]> Git Repo - qemu.git/blame - accel/tcg/translate-all.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
accel/tcg: Support split-wx for linux with memfd
[qemu.git] / accel / tcg / translate-all.c
CommitLineData
d19893da
FB		 1/*
2 * Host code generation
5fafdf24 3 *
d19893da
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
fb0343d5 9 * version 2.1 of the License, or (at your option) any later version.
d19893da
FB		 10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
d19893da 18 */
14a48c1d 19
7b31bbc2 20#include "qemu/osdep.h"
a2fa63a8 21#include "qemu/units.h"
a8d25326 22#include "qemu-common.h"
d19893da 23
af5ad107 24#define NO_CPU_IO_DEFS
d3eead2e 25#include "cpu.h"
244f1441 26#include "trace.h"
76cad711 27#include "disas/disas.h"
63c91552 28#include "exec/exec-all.h"
dcb32f1d 29#include "tcg/tcg.h"
5b6dd868
BS		 30#if defined(CONFIG_USER_ONLY)
31#include "qemu.h"
32#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
33#include <sys/param.h>
34#if __FreeBSD_version >= 700104
35#define HAVE_KINFO_GETVMMAP
36#define sigqueue sigqueue_freebsd /* avoid redefinition */
5b6dd868
BS		 37#include <sys/proc.h>
38#include <machine/profile.h>
39#define _KERNEL
40#include <sys/user.h>
41#undef _KERNEL
42#undef sigqueue
43#include <libutil.h>
44#endif
45#endif
0bc3cd62 46#else
8bca9a03 47#include "exec/ram_addr.h"
5b6dd868
BS		 48#endif
49
022c62cb 50#include "exec/cputlb.h"
e1b89321 51#include "exec/tb-hash.h"
3b9bd3f4 52#include "exec/translate-all.h"
510a647f 53#include "qemu/bitmap.h"
61a67f71 54#include "qemu/error-report.h"
3de2faa9 55#include "qemu/qemu-print.h"
0aa09897 56#include "qemu/timer.h"
8d04fb55 57#include "qemu/main-loop.h"
508127e2 58#include "exec/log.h"
d2528bdc 59#include "sysemu/cpus.h"
740b1759 60#include "sysemu/cpu-timers.h"
14a48c1d 61#include "sysemu/tcg.h"
6bc14423 62#include "qapi/error.h"
5b6dd868 63
955939a2
AB		 64/* #define DEBUG_TB_INVALIDATE */
65/* #define DEBUG_TB_FLUSH */
5b6dd868 66/* make various TB consistency checks */
955939a2 67/* #define DEBUG_TB_CHECK */
5b6dd868 68
dae9e03a
EC		 69#ifdef DEBUG_TB_INVALIDATE
70#define DEBUG_TB_INVALIDATE_GATE 1
71#else
72#define DEBUG_TB_INVALIDATE_GATE 0
73#endif
74
424079c1
EC		 75#ifdef DEBUG_TB_FLUSH
76#define DEBUG_TB_FLUSH_GATE 1
77#else
78#define DEBUG_TB_FLUSH_GATE 0
79#endif
80
5b6dd868
BS		 81#if !defined(CONFIG_USER_ONLY)
82/* TB consistency checks only implemented for usermode emulation. */
83#undef DEBUG_TB_CHECK
84#endif
85
6eb062ab
EC		 86#ifdef DEBUG_TB_CHECK
87#define DEBUG_TB_CHECK_GATE 1
88#else
89#define DEBUG_TB_CHECK_GATE 0
90#endif
91
301e40ed 92/* Access to the various translations structures need to be serialised via locks
0ac20318
EC		 93 * for consistency.
94 * In user-mode emulation access to the memory related structures are protected
95 * with mmap_lock.
96 * In !user-mode we use per-page locks.
301e40ed 97 */
301e40ed 98#ifdef CONFIG_SOFTMMU
0ac20318 99#define assert_memory_lock()
301e40ed 100#else
6ac3d7e8 101#define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
301e40ed
AB		 102#endif
103
5b6dd868
BS		 104#define SMC_BITMAP_USE_THRESHOLD 10
105
5b6dd868
BS		 106typedef struct PageDesc {
107 /* list of TBs intersecting this ram page */
1e05197f 108 uintptr_t first_tb;
6fad459c 109#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 110 /* in order to optimize self modifying code, we count the number
111 of lookups we do to a given page to use a bitmap */
510a647f 112 unsigned long *code_bitmap;
94da9aec 113 unsigned int code_write_count;
6fad459c 114#else
5b6dd868
BS		 115 unsigned long flags;
116#endif
0b5c91f7
EC		 117#ifndef CONFIG_USER_ONLY
118 QemuSpin lock;
119#endif
5b6dd868
BS		 120} PageDesc;
121
0b5c91f7
EC		 122/**
123 * struct page_entry - page descriptor entry
124 * @pd: pointer to the &struct PageDesc of the page this entry represents
125 * @index: page index of the page
126 * @locked: whether the page is locked
127 *
128 * This struct helps us keep track of the locked state of a page, without
129 * bloating &struct PageDesc.
130 *
131 * A page lock protects accesses to all fields of &struct PageDesc.
132 *
133 * See also: &struct page_collection.
134 */
135struct page_entry {
136 PageDesc *pd;
137 tb_page_addr_t index;
138 bool locked;
139};
140
141/**
142 * struct page_collection - tracks a set of pages (i.e. &struct page_entry's)
143 * @tree: Binary search tree (BST) of the pages, with key == page index
144 * @max: Pointer to the page in @tree with the highest page index
145 *
146 * To avoid deadlock we lock pages in ascending order of page index.
147 * When operating on a set of pages, we need to keep track of them so that
148 * we can lock them in order and also unlock them later. For this we collect
149 * pages (i.e. &struct page_entry's) in a binary search @tree. Given that the
150 * @tree implementation we use does not provide an O(1) operation to obtain the
151 * highest-ranked element, we use @max to keep track of the inserted page
152 * with the highest index. This is valuable because if a page is not in
153 * the tree and its index is higher than @max's, then we can lock it
154 * without breaking the locking order rule.
155 *
156 * Note on naming: 'struct page_set' would be shorter, but we already have a few
157 * page_set_*() helpers, so page_collection is used instead to avoid confusion.
158 *
159 * See also: page_collection_lock().
160 */
161struct page_collection {
162 GTree *tree;
163 struct page_entry *max;
164};
165
1e05197f
EC		 166/* list iterators for lists of tagged pointers in TranslationBlock */
167#define TB_FOR_EACH_TAGGED(head, tb, n, field) \
168 for (n = (head) & 1, tb = (TranslationBlock *)((head) & ~1); \
169 tb; tb = (TranslationBlock *)tb->field[n], n = (uintptr_t)tb & 1, \
170 tb = (TranslationBlock *)((uintptr_t)tb & ~1))
171
172#define PAGE_FOR_EACH_TB(pagedesc, tb, n) \
173 TB_FOR_EACH_TAGGED((pagedesc)->first_tb, tb, n, page_next)
174
194125e3
EC		 175#define TB_FOR_EACH_JMP(head_tb, tb, n) \
176 TB_FOR_EACH_TAGGED((head_tb)->jmp_list_head, tb, n, jmp_list_next)
177
7d8cbbab
RH		 178/*
179 * In system mode we want L1_MAP to be based on ram offsets,
180 * while in user mode we want it to be based on virtual addresses.
181 *
182 * TODO: For user mode, see the caveat re host vs guest virtual
183 * address spaces near GUEST_ADDR_MAX.
184 */
5b6dd868
BS		 185#if !defined(CONFIG_USER_ONLY)
186#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
187# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
188#else
189# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
190#endif
191#else
7d8cbbab 192# define L1_MAP_ADDR_SPACE_BITS MIN(HOST_LONG_BITS, TARGET_ABI_BITS)
5b6dd868
BS		 193#endif
194
03f49957
PB		 195/* Size of the L2 (and L3, etc) page tables. */
196#define V_L2_BITS 10
197#define V_L2_SIZE (1 << V_L2_BITS)
198
61a67f71
LV		 199/* Make sure all possible CPU event bits fit in tb->trace_vcpu_dstate */
200QEMU_BUILD_BUG_ON(CPU_TRACE_DSTATE_MAX_EVENTS >
f18793b0 201 sizeof_field(TranslationBlock, trace_vcpu_dstate)
61a67f71
LV		 202 * BITS_PER_BYTE);
203
66ec9f49
VK		 204/*
205 * L1 Mapping properties
206 */
207static int v_l1_size;
208static int v_l1_shift;
209static int v_l2_levels;
210
211/* The bottom level has pointers to PageDesc, and is indexed by
212 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
213 */
214#define V_L1_MIN_BITS 4
215#define V_L1_MAX_BITS (V_L2_BITS + 3)
216#define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
217
218static void *l1_map[V_L1_MAX_SIZE];
5b6dd868 219
57fec1fe 220/* code generation context */
b1311c4a 221TCGContext tcg_init_ctx;
3468b59e 222__thread TCGContext *tcg_ctx;
44ded3d0 223TBContext tb_ctx;
fdbc2b57 224bool parallel_cpus;
d19893da 225
66ec9f49
VK		 226static void page_table_config_init(void)
227{
228 uint32_t v_l1_bits;
229
230 assert(TARGET_PAGE_BITS);
231 /* The bits remaining after N lower levels of page tables. */
232 v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS;
233 if (v_l1_bits < V_L1_MIN_BITS) {
234 v_l1_bits += V_L2_BITS;
235 }
236
237 v_l1_size = 1 << v_l1_bits;
238 v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits;
239 v_l2_levels = v_l1_shift / V_L2_BITS - 1;
240
241 assert(v_l1_bits <= V_L1_MAX_BITS);
242 assert(v_l1_shift % V_L2_BITS == 0);
243 assert(v_l2_levels >= 0);
244}
245
57fec1fe
FB		 246void cpu_gen_init(void)
247{
b1311c4a 248 tcg_context_init(&tcg_init_ctx);
57fec1fe
FB		 249}
250
fca8a500
RH		 251/* Encode VAL as a signed leb128 sequence at P.
252 Return P incremented past the encoded value. */
253static uint8_t *encode_sleb128(uint8_t *p, target_long val)
254{
255 int more, byte;
256
257 do {
258 byte = val & 0x7f;
259 val >>= 7;
260 more = !((val == 0 && (byte & 0x40) == 0)
261 || (val == -1 && (byte & 0x40) != 0));
262 if (more) {
263 byte |= 0x80;
264 }
265 *p++ = byte;
266 } while (more);
267
268 return p;
269}
270
271/* Decode a signed leb128 sequence at *PP; increment *PP past the
272 decoded value. Return the decoded value. */
db0c51a3 273static target_long decode_sleb128(const uint8_t **pp)
fca8a500 274{
db0c51a3 275 const uint8_t *p = *pp;
fca8a500
RH		 276 target_long val = 0;
277 int byte, shift = 0;
278
279 do {
280 byte = *p++;
281 val |= (target_ulong)(byte & 0x7f) << shift;
282 shift += 7;
283 } while (byte & 0x80);
284 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
285 val |= -(target_ulong)1 << shift;
286 }
287
288 *pp = p;
289 return val;
290}
291
292/* Encode the data collected about the instructions while compiling TB.
293 Place the data at BLOCK, and return the number of bytes consumed.
294
55bbc861 295 The logical table consists of TARGET_INSN_START_WORDS target_ulong's,
fca8a500
RH		 296 which come from the target's insn_start data, followed by a uintptr_t
297 which comes from the host pc of the end of the code implementing the insn.
298
299 Each line of the table is encoded as sleb128 deltas from the previous
e7e168f4 300 line. The seed for the first line is { tb->pc, 0..., tb->tc.ptr }.
fca8a500
RH		 301 That is, the first column is seeded with the guest pc, the last column
302 with the host pc, and the middle columns with zeros. */
303
304static int encode_search(TranslationBlock *tb, uint8_t *block)
305{
b1311c4a 306 uint8_t *highwater = tcg_ctx->code_gen_highwater;
fca8a500
RH		 307 uint8_t *p = block;
308 int i, j, n;
309
fca8a500
RH		 310 for (i = 0, n = tb->icount; i < n; ++i) {
311 target_ulong prev;
312
313 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
314 if (i == 0) {
315 prev = (j == 0 ? tb->pc : 0);
316 } else {
b1311c4a 317 prev = tcg_ctx->gen_insn_data[i - 1][j];
fca8a500 318 }
b1311c4a 319 p = encode_sleb128(p, tcg_ctx->gen_insn_data[i][j] - prev);
fca8a500 320 }
b1311c4a
EC		 321 prev = (i == 0 ? 0 : tcg_ctx->gen_insn_end_off[i - 1]);
322 p = encode_sleb128(p, tcg_ctx->gen_insn_end_off[i] - prev);
b125f9dc
RH		 323
324 /* Test for (pending) buffer overflow. The assumption is that any
325 one row beginning below the high water mark cannot overrun
326 the buffer completely. Thus we can test for overflow after
327 encoding a row without having to check during encoding. */
328 if (unlikely(p > highwater)) {
329 return -1;
330 }
fca8a500
RH		 331 }
332
333 return p - block;
334}
335
7d7500d9 336/* The cpu state corresponding to 'searched_pc' is restored.
afd46fca
PD		 337 * When reset_icount is true, current TB will be interrupted and
338 * icount should be recalculated.
7d7500d9 339 */
74f10515 340static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
afd46fca 341 uintptr_t searched_pc, bool reset_icount)
d19893da 342{
fca8a500 343 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
e7e168f4 344 uintptr_t host_pc = (uintptr_t)tb->tc.ptr;
74f10515 345 CPUArchState *env = cpu->env_ptr;
db0c51a3 346 const uint8_t *p = tb->tc.ptr + tb->tc.size;
fca8a500 347 int i, j, num_insns = tb->icount;
57fec1fe 348#ifdef CONFIG_PROFILER
c3fac113 349 TCGProfile *prof = &tcg_ctx->prof;
fca8a500 350 int64_t ti = profile_getclock();
57fec1fe
FB		 351#endif
352
01ecaf43
RH		 353 searched_pc -= GETPC_ADJ;
354
fca8a500
RH		 355 if (searched_pc < host_pc) {
356 return -1;
357 }
d19893da 358
fca8a500
RH		 359 /* Reconstruct the stored insn data while looking for the point at
360 which the end of the insn exceeds the searched_pc. */
361 for (i = 0; i < num_insns; ++i) {
362 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
363 data[j] += decode_sleb128(&p);
364 }
365 host_pc += decode_sleb128(&p);
366 if (host_pc > searched_pc) {
367 goto found;
368 }
369 }
370 return -1;
3b46e624 371
fca8a500 372 found:
194125e3 373 if (reset_icount && (tb_cflags(tb) & CF_USE_ICOUNT)) {
740b1759 374 assert(icount_enabled());
afd46fca
PD		 375 /* Reset the cycle counter to the start of the block
376 and shift if to the number of actually executed instructions */
5e140196 377 cpu_neg(cpu)->icount_decr.u16.low += num_insns - i;
2e70f6ef 378 }
fca8a500 379 restore_state_to_opc(env, tb, data);
57fec1fe
FB		 380
381#ifdef CONFIG_PROFILER
d73415a3 382 qatomic_set(&prof->restore_time,
c3fac113 383 prof->restore_time + profile_getclock() - ti);
d73415a3 384 qatomic_set(&prof->restore_count, prof->restore_count + 1);
57fec1fe 385#endif
d19893da
FB		 386 return 0;
387}
5b6dd868 388
938e897a
EC		 389void tb_destroy(TranslationBlock *tb)
390{
391 qemu_spin_destroy(&tb->jmp_lock);
392}
393
afd46fca 394bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
a8a826a3 395{
4846cd37 396 /*
db0c51a3 397 * The host_pc has to be in the rx region of the code buffer.
4846cd37
RH		 398 * If it is not we will not be able to resolve it here.
399 * The two cases where host_pc will not be correct are:
d25f2a72
AB		 400 *
401 * - fault during translation (instruction fetch)
402 * - fault from helper (not using GETPC() macro)
403 *
0ac20318 404 * Either way we need return early as we can't resolve it here.
d8b2239b 405 */
db0c51a3 406 if (in_code_gen_buffer((const void *)(host_pc - tcg_splitwx_diff))) {
4846cd37 407 TranslationBlock *tb = tcg_tb_lookup(host_pc);
d25f2a72 408 if (tb) {
afd46fca 409 cpu_restore_state_from_tb(cpu, tb, host_pc, will_exit);
194125e3 410 if (tb_cflags(tb) & CF_NOCACHE) {
d25f2a72
AB		 411 /* one-shot translation, invalidate it immediately */
412 tb_phys_invalidate(tb, -1);
be2cdc5e 413 tcg_tb_remove(tb);
938e897a 414 tb_destroy(tb);
d25f2a72 415 }
4846cd37 416 return true;
d8a499f1 417 }
a8a826a3 418 }
4846cd37 419 return false;
a8a826a3
BS		 420}
421
47c16ed5
AK		 422static void page_init(void)
423{
424 page_size_init();
66ec9f49
VK		 425 page_table_config_init();
426
5b6dd868
BS		 427#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
428 {
429#ifdef HAVE_KINFO_GETVMMAP
430 struct kinfo_vmentry *freep;
431 int i, cnt;
432
433 freep = kinfo_getvmmap(getpid(), &cnt);
434 if (freep) {
435 mmap_lock();
436 for (i = 0; i < cnt; i++) {
437 unsigned long startaddr, endaddr;
438
439 startaddr = freep[i].kve_start;
440 endaddr = freep[i].kve_end;
441 if (h2g_valid(startaddr)) {
442 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
443
444 if (h2g_valid(endaddr)) {
445 endaddr = h2g(endaddr);
446 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
447 } else {
448#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
449 endaddr = ~0ul;
450 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
451#endif
452 }
453 }
454 }
455 free(freep);
456 mmap_unlock();
457 }
458#else
459 FILE *f;
460
461 last_brk = (unsigned long)sbrk(0);
462
463 f = fopen("/compat/linux/proc/self/maps", "r");
464 if (f) {
465 mmap_lock();
466
467 do {
468 unsigned long startaddr, endaddr;
469 int n;
470
471 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
472
473 if (n == 2 && h2g_valid(startaddr)) {
474 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
475
476 if (h2g_valid(endaddr)) {
477 endaddr = h2g(endaddr);
478 } else {
479 endaddr = ~0ul;
480 }
481 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
482 }
483 } while (!feof(f));
484
485 fclose(f);
486 mmap_unlock();
487 }
488#endif
489 }
490#endif
491}
492
493static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
494{
495 PageDesc *pd;
496 void **lp;
497 int i;
498
5b6dd868 499 /* Level 1. Always allocated. */
66ec9f49 500 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
5b6dd868
BS		 501
502 /* Level 2..N-1. */
66ec9f49 503 for (i = v_l2_levels; i > 0; i--) {
d73415a3 504 void **p = qatomic_rcu_read(lp);
5b6dd868
BS		 505
506 if (p == NULL) {
78722ed0
EC		 507 void *existing;
508
5b6dd868
BS		 509 if (!alloc) {
510 return NULL;
511 }
e3a0abfd 512 p = g_new0(void *, V_L2_SIZE);
d73415a3 513 existing = qatomic_cmpxchg(lp, NULL, p);
78722ed0
EC		 514 if (unlikely(existing)) {
515 g_free(p);
516 p = existing;
517 }
5b6dd868
BS		 518 }
519
03f49957 520 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
5b6dd868
BS		 521 }
522
d73415a3 523 pd = qatomic_rcu_read(lp);
5b6dd868 524 if (pd == NULL) {
78722ed0
EC		 525 void *existing;
526
5b6dd868
BS		 527 if (!alloc) {
528 return NULL;
529 }
e3a0abfd 530 pd = g_new0(PageDesc, V_L2_SIZE);
0b5c91f7
EC		 531#ifndef CONFIG_USER_ONLY
532 {
533 int i;
534
535 for (i = 0; i < V_L2_SIZE; i++) {
536 qemu_spin_init(&pd[i].lock);
537 }
538 }
539#endif
d73415a3 540 existing = qatomic_cmpxchg(lp, NULL, pd);
78722ed0 541 if (unlikely(existing)) {
3f640eb8
EC		 542#ifndef CONFIG_USER_ONLY
543 {
544 int i;
545
546 for (i = 0; i < V_L2_SIZE; i++) {
547 qemu_spin_destroy(&pd[i].lock);
548 }
549 }
550#endif
78722ed0
EC		 551 g_free(pd);
552 pd = existing;
553 }
5b6dd868
BS		 554 }
555
03f49957 556 return pd + (index & (V_L2_SIZE - 1));
5b6dd868
BS		 557}
558
559static inline PageDesc *page_find(tb_page_addr_t index)
560{
561 return page_find_alloc(index, 0);
562}
563
0b5c91f7
EC		 564static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1,
565 PageDesc **ret_p2, tb_page_addr_t phys2, int alloc);
566
567/* In user-mode page locks aren't used; mmap_lock is enough */
568#ifdef CONFIG_USER_ONLY
6d9abf85
EC		 569
570#define assert_page_locked(pd) tcg_debug_assert(have_mmap_lock())
571
0b5c91f7
EC		 572static inline void page_lock(PageDesc *pd)
573{ }
574
575static inline void page_unlock(PageDesc *pd)
576{ }
577
578static inline void page_lock_tb(const TranslationBlock *tb)
579{ }
580
581static inline void page_unlock_tb(const TranslationBlock *tb)
582{ }
583
584struct page_collection *
585page_collection_lock(tb_page_addr_t start, tb_page_addr_t end)
586{
587 return NULL;
588}
589
590void page_collection_unlock(struct page_collection *set)
591{ }
592#else /* !CONFIG_USER_ONLY */
593
6d9abf85
EC		 594#ifdef CONFIG_DEBUG_TCG
595
596static __thread GHashTable *ht_pages_locked_debug;
597
598static void ht_pages_locked_debug_init(void)
599{
600 if (ht_pages_locked_debug) {
601 return;
602 }
603 ht_pages_locked_debug = g_hash_table_new(NULL, NULL);
604}
605
606static bool page_is_locked(const PageDesc *pd)
607{
608 PageDesc *found;
609
610 ht_pages_locked_debug_init();
611 found = g_hash_table_lookup(ht_pages_locked_debug, pd);
612 return !!found;
613}
614
615static void page_lock__debug(PageDesc *pd)
616{
617 ht_pages_locked_debug_init();
618 g_assert(!page_is_locked(pd));
619 g_hash_table_insert(ht_pages_locked_debug, pd, pd);
620}
621
622static void page_unlock__debug(const PageDesc *pd)
623{
624 bool removed;
625
626 ht_pages_locked_debug_init();
627 g_assert(page_is_locked(pd));
628 removed = g_hash_table_remove(ht_pages_locked_debug, pd);
629 g_assert(removed);
630}
631
632static void
633do_assert_page_locked(const PageDesc *pd, const char *file, int line)
634{
635 if (unlikely(!page_is_locked(pd))) {
636 error_report("assert_page_lock: PageDesc %p not locked @ %s:%d",
637 pd, file, line);
638 abort();
639 }
640}
641
642#define assert_page_locked(pd) do_assert_page_locked(pd, __FILE__, __LINE__)
643
faa9372c
EC		 644void assert_no_pages_locked(void)
645{
646 ht_pages_locked_debug_init();
647 g_assert(g_hash_table_size(ht_pages_locked_debug) == 0);
648}
649
6d9abf85
EC		 650#else /* !CONFIG_DEBUG_TCG */
651
652#define assert_page_locked(pd)
653
654static inline void page_lock__debug(const PageDesc *pd)
655{
656}
657
658static inline void page_unlock__debug(const PageDesc *pd)
659{
660}
661
662#endif /* CONFIG_DEBUG_TCG */
663
0b5c91f7
EC		 664static inline void page_lock(PageDesc *pd)
665{
6d9abf85 666 page_lock__debug(pd);
0b5c91f7
EC		 667 qemu_spin_lock(&pd->lock);
668}
669
670static inline void page_unlock(PageDesc *pd)
671{
672 qemu_spin_unlock(&pd->lock);
6d9abf85 673 page_unlock__debug(pd);
0b5c91f7
EC		 674}
675
676/* lock the page(s) of a TB in the correct acquisition order */
677static inline void page_lock_tb(const TranslationBlock *tb)
678{
679 page_lock_pair(NULL, tb->page_addr[0], NULL, tb->page_addr[1], 0);
680}
681
682static inline void page_unlock_tb(const TranslationBlock *tb)
683{
a688e73b
EC		 684 PageDesc *p1 = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
685
686 page_unlock(p1);
0b5c91f7 687 if (unlikely(tb->page_addr[1] != -1)) {
a688e73b
EC		 688 PageDesc *p2 = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
689
690 if (p2 != p1) {
691 page_unlock(p2);
692 }
0b5c91f7
EC		 693 }
694}
695
696static inline struct page_entry *
697page_entry_new(PageDesc *pd, tb_page_addr_t index)
698{
699 struct page_entry *pe = g_malloc(sizeof(*pe));
700
701 pe->index = index;
702 pe->pd = pd;
703 pe->locked = false;
704 return pe;
705}
706
707static void page_entry_destroy(gpointer p)
708{
709 struct page_entry *pe = p;
710
711 g_assert(pe->locked);
712 page_unlock(pe->pd);
713 g_free(pe);
714}
715
716/* returns false on success */
717static bool page_entry_trylock(struct page_entry *pe)
718{
719 bool busy;
720
721 busy = qemu_spin_trylock(&pe->pd->lock);
722 if (!busy) {
723 g_assert(!pe->locked);
724 pe->locked = true;
6d9abf85 725 page_lock__debug(pe->pd);
0b5c91f7
EC		 726 }
727 return busy;
728}
729
730static void do_page_entry_lock(struct page_entry *pe)
731{
732 page_lock(pe->pd);
733 g_assert(!pe->locked);
734 pe->locked = true;
735}
736
737static gboolean page_entry_lock(gpointer key, gpointer value, gpointer data)
738{
739 struct page_entry *pe = value;
740
741 do_page_entry_lock(pe);
742 return FALSE;
743}
744
745static gboolean page_entry_unlock(gpointer key, gpointer value, gpointer data)
746{
747 struct page_entry *pe = value;
748
749 if (pe->locked) {
750 pe->locked = false;
751 page_unlock(pe->pd);
752 }
753 return FALSE;
754}
755
756/*
757 * Trylock a page, and if successful, add the page to a collection.
758 * Returns true ("busy") if the page could not be locked; false otherwise.
759 */
760static bool page_trylock_add(struct page_collection *set, tb_page_addr_t addr)
761{
762 tb_page_addr_t index = addr >> TARGET_PAGE_BITS;
763 struct page_entry *pe;
764 PageDesc *pd;
765
766 pe = g_tree_lookup(set->tree, &index);
767 if (pe) {
768 return false;
769 }
770
771 pd = page_find(index);
772 if (pd == NULL) {
773 return false;
774 }
775
776 pe = page_entry_new(pd, index);
777 g_tree_insert(set->tree, &pe->index, pe);
778
779 /*
780 * If this is either (1) the first insertion or (2) a page whose index
781 * is higher than any other so far, just lock the page and move on.
782 */
783 if (set->max == NULL || pe->index > set->max->index) {
784 set->max = pe;
785 do_page_entry_lock(pe);
786 return false;
787 }
788 /*
789 * Try to acquire out-of-order lock; if busy, return busy so that we acquire
790 * locks in order.
791 */
792 return page_entry_trylock(pe);
793}
794
795static gint tb_page_addr_cmp(gconstpointer ap, gconstpointer bp, gpointer udata)
796{
797 tb_page_addr_t a = *(const tb_page_addr_t *)ap;
798 tb_page_addr_t b = *(const tb_page_addr_t *)bp;
799
800 if (a == b) {
801 return 0;
802 } else if (a < b) {
803 return -1;
804 }
805 return 1;
806}
807
808/*
809 * Lock a range of pages ([@start,@end[) as well as the pages of all
810 * intersecting TBs.
811 * Locking order: acquire locks in ascending order of page index.
812 */
813struct page_collection *
814page_collection_lock(tb_page_addr_t start, tb_page_addr_t end)
815{
816 struct page_collection *set = g_malloc(sizeof(*set));
817 tb_page_addr_t index;
818 PageDesc *pd;
819
820 start >>= TARGET_PAGE_BITS;
821 end >>= TARGET_PAGE_BITS;
822 g_assert(start <= end);
823
824 set->tree = g_tree_new_full(tb_page_addr_cmp, NULL, NULL,
825 page_entry_destroy);
826 set->max = NULL;
faa9372c 827 assert_no_pages_locked();
0b5c91f7
EC		 828
829 retry:
830 g_tree_foreach(set->tree, page_entry_lock, NULL);
831
832 for (index = start; index <= end; index++) {
833 TranslationBlock *tb;
834 int n;
835
836 pd = page_find(index);
837 if (pd == NULL) {
838 continue;
839 }
840 if (page_trylock_add(set, index << TARGET_PAGE_BITS)) {
841 g_tree_foreach(set->tree, page_entry_unlock, NULL);
842 goto retry;
843 }
6d9abf85 844 assert_page_locked(pd);
0b5c91f7
EC		 845 PAGE_FOR_EACH_TB(pd, tb, n) {
846 if (page_trylock_add(set, tb->page_addr[0]) ||
847 (tb->page_addr[1] != -1 &&
848 page_trylock_add(set, tb->page_addr[1]))) {
849 /* drop all locks, and reacquire in order */
850 g_tree_foreach(set->tree, page_entry_unlock, NULL);
851 goto retry;
852 }
853 }
854 }
855 return set;
856}
857
858void page_collection_unlock(struct page_collection *set)
859{
860 /* entries are unlocked and freed via page_entry_destroy */
861 g_tree_destroy(set->tree);
862 g_free(set);
863}
864
865#endif /* !CONFIG_USER_ONLY */
866
867static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1,
868 PageDesc **ret_p2, tb_page_addr_t phys2, int alloc)
869{
870 PageDesc *p1, *p2;
a688e73b
EC		 871 tb_page_addr_t page1;
872 tb_page_addr_t page2;
0b5c91f7
EC		 873
874 assert_memory_lock();
a688e73b
EC		 875 g_assert(phys1 != -1);
876
877 page1 = phys1 >> TARGET_PAGE_BITS;
878 page2 = phys2 >> TARGET_PAGE_BITS;
879
880 p1 = page_find_alloc(page1, alloc);
0b5c91f7
EC		 881 if (ret_p1) {
882 *ret_p1 = p1;
883 }
884 if (likely(phys2 == -1)) {
885 page_lock(p1);
886 return;
a688e73b
EC		 887 } else if (page1 == page2) {
888 page_lock(p1);
889 if (ret_p2) {
890 *ret_p2 = p1;
891 }
892 return;
0b5c91f7 893 }
a688e73b 894 p2 = page_find_alloc(page2, alloc);
0b5c91f7
EC		 895 if (ret_p2) {
896 *ret_p2 = p2;
897 }
a688e73b 898 if (page1 < page2) {
0b5c91f7
EC		 899 page_lock(p1);
900 page_lock(p2);
901 } else {
902 page_lock(p2);
903 page_lock(p1);
904 }
905}
906
5b6dd868
BS		 907/* Minimum size of the code gen buffer. This number is randomly chosen,
908 but not so small that we can't have a fair number of TB's live. */
a2fa63a8 909#define MIN_CODE_GEN_BUFFER_SIZE (1 * MiB)
5b6dd868
BS		 910
911/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
912 indicated, this is constrained by the range of direct branches on the
913 host cpu, as used by the TCG implementation of goto_tb. */
914#if defined(__x86_64__)
a2fa63a8 915# define MAX_CODE_GEN_BUFFER_SIZE (2 * GiB)
5b6dd868 916#elif defined(__sparc__)
a2fa63a8 917# define MAX_CODE_GEN_BUFFER_SIZE (2 * GiB)
5bfd75a3 918#elif defined(__powerpc64__)
a2fa63a8 919# define MAX_CODE_GEN_BUFFER_SIZE (2 * GiB)
399f1648 920#elif defined(__powerpc__)
a2fa63a8 921# define MAX_CODE_GEN_BUFFER_SIZE (32 * MiB)
4a136e0a 922#elif defined(__aarch64__)
a2fa63a8 923# define MAX_CODE_GEN_BUFFER_SIZE (2 * GiB)
5b6dd868
BS		 924#elif defined(__s390x__)
925 /* We have a +- 4GB range on the branches; leave some slop. */
a2fa63a8 926# define MAX_CODE_GEN_BUFFER_SIZE (3 * GiB)
479eb121
RH		 927#elif defined(__mips__)
928 /* We have a 256MB branch region, but leave room to make sure the
929 main executable is also within that region. */
a2fa63a8 930# define MAX_CODE_GEN_BUFFER_SIZE (128 * MiB)
5b6dd868
BS		 931#else
932# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
933#endif
934
600e17b2 935#if TCG_TARGET_REG_BITS == 32
a2fa63a8 936#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32 * MiB)
600e17b2
AB		 937#ifdef CONFIG_USER_ONLY
938/*
939 * For user mode on smaller 32 bit systems we may run into trouble
940 * allocating big chunks of data in the right place. On these systems
941 * we utilise a static code generation buffer directly in the binary.
942 */
943#define USE_STATIC_CODE_GEN_BUFFER
944#endif
945#else /* TCG_TARGET_REG_BITS == 64 */
946#ifdef CONFIG_USER_ONLY
947/*
948 * As user-mode emulation typically means running multiple instances
949 * of the translator don't go too nuts with our default code gen
950 * buffer lest we make things too hard for the OS.
951 */
952#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (128 * MiB)
953#else
954/*
955 * We expect most system emulation to run one or two guests per host.
956 * Users running large scale system emulation may want to tweak their
957 * runtime setup via the tb-size control on the command line.
958 */
959#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (1 * GiB)
960#endif
961#endif
5b6dd868
BS		 962
963#define DEFAULT_CODE_GEN_BUFFER_SIZE \
964 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
965 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
966
6bc14423 967static size_t size_code_gen_buffer(size_t tb_size)
5b6dd868
BS		 968{
969 /* Size the buffer. */
970 if (tb_size == 0) {
c83d628b
AB		 971 size_t phys_mem = qemu_get_host_physmem();
972 if (phys_mem == 0) {
973 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
974 } else {
975 tb_size = MIN(DEFAULT_CODE_GEN_BUFFER_SIZE, phys_mem / 8);
976 }
5b6dd868
BS		 977 }
978 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
979 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
980 }
981 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
982 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
983 }
5b6dd868
BS		 984 return tb_size;
985}
986
483c76e1
RH		 987#ifdef __mips__
988/* In order to use J and JAL within the code_gen_buffer, we require
989 that the buffer not cross a 256MB boundary. */
990static inline bool cross_256mb(void *addr, size_t size)
991{
7ba6a512 992 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful;
483c76e1
RH		 993}
994
995/* We weren't able to allocate a buffer without crossing that boundary,
996 so make do with the larger portion of the buffer that doesn't cross.
997 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
998static inline void *split_cross_256mb(void *buf1, size_t size1)
999{
7ba6a512 1000 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful);
483c76e1
RH		 1001 size_t size2 = buf1 + size1 - buf2;
1002
1003 size1 = buf2 - buf1;
1004 if (size1 < size2) {
1005 size1 = size2;
1006 buf1 = buf2;
1007 }
1008
b1311c4a 1009 tcg_ctx->code_gen_buffer_size = size1;
483c76e1
RH		 1010 return buf1;
1011}
1012#endif
1013
5b6dd868
BS		 1014#ifdef USE_STATIC_CODE_GEN_BUFFER
1015static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
1016 __attribute__((aligned(CODE_GEN_ALIGN)));
1017
a35b3e14 1018static bool alloc_code_gen_buffer(size_t tb_size, int splitwx, Error **errp)
5b6dd868 1019{
a35b3e14 1020 void *buf, *end;
e8feb96f 1021 size_t size;
f293709c 1022
a35b3e14
RH		 1023 if (splitwx > 0) {
1024 error_setg(errp, "jit split-wx not supported");
1025 return false;
1026 }
1027
f51f315a 1028 /* page-align the beginning and end of the buffer */
a35b3e14
RH		 1029 buf = static_code_gen_buffer;
1030 end = static_code_gen_buffer + sizeof(static_code_gen_buffer);
f51f315a
EC		 1031 buf = QEMU_ALIGN_PTR_UP(buf, qemu_real_host_page_size);
1032 end = QEMU_ALIGN_PTR_DOWN(end, qemu_real_host_page_size);
f293709c 1033
e8feb96f 1034 size = end - buf;
f293709c
RH		 1035
1036 /* Honor a command-line option limiting the size of the buffer. */
6bc14423
RH		 1037 if (size > tb_size) {
1038 size = QEMU_ALIGN_DOWN(tb_size, qemu_real_host_page_size);
f293709c 1039 }
b1311c4a 1040 tcg_ctx->code_gen_buffer_size = size;
f293709c 1041
483c76e1 1042#ifdef __mips__
f293709c
RH		 1043 if (cross_256mb(buf, size)) {
1044 buf = split_cross_256mb(buf, size);
b1311c4a 1045 size = tcg_ctx->code_gen_buffer_size;
483c76e1
RH		 1046 }
1047#endif
f293709c 1048
f51f315a 1049 if (qemu_mprotect_rwx(buf, size)) {
6bc14423
RH		 1050 error_setg_errno(errp, errno, "mprotect of jit buffer");
1051 return false;
f51f315a 1052 }
f293709c
RH		 1053 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
1054
6bc14423
RH		 1055 tcg_ctx->code_gen_buffer = buf;
1056 return true;
5b6dd868 1057}
f293709c 1058#elif defined(_WIN32)
a35b3e14 1059static bool alloc_code_gen_buffer(size_t size, int splitwx, Error **errp)
f293709c 1060{
a35b3e14
RH		 1061 void *buf;
1062
1063 if (splitwx > 0) {
1064 error_setg(errp, "jit split-wx not supported");
1065 return false;
1066 }
1067
1068 buf = VirtualAlloc(NULL, size, MEM_RESERVE | MEM_COMMIT,
6bc14423
RH		 1069 PAGE_EXECUTE_READWRITE);
1070 if (buf == NULL) {
1071 error_setg_win32(errp, GetLastError(),
1072 "allocate %zu bytes for jit buffer", size);
1073 return false;
1074 }
1075
1076 tcg_ctx->code_gen_buffer = buf;
1077 tcg_ctx->code_gen_buffer_size = size;
1078 return true;
f293709c
RH		 1079}
1080#else
a8c35b2c
RH		 1081static bool alloc_code_gen_buffer_anon(size_t size, int prot,
1082 int flags, Error **errp)
5b6dd868 1083{
5b6dd868
BS		 1084 void *buf;
1085
64547a3b 1086 buf = mmap(NULL, size, prot, flags, -1, 0);
483c76e1 1087 if (buf == MAP_FAILED) {
6bc14423
RH		 1088 error_setg_errno(errp, errno,
1089 "allocate %zu bytes for jit buffer", size);
1090 return false;
483c76e1 1091 }
6bc14423 1092 tcg_ctx->code_gen_buffer_size = size;
483c76e1
RH		 1093
1094#ifdef __mips__
f293709c 1095 if (cross_256mb(buf, size)) {
64547a3b
RH		 1096 /*
1097 * Try again, with the original still mapped, to avoid re-acquiring
1098 * the same 256mb crossing.
1099 */
f293709c 1100 size_t size2;
e8feb96f 1101 void *buf2 = mmap(NULL, size, prot, flags, -1, 0);
f68808c7 1102 switch ((int)(buf2 != MAP_FAILED)) {
f293709c
RH		 1103 case 1:
1104 if (!cross_256mb(buf2, size)) {
483c76e1 1105 /* Success! Use the new buffer. */
e8feb96f 1106 munmap(buf, size);
f293709c 1107 break;
483c76e1
RH		 1108 }
1109 /* Failure. Work with what we had. */
e8feb96f 1110 munmap(buf2, size);
f293709c
RH		 1111 /* fallthru */
1112 default:
1113 /* Split the original buffer. Free the smaller half. */
1114 buf2 = split_cross_256mb(buf, size);
b1311c4a 1115 size2 = tcg_ctx->code_gen_buffer_size;
f293709c 1116 if (buf == buf2) {
e8feb96f 1117 munmap(buf + size2, size - size2);
f293709c
RH		 1118 } else {
1119 munmap(buf, size - size2);
1120 }
1121 size = size2;
1122 break;
483c76e1 1123 }
f293709c 1124 buf = buf2;
483c76e1
RH		 1125 }
1126#endif
1127
f293709c
RH		 1128 /* Request large pages for the buffer. */
1129 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
483c76e1 1130
6bc14423
RH		 1131 tcg_ctx->code_gen_buffer = buf;
1132 return true;
5b6dd868 1133}
a8c35b2c
RH		 1134
1135#ifdef CONFIG_POSIX
1136#include "qemu/memfd.h"
1137
1138static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
1139{
1140 void *buf_rw, *buf_rx;
1141 int fd = -1;
1142
1143 buf_rw = qemu_memfd_alloc("tcg-jit", size, 0, &fd, errp);
1144 if (buf_rw == NULL) {
1145 return false;
1146 }
1147
1148 buf_rx = mmap(NULL, size, PROT_READ | PROT_EXEC, MAP_SHARED, fd, 0);
1149 if (buf_rx == MAP_FAILED) {
1150 error_setg_errno(errp, errno,
1151 "failed to map shared memory for execute");
1152 munmap(buf_rw, size);
1153 close(fd);
1154 return false;
1155 }
1156 close(fd);
1157
1158 tcg_ctx->code_gen_buffer = buf_rw;
1159 tcg_ctx->code_gen_buffer_size = size;
1160 tcg_splitwx_diff = buf_rx - buf_rw;
1161
1162 /* Request large pages for the buffer and the splitwx. */
1163 qemu_madvise(buf_rw, size, QEMU_MADV_HUGEPAGE);
1164 qemu_madvise(buf_rx, size, QEMU_MADV_HUGEPAGE);
1165 return true;
1166}
1167#endif /* CONFIG_POSIX */
1168
1169static bool alloc_code_gen_buffer_splitwx(size_t size, Error **errp)
1170{
1171 if (TCG_TARGET_SUPPORT_MIRROR) {
1172#ifdef CONFIG_POSIX
1173 return alloc_code_gen_buffer_splitwx_memfd(size, errp);
1174#endif
1175 }
1176 error_setg(errp, "jit split-wx not supported");
1177 return false;
1178}
1179
1180static bool alloc_code_gen_buffer(size_t size, int splitwx, Error **errp)
1181{
1182 ERRP_GUARD();
1183 int prot, flags;
1184
1185 if (splitwx) {
1186 if (alloc_code_gen_buffer_splitwx(size, errp)) {
1187 return true;
1188 }
1189 /*
1190 * If splitwx force-on (1), fail;
1191 * if splitwx default-on (-1), fall through to splitwx off.
1192 */
1193 if (splitwx > 0) {
1194 return false;
1195 }
1196 error_free_or_abort(errp);
1197 }
1198
1199 prot = PROT_READ | PROT_WRITE | PROT_EXEC;
1200 flags = MAP_PRIVATE | MAP_ANONYMOUS;
1201#ifdef CONFIG_TCG_INTERPRETER
1202 /* The tcg interpreter does not need execute permission. */
1203 prot = PROT_READ | PROT_WRITE;
1204#endif
1205
1206 return alloc_code_gen_buffer_anon(size, prot, flags, errp);
1207}
f293709c 1208#endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
5b6dd868 1209
61b8cef1
EC		 1210static bool tb_cmp(const void *ap, const void *bp)
1211{
1212 const TranslationBlock *a = ap;
1213 const TranslationBlock *b = bp;
1214
1215 return a->pc == b->pc &&
1216 a->cs_base == b->cs_base &&
1217 a->flags == b->flags &&
1218 (tb_cflags(a) & CF_HASH_MASK) == (tb_cflags(b) & CF_HASH_MASK) &&
1219 a->trace_vcpu_dstate == b->trace_vcpu_dstate &&
1220 a->page_addr[0] == b->page_addr[0] &&
1221 a->page_addr[1] == b->page_addr[1];
1222}
1223
909eaac9
EC		 1224static void tb_htable_init(void)
1225{
1226 unsigned int mode = QHT_MODE_AUTO_RESIZE;
1227
61b8cef1 1228 qht_init(&tb_ctx.htable, tb_cmp, CODE_GEN_HTABLE_SIZE, mode);
909eaac9
EC		 1229}
1230
5b6dd868
BS		 1231/* Must be called before using the QEMU cpus. 'tb_size' is the size
1232 (in bytes) allocated to the translation buffer. Zero means default
1233 size. */
a35b3e14 1234void tcg_exec_init(unsigned long tb_size, int splitwx)
5b6dd868 1235{
6bc14423
RH		 1236 bool ok;
1237
8e2b7299 1238 tcg_allowed = true;
5b6dd868 1239 cpu_gen_init();
5b6dd868 1240 page_init();
909eaac9 1241 tb_htable_init();
6bc14423 1242
a35b3e14
RH		 1243 ok = alloc_code_gen_buffer(size_code_gen_buffer(tb_size),
1244 splitwx, &error_fatal);
6bc14423
RH		 1245 assert(ok);
1246
4cbea598 1247#if defined(CONFIG_SOFTMMU)
5b6dd868
BS		 1248 /* There's no guest base to take into account, so go ahead and
1249 initialize the prologue now. */
b1311c4a 1250 tcg_prologue_init(tcg_ctx);
5b6dd868
BS		 1251#endif
1252}
1253
0b5c91f7 1254/* call with @p->lock held */
5b6dd868
BS		 1255static inline void invalidate_page_bitmap(PageDesc *p)
1256{
6d9abf85 1257 assert_page_locked(p);
6fad459c 1258#ifdef CONFIG_SOFTMMU
012aef07
MA		 1259 g_free(p->code_bitmap);
1260 p->code_bitmap = NULL;
5b6dd868 1261 p->code_write_count = 0;
6fad459c 1262#endif
5b6dd868
BS		 1263}
1264
1265/* Set to NULL all the 'first_tb' fields in all PageDescs. */
1266static void page_flush_tb_1(int level, void **lp)
1267{
1268 int i;
1269
1270 if (*lp == NULL) {
1271 return;
1272 }
1273 if (level == 0) {
1274 PageDesc *pd = *lp;
1275
03f49957 1276 for (i = 0; i < V_L2_SIZE; ++i) {
0b5c91f7 1277 page_lock(&pd[i]);
1e05197f 1278 pd[i].first_tb = (uintptr_t)NULL;
5b6dd868 1279 invalidate_page_bitmap(pd + i);
0b5c91f7 1280 page_unlock(&pd[i]);
5b6dd868
BS		 1281 }
1282 } else {
1283 void **pp = *lp;
1284
03f49957 1285 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 1286 page_flush_tb_1(level - 1, pp + i);
1287 }
1288 }
1289}
1290
1291static void page_flush_tb(void)
1292{
66ec9f49 1293 int i, l1_sz = v_l1_size;
5b6dd868 1294
66ec9f49
VK		 1295 for (i = 0; i < l1_sz; i++) {
1296 page_flush_tb_1(v_l2_levels, l1_map + i);
5b6dd868
BS		 1297 }
1298}
1299
f19c6cc6
EC		 1300static gboolean tb_host_size_iter(gpointer key, gpointer value, gpointer data)
1301{
1302 const TranslationBlock *tb = value;
1303 size_t *size = data;
1304
1305 *size += tb->tc.size;
1306 return false;
1307}
1308
5b6dd868 1309/* flush all the translation blocks */
14e6fe12 1310static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
5b6dd868 1311{
5025bb7f
EC		 1312 bool did_flush = false;
1313
0ac20318 1314 mmap_lock();
14e6fe12 1315 /* If it is already been done on request of another CPU,
3359baad
SF		 1316 * just retry.
1317 */
44ded3d0 1318 if (tb_ctx.tb_flush_count != tb_flush_count.host_int) {
3359baad 1319 goto done;
135a972b 1320 }
5025bb7f 1321 did_flush = true;
3359baad 1322
424079c1 1323 if (DEBUG_TB_FLUSH_GATE) {
be2cdc5e 1324 size_t nb_tbs = tcg_nb_tbs();
f19c6cc6 1325 size_t host_size = 0;
2ac01d6d 1326
be2cdc5e 1327 tcg_tb_foreach(tb_host_size_iter, &host_size);
e8feb96f
EC		 1328 printf("qemu: flush code_size=%zu nb_tbs=%zu avg_tb_size=%zu\n",
1329 tcg_code_size(), nb_tbs, nb_tbs > 0 ? host_size / nb_tbs : 0);
5b6dd868 1330 }
5b6dd868 1331
bdc44640 1332 CPU_FOREACH(cpu) {
f3ced3c5 1333 cpu_tb_jmp_cache_clear(cpu);
5b6dd868
BS		 1334 }
1335
44ded3d0 1336 qht_reset_size(&tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
5b6dd868
BS		 1337 page_flush_tb();
1338
e8feb96f 1339 tcg_region_reset_all();
5b6dd868
BS		 1340 /* XXX: flush processor icache at this point if cache flush is
1341 expensive */
d73415a3 1342 qatomic_mb_set(&tb_ctx.tb_flush_count, tb_ctx.tb_flush_count + 1);
3359baad
SF		 1343
1344done:
0ac20318 1345 mmap_unlock();
5025bb7f
EC		 1346 if (did_flush) {
1347 qemu_plugin_flush_cb();
1348 }
3359baad
SF		 1349}
1350
1351void tb_flush(CPUState *cpu)
1352{
1353 if (tcg_enabled()) {
d73415a3 1354 unsigned tb_flush_count = qatomic_mb_read(&tb_ctx.tb_flush_count);
136094d0
EC		 1355
1356 if (cpu_in_exclusive_context(cpu)) {
1357 do_tb_flush(cpu, RUN_ON_CPU_HOST_INT(tb_flush_count));
1358 } else {
1359 async_safe_run_on_cpu(cpu, do_tb_flush,
1360 RUN_ON_CPU_HOST_INT(tb_flush_count));
1361 }
3359baad 1362 }
5b6dd868
BS		 1363}
1364
6eb062ab
EC		 1365/*
1366 * Formerly ifdef DEBUG_TB_CHECK. These debug functions are user-mode-only,
1367 * so in order to prevent bit rot we compile them unconditionally in user-mode,
1368 * and let the optimizer get rid of them by wrapping their user-only callers
1369 * with if (DEBUG_TB_CHECK_GATE).
1370 */
1371#ifdef CONFIG_USER_ONLY
5b6dd868 1372
78255ba2 1373static void do_tb_invalidate_check(void *p, uint32_t hash, void *userp)
5b6dd868 1374{
909eaac9
EC		 1375 TranslationBlock *tb = p;
1376 target_ulong addr = *(target_ulong *)userp;
1377
1378 if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
1379 printf("ERROR invalidate: address=" TARGET_FMT_lx
1380 " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
1381 }
1382}
5b6dd868 1383
7d7500d9
PB		 1384/* verify that all the pages have correct rights for code
1385 *
0ac20318 1386 * Called with mmap_lock held.
7d7500d9 1387 */
909eaac9
EC		 1388static void tb_invalidate_check(target_ulong address)
1389{
5b6dd868 1390 address &= TARGET_PAGE_MASK;
44ded3d0 1391 qht_iter(&tb_ctx.htable, do_tb_invalidate_check, &address);
909eaac9
EC		 1392}
1393
78255ba2 1394static void do_tb_page_check(void *p, uint32_t hash, void *userp)
909eaac9
EC		 1395{
1396 TranslationBlock *tb = p;
1397 int flags1, flags2;
1398
1399 flags1 = page_get_flags(tb->pc);
1400 flags2 = page_get_flags(tb->pc + tb->size - 1);
1401 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
1402 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
1403 (long)tb->pc, tb->size, flags1, flags2);
5b6dd868
BS		 1404 }
1405}
1406
1407/* verify that all the pages have correct rights for code */
1408static void tb_page_check(void)
1409{
44ded3d0 1410 qht_iter(&tb_ctx.htable, do_tb_page_check, NULL);
5b6dd868
BS		 1411}
1412
6eb062ab 1413#endif /* CONFIG_USER_ONLY */
5b6dd868 1414
0ac20318
EC		 1415/*
1416 * user-mode: call with mmap_lock held
1417 * !user-mode: call with @pd->lock held
1418 */
1e05197f 1419static inline void tb_page_remove(PageDesc *pd, TranslationBlock *tb)
5b6dd868
BS		 1420{
1421 TranslationBlock *tb1;
1e05197f 1422 uintptr_t *pprev;
5b6dd868
BS		 1423 unsigned int n1;
1424
6d9abf85 1425 assert_page_locked(pd);
1e05197f
EC		 1426 pprev = &pd->first_tb;
1427 PAGE_FOR_EACH_TB(pd, tb1, n1) {
5b6dd868 1428 if (tb1 == tb) {
1e05197f
EC		 1429 *pprev = tb1->page_next[n1];
1430 return;
5b6dd868 1431 }
1e05197f 1432 pprev = &tb1->page_next[n1];
5b6dd868 1433 }
1e05197f 1434 g_assert_not_reached();
5b6dd868
BS		 1435}
1436
194125e3
EC		 1437/* remove @orig from its @n_orig-th jump list */
1438static inline void tb_remove_from_jmp_list(TranslationBlock *orig, int n_orig)
5b6dd868 1439{
194125e3
EC		 1440 uintptr_t ptr, ptr_locked;
1441 TranslationBlock *dest;
1442 TranslationBlock *tb;
1443 uintptr_t *pprev;
1444 int n;
5b6dd868 1445
194125e3 1446 /* mark the LSB of jmp_dest[] so that no further jumps can be inserted */
d73415a3 1447 ptr = qatomic_or_fetch(&orig->jmp_dest[n_orig], 1);
194125e3
EC		 1448 dest = (TranslationBlock *)(ptr & ~1);
1449 if (dest == NULL) {
1450 return;
1451 }
5b6dd868 1452
194125e3
EC		 1453 qemu_spin_lock(&dest->jmp_lock);
1454 /*
1455 * While acquiring the lock, the jump might have been removed if the
1456 * destination TB was invalidated; check again.
1457 */
d73415a3 1458 ptr_locked = qatomic_read(&orig->jmp_dest[n_orig]);
194125e3
EC		 1459 if (ptr_locked != ptr) {
1460 qemu_spin_unlock(&dest->jmp_lock);
1461 /*
1462 * The only possibility is that the jump was unlinked via
1463 * tb_jump_unlink(dest). Seeing here another destination would be a bug,
1464 * because we set the LSB above.
1465 */
1466 g_assert(ptr_locked == 1 && dest->cflags & CF_INVALID);
1467 return;
5b6dd868 1468 }
194125e3
EC		 1469 /*
1470 * We first acquired the lock, and since the destination pointer matches,
1471 * we know for sure that @orig is in the jmp list.
1472 */
1473 pprev = &dest->jmp_list_head;
1474 TB_FOR_EACH_JMP(dest, tb, n) {
1475 if (tb == orig && n == n_orig) {
1476 *pprev = tb->jmp_list_next[n];
1477 /* no need to set orig->jmp_dest[n]; setting the LSB was enough */
1478 qemu_spin_unlock(&dest->jmp_lock);
1479 return;
1480 }
1481 pprev = &tb->jmp_list_next[n];
1482 }
1483 g_assert_not_reached();
5b6dd868
BS		 1484}
1485
1486/* reset the jump entry 'n' of a TB so that it is not chained to
1487 another TB */
1488static inline void tb_reset_jump(TranslationBlock *tb, int n)
1489{
e7e168f4 1490 uintptr_t addr = (uintptr_t)(tb->tc.ptr + tb->jmp_reset_offset[n]);
f309101c 1491 tb_set_jmp_target(tb, n, addr);
5b6dd868
BS		 1492}
1493
89bba496 1494/* remove any jumps to the TB */
194125e3 1495static inline void tb_jmp_unlink(TranslationBlock *dest)
89bba496 1496{
194125e3
EC		 1497 TranslationBlock *tb;
1498 int n;
89bba496 1499
194125e3
EC		 1500 qemu_spin_lock(&dest->jmp_lock);
1501
1502 TB_FOR_EACH_JMP(dest, tb, n) {
1503 tb_reset_jump(tb, n);
d73415a3 1504 qatomic_and(&tb->jmp_dest[n], (uintptr_t)NULL | 1);
194125e3 1505 /* No need to clear the list entry; setting the dest ptr is enough */
89bba496 1506 }
194125e3
EC		 1507 dest->jmp_list_head = (uintptr_t)NULL;
1508
1509 qemu_spin_unlock(&dest->jmp_lock);
89bba496
SF		 1510}
1511
0ac20318
EC		 1512/*
1513 * In user-mode, call with mmap_lock held.
1514 * In !user-mode, if @rm_from_page_list is set, call with the TB's pages'
1515 * locks held.
1516 */
0b5c91f7 1517static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
5b6dd868 1518{
182735ef 1519 CPUState *cpu;
5b6dd868 1520 PageDesc *p;
42bd3228 1521 uint32_t h;
5b6dd868 1522 tb_page_addr_t phys_pc;
5b6dd868 1523
0ac20318 1524 assert_memory_lock();
e505a063 1525
194125e3
EC		 1526 /* make sure no further incoming jumps will be chained to this TB */
1527 qemu_spin_lock(&tb->jmp_lock);
d73415a3 1528 qatomic_set(&tb->cflags, tb->cflags | CF_INVALID);
194125e3 1529 qemu_spin_unlock(&tb->jmp_lock);
6d21e420 1530
5b6dd868
BS		 1531 /* remove the TB from the hash list */
1532 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
194125e3 1533 h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb_cflags(tb) & CF_HASH_MASK,
4e2ca83e 1534 tb->trace_vcpu_dstate);
ec7eb2ae
EC		 1535 if (!(tb->cflags & CF_NOCACHE) &&
1536 !qht_remove(&tb_ctx.htable, tb, h)) {
cc689485
EC		 1537 return;
1538 }
5b6dd868
BS		 1539
1540 /* remove the TB from the page list */
0b5c91f7 1541 if (rm_from_page_list) {
5b6dd868 1542 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
1e05197f 1543 tb_page_remove(p, tb);
5b6dd868 1544 invalidate_page_bitmap(p);
0b5c91f7
EC		 1545 if (tb->page_addr[1] != -1) {
1546 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
1547 tb_page_remove(p, tb);
1548 invalidate_page_bitmap(p);
1549 }
5b6dd868
BS		 1550 }
1551
5b6dd868
BS		 1552 /* remove the TB from the hash list */
1553 h = tb_jmp_cache_hash_func(tb->pc);
bdc44640 1554 CPU_FOREACH(cpu) {
d73415a3
SH		 1555 if (qatomic_read(&cpu->tb_jmp_cache[h]) == tb) {
1556 qatomic_set(&cpu->tb_jmp_cache[h], NULL);
5b6dd868
BS		 1557 }
1558 }
1559
1560 /* suppress this TB from the two jump lists */
13362678
SF		 1561 tb_remove_from_jmp_list(tb, 0);
1562 tb_remove_from_jmp_list(tb, 1);
5b6dd868
BS		 1563
1564 /* suppress any remaining jumps to this TB */
89bba496 1565 tb_jmp_unlink(tb);
5b6dd868 1566
d73415a3 1567 qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
128ed227 1568 tcg_ctx->tb_phys_invalidate_count + 1);
5b6dd868
BS		 1569}
1570
0b5c91f7
EC		 1571static void tb_phys_invalidate__locked(TranslationBlock *tb)
1572{
1573 do_tb_phys_invalidate(tb, true);
1574}
1575
1576/* invalidate one TB
1577 *
0ac20318 1578 * Called with mmap_lock held in user-mode.
0b5c91f7
EC		 1579 */
1580void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
1581{
9739e376 1582 if (page_addr == -1 && tb->page_addr[0] != -1) {
0b5c91f7
EC		 1583 page_lock_tb(tb);
1584 do_tb_phys_invalidate(tb, true);
1585 page_unlock_tb(tb);
1586 } else {
1587 do_tb_phys_invalidate(tb, false);
1588 }
1589}
1590
6fad459c 1591#ifdef CONFIG_SOFTMMU
0b5c91f7 1592/* call with @p->lock held */
5b6dd868
BS		 1593static void build_page_bitmap(PageDesc *p)
1594{
1595 int n, tb_start, tb_end;
1596 TranslationBlock *tb;
1597
6d9abf85 1598 assert_page_locked(p);
510a647f 1599 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
5b6dd868 1600
1e05197f 1601 PAGE_FOR_EACH_TB(p, tb, n) {
5b6dd868
BS		 1602 /* NOTE: this is subtle as a TB may span two physical pages */
1603 if (n == 0) {
1604 /* NOTE: tb_end may be after the end of the page, but
1605 it is not a problem */
1606 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1607 tb_end = tb_start + tb->size;
1608 if (tb_end > TARGET_PAGE_SIZE) {
1609 tb_end = TARGET_PAGE_SIZE;
e505a063 1610 }
5b6dd868
BS		 1611 } else {
1612 tb_start = 0;
1613 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1614 }
510a647f 1615 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
5b6dd868
BS		 1616 }
1617}
6fad459c 1618#endif
5b6dd868 1619
e90d96b1
SF		 1620/* add the tb in the target page and protect it if necessary
1621 *
1622 * Called with mmap_lock held for user-mode emulation.
0ac20318 1623 * Called with @p->lock held in !user-mode.
e90d96b1 1624 */
0b5c91f7
EC		 1625static inline void tb_page_add(PageDesc *p, TranslationBlock *tb,
1626 unsigned int n, tb_page_addr_t page_addr)
e90d96b1 1627{
e90d96b1
SF		 1628#ifndef CONFIG_USER_ONLY
1629 bool page_already_protected;
1630#endif
1631
6d9abf85 1632 assert_page_locked(p);
e505a063 1633
e90d96b1 1634 tb->page_addr[n] = page_addr;
e90d96b1
SF		 1635 tb->page_next[n] = p->first_tb;
1636#ifndef CONFIG_USER_ONLY
1e05197f 1637 page_already_protected = p->first_tb != (uintptr_t)NULL;
e90d96b1 1638#endif
1e05197f 1639 p->first_tb = (uintptr_t)tb | n;
e90d96b1
SF		 1640 invalidate_page_bitmap(p);
1641
1642#if defined(CONFIG_USER_ONLY)
1643 if (p->flags & PAGE_WRITE) {
1644 target_ulong addr;
1645 PageDesc *p2;
1646 int prot;
1647
1648 /* force the host page as non writable (writes will have a
1649 page fault + mprotect overhead) */
1650 page_addr &= qemu_host_page_mask;
1651 prot = 0;
1652 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1653 addr += TARGET_PAGE_SIZE) {
1654
1655 p2 = page_find(addr >> TARGET_PAGE_BITS);
1656 if (!p2) {
1657 continue;
1658 }
1659 prot |= p2->flags;
1660 p2->flags &= ~PAGE_WRITE;
1661 }
1662 mprotect(g2h(page_addr), qemu_host_page_size,
1663 (prot & PAGE_BITS) & ~PAGE_WRITE);
dae9e03a
EC		 1664 if (DEBUG_TB_INVALIDATE_GATE) {
1665 printf("protecting code page: 0x" TB_PAGE_ADDR_FMT "\n", page_addr);
1666 }
e90d96b1
SF		 1667 }
1668#else
1669 /* if some code is already present, then the pages are already
1670 protected. So we handle the case where only the first TB is
1671 allocated in a physical page */
1672 if (!page_already_protected) {
1673 tlb_protect_code(page_addr);
1674 }
1675#endif
1676}
1677
1678/* add a new TB and link it to the physical page tables. phys_page2 is
1679 * (-1) to indicate that only one page contains the TB.
1680 *
1681 * Called with mmap_lock held for user-mode emulation.
95590e24
EC		 1682 *
1683 * Returns a pointer @tb, or a pointer to an existing TB that matches @tb.
1684 * Note that in !user-mode, another thread might have already added a TB
1685 * for the same block of guest code that @tb corresponds to. In that case,
1686 * the caller should discard the original @tb, and use instead the returned TB.
e90d96b1 1687 */
95590e24
EC		 1688static TranslationBlock *
1689tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1690 tb_page_addr_t phys_page2)
e90d96b1 1691{
0b5c91f7
EC		 1692 PageDesc *p;
1693 PageDesc *p2 = NULL;
e90d96b1 1694
e505a063
AB		 1695 assert_memory_lock();
1696
9739e376
PM		 1697 if (phys_pc == -1) {
1698 /*
1699 * If the TB is not associated with a physical RAM page then
1700 * it must be a temporary one-insn TB, and we have nothing to do
1701 * except fill in the page_addr[] fields.
1702 */
1703 assert(tb->cflags & CF_NOCACHE);
1704 tb->page_addr[0] = tb->page_addr[1] = -1;
1705 return tb;
1706 }
1707
0b5c91f7
EC		 1708 /*
1709 * Add the TB to the page list, acquiring first the pages's locks.
95590e24
EC		 1710 * We keep the locks held until after inserting the TB in the hash table,
1711 * so that if the insertion fails we know for sure that the TBs are still
1712 * in the page descriptors.
1713 * Note that inserting into the hash table first isn't an option, since
1714 * we can only insert TBs that are fully initialized.
0b5c91f7
EC		 1715 */
1716 page_lock_pair(&p, phys_pc, &p2, phys_page2, 1);
1717 tb_page_add(p, tb, 0, phys_pc & TARGET_PAGE_MASK);
1718 if (p2) {
1719 tb_page_add(p2, tb, 1, phys_page2);
e90d96b1
SF		 1720 } else {
1721 tb->page_addr[1] = -1;
1722 }
1723
ec7eb2ae
EC		 1724 if (!(tb->cflags & CF_NOCACHE)) {
1725 void *existing_tb = NULL;
1726 uint32_t h;
95590e24 1727
ec7eb2ae
EC		 1728 /* add in the hash table */
1729 h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags & CF_HASH_MASK,
1730 tb->trace_vcpu_dstate);
1731 qht_insert(&tb_ctx.htable, tb, h, &existing_tb);
1732
1733 /* remove TB from the page(s) if we couldn't insert it */
1734 if (unlikely(existing_tb)) {
1735 tb_page_remove(p, tb);
1736 invalidate_page_bitmap(p);
1737 if (p2) {
1738 tb_page_remove(p2, tb);
1739 invalidate_page_bitmap(p2);
1740 }
1741 tb = existing_tb;
95590e24 1742 }
95590e24
EC		 1743 }
1744
a688e73b 1745 if (p2 && p2 != p) {
0b5c91f7
EC		 1746 page_unlock(p2);
1747 }
1748 page_unlock(p);
1749
6eb062ab
EC		 1750#ifdef CONFIG_USER_ONLY
1751 if (DEBUG_TB_CHECK_GATE) {
1752 tb_page_check();
1753 }
e90d96b1 1754#endif
95590e24 1755 return tb;
e90d96b1
SF		 1756}
1757
75692087 1758/* Called with mmap_lock held for user mode emulation. */
648f034c 1759TranslationBlock *tb_gen_code(CPUState *cpu,
5b6dd868 1760 target_ulong pc, target_ulong cs_base,
89fee74a 1761 uint32_t flags, int cflags)
5b6dd868 1762{
648f034c 1763 CPUArchState *env = cpu->env_ptr;
95590e24 1764 TranslationBlock *tb, *existing_tb;
5b6dd868
BS		 1765 tb_page_addr_t phys_pc, phys_page2;
1766 target_ulong virt_page2;
fec88f64 1767 tcg_insn_unit *gen_code_buf;
8b86d6d2 1768 int gen_code_size, search_size, max_insns;
fec88f64 1769#ifdef CONFIG_PROFILER
c3fac113 1770 TCGProfile *prof = &tcg_ctx->prof;
fec88f64
RH		 1771 int64_t ti;
1772#endif
fe9b676f 1773
e505a063 1774 assert_memory_lock();
5b6dd868
BS		 1775
1776 phys_pc = get_page_addr_code(env, pc);
b125f9dc 1777
9739e376
PM		 1778 if (phys_pc == -1) {
1779 /* Generate a temporary TB with 1 insn in it */
1780 cflags &= ~CF_COUNT_MASK;
1781 cflags |= CF_NOCACHE | 1;
1782 }
1783
f7b78602
PM		 1784 cflags &= ~CF_CLUSTER_MASK;
1785 cflags |= cpu->cluster_index << CF_CLUSTER_SHIFT;
1786
8b86d6d2
RH		 1787 max_insns = cflags & CF_COUNT_MASK;
1788 if (max_insns == 0) {
1789 max_insns = CF_COUNT_MASK;
1790 }
1791 if (max_insns > TCG_MAX_INSNS) {
1792 max_insns = TCG_MAX_INSNS;
1793 }
1794 if (cpu->singlestep_enabled || singlestep) {
1795 max_insns = 1;
1796 }
1797
e8feb96f 1798 buffer_overflow:
fe9b676f 1799 tb = tcg_tb_alloc(tcg_ctx);
b125f9dc 1800 if (unlikely(!tb)) {
5b6dd868 1801 /* flush must be done */
bbd77c18 1802 tb_flush(cpu);
3359baad 1803 mmap_unlock();
8499c8fc
PD		 1804 /* Make the execution loop process the flush as soon as possible. */
1805 cpu->exception_index = EXCP_INTERRUPT;
3359baad 1806 cpu_loop_exit(cpu);
5b6dd868 1807 }
fec88f64 1808
b1311c4a 1809 gen_code_buf = tcg_ctx->code_gen_ptr;
db0c51a3 1810 tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf);
2b48e10f 1811 tb->pc = pc;
5b6dd868
BS		 1812 tb->cs_base = cs_base;
1813 tb->flags = flags;
1814 tb->cflags = cflags;
1b194002 1815 tb->orig_tb = NULL;
61a67f71 1816 tb->trace_vcpu_dstate = *cpu->trace_dstate;
b1311c4a 1817 tcg_ctx->tb_cflags = cflags;
6e6c4efe 1818 tb_overflow:
fec88f64
RH		 1819
1820#ifdef CONFIG_PROFILER
c3fac113 1821 /* includes aborted translations because of exceptions */
d73415a3 1822 qatomic_set(&prof->tb_count1, prof->tb_count1 + 1);
fec88f64
RH		 1823 ti = profile_getclock();
1824#endif
1825
b1311c4a 1826 tcg_func_start(tcg_ctx);
fec88f64 1827
29a0af61 1828 tcg_ctx->cpu = env_cpu(env);
8b86d6d2 1829 gen_intermediate_code(cpu, tb, max_insns);
b1311c4a 1830 tcg_ctx->cpu = NULL;
fec88f64 1831
e7e168f4 1832 trace_translate_block(tb, tb->pc, tb->tc.ptr);
fec88f64
RH		 1833
1834 /* generate machine code */
f309101c
SF		 1835 tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
1836 tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID;
b1311c4a 1837 tcg_ctx->tb_jmp_reset_offset = tb->jmp_reset_offset;
a8583393 1838 if (TCG_TARGET_HAS_direct_jump) {
b1311c4a
EC		 1839 tcg_ctx->tb_jmp_insn_offset = tb->jmp_target_arg;
1840 tcg_ctx->tb_jmp_target_addr = NULL;
a8583393 1841 } else {
b1311c4a
EC		 1842 tcg_ctx->tb_jmp_insn_offset = NULL;
1843 tcg_ctx->tb_jmp_target_addr = tb->jmp_target_arg;
a8583393 1844 }
fec88f64
RH		 1845
1846#ifdef CONFIG_PROFILER
d73415a3
SH		 1847 qatomic_set(&prof->tb_count, prof->tb_count + 1);
1848 qatomic_set(&prof->interm_time,
1849 prof->interm_time + profile_getclock() - ti);
0aecede6 1850 ti = profile_getclock();
fec88f64
RH		 1851#endif
1852
b1311c4a 1853 gen_code_size = tcg_gen_code(tcg_ctx, tb);
b125f9dc 1854 if (unlikely(gen_code_size < 0)) {
6e6c4efe
RH		 1855 switch (gen_code_size) {
1856 case -1:
1857 /*
1858 * Overflow of code_gen_buffer, or the current slice of it.
1859 *
1860 * TODO: We don't need to re-do gen_intermediate_code, nor
1861 * should we re-do the tcg optimization currently hidden
1862 * inside tcg_gen_code. All that should be required is to
1863 * flush the TBs, allocate a new TB, re-initialize it per
1864 * above, and re-do the actual code generation.
1865 */
1866 goto buffer_overflow;
1867
1868 case -2:
1869 /*
1870 * The code generated for the TranslationBlock is too large.
1871 * The maximum size allowed by the unwind info is 64k.
1872 * There may be stricter constraints from relocations
1873 * in the tcg backend.
1874 *
1875 * Try again with half as many insns as we attempted this time.
1876 * If a single insn overflows, there's a bug somewhere...
1877 */
1878 max_insns = tb->icount;
1879 assert(max_insns > 1);
1880 max_insns /= 2;
1881 goto tb_overflow;
1882
1883 default:
1884 g_assert_not_reached();
1885 }
b125f9dc 1886 }
fca8a500 1887 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
b125f9dc
RH		 1888 if (unlikely(search_size < 0)) {
1889 goto buffer_overflow;
1890 }
2ac01d6d 1891 tb->tc.size = gen_code_size;
fec88f64
RH		 1892
1893#ifdef CONFIG_PROFILER
d73415a3
SH		 1894 qatomic_set(&prof->code_time, prof->code_time + profile_getclock() - ti);
1895 qatomic_set(&prof->code_in_len, prof->code_in_len + tb->size);
1896 qatomic_set(&prof->code_out_len, prof->code_out_len + gen_code_size);
1897 qatomic_set(&prof->search_out_len, prof->search_out_len + search_size);
fec88f64
RH		 1898#endif
1899
1900#ifdef DEBUG_DISAS
d977e1c2
AB		 1901 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
1902 qemu_log_in_addr_range(tb->pc)) {
fc59d2d8 1903 FILE *logfile = qemu_log_lock();
db0c51a3
RH		 1904 int code_size, data_size;
1905 const tcg_target_ulong *rx_data_gen_ptr;
4c389f6e 1906 size_t chunk_start;
5f0df033 1907 int insn = 0;
4c389f6e 1908
b1311c4a 1909 if (tcg_ctx->data_gen_ptr) {
db0c51a3
RH		 1910 rx_data_gen_ptr = tcg_splitwx_to_rx(tcg_ctx->data_gen_ptr);
1911 code_size = (const void *)rx_data_gen_ptr - tb->tc.ptr;
5f0df033
AB		 1912 data_size = gen_code_size - code_size;
1913 } else {
db0c51a3 1914 rx_data_gen_ptr = 0;
5f0df033 1915 code_size = gen_code_size;
db0c51a3 1916 data_size = 0;
5f0df033 1917 }
57a26946 1918
5f0df033 1919 /* Dump header and the first instruction */
4c389f6e
RH		 1920 qemu_log("OUT: [size=%d]\n", gen_code_size);
1921 qemu_log(" -- guest addr 0x" TARGET_FMT_lx " + tb prologue\n",
1922 tcg_ctx->gen_insn_data[insn][0]);
5f0df033 1923 chunk_start = tcg_ctx->gen_insn_end_off[insn];
4c389f6e 1924 log_disas(tb->tc.ptr, chunk_start);
57a26946 1925
5f0df033
AB		 1926 /*
1927 * Dump each instruction chunk, wrapping up empty chunks into
1928 * the next instruction. The whole array is offset so the
1929 * first entry is the beginning of the 2nd instruction.
1930 */
4c389f6e 1931 while (insn < tb->icount) {
5f0df033
AB		 1932 size_t chunk_end = tcg_ctx->gen_insn_end_off[insn];
1933 if (chunk_end > chunk_start) {
4c389f6e
RH		 1934 qemu_log(" -- guest addr 0x" TARGET_FMT_lx "\n",
1935 tcg_ctx->gen_insn_data[insn][0]);
1936 log_disas(tb->tc.ptr + chunk_start, chunk_end - chunk_start);
5f0df033
AB		 1937 chunk_start = chunk_end;
1938 }
1939 insn++;
1940 }
1941
4c389f6e
RH		 1942 if (chunk_start < code_size) {
1943 qemu_log(" -- tb slow paths + alignment\n");
1944 log_disas(tb->tc.ptr + chunk_start, code_size - chunk_start);
1945 }
1946
5f0df033
AB		 1947 /* Finally dump any data we may have after the block */
1948 if (data_size) {
1949 int i;
1950 qemu_log(" data: [size=%d]\n", data_size);
db0c51a3
RH		 1951 for (i = 0; i < data_size / sizeof(tcg_target_ulong); i++) {
1952 qemu_log("0x%08" PRIxPTR ": .quad 0x%" TCG_PRIlx "\n",
1953 (uintptr_t)&rx_data_gen_ptr[i], rx_data_gen_ptr[i]);
57a26946 1954 }
57a26946 1955 }
fec88f64
RH		 1956 qemu_log("\n");
1957 qemu_log_flush();
fc59d2d8 1958 qemu_log_unlock(logfile);
fec88f64
RH		 1959 }
1960#endif
1961
d73415a3 1962 qatomic_set(&tcg_ctx->code_gen_ptr, (void *)
fca8a500 1963 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
e8feb96f 1964 CODE_GEN_ALIGN));
5b6dd868 1965
901bc3de 1966 /* init jump list */
194125e3
EC		 1967 qemu_spin_init(&tb->jmp_lock);
1968 tb->jmp_list_head = (uintptr_t)NULL;
901bc3de
SF		 1969 tb->jmp_list_next[0] = (uintptr_t)NULL;
1970 tb->jmp_list_next[1] = (uintptr_t)NULL;
194125e3
EC		 1971 tb->jmp_dest[0] = (uintptr_t)NULL;
1972 tb->jmp_dest[1] = (uintptr_t)NULL;
901bc3de 1973
696c7066 1974 /* init original jump addresses which have been set during tcg_gen_code() */
901bc3de
SF		 1975 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
1976 tb_reset_jump(tb, 0);
1977 }
1978 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
1979 tb_reset_jump(tb, 1);
1980 }
1981
5b6dd868
BS		 1982 /* check next page if needed */
1983 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1984 phys_page2 = -1;
1985 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1986 phys_page2 = get_page_addr_code(env, virt_page2);
1987 }
0ac20318
EC		 1988 /*
1989 * No explicit memory barrier is required -- tb_link_page() makes the
1990 * TB visible in a consistent state.
901bc3de 1991 */
95590e24
EC		 1992 existing_tb = tb_link_page(tb, phys_pc, phys_page2);
1993 /* if the TB already exists, discard what we just translated */
1994 if (unlikely(existing_tb != tb)) {
1995 uintptr_t orig_aligned = (uintptr_t)gen_code_buf;
1996
1997 orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
d73415a3 1998 qatomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
938e897a 1999 tb_destroy(tb);
95590e24
EC		 2000 return existing_tb;
2001 }
be2cdc5e 2002 tcg_tb_insert(tb);
5b6dd868
BS		 2003 return tb;
2004}
2005
5b6dd868 2006/*
0b5c91f7 2007 * @p must be non-NULL.
0ac20318
EC		 2008 * user-mode: call with mmap_lock held.
2009 * !user-mode: call with all @pages locked.
5b6dd868 2010 */
0b5c91f7
EC		 2011static void
2012tb_invalidate_phys_page_range__locked(struct page_collection *pages,
2013 PageDesc *p, tb_page_addr_t start,
2014 tb_page_addr_t end,
5a7c27bb 2015 uintptr_t retaddr)
5b6dd868 2016{
1e05197f 2017 TranslationBlock *tb;
5b6dd868 2018 tb_page_addr_t tb_start, tb_end;
5b6dd868
BS		 2019 int n;
2020#ifdef TARGET_HAS_PRECISE_SMC
9b990ee5
RH		 2021 CPUState *cpu = current_cpu;
2022 CPUArchState *env = NULL;
5a7c27bb
RH		 2023 bool current_tb_not_found = retaddr != 0;
2024 bool current_tb_modified = false;
5b6dd868 2025 TranslationBlock *current_tb = NULL;
5b6dd868
BS		 2026 target_ulong current_pc = 0;
2027 target_ulong current_cs_base = 0;
89fee74a 2028 uint32_t current_flags = 0;
5b6dd868
BS		 2029#endif /* TARGET_HAS_PRECISE_SMC */
2030
6d9abf85 2031 assert_page_locked(p);
e505a063 2032
baea4fae 2033#if defined(TARGET_HAS_PRECISE_SMC)
4917cf44
AF		 2034 if (cpu != NULL) {
2035 env = cpu->env_ptr;
d77953b9 2036 }
4917cf44 2037#endif
5b6dd868
BS		 2038
2039 /* we remove all the TBs in the range [start, end[ */
2040 /* XXX: see if in some cases it could be faster to invalidate all
2041 the code */
1e05197f 2042 PAGE_FOR_EACH_TB(p, tb, n) {
6d9abf85 2043 assert_page_locked(p);
5b6dd868
BS		 2044 /* NOTE: this is subtle as a TB may span two physical pages */
2045 if (n == 0) {
2046 /* NOTE: tb_end may be after the end of the page, but
2047 it is not a problem */
2048 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
2049 tb_end = tb_start + tb->size;
2050 } else {
2051 tb_start = tb->page_addr[1];
2052 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
2053 }
2054 if (!(tb_end <= start || tb_start >= end)) {
2055#ifdef TARGET_HAS_PRECISE_SMC
2056 if (current_tb_not_found) {
5a7c27bb
RH		 2057 current_tb_not_found = false;
2058 /* now we have a real cpu fault */
2059 current_tb = tcg_tb_lookup(retaddr);
5b6dd868
BS		 2060 }
2061 if (current_tb == tb &&
194125e3 2062 (tb_cflags(current_tb) & CF_COUNT_MASK) != 1) {
5a7c27bb
RH		 2063 /*
2064 * If we are modifying the current TB, we must stop
2065 * its execution. We could be more precise by checking
2066 * that the modification is after the current PC, but it
2067 * would require a specialized function to partially
2068 * restore the CPU state.
2069 */
2070 current_tb_modified = true;
2071 cpu_restore_state_from_tb(cpu, current_tb, retaddr, true);
5b6dd868
BS		 2072 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
2073 &current_flags);
2074 }
2075#endif /* TARGET_HAS_PRECISE_SMC */
0b5c91f7 2076 tb_phys_invalidate__locked(tb);
5b6dd868 2077 }
5b6dd868
BS		 2078 }
2079#if !defined(CONFIG_USER_ONLY)
2080 /* if no code remaining, no need to continue to use slow writes */
2081 if (!p->first_tb) {
2082 invalidate_page_bitmap(p);
fc377bcf 2083 tlb_unprotect_code(start);
5b6dd868
BS		 2084 }
2085#endif
2086#ifdef TARGET_HAS_PRECISE_SMC
2087 if (current_tb_modified) {
0b5c91f7 2088 page_collection_unlock(pages);
9b990ee5
RH		 2089 /* Force execution of one insn next time. */
2090 cpu->cflags_next_tb = 1 | curr_cflags();
0ac20318 2091 mmap_unlock();
6886b980 2092 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 2093 }
2094#endif
2095}
2096
0b5c91f7
EC		 2097/*
2098 * Invalidate all TBs which intersect with the target physical address range
2099 * [start;end[. NOTE: start and end must refer to the *same* physical page.
2100 * 'is_cpu_write_access' should be true if called from a real cpu write
2101 * access: the virtual CPU will exit the current TB if code is modified inside
2102 * this TB.
2103 *
0ac20318 2104 * Called with mmap_lock held for user-mode emulation
0b5c91f7 2105 */
ce9f5e27 2106void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end)
0b5c91f7
EC		 2107{
2108 struct page_collection *pages;
2109 PageDesc *p;
2110
2111 assert_memory_lock();
0b5c91f7
EC		 2112
2113 p = page_find(start >> TARGET_PAGE_BITS);
2114 if (p == NULL) {
2115 return;
2116 }
2117 pages = page_collection_lock(start, end);
ce9f5e27 2118 tb_invalidate_phys_page_range__locked(pages, p, start, end, 0);
0b5c91f7
EC		 2119 page_collection_unlock(pages);
2120}
2121
45c73de5
EC		 2122/*
2123 * Invalidate all TBs which intersect with the target physical address range
2124 * [start;end[. NOTE: start and end may refer to *different* physical pages.
2125 * 'is_cpu_write_access' should be true if called from a real cpu write
2126 * access: the virtual CPU will exit the current TB if code is modified inside
2127 * this TB.
2128 *
0ac20318 2129 * Called with mmap_lock held for user-mode emulation.
45c73de5 2130 */
8bca9a03
PB		 2131#ifdef CONFIG_SOFTMMU
2132void tb_invalidate_phys_range(ram_addr_t start, ram_addr_t end)
2133#else
2134void tb_invalidate_phys_range(target_ulong start, target_ulong end)
2135#endif
45c73de5 2136{
0b5c91f7 2137 struct page_collection *pages;
45c73de5
EC		 2138 tb_page_addr_t next;
2139
0ac20318
EC		 2140 assert_memory_lock();
2141
0b5c91f7 2142 pages = page_collection_lock(start, end);
45c73de5
EC		 2143 for (next = (start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
2144 start < end;
2145 start = next, next += TARGET_PAGE_SIZE) {
0b5c91f7 2146 PageDesc *pd = page_find(start >> TARGET_PAGE_BITS);
45c73de5
EC		 2147 tb_page_addr_t bound = MIN(next, end);
2148
0b5c91f7
EC		 2149 if (pd == NULL) {
2150 continue;
2151 }
2152 tb_invalidate_phys_page_range__locked(pages, pd, start, bound, 0);
45c73de5 2153 }
0b5c91f7 2154 page_collection_unlock(pages);
45c73de5
EC		 2155}
2156
6fad459c 2157#ifdef CONFIG_SOFTMMU
ba051fb5
AB		 2158/* len must be <= 8 and start must be a multiple of len.
2159 * Called via softmmu_template.h when code areas are written to with
8d04fb55 2160 * iothread mutex not held.
0ac20318
EC		 2161 *
2162 * Call with all @pages in the range [@start, @start + len[ locked.
ba051fb5 2163 */
0ac20318 2164void tb_invalidate_phys_page_fast(struct page_collection *pages,
5a7c27bb
RH		 2165 tb_page_addr_t start, int len,
2166 uintptr_t retaddr)
5b6dd868
BS		 2167{
2168 PageDesc *p;
5b6dd868 2169
ba051fb5
AB		 2170 assert_memory_lock();
2171
5b6dd868
BS		 2172 p = page_find(start >> TARGET_PAGE_BITS);
2173 if (!p) {
2174 return;
2175 }
0b5c91f7 2176
6d9abf85 2177 assert_page_locked(p);
fc377bcf
PB		 2178 if (!p->code_bitmap &&
2179 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
fc377bcf
PB		 2180 build_page_bitmap(p);
2181 }
5b6dd868 2182 if (p->code_bitmap) {
510a647f
EC		 2183 unsigned int nr;
2184 unsigned long b;
2185
2186 nr = start & ~TARGET_PAGE_MASK;
2187 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
5b6dd868
BS		 2188 if (b & ((1 << len) - 1)) {
2189 goto do_invalidate;
2190 }
2191 } else {
2192 do_invalidate:
5a7c27bb
RH		 2193 tb_invalidate_phys_page_range__locked(pages, p, start, start + len,
2194 retaddr);
5b6dd868
BS		 2195 }
2196}
6fad459c 2197#else
75809229
PM		 2198/* Called with mmap_lock held. If pc is not 0 then it indicates the
2199 * host PC of the faulting store instruction that caused this invalidate.
2200 * Returns true if the caller needs to abort execution of the current
2201 * TB (because it was modified by this store and the guest CPU has
2202 * precise-SMC semantics).
2203 */
2204static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
5b6dd868
BS		 2205{
2206 TranslationBlock *tb;
2207 PageDesc *p;
2208 int n;
2209#ifdef TARGET_HAS_PRECISE_SMC
2210 TranslationBlock *current_tb = NULL;
4917cf44
AF		 2211 CPUState *cpu = current_cpu;
2212 CPUArchState *env = NULL;
5b6dd868
BS		 2213 int current_tb_modified = 0;
2214 target_ulong current_pc = 0;
2215 target_ulong current_cs_base = 0;
89fee74a 2216 uint32_t current_flags = 0;
5b6dd868
BS		 2217#endif
2218
ba051fb5
AB		 2219 assert_memory_lock();
2220
5b6dd868
BS		 2221 addr &= TARGET_PAGE_MASK;
2222 p = page_find(addr >> TARGET_PAGE_BITS);
2223 if (!p) {
75809229 2224 return false;
5b6dd868 2225 }
a5e99826 2226
5b6dd868 2227#ifdef TARGET_HAS_PRECISE_SMC
1e05197f 2228 if (p->first_tb && pc != 0) {
be2cdc5e 2229 current_tb = tcg_tb_lookup(pc);
5b6dd868 2230 }
4917cf44
AF		 2231 if (cpu != NULL) {
2232 env = cpu->env_ptr;
d77953b9 2233 }
5b6dd868 2234#endif
6d9abf85 2235 assert_page_locked(p);
1e05197f 2236 PAGE_FOR_EACH_TB(p, tb, n) {
5b6dd868
BS		 2237#ifdef TARGET_HAS_PRECISE_SMC
2238 if (current_tb == tb &&
194125e3 2239 (tb_cflags(current_tb) & CF_COUNT_MASK) != 1) {
5b6dd868
BS		 2240 /* If we are modifying the current TB, we must stop
2241 its execution. We could be more precise by checking
2242 that the modification is after the current PC, but it
2243 would require a specialized function to partially
2244 restore the CPU state */
2245
2246 current_tb_modified = 1;
afd46fca 2247 cpu_restore_state_from_tb(cpu, current_tb, pc, true);
5b6dd868
BS		 2248 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
2249 &current_flags);
2250 }
2251#endif /* TARGET_HAS_PRECISE_SMC */
2252 tb_phys_invalidate(tb, addr);
5b6dd868 2253 }
1e05197f 2254 p->first_tb = (uintptr_t)NULL;
5b6dd868
BS		 2255#ifdef TARGET_HAS_PRECISE_SMC
2256 if (current_tb_modified) {
9b990ee5
RH		 2257 /* Force execution of one insn next time. */
2258 cpu->cflags_next_tb = 1 | curr_cflags();
75809229 2259 return true;
5b6dd868
BS		 2260 }
2261#endif
a5e99826 2262
75809229 2263 return false;
5b6dd868
BS		 2264}
2265#endif
2266
0ac20318 2267/* user-mode: call with mmap_lock held */
ae57db63 2268void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr)
5b6dd868
BS		 2269{
2270 TranslationBlock *tb;
2271
0ac20318
EC		 2272 assert_memory_lock();
2273
ae57db63 2274 tb = tcg_tb_lookup(retaddr);
8d302e76
AJ		 2275 if (tb) {
2276 /* We can use retranslation to find the PC. */
ae57db63 2277 cpu_restore_state_from_tb(cpu, tb, retaddr, true);
8d302e76
AJ		 2278 tb_phys_invalidate(tb, -1);
2279 } else {
2280 /* The exception probably happened in a helper. The CPU state should
2281 have been saved before calling it. Fetch the PC from there. */
2282 CPUArchState *env = cpu->env_ptr;
2283 target_ulong pc, cs_base;
2284 tb_page_addr_t addr;
89fee74a 2285 uint32_t flags;
8d302e76
AJ		 2286
2287 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
2288 addr = get_page_addr_code(env, pc);
c360a0fd
PM		 2289 if (addr != -1) {
2290 tb_invalidate_phys_range(addr, addr + 1);
2291 }
5b6dd868 2292 }
5b6dd868
BS		 2293}
2294
2295#ifndef CONFIG_USER_ONLY
5b6dd868 2296/* in deterministic execution mode, instructions doing device I/Os
8d04fb55
JK		 2297 * must be at the end of the TB.
2298 *
2299 * Called by softmmu_template.h, with iothread mutex not held.
2300 */
90b40a69 2301void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
5b6dd868 2302{
a47dddd7 2303#if defined(TARGET_MIPS) || defined(TARGET_SH4)
90b40a69 2304 CPUArchState *env = cpu->env_ptr;
a47dddd7 2305#endif
5b6dd868 2306 TranslationBlock *tb;
87f963be 2307 uint32_t n;
5b6dd868 2308
be2cdc5e 2309 tb = tcg_tb_lookup(retaddr);
5b6dd868 2310 if (!tb) {
a47dddd7 2311 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
5b6dd868
BS		 2312 (void *)retaddr);
2313 }
afd46fca 2314 cpu_restore_state_from_tb(cpu, tb, retaddr, true);
87f963be 2315
5b6dd868
BS		 2316 /* On MIPS and SH, delay slot instructions can only be restarted if
2317 they were already the first instruction in the TB. If this is not
2318 the first instruction in a TB then re-execute the preceding
2319 branch. */
87f963be 2320 n = 1;
5b6dd868 2321#if defined(TARGET_MIPS)
87f963be
RH		 2322 if ((env->hflags & MIPS_HFLAG_BMASK) != 0
2323 && env->active_tc.PC != tb->pc) {
c3577479 2324 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
5e140196 2325 cpu_neg(cpu)->icount_decr.u16.low++;
5b6dd868 2326 env->hflags &= ~MIPS_HFLAG_BMASK;
87f963be 2327 n = 2;
5b6dd868
BS		 2328 }
2329#elif defined(TARGET_SH4)
2330 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
87f963be 2331 && env->pc != tb->pc) {
5b6dd868 2332 env->pc -= 2;
5e140196 2333 cpu_neg(cpu)->icount_decr.u16.low++;
5b6dd868 2334 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
87f963be 2335 n = 2;
5b6dd868
BS		 2336 }
2337#endif
5b6dd868 2338
87f963be
RH		 2339 /* Generate a new TB executing the I/O insn. */
2340 cpu->cflags_next_tb = curr_cflags() | CF_LAST_IO | n;
9b990ee5 2341
194125e3 2342 if (tb_cflags(tb) & CF_NOCACHE) {
02d57ea1
SF		 2343 if (tb->orig_tb) {
2344 /* Invalidate original TB if this TB was generated in
2345 * cpu_exec_nocache() */
2346 tb_phys_invalidate(tb->orig_tb, -1);
2347 }
be2cdc5e 2348 tcg_tb_remove(tb);
938e897a 2349 tb_destroy(tb);
02d57ea1 2350 }
a5e99826 2351
1d705e8a
PM		 2352 qemu_log_mask_and_addr(CPU_LOG_EXEC, tb->pc,
2353 "cpu_io_recompile: rewound execution of TB to "
2354 TARGET_FMT_lx "\n", tb->pc);
2355
5b6dd868 2356 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
a5e99826
FK		 2357 * the first in the TB) then we end up generating a whole new TB and
2358 * repeating the fault, which is horribly inefficient.
2359 * Better would be to execute just this insn uncached, or generate a
2360 * second new TB.
a5e99826 2361 */
6886b980 2362 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 2363}
2364
f3ced3c5 2365static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
5b6dd868 2366{
f3ced3c5 2367 unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
5b6dd868 2368
f3ced3c5 2369 for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
d73415a3 2370 qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
f3ced3c5
EC		 2371 }
2372}
2373
2374void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
2375{
5b6dd868
BS		 2376 /* Discard jump cache entries for any tb which might potentially
2377 overlap the flushed page. */
f3ced3c5
EC		 2378 tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
2379 tb_jmp_cache_clear_page(cpu, addr);
5b6dd868
BS		 2380}
2381
3de2faa9 2382static void print_qht_statistics(struct qht_stats hst)
7266ae91
EC		 2383{
2384 uint32_t hgram_opts;
2385 size_t hgram_bins;
2386 char *hgram;
2387
2388 if (!hst.head_buckets) {
2389 return;
2390 }
3de2faa9 2391 qemu_printf("TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
7266ae91
EC		 2392 hst.used_head_buckets, hst.head_buckets,
2393 (double)hst.used_head_buckets / hst.head_buckets * 100);
2394
2395 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
2396 hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT;
2397 if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) {
2398 hgram_opts |= QDIST_PR_NODECIMAL;
2399 }
2400 hgram = qdist_pr(&hst.occupancy, 10, hgram_opts);
3de2faa9 2401 qemu_printf("TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n",
7266ae91
EC		 2402 qdist_avg(&hst.occupancy) * 100, hgram);
2403 g_free(hgram);
2404
2405 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
2406 hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain);
2407 if (hgram_bins > 10) {
2408 hgram_bins = 10;
2409 } else {
2410 hgram_bins = 0;
2411 hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE;
2412 }
2413 hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts);
3de2faa9 2414 qemu_printf("TB hash avg chain %0.3f buckets. Histogram: %s\n",
7266ae91
EC		 2415 qdist_avg(&hst.chain), hgram);
2416 g_free(hgram);
2417}
2418
2ac01d6d 2419struct tb_tree_stats {
be2cdc5e 2420 size_t nb_tbs;
f19c6cc6 2421 size_t host_size;
2ac01d6d
EC		 2422 size_t target_size;
2423 size_t max_target_size;
2424 size_t direct_jmp_count;
2425 size_t direct_jmp2_count;
2426 size_t cross_page;
2427};
2428
2429static gboolean tb_tree_stats_iter(gpointer key, gpointer value, gpointer data)
2430{
2431 const TranslationBlock *tb = value;
2432 struct tb_tree_stats *tst = data;
2433
be2cdc5e 2434 tst->nb_tbs++;
f19c6cc6 2435 tst->host_size += tb->tc.size;
2ac01d6d
EC		 2436 tst->target_size += tb->size;
2437 if (tb->size > tst->max_target_size) {
2438 tst->max_target_size = tb->size;
2439 }
2440 if (tb->page_addr[1] != -1) {
2441 tst->cross_page++;
2442 }
2443 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
2444 tst->direct_jmp_count++;
2445 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
2446 tst->direct_jmp2_count++;
2447 }
2448 }
2449 return false;
2450}
2451
3de2faa9 2452void dump_exec_info(void)
5b6dd868 2453{
2ac01d6d 2454 struct tb_tree_stats tst = {};
329844d4 2455 struct qht_stats hst;
e09de0a2 2456 size_t nb_tbs, flush_full, flush_part, flush_elide;
5b6dd868 2457
be2cdc5e
EC		 2458 tcg_tb_foreach(tb_tree_stats_iter, &tst);
2459 nb_tbs = tst.nb_tbs;
5b6dd868 2460 /* XXX: avoid using doubles ? */
3de2faa9 2461 qemu_printf("Translation buffer state:\n");
f19c6cc6
EC		 2462 /*
2463 * Report total code size including the padding and TB structs;
e76f68d3 2464 * otherwise users might think "-accel tcg,tb-size" is not honoured.
f19c6cc6
EC		 2465 * For avg host size we use the precise numbers from tb_tree_stats though.
2466 */
3de2faa9 2467 qemu_printf("gen code size %zu/%zu\n",
e8feb96f 2468 tcg_code_size(), tcg_code_capacity());
3de2faa9
MA		 2469 qemu_printf("TB count %zu\n", nb_tbs);
2470 qemu_printf("TB avg target size %zu max=%zu bytes\n",
2ac01d6d
EC		 2471 nb_tbs ? tst.target_size / nb_tbs : 0,
2472 tst.max_target_size);
3de2faa9 2473 qemu_printf("TB avg host size %zu bytes (expansion ratio: %0.1f)\n",
f19c6cc6
EC		 2474 nb_tbs ? tst.host_size / nb_tbs : 0,
2475 tst.target_size ? (double)tst.host_size / tst.target_size : 0);
3de2faa9
MA		 2476 qemu_printf("cross page TB count %zu (%zu%%)\n", tst.cross_page,
2477 nb_tbs ? (tst.cross_page * 100) / nb_tbs : 0);
2478 qemu_printf("direct jump count %zu (%zu%%) (2 jumps=%zu %zu%%)\n",
2ac01d6d
EC		 2479 tst.direct_jmp_count,
2480 nb_tbs ? (tst.direct_jmp_count * 100) / nb_tbs : 0,
2481 tst.direct_jmp2_count,
2482 nb_tbs ? (tst.direct_jmp2_count * 100) / nb_tbs : 0);
329844d4 2483
44ded3d0 2484 qht_statistics_init(&tb_ctx.htable, &hst);
3de2faa9 2485 print_qht_statistics(hst);
329844d4
EC		 2486 qht_statistics_destroy(&hst);
2487
3de2faa9
MA		 2488 qemu_printf("\nStatistics:\n");
2489 qemu_printf("TB flush count %u\n",
d73415a3 2490 qatomic_read(&tb_ctx.tb_flush_count));
3de2faa9
MA		 2491 qemu_printf("TB invalidate count %zu\n",
2492 tcg_tb_phys_invalidate_count());
e09de0a2
RH		 2493
2494 tlb_flush_counts(&flush_full, &flush_part, &flush_elide);
3de2faa9
MA		 2495 qemu_printf("TLB full flushes %zu\n", flush_full);
2496 qemu_printf("TLB partial flushes %zu\n", flush_part);
2497 qemu_printf("TLB elided flushes %zu\n", flush_elide);
2498 tcg_dump_info();
5b6dd868
BS		 2499}
2500
d4c51a0a 2501void dump_opcount_info(void)
246ae24d 2502{
d4c51a0a 2503 tcg_dump_op_count();
246ae24d
MF		 2504}
2505
5b6dd868
BS		 2506#else /* CONFIG_USER_ONLY */
2507
c3affe56 2508void cpu_interrupt(CPUState *cpu, int mask)
5b6dd868 2509{
8d04fb55 2510 g_assert(qemu_mutex_iothread_locked());
259186a7 2511 cpu->interrupt_request |= mask;
d73415a3 2512 qatomic_set(&cpu_neg(cpu)->icount_decr.u16.high, -1);
5b6dd868
BS		 2513}
2514
2515/*
2516 * Walks guest process memory "regions" one by one
2517 * and calls callback function 'fn' for each region.
2518 */
2519struct walk_memory_regions_data {
2520 walk_memory_regions_fn fn;
2521 void *priv;
1a1c4db9 2522 target_ulong start;
5b6dd868
BS		 2523 int prot;
2524};
2525
2526static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1a1c4db9 2527 target_ulong end, int new_prot)
5b6dd868 2528{
1a1c4db9 2529 if (data->start != -1u) {
5b6dd868
BS		 2530 int rc = data->fn(data->priv, data->start, end, data->prot);
2531 if (rc != 0) {
2532 return rc;
2533 }
2534 }
2535
1a1c4db9 2536 data->start = (new_prot ? end : -1u);
5b6dd868
BS		 2537 data->prot = new_prot;
2538
2539 return 0;
2540}
2541
2542static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1a1c4db9 2543 target_ulong base, int level, void **lp)
5b6dd868 2544{
1a1c4db9 2545 target_ulong pa;
5b6dd868
BS		 2546 int i, rc;
2547
2548 if (*lp == NULL) {
2549 return walk_memory_regions_end(data, base, 0);
2550 }
2551
2552 if (level == 0) {
2553 PageDesc *pd = *lp;
2554
03f49957 2555 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 2556 int prot = pd[i].flags;
2557
2558 pa = base | (i << TARGET_PAGE_BITS);
2559 if (prot != data->prot) {
2560 rc = walk_memory_regions_end(data, pa, prot);
2561 if (rc != 0) {
2562 return rc;
2563 }
2564 }
2565 }
2566 } else {
2567 void **pp = *lp;
2568
03f49957 2569 for (i = 0; i < V_L2_SIZE; ++i) {
1a1c4db9 2570 pa = base | ((target_ulong)i <<
03f49957 2571 (TARGET_PAGE_BITS + V_L2_BITS * level));
5b6dd868
BS		 2572 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2573 if (rc != 0) {
2574 return rc;
2575 }
2576 }
2577 }
2578
2579 return 0;
2580}
2581
2582int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2583{
2584 struct walk_memory_regions_data data;
66ec9f49 2585 uintptr_t i, l1_sz = v_l1_size;
5b6dd868
BS		 2586
2587 data.fn = fn;
2588 data.priv = priv;
1a1c4db9 2589 data.start = -1u;
5b6dd868
BS		 2590 data.prot = 0;
2591
66ec9f49
VK		 2592 for (i = 0; i < l1_sz; i++) {
2593 target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS);
2594 int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i);
5b6dd868
BS		 2595 if (rc != 0) {
2596 return rc;
2597 }
2598 }
2599
2600 return walk_memory_regions_end(&data, 0, 0);
2601}
2602
1a1c4db9
MI		 2603static int dump_region(void *priv, target_ulong start,
2604 target_ulong end, unsigned long prot)
5b6dd868
BS		 2605{
2606 FILE *f = (FILE *)priv;
2607
1a1c4db9
MI		 2608 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
2609 " "TARGET_FMT_lx" %c%c%c\n",
5b6dd868
BS		 2610 start, end, end - start,
2611 ((prot & PAGE_READ) ? 'r' : '-'),
2612 ((prot & PAGE_WRITE) ? 'w' : '-'),
2613 ((prot & PAGE_EXEC) ? 'x' : '-'));
2614
2615 return 0;
2616}
2617
2618/* dump memory mappings */
2619void page_dump(FILE *f)
2620{
1a1c4db9 2621 const int length = sizeof(target_ulong) * 2;
227b8175
SW		 2622 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
2623 length, "start", length, "end", length, "size", "prot");
5b6dd868
BS		 2624 walk_memory_regions(f, dump_region);
2625}
2626
2627int page_get_flags(target_ulong address)
2628{
2629 PageDesc *p;
2630
2631 p = page_find(address >> TARGET_PAGE_BITS);
2632 if (!p) {
2633 return 0;
2634 }
2635 return p->flags;
2636}
2637
2638/* Modify the flags of a page and invalidate the code if necessary.
2639 The flag PAGE_WRITE_ORG is positioned automatically depending
2640 on PAGE_WRITE. The mmap_lock should already be held. */
2641void page_set_flags(target_ulong start, target_ulong end, int flags)
2642{
2643 target_ulong addr, len;
2644
2645 /* This function should never be called with addresses outside the
2646 guest address space. If this assert fires, it probably indicates
2647 a missing call to h2g_valid. */
7d8cbbab 2648 assert(end - 1 <= GUEST_ADDR_MAX);
5b6dd868 2649 assert(start < end);
e505a063 2650 assert_memory_lock();
5b6dd868
BS		 2651
2652 start = start & TARGET_PAGE_MASK;
2653 end = TARGET_PAGE_ALIGN(end);
2654
2655 if (flags & PAGE_WRITE) {
2656 flags |= PAGE_WRITE_ORG;
2657 }
2658
2659 for (addr = start, len = end - start;
2660 len != 0;
2661 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2662 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2663
2664 /* If the write protection bit is set, then we invalidate
2665 the code inside. */
2666 if (!(p->flags & PAGE_WRITE) &&
2667 (flags & PAGE_WRITE) &&
2668 p->first_tb) {
75809229 2669 tb_invalidate_phys_page(addr, 0);
5b6dd868
BS		 2670 }
2671 p->flags = flags;
2672 }
2673}
2674
2675int page_check_range(target_ulong start, target_ulong len, int flags)
2676{
2677 PageDesc *p;
2678 target_ulong end;
2679 target_ulong addr;
2680
2681 /* This function should never be called with addresses outside the
2682 guest address space. If this assert fires, it probably indicates
2683 a missing call to h2g_valid. */
f9919116
EB		 2684 if (TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS) {
2685 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2686 }
5b6dd868
BS		 2687
2688 if (len == 0) {
2689 return 0;
2690 }
2691 if (start + len - 1 < start) {
2692 /* We've wrapped around. */
2693 return -1;
2694 }
2695
2696 /* must do before we loose bits in the next step */
2697 end = TARGET_PAGE_ALIGN(start + len);
2698 start = start & TARGET_PAGE_MASK;
2699
2700 for (addr = start, len = end - start;
2701 len != 0;
2702 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2703 p = page_find(addr >> TARGET_PAGE_BITS);
2704 if (!p) {
2705 return -1;
2706 }
2707 if (!(p->flags & PAGE_VALID)) {
2708 return -1;
2709 }
2710
2711 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
2712 return -1;
2713 }
2714 if (flags & PAGE_WRITE) {
2715 if (!(p->flags & PAGE_WRITE_ORG)) {
2716 return -1;
2717 }
2718 /* unprotect the page if it was put read-only because it
2719 contains translated code */
2720 if (!(p->flags & PAGE_WRITE)) {
f213e72f 2721 if (!page_unprotect(addr, 0)) {
5b6dd868
BS		 2722 return -1;
2723 }
2724 }
5b6dd868
BS		 2725 }
2726 }
2727 return 0;
2728}
2729
2730/* called from signal handler: invalidate the code and unprotect the
f213e72f
PM		 2731 * page. Return 0 if the fault was not handled, 1 if it was handled,
2732 * and 2 if it was handled but the caller must cause the TB to be
2733 * immediately exited. (We can only return 2 if the 'pc' argument is
2734 * non-zero.)
2735 */
2736int page_unprotect(target_ulong address, uintptr_t pc)
5b6dd868
BS		 2737{
2738 unsigned int prot;
7399a337 2739 bool current_tb_invalidated;
5b6dd868
BS		 2740 PageDesc *p;
2741 target_ulong host_start, host_end, addr;
2742
2743 /* Technically this isn't safe inside a signal handler. However we
2744 know this only ever happens in a synchronous SEGV handler, so in
2745 practice it seems to be ok. */
2746 mmap_lock();
2747
2748 p = page_find(address >> TARGET_PAGE_BITS);
2749 if (!p) {
2750 mmap_unlock();
2751 return 0;
2752 }
2753
2754 /* if the page was really writable, then we change its
2755 protection back to writable */
9c4bbee9 2756 if (p->flags & PAGE_WRITE_ORG) {
7399a337 2757 current_tb_invalidated = false;
9c4bbee9
PM		 2758 if (p->flags & PAGE_WRITE) {
2759 /* If the page is actually marked WRITE then assume this is because
2760 * this thread raced with another one which got here first and
2761 * set the page to PAGE_WRITE and did the TB invalidate for us.
2762 */
2763#ifdef TARGET_HAS_PRECISE_SMC
be2cdc5e 2764 TranslationBlock *current_tb = tcg_tb_lookup(pc);
9c4bbee9
PM		 2765 if (current_tb) {
2766 current_tb_invalidated = tb_cflags(current_tb) & CF_INVALID;
6eb062ab 2767 }
5b6dd868 2768#endif
9c4bbee9
PM		 2769 } else {
2770 host_start = address & qemu_host_page_mask;
2771 host_end = host_start + qemu_host_page_size;
2772
2773 prot = 0;
2774 for (addr = host_start; addr < host_end; addr += TARGET_PAGE_SIZE) {
2775 p = page_find(addr >> TARGET_PAGE_BITS);
2776 p->flags |= PAGE_WRITE;
2777 prot |= p->flags;
2778
2779 /* and since the content will be modified, we must invalidate
2780 the corresponding translated code. */
2781 current_tb_invalidated |= tb_invalidate_phys_page(addr, pc);
2782#ifdef CONFIG_USER_ONLY
2783 if (DEBUG_TB_CHECK_GATE) {
2784 tb_invalidate_check(addr);
2785 }
2786#endif
2787 }
2788 mprotect((void *)g2h(host_start), qemu_host_page_size,
2789 prot & PAGE_BITS);
5b6dd868 2790 }
5b6dd868 2791 mmap_unlock();
7399a337
SS		 2792 /* If current TB was invalidated return to main loop */
2793 return current_tb_invalidated ? 2 : 1;
5b6dd868
BS		 2794 }
2795 mmap_unlock();
2796 return 0;
2797}
2798#endif /* CONFIG_USER_ONLY */
2cd53943
TH		 2799
2800/* This is a wrapper for common code that can not use CONFIG_SOFTMMU */
2801void tcg_flush_softmmu_tlb(CPUState *cs)
2802{
2803#ifdef CONFIG_SOFTMMU
2804 tlb_flush(cs);
2805#endif
2806}
Empty description
This page took 1.557575 seconds and 4 git commands to generate.