]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: Drop FlatRange.romd_mode
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
b35ba30f 60#include "qemu/range.h"
794e8f30
MT		 61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
b35ba30f 64
db7b5426 65//#define DEBUG_SUBPAGE
1196be37 66
e2eef170 67#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
0d53d9fe 71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 72
73static MemoryRegion *system_memory;
309cb471 74static MemoryRegion *system_io;
62152b8a 75
f6790af6
AK		 76AddressSpace address_space_io;
77AddressSpace address_space_memory;
2673a5da 78
0844e007 79MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 80static MemoryRegion io_mem_unassigned;
0e0df1e2 81
7bd4f430
PB		 82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
dbcb8981
PB		 85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
62be4e3a
MT		 88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
729633c2 141 MemoryRegionSection *mru_section;
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
29cb533d
FZ		 314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
97115a8d 325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 326 Node *nodes, MemoryRegionSection *sections)
92e873b9 327{
31ab2b4a 328 PhysPageEntry *p;
97115a8d 329 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 330 int i;
f1f6e3b8 331
9736e55b 332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 334 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 335 }
9affd6fc 336 p = nodes[lp.ptr];
03f49957 337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 338 }
b35ba30f 339
29cb533d 340 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
f3705d53
AK		 345}
346
e5548617
BS		 347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
2a8e7499 349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 350 && mr != &io_mem_watch;
fd6ce8f6 351}
149f54b5 352
79e2b9ae 353/* Called from RCU critical section */
c7086b4a 354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 355 hwaddr addr,
356 bool resolve_subpage)
9f029603 357{
729633c2 358 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 359 subpage_t *subpage;
729633c2 360 bool update;
90260c6c 361
729633c2
FZ		 362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
90260c6c
JK		 370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 373 }
729633c2
FZ		 374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
90260c6c 377 return section;
9f029603
JK		 378}
379
79e2b9ae 380/* Called from RCU critical section */
90260c6c 381static MemoryRegionSection *
c7086b4a 382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 383 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 384{
385 MemoryRegionSection *section;
965eb2fc 386 MemoryRegion *mr;
a87f3954 387 Int128 diff;
149f54b5 388
c7086b4a 389 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
965eb2fc 396 mr = section->mr;
b242e0e0
PB		 397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
965eb2fc 409 if (memory_region_is_ram(mr)) {
e4a511f8 410 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
149f54b5
PB		 413 return section;
414}
90260c6c 415
41063e1e 416/* Called from RCU critical section */
5c8a00ce
PB		 417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
90260c6c 420{
30951157
AK		 421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
30951157
AK		 424
425 for (;;) {
79e2b9ae
PB		 426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
8d7b8cb9 434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
23820dbf 437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
fe680d0d 446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 448 *plen = MIN(page, *plen);
a87f3954
PB		 449 }
450
30951157
AK		 451 *xlat = addr;
452 return mr;
90260c6c
JK		 453}
454
79e2b9ae 455/* Called from RCU critical section */
90260c6c 456MemoryRegionSection *
d7898cda 457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 458 hwaddr *xlat, hwaddr *plen)
90260c6c 459{
30951157 460 MemoryRegionSection *section;
d7898cda
PM		 461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 464
465 assert(!section->mr->iommu_ops);
466 return section;
90260c6c 467}
5b6dd868 468#endif
fd6ce8f6 469
b170fce3 470#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 471
472static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 473{
259186a7 474 CPUState *cpu = opaque;
a513fe19 475
5b6dd868
BS		 476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
259186a7 478 cpu->interrupt_request &= ~0x01;
c01a71c1 479 tlb_flush(cpu, 1);
5b6dd868
BS		 480
481 return 0;
a513fe19 482}
7501267e 483
6c3bff0e
PD		 484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 cpu->exception_index = -1;
6c3bff0e
PD		 489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
adee6424 497 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
5cd8cada 504 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
bac05aa9
AS		 511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
1a1562f5 529const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
6c3bff0e 533 .pre_load = cpu_common_pre_load,
5b6dd868 534 .post_load = cpu_common_post_load,
35d08458 535 .fields = (VMStateField[]) {
259186a7
AF		 536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 538 VMSTATE_END_OF_LIST()
6c3bff0e 539 },
5cd8cada
JQ		 540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
bac05aa9 542 &vmstate_cpu_common_crash_occurred,
5cd8cada 543 NULL
5b6dd868
BS		 544 }
545};
1a1562f5 546
5b6dd868 547#endif
ea041c0e 548
38d8f5c8 549CPUState *qemu_get_cpu(int index)
ea041c0e 550{
bdc44640 551 CPUState *cpu;
ea041c0e 552
bdc44640 553 CPU_FOREACH(cpu) {
55e5c285 554 if (cpu->cpu_index == index) {
bdc44640 555 return cpu;
55e5c285 556 }
ea041c0e 557 }
5b6dd868 558
bdc44640 559 return NULL;
ea041c0e
FB		 560}
561
09daed84 562#if !defined(CONFIG_USER_ONLY)
56943e8c 563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 564{
12ebc9a7
PM		 565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
56943e8c
PM		 570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
12ebc9a7
PM		 575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
09daed84 577
12ebc9a7
PM		 578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 580 }
32857f4d 581
12ebc9a7
PM		 582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
56943e8c 585 if (tcg_enabled()) {
12ebc9a7
PM		 586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 588 }
09daed84 589}
651a5bc0
PM		 590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
09daed84
EI		 596#endif
597
b7bca733
BR		 598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
4bad9e39 643void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 644{
b170fce3 645 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 646 Error *local_err = NULL;
5b6dd868 647
56943e8c 648 cpu->as = NULL;
12ebc9a7 649 cpu->num_ases = 0;
56943e8c 650
291135b5 651#ifndef CONFIG_USER_ONLY
291135b5 652 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
291135b5
EH		 667#endif
668
5b6dd868
BS		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
741da0d3 672 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
5b6dd868 679 }
bdc44640 680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 681#if defined(CONFIG_USER_ONLY)
741da0d3 682 (void) cc;
5b6dd868 683 cpu_list_unlock();
741da0d3 684#else
e0d47944 685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 687 }
b170fce3 688 if (cc->vmsd != NULL) {
741da0d3 689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 690 }
741da0d3 691#endif
ea041c0e
FB		 692}
693
94df27fd 694#if defined(CONFIG_USER_ONLY)
00b941e5 695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
00b941e5 700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 701{
5232e4c7
PM		 702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 705 if (phys != -1) {
5232e4c7 706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 707 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 708 }
1e7855a5 709}
c27004ec 710#endif
d720b93d 711
c527ee8f 712#if defined(CONFIG_USER_ONLY)
75a34036 713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 714
715{
716}
717
3ee887e8
PM		 718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
6658ffb8 734/* Add a watchpoint. */
75a34036 735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags, CPUWatchpoint **watchpoint)
6658ffb8 737{
c0ce998e 738 CPUWatchpoint *wp;
6658ffb8 739
05068c0d 740 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 741 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 744 return -EINVAL;
745 }
7267c094 746 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 747
748 wp->vaddr = addr;
05068c0d 749 wp->len = len;
a1d1bb31
AL		 750 wp->flags = flags;
751
2dc9f411 752 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
6658ffb8 758
31b030d4 759 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
6658ffb8
PB		 764}
765
a1d1bb31 766/* Remove a specific watchpoint. */
75a34036 767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 768 int flags)
6658ffb8 769{
a1d1bb31 770 CPUWatchpoint *wp;
6658ffb8 771
ff4700b0 772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 773 if (addr == wp->vaddr && len == wp->len
6e140f28 774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 775 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 776 return 0;
777 }
778 }
a1d1bb31 779 return -ENOENT;
6658ffb8
PB		 780}
781
a1d1bb31 782/* Remove a specific watchpoint by reference. */
75a34036 783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 784{
ff4700b0 785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 786
31b030d4 787 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 788
7267c094 789 g_free(watchpoint);
a1d1bb31
AL		 790}
791
792/* Remove all matching watchpoints. */
75a34036 793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 794{
c0ce998e 795 CPUWatchpoint *wp, *next;
a1d1bb31 796
ff4700b0 797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
c0ce998e 801 }
7d03f82f 802}
05068c0d
PM		 803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
c527ee8f 824#endif
7d03f82f 825
a1d1bb31 826/* Add a breakpoint. */
b3310ab3 827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 828 CPUBreakpoint **breakpoint)
4c3a88a2 829{
c0ce998e 830 CPUBreakpoint *bp;
3b46e624 831
7267c094 832 bp = g_malloc(sizeof(*bp));
4c3a88a2 833
a1d1bb31
AL		 834 bp->pc = pc;
835 bp->flags = flags;
836
2dc9f411 837 /* keep all GDB-injected breakpoints in front */
00b941e5 838 if (flags & BP_GDB) {
f0c3c505 839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 840 } else {
f0c3c505 841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 842 }
3b46e624 843
f0c3c505 844 breakpoint_invalidate(cpu, pc);
a1d1bb31 845
00b941e5 846 if (breakpoint) {
a1d1bb31 847 *breakpoint = bp;
00b941e5 848 }
4c3a88a2 849 return 0;
4c3a88a2
FB		 850}
851
a1d1bb31 852/* Remove a specific breakpoint. */
b3310ab3 853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 854{
a1d1bb31
AL		 855 CPUBreakpoint *bp;
856
f0c3c505 857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 858 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 859 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 860 return 0;
861 }
7d03f82f 862 }
a1d1bb31 863 return -ENOENT;
7d03f82f
EI		 864}
865
a1d1bb31 866/* Remove a specific breakpoint by reference. */
b3310ab3 867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 868{
f0c3c505
AF		 869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 872
7267c094 873 g_free(breakpoint);
a1d1bb31
AL		 874}
875
876/* Remove all matching breakpoints. */
b3310ab3 877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 878{
c0ce998e 879 CPUBreakpoint *bp, *next;
a1d1bb31 880
f0c3c505 881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
c0ce998e 885 }
4c3a88a2
FB		 886}
887
c33a346e
FB		 888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
3825b28f 890void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 891{
ed2803da
AF		 892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
38e478ec 895 kvm_update_guest_debug(cpu, 0);
ed2803da 896 } else {
ccbb4d44 897 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 898 /* XXX: only flush what is necessary */
bbd77c18 899 tb_flush(cpu);
e22a25c9 900 }
c33a346e 901 }
c33a346e
FB		 902}
903
a47dddd7 904void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 905{
906 va_list ap;
493ae1f0 907 va_list ap2;
7501267e
FB		 908
909 va_start(ap, fmt);
493ae1f0 910 va_copy(ap2, ap);
7501267e
FB		 911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
878096ee 914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 915 if (qemu_log_separate()) {
93fcfe39
AL		 916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
a0762859 919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 920 qemu_log_flush();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1048 /* Normal RAM. */
1049 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1050 + xlat;
e5548617 1051 if (!section->readonly) {
b41aac4f 1052 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1053 } else {
b41aac4f 1054 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1055 }
1056 } else {
0b8e2c10
PM		 1057 AddressSpaceDispatch *d;
1058
1059 d = atomic_rcu_read(&section->address_space->dispatch);
1060 iotlb = section - d->map.sections;
149f54b5 1061 iotlb += xlat;
e5548617
BS		 1062 }
1063
1064 /* Make accesses to pages with watchpoints go via the
1065 watchpoint trap routines. */
ff4700b0 1066 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1067 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1068 /* Avoid trapping reads of pages with a write breakpoint. */
1069 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1070 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1071 *address |= TLB_MMIO;
1072 break;
1073 }
1074 }
1075 }
1076
1077 return iotlb;
1078}
9fa3e853
FB		 1079#endif /* defined(CONFIG_USER_ONLY) */
1080
e2eef170 1081#if !defined(CONFIG_USER_ONLY)
8da3ff18 1082
c227f099 1083static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1084 uint16_t section);
acc9d80b 1085static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1086
a2b257d6
IM		 1087static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1088 qemu_anon_ram_alloc;
91138037
MA		 1089
1090/*
1091 * Set a custom physical guest memory alloator.
1092 * Accelerators with unusual needs may need this. Hopefully, we can
1093 * get rid of it eventually.
1094 */
a2b257d6 1095void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1096{
1097 phys_mem_alloc = alloc;
1098}
1099
53cb28cb
MA		 1100static uint16_t phys_section_add(PhysPageMap *map,
1101 MemoryRegionSection *section)
5312bd8b 1102{
68f3f65b
PB		 1103 /* The physical section number is ORed with a page-aligned
1104 * pointer to produce the iotlb entries. Thus it should
1105 * never overflow into the page-aligned value.
1106 */
53cb28cb 1107 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1108
53cb28cb
MA		 1109 if (map->sections_nb == map->sections_nb_alloc) {
1110 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1111 map->sections = g_renew(MemoryRegionSection, map->sections,
1112 map->sections_nb_alloc);
5312bd8b 1113 }
53cb28cb 1114 map->sections[map->sections_nb] = *section;
dfde4e6e 1115 memory_region_ref(section->mr);
53cb28cb 1116 return map->sections_nb++;
5312bd8b
AK		 1117}
1118
058bc4b5
PB		 1119static void phys_section_destroy(MemoryRegion *mr)
1120{
55b4e80b
DS		 1121 bool have_sub_page = mr->subpage;
1122
dfde4e6e
PB		 1123 memory_region_unref(mr);
1124
55b4e80b 1125 if (have_sub_page) {
058bc4b5 1126 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1127 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1128 g_free(subpage);
1129 }
1130}
1131
6092666e 1132static void phys_sections_free(PhysPageMap *map)
5312bd8b 1133{
9affd6fc
PB		 1134 while (map->sections_nb > 0) {
1135 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1136 phys_section_destroy(section->mr);
1137 }
9affd6fc
PB		 1138 g_free(map->sections);
1139 g_free(map->nodes);
5312bd8b
AK		 1140}
1141
ac1970fb 1142static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1143{
1144 subpage_t *subpage;
a8170e5e 1145 hwaddr base = section->offset_within_address_space
0f0cb164 1146 & TARGET_PAGE_MASK;
97115a8d 1147 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1148 d->map.nodes, d->map.sections);
0f0cb164
AK		 1149 MemoryRegionSection subsection = {
1150 .offset_within_address_space = base,
052e87b0 1151 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1152 };
a8170e5e 1153 hwaddr start, end;
0f0cb164 1154
f3705d53 1155 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1156
f3705d53 1157 if (!(existing->mr->subpage)) {
acc9d80b 1158 subpage = subpage_init(d->as, base);
3be91e86 1159 subsection.address_space = d->as;
0f0cb164 1160 subsection.mr = &subpage->iomem;
ac1970fb 1161 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1162 phys_section_add(&d->map, &subsection));
0f0cb164 1163 } else {
f3705d53 1164 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1165 }
1166 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1167 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1168 subpage_register(subpage, start, end,
1169 phys_section_add(&d->map, section));
0f0cb164
AK		 1170}
1171
1172
052e87b0
PB		 1173static void register_multipage(AddressSpaceDispatch *d,
1174 MemoryRegionSection *section)
33417e70 1175{
a8170e5e 1176 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1177 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1178 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1179 TARGET_PAGE_BITS));
dd81124b 1180
733d5ef5
PB		 1181 assert(num_pages);
1182 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1183}
1184
ac1970fb 1185static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1186{
89ae337a 1187 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1188 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1189 MemoryRegionSection now = *section, remain = *section;
052e87b0 1190 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1191
733d5ef5
PB		 1192 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1193 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1194 - now.offset_within_address_space;
1195
052e87b0 1196 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1197 register_subpage(d, &now);
733d5ef5 1198 } else {
052e87b0 1199 now.size = int128_zero();
733d5ef5 1200 }
052e87b0
PB		 1201 while (int128_ne(remain.size, now.size)) {
1202 remain.size = int128_sub(remain.size, now.size);
1203 remain.offset_within_address_space += int128_get64(now.size);
1204 remain.offset_within_region += int128_get64(now.size);
69b67646 1205 now = remain;
052e87b0 1206 if (int128_lt(remain.size, page_size)) {
733d5ef5 1207 register_subpage(d, &now);
88266249 1208 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1209 now.size = page_size;
ac1970fb 1210 register_subpage(d, &now);
69b67646 1211 } else {
052e87b0 1212 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1213 register_multipage(d, &now);
69b67646 1214 }
0f0cb164
AK		 1215 }
1216}
1217
62a2744c
SY		 1218void qemu_flush_coalesced_mmio_buffer(void)
1219{
1220 if (kvm_enabled())
1221 kvm_flush_coalesced_mmio_buffer();
1222}
1223
b2a8658e
UD		 1224void qemu_mutex_lock_ramlist(void)
1225{
1226 qemu_mutex_lock(&ram_list.mutex);
1227}
1228
1229void qemu_mutex_unlock_ramlist(void)
1230{
1231 qemu_mutex_unlock(&ram_list.mutex);
1232}
1233
e1e84ba0 1234#ifdef __linux__
04b16653
AW		 1235static void *file_ram_alloc(RAMBlock *block,
1236 ram_addr_t memory,
7f56e740
PB		 1237 const char *path,
1238 Error **errp)
c902760f 1239{
fd97fd44 1240 bool unlink_on_error = false;
c902760f 1241 char *filename;
8ca761f6
PF		 1242 char *sanitized_name;
1243 char *c;
794e8f30 1244 void *area;
5c3ece79 1245 int fd = -1;
e1fb6471 1246 int64_t page_size;
c902760f
MT		 1247
1248 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1249 error_setg(errp,
1250 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1251 return NULL;
c902760f
MT		 1252 }
1253
fd97fd44
MA		 1254 for (;;) {
1255 fd = open(path, O_RDWR);
1256 if (fd >= 0) {
1257 /* @path names an existing file, use it */
1258 break;
8d31d6b6 1259 }
fd97fd44
MA		 1260 if (errno == ENOENT) {
1261 /* @path names a file that doesn't exist, create it */
1262 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1263 if (fd >= 0) {
1264 unlink_on_error = true;
1265 break;
1266 }
1267 } else if (errno == EISDIR) {
1268 /* @path names a directory, create a file there */
1269 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1270 sanitized_name = g_strdup(memory_region_name(block->mr));
1271 for (c = sanitized_name; *c != '\0'; c++) {
1272 if (*c == '/') {
1273 *c = '_';
1274 }
1275 }
8ca761f6 1276
fd97fd44
MA		 1277 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1278 sanitized_name);
1279 g_free(sanitized_name);
8d31d6b6 1280
fd97fd44
MA		 1281 fd = mkstemp(filename);
1282 if (fd >= 0) {
1283 unlink(filename);
1284 g_free(filename);
1285 break;
1286 }
1287 g_free(filename);
8d31d6b6 1288 }
fd97fd44
MA		 1289 if (errno != EEXIST && errno != EINTR) {
1290 error_setg_errno(errp, errno,
1291 "can't open backing store %s for guest RAM",
1292 path);
1293 goto error;
1294 }
1295 /*
1296 * Try again on EINTR and EEXIST. The latter happens when
1297 * something else creates the file between our two open().
1298 */
8d31d6b6 1299 }
c902760f 1300
e1fb6471 1301 page_size = qemu_fd_getpagesize(fd);
d2f39add 1302 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1303
e1fb6471 1304 if (memory < page_size) {
fd97fd44
MA		 1305 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1306 "or larger than page size 0x%" PRIx64,
e1fb6471 1307 memory, page_size);
f9a49dfa 1308 goto error;
c902760f 1309 }
c902760f 1310
e1fb6471 1311 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1312
1313 /*
1314 * ftruncate is not supported by hugetlbfs in older
1315 * hosts, so don't bother bailing out on errors.
1316 * If anything goes wrong with it under other filesystems,
1317 * mmap will fail.
1318 */
7f56e740 1319 if (ftruncate(fd, memory)) {
9742bf26 1320 perror("ftruncate");
7f56e740 1321 }
c902760f 1322
d2f39add
DD		 1323 area = qemu_ram_mmap(fd, memory, block->mr->align,
1324 block->flags & RAM_SHARED);
c902760f 1325 if (area == MAP_FAILED) {
7f56e740 1326 error_setg_errno(errp, errno,
fd97fd44 1327 "unable to map backing store for guest RAM");
f9a49dfa 1328 goto error;
c902760f 1329 }
ef36fa14
MT		 1330
1331 if (mem_prealloc) {
38183310 1332 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1333 }
1334
04b16653 1335 block->fd = fd;
c902760f 1336 return area;
f9a49dfa
MT		 1337
1338error:
fd97fd44
MA		 1339 if (unlink_on_error) {
1340 unlink(path);
1341 }
5c3ece79
PB		 1342 if (fd != -1) {
1343 close(fd);
1344 }
f9a49dfa 1345 return NULL;
c902760f
MT		 1346}
1347#endif
1348
0dc3f44a 1349/* Called with the ramlist lock held. */
d17b5288 1350static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1351{
1352 RAMBlock *block, *next_block;
3e837b2c 1353 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1354
49cd9ac6
SH		 1355 assert(size != 0); /* it would hand out same offset multiple times */
1356
0dc3f44a 1357 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1358 return 0;
0d53d9fe 1359 }
04b16653 1360
0dc3f44a 1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1362 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1363
62be4e3a 1364 end = block->offset + block->max_length;
04b16653 1365
0dc3f44a 1366 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1367 if (next_block->offset >= end) {
1368 next = MIN(next, next_block->offset);
1369 }
1370 }
1371 if (next - end >= size && next - end < mingap) {
3e837b2c 1372 offset = end;
04b16653
AW		 1373 mingap = next - end;
1374 }
1375 }
3e837b2c
AW		 1376
1377 if (offset == RAM_ADDR_MAX) {
1378 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1379 (uint64_t)size);
1380 abort();
1381 }
1382
04b16653
AW		 1383 return offset;
1384}
1385
652d7ec2 1386ram_addr_t last_ram_offset(void)
d17b5288
AW		 1387{
1388 RAMBlock *block;
1389 ram_addr_t last = 0;
1390
0dc3f44a
MD		 1391 rcu_read_lock();
1392 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1393 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1394 }
0dc3f44a 1395 rcu_read_unlock();
d17b5288
AW		 1396 return last;
1397}
1398
ddb97f1d
JB		 1399static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1400{
1401 int ret;
ddb97f1d
JB		 1402
1403 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1404 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1405 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1406 if (ret) {
1407 perror("qemu_madvise");
1408 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1409 "but dump_guest_core=off specified\n");
1410 }
1411 }
1412}
1413
422148d3
DDAG		 1414const char *qemu_ram_get_idstr(RAMBlock *rb)
1415{
1416 return rb->idstr;
1417}
1418
ae3a7047 1419/* Called with iothread lock held. */
fa53a0e5 1420void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1421{
fa53a0e5 1422 RAMBlock *block;
20cfe881 1423
c5705a77
AK		 1424 assert(new_block);
1425 assert(!new_block->idstr[0]);
84b89d78 1426
09e5ab63
AL		 1427 if (dev) {
1428 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1429 if (id) {
1430 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1431 g_free(id);
84b89d78
CM		 1432 }
1433 }
1434 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1435
ab0a9956 1436 rcu_read_lock();
0dc3f44a 1437 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1438 if (block != new_block &&
1439 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1440 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1441 new_block->idstr);
1442 abort();
1443 }
1444 }
0dc3f44a 1445 rcu_read_unlock();
c5705a77
AK		 1446}
1447
ae3a7047 1448/* Called with iothread lock held. */
fa53a0e5 1449void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1450{
ae3a7047
MD		 1451 /* FIXME: arch_init.c assumes that this is not called throughout
1452 * migration. Ignore the problem since hot-unplug during migration
1453 * does not work anyway.
1454 */
20cfe881
HT		 1455 if (block) {
1456 memset(block->idstr, 0, sizeof(block->idstr));
1457 }
1458}
1459
8490fc78
LC		 1460static int memory_try_enable_merging(void *addr, size_t len)
1461{
75cc7f01 1462 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1463 /* disabled by the user */
1464 return 0;
1465 }
1466
1467 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1468}
1469
62be4e3a
MT		 1470/* Only legal before guest might have detected the memory size: e.g. on
1471 * incoming migration, or right after reset.
1472 *
1473 * As memory core doesn't know how is memory accessed, it is up to
1474 * resize callback to update device state and/or add assertions to detect
1475 * misuse, if necessary.
1476 */
fa53a0e5 1477int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1478{
62be4e3a
MT		 1479 assert(block);
1480
4ed023ce 1481 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1482
62be4e3a
MT		 1483 if (block->used_length == newsize) {
1484 return 0;
1485 }
1486
1487 if (!(block->flags & RAM_RESIZEABLE)) {
1488 error_setg_errno(errp, EINVAL,
1489 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1490 " in != 0x" RAM_ADDR_FMT, block->idstr,
1491 newsize, block->used_length);
1492 return -EINVAL;
1493 }
1494
1495 if (block->max_length < newsize) {
1496 error_setg_errno(errp, EINVAL,
1497 "Length too large: %s: 0x" RAM_ADDR_FMT
1498 " > 0x" RAM_ADDR_FMT, block->idstr,
1499 newsize, block->max_length);
1500 return -EINVAL;
1501 }
1502
1503 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1504 block->used_length = newsize;
58d2707e
PB		 1505 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1506 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1507 memory_region_set_size(block->mr, newsize);
1508 if (block->resized) {
1509 block->resized(block->idstr, newsize, block->host);
1510 }
1511 return 0;
1512}
1513
5b82b703
SH		 1514/* Called with ram_list.mutex held */
1515static void dirty_memory_extend(ram_addr_t old_ram_size,
1516 ram_addr_t new_ram_size)
1517{
1518 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1519 DIRTY_MEMORY_BLOCK_SIZE);
1520 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1521 DIRTY_MEMORY_BLOCK_SIZE);
1522 int i;
1523
1524 /* Only need to extend if block count increased */
1525 if (new_num_blocks <= old_num_blocks) {
1526 return;
1527 }
1528
1529 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1530 DirtyMemoryBlocks *old_blocks;
1531 DirtyMemoryBlocks *new_blocks;
1532 int j;
1533
1534 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1535 new_blocks = g_malloc(sizeof(*new_blocks) +
1536 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1537
1538 if (old_num_blocks) {
1539 memcpy(new_blocks->blocks, old_blocks->blocks,
1540 old_num_blocks * sizeof(old_blocks->blocks[0]));
1541 }
1542
1543 for (j = old_num_blocks; j < new_num_blocks; j++) {
1544 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1545 }
1546
1547 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1548
1549 if (old_blocks) {
1550 g_free_rcu(old_blocks, rcu);
1551 }
1552 }
1553}
1554
528f46af 1555static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1556{
e1c57ab8 1557 RAMBlock *block;
0d53d9fe 1558 RAMBlock *last_block = NULL;
2152f5ca 1559 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1560 Error *err = NULL;
2152f5ca
JQ		 1561
1562 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1563
b2a8658e 1564 qemu_mutex_lock_ramlist();
9b8424d5 1565 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1566
1567 if (!new_block->host) {
1568 if (xen_enabled()) {
9b8424d5 1569 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1570 new_block->mr, &err);
1571 if (err) {
1572 error_propagate(errp, err);
1573 qemu_mutex_unlock_ramlist();
39c350ee 1574 return;
37aa7a0e 1575 }
e1c57ab8 1576 } else {
9b8424d5 1577 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1578 &new_block->mr->align);
39228250 1579 if (!new_block->host) {
ef701d7b
HT		 1580 error_setg_errno(errp, errno,
1581 "cannot set up guest memory '%s'",
1582 memory_region_name(new_block->mr));
1583 qemu_mutex_unlock_ramlist();
39c350ee 1584 return;
39228250 1585 }
9b8424d5 1586 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1587 }
c902760f 1588 }
94a6b54f 1589
dd631697
LZ		 1590 new_ram_size = MAX(old_ram_size,
1591 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1592 if (new_ram_size > old_ram_size) {
1593 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1594 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1595 }
0d53d9fe
MD		 1596 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1597 * QLIST (which has an RCU-friendly variant) does not have insertion at
1598 * tail, so save the last element in last_block.
1599 */
0dc3f44a 1600 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1601 last_block = block;
9b8424d5 1602 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1603 break;
1604 }
1605 }
1606 if (block) {
0dc3f44a 1607 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1608 } else if (last_block) {
0dc3f44a 1609 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1610 } else { /* list is empty */
0dc3f44a 1611 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1612 }
0d6d3c87 1613 ram_list.mru_block = NULL;
94a6b54f 1614
0dc3f44a
MD		 1615 /* Write list before version */
1616 smp_wmb();
f798b07f 1617 ram_list.version++;
b2a8658e 1618 qemu_mutex_unlock_ramlist();
f798b07f 1619
9b8424d5 1620 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1621 new_block->used_length,
1622 DIRTY_CLIENTS_ALL);
94a6b54f 1623
a904c911
PB		 1624 if (new_block->host) {
1625 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1626 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1627 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1628 if (kvm_enabled()) {
1629 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1630 }
e1c57ab8 1631 }
94a6b54f 1632}
e9a1ab19 1633
0b183fc8 1634#ifdef __linux__
528f46af
FZ		 1635RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1636 bool share, const char *mem_path,
1637 Error **errp)
e1c57ab8
PB		 1638{
1639 RAMBlock *new_block;
ef701d7b 1640 Error *local_err = NULL;
e1c57ab8
PB		 1641
1642 if (xen_enabled()) {
7f56e740 1643 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1644 return NULL;
e1c57ab8
PB		 1645 }
1646
1647 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1648 /*
1649 * file_ram_alloc() needs to allocate just like
1650 * phys_mem_alloc, but we haven't bothered to provide
1651 * a hook there.
1652 */
7f56e740
PB		 1653 error_setg(errp,
1654 "-mem-path not supported with this accelerator");
528f46af 1655 return NULL;
e1c57ab8
PB		 1656 }
1657
4ed023ce 1658 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1659 new_block = g_malloc0(sizeof(*new_block));
1660 new_block->mr = mr;
9b8424d5
MT		 1661 new_block->used_length = size;
1662 new_block->max_length = size;
dbcb8981 1663 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1664 new_block->host = file_ram_alloc(new_block, size,
1665 mem_path, errp);
1666 if (!new_block->host) {
1667 g_free(new_block);
528f46af 1668 return NULL;
7f56e740
PB		 1669 }
1670
528f46af 1671 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1672 if (local_err) {
1673 g_free(new_block);
1674 error_propagate(errp, local_err);
528f46af 1675 return NULL;
ef701d7b 1676 }
528f46af 1677 return new_block;
e1c57ab8 1678}
0b183fc8 1679#endif
e1c57ab8 1680
62be4e3a 1681static
528f46af
FZ		 1682RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1683 void (*resized)(const char*,
1684 uint64_t length,
1685 void *host),
1686 void *host, bool resizeable,
1687 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1688{
1689 RAMBlock *new_block;
ef701d7b 1690 Error *local_err = NULL;
e1c57ab8 1691
4ed023ce
DDAG		 1692 size = HOST_PAGE_ALIGN(size);
1693 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1694 new_block = g_malloc0(sizeof(*new_block));
1695 new_block->mr = mr;
62be4e3a 1696 new_block->resized = resized;
9b8424d5
MT		 1697 new_block->used_length = size;
1698 new_block->max_length = max_size;
62be4e3a 1699 assert(max_size >= size);
e1c57ab8
PB		 1700 new_block->fd = -1;
1701 new_block->host = host;
1702 if (host) {
7bd4f430 1703 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1704 }
62be4e3a
MT		 1705 if (resizeable) {
1706 new_block->flags |= RAM_RESIZEABLE;
1707 }
528f46af 1708 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1709 if (local_err) {
1710 g_free(new_block);
1711 error_propagate(errp, local_err);
528f46af 1712 return NULL;
ef701d7b 1713 }
528f46af 1714 return new_block;
e1c57ab8
PB		 1715}
1716
528f46af 1717RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1718 MemoryRegion *mr, Error **errp)
1719{
1720 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1721}
1722
528f46af 1723RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1724{
62be4e3a
MT		 1725 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1726}
1727
528f46af 1728RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1729 void (*resized)(const char*,
1730 uint64_t length,
1731 void *host),
1732 MemoryRegion *mr, Error **errp)
1733{
1734 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1735}
1736
43771539
PB		 1737static void reclaim_ramblock(RAMBlock *block)
1738{
1739 if (block->flags & RAM_PREALLOC) {
1740 ;
1741 } else if (xen_enabled()) {
1742 xen_invalidate_map_cache_entry(block->host);
1743#ifndef _WIN32
1744 } else if (block->fd >= 0) {
2f3a2bb1 1745 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1746 close(block->fd);
1747#endif
1748 } else {
1749 qemu_anon_ram_free(block->host, block->max_length);
1750 }
1751 g_free(block);
1752}
1753
f1060c55 1754void qemu_ram_free(RAMBlock *block)
e9a1ab19 1755{
85bc2a15
MAL		 1756 if (!block) {
1757 return;
1758 }
1759
b2a8658e 1760 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1761 QLIST_REMOVE_RCU(block, next);
1762 ram_list.mru_block = NULL;
1763 /* Write list before version */
1764 smp_wmb();
1765 ram_list.version++;
1766 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1767 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1768}
1769
cd19cfa2
HY		 1770#ifndef _WIN32
1771void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1772{
1773 RAMBlock *block;
1774 ram_addr_t offset;
1775 int flags;
1776 void *area, *vaddr;
1777
0dc3f44a 1778 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1779 offset = addr - block->offset;
9b8424d5 1780 if (offset < block->max_length) {
1240be24 1781 vaddr = ramblock_ptr(block, offset);
7bd4f430 1782 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1783 ;
dfeaf2ab
MA		 1784 } else if (xen_enabled()) {
1785 abort();
cd19cfa2
HY		 1786 } else {
1787 flags = MAP_FIXED;
3435f395 1788 if (block->fd >= 0) {
dbcb8981
PB		 1789 flags |= (block->flags & RAM_SHARED ?
1790 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1791 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1792 flags, block->fd, offset);
cd19cfa2 1793 } else {
2eb9fbaa
MA		 1794 /*
1795 * Remap needs to match alloc. Accelerators that
1796 * set phys_mem_alloc never remap. If they did,
1797 * we'd need a remap hook here.
1798 */
1799 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1800
cd19cfa2
HY		 1801 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1802 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1803 flags, -1, 0);
cd19cfa2
HY		 1804 }
1805 if (area != vaddr) {
f15fbc4b
AP		 1806 fprintf(stderr, "Could not remap addr: "
1807 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1808 length, addr);
1809 exit(1);
1810 }
8490fc78 1811 memory_try_enable_merging(vaddr, length);
ddb97f1d 1812 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1813 }
cd19cfa2
HY		 1814 }
1815 }
1816}
1817#endif /* !_WIN32 */
1818
a35ba7be
PB		 1819int qemu_get_ram_fd(ram_addr_t addr)
1820{
ae3a7047
MD		 1821 RAMBlock *block;
1822 int fd;
a35ba7be 1823
0dc3f44a 1824 rcu_read_lock();
ae3a7047
MD		 1825 block = qemu_get_ram_block(addr);
1826 fd = block->fd;
0dc3f44a 1827 rcu_read_unlock();
ae3a7047 1828 return fd;
a35ba7be
PB		 1829}
1830
56a571d9
TM		 1831void qemu_set_ram_fd(ram_addr_t addr, int fd)
1832{
1833 RAMBlock *block;
1834
1835 rcu_read_lock();
1836 block = qemu_get_ram_block(addr);
1837 block->fd = fd;
1838 rcu_read_unlock();
1839}
1840
3fd74b84
DM		 1841void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1842{
ae3a7047
MD		 1843 RAMBlock *block;
1844 void *ptr;
3fd74b84 1845
0dc3f44a 1846 rcu_read_lock();
ae3a7047
MD		 1847 block = qemu_get_ram_block(addr);
1848 ptr = ramblock_ptr(block, 0);
0dc3f44a 1849 rcu_read_unlock();
ae3a7047 1850 return ptr;
3fd74b84
DM		 1851}
1852
1b5ec234 1853/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1854 * This should not be used for general purpose DMA. Use address_space_map
1855 * or address_space_rw instead. For local memory (e.g. video ram) that the
1856 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1857 *
49b24afc 1858 * Called within RCU critical section.
1b5ec234 1859 */
3655cb9c 1860void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1861{
3655cb9c
GA		 1862 RAMBlock *block = ram_block;
1863
1864 if (block == NULL) {
1865 block = qemu_get_ram_block(addr);
1866 }
ae3a7047
MD		 1867
1868 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1869 /* We need to check if the requested address is in the RAM
1870 * because we don't want to map the entire memory in QEMU.
1871 * In that case just map until the end of the page.
1872 */
1873 if (block->offset == 0) {
49b24afc 1874 return xen_map_cache(addr, 0, 0);
0d6d3c87 1875 }
ae3a7047
MD		 1876
1877 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1878 }
49b24afc 1879 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1880}
1881
38bee5dc 1882/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1883 * but takes a size argument.
0dc3f44a 1884 *
e81bcda5 1885 * Called within RCU critical section.
ae3a7047 1886 */
3655cb9c
GA		 1887static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1888 hwaddr *size)
38bee5dc 1889{
3655cb9c 1890 RAMBlock *block = ram_block;
e81bcda5 1891 ram_addr_t offset_inside_block;
8ab934f9
SS		 1892 if (*size == 0) {
1893 return NULL;
1894 }
e81bcda5 1895
3655cb9c
GA		 1896 if (block == NULL) {
1897 block = qemu_get_ram_block(addr);
1898 }
e81bcda5
PB		 1899 offset_inside_block = addr - block->offset;
1900 *size = MIN(*size, block->max_length - offset_inside_block);
1901
1902 if (xen_enabled() && block->host == NULL) {
1903 /* We need to check if the requested address is in the RAM
1904 * because we don't want to map the entire memory in QEMU.
1905 * In that case just map the requested area.
1906 */
1907 if (block->offset == 0) {
1908 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1909 }
1910
e81bcda5 1911 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1912 }
e81bcda5
PB		 1913
1914 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1915}
1916
422148d3
DDAG		 1917/*
1918 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1919 * in that RAMBlock.
1920 *
1921 * ptr: Host pointer to look up
1922 * round_offset: If true round the result offset down to a page boundary
1923 * *ram_addr: set to result ram_addr
1924 * *offset: set to result offset within the RAMBlock
1925 *
1926 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1927 *
1928 * By the time this function returns, the returned pointer is not protected
1929 * by RCU anymore. If the caller is not within an RCU critical section and
1930 * does not hold the iothread lock, it must have other means of protecting the
1931 * pointer, such as a reference to the region that includes the incoming
1932 * ram_addr_t.
1933 */
422148d3
DDAG		 1934RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1935 ram_addr_t *ram_addr,
1936 ram_addr_t *offset)
5579c7f3 1937{
94a6b54f
PB		 1938 RAMBlock *block;
1939 uint8_t *host = ptr;
1940
868bb33f 1941 if (xen_enabled()) {
0dc3f44a 1942 rcu_read_lock();
e41d7c69 1943 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1944 block = qemu_get_ram_block(*ram_addr);
1945 if (block) {
1946 *offset = (host - block->host);
1947 }
0dc3f44a 1948 rcu_read_unlock();
422148d3 1949 return block;
712c2b41
SS		 1950 }
1951
0dc3f44a
MD		 1952 rcu_read_lock();
1953 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1954 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1955 goto found;
1956 }
1957
0dc3f44a 1958 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1959 /* This case append when the block is not mapped. */
1960 if (block->host == NULL) {
1961 continue;
1962 }
9b8424d5 1963 if (host - block->host < block->max_length) {
23887b79 1964 goto found;
f471a17e 1965 }
94a6b54f 1966 }
432d268c 1967
0dc3f44a 1968 rcu_read_unlock();
1b5ec234 1969 return NULL;
23887b79
PB		 1970
1971found:
422148d3
DDAG		 1972 *offset = (host - block->host);
1973 if (round_offset) {
1974 *offset &= TARGET_PAGE_MASK;
1975 }
1976 *ram_addr = block->offset + *offset;
0dc3f44a 1977 rcu_read_unlock();
422148d3
DDAG		 1978 return block;
1979}
1980
e3dd7493
DDAG		 1981/*
1982 * Finds the named RAMBlock
1983 *
1984 * name: The name of RAMBlock to find
1985 *
1986 * Returns: RAMBlock (or NULL if not found)
1987 */
1988RAMBlock *qemu_ram_block_by_name(const char *name)
1989{
1990 RAMBlock *block;
1991
1992 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1993 if (!strcmp(name, block->idstr)) {
1994 return block;
1995 }
1996 }
1997
1998 return NULL;
1999}
2000
422148d3
DDAG		 2001/* Some of the softmmu routines need to translate from a host pointer
2002 (typically a TLB entry) back to a ram offset. */
2003MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2004{
2005 RAMBlock *block;
2006 ram_addr_t offset; /* Not used */
2007
2008 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2009
2010 if (!block) {
2011 return NULL;
2012 }
2013
2014 return block->mr;
e890261f 2015}
f471a17e 2016
49b24afc 2017/* Called within RCU critical section. */
a8170e5e 2018static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2019 uint64_t val, unsigned size)
9fa3e853 2020{
52159192 2021 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2022 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2023 }
0e0df1e2
AK		 2024 switch (size) {
2025 case 1:
3655cb9c 2026 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2027 break;
2028 case 2:
3655cb9c 2029 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2030 break;
2031 case 4:
3655cb9c 2032 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2033 break;
2034 default:
2035 abort();
3a7d929e 2036 }
58d2707e
PB		 2037 /* Set both VGA and migration bits for simplicity and to remove
2038 * the notdirty callback faster.
2039 */
2040 cpu_physical_memory_set_dirty_range(ram_addr, size,
2041 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2042 /* we remove the notdirty callback only if the code has been
2043 flushed */
a2cd8c85 2044 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2045 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2046 }
9fa3e853
FB		 2047}
2048
b018ddf6
PB		 2049static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2050 unsigned size, bool is_write)
2051{
2052 return is_write;
2053}
2054
0e0df1e2 2055static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2056 .write = notdirty_mem_write,
b018ddf6 2057 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2058 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2059};
2060
0f459d16 2061/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2062static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2063{
93afeade 2064 CPUState *cpu = current_cpu;
568496c0 2065 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2066 CPUArchState *env = cpu->env_ptr;
06d55cc1 2067 target_ulong pc, cs_base;
0f459d16 2068 target_ulong vaddr;
a1d1bb31 2069 CPUWatchpoint *wp;
89fee74a 2070 uint32_t cpu_flags;
0f459d16 2071
ff4700b0 2072 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2073 /* We re-entered the check after replacing the TB. Now raise
2074 * the debug interrupt so that is will trigger after the
2075 * current instruction. */
93afeade 2076 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2077 return;
2078 }
93afeade 2079 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2080 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2081 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2082 && (wp->flags & flags)) {
08225676
PM		 2083 if (flags == BP_MEM_READ) {
2084 wp->flags |= BP_WATCHPOINT_HIT_READ;
2085 } else {
2086 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2087 }
2088 wp->hitaddr = vaddr;
66b9b43c 2089 wp->hitattrs = attrs;
ff4700b0 2090 if (!cpu->watchpoint_hit) {
568496c0
SF		 2091 if (wp->flags & BP_CPU &&
2092 !cc->debug_check_watchpoint(cpu, wp)) {
2093 wp->flags &= ~BP_WATCHPOINT_HIT;
2094 continue;
2095 }
ff4700b0 2096 cpu->watchpoint_hit = wp;
239c51a5 2097 tb_check_watchpoint(cpu);
6e140f28 2098 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2099 cpu->exception_index = EXCP_DEBUG;
5638d180 2100 cpu_loop_exit(cpu);
6e140f28
AL		 2101 } else {
2102 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2103 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2104 cpu_resume_from_signal(cpu, NULL);
6e140f28 2105 }
06d55cc1 2106 }
6e140f28
AL		 2107 } else {
2108 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2109 }
2110 }
2111}
2112
6658ffb8
PB		 2113/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2114 so these check for a hit then pass through to the normal out-of-line
2115 phys routines. */
66b9b43c
PM		 2116static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2117 unsigned size, MemTxAttrs attrs)
6658ffb8 2118{
66b9b43c
PM		 2119 MemTxResult res;
2120 uint64_t data;
79ed0416
PM		 2121 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2122 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2123
2124 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2125 switch (size) {
66b9b43c 2126 case 1:
79ed0416 2127 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2128 break;
2129 case 2:
79ed0416 2130 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2131 break;
2132 case 4:
79ed0416 2133 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2134 break;
1ec9b909
AK		 2135 default: abort();
2136 }
66b9b43c
PM		 2137 *pdata = data;
2138 return res;
6658ffb8
PB		 2139}
2140
66b9b43c
PM		 2141static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2142 uint64_t val, unsigned size,
2143 MemTxAttrs attrs)
6658ffb8 2144{
66b9b43c 2145 MemTxResult res;
79ed0416
PM		 2146 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2147 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2148
2149 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2150 switch (size) {
67364150 2151 case 1:
79ed0416 2152 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2153 break;
2154 case 2:
79ed0416 2155 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2156 break;
2157 case 4:
79ed0416 2158 address_space_stl(as, addr, val, attrs, &res);
67364150 2159 break;
1ec9b909
AK		 2160 default: abort();
2161 }
66b9b43c 2162 return res;
6658ffb8
PB		 2163}
2164
1ec9b909 2165static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2166 .read_with_attrs = watch_mem_read,
2167 .write_with_attrs = watch_mem_write,
1ec9b909 2168 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2169};
6658ffb8 2170
f25a49e0
PM		 2171static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2172 unsigned len, MemTxAttrs attrs)
db7b5426 2173{
acc9d80b 2174 subpage_t *subpage = opaque;
ff6cff75 2175 uint8_t buf[8];
5c9eb028 2176 MemTxResult res;
791af8c8 2177
db7b5426 2178#if defined(DEBUG_SUBPAGE)
016e9d62 2179 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2180 subpage, len, addr);
db7b5426 2181#endif
5c9eb028
PM		 2182 res = address_space_read(subpage->as, addr + subpage->base,
2183 attrs, buf, len);
2184 if (res) {
2185 return res;
f25a49e0 2186 }
acc9d80b
JK		 2187 switch (len) {
2188 case 1:
f25a49e0
PM		 2189 *data = ldub_p(buf);
2190 return MEMTX_OK;
acc9d80b 2191 case 2:
f25a49e0
PM		 2192 *data = lduw_p(buf);
2193 return MEMTX_OK;
acc9d80b 2194 case 4:
f25a49e0
PM		 2195 *data = ldl_p(buf);
2196 return MEMTX_OK;
ff6cff75 2197 case 8:
f25a49e0
PM		 2198 *data = ldq_p(buf);
2199 return MEMTX_OK;
acc9d80b
JK		 2200 default:
2201 abort();
2202 }
db7b5426
BS		 2203}
2204
f25a49e0
PM		 2205static MemTxResult subpage_write(void *opaque, hwaddr addr,
2206 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2207{
acc9d80b 2208 subpage_t *subpage = opaque;
ff6cff75 2209 uint8_t buf[8];
acc9d80b 2210
db7b5426 2211#if defined(DEBUG_SUBPAGE)
016e9d62 2212 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2213 " value %"PRIx64"\n",
2214 __func__, subpage, len, addr, value);
db7b5426 2215#endif
acc9d80b
JK		 2216 switch (len) {
2217 case 1:
2218 stb_p(buf, value);
2219 break;
2220 case 2:
2221 stw_p(buf, value);
2222 break;
2223 case 4:
2224 stl_p(buf, value);
2225 break;
ff6cff75
PB		 2226 case 8:
2227 stq_p(buf, value);
2228 break;
acc9d80b
JK		 2229 default:
2230 abort();
2231 }
5c9eb028
PM		 2232 return address_space_write(subpage->as, addr + subpage->base,
2233 attrs, buf, len);
db7b5426
BS		 2234}
2235
c353e4cc 2236static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2237 unsigned len, bool is_write)
c353e4cc 2238{
acc9d80b 2239 subpage_t *subpage = opaque;
c353e4cc 2240#if defined(DEBUG_SUBPAGE)
016e9d62 2241 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2242 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2243#endif
2244
acc9d80b 2245 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2246 len, is_write);
c353e4cc
PB		 2247}
2248
70c68e44 2249static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2250 .read_with_attrs = subpage_read,
2251 .write_with_attrs = subpage_write,
ff6cff75
PB		 2252 .impl.min_access_size = 1,
2253 .impl.max_access_size = 8,
2254 .valid.min_access_size = 1,
2255 .valid.max_access_size = 8,
c353e4cc 2256 .valid.accepts = subpage_accepts,
70c68e44 2257 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2258};
2259
c227f099 2260static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2261 uint16_t section)
db7b5426
BS		 2262{
2263 int idx, eidx;
2264
2265 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2266 return -1;
2267 idx = SUBPAGE_IDX(start);
2268 eidx = SUBPAGE_IDX(end);
2269#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2270 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2271 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2272#endif
db7b5426 2273 for (; idx <= eidx; idx++) {
5312bd8b 2274 mmio->sub_section[idx] = section;
db7b5426
BS		 2275 }
2276
2277 return 0;
2278}
2279
acc9d80b 2280static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2281{
c227f099 2282 subpage_t *mmio;
db7b5426 2283
7267c094 2284 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2285
acc9d80b 2286 mmio->as = as;
1eec614b 2287 mmio->base = base;
2c9b15ca 2288 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2289 NULL, TARGET_PAGE_SIZE);
b3b00c78 2290 mmio->iomem.subpage = true;
db7b5426 2291#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2292 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2293 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2294#endif
b41aac4f 2295 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2296
2297 return mmio;
2298}
2299
a656e22f
PC		 2300static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2301 MemoryRegion *mr)
5312bd8b 2302{
a656e22f 2303 assert(as);
5312bd8b 2304 MemoryRegionSection section = {
a656e22f 2305 .address_space = as,
5312bd8b
AK		 2306 .mr = mr,
2307 .offset_within_address_space = 0,
2308 .offset_within_region = 0,
052e87b0 2309 .size = int128_2_64(),
5312bd8b
AK		 2310 };
2311
53cb28cb 2312 return phys_section_add(map, &section);
5312bd8b
AK		 2313}
2314
a54c87b6 2315MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2316{
a54c87b6
PM		 2317 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2318 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2319 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2320 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2321
2322 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2323}
2324
e9179ce1
AK		 2325static void io_mem_init(void)
2326{
1f6245e5 2327 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2328 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2329 NULL, UINT64_MAX);
2c9b15ca 2330 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2331 NULL, UINT64_MAX);
2c9b15ca 2332 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2333 NULL, UINT64_MAX);
e9179ce1
AK		 2334}
2335
ac1970fb 2336static void mem_begin(MemoryListener *listener)
00752703
PB		 2337{
2338 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2339 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2340 uint16_t n;
2341
a656e22f 2342 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2343 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2344 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2345 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2346 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2347 assert(n == PHYS_SECTION_ROM);
a656e22f 2348 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2349 assert(n == PHYS_SECTION_WATCH);
00752703 2350
9736e55b 2351 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2352 d->as = as;
2353 as->next_dispatch = d;
2354}
2355
79e2b9ae
PB		 2356static void address_space_dispatch_free(AddressSpaceDispatch *d)
2357{
2358 phys_sections_free(&d->map);
2359 g_free(d);
2360}
2361
00752703 2362static void mem_commit(MemoryListener *listener)
ac1970fb 2363{
89ae337a 2364 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2365 AddressSpaceDispatch *cur = as->dispatch;
2366 AddressSpaceDispatch *next = as->next_dispatch;
2367
53cb28cb 2368 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2369
79e2b9ae 2370 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2371 if (cur) {
79e2b9ae 2372 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2373 }
9affd6fc
PB		 2374}
2375
1d71148e 2376static void tcg_commit(MemoryListener *listener)
50c1e149 2377{
32857f4d
PM		 2378 CPUAddressSpace *cpuas;
2379 AddressSpaceDispatch *d;
117712c3
AK		 2380
2381 /* since each CPU stores ram addresses in its TLB cache, we must
2382 reset the modified entries */
32857f4d
PM		 2383 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2384 cpu_reloading_memory_map();
2385 /* The CPU and TLB are protected by the iothread lock.
2386 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2387 * may have split the RCU critical section.
2388 */
2389 d = atomic_rcu_read(&cpuas->as->dispatch);
2390 cpuas->memory_dispatch = d;
2391 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2392}
2393
ac1970fb
AK		 2394void address_space_init_dispatch(AddressSpace *as)
2395{
00752703 2396 as->dispatch = NULL;
89ae337a 2397 as->dispatch_listener = (MemoryListener) {
ac1970fb 2398 .begin = mem_begin,
00752703 2399 .commit = mem_commit,
ac1970fb
AK		 2400 .region_add = mem_add,
2401 .region_nop = mem_add,
2402 .priority = 0,
2403 };
89ae337a 2404 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2405}
2406
6e48e8f9
PB		 2407void address_space_unregister(AddressSpace *as)
2408{
2409 memory_listener_unregister(&as->dispatch_listener);
2410}
2411
83f3c251
AK		 2412void address_space_destroy_dispatch(AddressSpace *as)
2413{
2414 AddressSpaceDispatch *d = as->dispatch;
2415
79e2b9ae
PB		 2416 atomic_rcu_set(&as->dispatch, NULL);
2417 if (d) {
2418 call_rcu(d, address_space_dispatch_free, rcu);
2419 }
83f3c251
AK		 2420}
2421
62152b8a
AK		 2422static void memory_map_init(void)
2423{
7267c094 2424 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2425
57271d63 2426 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2427 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2428
7267c094 2429 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2430 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2431 65536);
7dca8043 2432 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2433}
2434
2435MemoryRegion *get_system_memory(void)
2436{
2437 return system_memory;
2438}
2439
309cb471
AK		 2440MemoryRegion *get_system_io(void)
2441{
2442 return system_io;
2443}
2444
e2eef170
PB		 2445#endif /* !defined(CONFIG_USER_ONLY) */
2446
13eb76e0
FB		 2447/* physical memory access (slow version, mainly for debug) */
2448#if defined(CONFIG_USER_ONLY)
f17ec444 2449int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2450 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2451{
2452 int l, flags;
2453 target_ulong page;
53a5960a 2454 void * p;
13eb76e0
FB		 2455
2456 while (len > 0) {
2457 page = addr & TARGET_PAGE_MASK;
2458 l = (page + TARGET_PAGE_SIZE) - addr;
2459 if (l > len)
2460 l = len;
2461 flags = page_get_flags(page);
2462 if (!(flags & PAGE_VALID))
a68fe89c 2463 return -1;
13eb76e0
FB		 2464 if (is_write) {
2465 if (!(flags & PAGE_WRITE))
a68fe89c 2466 return -1;
579a97f7 2467 /* XXX: this code should not depend on lock_user */
72fb7daa 2468 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2469 return -1;
72fb7daa
AJ		 2470 memcpy(p, buf, l);
2471 unlock_user(p, addr, l);
13eb76e0
FB		 2472 } else {
2473 if (!(flags & PAGE_READ))
a68fe89c 2474 return -1;
579a97f7 2475 /* XXX: this code should not depend on lock_user */
72fb7daa 2476 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2477 return -1;
72fb7daa 2478 memcpy(buf, p, l);
5b257578 2479 unlock_user(p, addr, 0);
13eb76e0
FB		 2480 }
2481 len -= l;
2482 buf += l;
2483 addr += l;
2484 }
a68fe89c 2485 return 0;
13eb76e0 2486}
8df1cd07 2487
13eb76e0 2488#else
51d7a9eb 2489
845b6214 2490static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2491 hwaddr length)
51d7a9eb 2492{
e87f7778
PB		 2493 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2494 /* No early return if dirty_log_mask is or becomes 0, because
2495 * cpu_physical_memory_set_dirty_range will still call
2496 * xen_modified_memory.
2497 */
2498 if (dirty_log_mask) {
2499 dirty_log_mask =
2500 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2501 }
2502 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2503 tb_invalidate_phys_range(addr, addr + length);
2504 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2505 }
e87f7778 2506 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2507}
2508
23326164 2509static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2510{
e1622f4b 2511 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2512
2513 /* Regions are assumed to support 1-4 byte accesses unless
2514 otherwise specified. */
23326164
RH		 2515 if (access_size_max == 0) {
2516 access_size_max = 4;
2517 }
2518
2519 /* Bound the maximum access by the alignment of the address. */
2520 if (!mr->ops->impl.unaligned) {
2521 unsigned align_size_max = addr & -addr;
2522 if (align_size_max != 0 && align_size_max < access_size_max) {
2523 access_size_max = align_size_max;
2524 }
82f2563f 2525 }
23326164
RH		 2526
2527 /* Don't attempt accesses larger than the maximum. */
2528 if (l > access_size_max) {
2529 l = access_size_max;
82f2563f 2530 }
6554f5c0 2531 l = pow2floor(l);
23326164
RH		 2532
2533 return l;
82f2563f
PB		 2534}
2535
4840f10e 2536static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2537{
4840f10e
JK		 2538 bool unlocked = !qemu_mutex_iothread_locked();
2539 bool release_lock = false;
2540
2541 if (unlocked && mr->global_locking) {
2542 qemu_mutex_lock_iothread();
2543 unlocked = false;
2544 release_lock = true;
2545 }
125b3806 2546 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2547 if (unlocked) {
2548 qemu_mutex_lock_iothread();
2549 }
125b3806 2550 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2551 if (unlocked) {
2552 qemu_mutex_unlock_iothread();
2553 }
125b3806 2554 }
4840f10e
JK		 2555
2556 return release_lock;
125b3806
PB		 2557}
2558
a203ac70
PB		 2559/* Called within RCU critical section. */
2560static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2561 MemTxAttrs attrs,
2562 const uint8_t *buf,
2563 int len, hwaddr addr1,
2564 hwaddr l, MemoryRegion *mr)
13eb76e0 2565{
13eb76e0 2566 uint8_t *ptr;
791af8c8 2567 uint64_t val;
3b643495 2568 MemTxResult result = MEMTX_OK;
4840f10e 2569 bool release_lock = false;
3b46e624 2570
a203ac70 2571 for (;;) {
eb7eeb88
PB		 2572 if (!memory_access_is_direct(mr, true)) {
2573 release_lock |= prepare_mmio_access(mr);
2574 l = memory_access_size(mr, l, addr1);
2575 /* XXX: could force current_cpu to NULL to avoid
2576 potential bugs */
2577 switch (l) {
2578 case 8:
2579 /* 64 bit write access */
2580 val = ldq_p(buf);
2581 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2582 attrs);
2583 break;
2584 case 4:
2585 /* 32 bit write access */
2586 val = ldl_p(buf);
2587 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2588 attrs);
2589 break;
2590 case 2:
2591 /* 16 bit write access */
2592 val = lduw_p(buf);
2593 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2594 attrs);
2595 break;
2596 case 1:
2597 /* 8 bit write access */
2598 val = ldub_p(buf);
2599 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2600 attrs);
2601 break;
2602 default:
2603 abort();
13eb76e0
FB		 2604 }
2605 } else {
eb7eeb88
PB		 2606 addr1 += memory_region_get_ram_addr(mr);
2607 /* RAM case */
3655cb9c 2608 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2609 memcpy(ptr, buf, l);
2610 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2611 }
4840f10e
JK		 2612
2613 if (release_lock) {
2614 qemu_mutex_unlock_iothread();
2615 release_lock = false;
2616 }
2617
13eb76e0
FB		 2618 len -= l;
2619 buf += l;
2620 addr += l;
a203ac70
PB		 2621
2622 if (!len) {
2623 break;
2624 }
2625
2626 l = len;
2627 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2628 }
fd8aaa76 2629
3b643495 2630 return result;
13eb76e0 2631}
8df1cd07 2632
a203ac70
PB		 2633MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2634 const uint8_t *buf, int len)
ac1970fb 2635{
eb7eeb88 2636 hwaddr l;
eb7eeb88
PB		 2637 hwaddr addr1;
2638 MemoryRegion *mr;
2639 MemTxResult result = MEMTX_OK;
eb7eeb88 2640
a203ac70
PB		 2641 if (len > 0) {
2642 rcu_read_lock();
eb7eeb88 2643 l = len;
a203ac70
PB		 2644 mr = address_space_translate(as, addr, &addr1, &l, true);
2645 result = address_space_write_continue(as, addr, attrs, buf, len,
2646 addr1, l, mr);
2647 rcu_read_unlock();
2648 }
2649
2650 return result;
2651}
2652
2653/* Called within RCU critical section. */
2654MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2655 MemTxAttrs attrs, uint8_t *buf,
2656 int len, hwaddr addr1, hwaddr l,
2657 MemoryRegion *mr)
2658{
2659 uint8_t *ptr;
2660 uint64_t val;
2661 MemTxResult result = MEMTX_OK;
2662 bool release_lock = false;
eb7eeb88 2663
a203ac70 2664 for (;;) {
eb7eeb88
PB		 2665 if (!memory_access_is_direct(mr, false)) {
2666 /* I/O case */
2667 release_lock |= prepare_mmio_access(mr);
2668 l = memory_access_size(mr, l, addr1);
2669 switch (l) {
2670 case 8:
2671 /* 64 bit read access */
2672 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2673 attrs);
2674 stq_p(buf, val);
2675 break;
2676 case 4:
2677 /* 32 bit read access */
2678 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2679 attrs);
2680 stl_p(buf, val);
2681 break;
2682 case 2:
2683 /* 16 bit read access */
2684 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2685 attrs);
2686 stw_p(buf, val);
2687 break;
2688 case 1:
2689 /* 8 bit read access */
2690 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2691 attrs);
2692 stb_p(buf, val);
2693 break;
2694 default:
2695 abort();
2696 }
2697 } else {
2698 /* RAM case */
8e41fb63
FZ		 2699 ptr = qemu_get_ram_ptr(mr->ram_block,
2700 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2701 memcpy(buf, ptr, l);
2702 }
2703
2704 if (release_lock) {
2705 qemu_mutex_unlock_iothread();
2706 release_lock = false;
2707 }
2708
2709 len -= l;
2710 buf += l;
2711 addr += l;
a203ac70
PB		 2712
2713 if (!len) {
2714 break;
2715 }
2716
2717 l = len;
2718 mr = address_space_translate(as, addr, &addr1, &l, false);
2719 }
2720
2721 return result;
2722}
2723
3cc8f884
PB		 2724MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2725 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2726{
2727 hwaddr l;
2728 hwaddr addr1;
2729 MemoryRegion *mr;
2730 MemTxResult result = MEMTX_OK;
2731
2732 if (len > 0) {
2733 rcu_read_lock();
2734 l = len;
2735 mr = address_space_translate(as, addr, &addr1, &l, false);
2736 result = address_space_read_continue(as, addr, attrs, buf, len,
2737 addr1, l, mr);
2738 rcu_read_unlock();
eb7eeb88 2739 }
eb7eeb88
PB		 2740
2741 return result;
ac1970fb
AK		 2742}
2743
eb7eeb88
PB		 2744MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2745 uint8_t *buf, int len, bool is_write)
2746{
2747 if (is_write) {
2748 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2749 } else {
2750 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2751 }
2752}
ac1970fb 2753
a8170e5e 2754void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2755 int len, int is_write)
2756{
5c9eb028
PM		 2757 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2758 buf, len, is_write);
ac1970fb
AK		 2759}
2760
582b55a9
AG		 2761enum write_rom_type {
2762 WRITE_DATA,
2763 FLUSH_CACHE,
2764};
2765
2a221651 2766static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2767 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2768{
149f54b5 2769 hwaddr l;
d0ecd2aa 2770 uint8_t *ptr;
149f54b5 2771 hwaddr addr1;
5c8a00ce 2772 MemoryRegion *mr;
3b46e624 2773
41063e1e 2774 rcu_read_lock();
d0ecd2aa 2775 while (len > 0) {
149f54b5 2776 l = len;
2a221651 2777 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2778
5c8a00ce
PB		 2779 if (!(memory_region_is_ram(mr) ||
2780 memory_region_is_romd(mr))) {
b242e0e0 2781 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2782 } else {
5c8a00ce 2783 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2784 /* ROM/RAM case */
3655cb9c 2785 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2786 switch (type) {
2787 case WRITE_DATA:
2788 memcpy(ptr, buf, l);
845b6214 2789 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2790 break;
2791 case FLUSH_CACHE:
2792 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2793 break;
2794 }
d0ecd2aa
FB		 2795 }
2796 len -= l;
2797 buf += l;
2798 addr += l;
2799 }
41063e1e 2800 rcu_read_unlock();
d0ecd2aa
FB		 2801}
2802
582b55a9 2803/* used for ROM loading : can write in RAM and ROM */
2a221651 2804void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2805 const uint8_t *buf, int len)
2806{
2a221651 2807 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2808}
2809
2810void cpu_flush_icache_range(hwaddr start, int len)
2811{
2812 /*
2813 * This function should do the same thing as an icache flush that was
2814 * triggered from within the guest. For TCG we are always cache coherent,
2815 * so there is no need to flush anything. For KVM / Xen we need to flush
2816 * the host's instruction cache at least.
2817 */
2818 if (tcg_enabled()) {
2819 return;
2820 }
2821
2a221651
EI		 2822 cpu_physical_memory_write_rom_internal(&address_space_memory,
2823 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2824}
2825
6d16c2f8 2826typedef struct {
d3e71559 2827 MemoryRegion *mr;
6d16c2f8 2828 void *buffer;
a8170e5e
AK		 2829 hwaddr addr;
2830 hwaddr len;
c2cba0ff 2831 bool in_use;
6d16c2f8
AL		 2832} BounceBuffer;
2833
2834static BounceBuffer bounce;
2835
ba223c29 2836typedef struct MapClient {
e95205e1 2837 QEMUBH *bh;
72cf2d4f 2838 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2839} MapClient;
2840
38e047b5 2841QemuMutex map_client_list_lock;
72cf2d4f
BS		 2842static QLIST_HEAD(map_client_list, MapClient) map_client_list
2843 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2844
e95205e1
FZ		 2845static void cpu_unregister_map_client_do(MapClient *client)
2846{
2847 QLIST_REMOVE(client, link);
2848 g_free(client);
2849}
2850
33b6c2ed
FZ		 2851static void cpu_notify_map_clients_locked(void)
2852{
2853 MapClient *client;
2854
2855 while (!QLIST_EMPTY(&map_client_list)) {
2856 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2857 qemu_bh_schedule(client->bh);
2858 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2859 }
2860}
2861
e95205e1 2862void cpu_register_map_client(QEMUBH *bh)
ba223c29 2863{
7267c094 2864 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2865
38e047b5 2866 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2867 client->bh = bh;
72cf2d4f 2868 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2869 if (!atomic_read(&bounce.in_use)) {
2870 cpu_notify_map_clients_locked();
2871 }
38e047b5 2872 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2873}
2874
38e047b5 2875void cpu_exec_init_all(void)
ba223c29 2876{
38e047b5 2877 qemu_mutex_init(&ram_list.mutex);
38e047b5 2878 io_mem_init();
680a4783 2879 memory_map_init();
38e047b5 2880 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2881}
2882
e95205e1 2883void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2884{
2885 MapClient *client;
2886
e95205e1
FZ		 2887 qemu_mutex_lock(&map_client_list_lock);
2888 QLIST_FOREACH(client, &map_client_list, link) {
2889 if (client->bh == bh) {
2890 cpu_unregister_map_client_do(client);
2891 break;
2892 }
ba223c29 2893 }
e95205e1 2894 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2895}
2896
2897static void cpu_notify_map_clients(void)
2898{
38e047b5 2899 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2900 cpu_notify_map_clients_locked();
38e047b5 2901 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2902}
2903
51644ab7
PB		 2904bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2905{
5c8a00ce 2906 MemoryRegion *mr;
51644ab7
PB		 2907 hwaddr l, xlat;
2908
41063e1e 2909 rcu_read_lock();
51644ab7
PB		 2910 while (len > 0) {
2911 l = len;
5c8a00ce
PB		 2912 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2913 if (!memory_access_is_direct(mr, is_write)) {
2914 l = memory_access_size(mr, l, addr);
2915 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2916 return false;
2917 }
2918 }
2919
2920 len -= l;
2921 addr += l;
2922 }
41063e1e 2923 rcu_read_unlock();
51644ab7
PB		 2924 return true;
2925}
2926
6d16c2f8
AL		 2927/* Map a physical memory region into a host virtual address.
2928 * May map a subset of the requested range, given by and returned in *plen.
2929 * May return NULL if resources needed to perform the mapping are exhausted.
2930 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2931 * Use cpu_register_map_client() to know when retrying the map operation is
2932 * likely to succeed.
6d16c2f8 2933 */
ac1970fb 2934void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2935 hwaddr addr,
2936 hwaddr *plen,
ac1970fb 2937 bool is_write)
6d16c2f8 2938{
a8170e5e 2939 hwaddr len = *plen;
e3127ae0
PB		 2940 hwaddr done = 0;
2941 hwaddr l, xlat, base;
2942 MemoryRegion *mr, *this_mr;
2943 ram_addr_t raddr;
e81bcda5 2944 void *ptr;
6d16c2f8 2945
e3127ae0
PB		 2946 if (len == 0) {
2947 return NULL;
2948 }
38bee5dc 2949
e3127ae0 2950 l = len;
41063e1e 2951 rcu_read_lock();
e3127ae0 2952 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2953
e3127ae0 2954 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2955 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2956 rcu_read_unlock();
e3127ae0 2957 return NULL;
6d16c2f8 2958 }
e85d9db5
KW		 2959 /* Avoid unbounded allocations */
2960 l = MIN(l, TARGET_PAGE_SIZE);
2961 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2962 bounce.addr = addr;
2963 bounce.len = l;
d3e71559
PB		 2964
2965 memory_region_ref(mr);
2966 bounce.mr = mr;
e3127ae0 2967 if (!is_write) {
5c9eb028
PM		 2968 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2969 bounce.buffer, l);
8ab934f9 2970 }
6d16c2f8 2971
41063e1e 2972 rcu_read_unlock();
e3127ae0
PB		 2973 *plen = l;
2974 return bounce.buffer;
2975 }
2976
2977 base = xlat;
2978 raddr = memory_region_get_ram_addr(mr);
2979
2980 for (;;) {
6d16c2f8
AL		 2981 len -= l;
2982 addr += l;
e3127ae0
PB		 2983 done += l;
2984 if (len == 0) {
2985 break;
2986 }
2987
2988 l = len;
2989 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2990 if (this_mr != mr || xlat != base + done) {
2991 break;
2992 }
6d16c2f8 2993 }
e3127ae0 2994
d3e71559 2995 memory_region_ref(mr);
e3127ae0 2996 *plen = done;
3655cb9c 2997 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 2998 rcu_read_unlock();
2999
3000 return ptr;
6d16c2f8
AL		 3001}
3002
ac1970fb 3003/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3004 * Will also mark the memory as dirty if is_write == 1. access_len gives
3005 * the amount of memory that was actually read or written by the caller.
3006 */
a8170e5e
AK		 3007void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3008 int is_write, hwaddr access_len)
6d16c2f8
AL		 3009{
3010 if (buffer != bounce.buffer) {
d3e71559
PB		 3011 MemoryRegion *mr;
3012 ram_addr_t addr1;
3013
3014 mr = qemu_ram_addr_from_host(buffer, &addr1);
3015 assert(mr != NULL);
6d16c2f8 3016 if (is_write) {
845b6214 3017 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3018 }
868bb33f 3019 if (xen_enabled()) {
e41d7c69 3020 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3021 }
d3e71559 3022 memory_region_unref(mr);
6d16c2f8
AL		 3023 return;
3024 }
3025 if (is_write) {
5c9eb028
PM		 3026 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3027 bounce.buffer, access_len);
6d16c2f8 3028 }
f8a83245 3029 qemu_vfree(bounce.buffer);
6d16c2f8 3030 bounce.buffer = NULL;
d3e71559 3031 memory_region_unref(bounce.mr);
c2cba0ff 3032 atomic_mb_set(&bounce.in_use, false);
ba223c29 3033 cpu_notify_map_clients();
6d16c2f8 3034}
d0ecd2aa 3035
a8170e5e
AK		 3036void *cpu_physical_memory_map(hwaddr addr,
3037 hwaddr *plen,
ac1970fb
AK		 3038 int is_write)
3039{
3040 return address_space_map(&address_space_memory, addr, plen, is_write);
3041}
3042
a8170e5e
AK		 3043void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3044 int is_write, hwaddr access_len)
ac1970fb
AK		 3045{
3046 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3047}
3048
8df1cd07 3049/* warning: addr must be aligned */
50013115
PM		 3050static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3051 MemTxAttrs attrs,
3052 MemTxResult *result,
3053 enum device_endian endian)
8df1cd07 3054{
8df1cd07 3055 uint8_t *ptr;
791af8c8 3056 uint64_t val;
5c8a00ce 3057 MemoryRegion *mr;
149f54b5
PB		 3058 hwaddr l = 4;
3059 hwaddr addr1;
50013115 3060 MemTxResult r;
4840f10e 3061 bool release_lock = false;
8df1cd07 3062
41063e1e 3063 rcu_read_lock();
fdfba1a2 3064 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3065 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3066 release_lock |= prepare_mmio_access(mr);
125b3806 3067
8df1cd07 3068 /* I/O case */
50013115 3069 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3070#if defined(TARGET_WORDS_BIGENDIAN)
3071 if (endian == DEVICE_LITTLE_ENDIAN) {
3072 val = bswap32(val);
3073 }
3074#else
3075 if (endian == DEVICE_BIG_ENDIAN) {
3076 val = bswap32(val);
3077 }
3078#endif
8df1cd07
FB		 3079 } else {
3080 /* RAM case */
3655cb9c
GA		 3081 ptr = qemu_get_ram_ptr(mr->ram_block,
3082 (memory_region_get_ram_addr(mr)
06ef3525 3083 & TARGET_PAGE_MASK)
149f54b5 3084 + addr1);
1e78bcc1
AG		 3085 switch (endian) {
3086 case DEVICE_LITTLE_ENDIAN:
3087 val = ldl_le_p(ptr);
3088 break;
3089 case DEVICE_BIG_ENDIAN:
3090 val = ldl_be_p(ptr);
3091 break;
3092 default:
3093 val = ldl_p(ptr);
3094 break;
3095 }
50013115
PM		 3096 r = MEMTX_OK;
3097 }
3098 if (result) {
3099 *result = r;
8df1cd07 3100 }
4840f10e
JK		 3101 if (release_lock) {
3102 qemu_mutex_unlock_iothread();
3103 }
41063e1e 3104 rcu_read_unlock();
8df1cd07
FB		 3105 return val;
3106}
3107
50013115
PM		 3108uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3109 MemTxAttrs attrs, MemTxResult *result)
3110{
3111 return address_space_ldl_internal(as, addr, attrs, result,
3112 DEVICE_NATIVE_ENDIAN);
3113}
3114
3115uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3116 MemTxAttrs attrs, MemTxResult *result)
3117{
3118 return address_space_ldl_internal(as, addr, attrs, result,
3119 DEVICE_LITTLE_ENDIAN);
3120}
3121
3122uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs, MemTxResult *result)
3124{
3125 return address_space_ldl_internal(as, addr, attrs, result,
3126 DEVICE_BIG_ENDIAN);
3127}
3128
fdfba1a2 3129uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3130{
50013115 3131 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3132}
3133
fdfba1a2 3134uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3135{
50013115 3136 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3137}
3138
fdfba1a2 3139uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3140{
50013115 3141 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3142}
3143
84b7b8e7 3144/* warning: addr must be aligned */
50013115
PM		 3145static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs,
3147 MemTxResult *result,
3148 enum device_endian endian)
84b7b8e7 3149{
84b7b8e7
FB		 3150 uint8_t *ptr;
3151 uint64_t val;
5c8a00ce 3152 MemoryRegion *mr;
149f54b5
PB		 3153 hwaddr l = 8;
3154 hwaddr addr1;
50013115 3155 MemTxResult r;
4840f10e 3156 bool release_lock = false;
84b7b8e7 3157
41063e1e 3158 rcu_read_lock();
2c17449b 3159 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3160 false);
3161 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3162 release_lock |= prepare_mmio_access(mr);
125b3806 3163
84b7b8e7 3164 /* I/O case */
50013115 3165 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3166#if defined(TARGET_WORDS_BIGENDIAN)
3167 if (endian == DEVICE_LITTLE_ENDIAN) {
3168 val = bswap64(val);
3169 }
3170#else
3171 if (endian == DEVICE_BIG_ENDIAN) {
3172 val = bswap64(val);
3173 }
84b7b8e7
FB		 3174#endif
3175 } else {
3176 /* RAM case */
3655cb9c
GA		 3177 ptr = qemu_get_ram_ptr(mr->ram_block,
3178 (memory_region_get_ram_addr(mr)
06ef3525 3179 & TARGET_PAGE_MASK)
149f54b5 3180 + addr1);
1e78bcc1
AG		 3181 switch (endian) {
3182 case DEVICE_LITTLE_ENDIAN:
3183 val = ldq_le_p(ptr);
3184 break;
3185 case DEVICE_BIG_ENDIAN:
3186 val = ldq_be_p(ptr);
3187 break;
3188 default:
3189 val = ldq_p(ptr);
3190 break;
3191 }
50013115
PM		 3192 r = MEMTX_OK;
3193 }
3194 if (result) {
3195 *result = r;
84b7b8e7 3196 }
4840f10e
JK		 3197 if (release_lock) {
3198 qemu_mutex_unlock_iothread();
3199 }
41063e1e 3200 rcu_read_unlock();
84b7b8e7
FB		 3201 return val;
3202}
3203
50013115
PM		 3204uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3205 MemTxAttrs attrs, MemTxResult *result)
3206{
3207 return address_space_ldq_internal(as, addr, attrs, result,
3208 DEVICE_NATIVE_ENDIAN);
3209}
3210
3211uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3212 MemTxAttrs attrs, MemTxResult *result)
3213{
3214 return address_space_ldq_internal(as, addr, attrs, result,
3215 DEVICE_LITTLE_ENDIAN);
3216}
3217
3218uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3219 MemTxAttrs attrs, MemTxResult *result)
3220{
3221 return address_space_ldq_internal(as, addr, attrs, result,
3222 DEVICE_BIG_ENDIAN);
3223}
3224
2c17449b 3225uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3226{
50013115 3227 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3228}
3229
2c17449b 3230uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3231{
50013115 3232 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3233}
3234
2c17449b 3235uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3236{
50013115 3237 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3238}
3239
aab33094 3240/* XXX: optimize */
50013115
PM		 3241uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3243{
3244 uint8_t val;
50013115
PM		 3245 MemTxResult r;
3246
3247 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3248 if (result) {
3249 *result = r;
3250 }
aab33094
FB		 3251 return val;
3252}
3253
50013115
PM		 3254uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3255{
3256 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3257}
3258
733f0b02 3259/* warning: addr must be aligned */
50013115
PM		 3260static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3261 hwaddr addr,
3262 MemTxAttrs attrs,
3263 MemTxResult *result,
3264 enum device_endian endian)
aab33094 3265{
733f0b02
MT		 3266 uint8_t *ptr;
3267 uint64_t val;
5c8a00ce 3268 MemoryRegion *mr;
149f54b5
PB		 3269 hwaddr l = 2;
3270 hwaddr addr1;
50013115 3271 MemTxResult r;
4840f10e 3272 bool release_lock = false;
733f0b02 3273
41063e1e 3274 rcu_read_lock();
41701aa4 3275 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3276 false);
3277 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3278 release_lock |= prepare_mmio_access(mr);
125b3806 3279
733f0b02 3280 /* I/O case */
50013115 3281 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3282#if defined(TARGET_WORDS_BIGENDIAN)
3283 if (endian == DEVICE_LITTLE_ENDIAN) {
3284 val = bswap16(val);
3285 }
3286#else
3287 if (endian == DEVICE_BIG_ENDIAN) {
3288 val = bswap16(val);
3289 }
3290#endif
733f0b02
MT		 3291 } else {
3292 /* RAM case */
3655cb9c
GA		 3293 ptr = qemu_get_ram_ptr(mr->ram_block,
3294 (memory_region_get_ram_addr(mr)
06ef3525 3295 & TARGET_PAGE_MASK)
149f54b5 3296 + addr1);
1e78bcc1
AG		 3297 switch (endian) {
3298 case DEVICE_LITTLE_ENDIAN:
3299 val = lduw_le_p(ptr);
3300 break;
3301 case DEVICE_BIG_ENDIAN:
3302 val = lduw_be_p(ptr);
3303 break;
3304 default:
3305 val = lduw_p(ptr);
3306 break;
3307 }
50013115
PM		 3308 r = MEMTX_OK;
3309 }
3310 if (result) {
3311 *result = r;
733f0b02 3312 }
4840f10e
JK		 3313 if (release_lock) {
3314 qemu_mutex_unlock_iothread();
3315 }
41063e1e 3316 rcu_read_unlock();
733f0b02 3317 return val;
aab33094
FB		 3318}
3319
50013115
PM		 3320uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3321 MemTxAttrs attrs, MemTxResult *result)
3322{
3323 return address_space_lduw_internal(as, addr, attrs, result,
3324 DEVICE_NATIVE_ENDIAN);
3325}
3326
3327uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3328 MemTxAttrs attrs, MemTxResult *result)
3329{
3330 return address_space_lduw_internal(as, addr, attrs, result,
3331 DEVICE_LITTLE_ENDIAN);
3332}
3333
3334uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3335 MemTxAttrs attrs, MemTxResult *result)
3336{
3337 return address_space_lduw_internal(as, addr, attrs, result,
3338 DEVICE_BIG_ENDIAN);
3339}
3340
41701aa4 3341uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3342{
50013115 3343 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3344}
3345
41701aa4 3346uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3347{
50013115 3348 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3349}
3350
41701aa4 3351uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3352{
50013115 3353 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3354}
3355
8df1cd07
FB		 3356/* warning: addr must be aligned. The ram page is not masked as dirty
3357 and the code inside is not invalidated. It is useful if the dirty
3358 bits are used to track modified PTEs */
50013115
PM		 3359void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3360 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3361{
8df1cd07 3362 uint8_t *ptr;
5c8a00ce 3363 MemoryRegion *mr;
149f54b5
PB		 3364 hwaddr l = 4;
3365 hwaddr addr1;
50013115 3366 MemTxResult r;
845b6214 3367 uint8_t dirty_log_mask;
4840f10e 3368 bool release_lock = false;
8df1cd07 3369
41063e1e 3370 rcu_read_lock();
2198a121 3371 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3372 true);
3373 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3374 release_lock |= prepare_mmio_access(mr);
125b3806 3375
50013115 3376 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3377 } else {
5c8a00ce 3378 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3379 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3380 stl_p(ptr, val);
74576198 3381
845b6214
PB		 3382 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3383 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3384 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3385 r = MEMTX_OK;
3386 }
3387 if (result) {
3388 *result = r;
8df1cd07 3389 }
4840f10e
JK		 3390 if (release_lock) {
3391 qemu_mutex_unlock_iothread();
3392 }
41063e1e 3393 rcu_read_unlock();
8df1cd07
FB		 3394}
3395
50013115
PM		 3396void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3397{
3398 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3399}
3400
8df1cd07 3401/* warning: addr must be aligned */
50013115
PM		 3402static inline void address_space_stl_internal(AddressSpace *as,
3403 hwaddr addr, uint32_t val,
3404 MemTxAttrs attrs,
3405 MemTxResult *result,
3406 enum device_endian endian)
8df1cd07 3407{
8df1cd07 3408 uint8_t *ptr;
5c8a00ce 3409 MemoryRegion *mr;
149f54b5
PB		 3410 hwaddr l = 4;
3411 hwaddr addr1;
50013115 3412 MemTxResult r;
4840f10e 3413 bool release_lock = false;
8df1cd07 3414
41063e1e 3415 rcu_read_lock();
ab1da857 3416 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3417 true);
3418 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3419 release_lock |= prepare_mmio_access(mr);
125b3806 3420
1e78bcc1
AG		 3421#if defined(TARGET_WORDS_BIGENDIAN)
3422 if (endian == DEVICE_LITTLE_ENDIAN) {
3423 val = bswap32(val);
3424 }
3425#else
3426 if (endian == DEVICE_BIG_ENDIAN) {
3427 val = bswap32(val);
3428 }
3429#endif
50013115 3430 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3431 } else {
8df1cd07 3432 /* RAM case */
5c8a00ce 3433 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3434 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3435 switch (endian) {
3436 case DEVICE_LITTLE_ENDIAN:
3437 stl_le_p(ptr, val);
3438 break;
3439 case DEVICE_BIG_ENDIAN:
3440 stl_be_p(ptr, val);
3441 break;
3442 default:
3443 stl_p(ptr, val);
3444 break;
3445 }
845b6214 3446 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3447 r = MEMTX_OK;
3448 }
3449 if (result) {
3450 *result = r;
8df1cd07 3451 }
4840f10e
JK		 3452 if (release_lock) {
3453 qemu_mutex_unlock_iothread();
3454 }
41063e1e 3455 rcu_read_unlock();
8df1cd07
FB		 3456}
3457
50013115
PM		 3458void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3459 MemTxAttrs attrs, MemTxResult *result)
3460{
3461 address_space_stl_internal(as, addr, val, attrs, result,
3462 DEVICE_NATIVE_ENDIAN);
3463}
3464
3465void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
3467{
3468 address_space_stl_internal(as, addr, val, attrs, result,
3469 DEVICE_LITTLE_ENDIAN);
3470}
3471
3472void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3473 MemTxAttrs attrs, MemTxResult *result)
3474{
3475 address_space_stl_internal(as, addr, val, attrs, result,
3476 DEVICE_BIG_ENDIAN);
3477}
3478
ab1da857 3479void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3480{
50013115 3481 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3482}
3483
ab1da857 3484void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3485{
50013115 3486 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3487}
3488
ab1da857 3489void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3490{
50013115 3491 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3492}
3493
aab33094 3494/* XXX: optimize */
50013115
PM		 3495void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3497{
3498 uint8_t v = val;
50013115
PM		 3499 MemTxResult r;
3500
3501 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3502 if (result) {
3503 *result = r;
3504 }
3505}
3506
3507void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3508{
3509 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3510}
3511
733f0b02 3512/* warning: addr must be aligned */
50013115
PM		 3513static inline void address_space_stw_internal(AddressSpace *as,
3514 hwaddr addr, uint32_t val,
3515 MemTxAttrs attrs,
3516 MemTxResult *result,
3517 enum device_endian endian)
aab33094 3518{
733f0b02 3519 uint8_t *ptr;
5c8a00ce 3520 MemoryRegion *mr;
149f54b5
PB		 3521 hwaddr l = 2;
3522 hwaddr addr1;
50013115 3523 MemTxResult r;
4840f10e 3524 bool release_lock = false;
733f0b02 3525
41063e1e 3526 rcu_read_lock();
5ce5944d 3527 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3528 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3529 release_lock |= prepare_mmio_access(mr);
125b3806 3530
1e78bcc1
AG		 3531#if defined(TARGET_WORDS_BIGENDIAN)
3532 if (endian == DEVICE_LITTLE_ENDIAN) {
3533 val = bswap16(val);
3534 }
3535#else
3536 if (endian == DEVICE_BIG_ENDIAN) {
3537 val = bswap16(val);
3538 }
3539#endif
50013115 3540 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3541 } else {
733f0b02 3542 /* RAM case */
5c8a00ce 3543 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3544 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3545 switch (endian) {
3546 case DEVICE_LITTLE_ENDIAN:
3547 stw_le_p(ptr, val);
3548 break;
3549 case DEVICE_BIG_ENDIAN:
3550 stw_be_p(ptr, val);
3551 break;
3552 default:
3553 stw_p(ptr, val);
3554 break;
3555 }
845b6214 3556 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3557 r = MEMTX_OK;
3558 }
3559 if (result) {
3560 *result = r;
733f0b02 3561 }
4840f10e
JK		 3562 if (release_lock) {
3563 qemu_mutex_unlock_iothread();
3564 }
41063e1e 3565 rcu_read_unlock();
aab33094
FB		 3566}
3567
50013115
PM		 3568void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3569 MemTxAttrs attrs, MemTxResult *result)
3570{
3571 address_space_stw_internal(as, addr, val, attrs, result,
3572 DEVICE_NATIVE_ENDIAN);
3573}
3574
3575void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3576 MemTxAttrs attrs, MemTxResult *result)
3577{
3578 address_space_stw_internal(as, addr, val, attrs, result,
3579 DEVICE_LITTLE_ENDIAN);
3580}
3581
3582void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3583 MemTxAttrs attrs, MemTxResult *result)
3584{
3585 address_space_stw_internal(as, addr, val, attrs, result,
3586 DEVICE_BIG_ENDIAN);
3587}
3588
5ce5944d 3589void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3590{
50013115 3591 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3592}
3593
5ce5944d 3594void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3595{
50013115 3596 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3597}
3598
5ce5944d 3599void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3600{
50013115 3601 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3602}
3603
aab33094 3604/* XXX: optimize */
50013115
PM		 3605void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3606 MemTxAttrs attrs, MemTxResult *result)
aab33094 3607{
50013115 3608 MemTxResult r;
aab33094 3609 val = tswap64(val);
50013115
PM		 3610 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3611 if (result) {
3612 *result = r;
3613 }
aab33094
FB		 3614}
3615
50013115
PM		 3616void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3617 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3618{
50013115 3619 MemTxResult r;
1e78bcc1 3620 val = cpu_to_le64(val);
50013115
PM		 3621 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3622 if (result) {
3623 *result = r;
3624 }
3625}
3626void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3627 MemTxAttrs attrs, MemTxResult *result)
3628{
3629 MemTxResult r;
3630 val = cpu_to_be64(val);
3631 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3632 if (result) {
3633 *result = r;
3634 }
3635}
3636
3637void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3638{
3639 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3640}
3641
3642void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3643{
3644 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3645}
3646
f606604f 3647void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3648{
50013115 3649 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3650}
3651
5e2972fd 3652/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3653int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3654 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3655{
3656 int l;
a8170e5e 3657 hwaddr phys_addr;
9b3c35e0 3658 target_ulong page;
13eb76e0
FB		 3659
3660 while (len > 0) {
5232e4c7
PM		 3661 int asidx;
3662 MemTxAttrs attrs;
3663
13eb76e0 3664 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3665 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3666 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3667 /* if no physical page mapped, return an error */
3668 if (phys_addr == -1)
3669 return -1;
3670 l = (page + TARGET_PAGE_SIZE) - addr;
3671 if (l > len)
3672 l = len;
5e2972fd 3673 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3674 if (is_write) {
5232e4c7
PM		 3675 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3676 phys_addr, buf, l);
2e38847b 3677 } else {
5232e4c7
PM		 3678 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3679 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3680 buf, l, 0);
2e38847b 3681 }
13eb76e0
FB		 3682 len -= l;
3683 buf += l;
3684 addr += l;
3685 }
3686 return 0;
3687}
038629a6
DDAG		 3688
3689/*
3690 * Allows code that needs to deal with migration bitmaps etc to still be built
3691 * target independent.
3692 */
3693size_t qemu_target_page_bits(void)
3694{
3695 return TARGET_PAGE_BITS;
3696}
3697
a68fe89c 3698#endif
13eb76e0 3699
8e4a424b
BS		 3700/*
3701 * A helper function for the _utterly broken_ virtio device model to find out if
3702 * it's running on a big endian machine. Don't do this at home kids!
3703 */
98ed8ecf
GK		 3704bool target_words_bigendian(void);
3705bool target_words_bigendian(void)
8e4a424b
BS		 3706{
3707#if defined(TARGET_WORDS_BIGENDIAN)
3708 return true;
3709#else
3710 return false;
3711#endif
3712}
3713
76f35538 3714#ifndef CONFIG_USER_ONLY
a8170e5e 3715bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3716{
5c8a00ce 3717 MemoryRegion*mr;
149f54b5 3718 hwaddr l = 1;
41063e1e 3719 bool res;
76f35538 3720
41063e1e 3721 rcu_read_lock();
5c8a00ce
PB		 3722 mr = address_space_translate(&address_space_memory,
3723 phys_addr, &phys_addr, &l, false);
76f35538 3724
41063e1e
PB		 3725 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3726 rcu_read_unlock();
3727 return res;
76f35538 3728}
bd2fa51f 3729
e3807054 3730int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3731{
3732 RAMBlock *block;
e3807054 3733 int ret = 0;
bd2fa51f 3734
0dc3f44a
MD		 3735 rcu_read_lock();
3736 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3737 ret = func(block->idstr, block->host, block->offset,
3738 block->used_length, opaque);
3739 if (ret) {
3740 break;
3741 }
bd2fa51f 3742 }
0dc3f44a 3743 rcu_read_unlock();
e3807054 3744 return ret;
bd2fa51f 3745}
ec3f8c99 3746#endif
Empty description
This page took 1.552511 seconds and 4 git commands to generate.