]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target-arm/arm-powerctl: wake up sleeping CPUs
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
20bccb82
PM		 96#ifdef TARGET_PAGE_BITS_VARY
97int target_page_bits;
98bool target_page_bits_decided;
99#endif
100
bdc44640 101struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 102/* current CPU in the current thread. It is only valid inside
103 cpu_exec() */
f240eb6f 104__thread CPUState *current_cpu;
2e70f6ef 105/* 0 = Do not count executed instructions.
bf20dc07 106 1 = Precise instruction counting.
2e70f6ef 107 2 = Adaptive rate instruction counting. */
5708fc66 108int use_icount;
6a00d601 109
20bccb82
PM		 110bool set_preferred_target_page_bits(int bits)
111{
112 /* The target page size is the lowest common denominator for all
113 * the CPUs in the system, so we can only make it smaller, never
114 * larger. And we can't make it smaller once we've committed to
115 * a particular size.
116 */
117#ifdef TARGET_PAGE_BITS_VARY
118 assert(bits >= TARGET_PAGE_BITS_MIN);
119 if (target_page_bits == 0 || target_page_bits > bits) {
120 if (target_page_bits_decided) {
121 return false;
122 }
123 target_page_bits = bits;
124 }
125#endif
126 return true;
127}
128
e2eef170 129#if !defined(CONFIG_USER_ONLY)
4346ae3e 130
20bccb82
PM		 131static void finalize_target_page_bits(void)
132{
133#ifdef TARGET_PAGE_BITS_VARY
134 if (target_page_bits == 0) {
135 target_page_bits = TARGET_PAGE_BITS_MIN;
136 }
137 target_page_bits_decided = true;
138#endif
139}
140
1db8abb1
PB		 141typedef struct PhysPageEntry PhysPageEntry;
142
143struct PhysPageEntry {
9736e55b 144 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 145 uint32_t skip : 6;
9736e55b 146 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 147 uint32_t ptr : 26;
1db8abb1
PB		 148};
149
8b795765
MT		 150#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
151
03f49957 152/* Size of the L2 (and L3, etc) page tables. */
57271d63 153#define ADDR_SPACE_BITS 64
03f49957 154
026736ce 155#define P_L2_BITS 9
03f49957
PB		 156#define P_L2_SIZE (1 << P_L2_BITS)
157
158#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
159
160typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 161
53cb28cb 162typedef struct PhysPageMap {
79e2b9ae
PB		 163 struct rcu_head rcu;
164
53cb28cb
MA		 165 unsigned sections_nb;
166 unsigned sections_nb_alloc;
167 unsigned nodes_nb;
168 unsigned nodes_nb_alloc;
169 Node *nodes;
170 MemoryRegionSection *sections;
171} PhysPageMap;
172
1db8abb1 173struct AddressSpaceDispatch {
79e2b9ae
PB		 174 struct rcu_head rcu;
175
729633c2 176 MemoryRegionSection *mru_section;
1db8abb1
PB		 177 /* This is a multi-level map on the physical address space.
178 * The bottom level has pointers to MemoryRegionSections.
179 */
180 PhysPageEntry phys_map;
53cb28cb 181 PhysPageMap map;
acc9d80b 182 AddressSpace *as;
1db8abb1
PB		 183};
184
90260c6c
JK		 185#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
186typedef struct subpage_t {
187 MemoryRegion iomem;
acc9d80b 188 AddressSpace *as;
90260c6c 189 hwaddr base;
2615fabd 190 uint16_t sub_section[];
90260c6c
JK		 191} subpage_t;
192
b41aac4f
LPF		 193#define PHYS_SECTION_UNASSIGNED 0
194#define PHYS_SECTION_NOTDIRTY 1
195#define PHYS_SECTION_ROM 2
196#define PHYS_SECTION_WATCH 3
5312bd8b 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
09daed84 200static void tcg_commit(MemoryListener *listener);
e2eef170 201
1ec9b909 202static MemoryRegion io_mem_watch;
32857f4d
PM		 203
204/**
205 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
206 * @cpu: the CPU whose AddressSpace this is
207 * @as: the AddressSpace itself
208 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
209 * @tcg_as_listener: listener for tracking changes to the AddressSpace
210 */
211struct CPUAddressSpace {
212 CPUState *cpu;
213 AddressSpace *as;
214 struct AddressSpaceDispatch *memory_dispatch;
215 MemoryListener tcg_as_listener;
216};
217
6658ffb8 218#endif
fd6ce8f6 219
6d9a1304 220#if !defined(CONFIG_USER_ONLY)
d6f2ea22 221
53cb28cb 222static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 223{
101420b8 224 static unsigned alloc_hint = 16;
53cb28cb 225 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 226 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 227 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
228 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 229 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 230 }
f7bf5461
AK		 231}
232
db94604b 233static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 234{
235 unsigned i;
8b795765 236 uint32_t ret;
db94604b
PB		 237 PhysPageEntry e;
238 PhysPageEntry *p;
f7bf5461 239
53cb28cb 240 ret = map->nodes_nb++;
db94604b 241 p = map->nodes[ret];
f7bf5461 242 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 243 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 244
245 e.skip = leaf ? 0 : 1;
246 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 247 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 248 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 249 }
f7bf5461 250 return ret;
d6f2ea22
AK		 251}
252
53cb28cb
MA		 253static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
254 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 255 int level)
f7bf5461
AK		 256{
257 PhysPageEntry *p;
03f49957 258 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 259
9736e55b 260 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 261 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 262 }
db94604b 263 p = map->nodes[lp->ptr];
03f49957 264 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 265
03f49957 266 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 267 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 268 lp->skip = 0;
c19e8800 269 lp->ptr = leaf;
07f07b31
AK		 270 *index += step;
271 *nb -= step;
2999097b 272 } else {
53cb28cb 273 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 274 }
275 ++lp;
f7bf5461
AK		 276 }
277}
278
ac1970fb 279static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 280 hwaddr index, hwaddr nb,
2999097b 281 uint16_t leaf)
f7bf5461 282{
2999097b 283 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 284 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 285
53cb28cb 286 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 287}
288
b35ba30f
MT		 289/* Compact a non leaf page entry. Simply detect that the entry has a single child,
290 * and update our entry so we can skip it and go directly to the destination.
291 */
efee678d 292static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 293{
294 unsigned valid_ptr = P_L2_SIZE;
295 int valid = 0;
296 PhysPageEntry *p;
297 int i;
298
299 if (lp->ptr == PHYS_MAP_NODE_NIL) {
300 return;
301 }
302
303 p = nodes[lp->ptr];
304 for (i = 0; i < P_L2_SIZE; i++) {
305 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
306 continue;
307 }
308
309 valid_ptr = i;
310 valid++;
311 if (p[i].skip) {
efee678d 312 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 313 }
314 }
315
316 /* We can only compress if there's only one child. */
317 if (valid != 1) {
318 return;
319 }
320
321 assert(valid_ptr < P_L2_SIZE);
322
323 /* Don't compress if it won't fit in the # of bits we have. */
324 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
325 return;
326 }
327
328 lp->ptr = p[valid_ptr].ptr;
329 if (!p[valid_ptr].skip) {
330 /* If our only child is a leaf, make this a leaf. */
331 /* By design, we should have made this node a leaf to begin with so we
332 * should never reach here.
333 * But since it's so simple to handle this, let's do it just in case we
334 * change this rule.
335 */
336 lp->skip = 0;
337 } else {
338 lp->skip += p[valid_ptr].skip;
339 }
340}
341
342static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
343{
b35ba30f 344 if (d->phys_map.skip) {
efee678d 345 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 346 }
347}
348
29cb533d
FZ		 349static inline bool section_covers_addr(const MemoryRegionSection *section,
350 hwaddr addr)
351{
352 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
353 * the section must cover the entire address space.
354 */
258dfaaa 355 return int128_gethi(section->size) ||
29cb533d 356 range_covers_byte(section->offset_within_address_space,
258dfaaa 357 int128_getlo(section->size), addr);
29cb533d
FZ		 358}
359
97115a8d 360static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 361 Node *nodes, MemoryRegionSection *sections)
92e873b9 362{
31ab2b4a 363 PhysPageEntry *p;
97115a8d 364 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 365 int i;
f1f6e3b8 366
9736e55b 367 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 368 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 369 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 370 }
9affd6fc 371 p = nodes[lp.ptr];
03f49957 372 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 373 }
b35ba30f 374
29cb533d 375 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 376 return &sections[lp.ptr];
377 } else {
378 return &sections[PHYS_SECTION_UNASSIGNED];
379 }
f3705d53
AK		 380}
381
e5548617
BS		 382bool memory_region_is_unassigned(MemoryRegion *mr)
383{
2a8e7499 384 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 385 && mr != &io_mem_watch;
fd6ce8f6 386}
149f54b5 387
79e2b9ae 388/* Called from RCU critical section */
c7086b4a 389static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 390 hwaddr addr,
391 bool resolve_subpage)
9f029603 392{
729633c2 393 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 394 subpage_t *subpage;
729633c2 395 bool update;
90260c6c 396
729633c2
FZ		 397 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
398 section_covers_addr(section, addr)) {
399 update = false;
400 } else {
401 section = phys_page_find(d->phys_map, addr, d->map.nodes,
402 d->map.sections);
403 update = true;
404 }
90260c6c
JK		 405 if (resolve_subpage && section->mr->subpage) {
406 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 407 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 408 }
729633c2
FZ		 409 if (update) {
410 atomic_set(&d->mru_section, section);
411 }
90260c6c 412 return section;
9f029603
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416static MemoryRegionSection *
c7086b4a 417address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 418 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 419{
420 MemoryRegionSection *section;
965eb2fc 421 MemoryRegion *mr;
a87f3954 422 Int128 diff;
149f54b5 423
c7086b4a 424 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 425 /* Compute offset within MemoryRegionSection */
426 addr -= section->offset_within_address_space;
427
428 /* Compute offset within MemoryRegion */
429 *xlat = addr + section->offset_within_region;
430
965eb2fc 431 mr = section->mr;
b242e0e0
PB		 432
433 /* MMIO registers can be expected to perform full-width accesses based only
434 * on their address, without considering adjacent registers that could
435 * decode to completely different MemoryRegions. When such registers
436 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
437 * regions overlap wildly. For this reason we cannot clamp the accesses
438 * here.
439 *
440 * If the length is small (as is the case for address_space_ldl/stl),
441 * everything works fine. If the incoming length is large, however,
442 * the caller really has to do the clamping through memory_access_size.
443 */
965eb2fc 444 if (memory_region_is_ram(mr)) {
e4a511f8 445 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 446 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
447 }
149f54b5
PB		 448 return section;
449}
90260c6c 450
41063e1e 451/* Called from RCU critical section */
5c8a00ce
PB		 452MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
453 hwaddr *xlat, hwaddr *plen,
454 bool is_write)
90260c6c 455{
30951157
AK		 456 IOMMUTLBEntry iotlb;
457 MemoryRegionSection *section;
458 MemoryRegion *mr;
30951157
AK		 459
460 for (;;) {
79e2b9ae
PB		 461 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
462 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 463 mr = section->mr;
464
465 if (!mr->iommu_ops) {
466 break;
467 }
468
8d7b8cb9 469 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 470 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
471 | (addr & iotlb.addr_mask));
23820dbf 472 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 473 if (!(iotlb.perm & (1 << is_write))) {
474 mr = &io_mem_unassigned;
475 break;
476 }
477
478 as = iotlb.target_as;
479 }
480
fe680d0d 481 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 482 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 483 *plen = MIN(page, *plen);
a87f3954
PB		 484 }
485
30951157
AK		 486 *xlat = addr;
487 return mr;
90260c6c
JK		 488}
489
79e2b9ae 490/* Called from RCU critical section */
90260c6c 491MemoryRegionSection *
d7898cda 492address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 493 hwaddr *xlat, hwaddr *plen)
90260c6c 494{
30951157 495 MemoryRegionSection *section;
d7898cda
PM		 496 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
497
498 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 499
500 assert(!section->mr->iommu_ops);
501 return section;
90260c6c 502}
5b6dd868 503#endif
fd6ce8f6 504
b170fce3 505#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 506
507static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 508{
259186a7 509 CPUState *cpu = opaque;
a513fe19 510
5b6dd868
BS		 511 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
512 version_id is increased. */
259186a7 513 cpu->interrupt_request &= ~0x01;
c01a71c1 514 tlb_flush(cpu, 1);
5b6dd868
BS		 515
516 return 0;
a513fe19 517}
7501267e 518
6c3bff0e
PD		 519static int cpu_common_pre_load(void *opaque)
520{
521 CPUState *cpu = opaque;
522
adee6424 523 cpu->exception_index = -1;
6c3bff0e
PD		 524
525 return 0;
526}
527
528static bool cpu_common_exception_index_needed(void *opaque)
529{
530 CPUState *cpu = opaque;
531
adee6424 532 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 533}
534
535static const VMStateDescription vmstate_cpu_common_exception_index = {
536 .name = "cpu_common/exception_index",
537 .version_id = 1,
538 .minimum_version_id = 1,
5cd8cada 539 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 540 .fields = (VMStateField[]) {
541 VMSTATE_INT32(exception_index, CPUState),
542 VMSTATE_END_OF_LIST()
543 }
544};
545
bac05aa9
AS		 546static bool cpu_common_crash_occurred_needed(void *opaque)
547{
548 CPUState *cpu = opaque;
549
550 return cpu->crash_occurred;
551}
552
553static const VMStateDescription vmstate_cpu_common_crash_occurred = {
554 .name = "cpu_common/crash_occurred",
555 .version_id = 1,
556 .minimum_version_id = 1,
557 .needed = cpu_common_crash_occurred_needed,
558 .fields = (VMStateField[]) {
559 VMSTATE_BOOL(crash_occurred, CPUState),
560 VMSTATE_END_OF_LIST()
561 }
562};
563
1a1562f5 564const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 565 .name = "cpu_common",
566 .version_id = 1,
567 .minimum_version_id = 1,
6c3bff0e 568 .pre_load = cpu_common_pre_load,
5b6dd868 569 .post_load = cpu_common_post_load,
35d08458 570 .fields = (VMStateField[]) {
259186a7
AF		 571 VMSTATE_UINT32(halted, CPUState),
572 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 573 VMSTATE_END_OF_LIST()
6c3bff0e 574 },
5cd8cada
JQ		 575 .subsections = (const VMStateDescription*[]) {
576 &vmstate_cpu_common_exception_index,
bac05aa9 577 &vmstate_cpu_common_crash_occurred,
5cd8cada 578 NULL
5b6dd868
BS		 579 }
580};
1a1562f5 581
5b6dd868 582#endif
ea041c0e 583
38d8f5c8 584CPUState *qemu_get_cpu(int index)
ea041c0e 585{
bdc44640 586 CPUState *cpu;
ea041c0e 587
bdc44640 588 CPU_FOREACH(cpu) {
55e5c285 589 if (cpu->cpu_index == index) {
bdc44640 590 return cpu;
55e5c285 591 }
ea041c0e 592 }
5b6dd868 593
bdc44640 594 return NULL;
ea041c0e
FB		 595}
596
09daed84 597#if !defined(CONFIG_USER_ONLY)
56943e8c 598void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 599{
12ebc9a7
PM		 600 CPUAddressSpace *newas;
601
602 /* Target code should have set num_ases before calling us */
603 assert(asidx < cpu->num_ases);
604
56943e8c
PM		 605 if (asidx == 0) {
606 /* address space 0 gets the convenience alias */
607 cpu->as = as;
608 }
609
12ebc9a7
PM		 610 /* KVM cannot currently support multiple address spaces. */
611 assert(asidx == 0 || !kvm_enabled());
09daed84 612
12ebc9a7
PM		 613 if (!cpu->cpu_ases) {
614 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 615 }
32857f4d 616
12ebc9a7
PM		 617 newas = &cpu->cpu_ases[asidx];
618 newas->cpu = cpu;
619 newas->as = as;
56943e8c 620 if (tcg_enabled()) {
12ebc9a7
PM		 621 newas->tcg_as_listener.commit = tcg_commit;
622 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 623 }
09daed84 624}
651a5bc0
PM		 625
626AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
627{
628 /* Return the AddressSpace corresponding to the specified index */
629 return cpu->cpu_ases[asidx].as;
630}
09daed84
EI		 631#endif
632
7bbc124e 633void cpu_exec_unrealizefn(CPUState *cpu)
1c59eb39 634{
9dfeca7c
BR		 635 CPUClass *cc = CPU_GET_CLASS(cpu);
636
267f685b 637 cpu_list_remove(cpu);
9dfeca7c
BR		 638
639 if (cc->vmsd != NULL) {
640 vmstate_unregister(NULL, cc->vmsd, cpu);
641 }
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
644 }
1c59eb39
BR		 645}
646
39e329e3 647void cpu_exec_initfn(CPUState *cpu)
ea041c0e 648{
56943e8c 649 cpu->as = NULL;
12ebc9a7 650 cpu->num_ases = 0;
56943e8c 651
291135b5 652#ifndef CONFIG_USER_ONLY
291135b5 653 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 654
655 /* This is a softmmu CPU object, so create a property for it
656 * so users can wire up its memory. (This can't go in qom/cpu.c
657 * because that file is compiled only once for both user-mode
658 * and system builds.) The default if no link is set up is to use
659 * the system address space.
660 */
661 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
662 (Object **)&cpu->memory,
663 qdev_prop_allow_set_link_before_realize,
664 OBJ_PROP_LINK_UNREF_ON_RELEASE,
665 &error_abort);
666 cpu->memory = system_memory;
667 object_ref(OBJECT(cpu->memory));
291135b5 668#endif
39e329e3
LV		 669}
670
ce5b1bbf 671void cpu_exec_realizefn(CPUState *cpu, Error **errp)
39e329e3
LV		 672{
673 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
291135b5 674
267f685b 675 cpu_list_add(cpu);
1bc7e522
IM		 676
677#ifndef CONFIG_USER_ONLY
e0d47944 678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 680 }
b170fce3 681 if (cc->vmsd != NULL) {
741da0d3 682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 683 }
741da0d3 684#endif
ea041c0e
FB		 685}
686
94df27fd 687#if defined(CONFIG_USER_ONLY)
00b941e5 688static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 689{
690 tb_invalidate_phys_page_range(pc, pc + 1, 0);
691}
692#else
00b941e5 693static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 694{
5232e4c7
PM		 695 MemTxAttrs attrs;
696 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
697 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 698 if (phys != -1) {
5232e4c7 699 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 700 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 701 }
1e7855a5 702}
c27004ec 703#endif
d720b93d 704
c527ee8f 705#if defined(CONFIG_USER_ONLY)
75a34036 706void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 707
708{
709}
710
3ee887e8
PM		 711int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
712 int flags)
713{
714 return -ENOSYS;
715}
716
717void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
718{
719}
720
75a34036 721int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 722 int flags, CPUWatchpoint **watchpoint)
723{
724 return -ENOSYS;
725}
726#else
6658ffb8 727/* Add a watchpoint. */
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 729 int flags, CPUWatchpoint **watchpoint)
6658ffb8 730{
c0ce998e 731 CPUWatchpoint *wp;
6658ffb8 732
05068c0d 733 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 734 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 735 error_report("tried to set invalid watchpoint at %"
736 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 737 return -EINVAL;
738 }
7267c094 739 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 740
741 wp->vaddr = addr;
05068c0d 742 wp->len = len;
a1d1bb31
AL		 743 wp->flags = flags;
744
2dc9f411 745 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 746 if (flags & BP_GDB) {
747 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
748 } else {
749 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
750 }
6658ffb8 751
31b030d4 752 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 753
754 if (watchpoint)
755 *watchpoint = wp;
756 return 0;
6658ffb8
PB		 757}
758
a1d1bb31 759/* Remove a specific watchpoint. */
75a34036 760int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 761 int flags)
6658ffb8 762{
a1d1bb31 763 CPUWatchpoint *wp;
6658ffb8 764
ff4700b0 765 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 766 if (addr == wp->vaddr && len == wp->len
6e140f28 767 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 768 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 769 return 0;
770 }
771 }
a1d1bb31 772 return -ENOENT;
6658ffb8
PB		 773}
774
a1d1bb31 775/* Remove a specific watchpoint by reference. */
75a34036 776void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 777{
ff4700b0 778 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 779
31b030d4 780 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 781
7267c094 782 g_free(watchpoint);
a1d1bb31
AL		 783}
784
785/* Remove all matching watchpoints. */
75a34036 786void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 787{
c0ce998e 788 CPUWatchpoint *wp, *next;
a1d1bb31 789
ff4700b0 790 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 791 if (wp->flags & mask) {
792 cpu_watchpoint_remove_by_ref(cpu, wp);
793 }
c0ce998e 794 }
7d03f82f 795}
05068c0d
PM		 796
797/* Return true if this watchpoint address matches the specified
798 * access (ie the address range covered by the watchpoint overlaps
799 * partially or completely with the address range covered by the
800 * access).
801 */
802static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
803 vaddr addr,
804 vaddr len)
805{
806 /* We know the lengths are non-zero, but a little caution is
807 * required to avoid errors in the case where the range ends
808 * exactly at the top of the address space and so addr + len
809 * wraps round to zero.
810 */
811 vaddr wpend = wp->vaddr + wp->len - 1;
812 vaddr addrend = addr + len - 1;
813
814 return !(addr > wpend || wp->vaddr > addrend);
815}
816
c527ee8f 817#endif
7d03f82f 818
a1d1bb31 819/* Add a breakpoint. */
b3310ab3 820int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 821 CPUBreakpoint **breakpoint)
4c3a88a2 822{
c0ce998e 823 CPUBreakpoint *bp;
3b46e624 824
7267c094 825 bp = g_malloc(sizeof(*bp));
4c3a88a2 826
a1d1bb31
AL		 827 bp->pc = pc;
828 bp->flags = flags;
829
2dc9f411 830 /* keep all GDB-injected breakpoints in front */
00b941e5 831 if (flags & BP_GDB) {
f0c3c505 832 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 833 } else {
f0c3c505 834 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 835 }
3b46e624 836
f0c3c505 837 breakpoint_invalidate(cpu, pc);
a1d1bb31 838
00b941e5 839 if (breakpoint) {
a1d1bb31 840 *breakpoint = bp;
00b941e5 841 }
4c3a88a2 842 return 0;
4c3a88a2
FB		 843}
844
a1d1bb31 845/* Remove a specific breakpoint. */
b3310ab3 846int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 847{
a1d1bb31
AL		 848 CPUBreakpoint *bp;
849
f0c3c505 850 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 851 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 852 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 853 return 0;
854 }
7d03f82f 855 }
a1d1bb31 856 return -ENOENT;
7d03f82f
EI		 857}
858
a1d1bb31 859/* Remove a specific breakpoint by reference. */
b3310ab3 860void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 861{
f0c3c505
AF		 862 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
863
864 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 865
7267c094 866 g_free(breakpoint);
a1d1bb31
AL		 867}
868
869/* Remove all matching breakpoints. */
b3310ab3 870void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 871{
c0ce998e 872 CPUBreakpoint *bp, *next;
a1d1bb31 873
f0c3c505 874 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 875 if (bp->flags & mask) {
876 cpu_breakpoint_remove_by_ref(cpu, bp);
877 }
c0ce998e 878 }
4c3a88a2
FB		 879}
880
c33a346e
FB		 881/* enable or disable single step mode. EXCP_DEBUG is returned by the
882 CPU loop after each instruction */
3825b28f 883void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 884{
ed2803da
AF		 885 if (cpu->singlestep_enabled != enabled) {
886 cpu->singlestep_enabled = enabled;
887 if (kvm_enabled()) {
38e478ec 888 kvm_update_guest_debug(cpu, 0);
ed2803da 889 } else {
ccbb4d44 890 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 891 /* XXX: only flush what is necessary */
bbd77c18 892 tb_flush(cpu);
e22a25c9 893 }
c33a346e 894 }
c33a346e
FB		 895}
896
a47dddd7 897void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 898{
899 va_list ap;
493ae1f0 900 va_list ap2;
7501267e
FB		 901
902 va_start(ap, fmt);
493ae1f0 903 va_copy(ap2, ap);
7501267e
FB		 904 fprintf(stderr, "qemu: fatal: ");
905 vfprintf(stderr, fmt, ap);
906 fprintf(stderr, "\n");
878096ee 907 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 908 if (qemu_log_separate()) {
93fcfe39
AL		 909 qemu_log("qemu: fatal: ");
910 qemu_log_vprintf(fmt, ap2);
911 qemu_log("\n");
a0762859 912 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 913 qemu_log_flush();
93fcfe39 914 qemu_log_close();
924edcae 915 }
493ae1f0 916 va_end(ap2);
f9373291 917 va_end(ap);
7615936e 918 replay_finish();
fd052bf6
RV		 919#if defined(CONFIG_USER_ONLY)
920 {
921 struct sigaction act;
922 sigfillset(&act.sa_mask);
923 act.sa_handler = SIG_DFL;
924 sigaction(SIGABRT, &act, NULL);
925 }
926#endif
7501267e
FB		 927 abort();
928}
929
0124311e 930#if !defined(CONFIG_USER_ONLY)
0dc3f44a 931/* Called from RCU critical section */
041603fe
PB		 932static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
933{
934 RAMBlock *block;
935
43771539 936 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 937 if (block && addr - block->offset < block->max_length) {
68851b98 938 return block;
041603fe 939 }
0dc3f44a 940 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 941 if (addr - block->offset < block->max_length) {
041603fe
PB		 942 goto found;
943 }
944 }
945
946 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
947 abort();
948
949found:
43771539
PB		 950 /* It is safe to write mru_block outside the iothread lock. This
951 * is what happens:
952 *
953 * mru_block = xxx
954 * rcu_read_unlock()
955 * xxx removed from list
956 * rcu_read_lock()
957 * read mru_block
958 * mru_block = NULL;
959 * call_rcu(reclaim_ramblock, xxx);
960 * rcu_read_unlock()
961 *
962 * atomic_rcu_set is not needed here. The block was already published
963 * when it was placed into the list. Here we're just making an extra
964 * copy of the pointer.
965 */
041603fe
PB		 966 ram_list.mru_block = block;
967 return block;
968}
969
a2f4d5be 970static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 971{
9a13565d 972 CPUState *cpu;
041603fe 973 ram_addr_t start1;
a2f4d5be
JQ		 974 RAMBlock *block;
975 ram_addr_t end;
976
977 end = TARGET_PAGE_ALIGN(start + length);
978 start &= TARGET_PAGE_MASK;
d24981d3 979
0dc3f44a 980 rcu_read_lock();
041603fe
PB		 981 block = qemu_get_ram_block(start);
982 assert(block == qemu_get_ram_block(end - 1));
1240be24 983 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 984 CPU_FOREACH(cpu) {
985 tlb_reset_dirty(cpu, start1, length);
986 }
0dc3f44a 987 rcu_read_unlock();
d24981d3
JQ		 988}
989
5579c7f3 990/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 991bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
992 ram_addr_t length,
993 unsigned client)
1ccde1cb 994{
5b82b703 995 DirtyMemoryBlocks *blocks;
03eebc9e 996 unsigned long end, page;
5b82b703 997 bool dirty = false;
03eebc9e
SH		 998
999 if (length == 0) {
1000 return false;
1001 }
f23db169 1002
03eebc9e
SH		 1003 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1004 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1005
1006 rcu_read_lock();
1007
1008 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1009
1010 while (page < end) {
1011 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1012 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1013 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1014
1015 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1016 offset, num);
1017 page += num;
1018 }
1019
1020 rcu_read_unlock();
03eebc9e
SH		 1021
1022 if (dirty && tcg_enabled()) {
a2f4d5be 1023 tlb_reset_dirty_range_all(start, length);
5579c7f3 1024 }
03eebc9e
SH		 1025
1026 return dirty;
1ccde1cb
FB		 1027}
1028
79e2b9ae 1029/* Called from RCU critical section */
bb0e627a 1030hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1031 MemoryRegionSection *section,
1032 target_ulong vaddr,
1033 hwaddr paddr, hwaddr xlat,
1034 int prot,
1035 target_ulong *address)
e5548617 1036{
a8170e5e 1037 hwaddr iotlb;
e5548617
BS		 1038 CPUWatchpoint *wp;
1039
cc5bea60 1040 if (memory_region_is_ram(section->mr)) {
e5548617 1041 /* Normal RAM. */
e4e69794 1042 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1043 if (!section->readonly) {
b41aac4f 1044 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1045 } else {
b41aac4f 1046 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1047 }
1048 } else {
0b8e2c10
PM		 1049 AddressSpaceDispatch *d;
1050
1051 d = atomic_rcu_read(&section->address_space->dispatch);
1052 iotlb = section - d->map.sections;
149f54b5 1053 iotlb += xlat;
e5548617
BS		 1054 }
1055
1056 /* Make accesses to pages with watchpoints go via the
1057 watchpoint trap routines. */
ff4700b0 1058 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1059 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1060 /* Avoid trapping reads of pages with a write breakpoint. */
1061 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1062 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1063 *address |= TLB_MMIO;
1064 break;
1065 }
1066 }
1067 }
1068
1069 return iotlb;
1070}
9fa3e853
FB		 1071#endif /* defined(CONFIG_USER_ONLY) */
1072
e2eef170 1073#if !defined(CONFIG_USER_ONLY)
8da3ff18 1074
c227f099 1075static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1076 uint16_t section);
acc9d80b 1077static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1078
a2b257d6
IM		 1079static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1080 qemu_anon_ram_alloc;
91138037
MA		 1081
1082/*
1083 * Set a custom physical guest memory alloator.
1084 * Accelerators with unusual needs may need this. Hopefully, we can
1085 * get rid of it eventually.
1086 */
a2b257d6 1087void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1088{
1089 phys_mem_alloc = alloc;
1090}
1091
53cb28cb
MA		 1092static uint16_t phys_section_add(PhysPageMap *map,
1093 MemoryRegionSection *section)
5312bd8b 1094{
68f3f65b
PB		 1095 /* The physical section number is ORed with a page-aligned
1096 * pointer to produce the iotlb entries. Thus it should
1097 * never overflow into the page-aligned value.
1098 */
53cb28cb 1099 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1100
53cb28cb
MA		 1101 if (map->sections_nb == map->sections_nb_alloc) {
1102 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1103 map->sections = g_renew(MemoryRegionSection, map->sections,
1104 map->sections_nb_alloc);
5312bd8b 1105 }
53cb28cb 1106 map->sections[map->sections_nb] = *section;
dfde4e6e 1107 memory_region_ref(section->mr);
53cb28cb 1108 return map->sections_nb++;
5312bd8b
AK		 1109}
1110
058bc4b5
PB		 1111static void phys_section_destroy(MemoryRegion *mr)
1112{
55b4e80b
DS		 1113 bool have_sub_page = mr->subpage;
1114
dfde4e6e
PB		 1115 memory_region_unref(mr);
1116
55b4e80b 1117 if (have_sub_page) {
058bc4b5 1118 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1119 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1120 g_free(subpage);
1121 }
1122}
1123
6092666e 1124static void phys_sections_free(PhysPageMap *map)
5312bd8b 1125{
9affd6fc
PB		 1126 while (map->sections_nb > 0) {
1127 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1128 phys_section_destroy(section->mr);
1129 }
9affd6fc
PB		 1130 g_free(map->sections);
1131 g_free(map->nodes);
5312bd8b
AK		 1132}
1133
ac1970fb 1134static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1135{
1136 subpage_t *subpage;
a8170e5e 1137 hwaddr base = section->offset_within_address_space
0f0cb164 1138 & TARGET_PAGE_MASK;
97115a8d 1139 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1140 d->map.nodes, d->map.sections);
0f0cb164
AK		 1141 MemoryRegionSection subsection = {
1142 .offset_within_address_space = base,
052e87b0 1143 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1144 };
a8170e5e 1145 hwaddr start, end;
0f0cb164 1146
f3705d53 1147 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1148
f3705d53 1149 if (!(existing->mr->subpage)) {
acc9d80b 1150 subpage = subpage_init(d->as, base);
3be91e86 1151 subsection.address_space = d->as;
0f0cb164 1152 subsection.mr = &subpage->iomem;
ac1970fb 1153 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1154 phys_section_add(&d->map, &subsection));
0f0cb164 1155 } else {
f3705d53 1156 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1157 }
1158 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1159 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1160 subpage_register(subpage, start, end,
1161 phys_section_add(&d->map, section));
0f0cb164
AK		 1162}
1163
1164
052e87b0
PB		 1165static void register_multipage(AddressSpaceDispatch *d,
1166 MemoryRegionSection *section)
33417e70 1167{
a8170e5e 1168 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1169 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1170 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1171 TARGET_PAGE_BITS));
dd81124b 1172
733d5ef5
PB		 1173 assert(num_pages);
1174 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1175}
1176
ac1970fb 1177static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1178{
89ae337a 1179 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1180 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1181 MemoryRegionSection now = *section, remain = *section;
052e87b0 1182 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1183
733d5ef5
PB		 1184 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1185 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1186 - now.offset_within_address_space;
1187
052e87b0 1188 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1189 register_subpage(d, &now);
733d5ef5 1190 } else {
052e87b0 1191 now.size = int128_zero();
733d5ef5 1192 }
052e87b0
PB		 1193 while (int128_ne(remain.size, now.size)) {
1194 remain.size = int128_sub(remain.size, now.size);
1195 remain.offset_within_address_space += int128_get64(now.size);
1196 remain.offset_within_region += int128_get64(now.size);
69b67646 1197 now = remain;
052e87b0 1198 if (int128_lt(remain.size, page_size)) {
733d5ef5 1199 register_subpage(d, &now);
88266249 1200 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1201 now.size = page_size;
ac1970fb 1202 register_subpage(d, &now);
69b67646 1203 } else {
052e87b0 1204 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1205 register_multipage(d, &now);
69b67646 1206 }
0f0cb164
AK		 1207 }
1208}
1209
62a2744c
SY		 1210void qemu_flush_coalesced_mmio_buffer(void)
1211{
1212 if (kvm_enabled())
1213 kvm_flush_coalesced_mmio_buffer();
1214}
1215
b2a8658e
UD		 1216void qemu_mutex_lock_ramlist(void)
1217{
1218 qemu_mutex_lock(&ram_list.mutex);
1219}
1220
1221void qemu_mutex_unlock_ramlist(void)
1222{
1223 qemu_mutex_unlock(&ram_list.mutex);
1224}
1225
e1e84ba0 1226#ifdef __linux__
04b16653
AW		 1227static void *file_ram_alloc(RAMBlock *block,
1228 ram_addr_t memory,
7f56e740
PB		 1229 const char *path,
1230 Error **errp)
c902760f 1231{
fd97fd44 1232 bool unlink_on_error = false;
c902760f 1233 char *filename;
8ca761f6
PF		 1234 char *sanitized_name;
1235 char *c;
056b68af 1236 void *area = MAP_FAILED;
5c3ece79 1237 int fd = -1;
c902760f
MT		 1238
1239 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1240 error_setg(errp,
1241 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1242 return NULL;
c902760f
MT		 1243 }
1244
fd97fd44
MA		 1245 for (;;) {
1246 fd = open(path, O_RDWR);
1247 if (fd >= 0) {
1248 /* @path names an existing file, use it */
1249 break;
8d31d6b6 1250 }
fd97fd44
MA		 1251 if (errno == ENOENT) {
1252 /* @path names a file that doesn't exist, create it */
1253 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1254 if (fd >= 0) {
1255 unlink_on_error = true;
1256 break;
1257 }
1258 } else if (errno == EISDIR) {
1259 /* @path names a directory, create a file there */
1260 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1261 sanitized_name = g_strdup(memory_region_name(block->mr));
1262 for (c = sanitized_name; *c != '\0'; c++) {
1263 if (*c == '/') {
1264 *c = '_';
1265 }
1266 }
8ca761f6 1267
fd97fd44
MA		 1268 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1269 sanitized_name);
1270 g_free(sanitized_name);
8d31d6b6 1271
fd97fd44
MA		 1272 fd = mkstemp(filename);
1273 if (fd >= 0) {
1274 unlink(filename);
1275 g_free(filename);
1276 break;
1277 }
1278 g_free(filename);
8d31d6b6 1279 }
fd97fd44
MA		 1280 if (errno != EEXIST && errno != EINTR) {
1281 error_setg_errno(errp, errno,
1282 "can't open backing store %s for guest RAM",
1283 path);
1284 goto error;
1285 }
1286 /*
1287 * Try again on EINTR and EEXIST. The latter happens when
1288 * something else creates the file between our two open().
1289 */
8d31d6b6 1290 }
c902760f 1291
863e9621 1292 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1293 block->mr->align = block->page_size;
1294#if defined(__s390x__)
1295 if (kvm_enabled()) {
1296 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1297 }
1298#endif
fd97fd44 1299
863e9621 1300 if (memory < block->page_size) {
fd97fd44 1301 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1302 "or larger than page size 0x%zx",
1303 memory, block->page_size);
f9a49dfa 1304 goto error;
c902760f 1305 }
c902760f 1306
863e9621 1307 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1308
1309 /*
1310 * ftruncate is not supported by hugetlbfs in older
1311 * hosts, so don't bother bailing out on errors.
1312 * If anything goes wrong with it under other filesystems,
1313 * mmap will fail.
1314 */
7f56e740 1315 if (ftruncate(fd, memory)) {
9742bf26 1316 perror("ftruncate");
7f56e740 1317 }
c902760f 1318
d2f39add
DD		 1319 area = qemu_ram_mmap(fd, memory, block->mr->align,
1320 block->flags & RAM_SHARED);
c902760f 1321 if (area == MAP_FAILED) {
7f56e740 1322 error_setg_errno(errp, errno,
fd97fd44 1323 "unable to map backing store for guest RAM");
f9a49dfa 1324 goto error;
c902760f 1325 }
ef36fa14
MT		 1326
1327 if (mem_prealloc) {
056b68af
IM		 1328 os_mem_prealloc(fd, area, memory, errp);
1329 if (errp && *errp) {
1330 goto error;
1331 }
ef36fa14
MT		 1332 }
1333
04b16653 1334 block->fd = fd;
c902760f 1335 return area;
f9a49dfa
MT		 1336
1337error:
056b68af
IM		 1338 if (area != MAP_FAILED) {
1339 qemu_ram_munmap(area, memory);
1340 }
fd97fd44
MA		 1341 if (unlink_on_error) {
1342 unlink(path);
1343 }
5c3ece79
PB		 1344 if (fd != -1) {
1345 close(fd);
1346 }
f9a49dfa 1347 return NULL;
c902760f
MT		 1348}
1349#endif
1350
0dc3f44a 1351/* Called with the ramlist lock held. */
d17b5288 1352static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1353{
1354 RAMBlock *block, *next_block;
3e837b2c 1355 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1356
49cd9ac6
SH		 1357 assert(size != 0); /* it would hand out same offset multiple times */
1358
0dc3f44a 1359 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1360 return 0;
0d53d9fe 1361 }
04b16653 1362
0dc3f44a 1363 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1364 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1365
62be4e3a 1366 end = block->offset + block->max_length;
04b16653 1367
0dc3f44a 1368 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1369 if (next_block->offset >= end) {
1370 next = MIN(next, next_block->offset);
1371 }
1372 }
1373 if (next - end >= size && next - end < mingap) {
3e837b2c 1374 offset = end;
04b16653
AW		 1375 mingap = next - end;
1376 }
1377 }
3e837b2c
AW		 1378
1379 if (offset == RAM_ADDR_MAX) {
1380 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1381 (uint64_t)size);
1382 abort();
1383 }
1384
04b16653
AW		 1385 return offset;
1386}
1387
652d7ec2 1388ram_addr_t last_ram_offset(void)
d17b5288
AW		 1389{
1390 RAMBlock *block;
1391 ram_addr_t last = 0;
1392
0dc3f44a
MD		 1393 rcu_read_lock();
1394 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1395 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1396 }
0dc3f44a 1397 rcu_read_unlock();
d17b5288
AW		 1398 return last;
1399}
1400
ddb97f1d
JB		 1401static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1402{
1403 int ret;
ddb97f1d
JB		 1404
1405 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1406 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1407 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1408 if (ret) {
1409 perror("qemu_madvise");
1410 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1411 "but dump_guest_core=off specified\n");
1412 }
1413 }
1414}
1415
422148d3
DDAG		 1416const char *qemu_ram_get_idstr(RAMBlock *rb)
1417{
1418 return rb->idstr;
1419}
1420
ae3a7047 1421/* Called with iothread lock held. */
fa53a0e5 1422void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1423{
fa53a0e5 1424 RAMBlock *block;
20cfe881 1425
c5705a77
AK		 1426 assert(new_block);
1427 assert(!new_block->idstr[0]);
84b89d78 1428
09e5ab63
AL		 1429 if (dev) {
1430 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1431 if (id) {
1432 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1433 g_free(id);
84b89d78
CM		 1434 }
1435 }
1436 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1437
ab0a9956 1438 rcu_read_lock();
0dc3f44a 1439 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1440 if (block != new_block &&
1441 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1442 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1443 new_block->idstr);
1444 abort();
1445 }
1446 }
0dc3f44a 1447 rcu_read_unlock();
c5705a77
AK		 1448}
1449
ae3a7047 1450/* Called with iothread lock held. */
fa53a0e5 1451void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1452{
ae3a7047
MD		 1453 /* FIXME: arch_init.c assumes that this is not called throughout
1454 * migration. Ignore the problem since hot-unplug during migration
1455 * does not work anyway.
1456 */
20cfe881
HT		 1457 if (block) {
1458 memset(block->idstr, 0, sizeof(block->idstr));
1459 }
1460}
1461
863e9621
DDAG		 1462size_t qemu_ram_pagesize(RAMBlock *rb)
1463{
1464 return rb->page_size;
1465}
1466
8490fc78
LC		 1467static int memory_try_enable_merging(void *addr, size_t len)
1468{
75cc7f01 1469 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1470 /* disabled by the user */
1471 return 0;
1472 }
1473
1474 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1475}
1476
62be4e3a
MT		 1477/* Only legal before guest might have detected the memory size: e.g. on
1478 * incoming migration, or right after reset.
1479 *
1480 * As memory core doesn't know how is memory accessed, it is up to
1481 * resize callback to update device state and/or add assertions to detect
1482 * misuse, if necessary.
1483 */
fa53a0e5 1484int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1485{
62be4e3a
MT		 1486 assert(block);
1487
4ed023ce 1488 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1489
62be4e3a
MT		 1490 if (block->used_length == newsize) {
1491 return 0;
1492 }
1493
1494 if (!(block->flags & RAM_RESIZEABLE)) {
1495 error_setg_errno(errp, EINVAL,
1496 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1497 " in != 0x" RAM_ADDR_FMT, block->idstr,
1498 newsize, block->used_length);
1499 return -EINVAL;
1500 }
1501
1502 if (block->max_length < newsize) {
1503 error_setg_errno(errp, EINVAL,
1504 "Length too large: %s: 0x" RAM_ADDR_FMT
1505 " > 0x" RAM_ADDR_FMT, block->idstr,
1506 newsize, block->max_length);
1507 return -EINVAL;
1508 }
1509
1510 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1511 block->used_length = newsize;
58d2707e
PB		 1512 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1513 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1514 memory_region_set_size(block->mr, newsize);
1515 if (block->resized) {
1516 block->resized(block->idstr, newsize, block->host);
1517 }
1518 return 0;
1519}
1520
5b82b703
SH		 1521/* Called with ram_list.mutex held */
1522static void dirty_memory_extend(ram_addr_t old_ram_size,
1523 ram_addr_t new_ram_size)
1524{
1525 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1526 DIRTY_MEMORY_BLOCK_SIZE);
1527 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1528 DIRTY_MEMORY_BLOCK_SIZE);
1529 int i;
1530
1531 /* Only need to extend if block count increased */
1532 if (new_num_blocks <= old_num_blocks) {
1533 return;
1534 }
1535
1536 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1537 DirtyMemoryBlocks *old_blocks;
1538 DirtyMemoryBlocks *new_blocks;
1539 int j;
1540
1541 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1542 new_blocks = g_malloc(sizeof(*new_blocks) +
1543 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1544
1545 if (old_num_blocks) {
1546 memcpy(new_blocks->blocks, old_blocks->blocks,
1547 old_num_blocks * sizeof(old_blocks->blocks[0]));
1548 }
1549
1550 for (j = old_num_blocks; j < new_num_blocks; j++) {
1551 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1552 }
1553
1554 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1555
1556 if (old_blocks) {
1557 g_free_rcu(old_blocks, rcu);
1558 }
1559 }
1560}
1561
528f46af 1562static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1563{
e1c57ab8 1564 RAMBlock *block;
0d53d9fe 1565 RAMBlock *last_block = NULL;
2152f5ca 1566 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1567 Error *err = NULL;
2152f5ca
JQ		 1568
1569 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1570
b2a8658e 1571 qemu_mutex_lock_ramlist();
9b8424d5 1572 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1573
1574 if (!new_block->host) {
1575 if (xen_enabled()) {
9b8424d5 1576 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1577 new_block->mr, &err);
1578 if (err) {
1579 error_propagate(errp, err);
1580 qemu_mutex_unlock_ramlist();
39c350ee 1581 return;
37aa7a0e 1582 }
e1c57ab8 1583 } else {
9b8424d5 1584 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1585 &new_block->mr->align);
39228250 1586 if (!new_block->host) {
ef701d7b
HT		 1587 error_setg_errno(errp, errno,
1588 "cannot set up guest memory '%s'",
1589 memory_region_name(new_block->mr));
1590 qemu_mutex_unlock_ramlist();
39c350ee 1591 return;
39228250 1592 }
9b8424d5 1593 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1594 }
c902760f 1595 }
94a6b54f 1596
dd631697
LZ		 1597 new_ram_size = MAX(old_ram_size,
1598 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1599 if (new_ram_size > old_ram_size) {
1600 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1601 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1602 }
0d53d9fe
MD		 1603 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1604 * QLIST (which has an RCU-friendly variant) does not have insertion at
1605 * tail, so save the last element in last_block.
1606 */
0dc3f44a 1607 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1608 last_block = block;
9b8424d5 1609 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1610 break;
1611 }
1612 }
1613 if (block) {
0dc3f44a 1614 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1615 } else if (last_block) {
0dc3f44a 1616 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1617 } else { /* list is empty */
0dc3f44a 1618 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1619 }
0d6d3c87 1620 ram_list.mru_block = NULL;
94a6b54f 1621
0dc3f44a
MD		 1622 /* Write list before version */
1623 smp_wmb();
f798b07f 1624 ram_list.version++;
b2a8658e 1625 qemu_mutex_unlock_ramlist();
f798b07f 1626
9b8424d5 1627 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1628 new_block->used_length,
1629 DIRTY_CLIENTS_ALL);
94a6b54f 1630
a904c911
PB		 1631 if (new_block->host) {
1632 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1633 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1634 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1635 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1636 }
94a6b54f 1637}
e9a1ab19 1638
0b183fc8 1639#ifdef __linux__
528f46af
FZ		 1640RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1641 bool share, const char *mem_path,
1642 Error **errp)
e1c57ab8
PB		 1643{
1644 RAMBlock *new_block;
ef701d7b 1645 Error *local_err = NULL;
e1c57ab8
PB		 1646
1647 if (xen_enabled()) {
7f56e740 1648 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1649 return NULL;
e1c57ab8
PB		 1650 }
1651
1652 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1653 /*
1654 * file_ram_alloc() needs to allocate just like
1655 * phys_mem_alloc, but we haven't bothered to provide
1656 * a hook there.
1657 */
7f56e740
PB		 1658 error_setg(errp,
1659 "-mem-path not supported with this accelerator");
528f46af 1660 return NULL;
e1c57ab8
PB		 1661 }
1662
4ed023ce 1663 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1664 new_block = g_malloc0(sizeof(*new_block));
1665 new_block->mr = mr;
9b8424d5
MT		 1666 new_block->used_length = size;
1667 new_block->max_length = size;
dbcb8981 1668 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1669 new_block->host = file_ram_alloc(new_block, size,
1670 mem_path, errp);
1671 if (!new_block->host) {
1672 g_free(new_block);
528f46af 1673 return NULL;
7f56e740
PB		 1674 }
1675
528f46af 1676 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1677 if (local_err) {
1678 g_free(new_block);
1679 error_propagate(errp, local_err);
528f46af 1680 return NULL;
ef701d7b 1681 }
528f46af 1682 return new_block;
e1c57ab8 1683}
0b183fc8 1684#endif
e1c57ab8 1685
62be4e3a 1686static
528f46af
FZ		 1687RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1688 void (*resized)(const char*,
1689 uint64_t length,
1690 void *host),
1691 void *host, bool resizeable,
1692 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1693{
1694 RAMBlock *new_block;
ef701d7b 1695 Error *local_err = NULL;
e1c57ab8 1696
4ed023ce
DDAG		 1697 size = HOST_PAGE_ALIGN(size);
1698 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1699 new_block = g_malloc0(sizeof(*new_block));
1700 new_block->mr = mr;
62be4e3a 1701 new_block->resized = resized;
9b8424d5
MT		 1702 new_block->used_length = size;
1703 new_block->max_length = max_size;
62be4e3a 1704 assert(max_size >= size);
e1c57ab8 1705 new_block->fd = -1;
863e9621 1706 new_block->page_size = getpagesize();
e1c57ab8
PB		 1707 new_block->host = host;
1708 if (host) {
7bd4f430 1709 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1710 }
62be4e3a
MT		 1711 if (resizeable) {
1712 new_block->flags |= RAM_RESIZEABLE;
1713 }
528f46af 1714 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1715 if (local_err) {
1716 g_free(new_block);
1717 error_propagate(errp, local_err);
528f46af 1718 return NULL;
ef701d7b 1719 }
528f46af 1720 return new_block;
e1c57ab8
PB		 1721}
1722
528f46af 1723RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1724 MemoryRegion *mr, Error **errp)
1725{
1726 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1727}
1728
528f46af 1729RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1730{
62be4e3a
MT		 1731 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1732}
1733
528f46af 1734RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1735 void (*resized)(const char*,
1736 uint64_t length,
1737 void *host),
1738 MemoryRegion *mr, Error **errp)
1739{
1740 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1741}
1742
43771539
PB		 1743static void reclaim_ramblock(RAMBlock *block)
1744{
1745 if (block->flags & RAM_PREALLOC) {
1746 ;
1747 } else if (xen_enabled()) {
1748 xen_invalidate_map_cache_entry(block->host);
1749#ifndef _WIN32
1750 } else if (block->fd >= 0) {
2f3a2bb1 1751 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1752 close(block->fd);
1753#endif
1754 } else {
1755 qemu_anon_ram_free(block->host, block->max_length);
1756 }
1757 g_free(block);
1758}
1759
f1060c55 1760void qemu_ram_free(RAMBlock *block)
e9a1ab19 1761{
85bc2a15
MAL		 1762 if (!block) {
1763 return;
1764 }
1765
b2a8658e 1766 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1767 QLIST_REMOVE_RCU(block, next);
1768 ram_list.mru_block = NULL;
1769 /* Write list before version */
1770 smp_wmb();
1771 ram_list.version++;
1772 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1773 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1774}
1775
cd19cfa2
HY		 1776#ifndef _WIN32
1777void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1778{
1779 RAMBlock *block;
1780 ram_addr_t offset;
1781 int flags;
1782 void *area, *vaddr;
1783
0dc3f44a 1784 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1785 offset = addr - block->offset;
9b8424d5 1786 if (offset < block->max_length) {
1240be24 1787 vaddr = ramblock_ptr(block, offset);
7bd4f430 1788 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1789 ;
dfeaf2ab
MA		 1790 } else if (xen_enabled()) {
1791 abort();
cd19cfa2
HY		 1792 } else {
1793 flags = MAP_FIXED;
3435f395 1794 if (block->fd >= 0) {
dbcb8981
PB		 1795 flags |= (block->flags & RAM_SHARED ?
1796 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1797 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1798 flags, block->fd, offset);
cd19cfa2 1799 } else {
2eb9fbaa
MA		 1800 /*
1801 * Remap needs to match alloc. Accelerators that
1802 * set phys_mem_alloc never remap. If they did,
1803 * we'd need a remap hook here.
1804 */
1805 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1806
cd19cfa2
HY		 1807 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1808 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1809 flags, -1, 0);
cd19cfa2
HY		 1810 }
1811 if (area != vaddr) {
f15fbc4b
AP		 1812 fprintf(stderr, "Could not remap addr: "
1813 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1814 length, addr);
1815 exit(1);
1816 }
8490fc78 1817 memory_try_enable_merging(vaddr, length);
ddb97f1d 1818 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1819 }
cd19cfa2
HY		 1820 }
1821 }
1822}
1823#endif /* !_WIN32 */
1824
1b5ec234 1825/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1826 * This should not be used for general purpose DMA. Use address_space_map
1827 * or address_space_rw instead. For local memory (e.g. video ram) that the
1828 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1829 *
49b24afc 1830 * Called within RCU critical section.
1b5ec234 1831 */
0878d0e1 1832void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1833{
3655cb9c
GA		 1834 RAMBlock *block = ram_block;
1835
1836 if (block == NULL) {
1837 block = qemu_get_ram_block(addr);
0878d0e1 1838 addr -= block->offset;
3655cb9c 1839 }
ae3a7047
MD		 1840
1841 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1842 /* We need to check if the requested address is in the RAM
1843 * because we don't want to map the entire memory in QEMU.
1844 * In that case just map until the end of the page.
1845 */
1846 if (block->offset == 0) {
49b24afc 1847 return xen_map_cache(addr, 0, 0);
0d6d3c87 1848 }
ae3a7047
MD		 1849
1850 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1851 }
0878d0e1 1852 return ramblock_ptr(block, addr);
dc828ca1
PB		 1853}
1854
0878d0e1 1855/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1856 * but takes a size argument.
0dc3f44a 1857 *
e81bcda5 1858 * Called within RCU critical section.
ae3a7047 1859 */
3655cb9c
GA		 1860static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1861 hwaddr *size)
38bee5dc 1862{
3655cb9c 1863 RAMBlock *block = ram_block;
8ab934f9
SS		 1864 if (*size == 0) {
1865 return NULL;
1866 }
e81bcda5 1867
3655cb9c
GA		 1868 if (block == NULL) {
1869 block = qemu_get_ram_block(addr);
0878d0e1 1870 addr -= block->offset;
3655cb9c 1871 }
0878d0e1 1872 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1873
1874 if (xen_enabled() && block->host == NULL) {
1875 /* We need to check if the requested address is in the RAM
1876 * because we don't want to map the entire memory in QEMU.
1877 * In that case just map the requested area.
1878 */
1879 if (block->offset == 0) {
1880 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1881 }
1882
e81bcda5 1883 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1884 }
e81bcda5 1885
0878d0e1 1886 return ramblock_ptr(block, addr);
38bee5dc
SS		 1887}
1888
422148d3
DDAG		 1889/*
1890 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1891 * in that RAMBlock.
1892 *
1893 * ptr: Host pointer to look up
1894 * round_offset: If true round the result offset down to a page boundary
1895 * *ram_addr: set to result ram_addr
1896 * *offset: set to result offset within the RAMBlock
1897 *
1898 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1899 *
1900 * By the time this function returns, the returned pointer is not protected
1901 * by RCU anymore. If the caller is not within an RCU critical section and
1902 * does not hold the iothread lock, it must have other means of protecting the
1903 * pointer, such as a reference to the region that includes the incoming
1904 * ram_addr_t.
1905 */
422148d3 1906RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1907 ram_addr_t *offset)
5579c7f3 1908{
94a6b54f
PB		 1909 RAMBlock *block;
1910 uint8_t *host = ptr;
1911
868bb33f 1912 if (xen_enabled()) {
f615f396 1913 ram_addr_t ram_addr;
0dc3f44a 1914 rcu_read_lock();
f615f396
PB		 1915 ram_addr = xen_ram_addr_from_mapcache(ptr);
1916 block = qemu_get_ram_block(ram_addr);
422148d3 1917 if (block) {
d6b6aec4 1918 *offset = ram_addr - block->offset;
422148d3 1919 }
0dc3f44a 1920 rcu_read_unlock();
422148d3 1921 return block;
712c2b41
SS		 1922 }
1923
0dc3f44a
MD		 1924 rcu_read_lock();
1925 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1926 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1927 goto found;
1928 }
1929
0dc3f44a 1930 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1931 /* This case append when the block is not mapped. */
1932 if (block->host == NULL) {
1933 continue;
1934 }
9b8424d5 1935 if (host - block->host < block->max_length) {
23887b79 1936 goto found;
f471a17e 1937 }
94a6b54f 1938 }
432d268c 1939
0dc3f44a 1940 rcu_read_unlock();
1b5ec234 1941 return NULL;
23887b79
PB		 1942
1943found:
422148d3
DDAG		 1944 *offset = (host - block->host);
1945 if (round_offset) {
1946 *offset &= TARGET_PAGE_MASK;
1947 }
0dc3f44a 1948 rcu_read_unlock();
422148d3
DDAG		 1949 return block;
1950}
1951
e3dd7493
DDAG		 1952/*
1953 * Finds the named RAMBlock
1954 *
1955 * name: The name of RAMBlock to find
1956 *
1957 * Returns: RAMBlock (or NULL if not found)
1958 */
1959RAMBlock *qemu_ram_block_by_name(const char *name)
1960{
1961 RAMBlock *block;
1962
1963 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1964 if (!strcmp(name, block->idstr)) {
1965 return block;
1966 }
1967 }
1968
1969 return NULL;
1970}
1971
422148d3
DDAG		 1972/* Some of the softmmu routines need to translate from a host pointer
1973 (typically a TLB entry) back to a ram offset. */
07bdaa41 1974ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1975{
1976 RAMBlock *block;
f615f396 1977 ram_addr_t offset;
422148d3 1978
f615f396 1979 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1980 if (!block) {
07bdaa41 1981 return RAM_ADDR_INVALID;
422148d3
DDAG		 1982 }
1983
07bdaa41 1984 return block->offset + offset;
e890261f 1985}
f471a17e 1986
49b24afc 1987/* Called within RCU critical section. */
a8170e5e 1988static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1989 uint64_t val, unsigned size)
9fa3e853 1990{
52159192 1991 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1992 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1993 }
0e0df1e2
AK		 1994 switch (size) {
1995 case 1:
0878d0e1 1996 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1997 break;
1998 case 2:
0878d0e1 1999 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2000 break;
2001 case 4:
0878d0e1 2002 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2003 break;
2004 default:
2005 abort();
3a7d929e 2006 }
58d2707e
PB		 2007 /* Set both VGA and migration bits for simplicity and to remove
2008 * the notdirty callback faster.
2009 */
2010 cpu_physical_memory_set_dirty_range(ram_addr, size,
2011 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2012 /* we remove the notdirty callback only if the code has been
2013 flushed */
a2cd8c85 2014 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2015 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2016 }
9fa3e853
FB		 2017}
2018
b018ddf6
PB		 2019static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2020 unsigned size, bool is_write)
2021{
2022 return is_write;
2023}
2024
0e0df1e2 2025static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2026 .write = notdirty_mem_write,
b018ddf6 2027 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2028 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2029};
2030
0f459d16 2031/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2032static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2033{
93afeade 2034 CPUState *cpu = current_cpu;
568496c0 2035 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2036 CPUArchState *env = cpu->env_ptr;
06d55cc1 2037 target_ulong pc, cs_base;
0f459d16 2038 target_ulong vaddr;
a1d1bb31 2039 CPUWatchpoint *wp;
89fee74a 2040 uint32_t cpu_flags;
0f459d16 2041
ff4700b0 2042 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2043 /* We re-entered the check after replacing the TB. Now raise
2044 * the debug interrupt so that is will trigger after the
2045 * current instruction. */
93afeade 2046 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2047 return;
2048 }
93afeade 2049 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2050 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2051 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2052 && (wp->flags & flags)) {
08225676
PM		 2053 if (flags == BP_MEM_READ) {
2054 wp->flags |= BP_WATCHPOINT_HIT_READ;
2055 } else {
2056 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2057 }
2058 wp->hitaddr = vaddr;
66b9b43c 2059 wp->hitattrs = attrs;
ff4700b0 2060 if (!cpu->watchpoint_hit) {
568496c0
SF		 2061 if (wp->flags & BP_CPU &&
2062 !cc->debug_check_watchpoint(cpu, wp)) {
2063 wp->flags &= ~BP_WATCHPOINT_HIT;
2064 continue;
2065 }
ff4700b0 2066 cpu->watchpoint_hit = wp;
a5e99826
FK		 2067
2068 /* The tb_lock will be reset when cpu_loop_exit or
2069 * cpu_loop_exit_noexc longjmp back into the cpu_exec
2070 * main loop.
2071 */
2072 tb_lock();
239c51a5 2073 tb_check_watchpoint(cpu);
6e140f28 2074 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2075 cpu->exception_index = EXCP_DEBUG;
5638d180 2076 cpu_loop_exit(cpu);
6e140f28
AL		 2077 } else {
2078 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2079 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2080 cpu_loop_exit_noexc(cpu);
6e140f28 2081 }
06d55cc1 2082 }
6e140f28
AL		 2083 } else {
2084 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2085 }
2086 }
2087}
2088
6658ffb8
PB		 2089/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2090 so these check for a hit then pass through to the normal out-of-line
2091 phys routines. */
66b9b43c
PM		 2092static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2093 unsigned size, MemTxAttrs attrs)
6658ffb8 2094{
66b9b43c
PM		 2095 MemTxResult res;
2096 uint64_t data;
79ed0416
PM		 2097 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2098 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2099
2100 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2101 switch (size) {
66b9b43c 2102 case 1:
79ed0416 2103 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2104 break;
2105 case 2:
79ed0416 2106 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2107 break;
2108 case 4:
79ed0416 2109 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2110 break;
1ec9b909
AK		 2111 default: abort();
2112 }
66b9b43c
PM		 2113 *pdata = data;
2114 return res;
6658ffb8
PB		 2115}
2116
66b9b43c
PM		 2117static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2118 uint64_t val, unsigned size,
2119 MemTxAttrs attrs)
6658ffb8 2120{
66b9b43c 2121 MemTxResult res;
79ed0416
PM		 2122 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2123 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2124
2125 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2126 switch (size) {
67364150 2127 case 1:
79ed0416 2128 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2129 break;
2130 case 2:
79ed0416 2131 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2132 break;
2133 case 4:
79ed0416 2134 address_space_stl(as, addr, val, attrs, &res);
67364150 2135 break;
1ec9b909
AK		 2136 default: abort();
2137 }
66b9b43c 2138 return res;
6658ffb8
PB		 2139}
2140
1ec9b909 2141static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2142 .read_with_attrs = watch_mem_read,
2143 .write_with_attrs = watch_mem_write,
1ec9b909 2144 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2145};
6658ffb8 2146
f25a49e0
PM		 2147static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2148 unsigned len, MemTxAttrs attrs)
db7b5426 2149{
acc9d80b 2150 subpage_t *subpage = opaque;
ff6cff75 2151 uint8_t buf[8];
5c9eb028 2152 MemTxResult res;
791af8c8 2153
db7b5426 2154#if defined(DEBUG_SUBPAGE)
016e9d62 2155 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2156 subpage, len, addr);
db7b5426 2157#endif
5c9eb028
PM		 2158 res = address_space_read(subpage->as, addr + subpage->base,
2159 attrs, buf, len);
2160 if (res) {
2161 return res;
f25a49e0 2162 }
acc9d80b
JK		 2163 switch (len) {
2164 case 1:
f25a49e0
PM		 2165 *data = ldub_p(buf);
2166 return MEMTX_OK;
acc9d80b 2167 case 2:
f25a49e0
PM		 2168 *data = lduw_p(buf);
2169 return MEMTX_OK;
acc9d80b 2170 case 4:
f25a49e0
PM		 2171 *data = ldl_p(buf);
2172 return MEMTX_OK;
ff6cff75 2173 case 8:
f25a49e0
PM		 2174 *data = ldq_p(buf);
2175 return MEMTX_OK;
acc9d80b
JK		 2176 default:
2177 abort();
2178 }
db7b5426
BS		 2179}
2180
f25a49e0
PM		 2181static MemTxResult subpage_write(void *opaque, hwaddr addr,
2182 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2183{
acc9d80b 2184 subpage_t *subpage = opaque;
ff6cff75 2185 uint8_t buf[8];
acc9d80b 2186
db7b5426 2187#if defined(DEBUG_SUBPAGE)
016e9d62 2188 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2189 " value %"PRIx64"\n",
2190 __func__, subpage, len, addr, value);
db7b5426 2191#endif
acc9d80b
JK		 2192 switch (len) {
2193 case 1:
2194 stb_p(buf, value);
2195 break;
2196 case 2:
2197 stw_p(buf, value);
2198 break;
2199 case 4:
2200 stl_p(buf, value);
2201 break;
ff6cff75
PB		 2202 case 8:
2203 stq_p(buf, value);
2204 break;
acc9d80b
JK		 2205 default:
2206 abort();
2207 }
5c9eb028
PM		 2208 return address_space_write(subpage->as, addr + subpage->base,
2209 attrs, buf, len);
db7b5426
BS		 2210}
2211
c353e4cc 2212static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2213 unsigned len, bool is_write)
c353e4cc 2214{
acc9d80b 2215 subpage_t *subpage = opaque;
c353e4cc 2216#if defined(DEBUG_SUBPAGE)
016e9d62 2217 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2218 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2219#endif
2220
acc9d80b 2221 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2222 len, is_write);
c353e4cc
PB		 2223}
2224
70c68e44 2225static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2226 .read_with_attrs = subpage_read,
2227 .write_with_attrs = subpage_write,
ff6cff75
PB		 2228 .impl.min_access_size = 1,
2229 .impl.max_access_size = 8,
2230 .valid.min_access_size = 1,
2231 .valid.max_access_size = 8,
c353e4cc 2232 .valid.accepts = subpage_accepts,
70c68e44 2233 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2234};
2235
c227f099 2236static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2237 uint16_t section)
db7b5426
BS		 2238{
2239 int idx, eidx;
2240
2241 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2242 return -1;
2243 idx = SUBPAGE_IDX(start);
2244 eidx = SUBPAGE_IDX(end);
2245#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2246 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2247 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2248#endif
db7b5426 2249 for (; idx <= eidx; idx++) {
5312bd8b 2250 mmio->sub_section[idx] = section;
db7b5426
BS		 2251 }
2252
2253 return 0;
2254}
2255
acc9d80b 2256static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2257{
c227f099 2258 subpage_t *mmio;
db7b5426 2259
2615fabd 2260 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
acc9d80b 2261 mmio->as = as;
1eec614b 2262 mmio->base = base;
2c9b15ca 2263 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2264 NULL, TARGET_PAGE_SIZE);
b3b00c78 2265 mmio->iomem.subpage = true;
db7b5426 2266#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2267 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2268 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2269#endif
b41aac4f 2270 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2271
2272 return mmio;
2273}
2274
a656e22f
PC		 2275static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2276 MemoryRegion *mr)
5312bd8b 2277{
a656e22f 2278 assert(as);
5312bd8b 2279 MemoryRegionSection section = {
a656e22f 2280 .address_space = as,
5312bd8b
AK		 2281 .mr = mr,
2282 .offset_within_address_space = 0,
2283 .offset_within_region = 0,
052e87b0 2284 .size = int128_2_64(),
5312bd8b
AK		 2285 };
2286
53cb28cb 2287 return phys_section_add(map, &section);
5312bd8b
AK		 2288}
2289
a54c87b6 2290MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2291{
a54c87b6
PM		 2292 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2293 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2294 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2295 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2296
2297 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2298}
2299
e9179ce1
AK		 2300static void io_mem_init(void)
2301{
1f6245e5 2302 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2303 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2304 NULL, UINT64_MAX);
2c9b15ca 2305 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2306 NULL, UINT64_MAX);
2c9b15ca 2307 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2308 NULL, UINT64_MAX);
e9179ce1
AK		 2309}
2310
ac1970fb 2311static void mem_begin(MemoryListener *listener)
00752703
PB		 2312{
2313 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2314 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2315 uint16_t n;
2316
a656e22f 2317 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2318 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2319 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2320 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2321 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2322 assert(n == PHYS_SECTION_ROM);
a656e22f 2323 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2324 assert(n == PHYS_SECTION_WATCH);
00752703 2325
9736e55b 2326 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2327 d->as = as;
2328 as->next_dispatch = d;
2329}
2330
79e2b9ae
PB		 2331static void address_space_dispatch_free(AddressSpaceDispatch *d)
2332{
2333 phys_sections_free(&d->map);
2334 g_free(d);
2335}
2336
00752703 2337static void mem_commit(MemoryListener *listener)
ac1970fb 2338{
89ae337a 2339 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2340 AddressSpaceDispatch *cur = as->dispatch;
2341 AddressSpaceDispatch *next = as->next_dispatch;
2342
53cb28cb 2343 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2344
79e2b9ae 2345 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2346 if (cur) {
79e2b9ae 2347 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2348 }
9affd6fc
PB		 2349}
2350
1d71148e 2351static void tcg_commit(MemoryListener *listener)
50c1e149 2352{
32857f4d
PM		 2353 CPUAddressSpace *cpuas;
2354 AddressSpaceDispatch *d;
117712c3
AK		 2355
2356 /* since each CPU stores ram addresses in its TLB cache, we must
2357 reset the modified entries */
32857f4d
PM		 2358 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2359 cpu_reloading_memory_map();
2360 /* The CPU and TLB are protected by the iothread lock.
2361 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2362 * may have split the RCU critical section.
2363 */
2364 d = atomic_rcu_read(&cpuas->as->dispatch);
2365 cpuas->memory_dispatch = d;
2366 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2367}
2368
ac1970fb
AK		 2369void address_space_init_dispatch(AddressSpace *as)
2370{
00752703 2371 as->dispatch = NULL;
89ae337a 2372 as->dispatch_listener = (MemoryListener) {
ac1970fb 2373 .begin = mem_begin,
00752703 2374 .commit = mem_commit,
ac1970fb
AK		 2375 .region_add = mem_add,
2376 .region_nop = mem_add,
2377 .priority = 0,
2378 };
89ae337a 2379 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2380}
2381
6e48e8f9
PB		 2382void address_space_unregister(AddressSpace *as)
2383{
2384 memory_listener_unregister(&as->dispatch_listener);
2385}
2386
83f3c251
AK		 2387void address_space_destroy_dispatch(AddressSpace *as)
2388{
2389 AddressSpaceDispatch *d = as->dispatch;
2390
79e2b9ae
PB		 2391 atomic_rcu_set(&as->dispatch, NULL);
2392 if (d) {
2393 call_rcu(d, address_space_dispatch_free, rcu);
2394 }
83f3c251
AK		 2395}
2396
62152b8a
AK		 2397static void memory_map_init(void)
2398{
7267c094 2399 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2400
57271d63 2401 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2402 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2403
7267c094 2404 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2405 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2406 65536);
7dca8043 2407 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2408}
2409
2410MemoryRegion *get_system_memory(void)
2411{
2412 return system_memory;
2413}
2414
309cb471
AK		 2415MemoryRegion *get_system_io(void)
2416{
2417 return system_io;
2418}
2419
e2eef170
PB		 2420#endif /* !defined(CONFIG_USER_ONLY) */
2421
13eb76e0
FB		 2422/* physical memory access (slow version, mainly for debug) */
2423#if defined(CONFIG_USER_ONLY)
f17ec444 2424int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2425 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2426{
2427 int l, flags;
2428 target_ulong page;
53a5960a 2429 void * p;
13eb76e0
FB		 2430
2431 while (len > 0) {
2432 page = addr & TARGET_PAGE_MASK;
2433 l = (page + TARGET_PAGE_SIZE) - addr;
2434 if (l > len)
2435 l = len;
2436 flags = page_get_flags(page);
2437 if (!(flags & PAGE_VALID))
a68fe89c 2438 return -1;
13eb76e0
FB		 2439 if (is_write) {
2440 if (!(flags & PAGE_WRITE))
a68fe89c 2441 return -1;
579a97f7 2442 /* XXX: this code should not depend on lock_user */
72fb7daa 2443 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2444 return -1;
72fb7daa
AJ		 2445 memcpy(p, buf, l);
2446 unlock_user(p, addr, l);
13eb76e0
FB		 2447 } else {
2448 if (!(flags & PAGE_READ))
a68fe89c 2449 return -1;
579a97f7 2450 /* XXX: this code should not depend on lock_user */
72fb7daa 2451 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2452 return -1;
72fb7daa 2453 memcpy(buf, p, l);
5b257578 2454 unlock_user(p, addr, 0);
13eb76e0
FB		 2455 }
2456 len -= l;
2457 buf += l;
2458 addr += l;
2459 }
a68fe89c 2460 return 0;
13eb76e0 2461}
8df1cd07 2462
13eb76e0 2463#else
51d7a9eb 2464
845b6214 2465static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2466 hwaddr length)
51d7a9eb 2467{
e87f7778 2468 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2469 addr += memory_region_get_ram_addr(mr);
2470
e87f7778
PB		 2471 /* No early return if dirty_log_mask is or becomes 0, because
2472 * cpu_physical_memory_set_dirty_range will still call
2473 * xen_modified_memory.
2474 */
2475 if (dirty_log_mask) {
2476 dirty_log_mask =
2477 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2478 }
2479 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2480 tb_invalidate_phys_range(addr, addr + length);
2481 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2482 }
e87f7778 2483 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2484}
2485
23326164 2486static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2487{
e1622f4b 2488 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2489
2490 /* Regions are assumed to support 1-4 byte accesses unless
2491 otherwise specified. */
23326164
RH		 2492 if (access_size_max == 0) {
2493 access_size_max = 4;
2494 }
2495
2496 /* Bound the maximum access by the alignment of the address. */
2497 if (!mr->ops->impl.unaligned) {
2498 unsigned align_size_max = addr & -addr;
2499 if (align_size_max != 0 && align_size_max < access_size_max) {
2500 access_size_max = align_size_max;
2501 }
82f2563f 2502 }
23326164
RH		 2503
2504 /* Don't attempt accesses larger than the maximum. */
2505 if (l > access_size_max) {
2506 l = access_size_max;
82f2563f 2507 }
6554f5c0 2508 l = pow2floor(l);
23326164
RH		 2509
2510 return l;
82f2563f
PB		 2511}
2512
4840f10e 2513static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2514{
4840f10e
JK		 2515 bool unlocked = !qemu_mutex_iothread_locked();
2516 bool release_lock = false;
2517
2518 if (unlocked && mr->global_locking) {
2519 qemu_mutex_lock_iothread();
2520 unlocked = false;
2521 release_lock = true;
2522 }
125b3806 2523 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2524 if (unlocked) {
2525 qemu_mutex_lock_iothread();
2526 }
125b3806 2527 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2528 if (unlocked) {
2529 qemu_mutex_unlock_iothread();
2530 }
125b3806 2531 }
4840f10e
JK		 2532
2533 return release_lock;
125b3806
PB		 2534}
2535
a203ac70
PB		 2536/* Called within RCU critical section. */
2537static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2538 MemTxAttrs attrs,
2539 const uint8_t *buf,
2540 int len, hwaddr addr1,
2541 hwaddr l, MemoryRegion *mr)
13eb76e0 2542{
13eb76e0 2543 uint8_t *ptr;
791af8c8 2544 uint64_t val;
3b643495 2545 MemTxResult result = MEMTX_OK;
4840f10e 2546 bool release_lock = false;
3b46e624 2547
a203ac70 2548 for (;;) {
eb7eeb88
PB		 2549 if (!memory_access_is_direct(mr, true)) {
2550 release_lock |= prepare_mmio_access(mr);
2551 l = memory_access_size(mr, l, addr1);
2552 /* XXX: could force current_cpu to NULL to avoid
2553 potential bugs */
2554 switch (l) {
2555 case 8:
2556 /* 64 bit write access */
2557 val = ldq_p(buf);
2558 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2559 attrs);
2560 break;
2561 case 4:
2562 /* 32 bit write access */
2563 val = ldl_p(buf);
2564 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2565 attrs);
2566 break;
2567 case 2:
2568 /* 16 bit write access */
2569 val = lduw_p(buf);
2570 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2571 attrs);
2572 break;
2573 case 1:
2574 /* 8 bit write access */
2575 val = ldub_p(buf);
2576 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2577 attrs);
2578 break;
2579 default:
2580 abort();
13eb76e0
FB		 2581 }
2582 } else {
eb7eeb88 2583 /* RAM case */
0878d0e1 2584 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2585 memcpy(ptr, buf, l);
2586 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2587 }
4840f10e
JK		 2588
2589 if (release_lock) {
2590 qemu_mutex_unlock_iothread();
2591 release_lock = false;
2592 }
2593
13eb76e0
FB		 2594 len -= l;
2595 buf += l;
2596 addr += l;
a203ac70
PB		 2597
2598 if (!len) {
2599 break;
2600 }
2601
2602 l = len;
2603 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2604 }
fd8aaa76 2605
3b643495 2606 return result;
13eb76e0 2607}
8df1cd07 2608
a203ac70
PB		 2609MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2610 const uint8_t *buf, int len)
ac1970fb 2611{
eb7eeb88 2612 hwaddr l;
eb7eeb88
PB		 2613 hwaddr addr1;
2614 MemoryRegion *mr;
2615 MemTxResult result = MEMTX_OK;
eb7eeb88 2616
a203ac70
PB		 2617 if (len > 0) {
2618 rcu_read_lock();
eb7eeb88 2619 l = len;
a203ac70
PB		 2620 mr = address_space_translate(as, addr, &addr1, &l, true);
2621 result = address_space_write_continue(as, addr, attrs, buf, len,
2622 addr1, l, mr);
2623 rcu_read_unlock();
2624 }
2625
2626 return result;
2627}
2628
2629/* Called within RCU critical section. */
2630MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2631 MemTxAttrs attrs, uint8_t *buf,
2632 int len, hwaddr addr1, hwaddr l,
2633 MemoryRegion *mr)
2634{
2635 uint8_t *ptr;
2636 uint64_t val;
2637 MemTxResult result = MEMTX_OK;
2638 bool release_lock = false;
eb7eeb88 2639
a203ac70 2640 for (;;) {
eb7eeb88
PB		 2641 if (!memory_access_is_direct(mr, false)) {
2642 /* I/O case */
2643 release_lock |= prepare_mmio_access(mr);
2644 l = memory_access_size(mr, l, addr1);
2645 switch (l) {
2646 case 8:
2647 /* 64 bit read access */
2648 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2649 attrs);
2650 stq_p(buf, val);
2651 break;
2652 case 4:
2653 /* 32 bit read access */
2654 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2655 attrs);
2656 stl_p(buf, val);
2657 break;
2658 case 2:
2659 /* 16 bit read access */
2660 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2661 attrs);
2662 stw_p(buf, val);
2663 break;
2664 case 1:
2665 /* 8 bit read access */
2666 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2667 attrs);
2668 stb_p(buf, val);
2669 break;
2670 default:
2671 abort();
2672 }
2673 } else {
2674 /* RAM case */
0878d0e1 2675 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2676 memcpy(buf, ptr, l);
2677 }
2678
2679 if (release_lock) {
2680 qemu_mutex_unlock_iothread();
2681 release_lock = false;
2682 }
2683
2684 len -= l;
2685 buf += l;
2686 addr += l;
a203ac70
PB		 2687
2688 if (!len) {
2689 break;
2690 }
2691
2692 l = len;
2693 mr = address_space_translate(as, addr, &addr1, &l, false);
2694 }
2695
2696 return result;
2697}
2698
3cc8f884
PB		 2699MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2700 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2701{
2702 hwaddr l;
2703 hwaddr addr1;
2704 MemoryRegion *mr;
2705 MemTxResult result = MEMTX_OK;
2706
2707 if (len > 0) {
2708 rcu_read_lock();
2709 l = len;
2710 mr = address_space_translate(as, addr, &addr1, &l, false);
2711 result = address_space_read_continue(as, addr, attrs, buf, len,
2712 addr1, l, mr);
2713 rcu_read_unlock();
eb7eeb88 2714 }
eb7eeb88
PB		 2715
2716 return result;
ac1970fb
AK		 2717}
2718
eb7eeb88
PB		 2719MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2720 uint8_t *buf, int len, bool is_write)
2721{
2722 if (is_write) {
2723 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2724 } else {
2725 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2726 }
2727}
ac1970fb 2728
a8170e5e 2729void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2730 int len, int is_write)
2731{
5c9eb028
PM		 2732 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2733 buf, len, is_write);
ac1970fb
AK		 2734}
2735
582b55a9
AG		 2736enum write_rom_type {
2737 WRITE_DATA,
2738 FLUSH_CACHE,
2739};
2740
2a221651 2741static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2742 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2743{
149f54b5 2744 hwaddr l;
d0ecd2aa 2745 uint8_t *ptr;
149f54b5 2746 hwaddr addr1;
5c8a00ce 2747 MemoryRegion *mr;
3b46e624 2748
41063e1e 2749 rcu_read_lock();
d0ecd2aa 2750 while (len > 0) {
149f54b5 2751 l = len;
2a221651 2752 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2753
5c8a00ce
PB		 2754 if (!(memory_region_is_ram(mr) ||
2755 memory_region_is_romd(mr))) {
b242e0e0 2756 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2757 } else {
d0ecd2aa 2758 /* ROM/RAM case */
0878d0e1 2759 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2760 switch (type) {
2761 case WRITE_DATA:
2762 memcpy(ptr, buf, l);
845b6214 2763 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2764 break;
2765 case FLUSH_CACHE:
2766 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2767 break;
2768 }
d0ecd2aa
FB		 2769 }
2770 len -= l;
2771 buf += l;
2772 addr += l;
2773 }
41063e1e 2774 rcu_read_unlock();
d0ecd2aa
FB		 2775}
2776
582b55a9 2777/* used for ROM loading : can write in RAM and ROM */
2a221651 2778void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2779 const uint8_t *buf, int len)
2780{
2a221651 2781 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2782}
2783
2784void cpu_flush_icache_range(hwaddr start, int len)
2785{
2786 /*
2787 * This function should do the same thing as an icache flush that was
2788 * triggered from within the guest. For TCG we are always cache coherent,
2789 * so there is no need to flush anything. For KVM / Xen we need to flush
2790 * the host's instruction cache at least.
2791 */
2792 if (tcg_enabled()) {
2793 return;
2794 }
2795
2a221651
EI		 2796 cpu_physical_memory_write_rom_internal(&address_space_memory,
2797 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2798}
2799
6d16c2f8 2800typedef struct {
d3e71559 2801 MemoryRegion *mr;
6d16c2f8 2802 void *buffer;
a8170e5e
AK		 2803 hwaddr addr;
2804 hwaddr len;
c2cba0ff 2805 bool in_use;
6d16c2f8
AL		 2806} BounceBuffer;
2807
2808static BounceBuffer bounce;
2809
ba223c29 2810typedef struct MapClient {
e95205e1 2811 QEMUBH *bh;
72cf2d4f 2812 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2813} MapClient;
2814
38e047b5 2815QemuMutex map_client_list_lock;
72cf2d4f
BS		 2816static QLIST_HEAD(map_client_list, MapClient) map_client_list
2817 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2818
e95205e1
FZ		 2819static void cpu_unregister_map_client_do(MapClient *client)
2820{
2821 QLIST_REMOVE(client, link);
2822 g_free(client);
2823}
2824
33b6c2ed
FZ		 2825static void cpu_notify_map_clients_locked(void)
2826{
2827 MapClient *client;
2828
2829 while (!QLIST_EMPTY(&map_client_list)) {
2830 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2831 qemu_bh_schedule(client->bh);
2832 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2833 }
2834}
2835
e95205e1 2836void cpu_register_map_client(QEMUBH *bh)
ba223c29 2837{
7267c094 2838 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2839
38e047b5 2840 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2841 client->bh = bh;
72cf2d4f 2842 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2843 if (!atomic_read(&bounce.in_use)) {
2844 cpu_notify_map_clients_locked();
2845 }
38e047b5 2846 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2847}
2848
38e047b5 2849void cpu_exec_init_all(void)
ba223c29 2850{
38e047b5 2851 qemu_mutex_init(&ram_list.mutex);
20bccb82
PM		 2852 /* The data structures we set up here depend on knowing the page size,
2853 * so no more changes can be made after this point.
2854 * In an ideal world, nothing we did before we had finished the
2855 * machine setup would care about the target page size, and we could
2856 * do this much later, rather than requiring board models to state
2857 * up front what their requirements are.
2858 */
2859 finalize_target_page_bits();
38e047b5 2860 io_mem_init();
680a4783 2861 memory_map_init();
38e047b5 2862 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2863}
2864
e95205e1 2865void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2866{
2867 MapClient *client;
2868
e95205e1
FZ		 2869 qemu_mutex_lock(&map_client_list_lock);
2870 QLIST_FOREACH(client, &map_client_list, link) {
2871 if (client->bh == bh) {
2872 cpu_unregister_map_client_do(client);
2873 break;
2874 }
ba223c29 2875 }
e95205e1 2876 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2877}
2878
2879static void cpu_notify_map_clients(void)
2880{
38e047b5 2881 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2882 cpu_notify_map_clients_locked();
38e047b5 2883 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2884}
2885
51644ab7
PB		 2886bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2887{
5c8a00ce 2888 MemoryRegion *mr;
51644ab7
PB		 2889 hwaddr l, xlat;
2890
41063e1e 2891 rcu_read_lock();
51644ab7
PB		 2892 while (len > 0) {
2893 l = len;
5c8a00ce
PB		 2894 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2895 if (!memory_access_is_direct(mr, is_write)) {
2896 l = memory_access_size(mr, l, addr);
2897 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2898 return false;
2899 }
2900 }
2901
2902 len -= l;
2903 addr += l;
2904 }
41063e1e 2905 rcu_read_unlock();
51644ab7
PB		 2906 return true;
2907}
2908
6d16c2f8
AL		 2909/* Map a physical memory region into a host virtual address.
2910 * May map a subset of the requested range, given by and returned in *plen.
2911 * May return NULL if resources needed to perform the mapping are exhausted.
2912 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2913 * Use cpu_register_map_client() to know when retrying the map operation is
2914 * likely to succeed.
6d16c2f8 2915 */
ac1970fb 2916void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2917 hwaddr addr,
2918 hwaddr *plen,
ac1970fb 2919 bool is_write)
6d16c2f8 2920{
a8170e5e 2921 hwaddr len = *plen;
e3127ae0
PB		 2922 hwaddr done = 0;
2923 hwaddr l, xlat, base;
2924 MemoryRegion *mr, *this_mr;
e81bcda5 2925 void *ptr;
6d16c2f8 2926
e3127ae0
PB		 2927 if (len == 0) {
2928 return NULL;
2929 }
38bee5dc 2930
e3127ae0 2931 l = len;
41063e1e 2932 rcu_read_lock();
e3127ae0 2933 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2934
e3127ae0 2935 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2936 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2937 rcu_read_unlock();
e3127ae0 2938 return NULL;
6d16c2f8 2939 }
e85d9db5
KW		 2940 /* Avoid unbounded allocations */
2941 l = MIN(l, TARGET_PAGE_SIZE);
2942 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2943 bounce.addr = addr;
2944 bounce.len = l;
d3e71559
PB		 2945
2946 memory_region_ref(mr);
2947 bounce.mr = mr;
e3127ae0 2948 if (!is_write) {
5c9eb028
PM		 2949 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2950 bounce.buffer, l);
8ab934f9 2951 }
6d16c2f8 2952
41063e1e 2953 rcu_read_unlock();
e3127ae0
PB		 2954 *plen = l;
2955 return bounce.buffer;
2956 }
2957
2958 base = xlat;
e3127ae0
PB		 2959
2960 for (;;) {
6d16c2f8
AL		 2961 len -= l;
2962 addr += l;
e3127ae0
PB		 2963 done += l;
2964 if (len == 0) {
2965 break;
2966 }
2967
2968 l = len;
2969 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2970 if (this_mr != mr || xlat != base + done) {
2971 break;
2972 }
6d16c2f8 2973 }
e3127ae0 2974
d3e71559 2975 memory_region_ref(mr);
e3127ae0 2976 *plen = done;
0878d0e1 2977 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2978 rcu_read_unlock();
2979
2980 return ptr;
6d16c2f8
AL		 2981}
2982
ac1970fb 2983/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2984 * Will also mark the memory as dirty if is_write == 1. access_len gives
2985 * the amount of memory that was actually read or written by the caller.
2986 */
a8170e5e
AK		 2987void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2988 int is_write, hwaddr access_len)
6d16c2f8
AL		 2989{
2990 if (buffer != bounce.buffer) {
d3e71559
PB		 2991 MemoryRegion *mr;
2992 ram_addr_t addr1;
2993
07bdaa41 2994 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2995 assert(mr != NULL);
6d16c2f8 2996 if (is_write) {
845b6214 2997 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2998 }
868bb33f 2999 if (xen_enabled()) {
e41d7c69 3000 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3001 }
d3e71559 3002 memory_region_unref(mr);
6d16c2f8
AL		 3003 return;
3004 }
3005 if (is_write) {
5c9eb028
PM		 3006 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3007 bounce.buffer, access_len);
6d16c2f8 3008 }
f8a83245 3009 qemu_vfree(bounce.buffer);
6d16c2f8 3010 bounce.buffer = NULL;
d3e71559 3011 memory_region_unref(bounce.mr);
c2cba0ff 3012 atomic_mb_set(&bounce.in_use, false);
ba223c29 3013 cpu_notify_map_clients();
6d16c2f8 3014}
d0ecd2aa 3015
a8170e5e
AK		 3016void *cpu_physical_memory_map(hwaddr addr,
3017 hwaddr *plen,
ac1970fb
AK		 3018 int is_write)
3019{
3020 return address_space_map(&address_space_memory, addr, plen, is_write);
3021}
3022
a8170e5e
AK		 3023void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3024 int is_write, hwaddr access_len)
ac1970fb
AK		 3025{
3026 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3027}
3028
8df1cd07 3029/* warning: addr must be aligned */
50013115
PM		 3030static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs,
3032 MemTxResult *result,
3033 enum device_endian endian)
8df1cd07 3034{
8df1cd07 3035 uint8_t *ptr;
791af8c8 3036 uint64_t val;
5c8a00ce 3037 MemoryRegion *mr;
149f54b5
PB		 3038 hwaddr l = 4;
3039 hwaddr addr1;
50013115 3040 MemTxResult r;
4840f10e 3041 bool release_lock = false;
8df1cd07 3042
41063e1e 3043 rcu_read_lock();
fdfba1a2 3044 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3045 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3046 release_lock |= prepare_mmio_access(mr);
125b3806 3047
8df1cd07 3048 /* I/O case */
50013115 3049 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3050#if defined(TARGET_WORDS_BIGENDIAN)
3051 if (endian == DEVICE_LITTLE_ENDIAN) {
3052 val = bswap32(val);
3053 }
3054#else
3055 if (endian == DEVICE_BIG_ENDIAN) {
3056 val = bswap32(val);
3057 }
3058#endif
8df1cd07
FB		 3059 } else {
3060 /* RAM case */
0878d0e1 3061 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3062 switch (endian) {
3063 case DEVICE_LITTLE_ENDIAN:
3064 val = ldl_le_p(ptr);
3065 break;
3066 case DEVICE_BIG_ENDIAN:
3067 val = ldl_be_p(ptr);
3068 break;
3069 default:
3070 val = ldl_p(ptr);
3071 break;
3072 }
50013115
PM		 3073 r = MEMTX_OK;
3074 }
3075 if (result) {
3076 *result = r;
8df1cd07 3077 }
4840f10e
JK		 3078 if (release_lock) {
3079 qemu_mutex_unlock_iothread();
3080 }
41063e1e 3081 rcu_read_unlock();
8df1cd07
FB		 3082 return val;
3083}
3084
50013115
PM		 3085uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3086 MemTxAttrs attrs, MemTxResult *result)
3087{
3088 return address_space_ldl_internal(as, addr, attrs, result,
3089 DEVICE_NATIVE_ENDIAN);
3090}
3091
3092uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3093 MemTxAttrs attrs, MemTxResult *result)
3094{
3095 return address_space_ldl_internal(as, addr, attrs, result,
3096 DEVICE_LITTLE_ENDIAN);
3097}
3098
3099uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3100 MemTxAttrs attrs, MemTxResult *result)
3101{
3102 return address_space_ldl_internal(as, addr, attrs, result,
3103 DEVICE_BIG_ENDIAN);
3104}
3105
fdfba1a2 3106uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3107{
50013115 3108 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3109}
3110
fdfba1a2 3111uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3112{
50013115 3113 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3114}
3115
fdfba1a2 3116uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3117{
50013115 3118 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3119}
3120
84b7b8e7 3121/* warning: addr must be aligned */
50013115
PM		 3122static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs,
3124 MemTxResult *result,
3125 enum device_endian endian)
84b7b8e7 3126{
84b7b8e7
FB		 3127 uint8_t *ptr;
3128 uint64_t val;
5c8a00ce 3129 MemoryRegion *mr;
149f54b5
PB		 3130 hwaddr l = 8;
3131 hwaddr addr1;
50013115 3132 MemTxResult r;
4840f10e 3133 bool release_lock = false;
84b7b8e7 3134
41063e1e 3135 rcu_read_lock();
2c17449b 3136 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3137 false);
3138 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3139 release_lock |= prepare_mmio_access(mr);
125b3806 3140
84b7b8e7 3141 /* I/O case */
50013115 3142 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3143#if defined(TARGET_WORDS_BIGENDIAN)
3144 if (endian == DEVICE_LITTLE_ENDIAN) {
3145 val = bswap64(val);
3146 }
3147#else
3148 if (endian == DEVICE_BIG_ENDIAN) {
3149 val = bswap64(val);
3150 }
84b7b8e7
FB		 3151#endif
3152 } else {
3153 /* RAM case */
0878d0e1 3154 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3155 switch (endian) {
3156 case DEVICE_LITTLE_ENDIAN:
3157 val = ldq_le_p(ptr);
3158 break;
3159 case DEVICE_BIG_ENDIAN:
3160 val = ldq_be_p(ptr);
3161 break;
3162 default:
3163 val = ldq_p(ptr);
3164 break;
3165 }
50013115
PM		 3166 r = MEMTX_OK;
3167 }
3168 if (result) {
3169 *result = r;
84b7b8e7 3170 }
4840f10e
JK		 3171 if (release_lock) {
3172 qemu_mutex_unlock_iothread();
3173 }
41063e1e 3174 rcu_read_unlock();
84b7b8e7
FB		 3175 return val;
3176}
3177
50013115
PM		 3178uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3179 MemTxAttrs attrs, MemTxResult *result)
3180{
3181 return address_space_ldq_internal(as, addr, attrs, result,
3182 DEVICE_NATIVE_ENDIAN);
3183}
3184
3185uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3186 MemTxAttrs attrs, MemTxResult *result)
3187{
3188 return address_space_ldq_internal(as, addr, attrs, result,
3189 DEVICE_LITTLE_ENDIAN);
3190}
3191
3192uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3193 MemTxAttrs attrs, MemTxResult *result)
3194{
3195 return address_space_ldq_internal(as, addr, attrs, result,
3196 DEVICE_BIG_ENDIAN);
3197}
3198
2c17449b 3199uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3200{
50013115 3201 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3202}
3203
2c17449b 3204uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3205{
50013115 3206 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3207}
3208
2c17449b 3209uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3210{
50013115 3211 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3212}
3213
aab33094 3214/* XXX: optimize */
50013115
PM		 3215uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3216 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3217{
3218 uint8_t val;
50013115
PM		 3219 MemTxResult r;
3220
3221 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3222 if (result) {
3223 *result = r;
3224 }
aab33094
FB		 3225 return val;
3226}
3227
50013115
PM		 3228uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3229{
3230 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3231}
3232
733f0b02 3233/* warning: addr must be aligned */
50013115
PM		 3234static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3235 hwaddr addr,
3236 MemTxAttrs attrs,
3237 MemTxResult *result,
3238 enum device_endian endian)
aab33094 3239{
733f0b02
MT		 3240 uint8_t *ptr;
3241 uint64_t val;
5c8a00ce 3242 MemoryRegion *mr;
149f54b5
PB		 3243 hwaddr l = 2;
3244 hwaddr addr1;
50013115 3245 MemTxResult r;
4840f10e 3246 bool release_lock = false;
733f0b02 3247
41063e1e 3248 rcu_read_lock();
41701aa4 3249 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3250 false);
3251 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3252 release_lock |= prepare_mmio_access(mr);
125b3806 3253
733f0b02 3254 /* I/O case */
50013115 3255 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3256#if defined(TARGET_WORDS_BIGENDIAN)
3257 if (endian == DEVICE_LITTLE_ENDIAN) {
3258 val = bswap16(val);
3259 }
3260#else
3261 if (endian == DEVICE_BIG_ENDIAN) {
3262 val = bswap16(val);
3263 }
3264#endif
733f0b02
MT		 3265 } else {
3266 /* RAM case */
0878d0e1 3267 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3268 switch (endian) {
3269 case DEVICE_LITTLE_ENDIAN:
3270 val = lduw_le_p(ptr);
3271 break;
3272 case DEVICE_BIG_ENDIAN:
3273 val = lduw_be_p(ptr);
3274 break;
3275 default:
3276 val = lduw_p(ptr);
3277 break;
3278 }
50013115
PM		 3279 r = MEMTX_OK;
3280 }
3281 if (result) {
3282 *result = r;
733f0b02 3283 }
4840f10e
JK		 3284 if (release_lock) {
3285 qemu_mutex_unlock_iothread();
3286 }
41063e1e 3287 rcu_read_unlock();
733f0b02 3288 return val;
aab33094
FB		 3289}
3290
50013115
PM		 3291uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3292 MemTxAttrs attrs, MemTxResult *result)
3293{
3294 return address_space_lduw_internal(as, addr, attrs, result,
3295 DEVICE_NATIVE_ENDIAN);
3296}
3297
3298uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3299 MemTxAttrs attrs, MemTxResult *result)
3300{
3301 return address_space_lduw_internal(as, addr, attrs, result,
3302 DEVICE_LITTLE_ENDIAN);
3303}
3304
3305uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3306 MemTxAttrs attrs, MemTxResult *result)
3307{
3308 return address_space_lduw_internal(as, addr, attrs, result,
3309 DEVICE_BIG_ENDIAN);
3310}
3311
41701aa4 3312uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3313{
50013115 3314 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3315}
3316
41701aa4 3317uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3318{
50013115 3319 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3320}
3321
41701aa4 3322uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3323{
50013115 3324 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3325}
3326
8df1cd07
FB		 3327/* warning: addr must be aligned. The ram page is not masked as dirty
3328 and the code inside is not invalidated. It is useful if the dirty
3329 bits are used to track modified PTEs */
50013115
PM		 3330void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3331 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3332{
8df1cd07 3333 uint8_t *ptr;
5c8a00ce 3334 MemoryRegion *mr;
149f54b5
PB		 3335 hwaddr l = 4;
3336 hwaddr addr1;
50013115 3337 MemTxResult r;
845b6214 3338 uint8_t dirty_log_mask;
4840f10e 3339 bool release_lock = false;
8df1cd07 3340
41063e1e 3341 rcu_read_lock();
2198a121 3342 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3343 true);
3344 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3345 release_lock |= prepare_mmio_access(mr);
125b3806 3346
50013115 3347 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3348 } else {
0878d0e1 3349 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3350 stl_p(ptr, val);
74576198 3351
845b6214
PB		 3352 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3353 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3354 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3355 4, dirty_log_mask);
50013115
PM		 3356 r = MEMTX_OK;
3357 }
3358 if (result) {
3359 *result = r;
8df1cd07 3360 }
4840f10e
JK		 3361 if (release_lock) {
3362 qemu_mutex_unlock_iothread();
3363 }
41063e1e 3364 rcu_read_unlock();
8df1cd07
FB		 3365}
3366
50013115
PM		 3367void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3368{
3369 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3370}
3371
8df1cd07 3372/* warning: addr must be aligned */
50013115
PM		 3373static inline void address_space_stl_internal(AddressSpace *as,
3374 hwaddr addr, uint32_t val,
3375 MemTxAttrs attrs,
3376 MemTxResult *result,
3377 enum device_endian endian)
8df1cd07 3378{
8df1cd07 3379 uint8_t *ptr;
5c8a00ce 3380 MemoryRegion *mr;
149f54b5
PB		 3381 hwaddr l = 4;
3382 hwaddr addr1;
50013115 3383 MemTxResult r;
4840f10e 3384 bool release_lock = false;
8df1cd07 3385
41063e1e 3386 rcu_read_lock();
ab1da857 3387 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3388 true);
3389 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3390 release_lock |= prepare_mmio_access(mr);
125b3806 3391
1e78bcc1
AG		 3392#if defined(TARGET_WORDS_BIGENDIAN)
3393 if (endian == DEVICE_LITTLE_ENDIAN) {
3394 val = bswap32(val);
3395 }
3396#else
3397 if (endian == DEVICE_BIG_ENDIAN) {
3398 val = bswap32(val);
3399 }
3400#endif
50013115 3401 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3402 } else {
8df1cd07 3403 /* RAM case */
0878d0e1 3404 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3405 switch (endian) {
3406 case DEVICE_LITTLE_ENDIAN:
3407 stl_le_p(ptr, val);
3408 break;
3409 case DEVICE_BIG_ENDIAN:
3410 stl_be_p(ptr, val);
3411 break;
3412 default:
3413 stl_p(ptr, val);
3414 break;
3415 }
845b6214 3416 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3417 r = MEMTX_OK;
3418 }
3419 if (result) {
3420 *result = r;
8df1cd07 3421 }
4840f10e
JK		 3422 if (release_lock) {
3423 qemu_mutex_unlock_iothread();
3424 }
41063e1e 3425 rcu_read_unlock();
8df1cd07
FB		 3426}
3427
50013115
PM		 3428void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3429 MemTxAttrs attrs, MemTxResult *result)
3430{
3431 address_space_stl_internal(as, addr, val, attrs, result,
3432 DEVICE_NATIVE_ENDIAN);
3433}
3434
3435void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3436 MemTxAttrs attrs, MemTxResult *result)
3437{
3438 address_space_stl_internal(as, addr, val, attrs, result,
3439 DEVICE_LITTLE_ENDIAN);
3440}
3441
3442void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3443 MemTxAttrs attrs, MemTxResult *result)
3444{
3445 address_space_stl_internal(as, addr, val, attrs, result,
3446 DEVICE_BIG_ENDIAN);
3447}
3448
ab1da857 3449void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3450{
50013115 3451 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3452}
3453
ab1da857 3454void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3455{
50013115 3456 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3457}
3458
ab1da857 3459void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3460{
50013115 3461 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3462}
3463
aab33094 3464/* XXX: optimize */
50013115
PM		 3465void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3467{
3468 uint8_t v = val;
50013115
PM		 3469 MemTxResult r;
3470
3471 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3472 if (result) {
3473 *result = r;
3474 }
3475}
3476
3477void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3478{
3479 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3480}
3481
733f0b02 3482/* warning: addr must be aligned */
50013115
PM		 3483static inline void address_space_stw_internal(AddressSpace *as,
3484 hwaddr addr, uint32_t val,
3485 MemTxAttrs attrs,
3486 MemTxResult *result,
3487 enum device_endian endian)
aab33094 3488{
733f0b02 3489 uint8_t *ptr;
5c8a00ce 3490 MemoryRegion *mr;
149f54b5
PB		 3491 hwaddr l = 2;
3492 hwaddr addr1;
50013115 3493 MemTxResult r;
4840f10e 3494 bool release_lock = false;
733f0b02 3495
41063e1e 3496 rcu_read_lock();
5ce5944d 3497 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3498 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3499 release_lock |= prepare_mmio_access(mr);
125b3806 3500
1e78bcc1
AG		 3501#if defined(TARGET_WORDS_BIGENDIAN)
3502 if (endian == DEVICE_LITTLE_ENDIAN) {
3503 val = bswap16(val);
3504 }
3505#else
3506 if (endian == DEVICE_BIG_ENDIAN) {
3507 val = bswap16(val);
3508 }
3509#endif
50013115 3510 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3511 } else {
733f0b02 3512 /* RAM case */
0878d0e1 3513 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3514 switch (endian) {
3515 case DEVICE_LITTLE_ENDIAN:
3516 stw_le_p(ptr, val);
3517 break;
3518 case DEVICE_BIG_ENDIAN:
3519 stw_be_p(ptr, val);
3520 break;
3521 default:
3522 stw_p(ptr, val);
3523 break;
3524 }
845b6214 3525 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3526 r = MEMTX_OK;
3527 }
3528 if (result) {
3529 *result = r;
733f0b02 3530 }
4840f10e
JK		 3531 if (release_lock) {
3532 qemu_mutex_unlock_iothread();
3533 }
41063e1e 3534 rcu_read_unlock();
aab33094
FB		 3535}
3536
50013115
PM		 3537void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3538 MemTxAttrs attrs, MemTxResult *result)
3539{
3540 address_space_stw_internal(as, addr, val, attrs, result,
3541 DEVICE_NATIVE_ENDIAN);
3542}
3543
3544void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3545 MemTxAttrs attrs, MemTxResult *result)
3546{
3547 address_space_stw_internal(as, addr, val, attrs, result,
3548 DEVICE_LITTLE_ENDIAN);
3549}
3550
3551void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3552 MemTxAttrs attrs, MemTxResult *result)
3553{
3554 address_space_stw_internal(as, addr, val, attrs, result,
3555 DEVICE_BIG_ENDIAN);
3556}
3557
5ce5944d 3558void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3559{
50013115 3560 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3561}
3562
5ce5944d 3563void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3564{
50013115 3565 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3566}
3567
5ce5944d 3568void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3569{
50013115 3570 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3571}
3572
aab33094 3573/* XXX: optimize */
50013115
PM		 3574void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3575 MemTxAttrs attrs, MemTxResult *result)
aab33094 3576{
50013115 3577 MemTxResult r;
aab33094 3578 val = tswap64(val);
50013115
PM		 3579 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3580 if (result) {
3581 *result = r;
3582 }
aab33094
FB		 3583}
3584
50013115
PM		 3585void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3586 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3587{
50013115 3588 MemTxResult r;
1e78bcc1 3589 val = cpu_to_le64(val);
50013115
PM		 3590 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3591 if (result) {
3592 *result = r;
3593 }
3594}
3595void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3596 MemTxAttrs attrs, MemTxResult *result)
3597{
3598 MemTxResult r;
3599 val = cpu_to_be64(val);
3600 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3601 if (result) {
3602 *result = r;
3603 }
3604}
3605
3606void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3607{
3608 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3609}
3610
3611void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3612{
3613 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3614}
3615
f606604f 3616void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3617{
50013115 3618 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3619}
3620
5e2972fd 3621/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3622int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3623 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3624{
3625 int l;
a8170e5e 3626 hwaddr phys_addr;
9b3c35e0 3627 target_ulong page;
13eb76e0
FB		 3628
3629 while (len > 0) {
5232e4c7
PM		 3630 int asidx;
3631 MemTxAttrs attrs;
3632
13eb76e0 3633 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3634 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3635 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3636 /* if no physical page mapped, return an error */
3637 if (phys_addr == -1)
3638 return -1;
3639 l = (page + TARGET_PAGE_SIZE) - addr;
3640 if (l > len)
3641 l = len;
5e2972fd 3642 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3643 if (is_write) {
5232e4c7
PM		 3644 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3645 phys_addr, buf, l);
2e38847b 3646 } else {
5232e4c7
PM		 3647 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3648 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3649 buf, l, 0);
2e38847b 3650 }
13eb76e0
FB		 3651 len -= l;
3652 buf += l;
3653 addr += l;
3654 }
3655 return 0;
3656}
038629a6
DDAG		 3657
3658/*
3659 * Allows code that needs to deal with migration bitmaps etc to still be built
3660 * target independent.
3661 */
3662size_t qemu_target_page_bits(void)
3663{
3664 return TARGET_PAGE_BITS;
3665}
3666
a68fe89c 3667#endif
13eb76e0 3668
8e4a424b
BS		 3669/*
3670 * A helper function for the _utterly broken_ virtio device model to find out if
3671 * it's running on a big endian machine. Don't do this at home kids!
3672 */
98ed8ecf
GK		 3673bool target_words_bigendian(void);
3674bool target_words_bigendian(void)
8e4a424b
BS		 3675{
3676#if defined(TARGET_WORDS_BIGENDIAN)
3677 return true;
3678#else
3679 return false;
3680#endif
3681}
3682
76f35538 3683#ifndef CONFIG_USER_ONLY
a8170e5e 3684bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3685{
5c8a00ce 3686 MemoryRegion*mr;
149f54b5 3687 hwaddr l = 1;
41063e1e 3688 bool res;
76f35538 3689
41063e1e 3690 rcu_read_lock();
5c8a00ce
PB		 3691 mr = address_space_translate(&address_space_memory,
3692 phys_addr, &phys_addr, &l, false);
76f35538 3693
41063e1e
PB		 3694 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3695 rcu_read_unlock();
3696 return res;
76f35538 3697}
bd2fa51f 3698
e3807054 3699int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3700{
3701 RAMBlock *block;
e3807054 3702 int ret = 0;
bd2fa51f 3703
0dc3f44a
MD		 3704 rcu_read_lock();
3705 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3706 ret = func(block->idstr, block->host, block->offset,
3707 block->used_length, opaque);
3708 if (ret) {
3709 break;
3710 }
bd2fa51f 3711 }
0dc3f44a 3712 rcu_read_unlock();
e3807054 3713 return ret;
bd2fa51f 3714}
ec3f8c99 3715#endif
Empty description
This page took 1.579 seconds and 4 git commands to generate.