]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
translate-all.c: Compute L1 page table properties at runtime
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c 155 hwaddr base;
2615fabd 156 uint16_t sub_section[];
90260c6c
JK		 157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
efee678d 258static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
efee678d 278 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
b35ba30f 310 if (d->phys_map.skip) {
efee678d 311 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 312 }
313}
314
29cb533d
FZ		 315static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317{
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324}
325
97115a8d 326static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 327 Node *nodes, MemoryRegionSection *sections)
92e873b9 328{
31ab2b4a 329 PhysPageEntry *p;
97115a8d 330 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 331 int i;
f1f6e3b8 332
9736e55b 333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 335 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 336 }
9affd6fc 337 p = nodes[lp.ptr];
03f49957 338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 339 }
b35ba30f 340
29cb533d 341 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
f3705d53
AK		 346}
347
e5548617
BS		 348bool memory_region_is_unassigned(MemoryRegion *mr)
349{
2a8e7499 350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 351 && mr != &io_mem_watch;
fd6ce8f6 352}
149f54b5 353
79e2b9ae 354/* Called from RCU critical section */
c7086b4a 355static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 356 hwaddr addr,
357 bool resolve_subpage)
9f029603 358{
729633c2 359 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 360 subpage_t *subpage;
729633c2 361 bool update;
90260c6c 362
729633c2
FZ		 363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
90260c6c
JK		 371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 374 }
729633c2
FZ		 375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
90260c6c 378 return section;
9f029603
JK		 379}
380
79e2b9ae 381/* Called from RCU critical section */
90260c6c 382static MemoryRegionSection *
c7086b4a 383address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 384 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 385{
386 MemoryRegionSection *section;
965eb2fc 387 MemoryRegion *mr;
a87f3954 388 Int128 diff;
149f54b5 389
c7086b4a 390 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
965eb2fc 397 mr = section->mr;
b242e0e0
PB		 398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
965eb2fc 410 if (memory_region_is_ram(mr)) {
e4a511f8 411 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
149f54b5
PB		 414 return section;
415}
90260c6c 416
41063e1e 417/* Called from RCU critical section */
5c8a00ce
PB		 418MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
90260c6c 421{
30951157
AK		 422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
30951157
AK		 425
426 for (;;) {
79e2b9ae
PB		 427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
8d7b8cb9 435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
23820dbf 438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
fe680d0d 447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 449 *plen = MIN(page, *plen);
a87f3954
PB		 450 }
451
30951157
AK		 452 *xlat = addr;
453 return mr;
90260c6c
JK		 454}
455
79e2b9ae 456/* Called from RCU critical section */
90260c6c 457MemoryRegionSection *
d7898cda 458address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 459 hwaddr *xlat, hwaddr *plen)
90260c6c 460{
30951157 461 MemoryRegionSection *section;
d7898cda
PM		 462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 465
466 assert(!section->mr->iommu_ops);
467 return section;
90260c6c 468}
5b6dd868 469#endif
fd6ce8f6 470
b170fce3 471#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 472
473static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 474{
259186a7 475 CPUState *cpu = opaque;
a513fe19 476
5b6dd868
BS		 477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
259186a7 479 cpu->interrupt_request &= ~0x01;
c01a71c1 480 tlb_flush(cpu, 1);
5b6dd868
BS		 481
482 return 0;
a513fe19 483}
7501267e 484
6c3bff0e
PD		 485static int cpu_common_pre_load(void *opaque)
486{
487 CPUState *cpu = opaque;
488
adee6424 489 cpu->exception_index = -1;
6c3bff0e
PD		 490
491 return 0;
492}
493
494static bool cpu_common_exception_index_needed(void *opaque)
495{
496 CPUState *cpu = opaque;
497
adee6424 498 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 499}
500
501static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
5cd8cada 505 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510};
511
bac05aa9
AS		 512static bool cpu_common_crash_occurred_needed(void *opaque)
513{
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517}
518
519static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528};
529
1a1562f5 530const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
6c3bff0e 534 .pre_load = cpu_common_pre_load,
5b6dd868 535 .post_load = cpu_common_post_load,
35d08458 536 .fields = (VMStateField[]) {
259186a7
AF		 537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 539 VMSTATE_END_OF_LIST()
6c3bff0e 540 },
5cd8cada
JQ		 541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
bac05aa9 543 &vmstate_cpu_common_crash_occurred,
5cd8cada 544 NULL
5b6dd868
BS		 545 }
546};
1a1562f5 547
5b6dd868 548#endif
ea041c0e 549
38d8f5c8 550CPUState *qemu_get_cpu(int index)
ea041c0e 551{
bdc44640 552 CPUState *cpu;
ea041c0e 553
bdc44640 554 CPU_FOREACH(cpu) {
55e5c285 555 if (cpu->cpu_index == index) {
bdc44640 556 return cpu;
55e5c285 557 }
ea041c0e 558 }
5b6dd868 559
bdc44640 560 return NULL;
ea041c0e
FB		 561}
562
09daed84 563#if !defined(CONFIG_USER_ONLY)
56943e8c 564void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 565{
12ebc9a7
PM		 566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
56943e8c
PM		 571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
12ebc9a7
PM		 576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
09daed84 578
12ebc9a7
PM		 579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 581 }
32857f4d 582
12ebc9a7
PM		 583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
56943e8c 586 if (tcg_enabled()) {
12ebc9a7
PM		 587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 589 }
09daed84 590}
651a5bc0
PM		 591
592AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593{
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596}
09daed84
EI		 597#endif
598
1c59eb39
BR		 599void cpu_exec_exit(CPUState *cpu)
600{
9dfeca7c
BR		 601 CPUClass *cc = CPU_GET_CLASS(cpu);
602
267f685b 603 cpu_list_remove(cpu);
9dfeca7c
BR		 604
605 if (cc->vmsd != NULL) {
606 vmstate_unregister(NULL, cc->vmsd, cpu);
607 }
608 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
609 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
610 }
1c59eb39
BR		 611}
612
4bad9e39 613void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 614{
1bc7e522 615 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
a07f953e 616 Error *local_err ATTRIBUTE_UNUSED = NULL;
5b6dd868 617
56943e8c 618 cpu->as = NULL;
12ebc9a7 619 cpu->num_ases = 0;
56943e8c 620
291135b5 621#ifndef CONFIG_USER_ONLY
291135b5 622 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 623
624 /* This is a softmmu CPU object, so create a property for it
625 * so users can wire up its memory. (This can't go in qom/cpu.c
626 * because that file is compiled only once for both user-mode
627 * and system builds.) The default if no link is set up is to use
628 * the system address space.
629 */
630 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
631 (Object **)&cpu->memory,
632 qdev_prop_allow_set_link_before_realize,
633 OBJ_PROP_LINK_UNREF_ON_RELEASE,
634 &error_abort);
635 cpu->memory = system_memory;
636 object_ref(OBJECT(cpu->memory));
291135b5
EH		 637#endif
638
267f685b 639 cpu_list_add(cpu);
1bc7e522
IM		 640
641#ifndef CONFIG_USER_ONLY
e0d47944 642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 643 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 644 }
b170fce3 645 if (cc->vmsd != NULL) {
741da0d3 646 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 647 }
741da0d3 648#endif
ea041c0e
FB		 649}
650
94df27fd 651#if defined(CONFIG_USER_ONLY)
00b941e5 652static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 653{
654 tb_invalidate_phys_page_range(pc, pc + 1, 0);
655}
656#else
00b941e5 657static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 658{
5232e4c7
PM		 659 MemTxAttrs attrs;
660 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
661 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 662 if (phys != -1) {
5232e4c7 663 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 664 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 665 }
1e7855a5 666}
c27004ec 667#endif
d720b93d 668
c527ee8f 669#if defined(CONFIG_USER_ONLY)
75a34036 670void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 671
672{
673}
674
3ee887e8
PM		 675int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
676 int flags)
677{
678 return -ENOSYS;
679}
680
681void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
682{
683}
684
75a34036 685int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 686 int flags, CPUWatchpoint **watchpoint)
687{
688 return -ENOSYS;
689}
690#else
6658ffb8 691/* Add a watchpoint. */
75a34036 692int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 693 int flags, CPUWatchpoint **watchpoint)
6658ffb8 694{
c0ce998e 695 CPUWatchpoint *wp;
6658ffb8 696
05068c0d 697 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 698 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 699 error_report("tried to set invalid watchpoint at %"
700 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 701 return -EINVAL;
702 }
7267c094 703 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 704
705 wp->vaddr = addr;
05068c0d 706 wp->len = len;
a1d1bb31
AL		 707 wp->flags = flags;
708
2dc9f411 709 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
714 }
6658ffb8 715
31b030d4 716 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 717
718 if (watchpoint)
719 *watchpoint = wp;
720 return 0;
6658ffb8
PB		 721}
722
a1d1bb31 723/* Remove a specific watchpoint. */
75a34036 724int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 725 int flags)
6658ffb8 726{
a1d1bb31 727 CPUWatchpoint *wp;
6658ffb8 728
ff4700b0 729 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 730 if (addr == wp->vaddr && len == wp->len
6e140f28 731 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 732 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 733 return 0;
734 }
735 }
a1d1bb31 736 return -ENOENT;
6658ffb8
PB		 737}
738
a1d1bb31 739/* Remove a specific watchpoint by reference. */
75a34036 740void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 741{
ff4700b0 742 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 743
31b030d4 744 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 745
7267c094 746 g_free(watchpoint);
a1d1bb31
AL		 747}
748
749/* Remove all matching watchpoints. */
75a34036 750void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 751{
c0ce998e 752 CPUWatchpoint *wp, *next;
a1d1bb31 753
ff4700b0 754 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 755 if (wp->flags & mask) {
756 cpu_watchpoint_remove_by_ref(cpu, wp);
757 }
c0ce998e 758 }
7d03f82f 759}
05068c0d
PM		 760
761/* Return true if this watchpoint address matches the specified
762 * access (ie the address range covered by the watchpoint overlaps
763 * partially or completely with the address range covered by the
764 * access).
765 */
766static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
767 vaddr addr,
768 vaddr len)
769{
770 /* We know the lengths are non-zero, but a little caution is
771 * required to avoid errors in the case where the range ends
772 * exactly at the top of the address space and so addr + len
773 * wraps round to zero.
774 */
775 vaddr wpend = wp->vaddr + wp->len - 1;
776 vaddr addrend = addr + len - 1;
777
778 return !(addr > wpend || wp->vaddr > addrend);
779}
780
c527ee8f 781#endif
7d03f82f 782
a1d1bb31 783/* Add a breakpoint. */
b3310ab3 784int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 785 CPUBreakpoint **breakpoint)
4c3a88a2 786{
c0ce998e 787 CPUBreakpoint *bp;
3b46e624 788
7267c094 789 bp = g_malloc(sizeof(*bp));
4c3a88a2 790
a1d1bb31
AL		 791 bp->pc = pc;
792 bp->flags = flags;
793
2dc9f411 794 /* keep all GDB-injected breakpoints in front */
00b941e5 795 if (flags & BP_GDB) {
f0c3c505 796 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 797 } else {
f0c3c505 798 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 799 }
3b46e624 800
f0c3c505 801 breakpoint_invalidate(cpu, pc);
a1d1bb31 802
00b941e5 803 if (breakpoint) {
a1d1bb31 804 *breakpoint = bp;
00b941e5 805 }
4c3a88a2 806 return 0;
4c3a88a2
FB		 807}
808
a1d1bb31 809/* Remove a specific breakpoint. */
b3310ab3 810int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 811{
a1d1bb31
AL		 812 CPUBreakpoint *bp;
813
f0c3c505 814 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 815 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 816 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 817 return 0;
818 }
7d03f82f 819 }
a1d1bb31 820 return -ENOENT;
7d03f82f
EI		 821}
822
a1d1bb31 823/* Remove a specific breakpoint by reference. */
b3310ab3 824void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 825{
f0c3c505
AF		 826 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
827
828 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 829
7267c094 830 g_free(breakpoint);
a1d1bb31
AL		 831}
832
833/* Remove all matching breakpoints. */
b3310ab3 834void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 835{
c0ce998e 836 CPUBreakpoint *bp, *next;
a1d1bb31 837
f0c3c505 838 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 839 if (bp->flags & mask) {
840 cpu_breakpoint_remove_by_ref(cpu, bp);
841 }
c0ce998e 842 }
4c3a88a2
FB		 843}
844
c33a346e
FB		 845/* enable or disable single step mode. EXCP_DEBUG is returned by the
846 CPU loop after each instruction */
3825b28f 847void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 848{
ed2803da
AF		 849 if (cpu->singlestep_enabled != enabled) {
850 cpu->singlestep_enabled = enabled;
851 if (kvm_enabled()) {
38e478ec 852 kvm_update_guest_debug(cpu, 0);
ed2803da 853 } else {
ccbb4d44 854 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 855 /* XXX: only flush what is necessary */
bbd77c18 856 tb_flush(cpu);
e22a25c9 857 }
c33a346e 858 }
c33a346e
FB		 859}
860
a47dddd7 861void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 862{
863 va_list ap;
493ae1f0 864 va_list ap2;
7501267e
FB		 865
866 va_start(ap, fmt);
493ae1f0 867 va_copy(ap2, ap);
7501267e
FB		 868 fprintf(stderr, "qemu: fatal: ");
869 vfprintf(stderr, fmt, ap);
870 fprintf(stderr, "\n");
878096ee 871 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 872 if (qemu_log_separate()) {
93fcfe39
AL		 873 qemu_log("qemu: fatal: ");
874 qemu_log_vprintf(fmt, ap2);
875 qemu_log("\n");
a0762859 876 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 877 qemu_log_flush();
93fcfe39 878 qemu_log_close();
924edcae 879 }
493ae1f0 880 va_end(ap2);
f9373291 881 va_end(ap);
7615936e 882 replay_finish();
fd052bf6
RV		 883#if defined(CONFIG_USER_ONLY)
884 {
885 struct sigaction act;
886 sigfillset(&act.sa_mask);
887 act.sa_handler = SIG_DFL;
888 sigaction(SIGABRT, &act, NULL);
889 }
890#endif
7501267e
FB		 891 abort();
892}
893
0124311e 894#if !defined(CONFIG_USER_ONLY)
0dc3f44a 895/* Called from RCU critical section */
041603fe
PB		 896static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
897{
898 RAMBlock *block;
899
43771539 900 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 901 if (block && addr - block->offset < block->max_length) {
68851b98 902 return block;
041603fe 903 }
0dc3f44a 904 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 905 if (addr - block->offset < block->max_length) {
041603fe
PB		 906 goto found;
907 }
908 }
909
910 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
911 abort();
912
913found:
43771539
PB		 914 /* It is safe to write mru_block outside the iothread lock. This
915 * is what happens:
916 *
917 * mru_block = xxx
918 * rcu_read_unlock()
919 * xxx removed from list
920 * rcu_read_lock()
921 * read mru_block
922 * mru_block = NULL;
923 * call_rcu(reclaim_ramblock, xxx);
924 * rcu_read_unlock()
925 *
926 * atomic_rcu_set is not needed here. The block was already published
927 * when it was placed into the list. Here we're just making an extra
928 * copy of the pointer.
929 */
041603fe
PB		 930 ram_list.mru_block = block;
931 return block;
932}
933
a2f4d5be 934static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 935{
9a13565d 936 CPUState *cpu;
041603fe 937 ram_addr_t start1;
a2f4d5be
JQ		 938 RAMBlock *block;
939 ram_addr_t end;
940
941 end = TARGET_PAGE_ALIGN(start + length);
942 start &= TARGET_PAGE_MASK;
d24981d3 943
0dc3f44a 944 rcu_read_lock();
041603fe
PB		 945 block = qemu_get_ram_block(start);
946 assert(block == qemu_get_ram_block(end - 1));
1240be24 947 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 948 CPU_FOREACH(cpu) {
949 tlb_reset_dirty(cpu, start1, length);
950 }
0dc3f44a 951 rcu_read_unlock();
d24981d3
JQ		 952}
953
5579c7f3 954/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 955bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
956 ram_addr_t length,
957 unsigned client)
1ccde1cb 958{
5b82b703 959 DirtyMemoryBlocks *blocks;
03eebc9e 960 unsigned long end, page;
5b82b703 961 bool dirty = false;
03eebc9e
SH		 962
963 if (length == 0) {
964 return false;
965 }
f23db169 966
03eebc9e
SH		 967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 969
970 rcu_read_lock();
971
972 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
973
974 while (page < end) {
975 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
976 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
977 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
978
979 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
980 offset, num);
981 page += num;
982 }
983
984 rcu_read_unlock();
03eebc9e
SH		 985
986 if (dirty && tcg_enabled()) {
a2f4d5be 987 tlb_reset_dirty_range_all(start, length);
5579c7f3 988 }
03eebc9e
SH		 989
990 return dirty;
1ccde1cb
FB		 991}
992
79e2b9ae 993/* Called from RCU critical section */
bb0e627a 994hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 995 MemoryRegionSection *section,
996 target_ulong vaddr,
997 hwaddr paddr, hwaddr xlat,
998 int prot,
999 target_ulong *address)
e5548617 1000{
a8170e5e 1001 hwaddr iotlb;
e5548617
BS		 1002 CPUWatchpoint *wp;
1003
cc5bea60 1004 if (memory_region_is_ram(section->mr)) {
e5548617 1005 /* Normal RAM. */
e4e69794 1006 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1007 if (!section->readonly) {
b41aac4f 1008 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1009 } else {
b41aac4f 1010 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1011 }
1012 } else {
0b8e2c10
PM		 1013 AddressSpaceDispatch *d;
1014
1015 d = atomic_rcu_read(&section->address_space->dispatch);
1016 iotlb = section - d->map.sections;
149f54b5 1017 iotlb += xlat;
e5548617
BS		 1018 }
1019
1020 /* Make accesses to pages with watchpoints go via the
1021 watchpoint trap routines. */
ff4700b0 1022 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1023 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1024 /* Avoid trapping reads of pages with a write breakpoint. */
1025 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1026 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1027 *address |= TLB_MMIO;
1028 break;
1029 }
1030 }
1031 }
1032
1033 return iotlb;
1034}
9fa3e853
FB		 1035#endif /* defined(CONFIG_USER_ONLY) */
1036
e2eef170 1037#if !defined(CONFIG_USER_ONLY)
8da3ff18 1038
c227f099 1039static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1040 uint16_t section);
acc9d80b 1041static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1042
a2b257d6
IM		 1043static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1044 qemu_anon_ram_alloc;
91138037
MA		 1045
1046/*
1047 * Set a custom physical guest memory alloator.
1048 * Accelerators with unusual needs may need this. Hopefully, we can
1049 * get rid of it eventually.
1050 */
a2b257d6 1051void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1052{
1053 phys_mem_alloc = alloc;
1054}
1055
53cb28cb
MA		 1056static uint16_t phys_section_add(PhysPageMap *map,
1057 MemoryRegionSection *section)
5312bd8b 1058{
68f3f65b
PB		 1059 /* The physical section number is ORed with a page-aligned
1060 * pointer to produce the iotlb entries. Thus it should
1061 * never overflow into the page-aligned value.
1062 */
53cb28cb 1063 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1064
53cb28cb
MA		 1065 if (map->sections_nb == map->sections_nb_alloc) {
1066 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1067 map->sections = g_renew(MemoryRegionSection, map->sections,
1068 map->sections_nb_alloc);
5312bd8b 1069 }
53cb28cb 1070 map->sections[map->sections_nb] = *section;
dfde4e6e 1071 memory_region_ref(section->mr);
53cb28cb 1072 return map->sections_nb++;
5312bd8b
AK		 1073}
1074
058bc4b5
PB		 1075static void phys_section_destroy(MemoryRegion *mr)
1076{
55b4e80b
DS		 1077 bool have_sub_page = mr->subpage;
1078
dfde4e6e
PB		 1079 memory_region_unref(mr);
1080
55b4e80b 1081 if (have_sub_page) {
058bc4b5 1082 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1083 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1084 g_free(subpage);
1085 }
1086}
1087
6092666e 1088static void phys_sections_free(PhysPageMap *map)
5312bd8b 1089{
9affd6fc
PB		 1090 while (map->sections_nb > 0) {
1091 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1092 phys_section_destroy(section->mr);
1093 }
9affd6fc
PB		 1094 g_free(map->sections);
1095 g_free(map->nodes);
5312bd8b
AK		 1096}
1097
ac1970fb 1098static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1099{
1100 subpage_t *subpage;
a8170e5e 1101 hwaddr base = section->offset_within_address_space
0f0cb164 1102 & TARGET_PAGE_MASK;
97115a8d 1103 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1104 d->map.nodes, d->map.sections);
0f0cb164
AK		 1105 MemoryRegionSection subsection = {
1106 .offset_within_address_space = base,
052e87b0 1107 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1108 };
a8170e5e 1109 hwaddr start, end;
0f0cb164 1110
f3705d53 1111 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1112
f3705d53 1113 if (!(existing->mr->subpage)) {
acc9d80b 1114 subpage = subpage_init(d->as, base);
3be91e86 1115 subsection.address_space = d->as;
0f0cb164 1116 subsection.mr = &subpage->iomem;
ac1970fb 1117 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1118 phys_section_add(&d->map, &subsection));
0f0cb164 1119 } else {
f3705d53 1120 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1121 }
1122 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1123 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1124 subpage_register(subpage, start, end,
1125 phys_section_add(&d->map, section));
0f0cb164
AK		 1126}
1127
1128
052e87b0
PB		 1129static void register_multipage(AddressSpaceDispatch *d,
1130 MemoryRegionSection *section)
33417e70 1131{
a8170e5e 1132 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1133 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1134 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1135 TARGET_PAGE_BITS));
dd81124b 1136
733d5ef5
PB		 1137 assert(num_pages);
1138 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1139}
1140
ac1970fb 1141static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1142{
89ae337a 1143 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1144 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1145 MemoryRegionSection now = *section, remain = *section;
052e87b0 1146 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1147
733d5ef5
PB		 1148 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1149 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1150 - now.offset_within_address_space;
1151
052e87b0 1152 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1153 register_subpage(d, &now);
733d5ef5 1154 } else {
052e87b0 1155 now.size = int128_zero();
733d5ef5 1156 }
052e87b0
PB		 1157 while (int128_ne(remain.size, now.size)) {
1158 remain.size = int128_sub(remain.size, now.size);
1159 remain.offset_within_address_space += int128_get64(now.size);
1160 remain.offset_within_region += int128_get64(now.size);
69b67646 1161 now = remain;
052e87b0 1162 if (int128_lt(remain.size, page_size)) {
733d5ef5 1163 register_subpage(d, &now);
88266249 1164 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1165 now.size = page_size;
ac1970fb 1166 register_subpage(d, &now);
69b67646 1167 } else {
052e87b0 1168 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1169 register_multipage(d, &now);
69b67646 1170 }
0f0cb164
AK		 1171 }
1172}
1173
62a2744c
SY		 1174void qemu_flush_coalesced_mmio_buffer(void)
1175{
1176 if (kvm_enabled())
1177 kvm_flush_coalesced_mmio_buffer();
1178}
1179
b2a8658e
UD		 1180void qemu_mutex_lock_ramlist(void)
1181{
1182 qemu_mutex_lock(&ram_list.mutex);
1183}
1184
1185void qemu_mutex_unlock_ramlist(void)
1186{
1187 qemu_mutex_unlock(&ram_list.mutex);
1188}
1189
e1e84ba0 1190#ifdef __linux__
04b16653
AW		 1191static void *file_ram_alloc(RAMBlock *block,
1192 ram_addr_t memory,
7f56e740
PB		 1193 const char *path,
1194 Error **errp)
c902760f 1195{
fd97fd44 1196 bool unlink_on_error = false;
c902760f 1197 char *filename;
8ca761f6
PF		 1198 char *sanitized_name;
1199 char *c;
056b68af 1200 void *area = MAP_FAILED;
5c3ece79 1201 int fd = -1;
c902760f
MT		 1202
1203 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1204 error_setg(errp,
1205 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1206 return NULL;
c902760f
MT		 1207 }
1208
fd97fd44
MA		 1209 for (;;) {
1210 fd = open(path, O_RDWR);
1211 if (fd >= 0) {
1212 /* @path names an existing file, use it */
1213 break;
8d31d6b6 1214 }
fd97fd44
MA		 1215 if (errno == ENOENT) {
1216 /* @path names a file that doesn't exist, create it */
1217 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1218 if (fd >= 0) {
1219 unlink_on_error = true;
1220 break;
1221 }
1222 } else if (errno == EISDIR) {
1223 /* @path names a directory, create a file there */
1224 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1225 sanitized_name = g_strdup(memory_region_name(block->mr));
1226 for (c = sanitized_name; *c != '\0'; c++) {
1227 if (*c == '/') {
1228 *c = '_';
1229 }
1230 }
8ca761f6 1231
fd97fd44
MA		 1232 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1233 sanitized_name);
1234 g_free(sanitized_name);
8d31d6b6 1235
fd97fd44
MA		 1236 fd = mkstemp(filename);
1237 if (fd >= 0) {
1238 unlink(filename);
1239 g_free(filename);
1240 break;
1241 }
1242 g_free(filename);
8d31d6b6 1243 }
fd97fd44
MA		 1244 if (errno != EEXIST && errno != EINTR) {
1245 error_setg_errno(errp, errno,
1246 "can't open backing store %s for guest RAM",
1247 path);
1248 goto error;
1249 }
1250 /*
1251 * Try again on EINTR and EEXIST. The latter happens when
1252 * something else creates the file between our two open().
1253 */
8d31d6b6 1254 }
c902760f 1255
863e9621 1256 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1257 block->mr->align = block->page_size;
1258#if defined(__s390x__)
1259 if (kvm_enabled()) {
1260 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1261 }
1262#endif
fd97fd44 1263
863e9621 1264 if (memory < block->page_size) {
fd97fd44 1265 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1266 "or larger than page size 0x%zx",
1267 memory, block->page_size);
f9a49dfa 1268 goto error;
c902760f 1269 }
c902760f 1270
863e9621 1271 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1272
1273 /*
1274 * ftruncate is not supported by hugetlbfs in older
1275 * hosts, so don't bother bailing out on errors.
1276 * If anything goes wrong with it under other filesystems,
1277 * mmap will fail.
1278 */
7f56e740 1279 if (ftruncate(fd, memory)) {
9742bf26 1280 perror("ftruncate");
7f56e740 1281 }
c902760f 1282
d2f39add
DD		 1283 area = qemu_ram_mmap(fd, memory, block->mr->align,
1284 block->flags & RAM_SHARED);
c902760f 1285 if (area == MAP_FAILED) {
7f56e740 1286 error_setg_errno(errp, errno,
fd97fd44 1287 "unable to map backing store for guest RAM");
f9a49dfa 1288 goto error;
c902760f 1289 }
ef36fa14
MT		 1290
1291 if (mem_prealloc) {
056b68af
IM		 1292 os_mem_prealloc(fd, area, memory, errp);
1293 if (errp && *errp) {
1294 goto error;
1295 }
ef36fa14
MT		 1296 }
1297
04b16653 1298 block->fd = fd;
c902760f 1299 return area;
f9a49dfa
MT		 1300
1301error:
056b68af
IM		 1302 if (area != MAP_FAILED) {
1303 qemu_ram_munmap(area, memory);
1304 }
fd97fd44
MA		 1305 if (unlink_on_error) {
1306 unlink(path);
1307 }
5c3ece79
PB		 1308 if (fd != -1) {
1309 close(fd);
1310 }
f9a49dfa 1311 return NULL;
c902760f
MT		 1312}
1313#endif
1314
0dc3f44a 1315/* Called with the ramlist lock held. */
d17b5288 1316static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1317{
1318 RAMBlock *block, *next_block;
3e837b2c 1319 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1320
49cd9ac6
SH		 1321 assert(size != 0); /* it would hand out same offset multiple times */
1322
0dc3f44a 1323 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1324 return 0;
0d53d9fe 1325 }
04b16653 1326
0dc3f44a 1327 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1328 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1329
62be4e3a 1330 end = block->offset + block->max_length;
04b16653 1331
0dc3f44a 1332 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1333 if (next_block->offset >= end) {
1334 next = MIN(next, next_block->offset);
1335 }
1336 }
1337 if (next - end >= size && next - end < mingap) {
3e837b2c 1338 offset = end;
04b16653
AW		 1339 mingap = next - end;
1340 }
1341 }
3e837b2c
AW		 1342
1343 if (offset == RAM_ADDR_MAX) {
1344 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1345 (uint64_t)size);
1346 abort();
1347 }
1348
04b16653
AW		 1349 return offset;
1350}
1351
652d7ec2 1352ram_addr_t last_ram_offset(void)
d17b5288
AW		 1353{
1354 RAMBlock *block;
1355 ram_addr_t last = 0;
1356
0dc3f44a
MD		 1357 rcu_read_lock();
1358 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1359 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1360 }
0dc3f44a 1361 rcu_read_unlock();
d17b5288
AW		 1362 return last;
1363}
1364
ddb97f1d
JB		 1365static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1366{
1367 int ret;
ddb97f1d
JB		 1368
1369 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1370 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1371 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1372 if (ret) {
1373 perror("qemu_madvise");
1374 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1375 "but dump_guest_core=off specified\n");
1376 }
1377 }
1378}
1379
422148d3
DDAG		 1380const char *qemu_ram_get_idstr(RAMBlock *rb)
1381{
1382 return rb->idstr;
1383}
1384
ae3a7047 1385/* Called with iothread lock held. */
fa53a0e5 1386void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1387{
fa53a0e5 1388 RAMBlock *block;
20cfe881 1389
c5705a77
AK		 1390 assert(new_block);
1391 assert(!new_block->idstr[0]);
84b89d78 1392
09e5ab63
AL		 1393 if (dev) {
1394 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1395 if (id) {
1396 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1397 g_free(id);
84b89d78
CM		 1398 }
1399 }
1400 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1401
ab0a9956 1402 rcu_read_lock();
0dc3f44a 1403 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1404 if (block != new_block &&
1405 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1406 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1407 new_block->idstr);
1408 abort();
1409 }
1410 }
0dc3f44a 1411 rcu_read_unlock();
c5705a77
AK		 1412}
1413
ae3a7047 1414/* Called with iothread lock held. */
fa53a0e5 1415void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1416{
ae3a7047
MD		 1417 /* FIXME: arch_init.c assumes that this is not called throughout
1418 * migration. Ignore the problem since hot-unplug during migration
1419 * does not work anyway.
1420 */
20cfe881
HT		 1421 if (block) {
1422 memset(block->idstr, 0, sizeof(block->idstr));
1423 }
1424}
1425
863e9621
DDAG		 1426size_t qemu_ram_pagesize(RAMBlock *rb)
1427{
1428 return rb->page_size;
1429}
1430
8490fc78
LC		 1431static int memory_try_enable_merging(void *addr, size_t len)
1432{
75cc7f01 1433 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1434 /* disabled by the user */
1435 return 0;
1436 }
1437
1438 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1439}
1440
62be4e3a
MT		 1441/* Only legal before guest might have detected the memory size: e.g. on
1442 * incoming migration, or right after reset.
1443 *
1444 * As memory core doesn't know how is memory accessed, it is up to
1445 * resize callback to update device state and/or add assertions to detect
1446 * misuse, if necessary.
1447 */
fa53a0e5 1448int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1449{
62be4e3a
MT		 1450 assert(block);
1451
4ed023ce 1452 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1453
62be4e3a
MT		 1454 if (block->used_length == newsize) {
1455 return 0;
1456 }
1457
1458 if (!(block->flags & RAM_RESIZEABLE)) {
1459 error_setg_errno(errp, EINVAL,
1460 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1461 " in != 0x" RAM_ADDR_FMT, block->idstr,
1462 newsize, block->used_length);
1463 return -EINVAL;
1464 }
1465
1466 if (block->max_length < newsize) {
1467 error_setg_errno(errp, EINVAL,
1468 "Length too large: %s: 0x" RAM_ADDR_FMT
1469 " > 0x" RAM_ADDR_FMT, block->idstr,
1470 newsize, block->max_length);
1471 return -EINVAL;
1472 }
1473
1474 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1475 block->used_length = newsize;
58d2707e
PB		 1476 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1477 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1478 memory_region_set_size(block->mr, newsize);
1479 if (block->resized) {
1480 block->resized(block->idstr, newsize, block->host);
1481 }
1482 return 0;
1483}
1484
5b82b703
SH		 1485/* Called with ram_list.mutex held */
1486static void dirty_memory_extend(ram_addr_t old_ram_size,
1487 ram_addr_t new_ram_size)
1488{
1489 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1490 DIRTY_MEMORY_BLOCK_SIZE);
1491 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1492 DIRTY_MEMORY_BLOCK_SIZE);
1493 int i;
1494
1495 /* Only need to extend if block count increased */
1496 if (new_num_blocks <= old_num_blocks) {
1497 return;
1498 }
1499
1500 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1501 DirtyMemoryBlocks *old_blocks;
1502 DirtyMemoryBlocks *new_blocks;
1503 int j;
1504
1505 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1506 new_blocks = g_malloc(sizeof(*new_blocks) +
1507 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1508
1509 if (old_num_blocks) {
1510 memcpy(new_blocks->blocks, old_blocks->blocks,
1511 old_num_blocks * sizeof(old_blocks->blocks[0]));
1512 }
1513
1514 for (j = old_num_blocks; j < new_num_blocks; j++) {
1515 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1516 }
1517
1518 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1519
1520 if (old_blocks) {
1521 g_free_rcu(old_blocks, rcu);
1522 }
1523 }
1524}
1525
528f46af 1526static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1527{
e1c57ab8 1528 RAMBlock *block;
0d53d9fe 1529 RAMBlock *last_block = NULL;
2152f5ca 1530 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1531 Error *err = NULL;
2152f5ca
JQ		 1532
1533 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1534
b2a8658e 1535 qemu_mutex_lock_ramlist();
9b8424d5 1536 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1537
1538 if (!new_block->host) {
1539 if (xen_enabled()) {
9b8424d5 1540 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1541 new_block->mr, &err);
1542 if (err) {
1543 error_propagate(errp, err);
1544 qemu_mutex_unlock_ramlist();
39c350ee 1545 return;
37aa7a0e 1546 }
e1c57ab8 1547 } else {
9b8424d5 1548 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1549 &new_block->mr->align);
39228250 1550 if (!new_block->host) {
ef701d7b
HT		 1551 error_setg_errno(errp, errno,
1552 "cannot set up guest memory '%s'",
1553 memory_region_name(new_block->mr));
1554 qemu_mutex_unlock_ramlist();
39c350ee 1555 return;
39228250 1556 }
9b8424d5 1557 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1558 }
c902760f 1559 }
94a6b54f 1560
dd631697
LZ		 1561 new_ram_size = MAX(old_ram_size,
1562 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1563 if (new_ram_size > old_ram_size) {
1564 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1565 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1566 }
0d53d9fe
MD		 1567 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1568 * QLIST (which has an RCU-friendly variant) does not have insertion at
1569 * tail, so save the last element in last_block.
1570 */
0dc3f44a 1571 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1572 last_block = block;
9b8424d5 1573 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1574 break;
1575 }
1576 }
1577 if (block) {
0dc3f44a 1578 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1579 } else if (last_block) {
0dc3f44a 1580 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1581 } else { /* list is empty */
0dc3f44a 1582 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1583 }
0d6d3c87 1584 ram_list.mru_block = NULL;
94a6b54f 1585
0dc3f44a
MD		 1586 /* Write list before version */
1587 smp_wmb();
f798b07f 1588 ram_list.version++;
b2a8658e 1589 qemu_mutex_unlock_ramlist();
f798b07f 1590
9b8424d5 1591 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1592 new_block->used_length,
1593 DIRTY_CLIENTS_ALL);
94a6b54f 1594
a904c911
PB		 1595 if (new_block->host) {
1596 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1597 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1598 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1599 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1600 }
94a6b54f 1601}
e9a1ab19 1602
0b183fc8 1603#ifdef __linux__
528f46af
FZ		 1604RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1605 bool share, const char *mem_path,
1606 Error **errp)
e1c57ab8
PB		 1607{
1608 RAMBlock *new_block;
ef701d7b 1609 Error *local_err = NULL;
e1c57ab8
PB		 1610
1611 if (xen_enabled()) {
7f56e740 1612 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1613 return NULL;
e1c57ab8
PB		 1614 }
1615
1616 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1617 /*
1618 * file_ram_alloc() needs to allocate just like
1619 * phys_mem_alloc, but we haven't bothered to provide
1620 * a hook there.
1621 */
7f56e740
PB		 1622 error_setg(errp,
1623 "-mem-path not supported with this accelerator");
528f46af 1624 return NULL;
e1c57ab8
PB		 1625 }
1626
4ed023ce 1627 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1628 new_block = g_malloc0(sizeof(*new_block));
1629 new_block->mr = mr;
9b8424d5
MT		 1630 new_block->used_length = size;
1631 new_block->max_length = size;
dbcb8981 1632 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1633 new_block->host = file_ram_alloc(new_block, size,
1634 mem_path, errp);
1635 if (!new_block->host) {
1636 g_free(new_block);
528f46af 1637 return NULL;
7f56e740
PB		 1638 }
1639
528f46af 1640 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1641 if (local_err) {
1642 g_free(new_block);
1643 error_propagate(errp, local_err);
528f46af 1644 return NULL;
ef701d7b 1645 }
528f46af 1646 return new_block;
e1c57ab8 1647}
0b183fc8 1648#endif
e1c57ab8 1649
62be4e3a 1650static
528f46af
FZ		 1651RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1652 void (*resized)(const char*,
1653 uint64_t length,
1654 void *host),
1655 void *host, bool resizeable,
1656 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1657{
1658 RAMBlock *new_block;
ef701d7b 1659 Error *local_err = NULL;
e1c57ab8 1660
4ed023ce
DDAG		 1661 size = HOST_PAGE_ALIGN(size);
1662 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1663 new_block = g_malloc0(sizeof(*new_block));
1664 new_block->mr = mr;
62be4e3a 1665 new_block->resized = resized;
9b8424d5
MT		 1666 new_block->used_length = size;
1667 new_block->max_length = max_size;
62be4e3a 1668 assert(max_size >= size);
e1c57ab8 1669 new_block->fd = -1;
863e9621 1670 new_block->page_size = getpagesize();
e1c57ab8
PB		 1671 new_block->host = host;
1672 if (host) {
7bd4f430 1673 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1674 }
62be4e3a
MT		 1675 if (resizeable) {
1676 new_block->flags |= RAM_RESIZEABLE;
1677 }
528f46af 1678 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1679 if (local_err) {
1680 g_free(new_block);
1681 error_propagate(errp, local_err);
528f46af 1682 return NULL;
ef701d7b 1683 }
528f46af 1684 return new_block;
e1c57ab8
PB		 1685}
1686
528f46af 1687RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1688 MemoryRegion *mr, Error **errp)
1689{
1690 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1691}
1692
528f46af 1693RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1694{
62be4e3a
MT		 1695 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1696}
1697
528f46af 1698RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1699 void (*resized)(const char*,
1700 uint64_t length,
1701 void *host),
1702 MemoryRegion *mr, Error **errp)
1703{
1704 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1705}
1706
43771539
PB		 1707static void reclaim_ramblock(RAMBlock *block)
1708{
1709 if (block->flags & RAM_PREALLOC) {
1710 ;
1711 } else if (xen_enabled()) {
1712 xen_invalidate_map_cache_entry(block->host);
1713#ifndef _WIN32
1714 } else if (block->fd >= 0) {
2f3a2bb1 1715 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1716 close(block->fd);
1717#endif
1718 } else {
1719 qemu_anon_ram_free(block->host, block->max_length);
1720 }
1721 g_free(block);
1722}
1723
f1060c55 1724void qemu_ram_free(RAMBlock *block)
e9a1ab19 1725{
85bc2a15
MAL		 1726 if (!block) {
1727 return;
1728 }
1729
b2a8658e 1730 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1731 QLIST_REMOVE_RCU(block, next);
1732 ram_list.mru_block = NULL;
1733 /* Write list before version */
1734 smp_wmb();
1735 ram_list.version++;
1736 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1737 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1738}
1739
cd19cfa2
HY		 1740#ifndef _WIN32
1741void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1742{
1743 RAMBlock *block;
1744 ram_addr_t offset;
1745 int flags;
1746 void *area, *vaddr;
1747
0dc3f44a 1748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1749 offset = addr - block->offset;
9b8424d5 1750 if (offset < block->max_length) {
1240be24 1751 vaddr = ramblock_ptr(block, offset);
7bd4f430 1752 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1753 ;
dfeaf2ab
MA		 1754 } else if (xen_enabled()) {
1755 abort();
cd19cfa2
HY		 1756 } else {
1757 flags = MAP_FIXED;
3435f395 1758 if (block->fd >= 0) {
dbcb8981
PB		 1759 flags |= (block->flags & RAM_SHARED ?
1760 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1761 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1762 flags, block->fd, offset);
cd19cfa2 1763 } else {
2eb9fbaa
MA		 1764 /*
1765 * Remap needs to match alloc. Accelerators that
1766 * set phys_mem_alloc never remap. If they did,
1767 * we'd need a remap hook here.
1768 */
1769 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1770
cd19cfa2
HY		 1771 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1772 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1773 flags, -1, 0);
cd19cfa2
HY		 1774 }
1775 if (area != vaddr) {
f15fbc4b
AP		 1776 fprintf(stderr, "Could not remap addr: "
1777 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1778 length, addr);
1779 exit(1);
1780 }
8490fc78 1781 memory_try_enable_merging(vaddr, length);
ddb97f1d 1782 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1783 }
cd19cfa2
HY		 1784 }
1785 }
1786}
1787#endif /* !_WIN32 */
1788
1b5ec234 1789/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1790 * This should not be used for general purpose DMA. Use address_space_map
1791 * or address_space_rw instead. For local memory (e.g. video ram) that the
1792 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1793 *
49b24afc 1794 * Called within RCU critical section.
1b5ec234 1795 */
0878d0e1 1796void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1797{
3655cb9c
GA		 1798 RAMBlock *block = ram_block;
1799
1800 if (block == NULL) {
1801 block = qemu_get_ram_block(addr);
0878d0e1 1802 addr -= block->offset;
3655cb9c 1803 }
ae3a7047
MD		 1804
1805 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1806 /* We need to check if the requested address is in the RAM
1807 * because we don't want to map the entire memory in QEMU.
1808 * In that case just map until the end of the page.
1809 */
1810 if (block->offset == 0) {
49b24afc 1811 return xen_map_cache(addr, 0, 0);
0d6d3c87 1812 }
ae3a7047
MD		 1813
1814 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1815 }
0878d0e1 1816 return ramblock_ptr(block, addr);
dc828ca1
PB		 1817}
1818
0878d0e1 1819/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1820 * but takes a size argument.
0dc3f44a 1821 *
e81bcda5 1822 * Called within RCU critical section.
ae3a7047 1823 */
3655cb9c
GA		 1824static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1825 hwaddr *size)
38bee5dc 1826{
3655cb9c 1827 RAMBlock *block = ram_block;
8ab934f9
SS		 1828 if (*size == 0) {
1829 return NULL;
1830 }
e81bcda5 1831
3655cb9c
GA		 1832 if (block == NULL) {
1833 block = qemu_get_ram_block(addr);
0878d0e1 1834 addr -= block->offset;
3655cb9c 1835 }
0878d0e1 1836 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1837
1838 if (xen_enabled() && block->host == NULL) {
1839 /* We need to check if the requested address is in the RAM
1840 * because we don't want to map the entire memory in QEMU.
1841 * In that case just map the requested area.
1842 */
1843 if (block->offset == 0) {
1844 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1845 }
1846
e81bcda5 1847 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1848 }
e81bcda5 1849
0878d0e1 1850 return ramblock_ptr(block, addr);
38bee5dc
SS		 1851}
1852
422148d3
DDAG		 1853/*
1854 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1855 * in that RAMBlock.
1856 *
1857 * ptr: Host pointer to look up
1858 * round_offset: If true round the result offset down to a page boundary
1859 * *ram_addr: set to result ram_addr
1860 * *offset: set to result offset within the RAMBlock
1861 *
1862 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1863 *
1864 * By the time this function returns, the returned pointer is not protected
1865 * by RCU anymore. If the caller is not within an RCU critical section and
1866 * does not hold the iothread lock, it must have other means of protecting the
1867 * pointer, such as a reference to the region that includes the incoming
1868 * ram_addr_t.
1869 */
422148d3 1870RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1871 ram_addr_t *offset)
5579c7f3 1872{
94a6b54f
PB		 1873 RAMBlock *block;
1874 uint8_t *host = ptr;
1875
868bb33f 1876 if (xen_enabled()) {
f615f396 1877 ram_addr_t ram_addr;
0dc3f44a 1878 rcu_read_lock();
f615f396
PB		 1879 ram_addr = xen_ram_addr_from_mapcache(ptr);
1880 block = qemu_get_ram_block(ram_addr);
422148d3 1881 if (block) {
d6b6aec4 1882 *offset = ram_addr - block->offset;
422148d3 1883 }
0dc3f44a 1884 rcu_read_unlock();
422148d3 1885 return block;
712c2b41
SS		 1886 }
1887
0dc3f44a
MD		 1888 rcu_read_lock();
1889 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1890 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1891 goto found;
1892 }
1893
0dc3f44a 1894 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1895 /* This case append when the block is not mapped. */
1896 if (block->host == NULL) {
1897 continue;
1898 }
9b8424d5 1899 if (host - block->host < block->max_length) {
23887b79 1900 goto found;
f471a17e 1901 }
94a6b54f 1902 }
432d268c 1903
0dc3f44a 1904 rcu_read_unlock();
1b5ec234 1905 return NULL;
23887b79
PB		 1906
1907found:
422148d3
DDAG		 1908 *offset = (host - block->host);
1909 if (round_offset) {
1910 *offset &= TARGET_PAGE_MASK;
1911 }
0dc3f44a 1912 rcu_read_unlock();
422148d3
DDAG		 1913 return block;
1914}
1915
e3dd7493
DDAG		 1916/*
1917 * Finds the named RAMBlock
1918 *
1919 * name: The name of RAMBlock to find
1920 *
1921 * Returns: RAMBlock (or NULL if not found)
1922 */
1923RAMBlock *qemu_ram_block_by_name(const char *name)
1924{
1925 RAMBlock *block;
1926
1927 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1928 if (!strcmp(name, block->idstr)) {
1929 return block;
1930 }
1931 }
1932
1933 return NULL;
1934}
1935
422148d3
DDAG		 1936/* Some of the softmmu routines need to translate from a host pointer
1937 (typically a TLB entry) back to a ram offset. */
07bdaa41 1938ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1939{
1940 RAMBlock *block;
f615f396 1941 ram_addr_t offset;
422148d3 1942
f615f396 1943 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1944 if (!block) {
07bdaa41 1945 return RAM_ADDR_INVALID;
422148d3
DDAG		 1946 }
1947
07bdaa41 1948 return block->offset + offset;
e890261f 1949}
f471a17e 1950
49b24afc 1951/* Called within RCU critical section. */
a8170e5e 1952static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1953 uint64_t val, unsigned size)
9fa3e853 1954{
52159192 1955 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1956 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1957 }
0e0df1e2
AK		 1958 switch (size) {
1959 case 1:
0878d0e1 1960 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1961 break;
1962 case 2:
0878d0e1 1963 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1964 break;
1965 case 4:
0878d0e1 1966 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1967 break;
1968 default:
1969 abort();
3a7d929e 1970 }
58d2707e
PB		 1971 /* Set both VGA and migration bits for simplicity and to remove
1972 * the notdirty callback faster.
1973 */
1974 cpu_physical_memory_set_dirty_range(ram_addr, size,
1975 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1976 /* we remove the notdirty callback only if the code has been
1977 flushed */
a2cd8c85 1978 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1979 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1980 }
9fa3e853
FB		 1981}
1982
b018ddf6
PB		 1983static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1984 unsigned size, bool is_write)
1985{
1986 return is_write;
1987}
1988
0e0df1e2 1989static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1990 .write = notdirty_mem_write,
b018ddf6 1991 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1992 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1993};
1994
0f459d16 1995/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1996static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1997{
93afeade 1998 CPUState *cpu = current_cpu;
568496c0 1999 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2000 CPUArchState *env = cpu->env_ptr;
06d55cc1 2001 target_ulong pc, cs_base;
0f459d16 2002 target_ulong vaddr;
a1d1bb31 2003 CPUWatchpoint *wp;
89fee74a 2004 uint32_t cpu_flags;
0f459d16 2005
ff4700b0 2006 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2007 /* We re-entered the check after replacing the TB. Now raise
2008 * the debug interrupt so that is will trigger after the
2009 * current instruction. */
93afeade 2010 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2011 return;
2012 }
93afeade 2013 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2014 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2015 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2016 && (wp->flags & flags)) {
08225676
PM		 2017 if (flags == BP_MEM_READ) {
2018 wp->flags |= BP_WATCHPOINT_HIT_READ;
2019 } else {
2020 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2021 }
2022 wp->hitaddr = vaddr;
66b9b43c 2023 wp->hitattrs = attrs;
ff4700b0 2024 if (!cpu->watchpoint_hit) {
568496c0
SF		 2025 if (wp->flags & BP_CPU &&
2026 !cc->debug_check_watchpoint(cpu, wp)) {
2027 wp->flags &= ~BP_WATCHPOINT_HIT;
2028 continue;
2029 }
ff4700b0 2030 cpu->watchpoint_hit = wp;
239c51a5 2031 tb_check_watchpoint(cpu);
6e140f28 2032 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2033 cpu->exception_index = EXCP_DEBUG;
5638d180 2034 cpu_loop_exit(cpu);
6e140f28
AL		 2035 } else {
2036 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2037 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2038 cpu_loop_exit_noexc(cpu);
6e140f28 2039 }
06d55cc1 2040 }
6e140f28
AL		 2041 } else {
2042 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2043 }
2044 }
2045}
2046
6658ffb8
PB		 2047/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2048 so these check for a hit then pass through to the normal out-of-line
2049 phys routines. */
66b9b43c
PM		 2050static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2051 unsigned size, MemTxAttrs attrs)
6658ffb8 2052{
66b9b43c
PM		 2053 MemTxResult res;
2054 uint64_t data;
79ed0416
PM		 2055 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2056 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2057
2058 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2059 switch (size) {
66b9b43c 2060 case 1:
79ed0416 2061 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2062 break;
2063 case 2:
79ed0416 2064 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2065 break;
2066 case 4:
79ed0416 2067 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2068 break;
1ec9b909
AK		 2069 default: abort();
2070 }
66b9b43c
PM		 2071 *pdata = data;
2072 return res;
6658ffb8
PB		 2073}
2074
66b9b43c
PM		 2075static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2076 uint64_t val, unsigned size,
2077 MemTxAttrs attrs)
6658ffb8 2078{
66b9b43c 2079 MemTxResult res;
79ed0416
PM		 2080 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2081 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2084 switch (size) {
67364150 2085 case 1:
79ed0416 2086 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2087 break;
2088 case 2:
79ed0416 2089 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2090 break;
2091 case 4:
79ed0416 2092 address_space_stl(as, addr, val, attrs, &res);
67364150 2093 break;
1ec9b909
AK		 2094 default: abort();
2095 }
66b9b43c 2096 return res;
6658ffb8
PB		 2097}
2098
1ec9b909 2099static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2100 .read_with_attrs = watch_mem_read,
2101 .write_with_attrs = watch_mem_write,
1ec9b909 2102 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2103};
6658ffb8 2104
f25a49e0
PM		 2105static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2106 unsigned len, MemTxAttrs attrs)
db7b5426 2107{
acc9d80b 2108 subpage_t *subpage = opaque;
ff6cff75 2109 uint8_t buf[8];
5c9eb028 2110 MemTxResult res;
791af8c8 2111
db7b5426 2112#if defined(DEBUG_SUBPAGE)
016e9d62 2113 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2114 subpage, len, addr);
db7b5426 2115#endif
5c9eb028
PM		 2116 res = address_space_read(subpage->as, addr + subpage->base,
2117 attrs, buf, len);
2118 if (res) {
2119 return res;
f25a49e0 2120 }
acc9d80b
JK		 2121 switch (len) {
2122 case 1:
f25a49e0
PM		 2123 *data = ldub_p(buf);
2124 return MEMTX_OK;
acc9d80b 2125 case 2:
f25a49e0
PM		 2126 *data = lduw_p(buf);
2127 return MEMTX_OK;
acc9d80b 2128 case 4:
f25a49e0
PM		 2129 *data = ldl_p(buf);
2130 return MEMTX_OK;
ff6cff75 2131 case 8:
f25a49e0
PM		 2132 *data = ldq_p(buf);
2133 return MEMTX_OK;
acc9d80b
JK		 2134 default:
2135 abort();
2136 }
db7b5426
BS		 2137}
2138
f25a49e0
PM		 2139static MemTxResult subpage_write(void *opaque, hwaddr addr,
2140 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2141{
acc9d80b 2142 subpage_t *subpage = opaque;
ff6cff75 2143 uint8_t buf[8];
acc9d80b 2144
db7b5426 2145#if defined(DEBUG_SUBPAGE)
016e9d62 2146 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2147 " value %"PRIx64"\n",
2148 __func__, subpage, len, addr, value);
db7b5426 2149#endif
acc9d80b
JK		 2150 switch (len) {
2151 case 1:
2152 stb_p(buf, value);
2153 break;
2154 case 2:
2155 stw_p(buf, value);
2156 break;
2157 case 4:
2158 stl_p(buf, value);
2159 break;
ff6cff75
PB		 2160 case 8:
2161 stq_p(buf, value);
2162 break;
acc9d80b
JK		 2163 default:
2164 abort();
2165 }
5c9eb028
PM		 2166 return address_space_write(subpage->as, addr + subpage->base,
2167 attrs, buf, len);
db7b5426
BS		 2168}
2169
c353e4cc 2170static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2171 unsigned len, bool is_write)
c353e4cc 2172{
acc9d80b 2173 subpage_t *subpage = opaque;
c353e4cc 2174#if defined(DEBUG_SUBPAGE)
016e9d62 2175 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2176 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2177#endif
2178
acc9d80b 2179 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2180 len, is_write);
c353e4cc
PB		 2181}
2182
70c68e44 2183static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2184 .read_with_attrs = subpage_read,
2185 .write_with_attrs = subpage_write,
ff6cff75
PB		 2186 .impl.min_access_size = 1,
2187 .impl.max_access_size = 8,
2188 .valid.min_access_size = 1,
2189 .valid.max_access_size = 8,
c353e4cc 2190 .valid.accepts = subpage_accepts,
70c68e44 2191 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2192};
2193
c227f099 2194static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2195 uint16_t section)
db7b5426
BS		 2196{
2197 int idx, eidx;
2198
2199 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2200 return -1;
2201 idx = SUBPAGE_IDX(start);
2202 eidx = SUBPAGE_IDX(end);
2203#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2204 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2205 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2206#endif
db7b5426 2207 for (; idx <= eidx; idx++) {
5312bd8b 2208 mmio->sub_section[idx] = section;
db7b5426
BS		 2209 }
2210
2211 return 0;
2212}
2213
acc9d80b 2214static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2215{
c227f099 2216 subpage_t *mmio;
db7b5426 2217
2615fabd 2218 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
acc9d80b 2219 mmio->as = as;
1eec614b 2220 mmio->base = base;
2c9b15ca 2221 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2222 NULL, TARGET_PAGE_SIZE);
b3b00c78 2223 mmio->iomem.subpage = true;
db7b5426 2224#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2225 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2226 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2227#endif
b41aac4f 2228 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2229
2230 return mmio;
2231}
2232
a656e22f
PC		 2233static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2234 MemoryRegion *mr)
5312bd8b 2235{
a656e22f 2236 assert(as);
5312bd8b 2237 MemoryRegionSection section = {
a656e22f 2238 .address_space = as,
5312bd8b
AK		 2239 .mr = mr,
2240 .offset_within_address_space = 0,
2241 .offset_within_region = 0,
052e87b0 2242 .size = int128_2_64(),
5312bd8b
AK		 2243 };
2244
53cb28cb 2245 return phys_section_add(map, &section);
5312bd8b
AK		 2246}
2247
a54c87b6 2248MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2249{
a54c87b6
PM		 2250 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2251 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2252 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2253 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2254
2255 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2256}
2257
e9179ce1
AK		 2258static void io_mem_init(void)
2259{
1f6245e5 2260 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2261 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2262 NULL, UINT64_MAX);
2c9b15ca 2263 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2264 NULL, UINT64_MAX);
2c9b15ca 2265 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2266 NULL, UINT64_MAX);
e9179ce1
AK		 2267}
2268
ac1970fb 2269static void mem_begin(MemoryListener *listener)
00752703
PB		 2270{
2271 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2272 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2273 uint16_t n;
2274
a656e22f 2275 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2276 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2277 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2278 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2279 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2280 assert(n == PHYS_SECTION_ROM);
a656e22f 2281 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2282 assert(n == PHYS_SECTION_WATCH);
00752703 2283
9736e55b 2284 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2285 d->as = as;
2286 as->next_dispatch = d;
2287}
2288
79e2b9ae
PB		 2289static void address_space_dispatch_free(AddressSpaceDispatch *d)
2290{
2291 phys_sections_free(&d->map);
2292 g_free(d);
2293}
2294
00752703 2295static void mem_commit(MemoryListener *listener)
ac1970fb 2296{
89ae337a 2297 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2298 AddressSpaceDispatch *cur = as->dispatch;
2299 AddressSpaceDispatch *next = as->next_dispatch;
2300
53cb28cb 2301 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2302
79e2b9ae 2303 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2304 if (cur) {
79e2b9ae 2305 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2306 }
9affd6fc
PB		 2307}
2308
1d71148e 2309static void tcg_commit(MemoryListener *listener)
50c1e149 2310{
32857f4d
PM		 2311 CPUAddressSpace *cpuas;
2312 AddressSpaceDispatch *d;
117712c3
AK		 2313
2314 /* since each CPU stores ram addresses in its TLB cache, we must
2315 reset the modified entries */
32857f4d
PM		 2316 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2317 cpu_reloading_memory_map();
2318 /* The CPU and TLB are protected by the iothread lock.
2319 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2320 * may have split the RCU critical section.
2321 */
2322 d = atomic_rcu_read(&cpuas->as->dispatch);
2323 cpuas->memory_dispatch = d;
2324 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2325}
2326
ac1970fb
AK		 2327void address_space_init_dispatch(AddressSpace *as)
2328{
00752703 2329 as->dispatch = NULL;
89ae337a 2330 as->dispatch_listener = (MemoryListener) {
ac1970fb 2331 .begin = mem_begin,
00752703 2332 .commit = mem_commit,
ac1970fb
AK		 2333 .region_add = mem_add,
2334 .region_nop = mem_add,
2335 .priority = 0,
2336 };
89ae337a 2337 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2338}
2339
6e48e8f9
PB		 2340void address_space_unregister(AddressSpace *as)
2341{
2342 memory_listener_unregister(&as->dispatch_listener);
2343}
2344
83f3c251
AK		 2345void address_space_destroy_dispatch(AddressSpace *as)
2346{
2347 AddressSpaceDispatch *d = as->dispatch;
2348
79e2b9ae
PB		 2349 atomic_rcu_set(&as->dispatch, NULL);
2350 if (d) {
2351 call_rcu(d, address_space_dispatch_free, rcu);
2352 }
83f3c251
AK		 2353}
2354
62152b8a
AK		 2355static void memory_map_init(void)
2356{
7267c094 2357 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2358
57271d63 2359 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2360 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2361
7267c094 2362 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2363 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2364 65536);
7dca8043 2365 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2366}
2367
2368MemoryRegion *get_system_memory(void)
2369{
2370 return system_memory;
2371}
2372
309cb471
AK		 2373MemoryRegion *get_system_io(void)
2374{
2375 return system_io;
2376}
2377
e2eef170
PB		 2378#endif /* !defined(CONFIG_USER_ONLY) */
2379
13eb76e0
FB		 2380/* physical memory access (slow version, mainly for debug) */
2381#if defined(CONFIG_USER_ONLY)
f17ec444 2382int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2383 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2384{
2385 int l, flags;
2386 target_ulong page;
53a5960a 2387 void * p;
13eb76e0
FB		 2388
2389 while (len > 0) {
2390 page = addr & TARGET_PAGE_MASK;
2391 l = (page + TARGET_PAGE_SIZE) - addr;
2392 if (l > len)
2393 l = len;
2394 flags = page_get_flags(page);
2395 if (!(flags & PAGE_VALID))
a68fe89c 2396 return -1;
13eb76e0
FB		 2397 if (is_write) {
2398 if (!(flags & PAGE_WRITE))
a68fe89c 2399 return -1;
579a97f7 2400 /* XXX: this code should not depend on lock_user */
72fb7daa 2401 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2402 return -1;
72fb7daa
AJ		 2403 memcpy(p, buf, l);
2404 unlock_user(p, addr, l);
13eb76e0
FB		 2405 } else {
2406 if (!(flags & PAGE_READ))
a68fe89c 2407 return -1;
579a97f7 2408 /* XXX: this code should not depend on lock_user */
72fb7daa 2409 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2410 return -1;
72fb7daa 2411 memcpy(buf, p, l);
5b257578 2412 unlock_user(p, addr, 0);
13eb76e0
FB		 2413 }
2414 len -= l;
2415 buf += l;
2416 addr += l;
2417 }
a68fe89c 2418 return 0;
13eb76e0 2419}
8df1cd07 2420
13eb76e0 2421#else
51d7a9eb 2422
845b6214 2423static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2424 hwaddr length)
51d7a9eb 2425{
e87f7778 2426 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2427 addr += memory_region_get_ram_addr(mr);
2428
e87f7778
PB		 2429 /* No early return if dirty_log_mask is or becomes 0, because
2430 * cpu_physical_memory_set_dirty_range will still call
2431 * xen_modified_memory.
2432 */
2433 if (dirty_log_mask) {
2434 dirty_log_mask =
2435 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2436 }
2437 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2438 tb_invalidate_phys_range(addr, addr + length);
2439 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2440 }
e87f7778 2441 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2442}
2443
23326164 2444static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2445{
e1622f4b 2446 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2447
2448 /* Regions are assumed to support 1-4 byte accesses unless
2449 otherwise specified. */
23326164
RH		 2450 if (access_size_max == 0) {
2451 access_size_max = 4;
2452 }
2453
2454 /* Bound the maximum access by the alignment of the address. */
2455 if (!mr->ops->impl.unaligned) {
2456 unsigned align_size_max = addr & -addr;
2457 if (align_size_max != 0 && align_size_max < access_size_max) {
2458 access_size_max = align_size_max;
2459 }
82f2563f 2460 }
23326164
RH		 2461
2462 /* Don't attempt accesses larger than the maximum. */
2463 if (l > access_size_max) {
2464 l = access_size_max;
82f2563f 2465 }
6554f5c0 2466 l = pow2floor(l);
23326164
RH		 2467
2468 return l;
82f2563f
PB		 2469}
2470
4840f10e 2471static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2472{
4840f10e
JK		 2473 bool unlocked = !qemu_mutex_iothread_locked();
2474 bool release_lock = false;
2475
2476 if (unlocked && mr->global_locking) {
2477 qemu_mutex_lock_iothread();
2478 unlocked = false;
2479 release_lock = true;
2480 }
125b3806 2481 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2482 if (unlocked) {
2483 qemu_mutex_lock_iothread();
2484 }
125b3806 2485 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2486 if (unlocked) {
2487 qemu_mutex_unlock_iothread();
2488 }
125b3806 2489 }
4840f10e
JK		 2490
2491 return release_lock;
125b3806
PB		 2492}
2493
a203ac70
PB		 2494/* Called within RCU critical section. */
2495static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2496 MemTxAttrs attrs,
2497 const uint8_t *buf,
2498 int len, hwaddr addr1,
2499 hwaddr l, MemoryRegion *mr)
13eb76e0 2500{
13eb76e0 2501 uint8_t *ptr;
791af8c8 2502 uint64_t val;
3b643495 2503 MemTxResult result = MEMTX_OK;
4840f10e 2504 bool release_lock = false;
3b46e624 2505
a203ac70 2506 for (;;) {
eb7eeb88
PB		 2507 if (!memory_access_is_direct(mr, true)) {
2508 release_lock |= prepare_mmio_access(mr);
2509 l = memory_access_size(mr, l, addr1);
2510 /* XXX: could force current_cpu to NULL to avoid
2511 potential bugs */
2512 switch (l) {
2513 case 8:
2514 /* 64 bit write access */
2515 val = ldq_p(buf);
2516 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2517 attrs);
2518 break;
2519 case 4:
2520 /* 32 bit write access */
2521 val = ldl_p(buf);
2522 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2523 attrs);
2524 break;
2525 case 2:
2526 /* 16 bit write access */
2527 val = lduw_p(buf);
2528 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2529 attrs);
2530 break;
2531 case 1:
2532 /* 8 bit write access */
2533 val = ldub_p(buf);
2534 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2535 attrs);
2536 break;
2537 default:
2538 abort();
13eb76e0
FB		 2539 }
2540 } else {
eb7eeb88 2541 /* RAM case */
0878d0e1 2542 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2543 memcpy(ptr, buf, l);
2544 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2545 }
4840f10e
JK		 2546
2547 if (release_lock) {
2548 qemu_mutex_unlock_iothread();
2549 release_lock = false;
2550 }
2551
13eb76e0
FB		 2552 len -= l;
2553 buf += l;
2554 addr += l;
a203ac70
PB		 2555
2556 if (!len) {
2557 break;
2558 }
2559
2560 l = len;
2561 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2562 }
fd8aaa76 2563
3b643495 2564 return result;
13eb76e0 2565}
8df1cd07 2566
a203ac70
PB		 2567MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2568 const uint8_t *buf, int len)
ac1970fb 2569{
eb7eeb88 2570 hwaddr l;
eb7eeb88
PB		 2571 hwaddr addr1;
2572 MemoryRegion *mr;
2573 MemTxResult result = MEMTX_OK;
eb7eeb88 2574
a203ac70
PB		 2575 if (len > 0) {
2576 rcu_read_lock();
eb7eeb88 2577 l = len;
a203ac70
PB		 2578 mr = address_space_translate(as, addr, &addr1, &l, true);
2579 result = address_space_write_continue(as, addr, attrs, buf, len,
2580 addr1, l, mr);
2581 rcu_read_unlock();
2582 }
2583
2584 return result;
2585}
2586
2587/* Called within RCU critical section. */
2588MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2589 MemTxAttrs attrs, uint8_t *buf,
2590 int len, hwaddr addr1, hwaddr l,
2591 MemoryRegion *mr)
2592{
2593 uint8_t *ptr;
2594 uint64_t val;
2595 MemTxResult result = MEMTX_OK;
2596 bool release_lock = false;
eb7eeb88 2597
a203ac70 2598 for (;;) {
eb7eeb88
PB		 2599 if (!memory_access_is_direct(mr, false)) {
2600 /* I/O case */
2601 release_lock |= prepare_mmio_access(mr);
2602 l = memory_access_size(mr, l, addr1);
2603 switch (l) {
2604 case 8:
2605 /* 64 bit read access */
2606 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2607 attrs);
2608 stq_p(buf, val);
2609 break;
2610 case 4:
2611 /* 32 bit read access */
2612 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2613 attrs);
2614 stl_p(buf, val);
2615 break;
2616 case 2:
2617 /* 16 bit read access */
2618 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2619 attrs);
2620 stw_p(buf, val);
2621 break;
2622 case 1:
2623 /* 8 bit read access */
2624 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2625 attrs);
2626 stb_p(buf, val);
2627 break;
2628 default:
2629 abort();
2630 }
2631 } else {
2632 /* RAM case */
0878d0e1 2633 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2634 memcpy(buf, ptr, l);
2635 }
2636
2637 if (release_lock) {
2638 qemu_mutex_unlock_iothread();
2639 release_lock = false;
2640 }
2641
2642 len -= l;
2643 buf += l;
2644 addr += l;
a203ac70
PB		 2645
2646 if (!len) {
2647 break;
2648 }
2649
2650 l = len;
2651 mr = address_space_translate(as, addr, &addr1, &l, false);
2652 }
2653
2654 return result;
2655}
2656
3cc8f884
PB		 2657MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2658 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2659{
2660 hwaddr l;
2661 hwaddr addr1;
2662 MemoryRegion *mr;
2663 MemTxResult result = MEMTX_OK;
2664
2665 if (len > 0) {
2666 rcu_read_lock();
2667 l = len;
2668 mr = address_space_translate(as, addr, &addr1, &l, false);
2669 result = address_space_read_continue(as, addr, attrs, buf, len,
2670 addr1, l, mr);
2671 rcu_read_unlock();
eb7eeb88 2672 }
eb7eeb88
PB		 2673
2674 return result;
ac1970fb
AK		 2675}
2676
eb7eeb88
PB		 2677MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2678 uint8_t *buf, int len, bool is_write)
2679{
2680 if (is_write) {
2681 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2682 } else {
2683 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2684 }
2685}
ac1970fb 2686
a8170e5e 2687void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2688 int len, int is_write)
2689{
5c9eb028
PM		 2690 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2691 buf, len, is_write);
ac1970fb
AK		 2692}
2693
582b55a9
AG		 2694enum write_rom_type {
2695 WRITE_DATA,
2696 FLUSH_CACHE,
2697};
2698
2a221651 2699static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2700 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2701{
149f54b5 2702 hwaddr l;
d0ecd2aa 2703 uint8_t *ptr;
149f54b5 2704 hwaddr addr1;
5c8a00ce 2705 MemoryRegion *mr;
3b46e624 2706
41063e1e 2707 rcu_read_lock();
d0ecd2aa 2708 while (len > 0) {
149f54b5 2709 l = len;
2a221651 2710 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2711
5c8a00ce
PB		 2712 if (!(memory_region_is_ram(mr) ||
2713 memory_region_is_romd(mr))) {
b242e0e0 2714 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2715 } else {
d0ecd2aa 2716 /* ROM/RAM case */
0878d0e1 2717 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2718 switch (type) {
2719 case WRITE_DATA:
2720 memcpy(ptr, buf, l);
845b6214 2721 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2722 break;
2723 case FLUSH_CACHE:
2724 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2725 break;
2726 }
d0ecd2aa
FB		 2727 }
2728 len -= l;
2729 buf += l;
2730 addr += l;
2731 }
41063e1e 2732 rcu_read_unlock();
d0ecd2aa
FB		 2733}
2734
582b55a9 2735/* used for ROM loading : can write in RAM and ROM */
2a221651 2736void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2737 const uint8_t *buf, int len)
2738{
2a221651 2739 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2740}
2741
2742void cpu_flush_icache_range(hwaddr start, int len)
2743{
2744 /*
2745 * This function should do the same thing as an icache flush that was
2746 * triggered from within the guest. For TCG we are always cache coherent,
2747 * so there is no need to flush anything. For KVM / Xen we need to flush
2748 * the host's instruction cache at least.
2749 */
2750 if (tcg_enabled()) {
2751 return;
2752 }
2753
2a221651
EI		 2754 cpu_physical_memory_write_rom_internal(&address_space_memory,
2755 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2756}
2757
6d16c2f8 2758typedef struct {
d3e71559 2759 MemoryRegion *mr;
6d16c2f8 2760 void *buffer;
a8170e5e
AK		 2761 hwaddr addr;
2762 hwaddr len;
c2cba0ff 2763 bool in_use;
6d16c2f8
AL		 2764} BounceBuffer;
2765
2766static BounceBuffer bounce;
2767
ba223c29 2768typedef struct MapClient {
e95205e1 2769 QEMUBH *bh;
72cf2d4f 2770 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2771} MapClient;
2772
38e047b5 2773QemuMutex map_client_list_lock;
72cf2d4f
BS		 2774static QLIST_HEAD(map_client_list, MapClient) map_client_list
2775 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2776
e95205e1
FZ		 2777static void cpu_unregister_map_client_do(MapClient *client)
2778{
2779 QLIST_REMOVE(client, link);
2780 g_free(client);
2781}
2782
33b6c2ed
FZ		 2783static void cpu_notify_map_clients_locked(void)
2784{
2785 MapClient *client;
2786
2787 while (!QLIST_EMPTY(&map_client_list)) {
2788 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2789 qemu_bh_schedule(client->bh);
2790 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2791 }
2792}
2793
e95205e1 2794void cpu_register_map_client(QEMUBH *bh)
ba223c29 2795{
7267c094 2796 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2797
38e047b5 2798 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2799 client->bh = bh;
72cf2d4f 2800 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2801 if (!atomic_read(&bounce.in_use)) {
2802 cpu_notify_map_clients_locked();
2803 }
38e047b5 2804 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2805}
2806
38e047b5 2807void cpu_exec_init_all(void)
ba223c29 2808{
38e047b5 2809 qemu_mutex_init(&ram_list.mutex);
38e047b5 2810 io_mem_init();
680a4783 2811 memory_map_init();
38e047b5 2812 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2813}
2814
e95205e1 2815void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2816{
2817 MapClient *client;
2818
e95205e1
FZ		 2819 qemu_mutex_lock(&map_client_list_lock);
2820 QLIST_FOREACH(client, &map_client_list, link) {
2821 if (client->bh == bh) {
2822 cpu_unregister_map_client_do(client);
2823 break;
2824 }
ba223c29 2825 }
e95205e1 2826 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2827}
2828
2829static void cpu_notify_map_clients(void)
2830{
38e047b5 2831 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2832 cpu_notify_map_clients_locked();
38e047b5 2833 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2834}
2835
51644ab7
PB		 2836bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2837{
5c8a00ce 2838 MemoryRegion *mr;
51644ab7
PB		 2839 hwaddr l, xlat;
2840
41063e1e 2841 rcu_read_lock();
51644ab7
PB		 2842 while (len > 0) {
2843 l = len;
5c8a00ce
PB		 2844 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2845 if (!memory_access_is_direct(mr, is_write)) {
2846 l = memory_access_size(mr, l, addr);
2847 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2848 return false;
2849 }
2850 }
2851
2852 len -= l;
2853 addr += l;
2854 }
41063e1e 2855 rcu_read_unlock();
51644ab7
PB		 2856 return true;
2857}
2858
6d16c2f8
AL		 2859/* Map a physical memory region into a host virtual address.
2860 * May map a subset of the requested range, given by and returned in *plen.
2861 * May return NULL if resources needed to perform the mapping are exhausted.
2862 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2863 * Use cpu_register_map_client() to know when retrying the map operation is
2864 * likely to succeed.
6d16c2f8 2865 */
ac1970fb 2866void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2867 hwaddr addr,
2868 hwaddr *plen,
ac1970fb 2869 bool is_write)
6d16c2f8 2870{
a8170e5e 2871 hwaddr len = *plen;
e3127ae0
PB		 2872 hwaddr done = 0;
2873 hwaddr l, xlat, base;
2874 MemoryRegion *mr, *this_mr;
e81bcda5 2875 void *ptr;
6d16c2f8 2876
e3127ae0
PB		 2877 if (len == 0) {
2878 return NULL;
2879 }
38bee5dc 2880
e3127ae0 2881 l = len;
41063e1e 2882 rcu_read_lock();
e3127ae0 2883 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2884
e3127ae0 2885 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2886 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2887 rcu_read_unlock();
e3127ae0 2888 return NULL;
6d16c2f8 2889 }
e85d9db5
KW		 2890 /* Avoid unbounded allocations */
2891 l = MIN(l, TARGET_PAGE_SIZE);
2892 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2893 bounce.addr = addr;
2894 bounce.len = l;
d3e71559
PB		 2895
2896 memory_region_ref(mr);
2897 bounce.mr = mr;
e3127ae0 2898 if (!is_write) {
5c9eb028
PM		 2899 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2900 bounce.buffer, l);
8ab934f9 2901 }
6d16c2f8 2902
41063e1e 2903 rcu_read_unlock();
e3127ae0
PB		 2904 *plen = l;
2905 return bounce.buffer;
2906 }
2907
2908 base = xlat;
e3127ae0
PB		 2909
2910 for (;;) {
6d16c2f8
AL		 2911 len -= l;
2912 addr += l;
e3127ae0
PB		 2913 done += l;
2914 if (len == 0) {
2915 break;
2916 }
2917
2918 l = len;
2919 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2920 if (this_mr != mr || xlat != base + done) {
2921 break;
2922 }
6d16c2f8 2923 }
e3127ae0 2924
d3e71559 2925 memory_region_ref(mr);
e3127ae0 2926 *plen = done;
0878d0e1 2927 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2928 rcu_read_unlock();
2929
2930 return ptr;
6d16c2f8
AL		 2931}
2932
ac1970fb 2933/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2934 * Will also mark the memory as dirty if is_write == 1. access_len gives
2935 * the amount of memory that was actually read or written by the caller.
2936 */
a8170e5e
AK		 2937void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2938 int is_write, hwaddr access_len)
6d16c2f8
AL		 2939{
2940 if (buffer != bounce.buffer) {
d3e71559
PB		 2941 MemoryRegion *mr;
2942 ram_addr_t addr1;
2943
07bdaa41 2944 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2945 assert(mr != NULL);
6d16c2f8 2946 if (is_write) {
845b6214 2947 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2948 }
868bb33f 2949 if (xen_enabled()) {
e41d7c69 2950 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2951 }
d3e71559 2952 memory_region_unref(mr);
6d16c2f8
AL		 2953 return;
2954 }
2955 if (is_write) {
5c9eb028
PM		 2956 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2957 bounce.buffer, access_len);
6d16c2f8 2958 }
f8a83245 2959 qemu_vfree(bounce.buffer);
6d16c2f8 2960 bounce.buffer = NULL;
d3e71559 2961 memory_region_unref(bounce.mr);
c2cba0ff 2962 atomic_mb_set(&bounce.in_use, false);
ba223c29 2963 cpu_notify_map_clients();
6d16c2f8 2964}
d0ecd2aa 2965
a8170e5e
AK		 2966void *cpu_physical_memory_map(hwaddr addr,
2967 hwaddr *plen,
ac1970fb
AK		 2968 int is_write)
2969{
2970 return address_space_map(&address_space_memory, addr, plen, is_write);
2971}
2972
a8170e5e
AK		 2973void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2974 int is_write, hwaddr access_len)
ac1970fb
AK		 2975{
2976 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2977}
2978
8df1cd07 2979/* warning: addr must be aligned */
50013115
PM		 2980static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2981 MemTxAttrs attrs,
2982 MemTxResult *result,
2983 enum device_endian endian)
8df1cd07 2984{
8df1cd07 2985 uint8_t *ptr;
791af8c8 2986 uint64_t val;
5c8a00ce 2987 MemoryRegion *mr;
149f54b5
PB		 2988 hwaddr l = 4;
2989 hwaddr addr1;
50013115 2990 MemTxResult r;
4840f10e 2991 bool release_lock = false;
8df1cd07 2992
41063e1e 2993 rcu_read_lock();
fdfba1a2 2994 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2995 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2996 release_lock |= prepare_mmio_access(mr);
125b3806 2997
8df1cd07 2998 /* I/O case */
50013115 2999 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3000#if defined(TARGET_WORDS_BIGENDIAN)
3001 if (endian == DEVICE_LITTLE_ENDIAN) {
3002 val = bswap32(val);
3003 }
3004#else
3005 if (endian == DEVICE_BIG_ENDIAN) {
3006 val = bswap32(val);
3007 }
3008#endif
8df1cd07
FB		 3009 } else {
3010 /* RAM case */
0878d0e1 3011 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3012 switch (endian) {
3013 case DEVICE_LITTLE_ENDIAN:
3014 val = ldl_le_p(ptr);
3015 break;
3016 case DEVICE_BIG_ENDIAN:
3017 val = ldl_be_p(ptr);
3018 break;
3019 default:
3020 val = ldl_p(ptr);
3021 break;
3022 }
50013115
PM		 3023 r = MEMTX_OK;
3024 }
3025 if (result) {
3026 *result = r;
8df1cd07 3027 }
4840f10e
JK		 3028 if (release_lock) {
3029 qemu_mutex_unlock_iothread();
3030 }
41063e1e 3031 rcu_read_unlock();
8df1cd07
FB		 3032 return val;
3033}
3034
50013115
PM		 3035uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3036 MemTxAttrs attrs, MemTxResult *result)
3037{
3038 return address_space_ldl_internal(as, addr, attrs, result,
3039 DEVICE_NATIVE_ENDIAN);
3040}
3041
3042uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3043 MemTxAttrs attrs, MemTxResult *result)
3044{
3045 return address_space_ldl_internal(as, addr, attrs, result,
3046 DEVICE_LITTLE_ENDIAN);
3047}
3048
3049uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3050 MemTxAttrs attrs, MemTxResult *result)
3051{
3052 return address_space_ldl_internal(as, addr, attrs, result,
3053 DEVICE_BIG_ENDIAN);
3054}
3055
fdfba1a2 3056uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3057{
50013115 3058 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3059}
3060
fdfba1a2 3061uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3062{
50013115 3063 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3064}
3065
fdfba1a2 3066uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3067{
50013115 3068 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3069}
3070
84b7b8e7 3071/* warning: addr must be aligned */
50013115
PM		 3072static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3073 MemTxAttrs attrs,
3074 MemTxResult *result,
3075 enum device_endian endian)
84b7b8e7 3076{
84b7b8e7
FB		 3077 uint8_t *ptr;
3078 uint64_t val;
5c8a00ce 3079 MemoryRegion *mr;
149f54b5
PB		 3080 hwaddr l = 8;
3081 hwaddr addr1;
50013115 3082 MemTxResult r;
4840f10e 3083 bool release_lock = false;
84b7b8e7 3084
41063e1e 3085 rcu_read_lock();
2c17449b 3086 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3087 false);
3088 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3089 release_lock |= prepare_mmio_access(mr);
125b3806 3090
84b7b8e7 3091 /* I/O case */
50013115 3092 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3093#if defined(TARGET_WORDS_BIGENDIAN)
3094 if (endian == DEVICE_LITTLE_ENDIAN) {
3095 val = bswap64(val);
3096 }
3097#else
3098 if (endian == DEVICE_BIG_ENDIAN) {
3099 val = bswap64(val);
3100 }
84b7b8e7
FB		 3101#endif
3102 } else {
3103 /* RAM case */
0878d0e1 3104 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3105 switch (endian) {
3106 case DEVICE_LITTLE_ENDIAN:
3107 val = ldq_le_p(ptr);
3108 break;
3109 case DEVICE_BIG_ENDIAN:
3110 val = ldq_be_p(ptr);
3111 break;
3112 default:
3113 val = ldq_p(ptr);
3114 break;
3115 }
50013115
PM		 3116 r = MEMTX_OK;
3117 }
3118 if (result) {
3119 *result = r;
84b7b8e7 3120 }
4840f10e
JK		 3121 if (release_lock) {
3122 qemu_mutex_unlock_iothread();
3123 }
41063e1e 3124 rcu_read_unlock();
84b7b8e7
FB		 3125 return val;
3126}
3127
50013115
PM		 3128uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs, MemTxResult *result)
3130{
3131 return address_space_ldq_internal(as, addr, attrs, result,
3132 DEVICE_NATIVE_ENDIAN);
3133}
3134
3135uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3137{
3138 return address_space_ldq_internal(as, addr, attrs, result,
3139 DEVICE_LITTLE_ENDIAN);
3140}
3141
3142uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs, MemTxResult *result)
3144{
3145 return address_space_ldq_internal(as, addr, attrs, result,
3146 DEVICE_BIG_ENDIAN);
3147}
3148
2c17449b 3149uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3150{
50013115 3151 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3152}
3153
2c17449b 3154uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3155{
50013115 3156 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3157}
3158
2c17449b 3159uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3160{
50013115 3161 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3162}
3163
aab33094 3164/* XXX: optimize */
50013115
PM		 3165uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3166 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3167{
3168 uint8_t val;
50013115
PM		 3169 MemTxResult r;
3170
3171 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3172 if (result) {
3173 *result = r;
3174 }
aab33094
FB		 3175 return val;
3176}
3177
50013115
PM		 3178uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3179{
3180 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3181}
3182
733f0b02 3183/* warning: addr must be aligned */
50013115
PM		 3184static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3185 hwaddr addr,
3186 MemTxAttrs attrs,
3187 MemTxResult *result,
3188 enum device_endian endian)
aab33094 3189{
733f0b02
MT		 3190 uint8_t *ptr;
3191 uint64_t val;
5c8a00ce 3192 MemoryRegion *mr;
149f54b5
PB		 3193 hwaddr l = 2;
3194 hwaddr addr1;
50013115 3195 MemTxResult r;
4840f10e 3196 bool release_lock = false;
733f0b02 3197
41063e1e 3198 rcu_read_lock();
41701aa4 3199 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3200 false);
3201 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3202 release_lock |= prepare_mmio_access(mr);
125b3806 3203
733f0b02 3204 /* I/O case */
50013115 3205 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3206#if defined(TARGET_WORDS_BIGENDIAN)
3207 if (endian == DEVICE_LITTLE_ENDIAN) {
3208 val = bswap16(val);
3209 }
3210#else
3211 if (endian == DEVICE_BIG_ENDIAN) {
3212 val = bswap16(val);
3213 }
3214#endif
733f0b02
MT		 3215 } else {
3216 /* RAM case */
0878d0e1 3217 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3218 switch (endian) {
3219 case DEVICE_LITTLE_ENDIAN:
3220 val = lduw_le_p(ptr);
3221 break;
3222 case DEVICE_BIG_ENDIAN:
3223 val = lduw_be_p(ptr);
3224 break;
3225 default:
3226 val = lduw_p(ptr);
3227 break;
3228 }
50013115
PM		 3229 r = MEMTX_OK;
3230 }
3231 if (result) {
3232 *result = r;
733f0b02 3233 }
4840f10e
JK		 3234 if (release_lock) {
3235 qemu_mutex_unlock_iothread();
3236 }
41063e1e 3237 rcu_read_unlock();
733f0b02 3238 return val;
aab33094
FB		 3239}
3240
50013115
PM		 3241uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3243{
3244 return address_space_lduw_internal(as, addr, attrs, result,
3245 DEVICE_NATIVE_ENDIAN);
3246}
3247
3248uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3249 MemTxAttrs attrs, MemTxResult *result)
3250{
3251 return address_space_lduw_internal(as, addr, attrs, result,
3252 DEVICE_LITTLE_ENDIAN);
3253}
3254
3255uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3256 MemTxAttrs attrs, MemTxResult *result)
3257{
3258 return address_space_lduw_internal(as, addr, attrs, result,
3259 DEVICE_BIG_ENDIAN);
3260}
3261
41701aa4 3262uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3263{
50013115 3264 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3265}
3266
41701aa4 3267uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3268{
50013115 3269 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3270}
3271
41701aa4 3272uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3273{
50013115 3274 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3275}
3276
8df1cd07
FB		 3277/* warning: addr must be aligned. The ram page is not masked as dirty
3278 and the code inside is not invalidated. It is useful if the dirty
3279 bits are used to track modified PTEs */
50013115
PM		 3280void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3281 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3282{
8df1cd07 3283 uint8_t *ptr;
5c8a00ce 3284 MemoryRegion *mr;
149f54b5
PB		 3285 hwaddr l = 4;
3286 hwaddr addr1;
50013115 3287 MemTxResult r;
845b6214 3288 uint8_t dirty_log_mask;
4840f10e 3289 bool release_lock = false;
8df1cd07 3290
41063e1e 3291 rcu_read_lock();
2198a121 3292 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3293 true);
3294 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3295 release_lock |= prepare_mmio_access(mr);
125b3806 3296
50013115 3297 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3298 } else {
0878d0e1 3299 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3300 stl_p(ptr, val);
74576198 3301
845b6214
PB		 3302 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3303 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3304 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3305 4, dirty_log_mask);
50013115
PM		 3306 r = MEMTX_OK;
3307 }
3308 if (result) {
3309 *result = r;
8df1cd07 3310 }
4840f10e
JK		 3311 if (release_lock) {
3312 qemu_mutex_unlock_iothread();
3313 }
41063e1e 3314 rcu_read_unlock();
8df1cd07
FB		 3315}
3316
50013115
PM		 3317void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3318{
3319 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3320}
3321
8df1cd07 3322/* warning: addr must be aligned */
50013115
PM		 3323static inline void address_space_stl_internal(AddressSpace *as,
3324 hwaddr addr, uint32_t val,
3325 MemTxAttrs attrs,
3326 MemTxResult *result,
3327 enum device_endian endian)
8df1cd07 3328{
8df1cd07 3329 uint8_t *ptr;
5c8a00ce 3330 MemoryRegion *mr;
149f54b5
PB		 3331 hwaddr l = 4;
3332 hwaddr addr1;
50013115 3333 MemTxResult r;
4840f10e 3334 bool release_lock = false;
8df1cd07 3335
41063e1e 3336 rcu_read_lock();
ab1da857 3337 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3338 true);
3339 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3340 release_lock |= prepare_mmio_access(mr);
125b3806 3341
1e78bcc1
AG		 3342#if defined(TARGET_WORDS_BIGENDIAN)
3343 if (endian == DEVICE_LITTLE_ENDIAN) {
3344 val = bswap32(val);
3345 }
3346#else
3347 if (endian == DEVICE_BIG_ENDIAN) {
3348 val = bswap32(val);
3349 }
3350#endif
50013115 3351 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3352 } else {
8df1cd07 3353 /* RAM case */
0878d0e1 3354 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3355 switch (endian) {
3356 case DEVICE_LITTLE_ENDIAN:
3357 stl_le_p(ptr, val);
3358 break;
3359 case DEVICE_BIG_ENDIAN:
3360 stl_be_p(ptr, val);
3361 break;
3362 default:
3363 stl_p(ptr, val);
3364 break;
3365 }
845b6214 3366 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3367 r = MEMTX_OK;
3368 }
3369 if (result) {
3370 *result = r;
8df1cd07 3371 }
4840f10e
JK		 3372 if (release_lock) {
3373 qemu_mutex_unlock_iothread();
3374 }
41063e1e 3375 rcu_read_unlock();
8df1cd07
FB		 3376}
3377
50013115
PM		 3378void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3379 MemTxAttrs attrs, MemTxResult *result)
3380{
3381 address_space_stl_internal(as, addr, val, attrs, result,
3382 DEVICE_NATIVE_ENDIAN);
3383}
3384
3385void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3387{
3388 address_space_stl_internal(as, addr, val, attrs, result,
3389 DEVICE_LITTLE_ENDIAN);
3390}
3391
3392void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3393 MemTxAttrs attrs, MemTxResult *result)
3394{
3395 address_space_stl_internal(as, addr, val, attrs, result,
3396 DEVICE_BIG_ENDIAN);
3397}
3398
ab1da857 3399void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3400{
50013115 3401 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3402}
3403
ab1da857 3404void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3405{
50013115 3406 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3407}
3408
ab1da857 3409void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3410{
50013115 3411 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3412}
3413
aab33094 3414/* XXX: optimize */
50013115
PM		 3415void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3416 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3417{
3418 uint8_t v = val;
50013115
PM		 3419 MemTxResult r;
3420
3421 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3422 if (result) {
3423 *result = r;
3424 }
3425}
3426
3427void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3428{
3429 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3430}
3431
733f0b02 3432/* warning: addr must be aligned */
50013115
PM		 3433static inline void address_space_stw_internal(AddressSpace *as,
3434 hwaddr addr, uint32_t val,
3435 MemTxAttrs attrs,
3436 MemTxResult *result,
3437 enum device_endian endian)
aab33094 3438{
733f0b02 3439 uint8_t *ptr;
5c8a00ce 3440 MemoryRegion *mr;
149f54b5
PB		 3441 hwaddr l = 2;
3442 hwaddr addr1;
50013115 3443 MemTxResult r;
4840f10e 3444 bool release_lock = false;
733f0b02 3445
41063e1e 3446 rcu_read_lock();
5ce5944d 3447 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3448 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3449 release_lock |= prepare_mmio_access(mr);
125b3806 3450
1e78bcc1
AG		 3451#if defined(TARGET_WORDS_BIGENDIAN)
3452 if (endian == DEVICE_LITTLE_ENDIAN) {
3453 val = bswap16(val);
3454 }
3455#else
3456 if (endian == DEVICE_BIG_ENDIAN) {
3457 val = bswap16(val);
3458 }
3459#endif
50013115 3460 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3461 } else {
733f0b02 3462 /* RAM case */
0878d0e1 3463 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3464 switch (endian) {
3465 case DEVICE_LITTLE_ENDIAN:
3466 stw_le_p(ptr, val);
3467 break;
3468 case DEVICE_BIG_ENDIAN:
3469 stw_be_p(ptr, val);
3470 break;
3471 default:
3472 stw_p(ptr, val);
3473 break;
3474 }
845b6214 3475 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3476 r = MEMTX_OK;
3477 }
3478 if (result) {
3479 *result = r;
733f0b02 3480 }
4840f10e
JK		 3481 if (release_lock) {
3482 qemu_mutex_unlock_iothread();
3483 }
41063e1e 3484 rcu_read_unlock();
aab33094
FB		 3485}
3486
50013115
PM		 3487void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
3489{
3490 address_space_stw_internal(as, addr, val, attrs, result,
3491 DEVICE_NATIVE_ENDIAN);
3492}
3493
3494void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3495 MemTxAttrs attrs, MemTxResult *result)
3496{
3497 address_space_stw_internal(as, addr, val, attrs, result,
3498 DEVICE_LITTLE_ENDIAN);
3499}
3500
3501void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3502 MemTxAttrs attrs, MemTxResult *result)
3503{
3504 address_space_stw_internal(as, addr, val, attrs, result,
3505 DEVICE_BIG_ENDIAN);
3506}
3507
5ce5944d 3508void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3509{
50013115 3510 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3511}
3512
5ce5944d 3513void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3514{
50013115 3515 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3516}
3517
5ce5944d 3518void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3519{
50013115 3520 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3521}
3522
aab33094 3523/* XXX: optimize */
50013115
PM		 3524void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3525 MemTxAttrs attrs, MemTxResult *result)
aab33094 3526{
50013115 3527 MemTxResult r;
aab33094 3528 val = tswap64(val);
50013115
PM		 3529 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3530 if (result) {
3531 *result = r;
3532 }
aab33094
FB		 3533}
3534
50013115
PM		 3535void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3536 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3537{
50013115 3538 MemTxResult r;
1e78bcc1 3539 val = cpu_to_le64(val);
50013115
PM		 3540 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3541 if (result) {
3542 *result = r;
3543 }
3544}
3545void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3546 MemTxAttrs attrs, MemTxResult *result)
3547{
3548 MemTxResult r;
3549 val = cpu_to_be64(val);
3550 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3551 if (result) {
3552 *result = r;
3553 }
3554}
3555
3556void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3557{
3558 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3559}
3560
3561void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3562{
3563 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3564}
3565
f606604f 3566void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3567{
50013115 3568 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3569}
3570
5e2972fd 3571/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3572int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3573 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3574{
3575 int l;
a8170e5e 3576 hwaddr phys_addr;
9b3c35e0 3577 target_ulong page;
13eb76e0
FB		 3578
3579 while (len > 0) {
5232e4c7
PM		 3580 int asidx;
3581 MemTxAttrs attrs;
3582
13eb76e0 3583 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3584 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3585 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3586 /* if no physical page mapped, return an error */
3587 if (phys_addr == -1)
3588 return -1;
3589 l = (page + TARGET_PAGE_SIZE) - addr;
3590 if (l > len)
3591 l = len;
5e2972fd 3592 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3593 if (is_write) {
5232e4c7
PM		 3594 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3595 phys_addr, buf, l);
2e38847b 3596 } else {
5232e4c7
PM		 3597 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3598 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3599 buf, l, 0);
2e38847b 3600 }
13eb76e0
FB		 3601 len -= l;
3602 buf += l;
3603 addr += l;
3604 }
3605 return 0;
3606}
038629a6
DDAG		 3607
3608/*
3609 * Allows code that needs to deal with migration bitmaps etc to still be built
3610 * target independent.
3611 */
3612size_t qemu_target_page_bits(void)
3613{
3614 return TARGET_PAGE_BITS;
3615}
3616
a68fe89c 3617#endif
13eb76e0 3618
8e4a424b
BS		 3619/*
3620 * A helper function for the _utterly broken_ virtio device model to find out if
3621 * it's running on a big endian machine. Don't do this at home kids!
3622 */
98ed8ecf
GK		 3623bool target_words_bigendian(void);
3624bool target_words_bigendian(void)
8e4a424b
BS		 3625{
3626#if defined(TARGET_WORDS_BIGENDIAN)
3627 return true;
3628#else
3629 return false;
3630#endif
3631}
3632
76f35538 3633#ifndef CONFIG_USER_ONLY
a8170e5e 3634bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3635{
5c8a00ce 3636 MemoryRegion*mr;
149f54b5 3637 hwaddr l = 1;
41063e1e 3638 bool res;
76f35538 3639
41063e1e 3640 rcu_read_lock();
5c8a00ce
PB		 3641 mr = address_space_translate(&address_space_memory,
3642 phys_addr, &phys_addr, &l, false);
76f35538 3643
41063e1e
PB		 3644 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3645 rcu_read_unlock();
3646 return res;
76f35538 3647}
bd2fa51f 3648
e3807054 3649int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3650{
3651 RAMBlock *block;
e3807054 3652 int ret = 0;
bd2fa51f 3653
0dc3f44a
MD		 3654 rcu_read_lock();
3655 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3656 ret = func(block->idstr, block->host, block->offset,
3657 block->used_length, opaque);
3658 if (ret) {
3659 break;
3660 }
bd2fa51f 3661 }
0dc3f44a 3662 rcu_read_unlock();
e3807054 3663 return ret;
bd2fa51f 3664}
ec3f8c99 3665#endif
Empty description
This page took 1.599304 seconds and 4 git commands to generate.