e2b9ae 326/* Called from RCU critical section */
c7086b4a 327static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 328 hwaddr addr,
329 bool resolve_subpage)
9f029603 330{
90260c6c
JK		 331 MemoryRegionSection *section;
332 subpage_t *subpage;
333
53cb28cb 334 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 335 if (resolve_subpage && section->mr->subpage) {
336 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 337 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 338 }
339 return section;
9f029603
JK		 340}
341
79e2b9ae 342/* Called from RCU critical section */
90260c6c 343static MemoryRegionSection *
c7086b4a 344address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 345 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 346{
347 MemoryRegionSection *section;
a87f3954 348 Int128 diff;
149f54b5 349
c7086b4a 350 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 351 /* Compute offset within MemoryRegionSection */
352 addr -= section->offset_within_address_space;
353
354 /* Compute offset within MemoryRegion */
355 *xlat = addr + section->offset_within_region;
356
357 diff = int128_sub(section->mr->size, int128_make64(addr));
3752a036 358 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
149f54b5
PB		 359 return section;
360}
90260c6c 361
a87f3954
PB		 362static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
363{
364 if (memory_region_is_ram(mr)) {
365 return !(is_write && mr->readonly);
366 }
367 if (memory_region_is_romd(mr)) {
368 return !is_write;
369 }
370
371 return false;
372}
373
5c8a00ce
PB		 374MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
375 hwaddr *xlat, hwaddr *plen,
376 bool is_write)
90260c6c 377{
30951157
AK		 378 IOMMUTLBEntry iotlb;
379 MemoryRegionSection *section;
380 MemoryRegion *mr;
381 hwaddr len = *plen;
382
79e2b9ae 383 rcu_read_lock();
30951157 384 for (;;) {
79e2b9ae
PB		 385 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
386 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 387 mr = section->mr;
388
389 if (!mr->iommu_ops) {
390 break;
391 }
392
8d7b8cb9 393 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 394 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
395 | (addr & iotlb.addr_mask));
396 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
397 if (!(iotlb.perm & (1 << is_write))) {
398 mr = &io_mem_unassigned;
399 break;
400 }
401
402 as = iotlb.target_as;
403 }
404
fe680d0d 405 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954
PB		 406 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
407 len = MIN(page, len);
408 }
409
30951157
AK		 410 *plen = len;
411 *xlat = addr;
79e2b9ae 412 rcu_read_unlock();
30951157 413 return mr;
90260c6c
JK		 414}
415
79e2b9ae 416/* Called from RCU critical section */
90260c6c 417MemoryRegionSection *
9d82b5a7
PB		 418address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen)
90260c6c 420{
30951157 421 MemoryRegionSection *section;
9d82b5a7
PB		 422 section = address_space_translate_internal(cpu->memory_dispatch,
423 addr, xlat, plen, false);
30951157
AK		 424
425 assert(!section->mr->iommu_ops);
426 return section;
90260c6c 427}
5b6dd868 428#endif
fd6ce8f6 429
5b6dd868 430void cpu_exec_init_all(void)
fdbb84d1 431{
5b6dd868 432#if !defined(CONFIG_USER_ONLY)
b2a8658e 433 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 434 memory_map_init();
435 io_mem_init();
fdbb84d1 436#endif
5b6dd868 437}
fdbb84d1 438
b170fce3 439#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 440
441static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 442{
259186a7 443 CPUState *cpu = opaque;
a513fe19 444
5b6dd868
BS		 445 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
446 version_id is increased. */
259186a7 447 cpu->interrupt_request &= ~0x01;
c01a71c1 448 tlb_flush(cpu, 1);
5b6dd868
BS		 449
450 return 0;
a513fe19 451}
7501267e 452
6c3bff0e
PD		 453static int cpu_common_pre_load(void *opaque)
454{
455 CPUState *cpu = opaque;
456
adee6424 457 cpu->exception_index = -1;
6c3bff0e
PD		 458
459 return 0;
460}
461
462static bool cpu_common_exception_index_needed(void *opaque)
463{
464 CPUState *cpu = opaque;
465
adee6424 466 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 467}
468
469static const VMStateDescription vmstate_cpu_common_exception_index = {
470 .name = "cpu_common/exception_index",
471 .version_id = 1,
472 .minimum_version_id = 1,
473 .fields = (VMStateField[]) {
474 VMSTATE_INT32(exception_index, CPUState),
475 VMSTATE_END_OF_LIST()
476 }
477};
478
1a1562f5 479const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 480 .name = "cpu_common",
481 .version_id = 1,
482 .minimum_version_id = 1,
6c3bff0e 483 .pre_load = cpu_common_pre_load,
5b6dd868 484 .post_load = cpu_common_post_load,
35d08458 485 .fields = (VMStateField[]) {
259186a7
AF		 486 VMSTATE_UINT32(halted, CPUState),
487 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 488 VMSTATE_END_OF_LIST()
6c3bff0e
PD		 489 },
490 .subsections = (VMStateSubsection[]) {
491 {
492 .vmsd = &vmstate_cpu_common_exception_index,
493 .needed = cpu_common_exception_index_needed,
494 } , {
495 /* empty */
496 }
5b6dd868
BS		 497 }
498};
1a1562f5 499
5b6dd868 500#endif
ea041c0e 501
38d8f5c8 502CPUState *qemu_get_cpu(int index)
ea041c0e 503{
bdc44640 504 CPUState *cpu;
ea041c0e 505
bdc44640 506 CPU_FOREACH(cpu) {
55e5c285 507 if (cpu->cpu_index == index) {
bdc44640 508 return cpu;
55e5c285 509 }
ea041c0e 510 }
5b6dd868 511
bdc44640 512 return NULL;
ea041c0e
FB		 513}
514
09daed84
EI		 515#if !defined(CONFIG_USER_ONLY)
516void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
517{
518 /* We only support one address space per cpu at the moment. */
519 assert(cpu->as == as);
520
521 if (cpu->tcg_as_listener) {
522 memory_listener_unregister(cpu->tcg_as_listener);
523 } else {
524 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
525 }
526 cpu->tcg_as_listener->commit = tcg_commit;
527 memory_listener_register(cpu->tcg_as_listener, as);
528}
529#endif
530
5b6dd868 531void cpu_exec_init(CPUArchState *env)
ea041c0e 532{
5b6dd868 533 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 534 CPUClass *cc = CPU_GET_CLASS(cpu);
bdc44640 535 CPUState *some_cpu;
5b6dd868
BS		 536 int cpu_index;
537
538#if defined(CONFIG_USER_ONLY)
539 cpu_list_lock();
540#endif
5b6dd868 541 cpu_index = 0;
bdc44640 542 CPU_FOREACH(some_cpu) {
5b6dd868
BS		 543 cpu_index++;
544 }
55e5c285 545 cpu->cpu_index = cpu_index;
1b1ed8dc 546 cpu->numa_node = 0;
f0c3c505 547 QTAILQ_INIT(&cpu->breakpoints);
ff4700b0 548 QTAILQ_INIT(&cpu->watchpoints);
5b6dd868 549#ifndef CONFIG_USER_ONLY
09daed84 550 cpu->as = &address_space_memory;
5b6dd868
BS		 551 cpu->thread_id = qemu_get_thread_id();
552#endif
bdc44640 553 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 554#if defined(CONFIG_USER_ONLY)
555 cpu_list_unlock();
556#endif
e0d47944
AF		 557 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
558 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
559 }
5b6dd868 560#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 561 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
562 cpu_save, cpu_load, env);
b170fce3 563 assert(cc->vmsd == NULL);
e0d47944 564 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 565#endif
b170fce3
AF		 566 if (cc->vmsd != NULL) {
567 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
568 }
ea041c0e
FB		 569}
570
94df27fd 571#if defined(CONFIG_USER_ONLY)
00b941e5 572static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 573{
574 tb_invalidate_phys_page_range(pc, pc + 1, 0);
575}
576#else
00b941e5 577static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 578{
e8262a1b
MF		 579 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
580 if (phys != -1) {
09daed84 581 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 582 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 583 }
1e7855a5 584}
c27004ec 585#endif
d720b93d 586
c527ee8f 587#if defined(CONFIG_USER_ONLY)
75a34036 588void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 589
590{
591}
592
3ee887e8
PM		 593int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
594 int flags)
595{
596 return -ENOSYS;
597}
598
599void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
600{
601}
602
75a34036 603int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 604 int flags, CPUWatchpoint **watchpoint)
605{
606 return -ENOSYS;
607}
608#else
6658ffb8 609/* Add a watchpoint. */
75a34036 610int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 611 int flags, CPUWatchpoint **watchpoint)
6658ffb8 612{
c0ce998e 613 CPUWatchpoint *wp;
6658ffb8 614
05068c0d 615 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 616 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 617 error_report("tried to set invalid watchpoint at %"
618 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 619 return -EINVAL;
620 }
7267c094 621 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 622
623 wp->vaddr = addr;
05068c0d 624 wp->len = len;
a1d1bb31
AL		 625 wp->flags = flags;
626
2dc9f411 627 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 628 if (flags & BP_GDB) {
629 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
630 } else {
631 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
632 }
6658ffb8 633
31b030d4 634 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 635
636 if (watchpoint)
637 *watchpoint = wp;
638 return 0;
6658ffb8
PB		 639}
640
a1d1bb31 641/* Remove a specific watchpoint. */
75a34036 642int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 643 int flags)
6658ffb8 644{
a1d1bb31 645 CPUWatchpoint *wp;
6658ffb8 646
ff4700b0 647 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 648 if (addr == wp->vaddr && len == wp->len
6e140f28 649 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 650 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 651 return 0;
652 }
653 }
a1d1bb31 654 return -ENOENT;
6658ffb8
PB		 655}
656
a1d1bb31 657/* Remove a specific watchpoint by reference. */
75a34036 658void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 659{
ff4700b0 660 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 661
31b030d4 662 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 663
7267c094 664 g_free(watchpoint);
a1d1bb31
AL		 665}
666
667/* Remove all matching watchpoints. */
75a34036 668void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 669{
c0ce998e 670 CPUWatchpoint *wp, *next;
a1d1bb31 671
ff4700b0 672 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 673 if (wp->flags & mask) {
674 cpu_watchpoint_remove_by_ref(cpu, wp);
675 }
c0ce998e 676 }
7d03f82f 677}
05068c0d
PM		 678
679/* Return true if this watchpoint address matches the specified
680 * access (ie the address range covered by the watchpoint overlaps
681 * partially or completely with the address range covered by the
682 * access).
683 */
684static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
685 vaddr addr,
686 vaddr len)
687{
688 /* We know the lengths are non-zero, but a little caution is
689 * required to avoid errors in the case where the range ends
690 * exactly at the top of the address space and so addr + len
691 * wraps round to zero.
692 */
693 vaddr wpend = wp->vaddr + wp->len - 1;
694 vaddr addrend = addr + len - 1;
695
696 return !(addr > wpend || wp->vaddr > addrend);
697}
698
c527ee8f 699#endif
7d03f82f 700
a1d1bb31 701/* Add a breakpoint. */
b3310ab3 702int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 703 CPUBreakpoint **breakpoint)
4c3a88a2 704{
c0ce998e 705 CPUBreakpoint *bp;
3b46e624 706
7267c094 707 bp = g_malloc(sizeof(*bp));
4c3a88a2 708
a1d1bb31
AL		 709 bp->pc = pc;
710 bp->flags = flags;
711
2dc9f411 712 /* keep all GDB-injected breakpoints in front */
00b941e5 713 if (flags & BP_GDB) {
f0c3c505 714 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 715 } else {
f0c3c505 716 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 717 }
3b46e624 718
f0c3c505 719 breakpoint_invalidate(cpu, pc);
a1d1bb31 720
00b941e5 721 if (breakpoint) {
a1d1bb31 722 *breakpoint = bp;
00b941e5 723 }
4c3a88a2 724 return 0;
4c3a88a2
FB		 725}
726
a1d1bb31 727/* Remove a specific breakpoint. */
b3310ab3 728int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 729{
a1d1bb31
AL		 730 CPUBreakpoint *bp;
731
f0c3c505 732 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 733 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 734 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 735 return 0;
736 }
7d03f82f 737 }
a1d1bb31 738 return -ENOENT;
7d03f82f
EI		 739}
740
a1d1bb31 741/* Remove a specific breakpoint by reference. */
b3310ab3 742void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 743{
f0c3c505
AF		 744 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
745
746 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 747
7267c094 748 g_free(breakpoint);
a1d1bb31
AL		 749}
750
751/* Remove all matching breakpoints. */
b3310ab3 752void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 753{
c0ce998e 754 CPUBreakpoint *bp, *next;
a1d1bb31 755
f0c3c505 756 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 757 if (bp->flags & mask) {
758 cpu_breakpoint_remove_by_ref(cpu, bp);
759 }
c0ce998e 760 }
4c3a88a2
FB		 761}
762
c33a346e
FB		 763/* enable or disable single step mode. EXCP_DEBUG is returned by the
764 CPU loop after each instruction */
3825b28f 765void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 766{
ed2803da
AF		 767 if (cpu->singlestep_enabled != enabled) {
768 cpu->singlestep_enabled = enabled;
769 if (kvm_enabled()) {
38e478ec 770 kvm_update_guest_debug(cpu, 0);
ed2803da 771 } else {
ccbb4d44 772 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 773 /* XXX: only flush what is necessary */
38e478ec 774 CPUArchState *env = cpu->env_ptr;
e22a25c9
AL		 775 tb_flush(env);
776 }
c33a346e 777 }
c33a346e
FB		 778}
779
a47dddd7 780void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 781{
782 va_list ap;
493ae1f0 783 va_list ap2;
7501267e
FB		 784
785 va_start(ap, fmt);
493ae1f0 786 va_copy(ap2, ap);
7501267e
FB		 787 fprintf(stderr, "qemu: fatal: ");
788 vfprintf(stderr, fmt, ap);
789 fprintf(stderr, "\n");
878096ee 790 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 791 if (qemu_log_enabled()) {
792 qemu_log("qemu: fatal: ");
793 qemu_log_vprintf(fmt, ap2);
794 qemu_log("\n");
a0762859 795 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 796 qemu_log_flush();
93fcfe39 797 qemu_log_close();
924edcae 798 }
493ae1f0 799 va_end(ap2);
f9373291 800 va_end(ap);
fd052bf6
RV		 801#if defined(CONFIG_USER_ONLY)
802 {
803 struct sigaction act;
804 sigfillset(&act.sa_mask);
805 act.sa_handler = SIG_DFL;
806 sigaction(SIGABRT, &act, NULL);
807 }
808#endif
7501267e
FB		 809 abort();
810}
811
0124311e 812#if !defined(CONFIG_USER_ONLY)
0dc3f44a 813/* Called from RCU critical section */
041603fe
PB		 814static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
815{
816 RAMBlock *block;
817
43771539 818 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 819 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 820 goto found;
821 }
0dc3f44a 822 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 823 if (addr - block->offset < block->max_length) {
041603fe
PB		 824 goto found;
825 }
826 }
827
828 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
829 abort();
830
831found:
43771539
PB		 832 /* It is safe to write mru_block outside the iothread lock. This
833 * is what happens:
834 *
835 * mru_block = xxx
836 * rcu_read_unlock()
837 * xxx removed from list
838 * rcu_read_lock()
839 * read mru_block
840 * mru_block = NULL;
841 * call_rcu(reclaim_ramblock, xxx);
842 * rcu_read_unlock()
843 *
844 * atomic_rcu_set is not needed here. The block was already published
845 * when it was placed into the list. Here we're just making an extra
846 * copy of the pointer.
847 */
041603fe
PB		 848 ram_list.mru_block = block;
849 return block;
850}
851
a2f4d5be 852static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 853{
041603fe 854 ram_addr_t start1;
a2f4d5be
JQ		 855 RAMBlock *block;
856 ram_addr_t end;
857
858 end = TARGET_PAGE_ALIGN(start + length);
859 start &= TARGET_PAGE_MASK;
d24981d3 860
0dc3f44a 861 rcu_read_lock();
041603fe
PB		 862 block = qemu_get_ram_block(start);
863 assert(block == qemu_get_ram_block(end - 1));
1240be24 864 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
041603fe 865 cpu_tlb_reset_dirty_all(start1, length);
0dc3f44a 866 rcu_read_unlock();
d24981d3
JQ		 867}
868
5579c7f3 869/* Note: start and end must be within the same ram block. */
a2f4d5be 870void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
52159192 871 unsigned client)
1ccde1cb 872{
1ccde1cb
FB		 873 if (length == 0)
874 return;
c8d6f66a 875 cpu_physical_memory_clear_dirty_range_type(start, length, client);
f23db169 876
d24981d3 877 if (tcg_enabled()) {
a2f4d5be 878 tlb_reset_dirty_range_all(start, length);
5579c7f3 879 }
1ccde1cb
FB		 880}
881
981fdf23 882static void cpu_physical_memory_set_dirty_tracking(bool enable)
74576198
AL		 883{
884 in_migration = enable;
74576198
AL		 885}
886
79e2b9ae 887/* Called from RCU critical section */
bb0e627a 888hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 889 MemoryRegionSection *section,
890 target_ulong vaddr,
891 hwaddr paddr, hwaddr xlat,
892 int prot,
893 target_ulong *address)
e5548617 894{
a8170e5e 895 hwaddr iotlb;
e5548617
BS		 896 CPUWatchpoint *wp;
897
cc5bea60 898 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 899 /* Normal RAM. */
900 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 901 + xlat;
e5548617 902 if (!section->readonly) {
b41aac4f 903 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 904 } else {
b41aac4f 905 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 906 }
907 } else {
1b3fb98f 908 iotlb = section - section->address_space->dispatch->map.sections;
149f54b5 909 iotlb += xlat;
e5548617
BS		 910 }
911
912 /* Make accesses to pages with watchpoints go via the
913 watchpoint trap routines. */
ff4700b0 914 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 915 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 916 /* Avoid trapping reads of pages with a write breakpoint. */
917 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 918 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 919 *address |= TLB_MMIO;
920 break;
921 }
922 }
923 }
924
925 return iotlb;
926}
9fa3e853
FB		 927#endif /* defined(CONFIG_USER_ONLY) */
928
e2eef170 929#if !defined(CONFIG_USER_ONLY)
8da3ff18 930
c227f099 931static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 932 uint16_t section);
acc9d80b 933static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 934
a2b257d6
IM		 935static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
936 qemu_anon_ram_alloc;
91138037
MA		 937
938/*
939 * Set a custom physical guest memory alloator.
940 * Accelerators with unusual needs may need this. Hopefully, we can
941 * get rid of it eventually.
942 */
a2b257d6 943void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 944{
945 phys_mem_alloc = alloc;
946}
947
53cb28cb
MA		 948static uint16_t phys_section_add(PhysPageMap *map,
949 MemoryRegionSection *section)
5312bd8b 950{
68f3f65b
PB		 951 /* The physical section number is ORed with a page-aligned
952 * pointer to produce the iotlb entries. Thus it should
953 * never overflow into the page-aligned value.
954 */
53cb28cb 955 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 956
53cb28cb
MA		 957 if (map->sections_nb == map->sections_nb_alloc) {
958 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
959 map->sections = g_renew(MemoryRegionSection, map->sections,
960 map->sections_nb_alloc);
5312bd8b 961 }
53cb28cb 962 map->sections[map->sections_nb] = *section;
dfde4e6e 963 memory_region_ref(section->mr);
53cb28cb 964 return map->sections_nb++;
5312bd8b
AK		 965}
966
058bc4b5
PB		 967static void phys_section_destroy(MemoryRegion *mr)
968{
dfde4e6e
PB		 969 memory_region_unref(mr);
970
058bc4b5
PB		 971 if (mr->subpage) {
972 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 973 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 974 g_free(subpage);
975 }
976}
977
6092666e 978static void phys_sections_free(PhysPageMap *map)
5312bd8b 979{
9affd6fc
PB		 980 while (map->sections_nb > 0) {
981 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 982 phys_section_destroy(section->mr);
983 }
9affd6fc
PB		 984 g_free(map->sections);
985 g_free(map->nodes);
5312bd8b
AK		 986}
987
ac1970fb 988static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 989{
990 subpage_t *subpage;
a8170e5e 991 hwaddr base = section->offset_within_address_space
0f0cb164 992 & TARGET_PAGE_MASK;
97115a8d 993 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 994 d->map.nodes, d->map.sections);
0f0cb164
AK		 995 MemoryRegionSection subsection = {
996 .offset_within_address_space = base,
052e87b0 997 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 998 };
a8170e5e 999 hwaddr start, end;
0f0cb164 1000
f3705d53 1001 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1002
f3705d53 1003 if (!(existing->mr->subpage)) {
acc9d80b 1004 subpage = subpage_init(d->as, base);
3be91e86 1005 subsection.address_space = d->as;
0f0cb164 1006 subsection.mr = &subpage->iomem;
ac1970fb 1007 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1008 phys_section_add(&d->map, &subsection));
0f0cb164 1009 } else {
f3705d53 1010 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1011 }
1012 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1013 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1014 subpage_register(subpage, start, end,
1015 phys_section_add(&d->map, section));
0f0cb164
AK		 1016}
1017
1018
052e87b0
PB		 1019static void register_multipage(AddressSpaceDispatch *d,
1020 MemoryRegionSection *section)
33417e70 1021{
a8170e5e 1022 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1023 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1024 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1025 TARGET_PAGE_BITS));
dd81124b 1026
733d5ef5
PB		 1027 assert(num_pages);
1028 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1029}
1030
ac1970fb 1031static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1032{
89ae337a 1033 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1034 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1035 MemoryRegionSection now = *section, remain = *section;
052e87b0 1036 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1037
733d5ef5
PB		 1038 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1039 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1040 - now.offset_within_address_space;
1041
052e87b0 1042 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1043 register_subpage(d, &now);
733d5ef5 1044 } else {
052e87b0 1045 now.size = int128_zero();
733d5ef5 1046 }
052e87b0
PB		 1047 while (int128_ne(remain.size, now.size)) {
1048 remain.size = int128_sub(remain.size, now.size);
1049 remain.offset_within_address_space += int128_get64(now.size);
1050 remain.offset_within_region += int128_get64(now.size);
69b67646 1051 now = remain;
052e87b0 1052 if (int128_lt(remain.size, page_size)) {
733d5ef5 1053 register_subpage(d, &now);
88266249 1054 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1055 now.size = page_size;
ac1970fb 1056 register_subpage(d, &now);
69b67646 1057 } else {
052e87b0 1058 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1059 register_multipage(d, &now);
69b67646 1060 }
0f0cb164
AK		 1061 }
1062}
1063
62a2744c
SY		 1064void qemu_flush_coalesced_mmio_buffer(void)
1065{
1066 if (kvm_enabled())
1067 kvm_flush_coalesced_mmio_buffer();
1068}
1069
b2a8658e
UD		 1070void qemu_mutex_lock_ramlist(void)
1071{
1072 qemu_mutex_lock(&ram_list.mutex);
1073}
1074
1075void qemu_mutex_unlock_ramlist(void)
1076{
1077 qemu_mutex_unlock(&ram_list.mutex);
1078}
1079
e1e84ba0 1080#ifdef __linux__
c902760f
MT		 1081
1082#include <sys/vfs.h>
1083
1084#define HUGETLBFS_MAGIC 0x958458f6
1085
fc7a5800 1086static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1087{
1088 struct statfs fs;
1089 int ret;
1090
1091 do {
9742bf26 1092 ret = statfs(path, &fs);
c902760f
MT		 1093 } while (ret != 0 && errno == EINTR);
1094
1095 if (ret != 0) {
fc7a5800
HT		 1096 error_setg_errno(errp, errno, "failed to get page size of file %s",
1097 path);
9742bf26 1098 return 0;
c902760f
MT		 1099 }
1100
1101 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1102 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1103
1104 return fs.f_bsize;
1105}
1106
04b16653
AW		 1107static void *file_ram_alloc(RAMBlock *block,
1108 ram_addr_t memory,
7f56e740
PB		 1109 const char *path,
1110 Error **errp)
c902760f
MT		 1111{
1112 char *filename;
8ca761f6
PF		 1113 char *sanitized_name;
1114 char *c;
557529dd 1115 void *area = NULL;
c902760f 1116 int fd;
557529dd 1117 uint64_t hpagesize;
fc7a5800 1118 Error *local_err = NULL;
c902760f 1119
fc7a5800
HT		 1120 hpagesize = gethugepagesize(path, &local_err);
1121 if (local_err) {
1122 error_propagate(errp, local_err);
f9a49dfa 1123 goto error;
c902760f 1124 }
a2b257d6 1125 block->mr->align = hpagesize;
c902760f
MT		 1126
1127 if (memory < hpagesize) {
557529dd
HT		 1128 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1129 "or larger than huge page size 0x%" PRIx64,
1130 memory, hpagesize);
1131 goto error;
c902760f
MT		 1132 }
1133
1134 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1135 error_setg(errp,
1136 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1137 goto error;
c902760f
MT		 1138 }
1139
8ca761f6 1140 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1141 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1142 for (c = sanitized_name; *c != '\0'; c++) {
1143 if (*c == '/')
1144 *c = '_';
1145 }
1146
1147 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1148 sanitized_name);
1149 g_free(sanitized_name);
c902760f
MT		 1150
1151 fd = mkstemp(filename);
1152 if (fd < 0) {
7f56e740
PB		 1153 error_setg_errno(errp, errno,
1154 "unable to create backing store for hugepages");
e4ada482 1155 g_free(filename);
f9a49dfa 1156 goto error;
c902760f
MT		 1157 }
1158 unlink(filename);
e4ada482 1159 g_free(filename);
c902760f
MT		 1160
1161 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1162
1163 /*
1164 * ftruncate is not supported by hugetlbfs in older
1165 * hosts, so don't bother bailing out on errors.
1166 * If anything goes wrong with it under other filesystems,
1167 * mmap will fail.
1168 */
7f56e740 1169 if (ftruncate(fd, memory)) {
9742bf26 1170 perror("ftruncate");
7f56e740 1171 }
c902760f 1172
dbcb8981
PB		 1173 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1174 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1175 fd, 0);
c902760f 1176 if (area == MAP_FAILED) {
7f56e740
PB		 1177 error_setg_errno(errp, errno,
1178 "unable to map backing store for hugepages");
9742bf26 1179 close(fd);
f9a49dfa 1180 goto error;
c902760f 1181 }
ef36fa14
MT		 1182
1183 if (mem_prealloc) {
38183310 1184 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1185 }
1186
04b16653 1187 block->fd = fd;
c902760f 1188 return area;
f9a49dfa
MT		 1189
1190error:
1191 if (mem_prealloc) {
81b07353 1192 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1193 exit(1);
1194 }
1195 return NULL;
c902760f
MT		 1196}
1197#endif
1198
0dc3f44a 1199/* Called with the ramlist lock held. */
d17b5288 1200static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1201{
1202 RAMBlock *block, *next_block;
3e837b2c 1203 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1204
49cd9ac6
SH		 1205 assert(size != 0); /* it would hand out same offset multiple times */
1206
0dc3f44a 1207 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1208 return 0;
0d53d9fe 1209 }
04b16653 1210
0dc3f44a 1211 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1212 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1213
62be4e3a 1214 end = block->offset + block->max_length;
04b16653 1215
0dc3f44a 1216 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1217 if (next_block->offset >= end) {
1218 next = MIN(next, next_block->offset);
1219 }
1220 }
1221 if (next - end >= size && next - end < mingap) {
3e837b2c 1222 offset = end;
04b16653
AW		 1223 mingap = next - end;
1224 }
1225 }
3e837b2c
AW		 1226
1227 if (offset == RAM_ADDR_MAX) {
1228 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1229 (uint64_t)size);
1230 abort();
1231 }
1232
04b16653
AW		 1233 return offset;
1234}
1235
652d7ec2 1236ram_addr_t last_ram_offset(void)
d17b5288
AW		 1237{
1238 RAMBlock *block;
1239 ram_addr_t last = 0;
1240
0dc3f44a
MD		 1241 rcu_read_lock();
1242 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1243 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1244 }
0dc3f44a 1245 rcu_read_unlock();
d17b5288
AW		 1246 return last;
1247}
1248
ddb97f1d
JB		 1249static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1250{
1251 int ret;
ddb97f1d
JB		 1252
1253 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1254 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1255 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1256 if (ret) {
1257 perror("qemu_madvise");
1258 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1259 "but dump_guest_core=off specified\n");
1260 }
1261 }
1262}
1263
0dc3f44a
MD		 1264/* Called within an RCU critical section, or while the ramlist lock
1265 * is held.
1266 */
20cfe881 1267static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1268{
20cfe881 1269 RAMBlock *block;
84b89d78 1270
0dc3f44a 1271 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1272 if (block->offset == addr) {
20cfe881 1273 return block;
c5705a77
AK		 1274 }
1275 }
20cfe881
HT		 1276
1277 return NULL;
1278}
1279
ae3a7047 1280/* Called with iothread lock held. */
20cfe881
HT		 1281void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1282{
ae3a7047 1283 RAMBlock *new_block, *block;
20cfe881 1284
0dc3f44a 1285 rcu_read_lock();
ae3a7047 1286 new_block = find_ram_block(addr);
c5705a77
AK		 1287 assert(new_block);
1288 assert(!new_block->idstr[0]);
84b89d78 1289
09e5ab63
AL		 1290 if (dev) {
1291 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1292 if (id) {
1293 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1294 g_free(id);
84b89d78
CM		 1295 }
1296 }
1297 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1298
0dc3f44a 1299 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1300 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1301 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1302 new_block->idstr);
1303 abort();
1304 }
1305 }
0dc3f44a 1306 rcu_read_unlock();
c5705a77
AK		 1307}
1308
ae3a7047 1309/* Called with iothread lock held. */
20cfe881
HT		 1310void qemu_ram_unset_idstr(ram_addr_t addr)
1311{
ae3a7047 1312 RAMBlock *block;
20cfe881 1313
ae3a7047
MD		 1314 /* FIXME: arch_init.c assumes that this is not called throughout
1315 * migration. Ignore the problem since hot-unplug during migration
1316 * does not work anyway.
1317 */
1318
0dc3f44a 1319 rcu_read_lock();
ae3a7047 1320 block = find_ram_block(addr);
20cfe881
HT		 1321 if (block) {
1322 memset(block->idstr, 0, sizeof(block->idstr));
1323 }
0dc3f44a 1324 rcu_read_unlock();
20cfe881
HT		 1325}
1326
8490fc78
LC		 1327static int memory_try_enable_merging(void *addr, size_t len)
1328{
2ff3de68 1329 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
8490fc78
LC		 1330 /* disabled by the user */
1331 return 0;
1332 }
1333
1334 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1335}
1336
62be4e3a
MT		 1337/* Only legal before guest might have detected the memory size: e.g. on
1338 * incoming migration, or right after reset.
1339 *
1340 * As memory core doesn't know how is memory accessed, it is up to
1341 * resize callback to update device state and/or add assertions to detect
1342 * misuse, if necessary.
1343 */
1344int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1345{
1346 RAMBlock *block = find_ram_block(base);
1347
1348 assert(block);
1349
129ddaf3
MT		 1350 newsize = TARGET_PAGE_ALIGN(newsize);
1351
62be4e3a
MT		 1352 if (block->used_length == newsize) {
1353 return 0;
1354 }
1355
1356 if (!(block->flags & RAM_RESIZEABLE)) {
1357 error_setg_errno(errp, EINVAL,
1358 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1359 " in != 0x" RAM_ADDR_FMT, block->idstr,
1360 newsize, block->used_length);
1361 return -EINVAL;
1362 }
1363
1364 if (block->max_length < newsize) {
1365 error_setg_errno(errp, EINVAL,
1366 "Length too large: %s: 0x" RAM_ADDR_FMT
1367 " > 0x" RAM_ADDR_FMT, block->idstr,
1368 newsize, block->max_length);
1369 return -EINVAL;
1370 }
1371
1372 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1373 block->used_length = newsize;
1374 cpu_physical_memory_set_dirty_range(block->offset, block->used_length);
1375 memory_region_set_size(block->mr, newsize);
1376 if (block->resized) {
1377 block->resized(block->idstr, newsize, block->host);
1378 }
1379 return 0;
1380}
1381
ef701d7b 1382static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1383{
e1c57ab8 1384 RAMBlock *block;
0d53d9fe 1385 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1386 ram_addr_t old_ram_size, new_ram_size;
1387
1388 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1389
b2a8658e 1390 qemu_mutex_lock_ramlist();
9b8424d5 1391 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1392
1393 if (!new_block->host) {
1394 if (xen_enabled()) {
9b8424d5
MT		 1395 xen_ram_alloc(new_block->offset, new_block->max_length,
1396 new_block->mr);
e1c57ab8 1397 } else {
9b8424d5 1398 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1399 &new_block->mr->align);
39228250 1400 if (!new_block->host) {
ef701d7b
HT		 1401 error_setg_errno(errp, errno,
1402 "cannot set up guest memory '%s'",
1403 memory_region_name(new_block->mr));
1404 qemu_mutex_unlock_ramlist();
1405 return -1;
39228250 1406 }
9b8424d5 1407 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1408 }
c902760f 1409 }
94a6b54f 1410
0d53d9fe
MD		 1411 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1412 * QLIST (which has an RCU-friendly variant) does not have insertion at
1413 * tail, so save the last element in last_block.
1414 */
0dc3f44a 1415 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1416 last_block = block;
9b8424d5 1417 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1418 break;
1419 }
1420 }
1421 if (block) {
0dc3f44a 1422 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1423 } else if (last_block) {
0dc3f44a 1424 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1425 } else { /* list is empty */
0dc3f44a 1426 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1427 }
0d6d3c87 1428 ram_list.mru_block = NULL;
94a6b54f 1429
0dc3f44a
MD		 1430 /* Write list before version */
1431 smp_wmb();
f798b07f 1432 ram_list.version++;
b2a8658e 1433 qemu_mutex_unlock_ramlist();
f798b07f 1434
2152f5ca
JQ		 1435 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1436
1437 if (new_ram_size > old_ram_size) {
1ab4c8ce 1438 int i;
ae3a7047
MD		 1439
1440 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1441 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1442 ram_list.dirty_memory[i] =
1443 bitmap_zero_extend(ram_list.dirty_memory[i],
1444 old_ram_size, new_ram_size);
1445 }
2152f5ca 1446 }
9b8424d5
MT		 1447 cpu_physical_memory_set_dirty_range(new_block->offset,
1448 new_block->used_length);
94a6b54f 1449
a904c911
PB		 1450 if (new_block->host) {
1451 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1452 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1453 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1454 if (kvm_enabled()) {
1455 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1456 }
e1c57ab8 1457 }
6f0437e8 1458
94a6b54f
PB		 1459 return new_block->offset;
1460}
e9a1ab19 1461
0b183fc8 1462#ifdef __linux__
e1c57ab8 1463ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1464 bool share, const char *mem_path,
7f56e740 1465 Error **errp)
e1c57ab8
PB		 1466{
1467 RAMBlock *new_block;
ef701d7b
HT		 1468 ram_addr_t addr;
1469 Error *local_err = NULL;
e1c57ab8
PB		 1470
1471 if (xen_enabled()) {
7f56e740
PB		 1472 error_setg(errp, "-mem-path not supported with Xen");
1473 return -1;
e1c57ab8
PB		 1474 }
1475
1476 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1477 /*
1478 * file_ram_alloc() needs to allocate just like
1479 * phys_mem_alloc, but we haven't bothered to provide
1480 * a hook there.
1481 */
7f56e740
PB		 1482 error_setg(errp,
1483 "-mem-path not supported with this accelerator");
1484 return -1;
e1c57ab8
PB		 1485 }
1486
1487 size = TARGET_PAGE_ALIGN(size);
1488 new_block = g_malloc0(sizeof(*new_block));
1489 new_block->mr = mr;
9b8424d5
MT		 1490 new_block->used_length = size;
1491 new_block->max_length = size;
dbcb8981 1492 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1493 new_block->host = file_ram_alloc(new_block, size,
1494 mem_path, errp);
1495 if (!new_block->host) {
1496 g_free(new_block);
1497 return -1;
1498 }
1499
ef701d7b
HT		 1500 addr = ram_block_add(new_block, &local_err);
1501 if (local_err) {
1502 g_free(new_block);
1503 error_propagate(errp, local_err);
1504 return -1;
1505 }
1506 return addr;
e1c57ab8 1507}
0b183fc8 1508#endif
e1c57ab8 1509
62be4e3a
MT		 1510static
1511ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1512 void (*resized)(const char*,
1513 uint64_t length,
1514 void *host),
1515 void *host, bool resizeable,
ef701d7b 1516 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1517{
1518 RAMBlock *new_block;
ef701d7b
HT		 1519 ram_addr_t addr;
1520 Error *local_err = NULL;
e1c57ab8
PB		 1521
1522 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1523 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1524 new_block = g_malloc0(sizeof(*new_block));
1525 new_block->mr = mr;
62be4e3a 1526 new_block->resized = resized;
9b8424d5
MT		 1527 new_block->used_length = size;
1528 new_block->max_length = max_size;
62be4e3a 1529 assert(max_size >= size);
e1c57ab8
PB		 1530 new_block->fd = -1;
1531 new_block->host = host;
1532 if (host) {
7bd4f430 1533 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1534 }
62be4e3a
MT		 1535 if (resizeable) {
1536 new_block->flags |= RAM_RESIZEABLE;
1537 }
ef701d7b
HT		 1538 addr = ram_block_add(new_block, &local_err);
1539 if (local_err) {
1540 g_free(new_block);
1541 error_propagate(errp, local_err);
1542 return -1;
1543 }
1544 return addr;
e1c57ab8
PB		 1545}
1546
62be4e3a
MT		 1547ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1548 MemoryRegion *mr, Error **errp)
1549{
1550 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1551}
1552
ef701d7b 1553ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1554{
62be4e3a
MT		 1555 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1556}
1557
1558ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1559 void (*resized)(const char*,
1560 uint64_t length,
1561 void *host),
1562 MemoryRegion *mr, Error **errp)
1563{
1564 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1565}
1566
1f2e98b6
AW		 1567void qemu_ram_free_from_ptr(ram_addr_t addr)
1568{
1569 RAMBlock *block;
1570
b2a8658e 1571 qemu_mutex_lock_ramlist();
0dc3f44a 1572 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1573 if (addr == block->offset) {
0dc3f44a 1574 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1575 ram_list.mru_block = NULL;
0dc3f44a
MD		 1576 /* Write list before version */
1577 smp_wmb();
f798b07f 1578 ram_list.version++;
43771539 1579 g_free_rcu(block, rcu);
b2a8658e 1580 break;
1f2e98b6
AW		 1581 }
1582 }
b2a8658e 1583 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1584}
1585
43771539
PB		 1586static void reclaim_ramblock(RAMBlock *block)
1587{
1588 if (block->flags & RAM_PREALLOC) {
1589 ;
1590 } else if (xen_enabled()) {
1591 xen_invalidate_map_cache_entry(block->host);
1592#ifndef _WIN32
1593 } else if (block->fd >= 0) {
1594 munmap(block->host, block->max_length);
1595 close(block->fd);
1596#endif
1597 } else {
1598 qemu_anon_ram_free(block->host, block->max_length);
1599 }
1600 g_free(block);
1601}
1602
c227f099 1603void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1604{
04b16653
AW		 1605 RAMBlock *block;
1606
b2a8658e 1607 qemu_mutex_lock_ramlist();
0dc3f44a 1608 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1609 if (addr == block->offset) {
0dc3f44a 1610 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1611 ram_list.mru_block = NULL;
0dc3f44a
MD		 1612 /* Write list before version */
1613 smp_wmb();
f798b07f 1614 ram_list.version++;
43771539 1615 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1616 break;
04b16653
AW		 1617 }
1618 }
b2a8658e 1619 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1620}
1621
cd19cfa2
HY		 1622#ifndef _WIN32
1623void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1624{
1625 RAMBlock *block;
1626 ram_addr_t offset;
1627 int flags;
1628 void *area, *vaddr;
1629
0dc3f44a 1630 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1631 offset = addr - block->offset;
9b8424d5 1632 if (offset < block->max_length) {
1240be24 1633 vaddr = ramblock_ptr(block, offset);
7bd4f430 1634 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1635 ;
dfeaf2ab
MA		 1636 } else if (xen_enabled()) {
1637 abort();
cd19cfa2
HY		 1638 } else {
1639 flags = MAP_FIXED;
1640 munmap(vaddr, length);
3435f395 1641 if (block->fd >= 0) {
dbcb8981
PB		 1642 flags |= (block->flags & RAM_SHARED ?
1643 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1644 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1645 flags, block->fd, offset);
cd19cfa2 1646 } else {
2eb9fbaa
MA		 1647 /*
1648 * Remap needs to match alloc. Accelerators that
1649 * set phys_mem_alloc never remap. If they did,
1650 * we'd need a remap hook here.
1651 */
1652 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1653
cd19cfa2
HY		 1654 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1655 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1656 flags, -1, 0);
cd19cfa2
HY		 1657 }
1658 if (area != vaddr) {
f15fbc4b
AP		 1659 fprintf(stderr, "Could not remap addr: "
1660 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1661 length, addr);
1662 exit(1);
1663 }
8490fc78 1664 memory_try_enable_merging(vaddr, length);
ddb97f1d 1665 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1666 }
cd19cfa2
HY		 1667 }
1668 }
1669}
1670#endif /* !_WIN32 */
1671
a35ba7be
PB		 1672int qemu_get_ram_fd(ram_addr_t addr)
1673{
ae3a7047
MD		 1674 RAMBlock *block;
1675 int fd;
a35ba7be 1676
0dc3f44a 1677 rcu_read_lock();
ae3a7047
MD		 1678 block = qemu_get_ram_block(addr);
1679 fd = block->fd;
0dc3f44a 1680 rcu_read_unlock();
ae3a7047 1681 return fd;
a35ba7be
PB		 1682}
1683
3fd74b84
DM		 1684void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1685{
ae3a7047
MD		 1686 RAMBlock *block;
1687 void *ptr;
3fd74b84 1688
0dc3f44a 1689 rcu_read_lock();
ae3a7047
MD		 1690 block = qemu_get_ram_block(addr);
1691 ptr = ramblock_ptr(block, 0);
0dc3f44a 1692 rcu_read_unlock();
ae3a7047 1693 return ptr;
3fd74b84
DM		 1694}
1695
1b5ec234 1696/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1697 * This should not be used for general purpose DMA. Use address_space_map
1698 * or address_space_rw instead. For local memory (e.g. video ram) that the
1699 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1700 *
1701 * By the time this function returns, the returned pointer is not protected
1702 * by RCU anymore. If the caller is not within an RCU critical section and
1703 * does not hold the iothread lock, it must have other means of protecting the
1704 * pointer, such as a reference to the region that includes the incoming
1705 * ram_addr_t.
1b5ec234
PB		 1706 */
1707void *qemu_get_ram_ptr(ram_addr_t addr)
1708{
ae3a7047
MD		 1709 RAMBlock *block;
1710 void *ptr;
1b5ec234 1711
0dc3f44a 1712 rcu_read_lock();
ae3a7047
MD		 1713 block = qemu_get_ram_block(addr);
1714
1715 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1716 /* We need to check if the requested address is in the RAM
1717 * because we don't want to map the entire memory in QEMU.
1718 * In that case just map until the end of the page.
1719 */
1720 if (block->offset == 0) {
ae3a7047 1721 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1722 goto unlock;
0d6d3c87 1723 }
ae3a7047
MD		 1724
1725 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1726 }
ae3a7047
MD		 1727 ptr = ramblock_ptr(block, addr - block->offset);
1728
0dc3f44a
MD		 1729unlock:
1730 rcu_read_unlock();
ae3a7047 1731 return ptr;
dc828ca1
PB		 1732}
1733
38bee5dc 1734/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1735 * but takes a size argument.
0dc3f44a
MD		 1736 *
1737 * By the time this function returns, the returned pointer is not protected
1738 * by RCU anymore. If the caller is not within an RCU critical section and
1739 * does not hold the iothread lock, it must have other means of protecting the
1740 * pointer, such as a reference to the region that includes the incoming
1741 * ram_addr_t.
ae3a7047 1742 */
cb85f7ab 1743static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1744{
ae3a7047 1745 void *ptr;
8ab934f9
SS		 1746 if (*size == 0) {
1747 return NULL;
1748 }
868bb33f 1749 if (xen_enabled()) {
e41d7c69 1750 return xen_map_cache(addr, *size, 1);
868bb33f 1751 } else {
38bee5dc 1752 RAMBlock *block;
0dc3f44a
MD		 1753 rcu_read_lock();
1754 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1755 if (addr - block->offset < block->max_length) {
1756 if (addr - block->offset + *size > block->max_length)
1757 *size = block->max_length - addr + block->offset;
ae3a7047 1758 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1759 rcu_read_unlock();
ae3a7047 1760 return ptr;
38bee5dc
SS		 1761 }
1762 }
1763
1764 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1765 abort();
38bee5dc
SS		 1766 }
1767}
1768
7443b437 1769/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1770 * (typically a TLB entry) back to a ram offset.
1771 *
1772 * By the time this function returns, the returned pointer is not protected
1773 * by RCU anymore. If the caller is not within an RCU critical section and
1774 * does not hold the iothread lock, it must have other means of protecting the
1775 * pointer, such as a reference to the region that includes the incoming
1776 * ram_addr_t.
1777 */
1b5ec234 1778MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1779{
94a6b54f
PB		 1780 RAMBlock *block;
1781 uint8_t *host = ptr;
ae3a7047 1782 MemoryRegion *mr;
94a6b54f 1783
868bb33f 1784 if (xen_enabled()) {
0dc3f44a 1785 rcu_read_lock();
e41d7c69 1786 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1787 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1788 rcu_read_unlock();
ae3a7047 1789 return mr;
712c2b41
SS		 1790 }
1791
0dc3f44a
MD		 1792 rcu_read_lock();
1793 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1794 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1795 goto found;
1796 }
1797
0dc3f44a 1798 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1799 /* This case append when the block is not mapped. */
1800 if (block->host == NULL) {
1801 continue;
1802 }
9b8424d5 1803 if (host - block->host < block->max_length) {
23887b79 1804 goto found;
f471a17e 1805 }
94a6b54f 1806 }
432d268c 1807
0dc3f44a 1808 rcu_read_unlock();
1b5ec234 1809 return NULL;
23887b79
PB		 1810
1811found:
1812 *ram_addr = block->offset + (host - block->host);
ae3a7047 1813 mr = block->mr;
0dc3f44a 1814 rcu_read_unlock();
ae3a7047 1815 return mr;
e890261f 1816}
f471a17e 1817
a8170e5e 1818static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1819 uint64_t val, unsigned size)
9fa3e853 1820{
52159192 1821 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1822 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1823 }
0e0df1e2
AK		 1824 switch (size) {
1825 case 1:
1826 stb_p(qemu_get_ram_ptr(ram_addr), val);
1827 break;
1828 case 2:
1829 stw_p(qemu_get_ram_ptr(ram_addr), val);
1830 break;
1831 case 4:
1832 stl_p(qemu_get_ram_ptr(ram_addr), val);
1833 break;
1834 default:
1835 abort();
3a7d929e 1836 }
6886867e 1837 cpu_physical_memory_set_dirty_range_nocode(ram_addr, size);
f23db169
FB		 1838 /* we remove the notdirty callback only if the code has been
1839 flushed */
a2cd8c85 1840 if (!cpu_physical_memory_is_clean(ram_addr)) {
4917cf44 1841 CPUArchState *env = current_cpu->env_ptr;
93afeade 1842 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
4917cf44 1843 }
9fa3e853
FB		 1844}
1845
b018ddf6
PB		 1846static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1847 unsigned size, bool is_write)
1848{
1849 return is_write;
1850}
1851
0e0df1e2 1852static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1853 .write = notdirty_mem_write,
b018ddf6 1854 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1855 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1856};
1857
0f459d16 1858/* Generate a debug exception if a watchpoint has been hit. */
05068c0d 1859static void check_watchpoint(int offset, int len, int flags)
0f459d16 1860{
93afeade
AF		 1861 CPUState *cpu = current_cpu;
1862 CPUArchState *env = cpu->env_ptr;
06d55cc1 1863 target_ulong pc, cs_base;
0f459d16 1864 target_ulong vaddr;
a1d1bb31 1865 CPUWatchpoint *wp;
06d55cc1 1866 int cpu_flags;
0f459d16 1867
ff4700b0 1868 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1869 /* We re-entered the check after replacing the TB. Now raise
1870 * the debug interrupt so that is will trigger after the
1871 * current instruction. */
93afeade 1872 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1873 return;
1874 }
93afeade 1875 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1876 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1877 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1878 && (wp->flags & flags)) {
08225676
PM		 1879 if (flags == BP_MEM_READ) {
1880 wp->flags |= BP_WATCHPOINT_HIT_READ;
1881 } else {
1882 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1883 }
1884 wp->hitaddr = vaddr;
ff4700b0
AF		 1885 if (!cpu->watchpoint_hit) {
1886 cpu->watchpoint_hit = wp;
239c51a5 1887 tb_check_watchpoint(cpu);
6e140f28 1888 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1889 cpu->exception_index = EXCP_DEBUG;
5638d180 1890 cpu_loop_exit(cpu);
6e140f28
AL		 1891 } else {
1892 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 1893 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 1894 cpu_resume_from_signal(cpu, NULL);
6e140f28 1895 }
06d55cc1 1896 }
6e140f28
AL		 1897 } else {
1898 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1899 }
1900 }
1901}
1902
6658ffb8
PB		 1903/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1904 so these check for a hit then pass through to the normal out-of-line
1905 phys routines. */
a8170e5e 1906static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1907 unsigned size)
6658ffb8 1908{
05068c0d 1909 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_READ);
1ec9b909 1910 switch (size) {
2c17449b 1911 case 1: return ldub_phys(&address_space_memory, addr);
41701aa4 1912 case 2: return lduw_phys(&address_space_memory, addr);
fdfba1a2 1913 case 4: return ldl_phys(&address_space_memory, addr);
1ec9b909
AK		 1914 default: abort();
1915 }
6658ffb8
PB		 1916}
1917
a8170e5e 1918static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1919 uint64_t val, unsigned size)
6658ffb8 1920{
05068c0d 1921 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_WRITE);
1ec9b909 1922 switch (size) {
67364150 1923 case 1:
db3be60d 1924 stb_phys(&address_space_memory, addr, val);
67364150
MF		 1925 break;
1926 case 2:
5ce5944d 1927 stw_phys(&address_space_memory, addr, val);
67364150
MF		 1928 break;
1929 case 4:
ab1da857 1930 stl_phys(&address_space_memory, addr, val);
67364150 1931 break;
1ec9b909
AK		 1932 default: abort();
1933 }
6658ffb8
PB		 1934}
1935
1ec9b909
AK		 1936static const MemoryRegionOps watch_mem_ops = {
1937 .read = watch_mem_read,
1938 .write = watch_mem_write,
1939 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1940};
6658ffb8 1941
a8170e5e 1942static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1943 unsigned len)
db7b5426 1944{
acc9d80b 1945 subpage_t *subpage = opaque;
ff6cff75 1946 uint8_t buf[8];
791af8c8 1947
db7b5426 1948#if defined(DEBUG_SUBPAGE)
016e9d62 1949 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 1950 subpage, len, addr);
db7b5426 1951#endif
acc9d80b
JK		 1952 address_space_read(subpage->as, addr + subpage->base, buf, len);
1953 switch (len) {
1954 case 1:
1955 return ldub_p(buf);
1956 case 2:
1957 return lduw_p(buf);
1958 case 4:
1959 return ldl_p(buf);
ff6cff75
PB		 1960 case 8:
1961 return ldq_p(buf);
acc9d80b
JK		 1962 default:
1963 abort();
1964 }
db7b5426
BS		 1965}
1966
a8170e5e 1967static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1968 uint64_t value, unsigned len)
db7b5426 1969{
acc9d80b 1970 subpage_t *subpage = opaque;
ff6cff75 1971 uint8_t buf[8];
acc9d80b 1972
db7b5426 1973#if defined(DEBUG_SUBPAGE)
016e9d62 1974 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 1975 " value %"PRIx64"\n",
1976 __func__, subpage, len, addr, value);
db7b5426 1977#endif
acc9d80b
JK		 1978 switch (len) {
1979 case 1:
1980 stb_p(buf, value);
1981 break;
1982 case 2:
1983 stw_p(buf, value);
1984 break;
1985 case 4:
1986 stl_p(buf, value);
1987 break;
ff6cff75
PB		 1988 case 8:
1989 stq_p(buf, value);
1990 break;
acc9d80b
JK		 1991 default:
1992 abort();
1993 }
1994 address_space_write(subpage->as, addr + subpage->base, buf, len);
db7b5426
BS		 1995}
1996
c353e4cc 1997static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 1998 unsigned len, bool is_write)
c353e4cc 1999{
acc9d80b 2000 subpage_t *subpage = opaque;
c353e4cc 2001#if defined(DEBUG_SUBPAGE)
016e9d62 2002 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2003 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2004#endif
2005
acc9d80b 2006 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2007 len, is_write);
c353e4cc
PB		 2008}
2009
70c68e44
AK		 2010static const MemoryRegionOps subpage_ops = {
2011 .read = subpage_read,
2012 .write = subpage_write,
ff6cff75
PB		 2013 .impl.min_access_size = 1,
2014 .impl.max_access_size = 8,
2015 .valid.min_access_size = 1,
2016 .valid.max_access_size = 8,
c353e4cc 2017 .valid.accepts = subpage_accepts,
70c68e44 2018 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2019};
2020
c227f099 2021static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2022 uint16_t section)
db7b5426
BS		 2023{
2024 int idx, eidx;
2025
2026 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2027 return -1;
2028 idx = SUBPAGE_IDX(start);
2029 eidx = SUBPAGE_IDX(end);
2030#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2031 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2032 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2033#endif
db7b5426 2034 for (; idx <= eidx; idx++) {
5312bd8b 2035 mmio->sub_section[idx] = section;
db7b5426
BS		 2036 }
2037
2038 return 0;
2039}
2040
acc9d80b 2041static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2042{
c227f099 2043 subpage_t *mmio;
db7b5426 2044
7267c094 2045 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2046
acc9d80b 2047 mmio->as = as;
1eec614b 2048 mmio->base = base;
2c9b15ca 2049 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2050 NULL, TARGET_PAGE_SIZE);
b3b00c78 2051 mmio->iomem.subpage = true;
db7b5426 2052#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2053 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2054 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2055#endif
b41aac4f 2056 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2057
2058 return mmio;
2059}
2060
a656e22f
PC		 2061static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2062 MemoryRegion *mr)
5312bd8b 2063{
a656e22f 2064 assert(as);
5312bd8b 2065 MemoryRegionSection section = {
a656e22f 2066 .address_space = as,
5312bd8b
AK		 2067 .mr = mr,
2068 .offset_within_address_space = 0,
2069 .offset_within_region = 0,
052e87b0 2070 .size = int128_2_64(),
5312bd8b
AK		 2071 };
2072
53cb28cb 2073 return phys_section_add(map, &section);
5312bd8b
AK		 2074}
2075
9d82b5a7 2076MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2077{
79e2b9ae
PB		 2078 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2079 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2080
2081 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2082}
2083
e9179ce1
AK		 2084static void io_mem_init(void)
2085{
1f6245e5 2086 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2087 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2088 NULL, UINT64_MAX);
2c9b15ca 2089 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2090 NULL, UINT64_MAX);
2c9b15ca 2091 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2092 NULL, UINT64_MAX);
e9179ce1
AK		 2093}
2094
ac1970fb 2095static void mem_begin(MemoryListener *listener)
00752703
PB		 2096{
2097 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2098 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2099 uint16_t n;
2100
a656e22f 2101 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2102 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2103 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2104 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2105 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2106 assert(n == PHYS_SECTION_ROM);
a656e22f 2107 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2108 assert(n == PHYS_SECTION_WATCH);
00752703 2109
9736e55b 2110 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2111 d->as = as;
2112 as->next_dispatch = d;
2113}
2114
79e2b9ae
PB		 2115static void address_space_dispatch_free(AddressSpaceDispatch *d)
2116{
2117 phys_sections_free(&d->map);
2118 g_free(d);
2119}
2120
00752703 2121static void mem_commit(MemoryListener *listener)
ac1970fb 2122{
89ae337a 2123 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2124 AddressSpaceDispatch *cur = as->dispatch;
2125 AddressSpaceDispatch *next = as->next_dispatch;
2126
53cb28cb 2127 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2128
79e2b9ae 2129 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2130 if (cur) {
79e2b9ae 2131 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2132 }
9affd6fc
PB		 2133}
2134
1d71148e 2135static void tcg_commit(MemoryListener *listener)
50c1e149 2136{
182735ef 2137 CPUState *cpu;
117712c3
AK		 2138
2139 /* since each CPU stores ram addresses in its TLB cache, we must
2140 reset the modified entries */
2141 /* XXX: slow ! */
bdc44640 2142 CPU_FOREACH(cpu) {
33bde2e1
EI		 2143 /* FIXME: Disentangle the cpu.h circular files deps so we can
2144 directly get the right CPU from listener. */
2145 if (cpu->tcg_as_listener != listener) {
2146 continue;
2147 }
76e5c76f 2148 cpu_reload_memory_map(cpu);
117712c3 2149 }
50c1e149
AK		 2150}
2151
93632747
AK		 2152static void core_log_global_start(MemoryListener *listener)
2153{
981fdf23 2154 cpu_physical_memory_set_dirty_tracking(true);
93632747
AK		 2155}
2156
2157static void core_log_global_stop(MemoryListener *listener)
2158{
981fdf23 2159 cpu_physical_memory_set_dirty_tracking(false);
93632747
AK		 2160}
2161
93632747 2162static MemoryListener core_memory_listener = {
93632747
AK		 2163 .log_global_start = core_log_global_start,
2164 .log_global_stop = core_log_global_stop,
ac1970fb 2165 .priority = 1,
93632747
AK		 2166};
2167
ac1970fb
AK		 2168void address_space_init_dispatch(AddressSpace *as)
2169{
00752703 2170 as->dispatch = NULL;
89ae337a 2171 as->dispatch_listener = (MemoryListener) {
ac1970fb 2172 .begin = mem_begin,
00752703 2173 .commit = mem_commit,
ac1970fb
AK		 2174 .region_add = mem_add,
2175 .region_nop = mem_add,
2176 .priority = 0,
2177 };
89ae337a 2178 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2179}
2180
6e48e8f9
PB		 2181void address_space_unregister(AddressSpace *as)
2182{
2183 memory_listener_unregister(&as->dispatch_listener);
2184}
2185
83f3c251
AK		 2186void address_space_destroy_dispatch(AddressSpace *as)
2187{
2188 AddressSpaceDispatch *d = as->dispatch;
2189
79e2b9ae
PB		 2190 atomic_rcu_set(&as->dispatch, NULL);
2191 if (d) {
2192 call_rcu(d, address_space_dispatch_free, rcu);
2193 }
83f3c251
AK		 2194}
2195
62152b8a
AK		 2196static void memory_map_init(void)
2197{
7267c094 2198 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2199
57271d63 2200 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2201 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2202
7267c094 2203 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2204 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2205 65536);
7dca8043 2206 address_space_init(&address_space_io, system_io, "I/O");
93632747 2207
f6790af6 2208 memory_listener_register(&core_memory_listener, &address_space_memory);
62152b8a
AK		 2209}
2210
2211MemoryRegion *get_system_memory(void)
2212{
2213 return system_memory;
2214}
2215
309cb471
AK		 2216MemoryRegion *get_system_io(void)
2217{
2218 return system_io;
2219}
2220
e2eef170
PB		 2221#endif /* !defined(CONFIG_USER_ONLY) */
2222
13eb76e0
FB		 2223/* physical memory access (slow version, mainly for debug) */
2224#if defined(CONFIG_USER_ONLY)
f17ec444 2225int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2226 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2227{
2228 int l, flags;
2229 target_ulong page;
53a5960a 2230 void * p;
13eb76e0
FB		 2231
2232 while (len > 0) {
2233 page = addr & TARGET_PAGE_MASK;
2234 l = (page + TARGET_PAGE_SIZE) - addr;
2235 if (l > len)
2236 l = len;
2237 flags = page_get_flags(page);
2238 if (!(flags & PAGE_VALID))
a68fe89c 2239 return -1;
13eb76e0
FB		 2240 if (is_write) {
2241 if (!(flags & PAGE_WRITE))
a68fe89c 2242 return -1;
579a97f7 2243 /* XXX: this code should not depend on lock_user */
72fb7daa 2244 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2245 return -1;
72fb7daa
AJ		 2246 memcpy(p, buf, l);
2247 unlock_user(p, addr, l);
13eb76e0
FB		 2248 } else {
2249 if (!(flags & PAGE_READ))
a68fe89c 2250 return -1;
579a97f7 2251 /* XXX: this code should not depend on lock_user */
72fb7daa 2252 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2253 return -1;
72fb7daa 2254 memcpy(buf, p, l);
5b257578 2255 unlock_user(p, addr, 0);
13eb76e0
FB		 2256 }
2257 len -= l;
2258 buf += l;
2259 addr += l;
2260 }
a68fe89c 2261 return 0;
13eb76e0 2262}
8df1cd07 2263
13eb76e0 2264#else
51d7a9eb 2265
a8170e5e
AK		 2266static void invalidate_and_set_dirty(hwaddr addr,
2267 hwaddr length)
51d7a9eb 2268{
f874bf90
PM		 2269 if (cpu_physical_memory_range_includes_clean(addr, length)) {
2270 tb_invalidate_phys_range(addr, addr + length, 0);
6886867e 2271 cpu_physical_memory_set_dirty_range_nocode(addr, length);
51d7a9eb 2272 }
e226939d 2273 xen_modified_memory(addr, length);
51d7a9eb
AP		 2274}
2275
23326164 2276static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2277{
e1622f4b 2278 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2279
2280 /* Regions are assumed to support 1-4 byte accesses unless
2281 otherwise specified. */
23326164
RH		 2282 if (access_size_max == 0) {
2283 access_size_max = 4;
2284 }
2285
2286 /* Bound the maximum access by the alignment of the address. */
2287 if (!mr->ops->impl.unaligned) {
2288 unsigned align_size_max = addr & -addr;
2289 if (align_size_max != 0 && align_size_max < access_size_max) {
2290 access_size_max = align_size_max;
2291 }
82f2563f 2292 }
23326164
RH		 2293
2294 /* Don't attempt accesses larger than the maximum. */
2295 if (l > access_size_max) {
2296 l = access_size_max;
82f2563f 2297 }
098178f2
PB		 2298 if (l & (l - 1)) {
2299 l = 1 << (qemu_fls(l) - 1);
2300 }
23326164
RH		 2301
2302 return l;
82f2563f
PB		 2303}
2304
fd8aaa76 2305bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 2306 int len, bool is_write)
13eb76e0 2307{
149f54b5 2308 hwaddr l;
13eb76e0 2309 uint8_t *ptr;
791af8c8 2310 uint64_t val;
149f54b5 2311 hwaddr addr1;
5c8a00ce 2312 MemoryRegion *mr;
fd8aaa76 2313 bool error = false;
3b46e624 2314
13eb76e0 2315 while (len > 0) {
149f54b5 2316 l = len;
5c8a00ce 2317 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2318
13eb76e0 2319 if (is_write) {
5c8a00ce
PB		 2320 if (!memory_access_is_direct(mr, is_write)) {
2321 l = memory_access_size(mr, l, addr1);
4917cf44 2322 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2323 potential bugs */
23326164
RH		 2324 switch (l) {
2325 case 8:
2326 /* 64 bit write access */
2327 val = ldq_p(buf);
2328 error |= io_mem_write(mr, addr1, val, 8);
2329 break;
2330 case 4:
1c213d19 2331 /* 32 bit write access */
c27004ec 2332 val = ldl_p(buf);
5c8a00ce 2333 error |= io_mem_write(mr, addr1, val, 4);
23326164
RH		 2334 break;
2335 case 2:
1c213d19 2336 /* 16 bit write access */
c27004ec 2337 val = lduw_p(buf);
5c8a00ce 2338 error |= io_mem_write(mr, addr1, val, 2);
23326164
RH		 2339 break;
2340 case 1:
1c213d19 2341 /* 8 bit write access */
c27004ec 2342 val = ldub_p(buf);
5c8a00ce 2343 error |= io_mem_write(mr, addr1, val, 1);
23326164
RH		 2344 break;
2345 default:
2346 abort();
13eb76e0 2347 }
2bbfa05d 2348 } else {
5c8a00ce 2349 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2350 /* RAM case */
5579c7f3 2351 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2352 memcpy(ptr, buf, l);
51d7a9eb 2353 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 2354 }
2355 } else {
5c8a00ce 2356 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2357 /* I/O case */
5c8a00ce 2358 l = memory_access_size(mr, l, addr1);
23326164
RH		 2359 switch (l) {
2360 case 8:
2361 /* 64 bit read access */
2362 error |= io_mem_read(mr, addr1, &val, 8);
2363 stq_p(buf, val);
2364 break;
2365 case 4:
13eb76e0 2366 /* 32 bit read access */
5c8a00ce 2367 error |= io_mem_read(mr, addr1, &val, 4);
c27004ec 2368 stl_p(buf, val);
23326164
RH		 2369 break;
2370 case 2:
13eb76e0 2371 /* 16 bit read access */
5c8a00ce 2372 error |= io_mem_read(mr, addr1, &val, 2);
c27004ec 2373 stw_p(buf, val);
23326164
RH		 2374 break;
2375 case 1:
1c213d19 2376 /* 8 bit read access */
5c8a00ce 2377 error |= io_mem_read(mr, addr1, &val, 1);
c27004ec 2378 stb_p(buf, val);
23326164
RH		 2379 break;
2380 default:
2381 abort();
13eb76e0
FB		 2382 }
2383 } else {
2384 /* RAM case */
5c8a00ce 2385 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2386 memcpy(buf, ptr, l);
13eb76e0
FB		 2387 }
2388 }
2389 len -= l;
2390 buf += l;
2391 addr += l;
2392 }
fd8aaa76
PB		 2393
2394 return error;
13eb76e0 2395}
8df1cd07 2396
fd8aaa76 2397bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 2398 const uint8_t *buf, int len)
2399{
fd8aaa76 2400 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 2401}
2402
fd8aaa76 2403bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 2404{
fd8aaa76 2405 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 2406}
2407
2408
a8170e5e 2409void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2410 int len, int is_write)
2411{
fd8aaa76 2412 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 2413}
2414
582b55a9
AG		 2415enum write_rom_type {
2416 WRITE_DATA,
2417 FLUSH_CACHE,
2418};
2419
2a221651 2420static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2421 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2422{
149f54b5 2423 hwaddr l;
d0ecd2aa 2424 uint8_t *ptr;
149f54b5 2425 hwaddr addr1;
5c8a00ce 2426 MemoryRegion *mr;
3b46e624 2427
d0ecd2aa 2428 while (len > 0) {
149f54b5 2429 l = len;
2a221651 2430 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2431
5c8a00ce
PB		 2432 if (!(memory_region_is_ram(mr) ||
2433 memory_region_is_romd(mr))) {
d0ecd2aa
FB		 2434 /* do nothing */
2435 } else {
5c8a00ce 2436 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2437 /* ROM/RAM case */
5579c7f3 2438 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2439 switch (type) {
2440 case WRITE_DATA:
2441 memcpy(ptr, buf, l);
2442 invalidate_and_set_dirty(addr1, l);
2443 break;
2444 case FLUSH_CACHE:
2445 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2446 break;
2447 }
d0ecd2aa
FB		 2448 }
2449 len -= l;
2450 buf += l;
2451 addr += l;
2452 }
2453}
2454
582b55a9 2455/* used for ROM loading : can write in RAM and ROM */
2a221651 2456void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2457 const uint8_t *buf, int len)
2458{
2a221651 2459 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2460}
2461
2462void cpu_flush_icache_range(hwaddr start, int len)
2463{
2464 /*
2465 * This function should do the same thing as an icache flush that was
2466 * triggered from within the guest. For TCG we are always cache coherent,
2467 * so there is no need to flush anything. For KVM / Xen we need to flush
2468 * the host's instruction cache at least.
2469 */
2470 if (tcg_enabled()) {
2471 return;
2472 }
2473
2a221651
EI		 2474 cpu_physical_memory_write_rom_internal(&address_space_memory,
2475 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2476}
2477
6d16c2f8 2478typedef struct {
d3e71559 2479 MemoryRegion *mr;
6d16c2f8 2480 void *buffer;
a8170e5e
AK		 2481 hwaddr addr;
2482 hwaddr len;
6d16c2f8
AL		 2483} BounceBuffer;
2484
2485static BounceBuffer bounce;
2486
ba223c29
AL		 2487typedef struct MapClient {
2488 void *opaque;
2489 void (*callback)(void *opaque);
72cf2d4f 2490 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2491} MapClient;
2492
72cf2d4f
BS		 2493static QLIST_HEAD(map_client_list, MapClient) map_client_list
2494 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2495
2496void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2497{
7267c094 2498 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2499
2500 client->opaque = opaque;
2501 client->callback = callback;
72cf2d4f 2502 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2503 return client;
2504}
2505
8b9c99d9 2506static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2507{
2508 MapClient *client = (MapClient *)_client;
2509
72cf2d4f 2510 QLIST_REMOVE(client, link);
7267c094 2511 g_free(client);
ba223c29
AL		 2512}
2513
2514static void cpu_notify_map_clients(void)
2515{
2516 MapClient *client;
2517
72cf2d4f
BS		 2518 while (!QLIST_EMPTY(&map_client_list)) {
2519 client = QLIST_FIRST(&map_client_list);
ba223c29 2520 client->callback(client->opaque);
34d5e948 2521 cpu_unregister_map_client(client);
ba223c29
AL		 2522 }
2523}
2524
51644ab7
PB		 2525bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2526{
5c8a00ce 2527 MemoryRegion *mr;
51644ab7
PB		 2528 hwaddr l, xlat;
2529
2530 while (len > 0) {
2531 l = len;
5c8a00ce
PB		 2532 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2533 if (!memory_access_is_direct(mr, is_write)) {
2534 l = memory_access_size(mr, l, addr);
2535 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2536 return false;
2537 }
2538 }
2539
2540 len -= l;
2541 addr += l;
2542 }
2543 return true;
2544}
2545
6d16c2f8
AL		 2546/* Map a physical memory region into a host virtual address.
2547 * May map a subset of the requested range, given by and returned in *plen.
2548 * May return NULL if resources needed to perform the mapping are exhausted.
2549 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2550 * Use cpu_register_map_client() to know when retrying the map operation is
2551 * likely to succeed.
6d16c2f8 2552 */
ac1970fb 2553void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2554 hwaddr addr,
2555 hwaddr *plen,
ac1970fb 2556 bool is_write)
6d16c2f8 2557{
a8170e5e 2558 hwaddr len = *plen;
e3127ae0
PB		 2559 hwaddr done = 0;
2560 hwaddr l, xlat, base;
2561 MemoryRegion *mr, *this_mr;
2562 ram_addr_t raddr;
6d16c2f8 2563
e3127ae0
PB		 2564 if (len == 0) {
2565 return NULL;
2566 }
38bee5dc 2567
e3127ae0
PB		 2568 l = len;
2569 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2570 if (!memory_access_is_direct(mr, is_write)) {
2571 if (bounce.buffer) {
2572 return NULL;
6d16c2f8 2573 }
e85d9db5
KW		 2574 /* Avoid unbounded allocations */
2575 l = MIN(l, TARGET_PAGE_SIZE);
2576 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2577 bounce.addr = addr;
2578 bounce.len = l;
d3e71559
PB		 2579
2580 memory_region_ref(mr);
2581 bounce.mr = mr;
e3127ae0
PB		 2582 if (!is_write) {
2583 address_space_read(as, addr, bounce.buffer, l);
8ab934f9 2584 }
6d16c2f8 2585
e3127ae0
PB		 2586 *plen = l;
2587 return bounce.buffer;
2588 }
2589
2590 base = xlat;
2591 raddr = memory_region_get_ram_addr(mr);
2592
2593 for (;;) {
6d16c2f8
AL		 2594 len -= l;
2595 addr += l;
e3127ae0
PB		 2596 done += l;
2597 if (len == 0) {
2598 break;
2599 }
2600
2601 l = len;
2602 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2603 if (this_mr != mr || xlat != base + done) {
2604 break;
2605 }
6d16c2f8 2606 }
e3127ae0 2607
d3e71559 2608 memory_region_ref(mr);
e3127ae0
PB		 2609 *plen = done;
2610 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2611}
2612
ac1970fb 2613/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2614 * Will also mark the memory as dirty if is_write == 1. access_len gives
2615 * the amount of memory that was actually read or written by the caller.
2616 */
a8170e5e
AK		 2617void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2618 int is_write, hwaddr access_len)
6d16c2f8
AL		 2619{
2620 if (buffer != bounce.buffer) {
d3e71559
PB		 2621 MemoryRegion *mr;
2622 ram_addr_t addr1;
2623
2624 mr = qemu_ram_addr_from_host(buffer, &addr1);
2625 assert(mr != NULL);
6d16c2f8 2626 if (is_write) {
6886867e 2627 invalidate_and_set_dirty(addr1, access_len);
6d16c2f8 2628 }
868bb33f 2629 if (xen_enabled()) {
e41d7c69 2630 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2631 }
d3e71559 2632 memory_region_unref(mr);
6d16c2f8
AL		 2633 return;
2634 }
2635 if (is_write) {
ac1970fb 2636 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2637 }
f8a83245 2638 qemu_vfree(bounce.buffer);
6d16c2f8 2639 bounce.buffer = NULL;
d3e71559 2640 memory_region_unref(bounce.mr);
ba223c29 2641 cpu_notify_map_clients();
6d16c2f8 2642}
d0ecd2aa 2643
a8170e5e
AK		 2644void *cpu_physical_memory_map(hwaddr addr,
2645 hwaddr *plen,
ac1970fb
AK		 2646 int is_write)
2647{
2648 return address_space_map(&address_space_memory, addr, plen, is_write);
2649}
2650
a8170e5e
AK		 2651void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2652 int is_write, hwaddr access_len)
ac1970fb
AK		 2653{
2654 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2655}
2656
8df1cd07 2657/* warning: addr must be aligned */
fdfba1a2 2658static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2659 enum device_endian endian)
8df1cd07 2660{
8df1cd07 2661 uint8_t *ptr;
791af8c8 2662 uint64_t val;
5c8a00ce 2663 MemoryRegion *mr;
149f54b5
PB		 2664 hwaddr l = 4;
2665 hwaddr addr1;
8df1cd07 2666
fdfba1a2 2667 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2668 if (l < 4 || !memory_access_is_direct(mr, false)) {
8df1cd07 2669 /* I/O case */
5c8a00ce 2670 io_mem_read(mr, addr1, &val, 4);
1e78bcc1
AG		 2671#if defined(TARGET_WORDS_BIGENDIAN)
2672 if (endian == DEVICE_LITTLE_ENDIAN) {
2673 val = bswap32(val);
2674 }
2675#else
2676 if (endian == DEVICE_BIG_ENDIAN) {
2677 val = bswap32(val);
2678 }
2679#endif
8df1cd07
FB		 2680 } else {
2681 /* RAM case */
5c8a00ce 2682 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2683 & TARGET_PAGE_MASK)
149f54b5 2684 + addr1);
1e78bcc1
AG		 2685 switch (endian) {
2686 case DEVICE_LITTLE_ENDIAN:
2687 val = ldl_le_p(ptr);
2688 break;
2689 case DEVICE_BIG_ENDIAN:
2690 val = ldl_be_p(ptr);
2691 break;
2692 default:
2693 val = ldl_p(ptr);
2694 break;
2695 }
8df1cd07
FB		 2696 }
2697 return val;
2698}
2699
fdfba1a2 2700uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2701{
fdfba1a2 2702 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2703}
2704
fdfba1a2 2705uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2706{
fdfba1a2 2707 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2708}
2709
fdfba1a2 2710uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2711{
fdfba1a2 2712 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2713}
2714
84b7b8e7 2715/* warning: addr must be aligned */
2c17449b 2716static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2717 enum device_endian endian)
84b7b8e7 2718{
84b7b8e7
FB		 2719 uint8_t *ptr;
2720 uint64_t val;
5c8a00ce 2721 MemoryRegion *mr;
149f54b5
PB		 2722 hwaddr l = 8;
2723 hwaddr addr1;
84b7b8e7 2724
2c17449b 2725 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2726 false);
2727 if (l < 8 || !memory_access_is_direct(mr, false)) {
84b7b8e7 2728 /* I/O case */
5c8a00ce 2729 io_mem_read(mr, addr1, &val, 8);
968a5627
PB		 2730#if defined(TARGET_WORDS_BIGENDIAN)
2731 if (endian == DEVICE_LITTLE_ENDIAN) {
2732 val = bswap64(val);
2733 }
2734#else
2735 if (endian == DEVICE_BIG_ENDIAN) {
2736 val = bswap64(val);
2737 }
84b7b8e7
FB		 2738#endif
2739 } else {
2740 /* RAM case */
5c8a00ce 2741 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2742 & TARGET_PAGE_MASK)
149f54b5 2743 + addr1);
1e78bcc1
AG		 2744 switch (endian) {
2745 case DEVICE_LITTLE_ENDIAN:
2746 val = ldq_le_p(ptr);
2747 break;
2748 case DEVICE_BIG_ENDIAN:
2749 val = ldq_be_p(ptr);
2750 break;
2751 default:
2752 val = ldq_p(ptr);
2753 break;
2754 }
84b7b8e7
FB		 2755 }
2756 return val;
2757}
2758
2c17449b 2759uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2760{
2c17449b 2761 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2762}
2763
2c17449b 2764uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2765{
2c17449b 2766 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2767}
2768
2c17449b 2769uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2770{
2c17449b 2771 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2772}
2773
aab33094 2774/* XXX: optimize */
2c17449b 2775uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
aab33094
FB		 2776{
2777 uint8_t val;
2c17449b 2778 address_space_rw(as, addr, &val, 1, 0);
aab33094
FB		 2779 return val;
2780}
2781
733f0b02 2782/* warning: addr must be aligned */
41701aa4 2783static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2784 enum device_endian endian)
aab33094 2785{
733f0b02
MT		 2786 uint8_t *ptr;
2787 uint64_t val;
5c8a00ce 2788 MemoryRegion *mr;
149f54b5
PB		 2789 hwaddr l = 2;
2790 hwaddr addr1;
733f0b02 2791
41701aa4 2792 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2793 false);
2794 if (l < 2 || !memory_access_is_direct(mr, false)) {
733f0b02 2795 /* I/O case */
5c8a00ce 2796 io_mem_read(mr, addr1, &val, 2);
1e78bcc1
AG		 2797#if defined(TARGET_WORDS_BIGENDIAN)
2798 if (endian == DEVICE_LITTLE_ENDIAN) {
2799 val = bswap16(val);
2800 }
2801#else
2802 if (endian == DEVICE_BIG_ENDIAN) {
2803 val = bswap16(val);
2804 }
2805#endif
733f0b02
MT		 2806 } else {
2807 /* RAM case */
5c8a00ce 2808 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2809 & TARGET_PAGE_MASK)
149f54b5 2810 + addr1);
1e78bcc1
AG		 2811 switch (endian) {
2812 case DEVICE_LITTLE_ENDIAN:
2813 val = lduw_le_p(ptr);
2814 break;
2815 case DEVICE_BIG_ENDIAN:
2816 val = lduw_be_p(ptr);
2817 break;
2818 default:
2819 val = lduw_p(ptr);
2820 break;
2821 }
733f0b02
MT		 2822 }
2823 return val;
aab33094
FB		 2824}
2825
41701aa4 2826uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2827{
41701aa4 2828 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2829}
2830
41701aa4 2831uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2832{
41701aa4 2833 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2834}
2835
41701aa4 2836uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2837{
41701aa4 2838 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2839}
2840
8df1cd07
FB		 2841/* warning: addr must be aligned. The ram page is not masked as dirty
2842 and the code inside is not invalidated. It is useful if the dirty
2843 bits are used to track modified PTEs */
2198a121 2844void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
8df1cd07 2845{
8df1cd07 2846 uint8_t *ptr;
5c8a00ce 2847 MemoryRegion *mr;
149f54b5
PB		 2848 hwaddr l = 4;
2849 hwaddr addr1;
8df1cd07 2850
2198a121 2851 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2852 true);
2853 if (l < 4 || !memory_access_is_direct(mr, true)) {
2854 io_mem_write(mr, addr1, val, 4);
8df1cd07 2855 } else {
5c8a00ce 2856 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2857 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2858 stl_p(ptr, val);
74576198
AL		 2859
2860 if (unlikely(in_migration)) {
a2cd8c85 2861 if (cpu_physical_memory_is_clean(addr1)) {
74576198
AL		 2862 /* invalidate code */
2863 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2864 /* set dirty bit */
6886867e 2865 cpu_physical_memory_set_dirty_range_nocode(addr1, 4);
74576198
AL		 2866 }
2867 }
8df1cd07
FB		 2868 }
2869}
2870
2871/* warning: addr must be aligned */
ab1da857
EI		 2872static inline void stl_phys_internal(AddressSpace *as,
2873 hwaddr addr, uint32_t val,
1e78bcc1 2874 enum device_endian endian)
8df1cd07 2875{
8df1cd07 2876 uint8_t *ptr;
5c8a00ce 2877 MemoryRegion *mr;
149f54b5
PB		 2878 hwaddr l = 4;
2879 hwaddr addr1;
8df1cd07 2880
ab1da857 2881 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2882 true);
2883 if (l < 4 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2884#if defined(TARGET_WORDS_BIGENDIAN)
2885 if (endian == DEVICE_LITTLE_ENDIAN) {
2886 val = bswap32(val);
2887 }
2888#else
2889 if (endian == DEVICE_BIG_ENDIAN) {
2890 val = bswap32(val);
2891 }
2892#endif
5c8a00ce 2893 io_mem_write(mr, addr1, val, 4);
8df1cd07 2894 } else {
8df1cd07 2895 /* RAM case */
5c8a00ce 2896 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2897 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2898 switch (endian) {
2899 case DEVICE_LITTLE_ENDIAN:
2900 stl_le_p(ptr, val);
2901 break;
2902 case DEVICE_BIG_ENDIAN:
2903 stl_be_p(ptr, val);
2904 break;
2905 default:
2906 stl_p(ptr, val);
2907 break;
2908 }
51d7a9eb 2909 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2910 }
2911}
2912
ab1da857 2913void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2914{
ab1da857 2915 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2916}
2917
ab1da857 2918void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2919{
ab1da857 2920 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2921}
2922
ab1da857 2923void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2924{
ab1da857 2925 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2926}
2927
aab33094 2928/* XXX: optimize */
db3be60d 2929void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
aab33094
FB		 2930{
2931 uint8_t v = val;
db3be60d 2932 address_space_rw(as, addr, &v, 1, 1);
aab33094
FB		 2933}
2934
733f0b02 2935/* warning: addr must be aligned */
5ce5944d
EI		 2936static inline void stw_phys_internal(AddressSpace *as,
2937 hwaddr addr, uint32_t val,
1e78bcc1 2938 enum device_endian endian)
aab33094 2939{
733f0b02 2940 uint8_t *ptr;
5c8a00ce 2941 MemoryRegion *mr;
149f54b5
PB		 2942 hwaddr l = 2;
2943 hwaddr addr1;
733f0b02 2944
5ce5944d 2945 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 2946 if (l < 2 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2947#if defined(TARGET_WORDS_BIGENDIAN)
2948 if (endian == DEVICE_LITTLE_ENDIAN) {
2949 val = bswap16(val);
2950 }
2951#else
2952 if (endian == DEVICE_BIG_ENDIAN) {
2953 val = bswap16(val);
2954 }
2955#endif
5c8a00ce 2956 io_mem_write(mr, addr1, val, 2);
733f0b02 2957 } else {
733f0b02 2958 /* RAM case */
5c8a00ce 2959 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 2960 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2961 switch (endian) {
2962 case DEVICE_LITTLE_ENDIAN:
2963 stw_le_p(ptr, val);
2964 break;
2965 case DEVICE_BIG_ENDIAN:
2966 stw_be_p(ptr, val);
2967 break;
2968 default:
2969 stw_p(ptr, val);
2970 break;
2971 }
51d7a9eb 2972 invalidate_and_set_dirty(addr1, 2);
733f0b02 2973 }
aab33094
FB		 2974}
2975
5ce5944d 2976void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2977{
5ce5944d 2978 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2979}
2980
5ce5944d 2981void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2982{
5ce5944d 2983 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2984}
2985
5ce5944d 2986void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2987{
5ce5944d 2988 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2989}
2990
aab33094 2991/* XXX: optimize */
f606604f 2992void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
aab33094
FB		 2993{
2994 val = tswap64(val);
f606604f 2995 address_space_rw(as, addr, (void *) &val, 8, 1);
aab33094
FB		 2996}
2997
f606604f 2998void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1
AG		 2999{
3000 val = cpu_to_le64(val);
f606604f 3001 address_space_rw(as, addr, (void *) &val, 8, 1);
1e78bcc1
AG		 3002}
3003
f606604f 3004void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1
AG		 3005{
3006 val = cpu_to_be64(val);
f606604f 3007 address_space_rw(as, addr, (void *) &val, 8, 1);
1e78bcc1
AG		 3008}
3009
5e2972fd 3010/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3011int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3012 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3013{
3014 int l;
a8170e5e 3015 hwaddr phys_addr;
9b3c35e0 3016 target_ulong page;
13eb76e0
FB		 3017
3018 while (len > 0) {
3019 page = addr & TARGET_PAGE_MASK;
f17ec444 3020 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3021 /* if no physical page mapped, return an error */
3022 if (phys_addr == -1)
3023 return -1;
3024 l = (page + TARGET_PAGE_SIZE) - addr;
3025 if (l > len)
3026 l = len;
5e2972fd 3027 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3028 if (is_write) {
3029 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3030 } else {
3031 address_space_rw(cpu->as, phys_addr, buf, l, 0);
3032 }
13eb76e0
FB		 3033 len -= l;
3034 buf += l;
3035 addr += l;
3036 }
3037 return 0;
3038}
a68fe89c 3039#endif
13eb76e0 3040
8e4a424b
BS		 3041/*
3042 * A helper function for the _utterly broken_ virtio device model to find out if
3043 * it's running on a big endian machine. Don't do this at home kids!
3044 */
98ed8ecf
GK		 3045bool target_words_bigendian(void);
3046bool target_words_bigendian(void)
8e4a424b
BS		 3047{
3048#if defined(TARGET_WORDS_BIGENDIAN)
3049 return true;
3050#else
3051 return false;
3052#endif
3053}
3054
76f35538 3055#ifndef CONFIG_USER_ONLY
a8170e5e 3056bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3057{
5c8a00ce 3058 MemoryRegion*mr;
149f54b5 3059 hwaddr l = 1;
76f35538 3060
5c8a00ce
PB		 3061 mr = address_space_translate(&address_space_memory,
3062 phys_addr, &phys_addr, &l, false);
76f35538 3063
5c8a00ce
PB		 3064 return !(memory_region_is_ram(mr) ||
3065 memory_region_is_romd(mr));
76f35538 3066}
bd2fa51f
MH		 3067
3068void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3069{
3070 RAMBlock *block;
3071
0dc3f44a
MD		 3072 rcu_read_lock();
3073 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 3074 func(block->host, block->offset, block->used_length, opaque);
bd2fa51f 3075 }
0dc3f44a 3076 rcu_read_unlock();
bd2fa51f 3077}
ec3f8c99 3078#endif
Empty description
This page took 1.41667 seconds and 4 git commands to generate.