]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
67d95c15 57
b35ba30f 58#include "qemu/range.h"
794e8f30
MT		 59#ifndef _WIN32
60#include "qemu/mmap-alloc.h"
61#endif
b35ba30f 62
db7b5426 63//#define DEBUG_SUBPAGE
1196be37 64
e2eef170 65#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 66/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
0d53d9fe 69RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 70
71static MemoryRegion *system_memory;
309cb471 72static MemoryRegion *system_io;
62152b8a 73
f6790af6
AK		 74AddressSpace address_space_io;
75AddressSpace address_space_memory;
2673a5da 76
0844e007 77MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 78static MemoryRegion io_mem_unassigned;
0e0df1e2 79
7bd4f430
PB		 80/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81#define RAM_PREALLOC (1 << 0)
82
dbcb8981
PB		 83/* RAM is mmap-ed with MAP_SHARED */
84#define RAM_SHARED (1 << 1)
85
62be4e3a
MT		 86/* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89#define RAM_RESIZEABLE (1 << 2)
90
e2eef170 91#endif
9fa3e853 92
bdc44640 93struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 94/* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
f240eb6f 96__thread CPUState *current_cpu;
2e70f6ef 97/* 0 = Do not count executed instructions.
bf20dc07 98 1 = Precise instruction counting.
2e70f6ef 99 2 = Adaptive rate instruction counting. */
5708fc66 100int use_icount;
6a00d601 101
e2eef170 102#if !defined(CONFIG_USER_ONLY)
4346ae3e 103
1db8abb1
PB		 104typedef struct PhysPageEntry PhysPageEntry;
105
106struct PhysPageEntry {
9736e55b 107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 108 uint32_t skip : 6;
9736e55b 109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 110 uint32_t ptr : 26;
1db8abb1
PB		 111};
112
8b795765
MT		 113#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
03f49957 115/* Size of the L2 (and L3, etc) page tables. */
57271d63 116#define ADDR_SPACE_BITS 64
03f49957 117
026736ce 118#define P_L2_BITS 9
03f49957
PB		 119#define P_L2_SIZE (1 << P_L2_BITS)
120
121#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 124
53cb28cb 125typedef struct PhysPageMap {
79e2b9ae
PB		 126 struct rcu_head rcu;
127
53cb28cb
MA		 128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134} PhysPageMap;
135
1db8abb1 136struct AddressSpaceDispatch {
79e2b9ae
PB		 137 struct rcu_head rcu;
138
1db8abb1
PB		 139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
53cb28cb 143 PhysPageMap map;
acc9d80b 144 AddressSpace *as;
1db8abb1
PB		 145};
146
90260c6c
JK		 147#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148typedef struct subpage_t {
149 MemoryRegion iomem;
acc9d80b 150 AddressSpace *as;
90260c6c
JK		 151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153} subpage_t;
154
b41aac4f
LPF		 155#define PHYS_SECTION_UNASSIGNED 0
156#define PHYS_SECTION_NOTDIRTY 1
157#define PHYS_SECTION_ROM 2
158#define PHYS_SECTION_WATCH 3
5312bd8b 159
e2eef170 160static void io_mem_init(void);
62152b8a 161static void memory_map_init(void);
09daed84 162static void tcg_commit(MemoryListener *listener);
e2eef170 163
1ec9b909 164static MemoryRegion io_mem_watch;
32857f4d
PM		 165
166/**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178};
179
6658ffb8 180#endif
fd6ce8f6 181
6d9a1304 182#if !defined(CONFIG_USER_ONLY)
d6f2ea22 183
53cb28cb 184static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 185{
53cb28cb
MA		 186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 190 }
f7bf5461
AK		 191}
192
db94604b 193static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 194{
195 unsigned i;
8b795765 196 uint32_t ret;
db94604b
PB		 197 PhysPageEntry e;
198 PhysPageEntry *p;
f7bf5461 199
53cb28cb 200 ret = map->nodes_nb++;
db94604b 201 p = map->nodes[ret];
f7bf5461 202 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 203 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 207 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 208 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 209 }
f7bf5461 210 return ret;
d6f2ea22
AK		 211}
212
53cb28cb
MA		 213static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 215 int level)
f7bf5461
AK		 216{
217 PhysPageEntry *p;
03f49957 218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 219
9736e55b 220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 221 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 222 }
db94604b 223 p = map->nodes[lp->ptr];
03f49957 224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 225
03f49957 226 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 227 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 228 lp->skip = 0;
c19e8800 229 lp->ptr = leaf;
07f07b31
AK		 230 *index += step;
231 *nb -= step;
2999097b 232 } else {
53cb28cb 233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 234 }
235 ++lp;
f7bf5461
AK		 236 }
237}
238
ac1970fb 239static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 240 hwaddr index, hwaddr nb,
2999097b 241 uint16_t leaf)
f7bf5461 242{
2999097b 243 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 245
53cb28cb 246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 247}
248
b35ba30f
MT		 249/* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253{
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300}
301
302static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303{
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
53cb28cb 307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 308 }
309}
310
97115a8d 311static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 312 Node *nodes, MemoryRegionSection *sections)
92e873b9 313{
31ab2b4a 314 PhysPageEntry *p;
97115a8d 315 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 316 int i;
f1f6e3b8 317
9736e55b 318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 320 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 321 }
9affd6fc 322 p = nodes[lp.ptr];
03f49957 323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 324 }
b35ba30f
MT		 325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
f3705d53
AK		 333}
334
e5548617
BS		 335bool memory_region_is_unassigned(MemoryRegion *mr)
336{
2a8e7499 337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 338 && mr != &io_mem_watch;
fd6ce8f6 339}
149f54b5 340
79e2b9ae 341/* Called from RCU critical section */
c7086b4a 342static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 343 hwaddr addr,
344 bool resolve_subpage)
9f029603 345{
90260c6c
JK		 346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
53cb28cb 349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 353 }
354 return section;
9f029603
JK		 355}
356
79e2b9ae 357/* Called from RCU critical section */
90260c6c 358static MemoryRegionSection *
c7086b4a 359address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 360 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 361{
362 MemoryRegionSection *section;
965eb2fc 363 MemoryRegion *mr;
a87f3954 364 Int128 diff;
149f54b5 365
c7086b4a 366 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
965eb2fc 373 mr = section->mr;
b242e0e0
PB		 374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
965eb2fc 386 if (memory_region_is_ram(mr)) {
e4a511f8 387 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
149f54b5
PB		 390 return section;
391}
90260c6c 392
41063e1e 393/* Called from RCU critical section */
5c8a00ce
PB		 394MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
90260c6c 397{
30951157
AK		 398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
30951157
AK		 401
402 for (;;) {
79e2b9ae
PB		 403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
8d7b8cb9 411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
23820dbf 414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
fe680d0d 423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 425 *plen = MIN(page, *plen);
a87f3954
PB		 426 }
427
30951157
AK		 428 *xlat = addr;
429 return mr;
90260c6c
JK		 430}
431
79e2b9ae 432/* Called from RCU critical section */
90260c6c 433MemoryRegionSection *
d7898cda 434address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 435 hwaddr *xlat, hwaddr *plen)
90260c6c 436{
30951157 437 MemoryRegionSection *section;
d7898cda
PM		 438 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
439
440 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 441
442 assert(!section->mr->iommu_ops);
443 return section;
90260c6c 444}
5b6dd868 445#endif
fd6ce8f6 446
b170fce3 447#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 448
449static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 450{
259186a7 451 CPUState *cpu = opaque;
a513fe19 452
5b6dd868
BS		 453 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
454 version_id is increased. */
259186a7 455 cpu->interrupt_request &= ~0x01;
c01a71c1 456 tlb_flush(cpu, 1);
5b6dd868
BS		 457
458 return 0;
a513fe19 459}
7501267e 460
6c3bff0e
PD		 461static int cpu_common_pre_load(void *opaque)
462{
463 CPUState *cpu = opaque;
464
adee6424 465 cpu->exception_index = -1;
6c3bff0e
PD		 466
467 return 0;
468}
469
470static bool cpu_common_exception_index_needed(void *opaque)
471{
472 CPUState *cpu = opaque;
473
adee6424 474 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 475}
476
477static const VMStateDescription vmstate_cpu_common_exception_index = {
478 .name = "cpu_common/exception_index",
479 .version_id = 1,
480 .minimum_version_id = 1,
5cd8cada 481 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 482 .fields = (VMStateField[]) {
483 VMSTATE_INT32(exception_index, CPUState),
484 VMSTATE_END_OF_LIST()
485 }
486};
487
bac05aa9
AS		 488static bool cpu_common_crash_occurred_needed(void *opaque)
489{
490 CPUState *cpu = opaque;
491
492 return cpu->crash_occurred;
493}
494
495static const VMStateDescription vmstate_cpu_common_crash_occurred = {
496 .name = "cpu_common/crash_occurred",
497 .version_id = 1,
498 .minimum_version_id = 1,
499 .needed = cpu_common_crash_occurred_needed,
500 .fields = (VMStateField[]) {
501 VMSTATE_BOOL(crash_occurred, CPUState),
502 VMSTATE_END_OF_LIST()
503 }
504};
505
1a1562f5 506const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 507 .name = "cpu_common",
508 .version_id = 1,
509 .minimum_version_id = 1,
6c3bff0e 510 .pre_load = cpu_common_pre_load,
5b6dd868 511 .post_load = cpu_common_post_load,
35d08458 512 .fields = (VMStateField[]) {
259186a7
AF		 513 VMSTATE_UINT32(halted, CPUState),
514 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 515 VMSTATE_END_OF_LIST()
6c3bff0e 516 },
5cd8cada
JQ		 517 .subsections = (const VMStateDescription*[]) {
518 &vmstate_cpu_common_exception_index,
bac05aa9 519 &vmstate_cpu_common_crash_occurred,
5cd8cada 520 NULL
5b6dd868
BS		 521 }
522};
1a1562f5 523
5b6dd868 524#endif
ea041c0e 525
38d8f5c8 526CPUState *qemu_get_cpu(int index)
ea041c0e 527{
bdc44640 528 CPUState *cpu;
ea041c0e 529
bdc44640 530 CPU_FOREACH(cpu) {
55e5c285 531 if (cpu->cpu_index == index) {
bdc44640 532 return cpu;
55e5c285 533 }
ea041c0e 534 }
5b6dd868 535
bdc44640 536 return NULL;
ea041c0e
FB		 537}
538
09daed84 539#if !defined(CONFIG_USER_ONLY)
56943e8c 540void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 541{
12ebc9a7
PM		 542 CPUAddressSpace *newas;
543
544 /* Target code should have set num_ases before calling us */
545 assert(asidx < cpu->num_ases);
546
56943e8c
PM		 547 if (asidx == 0) {
548 /* address space 0 gets the convenience alias */
549 cpu->as = as;
550 }
551
12ebc9a7
PM		 552 /* KVM cannot currently support multiple address spaces. */
553 assert(asidx == 0 || !kvm_enabled());
09daed84 554
12ebc9a7
PM		 555 if (!cpu->cpu_ases) {
556 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 557 }
32857f4d 558
12ebc9a7
PM		 559 newas = &cpu->cpu_ases[asidx];
560 newas->cpu = cpu;
561 newas->as = as;
56943e8c 562 if (tcg_enabled()) {
12ebc9a7
PM		 563 newas->tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 565 }
09daed84
EI		 566}
567#endif
568
b7bca733
BR		 569#ifndef CONFIG_USER_ONLY
570static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
571
572static int cpu_get_free_index(Error **errp)
573{
574 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
575
576 if (cpu >= MAX_CPUMASK_BITS) {
577 error_setg(errp, "Trying to use more CPUs than max of %d",
578 MAX_CPUMASK_BITS);
579 return -1;
580 }
581
582 bitmap_set(cpu_index_map, cpu, 1);
583 return cpu;
584}
585
586void cpu_exec_exit(CPUState *cpu)
587{
588 if (cpu->cpu_index == -1) {
589 /* cpu_index was never allocated by this @cpu or was already freed. */
590 return;
591 }
592
593 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
594 cpu->cpu_index = -1;
595}
596#else
597
598static int cpu_get_free_index(Error **errp)
599{
600 CPUState *some_cpu;
601 int cpu_index = 0;
602
603 CPU_FOREACH(some_cpu) {
604 cpu_index++;
605 }
606 return cpu_index;
607}
608
609void cpu_exec_exit(CPUState *cpu)
610{
611}
612#endif
613
4bad9e39 614void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 615{
b170fce3 616 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 617 int cpu_index;
b7bca733 618 Error *local_err = NULL;
5b6dd868 619
56943e8c 620 cpu->as = NULL;
12ebc9a7 621 cpu->num_ases = 0;
56943e8c 622
291135b5 623#ifndef CONFIG_USER_ONLY
291135b5 624 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 625#endif
626
5b6dd868
BS		 627#if defined(CONFIG_USER_ONLY)
628 cpu_list_lock();
629#endif
b7bca733
BR		 630 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
631 if (local_err) {
632 error_propagate(errp, local_err);
633#if defined(CONFIG_USER_ONLY)
634 cpu_list_unlock();
635#endif
636 return;
5b6dd868 637 }
bdc44640 638 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 639#if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641#endif
e0d47944
AF		 642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
644 }
5b6dd868 645#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 647 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 648 assert(cc->vmsd == NULL);
e0d47944 649 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 650#endif
b170fce3
AF		 651 if (cc->vmsd != NULL) {
652 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
653 }
ea041c0e
FB		 654}
655
94df27fd 656#if defined(CONFIG_USER_ONLY)
00b941e5 657static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 658{
659 tb_invalidate_phys_page_range(pc, pc + 1, 0);
660}
661#else
00b941e5 662static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 663{
e8262a1b
MF		 664 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
665 if (phys != -1) {
09daed84 666 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 667 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 668 }
1e7855a5 669}
c27004ec 670#endif
d720b93d 671
c527ee8f 672#if defined(CONFIG_USER_ONLY)
75a34036 673void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 674
675{
676}
677
3ee887e8
PM		 678int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
679 int flags)
680{
681 return -ENOSYS;
682}
683
684void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
685{
686}
687
75a34036 688int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 689 int flags, CPUWatchpoint **watchpoint)
690{
691 return -ENOSYS;
692}
693#else
6658ffb8 694/* Add a watchpoint. */
75a34036 695int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 696 int flags, CPUWatchpoint **watchpoint)
6658ffb8 697{
c0ce998e 698 CPUWatchpoint *wp;
6658ffb8 699
05068c0d 700 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 701 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 702 error_report("tried to set invalid watchpoint at %"
703 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 704 return -EINVAL;
705 }
7267c094 706 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 707
708 wp->vaddr = addr;
05068c0d 709 wp->len = len;
a1d1bb31
AL		 710 wp->flags = flags;
711
2dc9f411 712 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 713 if (flags & BP_GDB) {
714 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
715 } else {
716 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
717 }
6658ffb8 718
31b030d4 719 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 720
721 if (watchpoint)
722 *watchpoint = wp;
723 return 0;
6658ffb8
PB		 724}
725
a1d1bb31 726/* Remove a specific watchpoint. */
75a34036 727int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 728 int flags)
6658ffb8 729{
a1d1bb31 730 CPUWatchpoint *wp;
6658ffb8 731
ff4700b0 732 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 733 if (addr == wp->vaddr && len == wp->len
6e140f28 734 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 735 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 736 return 0;
737 }
738 }
a1d1bb31 739 return -ENOENT;
6658ffb8
PB		 740}
741
a1d1bb31 742/* Remove a specific watchpoint by reference. */
75a34036 743void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 744{
ff4700b0 745 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 746
31b030d4 747 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 748
7267c094 749 g_free(watchpoint);
a1d1bb31
AL		 750}
751
752/* Remove all matching watchpoints. */
75a34036 753void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 754{
c0ce998e 755 CPUWatchpoint *wp, *next;
a1d1bb31 756
ff4700b0 757 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 758 if (wp->flags & mask) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
760 }
c0ce998e 761 }
7d03f82f 762}
05068c0d
PM		 763
764/* Return true if this watchpoint address matches the specified
765 * access (ie the address range covered by the watchpoint overlaps
766 * partially or completely with the address range covered by the
767 * access).
768 */
769static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
770 vaddr addr,
771 vaddr len)
772{
773 /* We know the lengths are non-zero, but a little caution is
774 * required to avoid errors in the case where the range ends
775 * exactly at the top of the address space and so addr + len
776 * wraps round to zero.
777 */
778 vaddr wpend = wp->vaddr + wp->len - 1;
779 vaddr addrend = addr + len - 1;
780
781 return !(addr > wpend || wp->vaddr > addrend);
782}
783
c527ee8f 784#endif
7d03f82f 785
a1d1bb31 786/* Add a breakpoint. */
b3310ab3 787int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 788 CPUBreakpoint **breakpoint)
4c3a88a2 789{
c0ce998e 790 CPUBreakpoint *bp;
3b46e624 791
7267c094 792 bp = g_malloc(sizeof(*bp));
4c3a88a2 793
a1d1bb31
AL		 794 bp->pc = pc;
795 bp->flags = flags;
796
2dc9f411 797 /* keep all GDB-injected breakpoints in front */
00b941e5 798 if (flags & BP_GDB) {
f0c3c505 799 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 800 } else {
f0c3c505 801 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 802 }
3b46e624 803
f0c3c505 804 breakpoint_invalidate(cpu, pc);
a1d1bb31 805
00b941e5 806 if (breakpoint) {
a1d1bb31 807 *breakpoint = bp;
00b941e5 808 }
4c3a88a2 809 return 0;
4c3a88a2
FB		 810}
811
a1d1bb31 812/* Remove a specific breakpoint. */
b3310ab3 813int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 814{
a1d1bb31
AL		 815 CPUBreakpoint *bp;
816
f0c3c505 817 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 818 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 819 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 820 return 0;
821 }
7d03f82f 822 }
a1d1bb31 823 return -ENOENT;
7d03f82f
EI		 824}
825
a1d1bb31 826/* Remove a specific breakpoint by reference. */
b3310ab3 827void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 828{
f0c3c505
AF		 829 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
830
831 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 832
7267c094 833 g_free(breakpoint);
a1d1bb31
AL		 834}
835
836/* Remove all matching breakpoints. */
b3310ab3 837void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 838{
c0ce998e 839 CPUBreakpoint *bp, *next;
a1d1bb31 840
f0c3c505 841 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 842 if (bp->flags & mask) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
844 }
c0ce998e 845 }
4c3a88a2
FB		 846}
847
c33a346e
FB		 848/* enable or disable single step mode. EXCP_DEBUG is returned by the
849 CPU loop after each instruction */
3825b28f 850void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 851{
ed2803da
AF		 852 if (cpu->singlestep_enabled != enabled) {
853 cpu->singlestep_enabled = enabled;
854 if (kvm_enabled()) {
38e478ec 855 kvm_update_guest_debug(cpu, 0);
ed2803da 856 } else {
ccbb4d44 857 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 858 /* XXX: only flush what is necessary */
bbd77c18 859 tb_flush(cpu);
e22a25c9 860 }
c33a346e 861 }
c33a346e
FB		 862}
863
a47dddd7 864void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 865{
866 va_list ap;
493ae1f0 867 va_list ap2;
7501267e
FB		 868
869 va_start(ap, fmt);
493ae1f0 870 va_copy(ap2, ap);
7501267e
FB		 871 fprintf(stderr, "qemu: fatal: ");
872 vfprintf(stderr, fmt, ap);
873 fprintf(stderr, "\n");
878096ee 874 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 875 if (qemu_log_separate()) {
93fcfe39
AL		 876 qemu_log("qemu: fatal: ");
877 qemu_log_vprintf(fmt, ap2);
878 qemu_log("\n");
a0762859 879 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 880 qemu_log_flush();
93fcfe39 881 qemu_log_close();
924edcae 882 }
493ae1f0 883 va_end(ap2);
f9373291 884 va_end(ap);
7615936e 885 replay_finish();
fd052bf6
RV		 886#if defined(CONFIG_USER_ONLY)
887 {
888 struct sigaction act;
889 sigfillset(&act.sa_mask);
890 act.sa_handler = SIG_DFL;
891 sigaction(SIGABRT, &act, NULL);
892 }
893#endif
7501267e
FB		 894 abort();
895}
896
0124311e 897#if !defined(CONFIG_USER_ONLY)
0dc3f44a 898/* Called from RCU critical section */
041603fe
PB		 899static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
900{
901 RAMBlock *block;
902
43771539 903 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 904 if (block && addr - block->offset < block->max_length) {
68851b98 905 return block;
041603fe 906 }
0dc3f44a 907 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 908 if (addr - block->offset < block->max_length) {
041603fe
PB		 909 goto found;
910 }
911 }
912
913 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
914 abort();
915
916found:
43771539
PB		 917 /* It is safe to write mru_block outside the iothread lock. This
918 * is what happens:
919 *
920 * mru_block = xxx
921 * rcu_read_unlock()
922 * xxx removed from list
923 * rcu_read_lock()
924 * read mru_block
925 * mru_block = NULL;
926 * call_rcu(reclaim_ramblock, xxx);
927 * rcu_read_unlock()
928 *
929 * atomic_rcu_set is not needed here. The block was already published
930 * when it was placed into the list. Here we're just making an extra
931 * copy of the pointer.
932 */
041603fe
PB		 933 ram_list.mru_block = block;
934 return block;
935}
936
a2f4d5be 937static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 938{
9a13565d 939 CPUState *cpu;
041603fe 940 ram_addr_t start1;
a2f4d5be
JQ		 941 RAMBlock *block;
942 ram_addr_t end;
943
944 end = TARGET_PAGE_ALIGN(start + length);
945 start &= TARGET_PAGE_MASK;
d24981d3 946
0dc3f44a 947 rcu_read_lock();
041603fe
PB		 948 block = qemu_get_ram_block(start);
949 assert(block == qemu_get_ram_block(end - 1));
1240be24 950 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 951 CPU_FOREACH(cpu) {
952 tlb_reset_dirty(cpu, start1, length);
953 }
0dc3f44a 954 rcu_read_unlock();
d24981d3
JQ		 955}
956
5579c7f3 957/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 958bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
959 ram_addr_t length,
960 unsigned client)
1ccde1cb 961{
03eebc9e
SH		 962 unsigned long end, page;
963 bool dirty;
964
965 if (length == 0) {
966 return false;
967 }
f23db169 968
03eebc9e
SH		 969 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
970 page = start >> TARGET_PAGE_BITS;
971 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
972 page, end - page);
973
974 if (dirty && tcg_enabled()) {
a2f4d5be 975 tlb_reset_dirty_range_all(start, length);
5579c7f3 976 }
03eebc9e
SH		 977
978 return dirty;
1ccde1cb
FB		 979}
980
79e2b9ae 981/* Called from RCU critical section */
bb0e627a 982hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 983 MemoryRegionSection *section,
984 target_ulong vaddr,
985 hwaddr paddr, hwaddr xlat,
986 int prot,
987 target_ulong *address)
e5548617 988{
a8170e5e 989 hwaddr iotlb;
e5548617
BS		 990 CPUWatchpoint *wp;
991
cc5bea60 992 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 993 /* Normal RAM. */
994 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 995 + xlat;
e5548617 996 if (!section->readonly) {
b41aac4f 997 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 998 } else {
b41aac4f 999 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1000 }
1001 } else {
0b8e2c10
PM		 1002 AddressSpaceDispatch *d;
1003
1004 d = atomic_rcu_read(&section->address_space->dispatch);
1005 iotlb = section - d->map.sections;
149f54b5 1006 iotlb += xlat;
e5548617
BS		 1007 }
1008
1009 /* Make accesses to pages with watchpoints go via the
1010 watchpoint trap routines. */
ff4700b0 1011 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1012 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1013 /* Avoid trapping reads of pages with a write breakpoint. */
1014 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1015 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1016 *address |= TLB_MMIO;
1017 break;
1018 }
1019 }
1020 }
1021
1022 return iotlb;
1023}
9fa3e853
FB		 1024#endif /* defined(CONFIG_USER_ONLY) */
1025
e2eef170 1026#if !defined(CONFIG_USER_ONLY)
8da3ff18 1027
c227f099 1028static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1029 uint16_t section);
acc9d80b 1030static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1031
a2b257d6
IM		 1032static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1033 qemu_anon_ram_alloc;
91138037
MA		 1034
1035/*
1036 * Set a custom physical guest memory alloator.
1037 * Accelerators with unusual needs may need this. Hopefully, we can
1038 * get rid of it eventually.
1039 */
a2b257d6 1040void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1041{
1042 phys_mem_alloc = alloc;
1043}
1044
53cb28cb
MA		 1045static uint16_t phys_section_add(PhysPageMap *map,
1046 MemoryRegionSection *section)
5312bd8b 1047{
68f3f65b
PB		 1048 /* The physical section number is ORed with a page-aligned
1049 * pointer to produce the iotlb entries. Thus it should
1050 * never overflow into the page-aligned value.
1051 */
53cb28cb 1052 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1053
53cb28cb
MA		 1054 if (map->sections_nb == map->sections_nb_alloc) {
1055 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1056 map->sections = g_renew(MemoryRegionSection, map->sections,
1057 map->sections_nb_alloc);
5312bd8b 1058 }
53cb28cb 1059 map->sections[map->sections_nb] = *section;
dfde4e6e 1060 memory_region_ref(section->mr);
53cb28cb 1061 return map->sections_nb++;
5312bd8b
AK		 1062}
1063
058bc4b5
PB		 1064static void phys_section_destroy(MemoryRegion *mr)
1065{
55b4e80b
DS		 1066 bool have_sub_page = mr->subpage;
1067
dfde4e6e
PB		 1068 memory_region_unref(mr);
1069
55b4e80b 1070 if (have_sub_page) {
058bc4b5 1071 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1072 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1073 g_free(subpage);
1074 }
1075}
1076
6092666e 1077static void phys_sections_free(PhysPageMap *map)
5312bd8b 1078{
9affd6fc
PB		 1079 while (map->sections_nb > 0) {
1080 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1081 phys_section_destroy(section->mr);
1082 }
9affd6fc
PB		 1083 g_free(map->sections);
1084 g_free(map->nodes);
5312bd8b
AK		 1085}
1086
ac1970fb 1087static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1088{
1089 subpage_t *subpage;
a8170e5e 1090 hwaddr base = section->offset_within_address_space
0f0cb164 1091 & TARGET_PAGE_MASK;
97115a8d 1092 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1093 d->map.nodes, d->map.sections);
0f0cb164
AK		 1094 MemoryRegionSection subsection = {
1095 .offset_within_address_space = base,
052e87b0 1096 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1097 };
a8170e5e 1098 hwaddr start, end;
0f0cb164 1099
f3705d53 1100 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1101
f3705d53 1102 if (!(existing->mr->subpage)) {
acc9d80b 1103 subpage = subpage_init(d->as, base);
3be91e86 1104 subsection.address_space = d->as;
0f0cb164 1105 subsection.mr = &subpage->iomem;
ac1970fb 1106 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1107 phys_section_add(&d->map, &subsection));
0f0cb164 1108 } else {
f3705d53 1109 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1110 }
1111 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1112 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1113 subpage_register(subpage, start, end,
1114 phys_section_add(&d->map, section));
0f0cb164
AK		 1115}
1116
1117
052e87b0
PB		 1118static void register_multipage(AddressSpaceDispatch *d,
1119 MemoryRegionSection *section)
33417e70 1120{
a8170e5e 1121 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1122 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1123 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1124 TARGET_PAGE_BITS));
dd81124b 1125
733d5ef5
PB		 1126 assert(num_pages);
1127 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1128}
1129
ac1970fb 1130static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1131{
89ae337a 1132 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1133 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1134 MemoryRegionSection now = *section, remain = *section;
052e87b0 1135 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1136
733d5ef5
PB		 1137 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1138 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1139 - now.offset_within_address_space;
1140
052e87b0 1141 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1142 register_subpage(d, &now);
733d5ef5 1143 } else {
052e87b0 1144 now.size = int128_zero();
733d5ef5 1145 }
052e87b0
PB		 1146 while (int128_ne(remain.size, now.size)) {
1147 remain.size = int128_sub(remain.size, now.size);
1148 remain.offset_within_address_space += int128_get64(now.size);
1149 remain.offset_within_region += int128_get64(now.size);
69b67646 1150 now = remain;
052e87b0 1151 if (int128_lt(remain.size, page_size)) {
733d5ef5 1152 register_subpage(d, &now);
88266249 1153 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1154 now.size = page_size;
ac1970fb 1155 register_subpage(d, &now);
69b67646 1156 } else {
052e87b0 1157 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1158 register_multipage(d, &now);
69b67646 1159 }
0f0cb164
AK		 1160 }
1161}
1162
62a2744c
SY		 1163void qemu_flush_coalesced_mmio_buffer(void)
1164{
1165 if (kvm_enabled())
1166 kvm_flush_coalesced_mmio_buffer();
1167}
1168
b2a8658e
UD		 1169void qemu_mutex_lock_ramlist(void)
1170{
1171 qemu_mutex_lock(&ram_list.mutex);
1172}
1173
1174void qemu_mutex_unlock_ramlist(void)
1175{
1176 qemu_mutex_unlock(&ram_list.mutex);
1177}
1178
e1e84ba0 1179#ifdef __linux__
c902760f
MT		 1180
1181#include <sys/vfs.h>
1182
1183#define HUGETLBFS_MAGIC 0x958458f6
1184
fc7a5800 1185static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1186{
1187 struct statfs fs;
1188 int ret;
1189
1190 do {
9742bf26 1191 ret = statfs(path, &fs);
c902760f
MT		 1192 } while (ret != 0 && errno == EINTR);
1193
1194 if (ret != 0) {
fc7a5800
HT		 1195 error_setg_errno(errp, errno, "failed to get page size of file %s",
1196 path);
9742bf26 1197 return 0;
c902760f
MT		 1198 }
1199
c902760f
MT		 1200 return fs.f_bsize;
1201}
1202
04b16653
AW		 1203static void *file_ram_alloc(RAMBlock *block,
1204 ram_addr_t memory,
7f56e740
PB		 1205 const char *path,
1206 Error **errp)
c902760f 1207{
8d31d6b6 1208 struct stat st;
c902760f 1209 char *filename;
8ca761f6
PF		 1210 char *sanitized_name;
1211 char *c;
794e8f30 1212 void *area;
c902760f 1213 int fd;
557529dd 1214 uint64_t hpagesize;
fc7a5800 1215 Error *local_err = NULL;
c902760f 1216
fc7a5800
HT		 1217 hpagesize = gethugepagesize(path, &local_err);
1218 if (local_err) {
1219 error_propagate(errp, local_err);
f9a49dfa 1220 goto error;
c902760f 1221 }
a2b257d6 1222 block->mr->align = hpagesize;
c902760f
MT		 1223
1224 if (memory < hpagesize) {
557529dd
HT		 1225 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1226 "or larger than huge page size 0x%" PRIx64,
1227 memory, hpagesize);
1228 goto error;
c902760f
MT		 1229 }
1230
1231 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1232 error_setg(errp,
1233 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1234 goto error;
c902760f
MT		 1235 }
1236
8d31d6b6
PF		 1237 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1238 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1239 sanitized_name = g_strdup(memory_region_name(block->mr));
1240 for (c = sanitized_name; *c != '\0'; c++) {
1241 if (*c == '/') {
1242 *c = '_';
1243 }
1244 }
8ca761f6 1245
8d31d6b6
PF		 1246 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1247 sanitized_name);
1248 g_free(sanitized_name);
1249
1250 fd = mkstemp(filename);
1251 if (fd >= 0) {
1252 unlink(filename);
1253 }
1254 g_free(filename);
1255 } else {
1256 fd = open(path, O_RDWR | O_CREAT, 0644);
1257 }
c902760f 1258
c902760f 1259 if (fd < 0) {
7f56e740
PB		 1260 error_setg_errno(errp, errno,
1261 "unable to create backing store for hugepages");
f9a49dfa 1262 goto error;
c902760f 1263 }
c902760f 1264
9284f319 1265 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1266
1267 /*
1268 * ftruncate is not supported by hugetlbfs in older
1269 * hosts, so don't bother bailing out on errors.
1270 * If anything goes wrong with it under other filesystems,
1271 * mmap will fail.
1272 */
7f56e740 1273 if (ftruncate(fd, memory)) {
9742bf26 1274 perror("ftruncate");
7f56e740 1275 }
c902760f 1276
794e8f30 1277 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1278 if (area == MAP_FAILED) {
7f56e740
PB		 1279 error_setg_errno(errp, errno,
1280 "unable to map backing store for hugepages");
9742bf26 1281 close(fd);
f9a49dfa 1282 goto error;
c902760f 1283 }
ef36fa14
MT		 1284
1285 if (mem_prealloc) {
38183310 1286 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1287 }
1288
04b16653 1289 block->fd = fd;
c902760f 1290 return area;
f9a49dfa
MT		 1291
1292error:
f9a49dfa 1293 return NULL;
c902760f
MT		 1294}
1295#endif
1296
0dc3f44a 1297/* Called with the ramlist lock held. */
d17b5288 1298static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1299{
1300 RAMBlock *block, *next_block;
3e837b2c 1301 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1302
49cd9ac6
SH		 1303 assert(size != 0); /* it would hand out same offset multiple times */
1304
0dc3f44a 1305 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1306 return 0;
0d53d9fe 1307 }
04b16653 1308
0dc3f44a 1309 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1310 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1311
62be4e3a 1312 end = block->offset + block->max_length;
04b16653 1313
0dc3f44a 1314 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1315 if (next_block->offset >= end) {
1316 next = MIN(next, next_block->offset);
1317 }
1318 }
1319 if (next - end >= size && next - end < mingap) {
3e837b2c 1320 offset = end;
04b16653
AW		 1321 mingap = next - end;
1322 }
1323 }
3e837b2c
AW		 1324
1325 if (offset == RAM_ADDR_MAX) {
1326 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1327 (uint64_t)size);
1328 abort();
1329 }
1330
04b16653
AW		 1331 return offset;
1332}
1333
652d7ec2 1334ram_addr_t last_ram_offset(void)
d17b5288
AW		 1335{
1336 RAMBlock *block;
1337 ram_addr_t last = 0;
1338
0dc3f44a
MD		 1339 rcu_read_lock();
1340 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1341 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1342 }
0dc3f44a 1343 rcu_read_unlock();
d17b5288
AW		 1344 return last;
1345}
1346
ddb97f1d
JB		 1347static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1348{
1349 int ret;
ddb97f1d
JB		 1350
1351 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1352 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1353 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1354 if (ret) {
1355 perror("qemu_madvise");
1356 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1357 "but dump_guest_core=off specified\n");
1358 }
1359 }
1360}
1361
0dc3f44a
MD		 1362/* Called within an RCU critical section, or while the ramlist lock
1363 * is held.
1364 */
20cfe881 1365static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1366{
20cfe881 1367 RAMBlock *block;
84b89d78 1368
0dc3f44a 1369 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1370 if (block->offset == addr) {
20cfe881 1371 return block;
c5705a77
AK		 1372 }
1373 }
20cfe881
HT		 1374
1375 return NULL;
1376}
1377
422148d3
DDAG		 1378const char *qemu_ram_get_idstr(RAMBlock *rb)
1379{
1380 return rb->idstr;
1381}
1382
ae3a7047 1383/* Called with iothread lock held. */
20cfe881
HT		 1384void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1385{
ae3a7047 1386 RAMBlock *new_block, *block;
20cfe881 1387
0dc3f44a 1388 rcu_read_lock();
ae3a7047 1389 new_block = find_ram_block(addr);
c5705a77
AK		 1390 assert(new_block);
1391 assert(!new_block->idstr[0]);
84b89d78 1392
09e5ab63
AL		 1393 if (dev) {
1394 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1395 if (id) {
1396 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1397 g_free(id);
84b89d78
CM		 1398 }
1399 }
1400 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1401
0dc3f44a 1402 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1403 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1404 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1405 new_block->idstr);
1406 abort();
1407 }
1408 }
0dc3f44a 1409 rcu_read_unlock();
c5705a77
AK		 1410}
1411
ae3a7047 1412/* Called with iothread lock held. */
20cfe881
HT		 1413void qemu_ram_unset_idstr(ram_addr_t addr)
1414{
ae3a7047 1415 RAMBlock *block;
20cfe881 1416
ae3a7047
MD		 1417 /* FIXME: arch_init.c assumes that this is not called throughout
1418 * migration. Ignore the problem since hot-unplug during migration
1419 * does not work anyway.
1420 */
1421
0dc3f44a 1422 rcu_read_lock();
ae3a7047 1423 block = find_ram_block(addr);
20cfe881
HT		 1424 if (block) {
1425 memset(block->idstr, 0, sizeof(block->idstr));
1426 }
0dc3f44a 1427 rcu_read_unlock();
20cfe881
HT		 1428}
1429
8490fc78
LC		 1430static int memory_try_enable_merging(void *addr, size_t len)
1431{
75cc7f01 1432 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1433 /* disabled by the user */
1434 return 0;
1435 }
1436
1437 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1438}
1439
62be4e3a
MT		 1440/* Only legal before guest might have detected the memory size: e.g. on
1441 * incoming migration, or right after reset.
1442 *
1443 * As memory core doesn't know how is memory accessed, it is up to
1444 * resize callback to update device state and/or add assertions to detect
1445 * misuse, if necessary.
1446 */
1447int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1448{
1449 RAMBlock *block = find_ram_block(base);
1450
1451 assert(block);
1452
4ed023ce 1453 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1454
62be4e3a
MT		 1455 if (block->used_length == newsize) {
1456 return 0;
1457 }
1458
1459 if (!(block->flags & RAM_RESIZEABLE)) {
1460 error_setg_errno(errp, EINVAL,
1461 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1462 " in != 0x" RAM_ADDR_FMT, block->idstr,
1463 newsize, block->used_length);
1464 return -EINVAL;
1465 }
1466
1467 if (block->max_length < newsize) {
1468 error_setg_errno(errp, EINVAL,
1469 "Length too large: %s: 0x" RAM_ADDR_FMT
1470 " > 0x" RAM_ADDR_FMT, block->idstr,
1471 newsize, block->max_length);
1472 return -EINVAL;
1473 }
1474
1475 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1476 block->used_length = newsize;
58d2707e
PB		 1477 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1478 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1479 memory_region_set_size(block->mr, newsize);
1480 if (block->resized) {
1481 block->resized(block->idstr, newsize, block->host);
1482 }
1483 return 0;
1484}
1485
ef701d7b 1486static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1487{
e1c57ab8 1488 RAMBlock *block;
0d53d9fe 1489 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1490 ram_addr_t old_ram_size, new_ram_size;
1491
1492 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1493
b2a8658e 1494 qemu_mutex_lock_ramlist();
9b8424d5 1495 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1496
1497 if (!new_block->host) {
1498 if (xen_enabled()) {
9b8424d5
MT		 1499 xen_ram_alloc(new_block->offset, new_block->max_length,
1500 new_block->mr);
e1c57ab8 1501 } else {
9b8424d5 1502 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1503 &new_block->mr->align);
39228250 1504 if (!new_block->host) {
ef701d7b
HT		 1505 error_setg_errno(errp, errno,
1506 "cannot set up guest memory '%s'",
1507 memory_region_name(new_block->mr));
1508 qemu_mutex_unlock_ramlist();
1509 return -1;
39228250 1510 }
9b8424d5 1511 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1512 }
c902760f 1513 }
94a6b54f 1514
dd631697
LZ		 1515 new_ram_size = MAX(old_ram_size,
1516 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1517 if (new_ram_size > old_ram_size) {
1518 migration_bitmap_extend(old_ram_size, new_ram_size);
1519 }
0d53d9fe
MD		 1520 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1521 * QLIST (which has an RCU-friendly variant) does not have insertion at
1522 * tail, so save the last element in last_block.
1523 */
0dc3f44a 1524 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1525 last_block = block;
9b8424d5 1526 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1527 break;
1528 }
1529 }
1530 if (block) {
0dc3f44a 1531 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1532 } else if (last_block) {
0dc3f44a 1533 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1534 } else { /* list is empty */
0dc3f44a 1535 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1536 }
0d6d3c87 1537 ram_list.mru_block = NULL;
94a6b54f 1538
0dc3f44a
MD		 1539 /* Write list before version */
1540 smp_wmb();
f798b07f 1541 ram_list.version++;
b2a8658e 1542 qemu_mutex_unlock_ramlist();
f798b07f 1543
2152f5ca
JQ		 1544 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1545
1546 if (new_ram_size > old_ram_size) {
1ab4c8ce 1547 int i;
ae3a7047
MD		 1548
1549 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1550 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1551 ram_list.dirty_memory[i] =
1552 bitmap_zero_extend(ram_list.dirty_memory[i],
1553 old_ram_size, new_ram_size);
1554 }
2152f5ca 1555 }
9b8424d5 1556 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1557 new_block->used_length,
1558 DIRTY_CLIENTS_ALL);
94a6b54f 1559
a904c911
PB		 1560 if (new_block->host) {
1561 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1562 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1563 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1564 if (kvm_enabled()) {
1565 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1566 }
e1c57ab8 1567 }
6f0437e8 1568
94a6b54f
PB		 1569 return new_block->offset;
1570}
e9a1ab19 1571
0b183fc8 1572#ifdef __linux__
e1c57ab8 1573ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1574 bool share, const char *mem_path,
7f56e740 1575 Error **errp)
e1c57ab8
PB		 1576{
1577 RAMBlock *new_block;
ef701d7b
HT		 1578 ram_addr_t addr;
1579 Error *local_err = NULL;
e1c57ab8
PB		 1580
1581 if (xen_enabled()) {
7f56e740
PB		 1582 error_setg(errp, "-mem-path not supported with Xen");
1583 return -1;
e1c57ab8
PB		 1584 }
1585
1586 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1587 /*
1588 * file_ram_alloc() needs to allocate just like
1589 * phys_mem_alloc, but we haven't bothered to provide
1590 * a hook there.
1591 */
7f56e740
PB		 1592 error_setg(errp,
1593 "-mem-path not supported with this accelerator");
1594 return -1;
e1c57ab8
PB		 1595 }
1596
4ed023ce 1597 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1598 new_block = g_malloc0(sizeof(*new_block));
1599 new_block->mr = mr;
9b8424d5
MT		 1600 new_block->used_length = size;
1601 new_block->max_length = size;
dbcb8981 1602 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1603 new_block->host = file_ram_alloc(new_block, size,
1604 mem_path, errp);
1605 if (!new_block->host) {
1606 g_free(new_block);
1607 return -1;
1608 }
1609
ef701d7b
HT		 1610 addr = ram_block_add(new_block, &local_err);
1611 if (local_err) {
1612 g_free(new_block);
1613 error_propagate(errp, local_err);
1614 return -1;
1615 }
1616 return addr;
e1c57ab8 1617}
0b183fc8 1618#endif
e1c57ab8 1619
62be4e3a
MT		 1620static
1621ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1622 void (*resized)(const char*,
1623 uint64_t length,
1624 void *host),
1625 void *host, bool resizeable,
ef701d7b 1626 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1627{
1628 RAMBlock *new_block;
ef701d7b
HT		 1629 ram_addr_t addr;
1630 Error *local_err = NULL;
e1c57ab8 1631
4ed023ce
DDAG		 1632 size = HOST_PAGE_ALIGN(size);
1633 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1634 new_block = g_malloc0(sizeof(*new_block));
1635 new_block->mr = mr;
62be4e3a 1636 new_block->resized = resized;
9b8424d5
MT		 1637 new_block->used_length = size;
1638 new_block->max_length = max_size;
62be4e3a 1639 assert(max_size >= size);
e1c57ab8
PB		 1640 new_block->fd = -1;
1641 new_block->host = host;
1642 if (host) {
7bd4f430 1643 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1644 }
62be4e3a
MT		 1645 if (resizeable) {
1646 new_block->flags |= RAM_RESIZEABLE;
1647 }
ef701d7b
HT		 1648 addr = ram_block_add(new_block, &local_err);
1649 if (local_err) {
1650 g_free(new_block);
1651 error_propagate(errp, local_err);
1652 return -1;
1653 }
1654 return addr;
e1c57ab8
PB		 1655}
1656
62be4e3a
MT		 1657ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1658 MemoryRegion *mr, Error **errp)
1659{
1660 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1661}
1662
ef701d7b 1663ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1664{
62be4e3a
MT		 1665 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1666}
1667
1668ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1669 void (*resized)(const char*,
1670 uint64_t length,
1671 void *host),
1672 MemoryRegion *mr, Error **errp)
1673{
1674 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1675}
1676
43771539
PB		 1677static void reclaim_ramblock(RAMBlock *block)
1678{
1679 if (block->flags & RAM_PREALLOC) {
1680 ;
1681 } else if (xen_enabled()) {
1682 xen_invalidate_map_cache_entry(block->host);
1683#ifndef _WIN32
1684 } else if (block->fd >= 0) {
2f3a2bb1 1685 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1686 close(block->fd);
1687#endif
1688 } else {
1689 qemu_anon_ram_free(block->host, block->max_length);
1690 }
1691 g_free(block);
1692}
1693
c227f099 1694void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1695{
04b16653
AW		 1696 RAMBlock *block;
1697
b2a8658e 1698 qemu_mutex_lock_ramlist();
0dc3f44a 1699 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1700 if (addr == block->offset) {
0dc3f44a 1701 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1702 ram_list.mru_block = NULL;
0dc3f44a
MD		 1703 /* Write list before version */
1704 smp_wmb();
f798b07f 1705 ram_list.version++;
43771539 1706 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1707 break;
04b16653
AW		 1708 }
1709 }
b2a8658e 1710 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1711}
1712
cd19cfa2
HY		 1713#ifndef _WIN32
1714void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1715{
1716 RAMBlock *block;
1717 ram_addr_t offset;
1718 int flags;
1719 void *area, *vaddr;
1720
0dc3f44a 1721 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1722 offset = addr - block->offset;
9b8424d5 1723 if (offset < block->max_length) {
1240be24 1724 vaddr = ramblock_ptr(block, offset);
7bd4f430 1725 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1726 ;
dfeaf2ab
MA		 1727 } else if (xen_enabled()) {
1728 abort();
cd19cfa2
HY		 1729 } else {
1730 flags = MAP_FIXED;
3435f395 1731 if (block->fd >= 0) {
dbcb8981
PB		 1732 flags |= (block->flags & RAM_SHARED ?
1733 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1734 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1735 flags, block->fd, offset);
cd19cfa2 1736 } else {
2eb9fbaa
MA		 1737 /*
1738 * Remap needs to match alloc. Accelerators that
1739 * set phys_mem_alloc never remap. If they did,
1740 * we'd need a remap hook here.
1741 */
1742 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1743
cd19cfa2
HY		 1744 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1745 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1746 flags, -1, 0);
cd19cfa2
HY		 1747 }
1748 if (area != vaddr) {
f15fbc4b
AP		 1749 fprintf(stderr, "Could not remap addr: "
1750 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1751 length, addr);
1752 exit(1);
1753 }
8490fc78 1754 memory_try_enable_merging(vaddr, length);
ddb97f1d 1755 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1756 }
cd19cfa2
HY		 1757 }
1758 }
1759}
1760#endif /* !_WIN32 */
1761
a35ba7be
PB		 1762int qemu_get_ram_fd(ram_addr_t addr)
1763{
ae3a7047
MD		 1764 RAMBlock *block;
1765 int fd;
a35ba7be 1766
0dc3f44a 1767 rcu_read_lock();
ae3a7047
MD		 1768 block = qemu_get_ram_block(addr);
1769 fd = block->fd;
0dc3f44a 1770 rcu_read_unlock();
ae3a7047 1771 return fd;
a35ba7be
PB		 1772}
1773
56a571d9
TM		 1774void qemu_set_ram_fd(ram_addr_t addr, int fd)
1775{
1776 RAMBlock *block;
1777
1778 rcu_read_lock();
1779 block = qemu_get_ram_block(addr);
1780 block->fd = fd;
1781 rcu_read_unlock();
1782}
1783
3fd74b84
DM		 1784void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1785{
ae3a7047
MD		 1786 RAMBlock *block;
1787 void *ptr;
3fd74b84 1788
0dc3f44a 1789 rcu_read_lock();
ae3a7047
MD		 1790 block = qemu_get_ram_block(addr);
1791 ptr = ramblock_ptr(block, 0);
0dc3f44a 1792 rcu_read_unlock();
ae3a7047 1793 return ptr;
3fd74b84
DM		 1794}
1795
1b5ec234 1796/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1797 * This should not be used for general purpose DMA. Use address_space_map
1798 * or address_space_rw instead. For local memory (e.g. video ram) that the
1799 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1800 *
49b24afc 1801 * Called within RCU critical section.
1b5ec234
PB		 1802 */
1803void *qemu_get_ram_ptr(ram_addr_t addr)
1804{
49b24afc 1805 RAMBlock *block = qemu_get_ram_block(addr);
ae3a7047
MD		 1806
1807 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1808 /* We need to check if the requested address is in the RAM
1809 * because we don't want to map the entire memory in QEMU.
1810 * In that case just map until the end of the page.
1811 */
1812 if (block->offset == 0) {
49b24afc 1813 return xen_map_cache(addr, 0, 0);
0d6d3c87 1814 }
ae3a7047
MD		 1815
1816 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1817 }
49b24afc 1818 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1819}
1820
38bee5dc 1821/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1822 * but takes a size argument.
0dc3f44a 1823 *
e81bcda5 1824 * Called within RCU critical section.
ae3a7047 1825 */
cb85f7ab 1826static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1827{
e81bcda5
PB		 1828 RAMBlock *block;
1829 ram_addr_t offset_inside_block;
8ab934f9
SS		 1830 if (*size == 0) {
1831 return NULL;
1832 }
e81bcda5
PB		 1833
1834 block = qemu_get_ram_block(addr);
1835 offset_inside_block = addr - block->offset;
1836 *size = MIN(*size, block->max_length - offset_inside_block);
1837
1838 if (xen_enabled() && block->host == NULL) {
1839 /* We need to check if the requested address is in the RAM
1840 * because we don't want to map the entire memory in QEMU.
1841 * In that case just map the requested area.
1842 */
1843 if (block->offset == 0) {
1844 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1845 }
1846
e81bcda5 1847 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1848 }
e81bcda5
PB		 1849
1850 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1851}
1852
422148d3
DDAG		 1853/*
1854 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1855 * in that RAMBlock.
1856 *
1857 * ptr: Host pointer to look up
1858 * round_offset: If true round the result offset down to a page boundary
1859 * *ram_addr: set to result ram_addr
1860 * *offset: set to result offset within the RAMBlock
1861 *
1862 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1863 *
1864 * By the time this function returns, the returned pointer is not protected
1865 * by RCU anymore. If the caller is not within an RCU critical section and
1866 * does not hold the iothread lock, it must have other means of protecting the
1867 * pointer, such as a reference to the region that includes the incoming
1868 * ram_addr_t.
1869 */
422148d3
DDAG		 1870RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1871 ram_addr_t *ram_addr,
1872 ram_addr_t *offset)
5579c7f3 1873{
94a6b54f
PB		 1874 RAMBlock *block;
1875 uint8_t *host = ptr;
1876
868bb33f 1877 if (xen_enabled()) {
0dc3f44a 1878 rcu_read_lock();
e41d7c69 1879 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1880 block = qemu_get_ram_block(*ram_addr);
1881 if (block) {
1882 *offset = (host - block->host);
1883 }
0dc3f44a 1884 rcu_read_unlock();
422148d3 1885 return block;
712c2b41
SS		 1886 }
1887
0dc3f44a
MD		 1888 rcu_read_lock();
1889 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1890 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1891 goto found;
1892 }
1893
0dc3f44a 1894 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1895 /* This case append when the block is not mapped. */
1896 if (block->host == NULL) {
1897 continue;
1898 }
9b8424d5 1899 if (host - block->host < block->max_length) {
23887b79 1900 goto found;
f471a17e 1901 }
94a6b54f 1902 }
432d268c 1903
0dc3f44a 1904 rcu_read_unlock();
1b5ec234 1905 return NULL;
23887b79
PB		 1906
1907found:
422148d3
DDAG		 1908 *offset = (host - block->host);
1909 if (round_offset) {
1910 *offset &= TARGET_PAGE_MASK;
1911 }
1912 *ram_addr = block->offset + *offset;
0dc3f44a 1913 rcu_read_unlock();
422148d3
DDAG		 1914 return block;
1915}
1916
e3dd7493
DDAG		 1917/*
1918 * Finds the named RAMBlock
1919 *
1920 * name: The name of RAMBlock to find
1921 *
1922 * Returns: RAMBlock (or NULL if not found)
1923 */
1924RAMBlock *qemu_ram_block_by_name(const char *name)
1925{
1926 RAMBlock *block;
1927
1928 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1929 if (!strcmp(name, block->idstr)) {
1930 return block;
1931 }
1932 }
1933
1934 return NULL;
1935}
1936
422148d3
DDAG		 1937/* Some of the softmmu routines need to translate from a host pointer
1938 (typically a TLB entry) back to a ram offset. */
1939MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1940{
1941 RAMBlock *block;
1942 ram_addr_t offset; /* Not used */
1943
1944 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1945
1946 if (!block) {
1947 return NULL;
1948 }
1949
1950 return block->mr;
e890261f 1951}
f471a17e 1952
49b24afc 1953/* Called within RCU critical section. */
a8170e5e 1954static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1955 uint64_t val, unsigned size)
9fa3e853 1956{
52159192 1957 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1958 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1959 }
0e0df1e2
AK		 1960 switch (size) {
1961 case 1:
1962 stb_p(qemu_get_ram_ptr(ram_addr), val);
1963 break;
1964 case 2:
1965 stw_p(qemu_get_ram_ptr(ram_addr), val);
1966 break;
1967 case 4:
1968 stl_p(qemu_get_ram_ptr(ram_addr), val);
1969 break;
1970 default:
1971 abort();
3a7d929e 1972 }
58d2707e
PB		 1973 /* Set both VGA and migration bits for simplicity and to remove
1974 * the notdirty callback faster.
1975 */
1976 cpu_physical_memory_set_dirty_range(ram_addr, size,
1977 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1978 /* we remove the notdirty callback only if the code has been
1979 flushed */
a2cd8c85 1980 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1981 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1982 }
9fa3e853
FB		 1983}
1984
b018ddf6
PB		 1985static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1986 unsigned size, bool is_write)
1987{
1988 return is_write;
1989}
1990
0e0df1e2 1991static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1992 .write = notdirty_mem_write,
b018ddf6 1993 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1994 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1995};
1996
0f459d16 1997/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1998static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1999{
93afeade
AF		 2000 CPUState *cpu = current_cpu;
2001 CPUArchState *env = cpu->env_ptr;
06d55cc1 2002 target_ulong pc, cs_base;
0f459d16 2003 target_ulong vaddr;
a1d1bb31 2004 CPUWatchpoint *wp;
06d55cc1 2005 int cpu_flags;
0f459d16 2006
ff4700b0 2007 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2008 /* We re-entered the check after replacing the TB. Now raise
2009 * the debug interrupt so that is will trigger after the
2010 * current instruction. */
93afeade 2011 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2012 return;
2013 }
93afeade 2014 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2015 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2016 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2017 && (wp->flags & flags)) {
08225676
PM		 2018 if (flags == BP_MEM_READ) {
2019 wp->flags |= BP_WATCHPOINT_HIT_READ;
2020 } else {
2021 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2022 }
2023 wp->hitaddr = vaddr;
66b9b43c 2024 wp->hitattrs = attrs;
ff4700b0
AF		 2025 if (!cpu->watchpoint_hit) {
2026 cpu->watchpoint_hit = wp;
239c51a5 2027 tb_check_watchpoint(cpu);
6e140f28 2028 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2029 cpu->exception_index = EXCP_DEBUG;
5638d180 2030 cpu_loop_exit(cpu);
6e140f28
AL		 2031 } else {
2032 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2033 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2034 cpu_resume_from_signal(cpu, NULL);
6e140f28 2035 }
06d55cc1 2036 }
6e140f28
AL		 2037 } else {
2038 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2039 }
2040 }
2041}
2042
6658ffb8
PB		 2043/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2044 so these check for a hit then pass through to the normal out-of-line
2045 phys routines. */
66b9b43c
PM		 2046static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2047 unsigned size, MemTxAttrs attrs)
6658ffb8 2048{
66b9b43c
PM		 2049 MemTxResult res;
2050 uint64_t data;
2051
2052 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2053 switch (size) {
66b9b43c
PM		 2054 case 1:
2055 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2056 break;
2057 case 2:
2058 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2059 break;
2060 case 4:
2061 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2062 break;
1ec9b909
AK		 2063 default: abort();
2064 }
66b9b43c
PM		 2065 *pdata = data;
2066 return res;
6658ffb8
PB		 2067}
2068
66b9b43c
PM		 2069static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2070 uint64_t val, unsigned size,
2071 MemTxAttrs attrs)
6658ffb8 2072{
66b9b43c
PM		 2073 MemTxResult res;
2074
2075 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2076 switch (size) {
67364150 2077 case 1:
66b9b43c 2078 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2079 break;
2080 case 2:
66b9b43c 2081 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2082 break;
2083 case 4:
66b9b43c 2084 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2085 break;
1ec9b909
AK		 2086 default: abort();
2087 }
66b9b43c 2088 return res;
6658ffb8
PB		 2089}
2090
1ec9b909 2091static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2092 .read_with_attrs = watch_mem_read,
2093 .write_with_attrs = watch_mem_write,
1ec9b909 2094 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2095};
6658ffb8 2096
f25a49e0
PM		 2097static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2098 unsigned len, MemTxAttrs attrs)
db7b5426 2099{
acc9d80b 2100 subpage_t *subpage = opaque;
ff6cff75 2101 uint8_t buf[8];
5c9eb028 2102 MemTxResult res;
791af8c8 2103
db7b5426 2104#if defined(DEBUG_SUBPAGE)
016e9d62 2105 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2106 subpage, len, addr);
db7b5426 2107#endif
5c9eb028
PM		 2108 res = address_space_read(subpage->as, addr + subpage->base,
2109 attrs, buf, len);
2110 if (res) {
2111 return res;
f25a49e0 2112 }
acc9d80b
JK		 2113 switch (len) {
2114 case 1:
f25a49e0
PM		 2115 *data = ldub_p(buf);
2116 return MEMTX_OK;
acc9d80b 2117 case 2:
f25a49e0
PM		 2118 *data = lduw_p(buf);
2119 return MEMTX_OK;
acc9d80b 2120 case 4:
f25a49e0
PM		 2121 *data = ldl_p(buf);
2122 return MEMTX_OK;
ff6cff75 2123 case 8:
f25a49e0
PM		 2124 *data = ldq_p(buf);
2125 return MEMTX_OK;
acc9d80b
JK		 2126 default:
2127 abort();
2128 }
db7b5426
BS		 2129}
2130
f25a49e0
PM		 2131static MemTxResult subpage_write(void *opaque, hwaddr addr,
2132 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2133{
acc9d80b 2134 subpage_t *subpage = opaque;
ff6cff75 2135 uint8_t buf[8];
acc9d80b 2136
db7b5426 2137#if defined(DEBUG_SUBPAGE)
016e9d62 2138 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2139 " value %"PRIx64"\n",
2140 __func__, subpage, len, addr, value);
db7b5426 2141#endif
acc9d80b
JK		 2142 switch (len) {
2143 case 1:
2144 stb_p(buf, value);
2145 break;
2146 case 2:
2147 stw_p(buf, value);
2148 break;
2149 case 4:
2150 stl_p(buf, value);
2151 break;
ff6cff75
PB		 2152 case 8:
2153 stq_p(buf, value);
2154 break;
acc9d80b
JK		 2155 default:
2156 abort();
2157 }
5c9eb028
PM		 2158 return address_space_write(subpage->as, addr + subpage->base,
2159 attrs, buf, len);
db7b5426
BS		 2160}
2161
c353e4cc 2162static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2163 unsigned len, bool is_write)
c353e4cc 2164{
acc9d80b 2165 subpage_t *subpage = opaque;
c353e4cc 2166#if defined(DEBUG_SUBPAGE)
016e9d62 2167 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2168 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2169#endif
2170
acc9d80b 2171 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2172 len, is_write);
c353e4cc
PB		 2173}
2174
70c68e44 2175static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2176 .read_with_attrs = subpage_read,
2177 .write_with_attrs = subpage_write,
ff6cff75
PB		 2178 .impl.min_access_size = 1,
2179 .impl.max_access_size = 8,
2180 .valid.min_access_size = 1,
2181 .valid.max_access_size = 8,
c353e4cc 2182 .valid.accepts = subpage_accepts,
70c68e44 2183 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2184};
2185
c227f099 2186static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2187 uint16_t section)
db7b5426
BS		 2188{
2189 int idx, eidx;
2190
2191 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2192 return -1;
2193 idx = SUBPAGE_IDX(start);
2194 eidx = SUBPAGE_IDX(end);
2195#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2196 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2197 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2198#endif
db7b5426 2199 for (; idx <= eidx; idx++) {
5312bd8b 2200 mmio->sub_section[idx] = section;
db7b5426
BS		 2201 }
2202
2203 return 0;
2204}
2205
acc9d80b 2206static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2207{
c227f099 2208 subpage_t *mmio;
db7b5426 2209
7267c094 2210 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2211
acc9d80b 2212 mmio->as = as;
1eec614b 2213 mmio->base = base;
2c9b15ca 2214 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2215 NULL, TARGET_PAGE_SIZE);
b3b00c78 2216 mmio->iomem.subpage = true;
db7b5426 2217#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2218 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2219 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2220#endif
b41aac4f 2221 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2222
2223 return mmio;
2224}
2225
a656e22f
PC		 2226static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2227 MemoryRegion *mr)
5312bd8b 2228{
a656e22f 2229 assert(as);
5312bd8b 2230 MemoryRegionSection section = {
a656e22f 2231 .address_space = as,
5312bd8b
AK		 2232 .mr = mr,
2233 .offset_within_address_space = 0,
2234 .offset_within_region = 0,
052e87b0 2235 .size = int128_2_64(),
5312bd8b
AK		 2236 };
2237
53cb28cb 2238 return phys_section_add(map, &section);
5312bd8b
AK		 2239}
2240
a54c87b6 2241MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2242{
a54c87b6
PM		 2243 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2244 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2245 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2246 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2247
2248 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2249}
2250
e9179ce1
AK		 2251static void io_mem_init(void)
2252{
1f6245e5 2253 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2254 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2255 NULL, UINT64_MAX);
2c9b15ca 2256 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2257 NULL, UINT64_MAX);
2c9b15ca 2258 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2259 NULL, UINT64_MAX);
e9179ce1
AK		 2260}
2261
ac1970fb 2262static void mem_begin(MemoryListener *listener)
00752703
PB		 2263{
2264 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2265 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2266 uint16_t n;
2267
a656e22f 2268 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2269 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2270 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2271 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2272 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2273 assert(n == PHYS_SECTION_ROM);
a656e22f 2274 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2275 assert(n == PHYS_SECTION_WATCH);
00752703 2276
9736e55b 2277 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2278 d->as = as;
2279 as->next_dispatch = d;
2280}
2281
79e2b9ae
PB		 2282static void address_space_dispatch_free(AddressSpaceDispatch *d)
2283{
2284 phys_sections_free(&d->map);
2285 g_free(d);
2286}
2287
00752703 2288static void mem_commit(MemoryListener *listener)
ac1970fb 2289{
89ae337a 2290 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2291 AddressSpaceDispatch *cur = as->dispatch;
2292 AddressSpaceDispatch *next = as->next_dispatch;
2293
53cb28cb 2294 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2295
79e2b9ae 2296 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2297 if (cur) {
79e2b9ae 2298 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2299 }
9affd6fc
PB		 2300}
2301
1d71148e 2302static void tcg_commit(MemoryListener *listener)
50c1e149 2303{
32857f4d
PM		 2304 CPUAddressSpace *cpuas;
2305 AddressSpaceDispatch *d;
117712c3
AK		 2306
2307 /* since each CPU stores ram addresses in its TLB cache, we must
2308 reset the modified entries */
32857f4d
PM		 2309 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2310 cpu_reloading_memory_map();
2311 /* The CPU and TLB are protected by the iothread lock.
2312 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2313 * may have split the RCU critical section.
2314 */
2315 d = atomic_rcu_read(&cpuas->as->dispatch);
2316 cpuas->memory_dispatch = d;
2317 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2318}
2319
ac1970fb
AK		 2320void address_space_init_dispatch(AddressSpace *as)
2321{
00752703 2322 as->dispatch = NULL;
89ae337a 2323 as->dispatch_listener = (MemoryListener) {
ac1970fb 2324 .begin = mem_begin,
00752703 2325 .commit = mem_commit,
ac1970fb
AK		 2326 .region_add = mem_add,
2327 .region_nop = mem_add,
2328 .priority = 0,
2329 };
89ae337a 2330 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2331}
2332
6e48e8f9
PB		 2333void address_space_unregister(AddressSpace *as)
2334{
2335 memory_listener_unregister(&as->dispatch_listener);
2336}
2337
83f3c251
AK		 2338void address_space_destroy_dispatch(AddressSpace *as)
2339{
2340 AddressSpaceDispatch *d = as->dispatch;
2341
79e2b9ae
PB		 2342 atomic_rcu_set(&as->dispatch, NULL);
2343 if (d) {
2344 call_rcu(d, address_space_dispatch_free, rcu);
2345 }
83f3c251
AK		 2346}
2347
62152b8a
AK		 2348static void memory_map_init(void)
2349{
7267c094 2350 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2351
57271d63 2352 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2353 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2354
7267c094 2355 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2356 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2357 65536);
7dca8043 2358 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2359}
2360
2361MemoryRegion *get_system_memory(void)
2362{
2363 return system_memory;
2364}
2365
309cb471
AK		 2366MemoryRegion *get_system_io(void)
2367{
2368 return system_io;
2369}
2370
e2eef170
PB		 2371#endif /* !defined(CONFIG_USER_ONLY) */
2372
13eb76e0
FB		 2373/* physical memory access (slow version, mainly for debug) */
2374#if defined(CONFIG_USER_ONLY)
f17ec444 2375int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2376 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2377{
2378 int l, flags;
2379 target_ulong page;
53a5960a 2380 void * p;
13eb76e0
FB		 2381
2382 while (len > 0) {
2383 page = addr & TARGET_PAGE_MASK;
2384 l = (page + TARGET_PAGE_SIZE) - addr;
2385 if (l > len)
2386 l = len;
2387 flags = page_get_flags(page);
2388 if (!(flags & PAGE_VALID))
a68fe89c 2389 return -1;
13eb76e0
FB		 2390 if (is_write) {
2391 if (!(flags & PAGE_WRITE))
a68fe89c 2392 return -1;
579a97f7 2393 /* XXX: this code should not depend on lock_user */
72fb7daa 2394 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2395 return -1;
72fb7daa
AJ		 2396 memcpy(p, buf, l);
2397 unlock_user(p, addr, l);
13eb76e0
FB		 2398 } else {
2399 if (!(flags & PAGE_READ))
a68fe89c 2400 return -1;
579a97f7 2401 /* XXX: this code should not depend on lock_user */
72fb7daa 2402 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2403 return -1;
72fb7daa 2404 memcpy(buf, p, l);
5b257578 2405 unlock_user(p, addr, 0);
13eb76e0
FB		 2406 }
2407 len -= l;
2408 buf += l;
2409 addr += l;
2410 }
a68fe89c 2411 return 0;
13eb76e0 2412}
8df1cd07 2413
13eb76e0 2414#else
51d7a9eb 2415
845b6214 2416static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2417 hwaddr length)
51d7a9eb 2418{
e87f7778
PB		 2419 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2420 /* No early return if dirty_log_mask is or becomes 0, because
2421 * cpu_physical_memory_set_dirty_range will still call
2422 * xen_modified_memory.
2423 */
2424 if (dirty_log_mask) {
2425 dirty_log_mask =
2426 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2427 }
2428 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2429 tb_invalidate_phys_range(addr, addr + length);
2430 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2431 }
e87f7778 2432 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2433}
2434
23326164 2435static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2436{
e1622f4b 2437 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2438
2439 /* Regions are assumed to support 1-4 byte accesses unless
2440 otherwise specified. */
23326164
RH		 2441 if (access_size_max == 0) {
2442 access_size_max = 4;
2443 }
2444
2445 /* Bound the maximum access by the alignment of the address. */
2446 if (!mr->ops->impl.unaligned) {
2447 unsigned align_size_max = addr & -addr;
2448 if (align_size_max != 0 && align_size_max < access_size_max) {
2449 access_size_max = align_size_max;
2450 }
82f2563f 2451 }
23326164
RH		 2452
2453 /* Don't attempt accesses larger than the maximum. */
2454 if (l > access_size_max) {
2455 l = access_size_max;
82f2563f 2456 }
6554f5c0 2457 l = pow2floor(l);
23326164
RH		 2458
2459 return l;
82f2563f
PB		 2460}
2461
4840f10e 2462static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2463{
4840f10e
JK		 2464 bool unlocked = !qemu_mutex_iothread_locked();
2465 bool release_lock = false;
2466
2467 if (unlocked && mr->global_locking) {
2468 qemu_mutex_lock_iothread();
2469 unlocked = false;
2470 release_lock = true;
2471 }
125b3806 2472 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2473 if (unlocked) {
2474 qemu_mutex_lock_iothread();
2475 }
125b3806 2476 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2477 if (unlocked) {
2478 qemu_mutex_unlock_iothread();
2479 }
125b3806 2480 }
4840f10e
JK		 2481
2482 return release_lock;
125b3806
PB		 2483}
2484
a203ac70
PB		 2485/* Called within RCU critical section. */
2486static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2487 MemTxAttrs attrs,
2488 const uint8_t *buf,
2489 int len, hwaddr addr1,
2490 hwaddr l, MemoryRegion *mr)
13eb76e0 2491{
13eb76e0 2492 uint8_t *ptr;
791af8c8 2493 uint64_t val;
3b643495 2494 MemTxResult result = MEMTX_OK;
4840f10e 2495 bool release_lock = false;
3b46e624 2496
a203ac70 2497 for (;;) {
eb7eeb88
PB		 2498 if (!memory_access_is_direct(mr, true)) {
2499 release_lock |= prepare_mmio_access(mr);
2500 l = memory_access_size(mr, l, addr1);
2501 /* XXX: could force current_cpu to NULL to avoid
2502 potential bugs */
2503 switch (l) {
2504 case 8:
2505 /* 64 bit write access */
2506 val = ldq_p(buf);
2507 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2508 attrs);
2509 break;
2510 case 4:
2511 /* 32 bit write access */
2512 val = ldl_p(buf);
2513 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2514 attrs);
2515 break;
2516 case 2:
2517 /* 16 bit write access */
2518 val = lduw_p(buf);
2519 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2520 attrs);
2521 break;
2522 case 1:
2523 /* 8 bit write access */
2524 val = ldub_p(buf);
2525 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2526 attrs);
2527 break;
2528 default:
2529 abort();
13eb76e0
FB		 2530 }
2531 } else {
eb7eeb88
PB		 2532 addr1 += memory_region_get_ram_addr(mr);
2533 /* RAM case */
2534 ptr = qemu_get_ram_ptr(addr1);
2535 memcpy(ptr, buf, l);
2536 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2537 }
4840f10e
JK		 2538
2539 if (release_lock) {
2540 qemu_mutex_unlock_iothread();
2541 release_lock = false;
2542 }
2543
13eb76e0
FB		 2544 len -= l;
2545 buf += l;
2546 addr += l;
a203ac70
PB		 2547
2548 if (!len) {
2549 break;
2550 }
2551
2552 l = len;
2553 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2554 }
fd8aaa76 2555
3b643495 2556 return result;
13eb76e0 2557}
8df1cd07 2558
a203ac70
PB		 2559MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2560 const uint8_t *buf, int len)
ac1970fb 2561{
eb7eeb88 2562 hwaddr l;
eb7eeb88
PB		 2563 hwaddr addr1;
2564 MemoryRegion *mr;
2565 MemTxResult result = MEMTX_OK;
eb7eeb88 2566
a203ac70
PB		 2567 if (len > 0) {
2568 rcu_read_lock();
eb7eeb88 2569 l = len;
a203ac70
PB		 2570 mr = address_space_translate(as, addr, &addr1, &l, true);
2571 result = address_space_write_continue(as, addr, attrs, buf, len,
2572 addr1, l, mr);
2573 rcu_read_unlock();
2574 }
2575
2576 return result;
2577}
2578
2579/* Called within RCU critical section. */
2580MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2581 MemTxAttrs attrs, uint8_t *buf,
2582 int len, hwaddr addr1, hwaddr l,
2583 MemoryRegion *mr)
2584{
2585 uint8_t *ptr;
2586 uint64_t val;
2587 MemTxResult result = MEMTX_OK;
2588 bool release_lock = false;
eb7eeb88 2589
a203ac70 2590 for (;;) {
eb7eeb88
PB		 2591 if (!memory_access_is_direct(mr, false)) {
2592 /* I/O case */
2593 release_lock |= prepare_mmio_access(mr);
2594 l = memory_access_size(mr, l, addr1);
2595 switch (l) {
2596 case 8:
2597 /* 64 bit read access */
2598 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2599 attrs);
2600 stq_p(buf, val);
2601 break;
2602 case 4:
2603 /* 32 bit read access */
2604 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2605 attrs);
2606 stl_p(buf, val);
2607 break;
2608 case 2:
2609 /* 16 bit read access */
2610 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2611 attrs);
2612 stw_p(buf, val);
2613 break;
2614 case 1:
2615 /* 8 bit read access */
2616 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2617 attrs);
2618 stb_p(buf, val);
2619 break;
2620 default:
2621 abort();
2622 }
2623 } else {
2624 /* RAM case */
2625 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2626 memcpy(buf, ptr, l);
2627 }
2628
2629 if (release_lock) {
2630 qemu_mutex_unlock_iothread();
2631 release_lock = false;
2632 }
2633
2634 len -= l;
2635 buf += l;
2636 addr += l;
a203ac70
PB		 2637
2638 if (!len) {
2639 break;
2640 }
2641
2642 l = len;
2643 mr = address_space_translate(as, addr, &addr1, &l, false);
2644 }
2645
2646 return result;
2647}
2648
3cc8f884
PB		 2649MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2650 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2651{
2652 hwaddr l;
2653 hwaddr addr1;
2654 MemoryRegion *mr;
2655 MemTxResult result = MEMTX_OK;
2656
2657 if (len > 0) {
2658 rcu_read_lock();
2659 l = len;
2660 mr = address_space_translate(as, addr, &addr1, &l, false);
2661 result = address_space_read_continue(as, addr, attrs, buf, len,
2662 addr1, l, mr);
2663 rcu_read_unlock();
eb7eeb88 2664 }
eb7eeb88
PB		 2665
2666 return result;
ac1970fb
AK		 2667}
2668
eb7eeb88
PB		 2669MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2670 uint8_t *buf, int len, bool is_write)
2671{
2672 if (is_write) {
2673 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2674 } else {
2675 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2676 }
2677}
ac1970fb 2678
a8170e5e 2679void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2680 int len, int is_write)
2681{
5c9eb028
PM		 2682 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2683 buf, len, is_write);
ac1970fb
AK		 2684}
2685
582b55a9
AG		 2686enum write_rom_type {
2687 WRITE_DATA,
2688 FLUSH_CACHE,
2689};
2690
2a221651 2691static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2692 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2693{
149f54b5 2694 hwaddr l;
d0ecd2aa 2695 uint8_t *ptr;
149f54b5 2696 hwaddr addr1;
5c8a00ce 2697 MemoryRegion *mr;
3b46e624 2698
41063e1e 2699 rcu_read_lock();
d0ecd2aa 2700 while (len > 0) {
149f54b5 2701 l = len;
2a221651 2702 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2703
5c8a00ce
PB		 2704 if (!(memory_region_is_ram(mr) ||
2705 memory_region_is_romd(mr))) {
b242e0e0 2706 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2707 } else {
5c8a00ce 2708 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2709 /* ROM/RAM case */
5579c7f3 2710 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2711 switch (type) {
2712 case WRITE_DATA:
2713 memcpy(ptr, buf, l);
845b6214 2714 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2715 break;
2716 case FLUSH_CACHE:
2717 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2718 break;
2719 }
d0ecd2aa
FB		 2720 }
2721 len -= l;
2722 buf += l;
2723 addr += l;
2724 }
41063e1e 2725 rcu_read_unlock();
d0ecd2aa
FB		 2726}
2727
582b55a9 2728/* used for ROM loading : can write in RAM and ROM */
2a221651 2729void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2730 const uint8_t *buf, int len)
2731{
2a221651 2732 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2733}
2734
2735void cpu_flush_icache_range(hwaddr start, int len)
2736{
2737 /*
2738 * This function should do the same thing as an icache flush that was
2739 * triggered from within the guest. For TCG we are always cache coherent,
2740 * so there is no need to flush anything. For KVM / Xen we need to flush
2741 * the host's instruction cache at least.
2742 */
2743 if (tcg_enabled()) {
2744 return;
2745 }
2746
2a221651
EI		 2747 cpu_physical_memory_write_rom_internal(&address_space_memory,
2748 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2749}
2750
6d16c2f8 2751typedef struct {
d3e71559 2752 MemoryRegion *mr;
6d16c2f8 2753 void *buffer;
a8170e5e
AK		 2754 hwaddr addr;
2755 hwaddr len;
c2cba0ff 2756 bool in_use;
6d16c2f8
AL		 2757} BounceBuffer;
2758
2759static BounceBuffer bounce;
2760
ba223c29 2761typedef struct MapClient {
e95205e1 2762 QEMUBH *bh;
72cf2d4f 2763 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2764} MapClient;
2765
38e047b5 2766QemuMutex map_client_list_lock;
72cf2d4f
BS		 2767static QLIST_HEAD(map_client_list, MapClient) map_client_list
2768 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2769
e95205e1
FZ		 2770static void cpu_unregister_map_client_do(MapClient *client)
2771{
2772 QLIST_REMOVE(client, link);
2773 g_free(client);
2774}
2775
33b6c2ed
FZ		 2776static void cpu_notify_map_clients_locked(void)
2777{
2778 MapClient *client;
2779
2780 while (!QLIST_EMPTY(&map_client_list)) {
2781 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2782 qemu_bh_schedule(client->bh);
2783 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2784 }
2785}
2786
e95205e1 2787void cpu_register_map_client(QEMUBH *bh)
ba223c29 2788{
7267c094 2789 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2790
38e047b5 2791 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2792 client->bh = bh;
72cf2d4f 2793 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2794 if (!atomic_read(&bounce.in_use)) {
2795 cpu_notify_map_clients_locked();
2796 }
38e047b5 2797 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2798}
2799
38e047b5 2800void cpu_exec_init_all(void)
ba223c29 2801{
38e047b5 2802 qemu_mutex_init(&ram_list.mutex);
38e047b5 2803 io_mem_init();
680a4783 2804 memory_map_init();
38e047b5 2805 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2806}
2807
e95205e1 2808void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2809{
2810 MapClient *client;
2811
e95205e1
FZ		 2812 qemu_mutex_lock(&map_client_list_lock);
2813 QLIST_FOREACH(client, &map_client_list, link) {
2814 if (client->bh == bh) {
2815 cpu_unregister_map_client_do(client);
2816 break;
2817 }
ba223c29 2818 }
e95205e1 2819 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2820}
2821
2822static void cpu_notify_map_clients(void)
2823{
38e047b5 2824 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2825 cpu_notify_map_clients_locked();
38e047b5 2826 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2827}
2828
51644ab7
PB		 2829bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2830{
5c8a00ce 2831 MemoryRegion *mr;
51644ab7
PB		 2832 hwaddr l, xlat;
2833
41063e1e 2834 rcu_read_lock();
51644ab7
PB		 2835 while (len > 0) {
2836 l = len;
5c8a00ce
PB		 2837 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2838 if (!memory_access_is_direct(mr, is_write)) {
2839 l = memory_access_size(mr, l, addr);
2840 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2841 return false;
2842 }
2843 }
2844
2845 len -= l;
2846 addr += l;
2847 }
41063e1e 2848 rcu_read_unlock();
51644ab7
PB		 2849 return true;
2850}
2851
6d16c2f8
AL		 2852/* Map a physical memory region into a host virtual address.
2853 * May map a subset of the requested range, given by and returned in *plen.
2854 * May return NULL if resources needed to perform the mapping are exhausted.
2855 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2856 * Use cpu_register_map_client() to know when retrying the map operation is
2857 * likely to succeed.
6d16c2f8 2858 */
ac1970fb 2859void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2860 hwaddr addr,
2861 hwaddr *plen,
ac1970fb 2862 bool is_write)
6d16c2f8 2863{
a8170e5e 2864 hwaddr len = *plen;
e3127ae0
PB		 2865 hwaddr done = 0;
2866 hwaddr l, xlat, base;
2867 MemoryRegion *mr, *this_mr;
2868 ram_addr_t raddr;
e81bcda5 2869 void *ptr;
6d16c2f8 2870
e3127ae0
PB		 2871 if (len == 0) {
2872 return NULL;
2873 }
38bee5dc 2874
e3127ae0 2875 l = len;
41063e1e 2876 rcu_read_lock();
e3127ae0 2877 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2878
e3127ae0 2879 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2880 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2881 rcu_read_unlock();
e3127ae0 2882 return NULL;
6d16c2f8 2883 }
e85d9db5
KW		 2884 /* Avoid unbounded allocations */
2885 l = MIN(l, TARGET_PAGE_SIZE);
2886 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2887 bounce.addr = addr;
2888 bounce.len = l;
d3e71559
PB		 2889
2890 memory_region_ref(mr);
2891 bounce.mr = mr;
e3127ae0 2892 if (!is_write) {
5c9eb028
PM		 2893 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2894 bounce.buffer, l);
8ab934f9 2895 }
6d16c2f8 2896
41063e1e 2897 rcu_read_unlock();
e3127ae0
PB		 2898 *plen = l;
2899 return bounce.buffer;
2900 }
2901
2902 base = xlat;
2903 raddr = memory_region_get_ram_addr(mr);
2904
2905 for (;;) {
6d16c2f8
AL		 2906 len -= l;
2907 addr += l;
e3127ae0
PB		 2908 done += l;
2909 if (len == 0) {
2910 break;
2911 }
2912
2913 l = len;
2914 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2915 if (this_mr != mr || xlat != base + done) {
2916 break;
2917 }
6d16c2f8 2918 }
e3127ae0 2919
d3e71559 2920 memory_region_ref(mr);
e3127ae0 2921 *plen = done;
e81bcda5
PB		 2922 ptr = qemu_ram_ptr_length(raddr + base, plen);
2923 rcu_read_unlock();
2924
2925 return ptr;
6d16c2f8
AL		 2926}
2927
ac1970fb 2928/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2929 * Will also mark the memory as dirty if is_write == 1. access_len gives
2930 * the amount of memory that was actually read or written by the caller.
2931 */
a8170e5e
AK		 2932void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2933 int is_write, hwaddr access_len)
6d16c2f8
AL		 2934{
2935 if (buffer != bounce.buffer) {
d3e71559
PB		 2936 MemoryRegion *mr;
2937 ram_addr_t addr1;
2938
2939 mr = qemu_ram_addr_from_host(buffer, &addr1);
2940 assert(mr != NULL);
6d16c2f8 2941 if (is_write) {
845b6214 2942 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2943 }
868bb33f 2944 if (xen_enabled()) {
e41d7c69 2945 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2946 }
d3e71559 2947 memory_region_unref(mr);
6d16c2f8
AL		 2948 return;
2949 }
2950 if (is_write) {
5c9eb028
PM		 2951 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2952 bounce.buffer, access_len);
6d16c2f8 2953 }
f8a83245 2954 qemu_vfree(bounce.buffer);
6d16c2f8 2955 bounce.buffer = NULL;
d3e71559 2956 memory_region_unref(bounce.mr);
c2cba0ff 2957 atomic_mb_set(&bounce.in_use, false);
ba223c29 2958 cpu_notify_map_clients();
6d16c2f8 2959}
d0ecd2aa 2960
a8170e5e
AK		 2961void *cpu_physical_memory_map(hwaddr addr,
2962 hwaddr *plen,
ac1970fb
AK		 2963 int is_write)
2964{
2965 return address_space_map(&address_space_memory, addr, plen, is_write);
2966}
2967
a8170e5e
AK		 2968void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2969 int is_write, hwaddr access_len)
ac1970fb
AK		 2970{
2971 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2972}
2973
8df1cd07 2974/* warning: addr must be aligned */
50013115
PM		 2975static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2976 MemTxAttrs attrs,
2977 MemTxResult *result,
2978 enum device_endian endian)
8df1cd07 2979{
8df1cd07 2980 uint8_t *ptr;
791af8c8 2981 uint64_t val;
5c8a00ce 2982 MemoryRegion *mr;
149f54b5
PB		 2983 hwaddr l = 4;
2984 hwaddr addr1;
50013115 2985 MemTxResult r;
4840f10e 2986 bool release_lock = false;
8df1cd07 2987
41063e1e 2988 rcu_read_lock();
fdfba1a2 2989 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2990 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2991 release_lock |= prepare_mmio_access(mr);
125b3806 2992
8df1cd07 2993 /* I/O case */
50013115 2994 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2995#if defined(TARGET_WORDS_BIGENDIAN)
2996 if (endian == DEVICE_LITTLE_ENDIAN) {
2997 val = bswap32(val);
2998 }
2999#else
3000 if (endian == DEVICE_BIG_ENDIAN) {
3001 val = bswap32(val);
3002 }
3003#endif
8df1cd07
FB		 3004 } else {
3005 /* RAM case */
5c8a00ce 3006 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3007 & TARGET_PAGE_MASK)
149f54b5 3008 + addr1);
1e78bcc1
AG		 3009 switch (endian) {
3010 case DEVICE_LITTLE_ENDIAN:
3011 val = ldl_le_p(ptr);
3012 break;
3013 case DEVICE_BIG_ENDIAN:
3014 val = ldl_be_p(ptr);
3015 break;
3016 default:
3017 val = ldl_p(ptr);
3018 break;
3019 }
50013115
PM		 3020 r = MEMTX_OK;
3021 }
3022 if (result) {
3023 *result = r;
8df1cd07 3024 }
4840f10e
JK		 3025 if (release_lock) {
3026 qemu_mutex_unlock_iothread();
3027 }
41063e1e 3028 rcu_read_unlock();
8df1cd07
FB		 3029 return val;
3030}
3031
50013115
PM		 3032uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3033 MemTxAttrs attrs, MemTxResult *result)
3034{
3035 return address_space_ldl_internal(as, addr, attrs, result,
3036 DEVICE_NATIVE_ENDIAN);
3037}
3038
3039uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3040 MemTxAttrs attrs, MemTxResult *result)
3041{
3042 return address_space_ldl_internal(as, addr, attrs, result,
3043 DEVICE_LITTLE_ENDIAN);
3044}
3045
3046uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3047 MemTxAttrs attrs, MemTxResult *result)
3048{
3049 return address_space_ldl_internal(as, addr, attrs, result,
3050 DEVICE_BIG_ENDIAN);
3051}
3052
fdfba1a2 3053uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3054{
50013115 3055 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3056}
3057
fdfba1a2 3058uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3059{
50013115 3060 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3061}
3062
fdfba1a2 3063uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3064{
50013115 3065 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3066}
3067
84b7b8e7 3068/* warning: addr must be aligned */
50013115
PM		 3069static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3070 MemTxAttrs attrs,
3071 MemTxResult *result,
3072 enum device_endian endian)
84b7b8e7 3073{
84b7b8e7
FB		 3074 uint8_t *ptr;
3075 uint64_t val;
5c8a00ce 3076 MemoryRegion *mr;
149f54b5
PB		 3077 hwaddr l = 8;
3078 hwaddr addr1;
50013115 3079 MemTxResult r;
4840f10e 3080 bool release_lock = false;
84b7b8e7 3081
41063e1e 3082 rcu_read_lock();
2c17449b 3083 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3084 false);
3085 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3086 release_lock |= prepare_mmio_access(mr);
125b3806 3087
84b7b8e7 3088 /* I/O case */
50013115 3089 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3090#if defined(TARGET_WORDS_BIGENDIAN)
3091 if (endian == DEVICE_LITTLE_ENDIAN) {
3092 val = bswap64(val);
3093 }
3094#else
3095 if (endian == DEVICE_BIG_ENDIAN) {
3096 val = bswap64(val);
3097 }
84b7b8e7
FB		 3098#endif
3099 } else {
3100 /* RAM case */
5c8a00ce 3101 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3102 & TARGET_PAGE_MASK)
149f54b5 3103 + addr1);
1e78bcc1
AG		 3104 switch (endian) {
3105 case DEVICE_LITTLE_ENDIAN:
3106 val = ldq_le_p(ptr);
3107 break;
3108 case DEVICE_BIG_ENDIAN:
3109 val = ldq_be_p(ptr);
3110 break;
3111 default:
3112 val = ldq_p(ptr);
3113 break;
3114 }
50013115
PM		 3115 r = MEMTX_OK;
3116 }
3117 if (result) {
3118 *result = r;
84b7b8e7 3119 }
4840f10e
JK		 3120 if (release_lock) {
3121 qemu_mutex_unlock_iothread();
3122 }
41063e1e 3123 rcu_read_unlock();
84b7b8e7
FB		 3124 return val;
3125}
3126
50013115
PM		 3127uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3128 MemTxAttrs attrs, MemTxResult *result)
3129{
3130 return address_space_ldq_internal(as, addr, attrs, result,
3131 DEVICE_NATIVE_ENDIAN);
3132}
3133
3134uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3135 MemTxAttrs attrs, MemTxResult *result)
3136{
3137 return address_space_ldq_internal(as, addr, attrs, result,
3138 DEVICE_LITTLE_ENDIAN);
3139}
3140
3141uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3142 MemTxAttrs attrs, MemTxResult *result)
3143{
3144 return address_space_ldq_internal(as, addr, attrs, result,
3145 DEVICE_BIG_ENDIAN);
3146}
3147
2c17449b 3148uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3149{
50013115 3150 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3151}
3152
2c17449b 3153uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3154{
50013115 3155 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3156}
3157
2c17449b 3158uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3159{
50013115 3160 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3161}
3162
aab33094 3163/* XXX: optimize */
50013115
PM		 3164uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3165 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3166{
3167 uint8_t val;
50013115
PM		 3168 MemTxResult r;
3169
3170 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3171 if (result) {
3172 *result = r;
3173 }
aab33094
FB		 3174 return val;
3175}
3176
50013115
PM		 3177uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3178{
3179 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3180}
3181
733f0b02 3182/* warning: addr must be aligned */
50013115
PM		 3183static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3184 hwaddr addr,
3185 MemTxAttrs attrs,
3186 MemTxResult *result,
3187 enum device_endian endian)
aab33094 3188{
733f0b02
MT		 3189 uint8_t *ptr;
3190 uint64_t val;
5c8a00ce 3191 MemoryRegion *mr;
149f54b5
PB		 3192 hwaddr l = 2;
3193 hwaddr addr1;
50013115 3194 MemTxResult r;
4840f10e 3195 bool release_lock = false;
733f0b02 3196
41063e1e 3197 rcu_read_lock();
41701aa4 3198 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3199 false);
3200 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3201 release_lock |= prepare_mmio_access(mr);
125b3806 3202
733f0b02 3203 /* I/O case */
50013115 3204 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3205#if defined(TARGET_WORDS_BIGENDIAN)
3206 if (endian == DEVICE_LITTLE_ENDIAN) {
3207 val = bswap16(val);
3208 }
3209#else
3210 if (endian == DEVICE_BIG_ENDIAN) {
3211 val = bswap16(val);
3212 }
3213#endif
733f0b02
MT		 3214 } else {
3215 /* RAM case */
5c8a00ce 3216 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3217 & TARGET_PAGE_MASK)
149f54b5 3218 + addr1);
1e78bcc1
AG		 3219 switch (endian) {
3220 case DEVICE_LITTLE_ENDIAN:
3221 val = lduw_le_p(ptr);
3222 break;
3223 case DEVICE_BIG_ENDIAN:
3224 val = lduw_be_p(ptr);
3225 break;
3226 default:
3227 val = lduw_p(ptr);
3228 break;
3229 }
50013115
PM		 3230 r = MEMTX_OK;
3231 }
3232 if (result) {
3233 *result = r;
733f0b02 3234 }
4840f10e
JK		 3235 if (release_lock) {
3236 qemu_mutex_unlock_iothread();
3237 }
41063e1e 3238 rcu_read_unlock();
733f0b02 3239 return val;
aab33094
FB		 3240}
3241
50013115
PM		 3242uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3243 MemTxAttrs attrs, MemTxResult *result)
3244{
3245 return address_space_lduw_internal(as, addr, attrs, result,
3246 DEVICE_NATIVE_ENDIAN);
3247}
3248
3249uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3250 MemTxAttrs attrs, MemTxResult *result)
3251{
3252 return address_space_lduw_internal(as, addr, attrs, result,
3253 DEVICE_LITTLE_ENDIAN);
3254}
3255
3256uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3257 MemTxAttrs attrs, MemTxResult *result)
3258{
3259 return address_space_lduw_internal(as, addr, attrs, result,
3260 DEVICE_BIG_ENDIAN);
3261}
3262
41701aa4 3263uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3264{
50013115 3265 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3266}
3267
41701aa4 3268uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3269{
50013115 3270 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3271}
3272
41701aa4 3273uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3274{
50013115 3275 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3276}
3277
8df1cd07
FB		 3278/* warning: addr must be aligned. The ram page is not masked as dirty
3279 and the code inside is not invalidated. It is useful if the dirty
3280 bits are used to track modified PTEs */
50013115
PM		 3281void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3282 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3283{
8df1cd07 3284 uint8_t *ptr;
5c8a00ce 3285 MemoryRegion *mr;
149f54b5
PB		 3286 hwaddr l = 4;
3287 hwaddr addr1;
50013115 3288 MemTxResult r;
845b6214 3289 uint8_t dirty_log_mask;
4840f10e 3290 bool release_lock = false;
8df1cd07 3291
41063e1e 3292 rcu_read_lock();
2198a121 3293 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3294 true);
3295 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3296 release_lock |= prepare_mmio_access(mr);
125b3806 3297
50013115 3298 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3299 } else {
5c8a00ce 3300 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3301 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3302 stl_p(ptr, val);
74576198 3303
845b6214
PB		 3304 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3305 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3306 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3307 r = MEMTX_OK;
3308 }
3309 if (result) {
3310 *result = r;
8df1cd07 3311 }
4840f10e
JK		 3312 if (release_lock) {
3313 qemu_mutex_unlock_iothread();
3314 }
41063e1e 3315 rcu_read_unlock();
8df1cd07
FB		 3316}
3317
50013115
PM		 3318void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3319{
3320 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3321}
3322
8df1cd07 3323/* warning: addr must be aligned */
50013115
PM		 3324static inline void address_space_stl_internal(AddressSpace *as,
3325 hwaddr addr, uint32_t val,
3326 MemTxAttrs attrs,
3327 MemTxResult *result,
3328 enum device_endian endian)
8df1cd07 3329{
8df1cd07 3330 uint8_t *ptr;
5c8a00ce 3331 MemoryRegion *mr;
149f54b5
PB		 3332 hwaddr l = 4;
3333 hwaddr addr1;
50013115 3334 MemTxResult r;
4840f10e 3335 bool release_lock = false;
8df1cd07 3336
41063e1e 3337 rcu_read_lock();
ab1da857 3338 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3339 true);
3340 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3341 release_lock |= prepare_mmio_access(mr);
125b3806 3342
1e78bcc1
AG		 3343#if defined(TARGET_WORDS_BIGENDIAN)
3344 if (endian == DEVICE_LITTLE_ENDIAN) {
3345 val = bswap32(val);
3346 }
3347#else
3348 if (endian == DEVICE_BIG_ENDIAN) {
3349 val = bswap32(val);
3350 }
3351#endif
50013115 3352 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3353 } else {
8df1cd07 3354 /* RAM case */
5c8a00ce 3355 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3356 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3357 switch (endian) {
3358 case DEVICE_LITTLE_ENDIAN:
3359 stl_le_p(ptr, val);
3360 break;
3361 case DEVICE_BIG_ENDIAN:
3362 stl_be_p(ptr, val);
3363 break;
3364 default:
3365 stl_p(ptr, val);
3366 break;
3367 }
845b6214 3368 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3369 r = MEMTX_OK;
3370 }
3371 if (result) {
3372 *result = r;
8df1cd07 3373 }
4840f10e
JK		 3374 if (release_lock) {
3375 qemu_mutex_unlock_iothread();
3376 }
41063e1e 3377 rcu_read_unlock();
8df1cd07
FB		 3378}
3379
50013115
PM		 3380void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3381 MemTxAttrs attrs, MemTxResult *result)
3382{
3383 address_space_stl_internal(as, addr, val, attrs, result,
3384 DEVICE_NATIVE_ENDIAN);
3385}
3386
3387void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3388 MemTxAttrs attrs, MemTxResult *result)
3389{
3390 address_space_stl_internal(as, addr, val, attrs, result,
3391 DEVICE_LITTLE_ENDIAN);
3392}
3393
3394void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3395 MemTxAttrs attrs, MemTxResult *result)
3396{
3397 address_space_stl_internal(as, addr, val, attrs, result,
3398 DEVICE_BIG_ENDIAN);
3399}
3400
ab1da857 3401void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3402{
50013115 3403 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3404}
3405
ab1da857 3406void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3407{
50013115 3408 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3409}
3410
ab1da857 3411void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3412{
50013115 3413 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3414}
3415
aab33094 3416/* XXX: optimize */
50013115
PM		 3417void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3418 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3419{
3420 uint8_t v = val;
50013115
PM		 3421 MemTxResult r;
3422
3423 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3424 if (result) {
3425 *result = r;
3426 }
3427}
3428
3429void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3430{
3431 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3432}
3433
733f0b02 3434/* warning: addr must be aligned */
50013115
PM		 3435static inline void address_space_stw_internal(AddressSpace *as,
3436 hwaddr addr, uint32_t val,
3437 MemTxAttrs attrs,
3438 MemTxResult *result,
3439 enum device_endian endian)
aab33094 3440{
733f0b02 3441 uint8_t *ptr;
5c8a00ce 3442 MemoryRegion *mr;
149f54b5
PB		 3443 hwaddr l = 2;
3444 hwaddr addr1;
50013115 3445 MemTxResult r;
4840f10e 3446 bool release_lock = false;
733f0b02 3447
41063e1e 3448 rcu_read_lock();
5ce5944d 3449 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3450 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3451 release_lock |= prepare_mmio_access(mr);
125b3806 3452
1e78bcc1
AG		 3453#if defined(TARGET_WORDS_BIGENDIAN)
3454 if (endian == DEVICE_LITTLE_ENDIAN) {
3455 val = bswap16(val);
3456 }
3457#else
3458 if (endian == DEVICE_BIG_ENDIAN) {
3459 val = bswap16(val);
3460 }
3461#endif
50013115 3462 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3463 } else {
733f0b02 3464 /* RAM case */
5c8a00ce 3465 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3466 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3467 switch (endian) {
3468 case DEVICE_LITTLE_ENDIAN:
3469 stw_le_p(ptr, val);
3470 break;
3471 case DEVICE_BIG_ENDIAN:
3472 stw_be_p(ptr, val);
3473 break;
3474 default:
3475 stw_p(ptr, val);
3476 break;
3477 }
845b6214 3478 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3479 r = MEMTX_OK;
3480 }
3481 if (result) {
3482 *result = r;
733f0b02 3483 }
4840f10e
JK		 3484 if (release_lock) {
3485 qemu_mutex_unlock_iothread();
3486 }
41063e1e 3487 rcu_read_unlock();
aab33094
FB		 3488}
3489
50013115
PM		 3490void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3491 MemTxAttrs attrs, MemTxResult *result)
3492{
3493 address_space_stw_internal(as, addr, val, attrs, result,
3494 DEVICE_NATIVE_ENDIAN);
3495}
3496
3497void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3498 MemTxAttrs attrs, MemTxResult *result)
3499{
3500 address_space_stw_internal(as, addr, val, attrs, result,
3501 DEVICE_LITTLE_ENDIAN);
3502}
3503
3504void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3505 MemTxAttrs attrs, MemTxResult *result)
3506{
3507 address_space_stw_internal(as, addr, val, attrs, result,
3508 DEVICE_BIG_ENDIAN);
3509}
3510
5ce5944d 3511void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3512{
50013115 3513 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3514}
3515
5ce5944d 3516void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3517{
50013115 3518 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3519}
3520
5ce5944d 3521void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3522{
50013115 3523 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3524}
3525
aab33094 3526/* XXX: optimize */
50013115
PM		 3527void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3528 MemTxAttrs attrs, MemTxResult *result)
aab33094 3529{
50013115 3530 MemTxResult r;
aab33094 3531 val = tswap64(val);
50013115
PM		 3532 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3533 if (result) {
3534 *result = r;
3535 }
aab33094
FB		 3536}
3537
50013115
PM		 3538void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3539 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3540{
50013115 3541 MemTxResult r;
1e78bcc1 3542 val = cpu_to_le64(val);
50013115
PM		 3543 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3544 if (result) {
3545 *result = r;
3546 }
3547}
3548void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3549 MemTxAttrs attrs, MemTxResult *result)
3550{
3551 MemTxResult r;
3552 val = cpu_to_be64(val);
3553 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3554 if (result) {
3555 *result = r;
3556 }
3557}
3558
3559void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3560{
3561 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3562}
3563
3564void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3565{
3566 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3567}
3568
f606604f 3569void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3570{
50013115 3571 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3572}
3573
5e2972fd 3574/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3575int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3576 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3577{
3578 int l;
a8170e5e 3579 hwaddr phys_addr;
9b3c35e0 3580 target_ulong page;
13eb76e0
FB		 3581
3582 while (len > 0) {
3583 page = addr & TARGET_PAGE_MASK;
f17ec444 3584 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3585 /* if no physical page mapped, return an error */
3586 if (phys_addr == -1)
3587 return -1;
3588 l = (page + TARGET_PAGE_SIZE) - addr;
3589 if (l > len)
3590 l = len;
5e2972fd 3591 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3592 if (is_write) {
3593 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3594 } else {
5c9eb028
PM		 3595 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3596 buf, l, 0);
2e38847b 3597 }
13eb76e0
FB		 3598 len -= l;
3599 buf += l;
3600 addr += l;
3601 }
3602 return 0;
3603}
038629a6
DDAG		 3604
3605/*
3606 * Allows code that needs to deal with migration bitmaps etc to still be built
3607 * target independent.
3608 */
3609size_t qemu_target_page_bits(void)
3610{
3611 return TARGET_PAGE_BITS;
3612}
3613
a68fe89c 3614#endif
13eb76e0 3615
8e4a424b
BS		 3616/*
3617 * A helper function for the _utterly broken_ virtio device model to find out if
3618 * it's running on a big endian machine. Don't do this at home kids!
3619 */
98ed8ecf
GK		 3620bool target_words_bigendian(void);
3621bool target_words_bigendian(void)
8e4a424b
BS		 3622{
3623#if defined(TARGET_WORDS_BIGENDIAN)
3624 return true;
3625#else
3626 return false;
3627#endif
3628}
3629
76f35538 3630#ifndef CONFIG_USER_ONLY
a8170e5e 3631bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3632{
5c8a00ce 3633 MemoryRegion*mr;
149f54b5 3634 hwaddr l = 1;
41063e1e 3635 bool res;
76f35538 3636
41063e1e 3637 rcu_read_lock();
5c8a00ce
PB		 3638 mr = address_space_translate(&address_space_memory,
3639 phys_addr, &phys_addr, &l, false);
76f35538 3640
41063e1e
PB		 3641 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3642 rcu_read_unlock();
3643 return res;
76f35538 3644}
bd2fa51f 3645
e3807054 3646int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3647{
3648 RAMBlock *block;
e3807054 3649 int ret = 0;
bd2fa51f 3650
0dc3f44a
MD		 3651 rcu_read_lock();
3652 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3653 ret = func(block->idstr, block->host, block->offset,
3654 block->used_length, opaque);
3655 if (ret) {
3656 break;
3657 }
bd2fa51f 3658 }
0dc3f44a 3659 rcu_read_unlock();
e3807054 3660 return ret;
bd2fa51f 3661}
ec3f8c99 3662#endif
Empty description
This page took 1.546718 seconds and 4 git commands to generate.