]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
blockdev: Implement change with basic operations
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
67d95c15 57
b35ba30f 58#include "qemu/range.h"
794e8f30
MT		 59#ifndef _WIN32
60#include "qemu/mmap-alloc.h"
61#endif
b35ba30f 62
db7b5426 63//#define DEBUG_SUBPAGE
1196be37 64
e2eef170 65#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 66/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
0d53d9fe 69RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 70
71static MemoryRegion *system_memory;
309cb471 72static MemoryRegion *system_io;
62152b8a 73
f6790af6
AK		 74AddressSpace address_space_io;
75AddressSpace address_space_memory;
2673a5da 76
0844e007 77MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 78static MemoryRegion io_mem_unassigned;
0e0df1e2 79
7bd4f430
PB		 80/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81#define RAM_PREALLOC (1 << 0)
82
dbcb8981
PB		 83/* RAM is mmap-ed with MAP_SHARED */
84#define RAM_SHARED (1 << 1)
85
62be4e3a
MT		 86/* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89#define RAM_RESIZEABLE (1 << 2)
90
794e8f30 91/* RAM is backed by an mmapped file.
8561c924 92 */
794e8f30 93#define RAM_FILE (1 << 3)
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
97115a8d 314static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 315 Node *nodes, MemoryRegionSection *sections)
92e873b9 316{
31ab2b4a 317 PhysPageEntry *p;
97115a8d 318 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 319 int i;
f1f6e3b8 320
9736e55b 321 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 322 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 323 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 324 }
9affd6fc 325 p = nodes[lp.ptr];
03f49957 326 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 327 }
b35ba30f
MT		 328
329 if (sections[lp.ptr].size.hi ||
330 range_covers_byte(sections[lp.ptr].offset_within_address_space,
331 sections[lp.ptr].size.lo, addr)) {
332 return &sections[lp.ptr];
333 } else {
334 return &sections[PHYS_SECTION_UNASSIGNED];
335 }
f3705d53
AK		 336}
337
e5548617
BS		 338bool memory_region_is_unassigned(MemoryRegion *mr)
339{
2a8e7499 340 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 341 && mr != &io_mem_watch;
fd6ce8f6 342}
149f54b5 343
79e2b9ae 344/* Called from RCU critical section */
c7086b4a 345static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 346 hwaddr addr,
347 bool resolve_subpage)
9f029603 348{
90260c6c
JK		 349 MemoryRegionSection *section;
350 subpage_t *subpage;
351
53cb28cb 352 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 353 if (resolve_subpage && section->mr->subpage) {
354 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 355 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 356 }
357 return section;
9f029603
JK		 358}
359
79e2b9ae 360/* Called from RCU critical section */
90260c6c 361static MemoryRegionSection *
c7086b4a 362address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 363 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 364{
365 MemoryRegionSection *section;
965eb2fc 366 MemoryRegion *mr;
a87f3954 367 Int128 diff;
149f54b5 368
c7086b4a 369 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 370 /* Compute offset within MemoryRegionSection */
371 addr -= section->offset_within_address_space;
372
373 /* Compute offset within MemoryRegion */
374 *xlat = addr + section->offset_within_region;
375
965eb2fc 376 mr = section->mr;
b242e0e0
PB		 377
378 /* MMIO registers can be expected to perform full-width accesses based only
379 * on their address, without considering adjacent registers that could
380 * decode to completely different MemoryRegions. When such registers
381 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
382 * regions overlap wildly. For this reason we cannot clamp the accesses
383 * here.
384 *
385 * If the length is small (as is the case for address_space_ldl/stl),
386 * everything works fine. If the incoming length is large, however,
387 * the caller really has to do the clamping through memory_access_size.
388 */
965eb2fc 389 if (memory_region_is_ram(mr)) {
e4a511f8 390 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 391 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
392 }
149f54b5
PB		 393 return section;
394}
90260c6c 395
a87f3954
PB		 396static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
397{
398 if (memory_region_is_ram(mr)) {
399 return !(is_write && mr->readonly);
400 }
401 if (memory_region_is_romd(mr)) {
402 return !is_write;
403 }
404
405 return false;
406}
407
41063e1e 408/* Called from RCU critical section */
5c8a00ce
PB		 409MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
410 hwaddr *xlat, hwaddr *plen,
411 bool is_write)
90260c6c 412{
30951157
AK		 413 IOMMUTLBEntry iotlb;
414 MemoryRegionSection *section;
415 MemoryRegion *mr;
30951157
AK		 416
417 for (;;) {
79e2b9ae
PB		 418 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
419 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 420 mr = section->mr;
421
422 if (!mr->iommu_ops) {
423 break;
424 }
425
8d7b8cb9 426 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 427 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
428 | (addr & iotlb.addr_mask));
23820dbf 429 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 430 if (!(iotlb.perm & (1 << is_write))) {
431 mr = &io_mem_unassigned;
432 break;
433 }
434
435 as = iotlb.target_as;
436 }
437
fe680d0d 438 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 439 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 440 *plen = MIN(page, *plen);
a87f3954
PB		 441 }
442
30951157
AK		 443 *xlat = addr;
444 return mr;
90260c6c
JK		 445}
446
79e2b9ae 447/* Called from RCU critical section */
90260c6c 448MemoryRegionSection *
9d82b5a7
PB		 449address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
450 hwaddr *xlat, hwaddr *plen)
90260c6c 451{
30951157 452 MemoryRegionSection *section;
32857f4d 453 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 454 addr, xlat, plen, false);
30951157
AK		 455
456 assert(!section->mr->iommu_ops);
457 return section;
90260c6c 458}
5b6dd868 459#endif
fd6ce8f6 460
b170fce3 461#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 462
463static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 464{
259186a7 465 CPUState *cpu = opaque;
a513fe19 466
5b6dd868
BS		 467 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
468 version_id is increased. */
259186a7 469 cpu->interrupt_request &= ~0x01;
c01a71c1 470 tlb_flush(cpu, 1);
5b6dd868
BS		 471
472 return 0;
a513fe19 473}
7501267e 474
6c3bff0e
PD		 475static int cpu_common_pre_load(void *opaque)
476{
477 CPUState *cpu = opaque;
478
adee6424 479 cpu->exception_index = -1;
6c3bff0e
PD		 480
481 return 0;
482}
483
484static bool cpu_common_exception_index_needed(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 489}
490
491static const VMStateDescription vmstate_cpu_common_exception_index = {
492 .name = "cpu_common/exception_index",
493 .version_id = 1,
494 .minimum_version_id = 1,
5cd8cada 495 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 496 .fields = (VMStateField[]) {
497 VMSTATE_INT32(exception_index, CPUState),
498 VMSTATE_END_OF_LIST()
499 }
500};
501
bac05aa9
AS		 502static bool cpu_common_crash_occurred_needed(void *opaque)
503{
504 CPUState *cpu = opaque;
505
506 return cpu->crash_occurred;
507}
508
509static const VMStateDescription vmstate_cpu_common_crash_occurred = {
510 .name = "cpu_common/crash_occurred",
511 .version_id = 1,
512 .minimum_version_id = 1,
513 .needed = cpu_common_crash_occurred_needed,
514 .fields = (VMStateField[]) {
515 VMSTATE_BOOL(crash_occurred, CPUState),
516 VMSTATE_END_OF_LIST()
517 }
518};
519
1a1562f5 520const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 521 .name = "cpu_common",
522 .version_id = 1,
523 .minimum_version_id = 1,
6c3bff0e 524 .pre_load = cpu_common_pre_load,
5b6dd868 525 .post_load = cpu_common_post_load,
35d08458 526 .fields = (VMStateField[]) {
259186a7
AF		 527 VMSTATE_UINT32(halted, CPUState),
528 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 529 VMSTATE_END_OF_LIST()
6c3bff0e 530 },
5cd8cada
JQ		 531 .subsections = (const VMStateDescription*[]) {
532 &vmstate_cpu_common_exception_index,
bac05aa9 533 &vmstate_cpu_common_crash_occurred,
5cd8cada 534 NULL
5b6dd868
BS		 535 }
536};
1a1562f5 537
5b6dd868 538#endif
ea041c0e 539
38d8f5c8 540CPUState *qemu_get_cpu(int index)
ea041c0e 541{
bdc44640 542 CPUState *cpu;
ea041c0e 543
bdc44640 544 CPU_FOREACH(cpu) {
55e5c285 545 if (cpu->cpu_index == index) {
bdc44640 546 return cpu;
55e5c285 547 }
ea041c0e 548 }
5b6dd868 549
bdc44640 550 return NULL;
ea041c0e
FB		 551}
552
09daed84
EI		 553#if !defined(CONFIG_USER_ONLY)
554void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
555{
556 /* We only support one address space per cpu at the moment. */
557 assert(cpu->as == as);
558
32857f4d
PM		 559 if (cpu->cpu_ases) {
560 /* We've already registered the listener for our only AS */
561 return;
09daed84 562 }
32857f4d
PM		 563
564 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
565 cpu->cpu_ases[0].cpu = cpu;
566 cpu->cpu_ases[0].as = as;
567 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
568 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 569}
570#endif
571
b7bca733
BR		 572#ifndef CONFIG_USER_ONLY
573static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
574
575static int cpu_get_free_index(Error **errp)
576{
577 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
578
579 if (cpu >= MAX_CPUMASK_BITS) {
580 error_setg(errp, "Trying to use more CPUs than max of %d",
581 MAX_CPUMASK_BITS);
582 return -1;
583 }
584
585 bitmap_set(cpu_index_map, cpu, 1);
586 return cpu;
587}
588
589void cpu_exec_exit(CPUState *cpu)
590{
591 if (cpu->cpu_index == -1) {
592 /* cpu_index was never allocated by this @cpu or was already freed. */
593 return;
594 }
595
596 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
597 cpu->cpu_index = -1;
598}
599#else
600
601static int cpu_get_free_index(Error **errp)
602{
603 CPUState *some_cpu;
604 int cpu_index = 0;
605
606 CPU_FOREACH(some_cpu) {
607 cpu_index++;
608 }
609 return cpu_index;
610}
611
612void cpu_exec_exit(CPUState *cpu)
613{
614}
615#endif
616
4bad9e39 617void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 618{
b170fce3 619 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 620 int cpu_index;
b7bca733 621 Error *local_err = NULL;
5b6dd868 622
291135b5
EH		 623#ifndef CONFIG_USER_ONLY
624 cpu->as = &address_space_memory;
625 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 626#endif
627
5b6dd868
BS		 628#if defined(CONFIG_USER_ONLY)
629 cpu_list_lock();
630#endif
b7bca733
BR		 631 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
632 if (local_err) {
633 error_propagate(errp, local_err);
634#if defined(CONFIG_USER_ONLY)
635 cpu_list_unlock();
636#endif
637 return;
5b6dd868 638 }
bdc44640 639 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 640#if defined(CONFIG_USER_ONLY)
641 cpu_list_unlock();
642#endif
e0d47944
AF		 643 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
644 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
645 }
5b6dd868 646#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 647 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 648 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 649 assert(cc->vmsd == NULL);
e0d47944 650 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 651#endif
b170fce3
AF		 652 if (cc->vmsd != NULL) {
653 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
654 }
ea041c0e
FB		 655}
656
94df27fd 657#if defined(CONFIG_USER_ONLY)
00b941e5 658static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 659{
660 tb_invalidate_phys_page_range(pc, pc + 1, 0);
661}
662#else
00b941e5 663static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 664{
e8262a1b
MF		 665 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
666 if (phys != -1) {
09daed84 667 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 668 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 669 }
1e7855a5 670}
c27004ec 671#endif
d720b93d 672
c527ee8f 673#if defined(CONFIG_USER_ONLY)
75a34036 674void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 675
676{
677}
678
3ee887e8
PM		 679int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
680 int flags)
681{
682 return -ENOSYS;
683}
684
685void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
686{
687}
688
75a34036 689int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 690 int flags, CPUWatchpoint **watchpoint)
691{
692 return -ENOSYS;
693}
694#else
6658ffb8 695/* Add a watchpoint. */
75a34036 696int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 697 int flags, CPUWatchpoint **watchpoint)
6658ffb8 698{
c0ce998e 699 CPUWatchpoint *wp;
6658ffb8 700
05068c0d 701 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 702 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 703 error_report("tried to set invalid watchpoint at %"
704 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 705 return -EINVAL;
706 }
7267c094 707 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 708
709 wp->vaddr = addr;
05068c0d 710 wp->len = len;
a1d1bb31
AL		 711 wp->flags = flags;
712
2dc9f411 713 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 714 if (flags & BP_GDB) {
715 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
716 } else {
717 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
718 }
6658ffb8 719
31b030d4 720 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 721
722 if (watchpoint)
723 *watchpoint = wp;
724 return 0;
6658ffb8
PB		 725}
726
a1d1bb31 727/* Remove a specific watchpoint. */
75a34036 728int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 729 int flags)
6658ffb8 730{
a1d1bb31 731 CPUWatchpoint *wp;
6658ffb8 732
ff4700b0 733 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 734 if (addr == wp->vaddr && len == wp->len
6e140f28 735 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 736 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 737 return 0;
738 }
739 }
a1d1bb31 740 return -ENOENT;
6658ffb8
PB		 741}
742
a1d1bb31 743/* Remove a specific watchpoint by reference. */
75a34036 744void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 745{
ff4700b0 746 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 747
31b030d4 748 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 749
7267c094 750 g_free(watchpoint);
a1d1bb31
AL		 751}
752
753/* Remove all matching watchpoints. */
75a34036 754void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 755{
c0ce998e 756 CPUWatchpoint *wp, *next;
a1d1bb31 757
ff4700b0 758 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 759 if (wp->flags & mask) {
760 cpu_watchpoint_remove_by_ref(cpu, wp);
761 }
c0ce998e 762 }
7d03f82f 763}
05068c0d
PM		 764
765/* Return true if this watchpoint address matches the specified
766 * access (ie the address range covered by the watchpoint overlaps
767 * partially or completely with the address range covered by the
768 * access).
769 */
770static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
771 vaddr addr,
772 vaddr len)
773{
774 /* We know the lengths are non-zero, but a little caution is
775 * required to avoid errors in the case where the range ends
776 * exactly at the top of the address space and so addr + len
777 * wraps round to zero.
778 */
779 vaddr wpend = wp->vaddr + wp->len - 1;
780 vaddr addrend = addr + len - 1;
781
782 return !(addr > wpend || wp->vaddr > addrend);
783}
784
c527ee8f 785#endif
7d03f82f 786
a1d1bb31 787/* Add a breakpoint. */
b3310ab3 788int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 789 CPUBreakpoint **breakpoint)
4c3a88a2 790{
c0ce998e 791 CPUBreakpoint *bp;
3b46e624 792
7267c094 793 bp = g_malloc(sizeof(*bp));
4c3a88a2 794
a1d1bb31
AL		 795 bp->pc = pc;
796 bp->flags = flags;
797
2dc9f411 798 /* keep all GDB-injected breakpoints in front */
00b941e5 799 if (flags & BP_GDB) {
f0c3c505 800 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 801 } else {
f0c3c505 802 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 803 }
3b46e624 804
f0c3c505 805 breakpoint_invalidate(cpu, pc);
a1d1bb31 806
00b941e5 807 if (breakpoint) {
a1d1bb31 808 *breakpoint = bp;
00b941e5 809 }
4c3a88a2 810 return 0;
4c3a88a2
FB		 811}
812
a1d1bb31 813/* Remove a specific breakpoint. */
b3310ab3 814int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 815{
a1d1bb31
AL		 816 CPUBreakpoint *bp;
817
f0c3c505 818 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 819 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 820 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 821 return 0;
822 }
7d03f82f 823 }
a1d1bb31 824 return -ENOENT;
7d03f82f
EI		 825}
826
a1d1bb31 827/* Remove a specific breakpoint by reference. */
b3310ab3 828void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 829{
f0c3c505
AF		 830 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
831
832 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 833
7267c094 834 g_free(breakpoint);
a1d1bb31
AL		 835}
836
837/* Remove all matching breakpoints. */
b3310ab3 838void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 839{
c0ce998e 840 CPUBreakpoint *bp, *next;
a1d1bb31 841
f0c3c505 842 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 843 if (bp->flags & mask) {
844 cpu_breakpoint_remove_by_ref(cpu, bp);
845 }
c0ce998e 846 }
4c3a88a2
FB		 847}
848
c33a346e
FB		 849/* enable or disable single step mode. EXCP_DEBUG is returned by the
850 CPU loop after each instruction */
3825b28f 851void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 852{
ed2803da
AF		 853 if (cpu->singlestep_enabled != enabled) {
854 cpu->singlestep_enabled = enabled;
855 if (kvm_enabled()) {
38e478ec 856 kvm_update_guest_debug(cpu, 0);
ed2803da 857 } else {
ccbb4d44 858 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 859 /* XXX: only flush what is necessary */
bbd77c18 860 tb_flush(cpu);
e22a25c9 861 }
c33a346e 862 }
c33a346e
FB		 863}
864
a47dddd7 865void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 866{
867 va_list ap;
493ae1f0 868 va_list ap2;
7501267e
FB		 869
870 va_start(ap, fmt);
493ae1f0 871 va_copy(ap2, ap);
7501267e
FB		 872 fprintf(stderr, "qemu: fatal: ");
873 vfprintf(stderr, fmt, ap);
874 fprintf(stderr, "\n");
878096ee 875 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 876 if (qemu_log_enabled()) {
877 qemu_log("qemu: fatal: ");
878 qemu_log_vprintf(fmt, ap2);
879 qemu_log("\n");
a0762859 880 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 881 qemu_log_flush();
93fcfe39 882 qemu_log_close();
924edcae 883 }
493ae1f0 884 va_end(ap2);
f9373291 885 va_end(ap);
7615936e 886 replay_finish();
fd052bf6
RV		 887#if defined(CONFIG_USER_ONLY)
888 {
889 struct sigaction act;
890 sigfillset(&act.sa_mask);
891 act.sa_handler = SIG_DFL;
892 sigaction(SIGABRT, &act, NULL);
893 }
894#endif
7501267e
FB		 895 abort();
896}
897
0124311e 898#if !defined(CONFIG_USER_ONLY)
0dc3f44a 899/* Called from RCU critical section */
041603fe
PB		 900static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
901{
902 RAMBlock *block;
903
43771539 904 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 905 if (block && addr - block->offset < block->max_length) {
68851b98 906 return block;
041603fe 907 }
0dc3f44a 908 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 909 if (addr - block->offset < block->max_length) {
041603fe
PB		 910 goto found;
911 }
912 }
913
914 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
915 abort();
916
917found:
43771539
PB		 918 /* It is safe to write mru_block outside the iothread lock. This
919 * is what happens:
920 *
921 * mru_block = xxx
922 * rcu_read_unlock()
923 * xxx removed from list
924 * rcu_read_lock()
925 * read mru_block
926 * mru_block = NULL;
927 * call_rcu(reclaim_ramblock, xxx);
928 * rcu_read_unlock()
929 *
930 * atomic_rcu_set is not needed here. The block was already published
931 * when it was placed into the list. Here we're just making an extra
932 * copy of the pointer.
933 */
041603fe
PB		 934 ram_list.mru_block = block;
935 return block;
936}
937
a2f4d5be 938static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 939{
9a13565d 940 CPUState *cpu;
041603fe 941 ram_addr_t start1;
a2f4d5be
JQ		 942 RAMBlock *block;
943 ram_addr_t end;
944
945 end = TARGET_PAGE_ALIGN(start + length);
946 start &= TARGET_PAGE_MASK;
d24981d3 947
0dc3f44a 948 rcu_read_lock();
041603fe
PB		 949 block = qemu_get_ram_block(start);
950 assert(block == qemu_get_ram_block(end - 1));
1240be24 951 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 952 CPU_FOREACH(cpu) {
953 tlb_reset_dirty(cpu, start1, length);
954 }
0dc3f44a 955 rcu_read_unlock();
d24981d3
JQ		 956}
957
5579c7f3 958/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 959bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
960 ram_addr_t length,
961 unsigned client)
1ccde1cb 962{
03eebc9e
SH		 963 unsigned long end, page;
964 bool dirty;
965
966 if (length == 0) {
967 return false;
968 }
f23db169 969
03eebc9e
SH		 970 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
971 page = start >> TARGET_PAGE_BITS;
972 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
973 page, end - page);
974
975 if (dirty && tcg_enabled()) {
a2f4d5be 976 tlb_reset_dirty_range_all(start, length);
5579c7f3 977 }
03eebc9e
SH		 978
979 return dirty;
1ccde1cb
FB		 980}
981
79e2b9ae 982/* Called from RCU critical section */
bb0e627a 983hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 984 MemoryRegionSection *section,
985 target_ulong vaddr,
986 hwaddr paddr, hwaddr xlat,
987 int prot,
988 target_ulong *address)
e5548617 989{
a8170e5e 990 hwaddr iotlb;
e5548617
BS		 991 CPUWatchpoint *wp;
992
cc5bea60 993 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 994 /* Normal RAM. */
995 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 996 + xlat;
e5548617 997 if (!section->readonly) {
b41aac4f 998 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 999 } else {
b41aac4f 1000 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1001 }
1002 } else {
0b8e2c10
PM		 1003 AddressSpaceDispatch *d;
1004
1005 d = atomic_rcu_read(&section->address_space->dispatch);
1006 iotlb = section - d->map.sections;
149f54b5 1007 iotlb += xlat;
e5548617
BS		 1008 }
1009
1010 /* Make accesses to pages with watchpoints go via the
1011 watchpoint trap routines. */
ff4700b0 1012 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1013 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1014 /* Avoid trapping reads of pages with a write breakpoint. */
1015 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1016 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1017 *address |= TLB_MMIO;
1018 break;
1019 }
1020 }
1021 }
1022
1023 return iotlb;
1024}
9fa3e853
FB		 1025#endif /* defined(CONFIG_USER_ONLY) */
1026
e2eef170 1027#if !defined(CONFIG_USER_ONLY)
8da3ff18 1028
c227f099 1029static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1030 uint16_t section);
acc9d80b 1031static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1032
a2b257d6
IM		 1033static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1034 qemu_anon_ram_alloc;
91138037
MA		 1035
1036/*
1037 * Set a custom physical guest memory alloator.
1038 * Accelerators with unusual needs may need this. Hopefully, we can
1039 * get rid of it eventually.
1040 */
a2b257d6 1041void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1042{
1043 phys_mem_alloc = alloc;
1044}
1045
53cb28cb
MA		 1046static uint16_t phys_section_add(PhysPageMap *map,
1047 MemoryRegionSection *section)
5312bd8b 1048{
68f3f65b
PB		 1049 /* The physical section number is ORed with a page-aligned
1050 * pointer to produce the iotlb entries. Thus it should
1051 * never overflow into the page-aligned value.
1052 */
53cb28cb 1053 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1054
53cb28cb
MA		 1055 if (map->sections_nb == map->sections_nb_alloc) {
1056 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1057 map->sections = g_renew(MemoryRegionSection, map->sections,
1058 map->sections_nb_alloc);
5312bd8b 1059 }
53cb28cb 1060 map->sections[map->sections_nb] = *section;
dfde4e6e 1061 memory_region_ref(section->mr);
53cb28cb 1062 return map->sections_nb++;
5312bd8b
AK		 1063}
1064
058bc4b5
PB		 1065static void phys_section_destroy(MemoryRegion *mr)
1066{
dfde4e6e
PB		 1067 memory_region_unref(mr);
1068
058bc4b5
PB		 1069 if (mr->subpage) {
1070 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1071 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1072 g_free(subpage);
1073 }
1074}
1075
6092666e 1076static void phys_sections_free(PhysPageMap *map)
5312bd8b 1077{
9affd6fc
PB		 1078 while (map->sections_nb > 0) {
1079 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1080 phys_section_destroy(section->mr);
1081 }
9affd6fc
PB		 1082 g_free(map->sections);
1083 g_free(map->nodes);
5312bd8b
AK		 1084}
1085
ac1970fb 1086static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1087{
1088 subpage_t *subpage;
a8170e5e 1089 hwaddr base = section->offset_within_address_space
0f0cb164 1090 & TARGET_PAGE_MASK;
97115a8d 1091 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1092 d->map.nodes, d->map.sections);
0f0cb164
AK		 1093 MemoryRegionSection subsection = {
1094 .offset_within_address_space = base,
052e87b0 1095 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1096 };
a8170e5e 1097 hwaddr start, end;
0f0cb164 1098
f3705d53 1099 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1100
f3705d53 1101 if (!(existing->mr->subpage)) {
acc9d80b 1102 subpage = subpage_init(d->as, base);
3be91e86 1103 subsection.address_space = d->as;
0f0cb164 1104 subsection.mr = &subpage->iomem;
ac1970fb 1105 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1106 phys_section_add(&d->map, &subsection));
0f0cb164 1107 } else {
f3705d53 1108 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1109 }
1110 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1111 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1112 subpage_register(subpage, start, end,
1113 phys_section_add(&d->map, section));
0f0cb164
AK		 1114}
1115
1116
052e87b0
PB		 1117static void register_multipage(AddressSpaceDispatch *d,
1118 MemoryRegionSection *section)
33417e70 1119{
a8170e5e 1120 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1121 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1122 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1123 TARGET_PAGE_BITS));
dd81124b 1124
733d5ef5
PB		 1125 assert(num_pages);
1126 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1127}
1128
ac1970fb 1129static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1130{
89ae337a 1131 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1132 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1133 MemoryRegionSection now = *section, remain = *section;
052e87b0 1134 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1135
733d5ef5
PB		 1136 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1137 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1138 - now.offset_within_address_space;
1139
052e87b0 1140 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1141 register_subpage(d, &now);
733d5ef5 1142 } else {
052e87b0 1143 now.size = int128_zero();
733d5ef5 1144 }
052e87b0
PB		 1145 while (int128_ne(remain.size, now.size)) {
1146 remain.size = int128_sub(remain.size, now.size);
1147 remain.offset_within_address_space += int128_get64(now.size);
1148 remain.offset_within_region += int128_get64(now.size);
69b67646 1149 now = remain;
052e87b0 1150 if (int128_lt(remain.size, page_size)) {
733d5ef5 1151 register_subpage(d, &now);
88266249 1152 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1153 now.size = page_size;
ac1970fb 1154 register_subpage(d, &now);
69b67646 1155 } else {
052e87b0 1156 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1157 register_multipage(d, &now);
69b67646 1158 }
0f0cb164
AK		 1159 }
1160}
1161
62a2744c
SY		 1162void qemu_flush_coalesced_mmio_buffer(void)
1163{
1164 if (kvm_enabled())
1165 kvm_flush_coalesced_mmio_buffer();
1166}
1167
b2a8658e
UD		 1168void qemu_mutex_lock_ramlist(void)
1169{
1170 qemu_mutex_lock(&ram_list.mutex);
1171}
1172
1173void qemu_mutex_unlock_ramlist(void)
1174{
1175 qemu_mutex_unlock(&ram_list.mutex);
1176}
1177
e1e84ba0 1178#ifdef __linux__
c902760f
MT		 1179
1180#include <sys/vfs.h>
1181
1182#define HUGETLBFS_MAGIC 0x958458f6
1183
fc7a5800 1184static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1185{
1186 struct statfs fs;
1187 int ret;
1188
1189 do {
9742bf26 1190 ret = statfs(path, &fs);
c902760f
MT		 1191 } while (ret != 0 && errno == EINTR);
1192
1193 if (ret != 0) {
fc7a5800
HT		 1194 error_setg_errno(errp, errno, "failed to get page size of file %s",
1195 path);
9742bf26 1196 return 0;
c902760f
MT		 1197 }
1198
1199 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1200 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1201
1202 return fs.f_bsize;
1203}
1204
04b16653
AW		 1205static void *file_ram_alloc(RAMBlock *block,
1206 ram_addr_t memory,
7f56e740
PB		 1207 const char *path,
1208 Error **errp)
c902760f 1209{
8d31d6b6 1210 struct stat st;
c902760f 1211 char *filename;
8ca761f6
PF		 1212 char *sanitized_name;
1213 char *c;
794e8f30 1214 void *area;
c902760f 1215 int fd;
557529dd 1216 uint64_t hpagesize;
fc7a5800 1217 Error *local_err = NULL;
c902760f 1218
fc7a5800
HT		 1219 hpagesize = gethugepagesize(path, &local_err);
1220 if (local_err) {
1221 error_propagate(errp, local_err);
f9a49dfa 1222 goto error;
c902760f 1223 }
a2b257d6 1224 block->mr->align = hpagesize;
c902760f
MT		 1225
1226 if (memory < hpagesize) {
557529dd
HT		 1227 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1228 "or larger than huge page size 0x%" PRIx64,
1229 memory, hpagesize);
1230 goto error;
c902760f
MT		 1231 }
1232
1233 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1234 error_setg(errp,
1235 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1236 goto error;
c902760f
MT		 1237 }
1238
8d31d6b6
PF		 1239 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1240 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1241 sanitized_name = g_strdup(memory_region_name(block->mr));
1242 for (c = sanitized_name; *c != '\0'; c++) {
1243 if (*c == '/') {
1244 *c = '_';
1245 }
1246 }
8ca761f6 1247
8d31d6b6
PF		 1248 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1249 sanitized_name);
1250 g_free(sanitized_name);
1251
1252 fd = mkstemp(filename);
1253 if (fd >= 0) {
1254 unlink(filename);
1255 }
1256 g_free(filename);
1257 } else {
1258 fd = open(path, O_RDWR | O_CREAT, 0644);
1259 }
c902760f 1260
c902760f 1261 if (fd < 0) {
7f56e740
PB		 1262 error_setg_errno(errp, errno,
1263 "unable to create backing store for hugepages");
f9a49dfa 1264 goto error;
c902760f 1265 }
c902760f 1266
9284f319 1267 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1268
1269 /*
1270 * ftruncate is not supported by hugetlbfs in older
1271 * hosts, so don't bother bailing out on errors.
1272 * If anything goes wrong with it under other filesystems,
1273 * mmap will fail.
1274 */
7f56e740 1275 if (ftruncate(fd, memory)) {
9742bf26 1276 perror("ftruncate");
7f56e740 1277 }
c902760f 1278
794e8f30 1279 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1280 if (area == MAP_FAILED) {
7f56e740
PB		 1281 error_setg_errno(errp, errno,
1282 "unable to map backing store for hugepages");
9742bf26 1283 close(fd);
f9a49dfa 1284 goto error;
c902760f 1285 }
ef36fa14
MT		 1286
1287 if (mem_prealloc) {
38183310 1288 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1289 }
1290
04b16653 1291 block->fd = fd;
c902760f 1292 return area;
f9a49dfa
MT		 1293
1294error:
f9a49dfa 1295 return NULL;
c902760f
MT		 1296}
1297#endif
1298
0dc3f44a 1299/* Called with the ramlist lock held. */
d17b5288 1300static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1301{
1302 RAMBlock *block, *next_block;
3e837b2c 1303 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1304
49cd9ac6
SH		 1305 assert(size != 0); /* it would hand out same offset multiple times */
1306
0dc3f44a 1307 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1308 return 0;
0d53d9fe 1309 }
04b16653 1310
0dc3f44a 1311 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1312 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1313
62be4e3a 1314 end = block->offset + block->max_length;
04b16653 1315
0dc3f44a 1316 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1317 if (next_block->offset >= end) {
1318 next = MIN(next, next_block->offset);
1319 }
1320 }
1321 if (next - end >= size && next - end < mingap) {
3e837b2c 1322 offset = end;
04b16653
AW		 1323 mingap = next - end;
1324 }
1325 }
3e837b2c
AW		 1326
1327 if (offset == RAM_ADDR_MAX) {
1328 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1329 (uint64_t)size);
1330 abort();
1331 }
1332
04b16653
AW		 1333 return offset;
1334}
1335
652d7ec2 1336ram_addr_t last_ram_offset(void)
d17b5288
AW		 1337{
1338 RAMBlock *block;
1339 ram_addr_t last = 0;
1340
0dc3f44a
MD		 1341 rcu_read_lock();
1342 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1343 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1344 }
0dc3f44a 1345 rcu_read_unlock();
d17b5288
AW		 1346 return last;
1347}
1348
ddb97f1d
JB		 1349static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1350{
1351 int ret;
ddb97f1d
JB		 1352
1353 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1354 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1355 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1356 if (ret) {
1357 perror("qemu_madvise");
1358 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1359 "but dump_guest_core=off specified\n");
1360 }
1361 }
1362}
1363
0dc3f44a
MD		 1364/* Called within an RCU critical section, or while the ramlist lock
1365 * is held.
1366 */
20cfe881 1367static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1368{
20cfe881 1369 RAMBlock *block;
84b89d78 1370
0dc3f44a 1371 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1372 if (block->offset == addr) {
20cfe881 1373 return block;
c5705a77
AK		 1374 }
1375 }
20cfe881
HT		 1376
1377 return NULL;
1378}
1379
422148d3
DDAG		 1380const char *qemu_ram_get_idstr(RAMBlock *rb)
1381{
1382 return rb->idstr;
1383}
1384
ae3a7047 1385/* Called with iothread lock held. */
20cfe881
HT		 1386void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1387{
ae3a7047 1388 RAMBlock *new_block, *block;
20cfe881 1389
0dc3f44a 1390 rcu_read_lock();
ae3a7047 1391 new_block = find_ram_block(addr);
c5705a77
AK		 1392 assert(new_block);
1393 assert(!new_block->idstr[0]);
84b89d78 1394
09e5ab63
AL		 1395 if (dev) {
1396 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1397 if (id) {
1398 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1399 g_free(id);
84b89d78
CM		 1400 }
1401 }
1402 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1403
0dc3f44a 1404 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1405 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1406 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1407 new_block->idstr);
1408 abort();
1409 }
1410 }
0dc3f44a 1411 rcu_read_unlock();
c5705a77
AK		 1412}
1413
ae3a7047 1414/* Called with iothread lock held. */
20cfe881
HT		 1415void qemu_ram_unset_idstr(ram_addr_t addr)
1416{
ae3a7047 1417 RAMBlock *block;
20cfe881 1418
ae3a7047
MD		 1419 /* FIXME: arch_init.c assumes that this is not called throughout
1420 * migration. Ignore the problem since hot-unplug during migration
1421 * does not work anyway.
1422 */
1423
0dc3f44a 1424 rcu_read_lock();
ae3a7047 1425 block = find_ram_block(addr);
20cfe881
HT		 1426 if (block) {
1427 memset(block->idstr, 0, sizeof(block->idstr));
1428 }
0dc3f44a 1429 rcu_read_unlock();
20cfe881
HT		 1430}
1431
8490fc78
LC		 1432static int memory_try_enable_merging(void *addr, size_t len)
1433{
75cc7f01 1434 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1435 /* disabled by the user */
1436 return 0;
1437 }
1438
1439 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1440}
1441
62be4e3a
MT		 1442/* Only legal before guest might have detected the memory size: e.g. on
1443 * incoming migration, or right after reset.
1444 *
1445 * As memory core doesn't know how is memory accessed, it is up to
1446 * resize callback to update device state and/or add assertions to detect
1447 * misuse, if necessary.
1448 */
1449int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1450{
1451 RAMBlock *block = find_ram_block(base);
1452
1453 assert(block);
1454
4ed023ce 1455 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1456
62be4e3a
MT		 1457 if (block->used_length == newsize) {
1458 return 0;
1459 }
1460
1461 if (!(block->flags & RAM_RESIZEABLE)) {
1462 error_setg_errno(errp, EINVAL,
1463 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1464 " in != 0x" RAM_ADDR_FMT, block->idstr,
1465 newsize, block->used_length);
1466 return -EINVAL;
1467 }
1468
1469 if (block->max_length < newsize) {
1470 error_setg_errno(errp, EINVAL,
1471 "Length too large: %s: 0x" RAM_ADDR_FMT
1472 " > 0x" RAM_ADDR_FMT, block->idstr,
1473 newsize, block->max_length);
1474 return -EINVAL;
1475 }
1476
1477 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1478 block->used_length = newsize;
58d2707e
PB		 1479 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1480 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1481 memory_region_set_size(block->mr, newsize);
1482 if (block->resized) {
1483 block->resized(block->idstr, newsize, block->host);
1484 }
1485 return 0;
1486}
1487
ef701d7b 1488static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1489{
e1c57ab8 1490 RAMBlock *block;
0d53d9fe 1491 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1492 ram_addr_t old_ram_size, new_ram_size;
1493
1494 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1495
b2a8658e 1496 qemu_mutex_lock_ramlist();
9b8424d5 1497 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1498
1499 if (!new_block->host) {
1500 if (xen_enabled()) {
9b8424d5
MT		 1501 xen_ram_alloc(new_block->offset, new_block->max_length,
1502 new_block->mr);
e1c57ab8 1503 } else {
9b8424d5 1504 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1505 &new_block->mr->align);
39228250 1506 if (!new_block->host) {
ef701d7b
HT		 1507 error_setg_errno(errp, errno,
1508 "cannot set up guest memory '%s'",
1509 memory_region_name(new_block->mr));
1510 qemu_mutex_unlock_ramlist();
1511 return -1;
39228250 1512 }
9b8424d5 1513 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1514 }
c902760f 1515 }
94a6b54f 1516
dd631697
LZ		 1517 new_ram_size = MAX(old_ram_size,
1518 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1519 if (new_ram_size > old_ram_size) {
1520 migration_bitmap_extend(old_ram_size, new_ram_size);
1521 }
0d53d9fe
MD		 1522 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1523 * QLIST (which has an RCU-friendly variant) does not have insertion at
1524 * tail, so save the last element in last_block.
1525 */
0dc3f44a 1526 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1527 last_block = block;
9b8424d5 1528 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1529 break;
1530 }
1531 }
1532 if (block) {
0dc3f44a 1533 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1534 } else if (last_block) {
0dc3f44a 1535 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1536 } else { /* list is empty */
0dc3f44a 1537 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1538 }
0d6d3c87 1539 ram_list.mru_block = NULL;
94a6b54f 1540
0dc3f44a
MD		 1541 /* Write list before version */
1542 smp_wmb();
f798b07f 1543 ram_list.version++;
b2a8658e 1544 qemu_mutex_unlock_ramlist();
f798b07f 1545
2152f5ca
JQ		 1546 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1547
1548 if (new_ram_size > old_ram_size) {
1ab4c8ce 1549 int i;
ae3a7047
MD		 1550
1551 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1552 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1553 ram_list.dirty_memory[i] =
1554 bitmap_zero_extend(ram_list.dirty_memory[i],
1555 old_ram_size, new_ram_size);
1556 }
2152f5ca 1557 }
9b8424d5 1558 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1559 new_block->used_length,
1560 DIRTY_CLIENTS_ALL);
94a6b54f 1561
a904c911
PB		 1562 if (new_block->host) {
1563 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1564 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1565 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1566 if (kvm_enabled()) {
1567 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1568 }
e1c57ab8 1569 }
6f0437e8 1570
94a6b54f
PB		 1571 return new_block->offset;
1572}
e9a1ab19 1573
0b183fc8 1574#ifdef __linux__
e1c57ab8 1575ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1576 bool share, const char *mem_path,
7f56e740 1577 Error **errp)
e1c57ab8
PB		 1578{
1579 RAMBlock *new_block;
ef701d7b
HT		 1580 ram_addr_t addr;
1581 Error *local_err = NULL;
e1c57ab8
PB		 1582
1583 if (xen_enabled()) {
7f56e740
PB		 1584 error_setg(errp, "-mem-path not supported with Xen");
1585 return -1;
e1c57ab8
PB		 1586 }
1587
1588 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1589 /*
1590 * file_ram_alloc() needs to allocate just like
1591 * phys_mem_alloc, but we haven't bothered to provide
1592 * a hook there.
1593 */
7f56e740
PB		 1594 error_setg(errp,
1595 "-mem-path not supported with this accelerator");
1596 return -1;
e1c57ab8
PB		 1597 }
1598
4ed023ce 1599 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1600 new_block = g_malloc0(sizeof(*new_block));
1601 new_block->mr = mr;
9b8424d5
MT		 1602 new_block->used_length = size;
1603 new_block->max_length = size;
dbcb8981 1604 new_block->flags = share ? RAM_SHARED : 0;
794e8f30 1605 new_block->flags |= RAM_FILE;
7f56e740
PB		 1606 new_block->host = file_ram_alloc(new_block, size,
1607 mem_path, errp);
1608 if (!new_block->host) {
1609 g_free(new_block);
1610 return -1;
1611 }
1612
ef701d7b
HT		 1613 addr = ram_block_add(new_block, &local_err);
1614 if (local_err) {
1615 g_free(new_block);
1616 error_propagate(errp, local_err);
1617 return -1;
1618 }
1619 return addr;
e1c57ab8 1620}
0b183fc8 1621#endif
e1c57ab8 1622
62be4e3a
MT		 1623static
1624ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1625 void (*resized)(const char*,
1626 uint64_t length,
1627 void *host),
1628 void *host, bool resizeable,
ef701d7b 1629 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1630{
1631 RAMBlock *new_block;
ef701d7b
HT		 1632 ram_addr_t addr;
1633 Error *local_err = NULL;
e1c57ab8 1634
4ed023ce
DDAG		 1635 size = HOST_PAGE_ALIGN(size);
1636 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1637 new_block = g_malloc0(sizeof(*new_block));
1638 new_block->mr = mr;
62be4e3a 1639 new_block->resized = resized;
9b8424d5
MT		 1640 new_block->used_length = size;
1641 new_block->max_length = max_size;
62be4e3a 1642 assert(max_size >= size);
e1c57ab8
PB		 1643 new_block->fd = -1;
1644 new_block->host = host;
1645 if (host) {
7bd4f430 1646 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1647 }
62be4e3a
MT		 1648 if (resizeable) {
1649 new_block->flags |= RAM_RESIZEABLE;
1650 }
ef701d7b
HT		 1651 addr = ram_block_add(new_block, &local_err);
1652 if (local_err) {
1653 g_free(new_block);
1654 error_propagate(errp, local_err);
1655 return -1;
1656 }
1657 return addr;
e1c57ab8
PB		 1658}
1659
62be4e3a
MT		 1660ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1661 MemoryRegion *mr, Error **errp)
1662{
1663 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1664}
1665
ef701d7b 1666ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1667{
62be4e3a
MT		 1668 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1669}
1670
1671ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1672 void (*resized)(const char*,
1673 uint64_t length,
1674 void *host),
1675 MemoryRegion *mr, Error **errp)
1676{
1677 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1678}
1679
1f2e98b6
AW		 1680void qemu_ram_free_from_ptr(ram_addr_t addr)
1681{
1682 RAMBlock *block;
1683
b2a8658e 1684 qemu_mutex_lock_ramlist();
0dc3f44a 1685 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1686 if (addr == block->offset) {
0dc3f44a 1687 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1688 ram_list.mru_block = NULL;
0dc3f44a
MD		 1689 /* Write list before version */
1690 smp_wmb();
f798b07f 1691 ram_list.version++;
43771539 1692 g_free_rcu(block, rcu);
b2a8658e 1693 break;
1f2e98b6
AW		 1694 }
1695 }
b2a8658e 1696 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1697}
1698
43771539
PB		 1699static void reclaim_ramblock(RAMBlock *block)
1700{
1701 if (block->flags & RAM_PREALLOC) {
1702 ;
1703 } else if (xen_enabled()) {
1704 xen_invalidate_map_cache_entry(block->host);
1705#ifndef _WIN32
1706 } else if (block->fd >= 0) {
794e8f30
MT		 1707 if (block->flags & RAM_FILE) {
1708 qemu_ram_munmap(block->host, block->max_length);
8561c924
MT		 1709 } else {
1710 munmap(block->host, block->max_length);
1711 }
43771539
PB		 1712 close(block->fd);
1713#endif
1714 } else {
1715 qemu_anon_ram_free(block->host, block->max_length);
1716 }
1717 g_free(block);
1718}
1719
c227f099 1720void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1721{
04b16653
AW		 1722 RAMBlock *block;
1723
b2a8658e 1724 qemu_mutex_lock_ramlist();
0dc3f44a 1725 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1726 if (addr == block->offset) {
0dc3f44a 1727 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1728 ram_list.mru_block = NULL;
0dc3f44a
MD		 1729 /* Write list before version */
1730 smp_wmb();
f798b07f 1731 ram_list.version++;
43771539 1732 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1733 break;
04b16653
AW		 1734 }
1735 }
b2a8658e 1736 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1737}
1738
cd19cfa2
HY		 1739#ifndef _WIN32
1740void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1741{
1742 RAMBlock *block;
1743 ram_addr_t offset;
1744 int flags;
1745 void *area, *vaddr;
1746
0dc3f44a 1747 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1748 offset = addr - block->offset;
9b8424d5 1749 if (offset < block->max_length) {
1240be24 1750 vaddr = ramblock_ptr(block, offset);
7bd4f430 1751 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1752 ;
dfeaf2ab
MA		 1753 } else if (xen_enabled()) {
1754 abort();
cd19cfa2
HY		 1755 } else {
1756 flags = MAP_FIXED;
3435f395 1757 if (block->fd >= 0) {
dbcb8981
PB		 1758 flags |= (block->flags & RAM_SHARED ?
1759 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1760 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1761 flags, block->fd, offset);
cd19cfa2 1762 } else {
2eb9fbaa
MA		 1763 /*
1764 * Remap needs to match alloc. Accelerators that
1765 * set phys_mem_alloc never remap. If they did,
1766 * we'd need a remap hook here.
1767 */
1768 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1769
cd19cfa2
HY		 1770 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1771 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1772 flags, -1, 0);
cd19cfa2
HY		 1773 }
1774 if (area != vaddr) {
f15fbc4b
AP		 1775 fprintf(stderr, "Could not remap addr: "
1776 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1777 length, addr);
1778 exit(1);
1779 }
8490fc78 1780 memory_try_enable_merging(vaddr, length);
ddb97f1d 1781 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1782 }
cd19cfa2
HY		 1783 }
1784 }
1785}
1786#endif /* !_WIN32 */
1787
a35ba7be
PB		 1788int qemu_get_ram_fd(ram_addr_t addr)
1789{
ae3a7047
MD		 1790 RAMBlock *block;
1791 int fd;
a35ba7be 1792
0dc3f44a 1793 rcu_read_lock();
ae3a7047
MD		 1794 block = qemu_get_ram_block(addr);
1795 fd = block->fd;
0dc3f44a 1796 rcu_read_unlock();
ae3a7047 1797 return fd;
a35ba7be
PB		 1798}
1799
3fd74b84
DM		 1800void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1801{
ae3a7047
MD		 1802 RAMBlock *block;
1803 void *ptr;
3fd74b84 1804
0dc3f44a 1805 rcu_read_lock();
ae3a7047
MD		 1806 block = qemu_get_ram_block(addr);
1807 ptr = ramblock_ptr(block, 0);
0dc3f44a 1808 rcu_read_unlock();
ae3a7047 1809 return ptr;
3fd74b84
DM		 1810}
1811
1b5ec234 1812/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1813 * This should not be used for general purpose DMA. Use address_space_map
1814 * or address_space_rw instead. For local memory (e.g. video ram) that the
1815 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1816 *
1817 * By the time this function returns, the returned pointer is not protected
1818 * by RCU anymore. If the caller is not within an RCU critical section and
1819 * does not hold the iothread lock, it must have other means of protecting the
1820 * pointer, such as a reference to the region that includes the incoming
1821 * ram_addr_t.
1b5ec234
PB		 1822 */
1823void *qemu_get_ram_ptr(ram_addr_t addr)
1824{
ae3a7047
MD		 1825 RAMBlock *block;
1826 void *ptr;
1b5ec234 1827
0dc3f44a 1828 rcu_read_lock();
ae3a7047
MD		 1829 block = qemu_get_ram_block(addr);
1830
1831 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1832 /* We need to check if the requested address is in the RAM
1833 * because we don't want to map the entire memory in QEMU.
1834 * In that case just map until the end of the page.
1835 */
1836 if (block->offset == 0) {
ae3a7047 1837 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1838 goto unlock;
0d6d3c87 1839 }
ae3a7047
MD		 1840
1841 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1842 }
ae3a7047
MD		 1843 ptr = ramblock_ptr(block, addr - block->offset);
1844
0dc3f44a
MD		 1845unlock:
1846 rcu_read_unlock();
ae3a7047 1847 return ptr;
dc828ca1
PB		 1848}
1849
38bee5dc 1850/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1851 * but takes a size argument.
0dc3f44a
MD		 1852 *
1853 * By the time this function returns, the returned pointer is not protected
1854 * by RCU anymore. If the caller is not within an RCU critical section and
1855 * does not hold the iothread lock, it must have other means of protecting the
1856 * pointer, such as a reference to the region that includes the incoming
1857 * ram_addr_t.
ae3a7047 1858 */
cb85f7ab 1859static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1860{
ae3a7047 1861 void *ptr;
8ab934f9
SS		 1862 if (*size == 0) {
1863 return NULL;
1864 }
868bb33f 1865 if (xen_enabled()) {
e41d7c69 1866 return xen_map_cache(addr, *size, 1);
868bb33f 1867 } else {
38bee5dc 1868 RAMBlock *block;
0dc3f44a
MD		 1869 rcu_read_lock();
1870 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1871 if (addr - block->offset < block->max_length) {
1872 if (addr - block->offset + *size > block->max_length)
1873 *size = block->max_length - addr + block->offset;
ae3a7047 1874 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1875 rcu_read_unlock();
ae3a7047 1876 return ptr;
38bee5dc
SS		 1877 }
1878 }
1879
1880 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1881 abort();
38bee5dc
SS		 1882 }
1883}
1884
422148d3
DDAG		 1885/*
1886 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1887 * in that RAMBlock.
1888 *
1889 * ptr: Host pointer to look up
1890 * round_offset: If true round the result offset down to a page boundary
1891 * *ram_addr: set to result ram_addr
1892 * *offset: set to result offset within the RAMBlock
1893 *
1894 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1895 *
1896 * By the time this function returns, the returned pointer is not protected
1897 * by RCU anymore. If the caller is not within an RCU critical section and
1898 * does not hold the iothread lock, it must have other means of protecting the
1899 * pointer, such as a reference to the region that includes the incoming
1900 * ram_addr_t.
1901 */
422148d3
DDAG		 1902RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1903 ram_addr_t *ram_addr,
1904 ram_addr_t *offset)
5579c7f3 1905{
94a6b54f
PB		 1906 RAMBlock *block;
1907 uint8_t *host = ptr;
1908
868bb33f 1909 if (xen_enabled()) {
0dc3f44a 1910 rcu_read_lock();
e41d7c69 1911 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1912 block = qemu_get_ram_block(*ram_addr);
1913 if (block) {
1914 *offset = (host - block->host);
1915 }
0dc3f44a 1916 rcu_read_unlock();
422148d3 1917 return block;
712c2b41
SS		 1918 }
1919
0dc3f44a
MD		 1920 rcu_read_lock();
1921 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1922 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1923 goto found;
1924 }
1925
0dc3f44a 1926 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1927 /* This case append when the block is not mapped. */
1928 if (block->host == NULL) {
1929 continue;
1930 }
9b8424d5 1931 if (host - block->host < block->max_length) {
23887b79 1932 goto found;
f471a17e 1933 }
94a6b54f 1934 }
432d268c 1935
0dc3f44a 1936 rcu_read_unlock();
1b5ec234 1937 return NULL;
23887b79
PB		 1938
1939found:
422148d3
DDAG		 1940 *offset = (host - block->host);
1941 if (round_offset) {
1942 *offset &= TARGET_PAGE_MASK;
1943 }
1944 *ram_addr = block->offset + *offset;
0dc3f44a 1945 rcu_read_unlock();
422148d3
DDAG		 1946 return block;
1947}
1948
e3dd7493
DDAG		 1949/*
1950 * Finds the named RAMBlock
1951 *
1952 * name: The name of RAMBlock to find
1953 *
1954 * Returns: RAMBlock (or NULL if not found)
1955 */
1956RAMBlock *qemu_ram_block_by_name(const char *name)
1957{
1958 RAMBlock *block;
1959
1960 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1961 if (!strcmp(name, block->idstr)) {
1962 return block;
1963 }
1964 }
1965
1966 return NULL;
1967}
1968
422148d3
DDAG		 1969/* Some of the softmmu routines need to translate from a host pointer
1970 (typically a TLB entry) back to a ram offset. */
1971MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1972{
1973 RAMBlock *block;
1974 ram_addr_t offset; /* Not used */
1975
1976 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1977
1978 if (!block) {
1979 return NULL;
1980 }
1981
1982 return block->mr;
e890261f 1983}
f471a17e 1984
a8170e5e 1985static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1986 uint64_t val, unsigned size)
9fa3e853 1987{
52159192 1988 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1989 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1990 }
0e0df1e2
AK		 1991 switch (size) {
1992 case 1:
1993 stb_p(qemu_get_ram_ptr(ram_addr), val);
1994 break;
1995 case 2:
1996 stw_p(qemu_get_ram_ptr(ram_addr), val);
1997 break;
1998 case 4:
1999 stl_p(qemu_get_ram_ptr(ram_addr), val);
2000 break;
2001 default:
2002 abort();
3a7d929e 2003 }
58d2707e
PB		 2004 /* Set both VGA and migration bits for simplicity and to remove
2005 * the notdirty callback faster.
2006 */
2007 cpu_physical_memory_set_dirty_range(ram_addr, size,
2008 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2009 /* we remove the notdirty callback only if the code has been
2010 flushed */
a2cd8c85 2011 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2012 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2013 }
9fa3e853
FB		 2014}
2015
b018ddf6
PB		 2016static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2017 unsigned size, bool is_write)
2018{
2019 return is_write;
2020}
2021
0e0df1e2 2022static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2023 .write = notdirty_mem_write,
b018ddf6 2024 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2025 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2026};
2027
0f459d16 2028/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2029static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2030{
93afeade
AF		 2031 CPUState *cpu = current_cpu;
2032 CPUArchState *env = cpu->env_ptr;
06d55cc1 2033 target_ulong pc, cs_base;
0f459d16 2034 target_ulong vaddr;
a1d1bb31 2035 CPUWatchpoint *wp;
06d55cc1 2036 int cpu_flags;
0f459d16 2037
ff4700b0 2038 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2039 /* We re-entered the check after replacing the TB. Now raise
2040 * the debug interrupt so that is will trigger after the
2041 * current instruction. */
93afeade 2042 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2043 return;
2044 }
93afeade 2045 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2046 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2047 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2048 && (wp->flags & flags)) {
08225676
PM		 2049 if (flags == BP_MEM_READ) {
2050 wp->flags |= BP_WATCHPOINT_HIT_READ;
2051 } else {
2052 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2053 }
2054 wp->hitaddr = vaddr;
66b9b43c 2055 wp->hitattrs = attrs;
ff4700b0
AF		 2056 if (!cpu->watchpoint_hit) {
2057 cpu->watchpoint_hit = wp;
239c51a5 2058 tb_check_watchpoint(cpu);
6e140f28 2059 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2060 cpu->exception_index = EXCP_DEBUG;
5638d180 2061 cpu_loop_exit(cpu);
6e140f28
AL		 2062 } else {
2063 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2064 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2065 cpu_resume_from_signal(cpu, NULL);
6e140f28 2066 }
06d55cc1 2067 }
6e140f28
AL		 2068 } else {
2069 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2070 }
2071 }
2072}
2073
6658ffb8
PB		 2074/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2075 so these check for a hit then pass through to the normal out-of-line
2076 phys routines. */
66b9b43c
PM		 2077static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2078 unsigned size, MemTxAttrs attrs)
6658ffb8 2079{
66b9b43c
PM		 2080 MemTxResult res;
2081 uint64_t data;
2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2084 switch (size) {
66b9b43c
PM		 2085 case 1:
2086 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2087 break;
2088 case 2:
2089 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2090 break;
2091 case 4:
2092 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2093 break;
1ec9b909
AK		 2094 default: abort();
2095 }
66b9b43c
PM		 2096 *pdata = data;
2097 return res;
6658ffb8
PB		 2098}
2099
66b9b43c
PM		 2100static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2101 uint64_t val, unsigned size,
2102 MemTxAttrs attrs)
6658ffb8 2103{
66b9b43c
PM		 2104 MemTxResult res;
2105
2106 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2107 switch (size) {
67364150 2108 case 1:
66b9b43c 2109 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2110 break;
2111 case 2:
66b9b43c 2112 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2113 break;
2114 case 4:
66b9b43c 2115 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2116 break;
1ec9b909
AK		 2117 default: abort();
2118 }
66b9b43c 2119 return res;
6658ffb8
PB		 2120}
2121
1ec9b909 2122static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2123 .read_with_attrs = watch_mem_read,
2124 .write_with_attrs = watch_mem_write,
1ec9b909 2125 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2126};
6658ffb8 2127
f25a49e0
PM		 2128static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2129 unsigned len, MemTxAttrs attrs)
db7b5426 2130{
acc9d80b 2131 subpage_t *subpage = opaque;
ff6cff75 2132 uint8_t buf[8];
5c9eb028 2133 MemTxResult res;
791af8c8 2134
db7b5426 2135#if defined(DEBUG_SUBPAGE)
016e9d62 2136 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2137 subpage, len, addr);
db7b5426 2138#endif
5c9eb028
PM		 2139 res = address_space_read(subpage->as, addr + subpage->base,
2140 attrs, buf, len);
2141 if (res) {
2142 return res;
f25a49e0 2143 }
acc9d80b
JK		 2144 switch (len) {
2145 case 1:
f25a49e0
PM		 2146 *data = ldub_p(buf);
2147 return MEMTX_OK;
acc9d80b 2148 case 2:
f25a49e0
PM		 2149 *data = lduw_p(buf);
2150 return MEMTX_OK;
acc9d80b 2151 case 4:
f25a49e0
PM		 2152 *data = ldl_p(buf);
2153 return MEMTX_OK;
ff6cff75 2154 case 8:
f25a49e0
PM		 2155 *data = ldq_p(buf);
2156 return MEMTX_OK;
acc9d80b
JK		 2157 default:
2158 abort();
2159 }
db7b5426
BS		 2160}
2161
f25a49e0
PM		 2162static MemTxResult subpage_write(void *opaque, hwaddr addr,
2163 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2164{
acc9d80b 2165 subpage_t *subpage = opaque;
ff6cff75 2166 uint8_t buf[8];
acc9d80b 2167
db7b5426 2168#if defined(DEBUG_SUBPAGE)
016e9d62 2169 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2170 " value %"PRIx64"\n",
2171 __func__, subpage, len, addr, value);
db7b5426 2172#endif
acc9d80b
JK		 2173 switch (len) {
2174 case 1:
2175 stb_p(buf, value);
2176 break;
2177 case 2:
2178 stw_p(buf, value);
2179 break;
2180 case 4:
2181 stl_p(buf, value);
2182 break;
ff6cff75
PB		 2183 case 8:
2184 stq_p(buf, value);
2185 break;
acc9d80b
JK		 2186 default:
2187 abort();
2188 }
5c9eb028
PM		 2189 return address_space_write(subpage->as, addr + subpage->base,
2190 attrs, buf, len);
db7b5426
BS		 2191}
2192
c353e4cc 2193static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2194 unsigned len, bool is_write)
c353e4cc 2195{
acc9d80b 2196 subpage_t *subpage = opaque;
c353e4cc 2197#if defined(DEBUG_SUBPAGE)
016e9d62 2198 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2199 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2200#endif
2201
acc9d80b 2202 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2203 len, is_write);
c353e4cc
PB		 2204}
2205
70c68e44 2206static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2207 .read_with_attrs = subpage_read,
2208 .write_with_attrs = subpage_write,
ff6cff75
PB		 2209 .impl.min_access_size = 1,
2210 .impl.max_access_size = 8,
2211 .valid.min_access_size = 1,
2212 .valid.max_access_size = 8,
c353e4cc 2213 .valid.accepts = subpage_accepts,
70c68e44 2214 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2215};
2216
c227f099 2217static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2218 uint16_t section)
db7b5426
BS		 2219{
2220 int idx, eidx;
2221
2222 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2223 return -1;
2224 idx = SUBPAGE_IDX(start);
2225 eidx = SUBPAGE_IDX(end);
2226#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2227 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2228 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2229#endif
db7b5426 2230 for (; idx <= eidx; idx++) {
5312bd8b 2231 mmio->sub_section[idx] = section;
db7b5426
BS		 2232 }
2233
2234 return 0;
2235}
2236
acc9d80b 2237static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2238{
c227f099 2239 subpage_t *mmio;
db7b5426 2240
7267c094 2241 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2242
acc9d80b 2243 mmio->as = as;
1eec614b 2244 mmio->base = base;
2c9b15ca 2245 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2246 NULL, TARGET_PAGE_SIZE);
b3b00c78 2247 mmio->iomem.subpage = true;
db7b5426 2248#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2249 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2250 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2251#endif
b41aac4f 2252 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2253
2254 return mmio;
2255}
2256
a656e22f
PC		 2257static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2258 MemoryRegion *mr)
5312bd8b 2259{
a656e22f 2260 assert(as);
5312bd8b 2261 MemoryRegionSection section = {
a656e22f 2262 .address_space = as,
5312bd8b
AK		 2263 .mr = mr,
2264 .offset_within_address_space = 0,
2265 .offset_within_region = 0,
052e87b0 2266 .size = int128_2_64(),
5312bd8b
AK		 2267 };
2268
53cb28cb 2269 return phys_section_add(map, &section);
5312bd8b
AK		 2270}
2271
9d82b5a7 2272MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2273{
32857f4d
PM		 2274 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2275 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2276 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2277
2278 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2279}
2280
e9179ce1
AK		 2281static void io_mem_init(void)
2282{
1f6245e5 2283 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2284 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2285 NULL, UINT64_MAX);
2c9b15ca 2286 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2287 NULL, UINT64_MAX);
2c9b15ca 2288 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2289 NULL, UINT64_MAX);
e9179ce1
AK		 2290}
2291
ac1970fb 2292static void mem_begin(MemoryListener *listener)
00752703
PB		 2293{
2294 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2295 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2296 uint16_t n;
2297
a656e22f 2298 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2299 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2300 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2301 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2302 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2303 assert(n == PHYS_SECTION_ROM);
a656e22f 2304 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2305 assert(n == PHYS_SECTION_WATCH);
00752703 2306
9736e55b 2307 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2308 d->as = as;
2309 as->next_dispatch = d;
2310}
2311
79e2b9ae
PB		 2312static void address_space_dispatch_free(AddressSpaceDispatch *d)
2313{
2314 phys_sections_free(&d->map);
2315 g_free(d);
2316}
2317
00752703 2318static void mem_commit(MemoryListener *listener)
ac1970fb 2319{
89ae337a 2320 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2321 AddressSpaceDispatch *cur = as->dispatch;
2322 AddressSpaceDispatch *next = as->next_dispatch;
2323
53cb28cb 2324 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2325
79e2b9ae 2326 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2327 if (cur) {
79e2b9ae 2328 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2329 }
9affd6fc
PB		 2330}
2331
1d71148e 2332static void tcg_commit(MemoryListener *listener)
50c1e149 2333{
32857f4d
PM		 2334 CPUAddressSpace *cpuas;
2335 AddressSpaceDispatch *d;
117712c3
AK		 2336
2337 /* since each CPU stores ram addresses in its TLB cache, we must
2338 reset the modified entries */
32857f4d
PM		 2339 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2340 cpu_reloading_memory_map();
2341 /* The CPU and TLB are protected by the iothread lock.
2342 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2343 * may have split the RCU critical section.
2344 */
2345 d = atomic_rcu_read(&cpuas->as->dispatch);
2346 cpuas->memory_dispatch = d;
2347 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2348}
2349
ac1970fb
AK		 2350void address_space_init_dispatch(AddressSpace *as)
2351{
00752703 2352 as->dispatch = NULL;
89ae337a 2353 as->dispatch_listener = (MemoryListener) {
ac1970fb 2354 .begin = mem_begin,
00752703 2355 .commit = mem_commit,
ac1970fb
AK		 2356 .region_add = mem_add,
2357 .region_nop = mem_add,
2358 .priority = 0,
2359 };
89ae337a 2360 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2361}
2362
6e48e8f9
PB		 2363void address_space_unregister(AddressSpace *as)
2364{
2365 memory_listener_unregister(&as->dispatch_listener);
2366}
2367
83f3c251
AK		 2368void address_space_destroy_dispatch(AddressSpace *as)
2369{
2370 AddressSpaceDispatch *d = as->dispatch;
2371
79e2b9ae
PB		 2372 atomic_rcu_set(&as->dispatch, NULL);
2373 if (d) {
2374 call_rcu(d, address_space_dispatch_free, rcu);
2375 }
83f3c251
AK		 2376}
2377
62152b8a
AK		 2378static void memory_map_init(void)
2379{
7267c094 2380 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2381
57271d63 2382 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2383 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2384
7267c094 2385 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2386 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2387 65536);
7dca8043 2388 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2389}
2390
2391MemoryRegion *get_system_memory(void)
2392{
2393 return system_memory;
2394}
2395
309cb471
AK		 2396MemoryRegion *get_system_io(void)
2397{
2398 return system_io;
2399}
2400
e2eef170
PB		 2401#endif /* !defined(CONFIG_USER_ONLY) */
2402
13eb76e0
FB		 2403/* physical memory access (slow version, mainly for debug) */
2404#if defined(CONFIG_USER_ONLY)
f17ec444 2405int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2406 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2407{
2408 int l, flags;
2409 target_ulong page;
53a5960a 2410 void * p;
13eb76e0
FB		 2411
2412 while (len > 0) {
2413 page = addr & TARGET_PAGE_MASK;
2414 l = (page + TARGET_PAGE_SIZE) - addr;
2415 if (l > len)
2416 l = len;
2417 flags = page_get_flags(page);
2418 if (!(flags & PAGE_VALID))
a68fe89c 2419 return -1;
13eb76e0
FB		 2420 if (is_write) {
2421 if (!(flags & PAGE_WRITE))
a68fe89c 2422 return -1;
579a97f7 2423 /* XXX: this code should not depend on lock_user */
72fb7daa 2424 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2425 return -1;
72fb7daa
AJ		 2426 memcpy(p, buf, l);
2427 unlock_user(p, addr, l);
13eb76e0
FB		 2428 } else {
2429 if (!(flags & PAGE_READ))
a68fe89c 2430 return -1;
579a97f7 2431 /* XXX: this code should not depend on lock_user */
72fb7daa 2432 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2433 return -1;
72fb7daa 2434 memcpy(buf, p, l);
5b257578 2435 unlock_user(p, addr, 0);
13eb76e0
FB		 2436 }
2437 len -= l;
2438 buf += l;
2439 addr += l;
2440 }
a68fe89c 2441 return 0;
13eb76e0 2442}
8df1cd07 2443
13eb76e0 2444#else
51d7a9eb 2445
845b6214 2446static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2447 hwaddr length)
51d7a9eb 2448{
e87f7778
PB		 2449 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2450 /* No early return if dirty_log_mask is or becomes 0, because
2451 * cpu_physical_memory_set_dirty_range will still call
2452 * xen_modified_memory.
2453 */
2454 if (dirty_log_mask) {
2455 dirty_log_mask =
2456 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2457 }
2458 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2459 tb_invalidate_phys_range(addr, addr + length);
2460 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2461 }
e87f7778 2462 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2463}
2464
23326164 2465static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2466{
e1622f4b 2467 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2468
2469 /* Regions are assumed to support 1-4 byte accesses unless
2470 otherwise specified. */
23326164
RH		 2471 if (access_size_max == 0) {
2472 access_size_max = 4;
2473 }
2474
2475 /* Bound the maximum access by the alignment of the address. */
2476 if (!mr->ops->impl.unaligned) {
2477 unsigned align_size_max = addr & -addr;
2478 if (align_size_max != 0 && align_size_max < access_size_max) {
2479 access_size_max = align_size_max;
2480 }
82f2563f 2481 }
23326164
RH		 2482
2483 /* Don't attempt accesses larger than the maximum. */
2484 if (l > access_size_max) {
2485 l = access_size_max;
82f2563f 2486 }
6554f5c0 2487 l = pow2floor(l);
23326164
RH		 2488
2489 return l;
82f2563f
PB		 2490}
2491
4840f10e 2492static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2493{
4840f10e
JK		 2494 bool unlocked = !qemu_mutex_iothread_locked();
2495 bool release_lock = false;
2496
2497 if (unlocked && mr->global_locking) {
2498 qemu_mutex_lock_iothread();
2499 unlocked = false;
2500 release_lock = true;
2501 }
125b3806 2502 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2503 if (unlocked) {
2504 qemu_mutex_lock_iothread();
2505 }
125b3806 2506 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2507 if (unlocked) {
2508 qemu_mutex_unlock_iothread();
2509 }
125b3806 2510 }
4840f10e
JK		 2511
2512 return release_lock;
125b3806
PB		 2513}
2514
5c9eb028
PM		 2515MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2516 uint8_t *buf, int len, bool is_write)
13eb76e0 2517{
149f54b5 2518 hwaddr l;
13eb76e0 2519 uint8_t *ptr;
791af8c8 2520 uint64_t val;
149f54b5 2521 hwaddr addr1;
5c8a00ce 2522 MemoryRegion *mr;
3b643495 2523 MemTxResult result = MEMTX_OK;
4840f10e 2524 bool release_lock = false;
3b46e624 2525
41063e1e 2526 rcu_read_lock();
13eb76e0 2527 while (len > 0) {
149f54b5 2528 l = len;
5c8a00ce 2529 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2530
13eb76e0 2531 if (is_write) {
5c8a00ce 2532 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2533 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2534 l = memory_access_size(mr, l, addr1);
4917cf44 2535 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2536 potential bugs */
23326164
RH		 2537 switch (l) {
2538 case 8:
2539 /* 64 bit write access */
2540 val = ldq_p(buf);
3b643495
PM		 2541 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2542 attrs);
23326164
RH		 2543 break;
2544 case 4:
1c213d19 2545 /* 32 bit write access */
c27004ec 2546 val = ldl_p(buf);
3b643495
PM		 2547 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2548 attrs);
23326164
RH		 2549 break;
2550 case 2:
1c213d19 2551 /* 16 bit write access */
c27004ec 2552 val = lduw_p(buf);
3b643495
PM		 2553 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2554 attrs);
23326164
RH		 2555 break;
2556 case 1:
1c213d19 2557 /* 8 bit write access */
c27004ec 2558 val = ldub_p(buf);
3b643495
PM		 2559 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2560 attrs);
23326164
RH		 2561 break;
2562 default:
2563 abort();
13eb76e0 2564 }
2bbfa05d 2565 } else {
5c8a00ce 2566 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2567 /* RAM case */
5579c7f3 2568 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2569 memcpy(ptr, buf, l);
845b6214 2570 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2571 }
2572 } else {
5c8a00ce 2573 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2574 /* I/O case */
4840f10e 2575 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2576 l = memory_access_size(mr, l, addr1);
23326164
RH		 2577 switch (l) {
2578 case 8:
2579 /* 64 bit read access */
3b643495
PM		 2580 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2581 attrs);
23326164
RH		 2582 stq_p(buf, val);
2583 break;
2584 case 4:
13eb76e0 2585 /* 32 bit read access */
3b643495
PM		 2586 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2587 attrs);
c27004ec 2588 stl_p(buf, val);
23326164
RH		 2589 break;
2590 case 2:
13eb76e0 2591 /* 16 bit read access */
3b643495
PM		 2592 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2593 attrs);
c27004ec 2594 stw_p(buf, val);
23326164
RH		 2595 break;
2596 case 1:
1c213d19 2597 /* 8 bit read access */
3b643495
PM		 2598 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2599 attrs);
c27004ec 2600 stb_p(buf, val);
23326164
RH		 2601 break;
2602 default:
2603 abort();
13eb76e0
FB		 2604 }
2605 } else {
2606 /* RAM case */
5c8a00ce 2607 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2608 memcpy(buf, ptr, l);
13eb76e0
FB		 2609 }
2610 }
4840f10e
JK		 2611
2612 if (release_lock) {
2613 qemu_mutex_unlock_iothread();
2614 release_lock = false;
2615 }
2616
13eb76e0
FB		 2617 len -= l;
2618 buf += l;
2619 addr += l;
2620 }
41063e1e 2621 rcu_read_unlock();
fd8aaa76 2622
3b643495 2623 return result;
13eb76e0 2624}
8df1cd07 2625
5c9eb028
PM		 2626MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2627 const uint8_t *buf, int len)
ac1970fb 2628{
5c9eb028 2629 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2630}
2631
5c9eb028
PM		 2632MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2633 uint8_t *buf, int len)
ac1970fb 2634{
5c9eb028 2635 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2636}
2637
2638
a8170e5e 2639void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2640 int len, int is_write)
2641{
5c9eb028
PM		 2642 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2643 buf, len, is_write);
ac1970fb
AK		 2644}
2645
582b55a9
AG		 2646enum write_rom_type {
2647 WRITE_DATA,
2648 FLUSH_CACHE,
2649};
2650
2a221651 2651static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2652 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2653{
149f54b5 2654 hwaddr l;
d0ecd2aa 2655 uint8_t *ptr;
149f54b5 2656 hwaddr addr1;
5c8a00ce 2657 MemoryRegion *mr;
3b46e624 2658
41063e1e 2659 rcu_read_lock();
d0ecd2aa 2660 while (len > 0) {
149f54b5 2661 l = len;
2a221651 2662 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2663
5c8a00ce
PB		 2664 if (!(memory_region_is_ram(mr) ||
2665 memory_region_is_romd(mr))) {
b242e0e0 2666 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2667 } else {
5c8a00ce 2668 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2669 /* ROM/RAM case */
5579c7f3 2670 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2671 switch (type) {
2672 case WRITE_DATA:
2673 memcpy(ptr, buf, l);
845b6214 2674 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2675 break;
2676 case FLUSH_CACHE:
2677 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2678 break;
2679 }
d0ecd2aa
FB		 2680 }
2681 len -= l;
2682 buf += l;
2683 addr += l;
2684 }
41063e1e 2685 rcu_read_unlock();
d0ecd2aa
FB		 2686}
2687
582b55a9 2688/* used for ROM loading : can write in RAM and ROM */
2a221651 2689void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2690 const uint8_t *buf, int len)
2691{
2a221651 2692 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2693}
2694
2695void cpu_flush_icache_range(hwaddr start, int len)
2696{
2697 /*
2698 * This function should do the same thing as an icache flush that was
2699 * triggered from within the guest. For TCG we are always cache coherent,
2700 * so there is no need to flush anything. For KVM / Xen we need to flush
2701 * the host's instruction cache at least.
2702 */
2703 if (tcg_enabled()) {
2704 return;
2705 }
2706
2a221651
EI		 2707 cpu_physical_memory_write_rom_internal(&address_space_memory,
2708 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2709}
2710
6d16c2f8 2711typedef struct {
d3e71559 2712 MemoryRegion *mr;
6d16c2f8 2713 void *buffer;
a8170e5e
AK		 2714 hwaddr addr;
2715 hwaddr len;
c2cba0ff 2716 bool in_use;
6d16c2f8
AL		 2717} BounceBuffer;
2718
2719static BounceBuffer bounce;
2720
ba223c29 2721typedef struct MapClient {
e95205e1 2722 QEMUBH *bh;
72cf2d4f 2723 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2724} MapClient;
2725
38e047b5 2726QemuMutex map_client_list_lock;
72cf2d4f
BS		 2727static QLIST_HEAD(map_client_list, MapClient) map_client_list
2728 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2729
e95205e1
FZ		 2730static void cpu_unregister_map_client_do(MapClient *client)
2731{
2732 QLIST_REMOVE(client, link);
2733 g_free(client);
2734}
2735
33b6c2ed
FZ		 2736static void cpu_notify_map_clients_locked(void)
2737{
2738 MapClient *client;
2739
2740 while (!QLIST_EMPTY(&map_client_list)) {
2741 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2742 qemu_bh_schedule(client->bh);
2743 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2744 }
2745}
2746
e95205e1 2747void cpu_register_map_client(QEMUBH *bh)
ba223c29 2748{
7267c094 2749 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2750
38e047b5 2751 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2752 client->bh = bh;
72cf2d4f 2753 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2754 if (!atomic_read(&bounce.in_use)) {
2755 cpu_notify_map_clients_locked();
2756 }
38e047b5 2757 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2758}
2759
38e047b5 2760void cpu_exec_init_all(void)
ba223c29 2761{
38e047b5 2762 qemu_mutex_init(&ram_list.mutex);
38e047b5 2763 io_mem_init();
680a4783 2764 memory_map_init();
38e047b5 2765 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2766}
2767
e95205e1 2768void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2769{
2770 MapClient *client;
2771
e95205e1
FZ		 2772 qemu_mutex_lock(&map_client_list_lock);
2773 QLIST_FOREACH(client, &map_client_list, link) {
2774 if (client->bh == bh) {
2775 cpu_unregister_map_client_do(client);
2776 break;
2777 }
ba223c29 2778 }
e95205e1 2779 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2780}
2781
2782static void cpu_notify_map_clients(void)
2783{
38e047b5 2784 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2785 cpu_notify_map_clients_locked();
38e047b5 2786 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2787}
2788
51644ab7
PB		 2789bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2790{
5c8a00ce 2791 MemoryRegion *mr;
51644ab7
PB		 2792 hwaddr l, xlat;
2793
41063e1e 2794 rcu_read_lock();
51644ab7
PB		 2795 while (len > 0) {
2796 l = len;
5c8a00ce
PB		 2797 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2798 if (!memory_access_is_direct(mr, is_write)) {
2799 l = memory_access_size(mr, l, addr);
2800 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2801 return false;
2802 }
2803 }
2804
2805 len -= l;
2806 addr += l;
2807 }
41063e1e 2808 rcu_read_unlock();
51644ab7
PB		 2809 return true;
2810}
2811
6d16c2f8
AL		 2812/* Map a physical memory region into a host virtual address.
2813 * May map a subset of the requested range, given by and returned in *plen.
2814 * May return NULL if resources needed to perform the mapping are exhausted.
2815 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2816 * Use cpu_register_map_client() to know when retrying the map operation is
2817 * likely to succeed.
6d16c2f8 2818 */
ac1970fb 2819void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2820 hwaddr addr,
2821 hwaddr *plen,
ac1970fb 2822 bool is_write)
6d16c2f8 2823{
a8170e5e 2824 hwaddr len = *plen;
e3127ae0
PB		 2825 hwaddr done = 0;
2826 hwaddr l, xlat, base;
2827 MemoryRegion *mr, *this_mr;
2828 ram_addr_t raddr;
6d16c2f8 2829
e3127ae0
PB		 2830 if (len == 0) {
2831 return NULL;
2832 }
38bee5dc 2833
e3127ae0 2834 l = len;
41063e1e 2835 rcu_read_lock();
e3127ae0 2836 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2837
e3127ae0 2838 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2839 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2840 rcu_read_unlock();
e3127ae0 2841 return NULL;
6d16c2f8 2842 }
e85d9db5
KW		 2843 /* Avoid unbounded allocations */
2844 l = MIN(l, TARGET_PAGE_SIZE);
2845 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2846 bounce.addr = addr;
2847 bounce.len = l;
d3e71559
PB		 2848
2849 memory_region_ref(mr);
2850 bounce.mr = mr;
e3127ae0 2851 if (!is_write) {
5c9eb028
PM		 2852 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2853 bounce.buffer, l);
8ab934f9 2854 }
6d16c2f8 2855
41063e1e 2856 rcu_read_unlock();
e3127ae0
PB		 2857 *plen = l;
2858 return bounce.buffer;
2859 }
2860
2861 base = xlat;
2862 raddr = memory_region_get_ram_addr(mr);
2863
2864 for (;;) {
6d16c2f8
AL		 2865 len -= l;
2866 addr += l;
e3127ae0
PB		 2867 done += l;
2868 if (len == 0) {
2869 break;
2870 }
2871
2872 l = len;
2873 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2874 if (this_mr != mr || xlat != base + done) {
2875 break;
2876 }
6d16c2f8 2877 }
e3127ae0 2878
d3e71559 2879 memory_region_ref(mr);
41063e1e 2880 rcu_read_unlock();
e3127ae0
PB		 2881 *plen = done;
2882 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2883}
2884
ac1970fb 2885/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2886 * Will also mark the memory as dirty if is_write == 1. access_len gives
2887 * the amount of memory that was actually read or written by the caller.
2888 */
a8170e5e
AK		 2889void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2890 int is_write, hwaddr access_len)
6d16c2f8
AL		 2891{
2892 if (buffer != bounce.buffer) {
d3e71559
PB		 2893 MemoryRegion *mr;
2894 ram_addr_t addr1;
2895
2896 mr = qemu_ram_addr_from_host(buffer, &addr1);
2897 assert(mr != NULL);
6d16c2f8 2898 if (is_write) {
845b6214 2899 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2900 }
868bb33f 2901 if (xen_enabled()) {
e41d7c69 2902 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2903 }
d3e71559 2904 memory_region_unref(mr);
6d16c2f8
AL		 2905 return;
2906 }
2907 if (is_write) {
5c9eb028
PM		 2908 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2909 bounce.buffer, access_len);
6d16c2f8 2910 }
f8a83245 2911 qemu_vfree(bounce.buffer);
6d16c2f8 2912 bounce.buffer = NULL;
d3e71559 2913 memory_region_unref(bounce.mr);
c2cba0ff 2914 atomic_mb_set(&bounce.in_use, false);
ba223c29 2915 cpu_notify_map_clients();
6d16c2f8 2916}
d0ecd2aa 2917
a8170e5e
AK		 2918void *cpu_physical_memory_map(hwaddr addr,
2919 hwaddr *plen,
ac1970fb
AK		 2920 int is_write)
2921{
2922 return address_space_map(&address_space_memory, addr, plen, is_write);
2923}
2924
a8170e5e
AK		 2925void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2926 int is_write, hwaddr access_len)
ac1970fb
AK		 2927{
2928 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2929}
2930
8df1cd07 2931/* warning: addr must be aligned */
50013115
PM		 2932static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2933 MemTxAttrs attrs,
2934 MemTxResult *result,
2935 enum device_endian endian)
8df1cd07 2936{
8df1cd07 2937 uint8_t *ptr;
791af8c8 2938 uint64_t val;
5c8a00ce 2939 MemoryRegion *mr;
149f54b5
PB		 2940 hwaddr l = 4;
2941 hwaddr addr1;
50013115 2942 MemTxResult r;
4840f10e 2943 bool release_lock = false;
8df1cd07 2944
41063e1e 2945 rcu_read_lock();
fdfba1a2 2946 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2947 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2948 release_lock |= prepare_mmio_access(mr);
125b3806 2949
8df1cd07 2950 /* I/O case */
50013115 2951 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2952#if defined(TARGET_WORDS_BIGENDIAN)
2953 if (endian == DEVICE_LITTLE_ENDIAN) {
2954 val = bswap32(val);
2955 }
2956#else
2957 if (endian == DEVICE_BIG_ENDIAN) {
2958 val = bswap32(val);
2959 }
2960#endif
8df1cd07
FB		 2961 } else {
2962 /* RAM case */
5c8a00ce 2963 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2964 & TARGET_PAGE_MASK)
149f54b5 2965 + addr1);
1e78bcc1
AG		 2966 switch (endian) {
2967 case DEVICE_LITTLE_ENDIAN:
2968 val = ldl_le_p(ptr);
2969 break;
2970 case DEVICE_BIG_ENDIAN:
2971 val = ldl_be_p(ptr);
2972 break;
2973 default:
2974 val = ldl_p(ptr);
2975 break;
2976 }
50013115
PM		 2977 r = MEMTX_OK;
2978 }
2979 if (result) {
2980 *result = r;
8df1cd07 2981 }
4840f10e
JK		 2982 if (release_lock) {
2983 qemu_mutex_unlock_iothread();
2984 }
41063e1e 2985 rcu_read_unlock();
8df1cd07
FB		 2986 return val;
2987}
2988
50013115
PM		 2989uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2990 MemTxAttrs attrs, MemTxResult *result)
2991{
2992 return address_space_ldl_internal(as, addr, attrs, result,
2993 DEVICE_NATIVE_ENDIAN);
2994}
2995
2996uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2997 MemTxAttrs attrs, MemTxResult *result)
2998{
2999 return address_space_ldl_internal(as, addr, attrs, result,
3000 DEVICE_LITTLE_ENDIAN);
3001}
3002
3003uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3004 MemTxAttrs attrs, MemTxResult *result)
3005{
3006 return address_space_ldl_internal(as, addr, attrs, result,
3007 DEVICE_BIG_ENDIAN);
3008}
3009
fdfba1a2 3010uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3011{
50013115 3012 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3013}
3014
fdfba1a2 3015uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3016{
50013115 3017 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3018}
3019
fdfba1a2 3020uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3021{
50013115 3022 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3023}
3024
84b7b8e7 3025/* warning: addr must be aligned */
50013115
PM		 3026static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3027 MemTxAttrs attrs,
3028 MemTxResult *result,
3029 enum device_endian endian)
84b7b8e7 3030{
84b7b8e7
FB		 3031 uint8_t *ptr;
3032 uint64_t val;
5c8a00ce 3033 MemoryRegion *mr;
149f54b5
PB		 3034 hwaddr l = 8;
3035 hwaddr addr1;
50013115 3036 MemTxResult r;
4840f10e 3037 bool release_lock = false;
84b7b8e7 3038
41063e1e 3039 rcu_read_lock();
2c17449b 3040 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3041 false);
3042 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3043 release_lock |= prepare_mmio_access(mr);
125b3806 3044
84b7b8e7 3045 /* I/O case */
50013115 3046 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3047#if defined(TARGET_WORDS_BIGENDIAN)
3048 if (endian == DEVICE_LITTLE_ENDIAN) {
3049 val = bswap64(val);
3050 }
3051#else
3052 if (endian == DEVICE_BIG_ENDIAN) {
3053 val = bswap64(val);
3054 }
84b7b8e7
FB		 3055#endif
3056 } else {
3057 /* RAM case */
5c8a00ce 3058 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3059 & TARGET_PAGE_MASK)
149f54b5 3060 + addr1);
1e78bcc1
AG		 3061 switch (endian) {
3062 case DEVICE_LITTLE_ENDIAN:
3063 val = ldq_le_p(ptr);
3064 break;
3065 case DEVICE_BIG_ENDIAN:
3066 val = ldq_be_p(ptr);
3067 break;
3068 default:
3069 val = ldq_p(ptr);
3070 break;
3071 }
50013115
PM		 3072 r = MEMTX_OK;
3073 }
3074 if (result) {
3075 *result = r;
84b7b8e7 3076 }
4840f10e
JK		 3077 if (release_lock) {
3078 qemu_mutex_unlock_iothread();
3079 }
41063e1e 3080 rcu_read_unlock();
84b7b8e7
FB		 3081 return val;
3082}
3083
50013115
PM		 3084uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3085 MemTxAttrs attrs, MemTxResult *result)
3086{
3087 return address_space_ldq_internal(as, addr, attrs, result,
3088 DEVICE_NATIVE_ENDIAN);
3089}
3090
3091uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3092 MemTxAttrs attrs, MemTxResult *result)
3093{
3094 return address_space_ldq_internal(as, addr, attrs, result,
3095 DEVICE_LITTLE_ENDIAN);
3096}
3097
3098uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3099 MemTxAttrs attrs, MemTxResult *result)
3100{
3101 return address_space_ldq_internal(as, addr, attrs, result,
3102 DEVICE_BIG_ENDIAN);
3103}
3104
2c17449b 3105uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3106{
50013115 3107 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3108}
3109
2c17449b 3110uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3111{
50013115 3112 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3113}
3114
2c17449b 3115uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3116{
50013115 3117 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3118}
3119
aab33094 3120/* XXX: optimize */
50013115
PM		 3121uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3122 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3123{
3124 uint8_t val;
50013115
PM		 3125 MemTxResult r;
3126
3127 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3128 if (result) {
3129 *result = r;
3130 }
aab33094
FB		 3131 return val;
3132}
3133
50013115
PM		 3134uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3135{
3136 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3137}
3138
733f0b02 3139/* warning: addr must be aligned */
50013115
PM		 3140static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3141 hwaddr addr,
3142 MemTxAttrs attrs,
3143 MemTxResult *result,
3144 enum device_endian endian)
aab33094 3145{
733f0b02
MT		 3146 uint8_t *ptr;
3147 uint64_t val;
5c8a00ce 3148 MemoryRegion *mr;
149f54b5
PB		 3149 hwaddr l = 2;
3150 hwaddr addr1;
50013115 3151 MemTxResult r;
4840f10e 3152 bool release_lock = false;
733f0b02 3153
41063e1e 3154 rcu_read_lock();
41701aa4 3155 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3156 false);
3157 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3158 release_lock |= prepare_mmio_access(mr);
125b3806 3159
733f0b02 3160 /* I/O case */
50013115 3161 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3162#if defined(TARGET_WORDS_BIGENDIAN)
3163 if (endian == DEVICE_LITTLE_ENDIAN) {
3164 val = bswap16(val);
3165 }
3166#else
3167 if (endian == DEVICE_BIG_ENDIAN) {
3168 val = bswap16(val);
3169 }
3170#endif
733f0b02
MT		 3171 } else {
3172 /* RAM case */
5c8a00ce 3173 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3174 & TARGET_PAGE_MASK)
149f54b5 3175 + addr1);
1e78bcc1
AG		 3176 switch (endian) {
3177 case DEVICE_LITTLE_ENDIAN:
3178 val = lduw_le_p(ptr);
3179 break;
3180 case DEVICE_BIG_ENDIAN:
3181 val = lduw_be_p(ptr);
3182 break;
3183 default:
3184 val = lduw_p(ptr);
3185 break;
3186 }
50013115
PM		 3187 r = MEMTX_OK;
3188 }
3189 if (result) {
3190 *result = r;
733f0b02 3191 }
4840f10e
JK		 3192 if (release_lock) {
3193 qemu_mutex_unlock_iothread();
3194 }
41063e1e 3195 rcu_read_unlock();
733f0b02 3196 return val;
aab33094
FB		 3197}
3198
50013115
PM		 3199uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3200 MemTxAttrs attrs, MemTxResult *result)
3201{
3202 return address_space_lduw_internal(as, addr, attrs, result,
3203 DEVICE_NATIVE_ENDIAN);
3204}
3205
3206uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3207 MemTxAttrs attrs, MemTxResult *result)
3208{
3209 return address_space_lduw_internal(as, addr, attrs, result,
3210 DEVICE_LITTLE_ENDIAN);
3211}
3212
3213uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3214 MemTxAttrs attrs, MemTxResult *result)
3215{
3216 return address_space_lduw_internal(as, addr, attrs, result,
3217 DEVICE_BIG_ENDIAN);
3218}
3219
41701aa4 3220uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3221{
50013115 3222 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3223}
3224
41701aa4 3225uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3226{
50013115 3227 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3228}
3229
41701aa4 3230uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3231{
50013115 3232 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3233}
3234
8df1cd07
FB		 3235/* warning: addr must be aligned. The ram page is not masked as dirty
3236 and the code inside is not invalidated. It is useful if the dirty
3237 bits are used to track modified PTEs */
50013115
PM		 3238void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3239 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3240{
8df1cd07 3241 uint8_t *ptr;
5c8a00ce 3242 MemoryRegion *mr;
149f54b5
PB		 3243 hwaddr l = 4;
3244 hwaddr addr1;
50013115 3245 MemTxResult r;
845b6214 3246 uint8_t dirty_log_mask;
4840f10e 3247 bool release_lock = false;
8df1cd07 3248
41063e1e 3249 rcu_read_lock();
2198a121 3250 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3251 true);
3252 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3253 release_lock |= prepare_mmio_access(mr);
125b3806 3254
50013115 3255 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3256 } else {
5c8a00ce 3257 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3258 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3259 stl_p(ptr, val);
74576198 3260
845b6214
PB		 3261 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3262 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3263 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3264 r = MEMTX_OK;
3265 }
3266 if (result) {
3267 *result = r;
8df1cd07 3268 }
4840f10e
JK		 3269 if (release_lock) {
3270 qemu_mutex_unlock_iothread();
3271 }
41063e1e 3272 rcu_read_unlock();
8df1cd07
FB		 3273}
3274
50013115
PM		 3275void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3276{
3277 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3278}
3279
8df1cd07 3280/* warning: addr must be aligned */
50013115
PM		 3281static inline void address_space_stl_internal(AddressSpace *as,
3282 hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs,
3284 MemTxResult *result,
3285 enum device_endian endian)
8df1cd07 3286{
8df1cd07 3287 uint8_t *ptr;
5c8a00ce 3288 MemoryRegion *mr;
149f54b5
PB		 3289 hwaddr l = 4;
3290 hwaddr addr1;
50013115 3291 MemTxResult r;
4840f10e 3292 bool release_lock = false;
8df1cd07 3293
41063e1e 3294 rcu_read_lock();
ab1da857 3295 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3296 true);
3297 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3298 release_lock |= prepare_mmio_access(mr);
125b3806 3299
1e78bcc1
AG		 3300#if defined(TARGET_WORDS_BIGENDIAN)
3301 if (endian == DEVICE_LITTLE_ENDIAN) {
3302 val = bswap32(val);
3303 }
3304#else
3305 if (endian == DEVICE_BIG_ENDIAN) {
3306 val = bswap32(val);
3307 }
3308#endif
50013115 3309 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3310 } else {
8df1cd07 3311 /* RAM case */
5c8a00ce 3312 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3313 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3314 switch (endian) {
3315 case DEVICE_LITTLE_ENDIAN:
3316 stl_le_p(ptr, val);
3317 break;
3318 case DEVICE_BIG_ENDIAN:
3319 stl_be_p(ptr, val);
3320 break;
3321 default:
3322 stl_p(ptr, val);
3323 break;
3324 }
845b6214 3325 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3326 r = MEMTX_OK;
3327 }
3328 if (result) {
3329 *result = r;
8df1cd07 3330 }
4840f10e
JK		 3331 if (release_lock) {
3332 qemu_mutex_unlock_iothread();
3333 }
41063e1e 3334 rcu_read_unlock();
8df1cd07
FB		 3335}
3336
50013115
PM		 3337void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3338 MemTxAttrs attrs, MemTxResult *result)
3339{
3340 address_space_stl_internal(as, addr, val, attrs, result,
3341 DEVICE_NATIVE_ENDIAN);
3342}
3343
3344void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3345 MemTxAttrs attrs, MemTxResult *result)
3346{
3347 address_space_stl_internal(as, addr, val, attrs, result,
3348 DEVICE_LITTLE_ENDIAN);
3349}
3350
3351void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3352 MemTxAttrs attrs, MemTxResult *result)
3353{
3354 address_space_stl_internal(as, addr, val, attrs, result,
3355 DEVICE_BIG_ENDIAN);
3356}
3357
ab1da857 3358void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3359{
50013115 3360 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3361}
3362
ab1da857 3363void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3364{
50013115 3365 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3366}
3367
ab1da857 3368void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3369{
50013115 3370 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3371}
3372
aab33094 3373/* XXX: optimize */
50013115
PM		 3374void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3375 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3376{
3377 uint8_t v = val;
50013115
PM		 3378 MemTxResult r;
3379
3380 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3381 if (result) {
3382 *result = r;
3383 }
3384}
3385
3386void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3387{
3388 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3389}
3390
733f0b02 3391/* warning: addr must be aligned */
50013115
PM		 3392static inline void address_space_stw_internal(AddressSpace *as,
3393 hwaddr addr, uint32_t val,
3394 MemTxAttrs attrs,
3395 MemTxResult *result,
3396 enum device_endian endian)
aab33094 3397{
733f0b02 3398 uint8_t *ptr;
5c8a00ce 3399 MemoryRegion *mr;
149f54b5
PB		 3400 hwaddr l = 2;
3401 hwaddr addr1;
50013115 3402 MemTxResult r;
4840f10e 3403 bool release_lock = false;
733f0b02 3404
41063e1e 3405 rcu_read_lock();
5ce5944d 3406 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3407 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3408 release_lock |= prepare_mmio_access(mr);
125b3806 3409
1e78bcc1
AG		 3410#if defined(TARGET_WORDS_BIGENDIAN)
3411 if (endian == DEVICE_LITTLE_ENDIAN) {
3412 val = bswap16(val);
3413 }
3414#else
3415 if (endian == DEVICE_BIG_ENDIAN) {
3416 val = bswap16(val);
3417 }
3418#endif
50013115 3419 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3420 } else {
733f0b02 3421 /* RAM case */
5c8a00ce 3422 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3423 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3424 switch (endian) {
3425 case DEVICE_LITTLE_ENDIAN:
3426 stw_le_p(ptr, val);
3427 break;
3428 case DEVICE_BIG_ENDIAN:
3429 stw_be_p(ptr, val);
3430 break;
3431 default:
3432 stw_p(ptr, val);
3433 break;
3434 }
845b6214 3435 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3436 r = MEMTX_OK;
3437 }
3438 if (result) {
3439 *result = r;
733f0b02 3440 }
4840f10e
JK		 3441 if (release_lock) {
3442 qemu_mutex_unlock_iothread();
3443 }
41063e1e 3444 rcu_read_unlock();
aab33094
FB		 3445}
3446
50013115
PM		 3447void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3448 MemTxAttrs attrs, MemTxResult *result)
3449{
3450 address_space_stw_internal(as, addr, val, attrs, result,
3451 DEVICE_NATIVE_ENDIAN);
3452}
3453
3454void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3455 MemTxAttrs attrs, MemTxResult *result)
3456{
3457 address_space_stw_internal(as, addr, val, attrs, result,
3458 DEVICE_LITTLE_ENDIAN);
3459}
3460
3461void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3462 MemTxAttrs attrs, MemTxResult *result)
3463{
3464 address_space_stw_internal(as, addr, val, attrs, result,
3465 DEVICE_BIG_ENDIAN);
3466}
3467
5ce5944d 3468void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3469{
50013115 3470 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3471}
3472
5ce5944d 3473void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3474{
50013115 3475 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3476}
3477
5ce5944d 3478void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3479{
50013115 3480 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3481}
3482
aab33094 3483/* XXX: optimize */
50013115
PM		 3484void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3485 MemTxAttrs attrs, MemTxResult *result)
aab33094 3486{
50013115 3487 MemTxResult r;
aab33094 3488 val = tswap64(val);
50013115
PM		 3489 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3490 if (result) {
3491 *result = r;
3492 }
aab33094
FB		 3493}
3494
50013115
PM		 3495void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3497{
50013115 3498 MemTxResult r;
1e78bcc1 3499 val = cpu_to_le64(val);
50013115
PM		 3500 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3501 if (result) {
3502 *result = r;
3503 }
3504}
3505void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3506 MemTxAttrs attrs, MemTxResult *result)
3507{
3508 MemTxResult r;
3509 val = cpu_to_be64(val);
3510 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3511 if (result) {
3512 *result = r;
3513 }
3514}
3515
3516void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3517{
3518 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3519}
3520
3521void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3522{
3523 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3524}
3525
f606604f 3526void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3527{
50013115 3528 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3529}
3530
5e2972fd 3531/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3532int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3533 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3534{
3535 int l;
a8170e5e 3536 hwaddr phys_addr;
9b3c35e0 3537 target_ulong page;
13eb76e0
FB		 3538
3539 while (len > 0) {
3540 page = addr & TARGET_PAGE_MASK;
f17ec444 3541 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3542 /* if no physical page mapped, return an error */
3543 if (phys_addr == -1)
3544 return -1;
3545 l = (page + TARGET_PAGE_SIZE) - addr;
3546 if (l > len)
3547 l = len;
5e2972fd 3548 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3549 if (is_write) {
3550 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3551 } else {
5c9eb028
PM		 3552 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3553 buf, l, 0);
2e38847b 3554 }
13eb76e0
FB		 3555 len -= l;
3556 buf += l;
3557 addr += l;
3558 }
3559 return 0;
3560}
038629a6
DDAG		 3561
3562/*
3563 * Allows code that needs to deal with migration bitmaps etc to still be built
3564 * target independent.
3565 */
3566size_t qemu_target_page_bits(void)
3567{
3568 return TARGET_PAGE_BITS;
3569}
3570
a68fe89c 3571#endif
13eb76e0 3572
8e4a424b
BS		 3573/*
3574 * A helper function for the _utterly broken_ virtio device model to find out if
3575 * it's running on a big endian machine. Don't do this at home kids!
3576 */
98ed8ecf
GK		 3577bool target_words_bigendian(void);
3578bool target_words_bigendian(void)
8e4a424b
BS		 3579{
3580#if defined(TARGET_WORDS_BIGENDIAN)
3581 return true;
3582#else
3583 return false;
3584#endif
3585}
3586
76f35538 3587#ifndef CONFIG_USER_ONLY
a8170e5e 3588bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3589{
5c8a00ce 3590 MemoryRegion*mr;
149f54b5 3591 hwaddr l = 1;
41063e1e 3592 bool res;
76f35538 3593
41063e1e 3594 rcu_read_lock();
5c8a00ce
PB		 3595 mr = address_space_translate(&address_space_memory,
3596 phys_addr, &phys_addr, &l, false);
76f35538 3597
41063e1e
PB		 3598 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3599 rcu_read_unlock();
3600 return res;
76f35538 3601}
bd2fa51f 3602
e3807054 3603int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3604{
3605 RAMBlock *block;
e3807054 3606 int ret = 0;
bd2fa51f 3607
0dc3f44a
MD		 3608 rcu_read_lock();
3609 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3610 ret = func(block->idstr, block->host, block->offset,
3611 block->used_length, opaque);
3612 if (ret) {
3613 break;
3614 }
bd2fa51f 3615 }
0dc3f44a 3616 rcu_read_unlock();
e3807054 3617 return ret;
bd2fa51f 3618}
ec3f8c99 3619#endif
Empty description
This page took 1.552786 seconds and 4 git commands to generate.