]> Git Repo - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vl: change runstate only if new state is different from current state
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
b35ba30f 60#include "qemu/range.h"
794e8f30
MT		 61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
b35ba30f 64
db7b5426 65//#define DEBUG_SUBPAGE
1196be37 66
e2eef170 67#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
0d53d9fe 71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 72
73static MemoryRegion *system_memory;
309cb471 74static MemoryRegion *system_io;
62152b8a 75
f6790af6
AK		 76AddressSpace address_space_io;
77AddressSpace address_space_memory;
2673a5da 78
0844e007 79MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 80static MemoryRegion io_mem_unassigned;
0e0df1e2 81
7bd4f430
PB		 82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
dbcb8981
PB		 85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
62be4e3a
MT		 88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
729633c2 141 MemoryRegionSection *mru_section;
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
29cb533d
FZ		 314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
97115a8d 325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 326 Node *nodes, MemoryRegionSection *sections)
92e873b9 327{
31ab2b4a 328 PhysPageEntry *p;
97115a8d 329 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 330 int i;
f1f6e3b8 331
9736e55b 332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 334 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 335 }
9affd6fc 336 p = nodes[lp.ptr];
03f49957 337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 338 }
b35ba30f 339
29cb533d 340 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
f3705d53
AK		 345}
346
e5548617
BS		 347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
2a8e7499 349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 350 && mr != &io_mem_watch;
fd6ce8f6 351}
149f54b5 352
79e2b9ae 353/* Called from RCU critical section */
c7086b4a 354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 355 hwaddr addr,
356 bool resolve_subpage)
9f029603 357{
729633c2 358 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 359 subpage_t *subpage;
729633c2 360 bool update;
90260c6c 361
729633c2
FZ		 362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
90260c6c
JK		 370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 373 }
729633c2
FZ		 374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
90260c6c 377 return section;
9f029603
JK		 378}
379
79e2b9ae 380/* Called from RCU critical section */
90260c6c 381static MemoryRegionSection *
c7086b4a 382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 383 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 384{
385 MemoryRegionSection *section;
965eb2fc 386 MemoryRegion *mr;
a87f3954 387 Int128 diff;
149f54b5 388
c7086b4a 389 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
965eb2fc 396 mr = section->mr;
b242e0e0
PB		 397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
965eb2fc 409 if (memory_region_is_ram(mr)) {
e4a511f8 410 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
149f54b5
PB		 413 return section;
414}
90260c6c 415
41063e1e 416/* Called from RCU critical section */
5c8a00ce
PB		 417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
90260c6c 420{
30951157
AK		 421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
30951157
AK		 424
425 for (;;) {
79e2b9ae
PB		 426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
8d7b8cb9 434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
23820dbf 437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
fe680d0d 446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 448 *plen = MIN(page, *plen);
a87f3954
PB		 449 }
450
30951157
AK		 451 *xlat = addr;
452 return mr;
90260c6c
JK		 453}
454
79e2b9ae 455/* Called from RCU critical section */
90260c6c 456MemoryRegionSection *
d7898cda 457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 458 hwaddr *xlat, hwaddr *plen)
90260c6c 459{
30951157 460 MemoryRegionSection *section;
d7898cda
PM		 461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 464
465 assert(!section->mr->iommu_ops);
466 return section;
90260c6c 467}
5b6dd868 468#endif
fd6ce8f6 469
b170fce3 470#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 471
472static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 473{
259186a7 474 CPUState *cpu = opaque;
a513fe19 475
5b6dd868
BS		 476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
259186a7 478 cpu->interrupt_request &= ~0x01;
c01a71c1 479 tlb_flush(cpu, 1);
5b6dd868
BS		 480
481 return 0;
a513fe19 482}
7501267e 483
6c3bff0e
PD		 484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 cpu->exception_index = -1;
6c3bff0e
PD		 489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
adee6424 497 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
5cd8cada 504 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
bac05aa9
AS		 511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
1a1562f5 529const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
6c3bff0e 533 .pre_load = cpu_common_pre_load,
5b6dd868 534 .post_load = cpu_common_post_load,
35d08458 535 .fields = (VMStateField[]) {
259186a7
AF		 536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 538 VMSTATE_END_OF_LIST()
6c3bff0e 539 },
5cd8cada
JQ		 540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
bac05aa9 542 &vmstate_cpu_common_crash_occurred,
5cd8cada 543 NULL
5b6dd868
BS		 544 }
545};
1a1562f5 546
5b6dd868 547#endif
ea041c0e 548
38d8f5c8 549CPUState *qemu_get_cpu(int index)
ea041c0e 550{
bdc44640 551 CPUState *cpu;
ea041c0e 552
bdc44640 553 CPU_FOREACH(cpu) {
55e5c285 554 if (cpu->cpu_index == index) {
bdc44640 555 return cpu;
55e5c285 556 }
ea041c0e 557 }
5b6dd868 558
bdc44640 559 return NULL;
ea041c0e
FB		 560}
561
09daed84 562#if !defined(CONFIG_USER_ONLY)
56943e8c 563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 564{
12ebc9a7
PM		 565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
56943e8c
PM		 570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
12ebc9a7
PM		 575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
09daed84 577
12ebc9a7
PM		 578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 580 }
32857f4d 581
12ebc9a7
PM		 582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
56943e8c 585 if (tcg_enabled()) {
12ebc9a7
PM		 586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 588 }
09daed84 589}
651a5bc0
PM		 590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
09daed84
EI		 596#endif
597
b7bca733
BR		 598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
4bad9e39 643void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 644{
b170fce3 645 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 646 Error *local_err = NULL;
5b6dd868 647
56943e8c 648 cpu->as = NULL;
12ebc9a7 649 cpu->num_ases = 0;
56943e8c 650
291135b5 651#ifndef CONFIG_USER_ONLY
291135b5 652 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
291135b5
EH		 667#endif
668
5b6dd868
BS		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
741da0d3 672 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
5b6dd868 679 }
bdc44640 680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 681#if defined(CONFIG_USER_ONLY)
741da0d3 682 (void) cc;
5b6dd868 683 cpu_list_unlock();
741da0d3 684#else
e0d47944 685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 687 }
b170fce3 688 if (cc->vmsd != NULL) {
741da0d3 689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 690 }
741da0d3 691#endif
ea041c0e
FB		 692}
693
94df27fd 694#if defined(CONFIG_USER_ONLY)
00b941e5 695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
00b941e5 700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 701{
5232e4c7
PM		 702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 705 if (phys != -1) {
5232e4c7 706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 707 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 708 }
1e7855a5 709}
c27004ec 710#endif
d720b93d 711
c527ee8f 712#if defined(CONFIG_USER_ONLY)
75a34036 713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 714
715{
716}
717
3ee887e8
PM		 718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
6658ffb8 734/* Add a watchpoint. */
75a34036 735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags, CPUWatchpoint **watchpoint)
6658ffb8 737{
c0ce998e 738 CPUWatchpoint *wp;
6658ffb8 739
05068c0d 740 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 741 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 744 return -EINVAL;
745 }
7267c094 746 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 747
748 wp->vaddr = addr;
05068c0d 749 wp->len = len;
a1d1bb31
AL		 750 wp->flags = flags;
751
2dc9f411 752 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
6658ffb8 758
31b030d4 759 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
6658ffb8
PB		 764}
765
a1d1bb31 766/* Remove a specific watchpoint. */
75a34036 767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 768 int flags)
6658ffb8 769{
a1d1bb31 770 CPUWatchpoint *wp;
6658ffb8 771
ff4700b0 772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 773 if (addr == wp->vaddr && len == wp->len
6e140f28 774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 775 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 776 return 0;
777 }
778 }
a1d1bb31 779 return -ENOENT;
6658ffb8
PB		 780}
781
a1d1bb31 782/* Remove a specific watchpoint by reference. */
75a34036 783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 784{
ff4700b0 785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 786
31b030d4 787 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 788
7267c094 789 g_free(watchpoint);
a1d1bb31
AL		 790}
791
792/* Remove all matching watchpoints. */
75a34036 793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 794{
c0ce998e 795 CPUWatchpoint *wp, *next;
a1d1bb31 796
ff4700b0 797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
c0ce998e 801 }
7d03f82f 802}
05068c0d
PM		 803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
c527ee8f 824#endif
7d03f82f 825
a1d1bb31 826/* Add a breakpoint. */
b3310ab3 827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 828 CPUBreakpoint **breakpoint)
4c3a88a2 829{
c0ce998e 830 CPUBreakpoint *bp;
3b46e624 831
7267c094 832 bp = g_malloc(sizeof(*bp));
4c3a88a2 833
a1d1bb31
AL		 834 bp->pc = pc;
835 bp->flags = flags;
836
2dc9f411 837 /* keep all GDB-injected breakpoints in front */
00b941e5 838 if (flags & BP_GDB) {
f0c3c505 839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 840 } else {
f0c3c505 841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 842 }
3b46e624 843
f0c3c505 844 breakpoint_invalidate(cpu, pc);
a1d1bb31 845
00b941e5 846 if (breakpoint) {
a1d1bb31 847 *breakpoint = bp;
00b941e5 848 }
4c3a88a2 849 return 0;
4c3a88a2
FB		 850}
851
a1d1bb31 852/* Remove a specific breakpoint. */
b3310ab3 853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 854{
a1d1bb31
AL		 855 CPUBreakpoint *bp;
856
f0c3c505 857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 858 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 859 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 860 return 0;
861 }
7d03f82f 862 }
a1d1bb31 863 return -ENOENT;
7d03f82f
EI		 864}
865
a1d1bb31 866/* Remove a specific breakpoint by reference. */
b3310ab3 867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 868{
f0c3c505
AF		 869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 872
7267c094 873 g_free(breakpoint);
a1d1bb31
AL		 874}
875
876/* Remove all matching breakpoints. */
b3310ab3 877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 878{
c0ce998e 879 CPUBreakpoint *bp, *next;
a1d1bb31 880
f0c3c505 881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
c0ce998e 885 }
4c3a88a2
FB		 886}
887
c33a346e
FB		 888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
3825b28f 890void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 891{
ed2803da
AF		 892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
38e478ec 895 kvm_update_guest_debug(cpu, 0);
ed2803da 896 } else {
ccbb4d44 897 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 898 /* XXX: only flush what is necessary */
bbd77c18 899 tb_flush(cpu);
e22a25c9 900 }
c33a346e 901 }
c33a346e
FB		 902}
903
a47dddd7 904void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 905{
906 va_list ap;
493ae1f0 907 va_list ap2;
7501267e
FB		 908
909 va_start(ap, fmt);
493ae1f0 910 va_copy(ap2, ap);
7501267e
FB		 911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
878096ee 914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 915 if (qemu_log_separate()) {
93fcfe39
AL		 916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
a0762859 919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 920 qemu_log_flush();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1048 /* Normal RAM. */
1049 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1050 + xlat;
e5548617 1051 if (!section->readonly) {
b41aac4f 1052 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1053 } else {
b41aac4f 1054 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1055 }
1056 } else {
0b8e2c10
PM		 1057 AddressSpaceDispatch *d;
1058
1059 d = atomic_rcu_read(&section->address_space->dispatch);
1060 iotlb = section - d->map.sections;
149f54b5 1061 iotlb += xlat;
e5548617
BS		 1062 }
1063
1064 /* Make accesses to pages with watchpoints go via the
1065 watchpoint trap routines. */
ff4700b0 1066 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1067 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1068 /* Avoid trapping reads of pages with a write breakpoint. */
1069 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1070 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1071 *address |= TLB_MMIO;
1072 break;
1073 }
1074 }
1075 }
1076
1077 return iotlb;
1078}
9fa3e853
FB		 1079#endif /* defined(CONFIG_USER_ONLY) */
1080
e2eef170 1081#if !defined(CONFIG_USER_ONLY)
8da3ff18 1082
c227f099 1083static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1084 uint16_t section);
acc9d80b 1085static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1086
a2b257d6
IM		 1087static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1088 qemu_anon_ram_alloc;
91138037
MA		 1089
1090/*
1091 * Set a custom physical guest memory alloator.
1092 * Accelerators with unusual needs may need this. Hopefully, we can
1093 * get rid of it eventually.
1094 */
a2b257d6 1095void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1096{
1097 phys_mem_alloc = alloc;
1098}
1099
53cb28cb
MA		 1100static uint16_t phys_section_add(PhysPageMap *map,
1101 MemoryRegionSection *section)
5312bd8b 1102{
68f3f65b
PB		 1103 /* The physical section number is ORed with a page-aligned
1104 * pointer to produce the iotlb entries. Thus it should
1105 * never overflow into the page-aligned value.
1106 */
53cb28cb 1107 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1108
53cb28cb
MA		 1109 if (map->sections_nb == map->sections_nb_alloc) {
1110 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1111 map->sections = g_renew(MemoryRegionSection, map->sections,
1112 map->sections_nb_alloc);
5312bd8b 1113 }
53cb28cb 1114 map->sections[map->sections_nb] = *section;
dfde4e6e 1115 memory_region_ref(section->mr);
53cb28cb 1116 return map->sections_nb++;
5312bd8b
AK		 1117}
1118
058bc4b5
PB		 1119static void phys_section_destroy(MemoryRegion *mr)
1120{
55b4e80b
DS		 1121 bool have_sub_page = mr->subpage;
1122
dfde4e6e
PB		 1123 memory_region_unref(mr);
1124
55b4e80b 1125 if (have_sub_page) {
058bc4b5 1126 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1127 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1128 g_free(subpage);
1129 }
1130}
1131
6092666e 1132static void phys_sections_free(PhysPageMap *map)
5312bd8b 1133{
9affd6fc
PB		 1134 while (map->sections_nb > 0) {
1135 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1136 phys_section_destroy(section->mr);
1137 }
9affd6fc
PB		 1138 g_free(map->sections);
1139 g_free(map->nodes);
5312bd8b
AK		 1140}
1141
ac1970fb 1142static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1143{
1144 subpage_t *subpage;
a8170e5e 1145 hwaddr base = section->offset_within_address_space
0f0cb164 1146 & TARGET_PAGE_MASK;
97115a8d 1147 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1148 d->map.nodes, d->map.sections);
0f0cb164
AK		 1149 MemoryRegionSection subsection = {
1150 .offset_within_address_space = base,
052e87b0 1151 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1152 };
a8170e5e 1153 hwaddr start, end;
0f0cb164 1154
f3705d53 1155 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1156
f3705d53 1157 if (!(existing->mr->subpage)) {
acc9d80b 1158 subpage = subpage_init(d->as, base);
3be91e86 1159 subsection.address_space = d->as;
0f0cb164 1160 subsection.mr = &subpage->iomem;
ac1970fb 1161 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1162 phys_section_add(&d->map, &subsection));
0f0cb164 1163 } else {
f3705d53 1164 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1165 }
1166 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1167 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1168 subpage_register(subpage, start, end,
1169 phys_section_add(&d->map, section));
0f0cb164
AK		 1170}
1171
1172
052e87b0
PB		 1173static void register_multipage(AddressSpaceDispatch *d,
1174 MemoryRegionSection *section)
33417e70 1175{
a8170e5e 1176 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1177 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1178 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1179 TARGET_PAGE_BITS));
dd81124b 1180
733d5ef5
PB		 1181 assert(num_pages);
1182 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1183}
1184
ac1970fb 1185static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1186{
89ae337a 1187 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1188 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1189 MemoryRegionSection now = *section, remain = *section;
052e87b0 1190 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1191
733d5ef5
PB		 1192 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1193 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1194 - now.offset_within_address_space;
1195
052e87b0 1196 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1197 register_subpage(d, &now);
733d5ef5 1198 } else {
052e87b0 1199 now.size = int128_zero();
733d5ef5 1200 }
052e87b0
PB		 1201 while (int128_ne(remain.size, now.size)) {
1202 remain.size = int128_sub(remain.size, now.size);
1203 remain.offset_within_address_space += int128_get64(now.size);
1204 remain.offset_within_region += int128_get64(now.size);
69b67646 1205 now = remain;
052e87b0 1206 if (int128_lt(remain.size, page_size)) {
733d5ef5 1207 register_subpage(d, &now);
88266249 1208 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1209 now.size = page_size;
ac1970fb 1210 register_subpage(d, &now);
69b67646 1211 } else {
052e87b0 1212 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1213 register_multipage(d, &now);
69b67646 1214 }
0f0cb164
AK		 1215 }
1216}
1217
62a2744c
SY		 1218void qemu_flush_coalesced_mmio_buffer(void)
1219{
1220 if (kvm_enabled())
1221 kvm_flush_coalesced_mmio_buffer();
1222}
1223
b2a8658e
UD		 1224void qemu_mutex_lock_ramlist(void)
1225{
1226 qemu_mutex_lock(&ram_list.mutex);
1227}
1228
1229void qemu_mutex_unlock_ramlist(void)
1230{
1231 qemu_mutex_unlock(&ram_list.mutex);
1232}
1233
e1e84ba0 1234#ifdef __linux__
04b16653
AW		 1235static void *file_ram_alloc(RAMBlock *block,
1236 ram_addr_t memory,
7f56e740
PB		 1237 const char *path,
1238 Error **errp)
c902760f 1239{
fd97fd44 1240 bool unlink_on_error = false;
c902760f 1241 char *filename;
8ca761f6
PF		 1242 char *sanitized_name;
1243 char *c;
794e8f30 1244 void *area;
5c3ece79 1245 int fd = -1;
e1fb6471 1246 int64_t page_size;
c902760f
MT		 1247
1248 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1249 error_setg(errp,
1250 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1251 return NULL;
c902760f
MT		 1252 }
1253
fd97fd44
MA		 1254 for (;;) {
1255 fd = open(path, O_RDWR);
1256 if (fd >= 0) {
1257 /* @path names an existing file, use it */
1258 break;
8d31d6b6 1259 }
fd97fd44
MA		 1260 if (errno == ENOENT) {
1261 /* @path names a file that doesn't exist, create it */
1262 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1263 if (fd >= 0) {
1264 unlink_on_error = true;
1265 break;
1266 }
1267 } else if (errno == EISDIR) {
1268 /* @path names a directory, create a file there */
1269 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1270 sanitized_name = g_strdup(memory_region_name(block->mr));
1271 for (c = sanitized_name; *c != '\0'; c++) {
1272 if (*c == '/') {
1273 *c = '_';
1274 }
1275 }
8ca761f6 1276
fd97fd44
MA		 1277 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1278 sanitized_name);
1279 g_free(sanitized_name);
8d31d6b6 1280
fd97fd44
MA		 1281 fd = mkstemp(filename);
1282 if (fd >= 0) {
1283 unlink(filename);
1284 g_free(filename);
1285 break;
1286 }
1287 g_free(filename);
8d31d6b6 1288 }
fd97fd44
MA		 1289 if (errno != EEXIST && errno != EINTR) {
1290 error_setg_errno(errp, errno,
1291 "can't open backing store %s for guest RAM",
1292 path);
1293 goto error;
1294 }
1295 /*
1296 * Try again on EINTR and EEXIST. The latter happens when
1297 * something else creates the file between our two open().
1298 */
8d31d6b6 1299 }
c902760f 1300
e1fb6471 1301 page_size = qemu_fd_getpagesize(fd);
d2f39add 1302 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1303
e1fb6471 1304 if (memory < page_size) {
fd97fd44
MA		 1305 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1306 "or larger than page size 0x%" PRIx64,
e1fb6471 1307 memory, page_size);
f9a49dfa 1308 goto error;
c902760f 1309 }
c902760f 1310
e1fb6471 1311 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1312
1313 /*
1314 * ftruncate is not supported by hugetlbfs in older
1315 * hosts, so don't bother bailing out on errors.
1316 * If anything goes wrong with it under other filesystems,
1317 * mmap will fail.
1318 */
7f56e740 1319 if (ftruncate(fd, memory)) {
9742bf26 1320 perror("ftruncate");
7f56e740 1321 }
c902760f 1322
d2f39add
DD		 1323 area = qemu_ram_mmap(fd, memory, block->mr->align,
1324 block->flags & RAM_SHARED);
c902760f 1325 if (area == MAP_FAILED) {
7f56e740 1326 error_setg_errno(errp, errno,
fd97fd44 1327 "unable to map backing store for guest RAM");
f9a49dfa 1328 goto error;
c902760f 1329 }
ef36fa14
MT		 1330
1331 if (mem_prealloc) {
38183310 1332 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1333 }
1334
04b16653 1335 block->fd = fd;
c902760f 1336 return area;
f9a49dfa
MT		 1337
1338error:
fd97fd44
MA		 1339 if (unlink_on_error) {
1340 unlink(path);
1341 }
5c3ece79
PB		 1342 if (fd != -1) {
1343 close(fd);
1344 }
f9a49dfa 1345 return NULL;
c902760f
MT		 1346}
1347#endif
1348
0dc3f44a 1349/* Called with the ramlist lock held. */
d17b5288 1350static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1351{
1352 RAMBlock *block, *next_block;
3e837b2c 1353 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1354
49cd9ac6
SH		 1355 assert(size != 0); /* it would hand out same offset multiple times */
1356
0dc3f44a 1357 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1358 return 0;
0d53d9fe 1359 }
04b16653 1360
0dc3f44a 1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1362 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1363
62be4e3a 1364 end = block->offset + block->max_length;
04b16653 1365
0dc3f44a 1366 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1367 if (next_block->offset >= end) {
1368 next = MIN(next, next_block->offset);
1369 }
1370 }
1371 if (next - end >= size && next - end < mingap) {
3e837b2c 1372 offset = end;
04b16653
AW		 1373 mingap = next - end;
1374 }
1375 }
3e837b2c
AW		 1376
1377 if (offset == RAM_ADDR_MAX) {
1378 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1379 (uint64_t)size);
1380 abort();
1381 }
1382
04b16653
AW		 1383 return offset;
1384}
1385
652d7ec2 1386ram_addr_t last_ram_offset(void)
d17b5288
AW		 1387{
1388 RAMBlock *block;
1389 ram_addr_t last = 0;
1390
0dc3f44a
MD		 1391 rcu_read_lock();
1392 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1393 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1394 }
0dc3f44a 1395 rcu_read_unlock();
d17b5288
AW		 1396 return last;
1397}
1398
ddb97f1d
JB		 1399static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1400{
1401 int ret;
ddb97f1d
JB		 1402
1403 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1404 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1405 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1406 if (ret) {
1407 perror("qemu_madvise");
1408 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1409 "but dump_guest_core=off specified\n");
1410 }
1411 }
1412}
1413
0dc3f44a
MD		 1414/* Called within an RCU critical section, or while the ramlist lock
1415 * is held.
1416 */
20cfe881 1417static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1418{
20cfe881 1419 RAMBlock *block;
84b89d78 1420
0dc3f44a 1421 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1422 if (block->offset == addr) {
20cfe881 1423 return block;
c5705a77
AK		 1424 }
1425 }
20cfe881
HT		 1426
1427 return NULL;
1428}
1429
422148d3
DDAG		 1430const char *qemu_ram_get_idstr(RAMBlock *rb)
1431{
1432 return rb->idstr;
1433}
1434
ae3a7047 1435/* Called with iothread lock held. */
20cfe881
HT		 1436void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1437{
ae3a7047 1438 RAMBlock *new_block, *block;
20cfe881 1439
0dc3f44a 1440 rcu_read_lock();
ae3a7047 1441 new_block = find_ram_block(addr);
c5705a77
AK		 1442 assert(new_block);
1443 assert(!new_block->idstr[0]);
84b89d78 1444
09e5ab63
AL		 1445 if (dev) {
1446 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1447 if (id) {
1448 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1449 g_free(id);
84b89d78
CM		 1450 }
1451 }
1452 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1453
0dc3f44a 1454 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1455 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1456 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1457 new_block->idstr);
1458 abort();
1459 }
1460 }
0dc3f44a 1461 rcu_read_unlock();
c5705a77
AK		 1462}
1463
ae3a7047 1464/* Called with iothread lock held. */
20cfe881
HT		 1465void qemu_ram_unset_idstr(ram_addr_t addr)
1466{
ae3a7047 1467 RAMBlock *block;
20cfe881 1468
ae3a7047
MD		 1469 /* FIXME: arch_init.c assumes that this is not called throughout
1470 * migration. Ignore the problem since hot-unplug during migration
1471 * does not work anyway.
1472 */
1473
0dc3f44a 1474 rcu_read_lock();
ae3a7047 1475 block = find_ram_block(addr);
20cfe881
HT		 1476 if (block) {
1477 memset(block->idstr, 0, sizeof(block->idstr));
1478 }
0dc3f44a 1479 rcu_read_unlock();
20cfe881
HT		 1480}
1481
8490fc78
LC		 1482static int memory_try_enable_merging(void *addr, size_t len)
1483{
75cc7f01 1484 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1485 /* disabled by the user */
1486 return 0;
1487 }
1488
1489 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1490}
1491
62be4e3a
MT		 1492/* Only legal before guest might have detected the memory size: e.g. on
1493 * incoming migration, or right after reset.
1494 *
1495 * As memory core doesn't know how is memory accessed, it is up to
1496 * resize callback to update device state and/or add assertions to detect
1497 * misuse, if necessary.
1498 */
1499int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1500{
1501 RAMBlock *block = find_ram_block(base);
1502
1503 assert(block);
1504
4ed023ce 1505 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1506
62be4e3a
MT		 1507 if (block->used_length == newsize) {
1508 return 0;
1509 }
1510
1511 if (!(block->flags & RAM_RESIZEABLE)) {
1512 error_setg_errno(errp, EINVAL,
1513 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1514 " in != 0x" RAM_ADDR_FMT, block->idstr,
1515 newsize, block->used_length);
1516 return -EINVAL;
1517 }
1518
1519 if (block->max_length < newsize) {
1520 error_setg_errno(errp, EINVAL,
1521 "Length too large: %s: 0x" RAM_ADDR_FMT
1522 " > 0x" RAM_ADDR_FMT, block->idstr,
1523 newsize, block->max_length);
1524 return -EINVAL;
1525 }
1526
1527 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1528 block->used_length = newsize;
58d2707e
PB		 1529 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1530 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1531 memory_region_set_size(block->mr, newsize);
1532 if (block->resized) {
1533 block->resized(block->idstr, newsize, block->host);
1534 }
1535 return 0;
1536}
1537
5b82b703
SH		 1538/* Called with ram_list.mutex held */
1539static void dirty_memory_extend(ram_addr_t old_ram_size,
1540 ram_addr_t new_ram_size)
1541{
1542 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1543 DIRTY_MEMORY_BLOCK_SIZE);
1544 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1545 DIRTY_MEMORY_BLOCK_SIZE);
1546 int i;
1547
1548 /* Only need to extend if block count increased */
1549 if (new_num_blocks <= old_num_blocks) {
1550 return;
1551 }
1552
1553 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1554 DirtyMemoryBlocks *old_blocks;
1555 DirtyMemoryBlocks *new_blocks;
1556 int j;
1557
1558 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1559 new_blocks = g_malloc(sizeof(*new_blocks) +
1560 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1561
1562 if (old_num_blocks) {
1563 memcpy(new_blocks->blocks, old_blocks->blocks,
1564 old_num_blocks * sizeof(old_blocks->blocks[0]));
1565 }
1566
1567 for (j = old_num_blocks; j < new_num_blocks; j++) {
1568 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1569 }
1570
1571 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1572
1573 if (old_blocks) {
1574 g_free_rcu(old_blocks, rcu);
1575 }
1576 }
1577}
1578
528f46af 1579static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1580{
e1c57ab8 1581 RAMBlock *block;
0d53d9fe 1582 RAMBlock *last_block = NULL;
2152f5ca 1583 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1584 Error *err = NULL;
2152f5ca
JQ		 1585
1586 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1587
b2a8658e 1588 qemu_mutex_lock_ramlist();
9b8424d5 1589 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1590
1591 if (!new_block->host) {
1592 if (xen_enabled()) {
9b8424d5 1593 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1594 new_block->mr, &err);
1595 if (err) {
1596 error_propagate(errp, err);
1597 qemu_mutex_unlock_ramlist();
39c350ee 1598 return;
37aa7a0e 1599 }
e1c57ab8 1600 } else {
9b8424d5 1601 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1602 &new_block->mr->align);
39228250 1603 if (!new_block->host) {
ef701d7b
HT		 1604 error_setg_errno(errp, errno,
1605 "cannot set up guest memory '%s'",
1606 memory_region_name(new_block->mr));
1607 qemu_mutex_unlock_ramlist();
39c350ee 1608 return;
39228250 1609 }
9b8424d5 1610 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1611 }
c902760f 1612 }
94a6b54f 1613
dd631697
LZ		 1614 new_ram_size = MAX(old_ram_size,
1615 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1616 if (new_ram_size > old_ram_size) {
1617 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1618 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1619 }
0d53d9fe
MD		 1620 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1621 * QLIST (which has an RCU-friendly variant) does not have insertion at
1622 * tail, so save the last element in last_block.
1623 */
0dc3f44a 1624 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1625 last_block = block;
9b8424d5 1626 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1627 break;
1628 }
1629 }
1630 if (block) {
0dc3f44a 1631 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1632 } else if (last_block) {
0dc3f44a 1633 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1634 } else { /* list is empty */
0dc3f44a 1635 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1636 }
0d6d3c87 1637 ram_list.mru_block = NULL;
94a6b54f 1638
0dc3f44a
MD		 1639 /* Write list before version */
1640 smp_wmb();
f798b07f 1641 ram_list.version++;
b2a8658e 1642 qemu_mutex_unlock_ramlist();
f798b07f 1643
9b8424d5 1644 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1645 new_block->used_length,
1646 DIRTY_CLIENTS_ALL);
94a6b54f 1647
a904c911
PB		 1648 if (new_block->host) {
1649 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1650 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1651 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1652 if (kvm_enabled()) {
1653 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1654 }
e1c57ab8 1655 }
94a6b54f 1656}
e9a1ab19 1657
0b183fc8 1658#ifdef __linux__
528f46af
FZ		 1659RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1660 bool share, const char *mem_path,
1661 Error **errp)
e1c57ab8
PB		 1662{
1663 RAMBlock *new_block;
ef701d7b 1664 Error *local_err = NULL;
e1c57ab8
PB		 1665
1666 if (xen_enabled()) {
7f56e740 1667 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1668 return NULL;
e1c57ab8
PB		 1669 }
1670
1671 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1672 /*
1673 * file_ram_alloc() needs to allocate just like
1674 * phys_mem_alloc, but we haven't bothered to provide
1675 * a hook there.
1676 */
7f56e740
PB		 1677 error_setg(errp,
1678 "-mem-path not supported with this accelerator");
528f46af 1679 return NULL;
e1c57ab8
PB		 1680 }
1681
4ed023ce 1682 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1683 new_block = g_malloc0(sizeof(*new_block));
1684 new_block->mr = mr;
9b8424d5
MT		 1685 new_block->used_length = size;
1686 new_block->max_length = size;
dbcb8981 1687 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1688 new_block->host = file_ram_alloc(new_block, size,
1689 mem_path, errp);
1690 if (!new_block->host) {
1691 g_free(new_block);
528f46af 1692 return NULL;
7f56e740
PB		 1693 }
1694
528f46af 1695 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1696 if (local_err) {
1697 g_free(new_block);
1698 error_propagate(errp, local_err);
528f46af 1699 return NULL;
ef701d7b 1700 }
528f46af 1701 return new_block;
e1c57ab8 1702}
0b183fc8 1703#endif
e1c57ab8 1704
62be4e3a 1705static
528f46af
FZ		 1706RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1707 void (*resized)(const char*,
1708 uint64_t length,
1709 void *host),
1710 void *host, bool resizeable,
1711 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1712{
1713 RAMBlock *new_block;
ef701d7b 1714 Error *local_err = NULL;
e1c57ab8 1715
4ed023ce
DDAG		 1716 size = HOST_PAGE_ALIGN(size);
1717 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1718 new_block = g_malloc0(sizeof(*new_block));
1719 new_block->mr = mr;
62be4e3a 1720 new_block->resized = resized;
9b8424d5
MT		 1721 new_block->used_length = size;
1722 new_block->max_length = max_size;
62be4e3a 1723 assert(max_size >= size);
e1c57ab8
PB		 1724 new_block->fd = -1;
1725 new_block->host = host;
1726 if (host) {
7bd4f430 1727 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1728 }
62be4e3a
MT		 1729 if (resizeable) {
1730 new_block->flags |= RAM_RESIZEABLE;
1731 }
528f46af 1732 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1733 if (local_err) {
1734 g_free(new_block);
1735 error_propagate(errp, local_err);
528f46af 1736 return NULL;
ef701d7b 1737 }
528f46af 1738 return new_block;
e1c57ab8
PB		 1739}
1740
528f46af 1741RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1742 MemoryRegion *mr, Error **errp)
1743{
1744 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1745}
1746
528f46af 1747RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1748{
62be4e3a
MT		 1749 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1750}
1751
528f46af 1752RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1753 void (*resized)(const char*,
1754 uint64_t length,
1755 void *host),
1756 MemoryRegion *mr, Error **errp)
1757{
1758 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1759}
1760
43771539
PB		 1761static void reclaim_ramblock(RAMBlock *block)
1762{
1763 if (block->flags & RAM_PREALLOC) {
1764 ;
1765 } else if (xen_enabled()) {
1766 xen_invalidate_map_cache_entry(block->host);
1767#ifndef _WIN32
1768 } else if (block->fd >= 0) {
2f3a2bb1 1769 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1770 close(block->fd);
1771#endif
1772 } else {
1773 qemu_anon_ram_free(block->host, block->max_length);
1774 }
1775 g_free(block);
1776}
1777
f1060c55 1778void qemu_ram_free(RAMBlock *block)
e9a1ab19 1779{
85bc2a15
MAL		 1780 if (!block) {
1781 return;
1782 }
1783
b2a8658e 1784 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1785 QLIST_REMOVE_RCU(block, next);
1786 ram_list.mru_block = NULL;
1787 /* Write list before version */
1788 smp_wmb();
1789 ram_list.version++;
1790 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1791 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1792}
1793
cd19cfa2
HY		 1794#ifndef _WIN32
1795void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1796{
1797 RAMBlock *block;
1798 ram_addr_t offset;
1799 int flags;
1800 void *area, *vaddr;
1801
0dc3f44a 1802 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1803 offset = addr - block->offset;
9b8424d5 1804 if (offset < block->max_length) {
1240be24 1805 vaddr = ramblock_ptr(block, offset);
7bd4f430 1806 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1807 ;
dfeaf2ab
MA		 1808 } else if (xen_enabled()) {
1809 abort();
cd19cfa2
HY		 1810 } else {
1811 flags = MAP_FIXED;
3435f395 1812 if (block->fd >= 0) {
dbcb8981
PB		 1813 flags |= (block->flags & RAM_SHARED ?
1814 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1815 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1816 flags, block->fd, offset);
cd19cfa2 1817 } else {
2eb9fbaa
MA		 1818 /*
1819 * Remap needs to match alloc. Accelerators that
1820 * set phys_mem_alloc never remap. If they did,
1821 * we'd need a remap hook here.
1822 */
1823 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1824
cd19cfa2
HY		 1825 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1826 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1827 flags, -1, 0);
cd19cfa2
HY		 1828 }
1829 if (area != vaddr) {
f15fbc4b
AP		 1830 fprintf(stderr, "Could not remap addr: "
1831 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1832 length, addr);
1833 exit(1);
1834 }
8490fc78 1835 memory_try_enable_merging(vaddr, length);
ddb97f1d 1836 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1837 }
cd19cfa2
HY		 1838 }
1839 }
1840}
1841#endif /* !_WIN32 */
1842
a35ba7be
PB		 1843int qemu_get_ram_fd(ram_addr_t addr)
1844{
ae3a7047
MD		 1845 RAMBlock *block;
1846 int fd;
a35ba7be 1847
0dc3f44a 1848 rcu_read_lock();
ae3a7047
MD		 1849 block = qemu_get_ram_block(addr);
1850 fd = block->fd;
0dc3f44a 1851 rcu_read_unlock();
ae3a7047 1852 return fd;
a35ba7be
PB		 1853}
1854
56a571d9
TM		 1855void qemu_set_ram_fd(ram_addr_t addr, int fd)
1856{
1857 RAMBlock *block;
1858
1859 rcu_read_lock();
1860 block = qemu_get_ram_block(addr);
1861 block->fd = fd;
1862 rcu_read_unlock();
1863}
1864
3fd74b84
DM		 1865void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1866{
ae3a7047
MD		 1867 RAMBlock *block;
1868 void *ptr;
3fd74b84 1869
0dc3f44a 1870 rcu_read_lock();
ae3a7047
MD		 1871 block = qemu_get_ram_block(addr);
1872 ptr = ramblock_ptr(block, 0);
0dc3f44a 1873 rcu_read_unlock();
ae3a7047 1874 return ptr;
3fd74b84
DM		 1875}
1876
1b5ec234 1877/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1878 * This should not be used for general purpose DMA. Use address_space_map
1879 * or address_space_rw instead. For local memory (e.g. video ram) that the
1880 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1881 *
49b24afc 1882 * Called within RCU critical section.
1b5ec234 1883 */
3655cb9c 1884void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1885{
3655cb9c
GA		 1886 RAMBlock *block = ram_block;
1887
1888 if (block == NULL) {
1889 block = qemu_get_ram_block(addr);
1890 }
ae3a7047
MD		 1891
1892 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1893 /* We need to check if the requested address is in the RAM
1894 * because we don't want to map the entire memory in QEMU.
1895 * In that case just map until the end of the page.
1896 */
1897 if (block->offset == 0) {
49b24afc 1898 return xen_map_cache(addr, 0, 0);
0d6d3c87 1899 }
ae3a7047
MD		 1900
1901 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1902 }
49b24afc 1903 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1904}
1905
38bee5dc 1906/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1907 * but takes a size argument.
0dc3f44a 1908 *
e81bcda5 1909 * Called within RCU critical section.
ae3a7047 1910 */
3655cb9c
GA		 1911static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1912 hwaddr *size)
38bee5dc 1913{
3655cb9c 1914 RAMBlock *block = ram_block;
e81bcda5 1915 ram_addr_t offset_inside_block;
8ab934f9
SS		 1916 if (*size == 0) {
1917 return NULL;
1918 }
e81bcda5 1919
3655cb9c
GA		 1920 if (block == NULL) {
1921 block = qemu_get_ram_block(addr);
1922 }
e81bcda5
PB		 1923 offset_inside_block = addr - block->offset;
1924 *size = MIN(*size, block->max_length - offset_inside_block);
1925
1926 if (xen_enabled() && block->host == NULL) {
1927 /* We need to check if the requested address is in the RAM
1928 * because we don't want to map the entire memory in QEMU.
1929 * In that case just map the requested area.
1930 */
1931 if (block->offset == 0) {
1932 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1933 }
1934
e81bcda5 1935 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1936 }
e81bcda5
PB		 1937
1938 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1939}
1940
422148d3
DDAG		 1941/*
1942 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1943 * in that RAMBlock.
1944 *
1945 * ptr: Host pointer to look up
1946 * round_offset: If true round the result offset down to a page boundary
1947 * *ram_addr: set to result ram_addr
1948 * *offset: set to result offset within the RAMBlock
1949 *
1950 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1951 *
1952 * By the time this function returns, the returned pointer is not protected
1953 * by RCU anymore. If the caller is not within an RCU critical section and
1954 * does not hold the iothread lock, it must have other means of protecting the
1955 * pointer, such as a reference to the region that includes the incoming
1956 * ram_addr_t.
1957 */
422148d3
DDAG		 1958RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1959 ram_addr_t *ram_addr,
1960 ram_addr_t *offset)
5579c7f3 1961{
94a6b54f
PB		 1962 RAMBlock *block;
1963 uint8_t *host = ptr;
1964
868bb33f 1965 if (xen_enabled()) {
0dc3f44a 1966 rcu_read_lock();
e41d7c69 1967 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1968 block = qemu_get_ram_block(*ram_addr);
1969 if (block) {
1970 *offset = (host - block->host);
1971 }
0dc3f44a 1972 rcu_read_unlock();
422148d3 1973 return block;
712c2b41
SS		 1974 }
1975
0dc3f44a
MD		 1976 rcu_read_lock();
1977 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1978 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1979 goto found;
1980 }
1981
0dc3f44a 1982 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1983 /* This case append when the block is not mapped. */
1984 if (block->host == NULL) {
1985 continue;
1986 }
9b8424d5 1987 if (host - block->host < block->max_length) {
23887b79 1988 goto found;
f471a17e 1989 }
94a6b54f 1990 }
432d268c 1991
0dc3f44a 1992 rcu_read_unlock();
1b5ec234 1993 return NULL;
23887b79
PB		 1994
1995found:
422148d3
DDAG		 1996 *offset = (host - block->host);
1997 if (round_offset) {
1998 *offset &= TARGET_PAGE_MASK;
1999 }
2000 *ram_addr = block->offset + *offset;
0dc3f44a 2001 rcu_read_unlock();
422148d3
DDAG		 2002 return block;
2003}
2004
e3dd7493
DDAG		 2005/*
2006 * Finds the named RAMBlock
2007 *
2008 * name: The name of RAMBlock to find
2009 *
2010 * Returns: RAMBlock (or NULL if not found)
2011 */
2012RAMBlock *qemu_ram_block_by_name(const char *name)
2013{
2014 RAMBlock *block;
2015
2016 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
2017 if (!strcmp(name, block->idstr)) {
2018 return block;
2019 }
2020 }
2021
2022 return NULL;
2023}
2024
422148d3
DDAG		 2025/* Some of the softmmu routines need to translate from a host pointer
2026 (typically a TLB entry) back to a ram offset. */
2027MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2028{
2029 RAMBlock *block;
2030 ram_addr_t offset; /* Not used */
2031
2032 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2033
2034 if (!block) {
2035 return NULL;
2036 }
2037
2038 return block->mr;
e890261f 2039}
f471a17e 2040
49b24afc 2041/* Called within RCU critical section. */
a8170e5e 2042static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2043 uint64_t val, unsigned size)
9fa3e853 2044{
52159192 2045 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2046 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2047 }
0e0df1e2
AK		 2048 switch (size) {
2049 case 1:
3655cb9c 2050 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2051 break;
2052 case 2:
3655cb9c 2053 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2054 break;
2055 case 4:
3655cb9c 2056 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2057 break;
2058 default:
2059 abort();
3a7d929e 2060 }
58d2707e
PB		 2061 /* Set both VGA and migration bits for simplicity and to remove
2062 * the notdirty callback faster.
2063 */
2064 cpu_physical_memory_set_dirty_range(ram_addr, size,
2065 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2066 /* we remove the notdirty callback only if the code has been
2067 flushed */
a2cd8c85 2068 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2069 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2070 }
9fa3e853
FB		 2071}
2072
b018ddf6
PB		 2073static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2074 unsigned size, bool is_write)
2075{
2076 return is_write;
2077}
2078
0e0df1e2 2079static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2080 .write = notdirty_mem_write,
b018ddf6 2081 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2082 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2083};
2084
0f459d16 2085/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2086static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2087{
93afeade 2088 CPUState *cpu = current_cpu;
568496c0 2089 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2090 CPUArchState *env = cpu->env_ptr;
06d55cc1 2091 target_ulong pc, cs_base;
0f459d16 2092 target_ulong vaddr;
a1d1bb31 2093 CPUWatchpoint *wp;
89fee74a 2094 uint32_t cpu_flags;
0f459d16 2095
ff4700b0 2096 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2097 /* We re-entered the check after replacing the TB. Now raise
2098 * the debug interrupt so that is will trigger after the
2099 * current instruction. */
93afeade 2100 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2101 return;
2102 }
93afeade 2103 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2104 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2105 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2106 && (wp->flags & flags)) {
08225676
PM		 2107 if (flags == BP_MEM_READ) {
2108 wp->flags |= BP_WATCHPOINT_HIT_READ;
2109 } else {
2110 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2111 }
2112 wp->hitaddr = vaddr;
66b9b43c 2113 wp->hitattrs = attrs;
ff4700b0 2114 if (!cpu->watchpoint_hit) {
568496c0
SF		 2115 if (wp->flags & BP_CPU &&
2116 !cc->debug_check_watchpoint(cpu, wp)) {
2117 wp->flags &= ~BP_WATCHPOINT_HIT;
2118 continue;
2119 }
ff4700b0 2120 cpu->watchpoint_hit = wp;
239c51a5 2121 tb_check_watchpoint(cpu);
6e140f28 2122 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2123 cpu->exception_index = EXCP_DEBUG;
5638d180 2124 cpu_loop_exit(cpu);
6e140f28
AL		 2125 } else {
2126 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2127 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2128 cpu_resume_from_signal(cpu, NULL);
6e140f28 2129 }
06d55cc1 2130 }
6e140f28
AL		 2131 } else {
2132 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2133 }
2134 }
2135}
2136
6658ffb8
PB		 2137/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2138 so these check for a hit then pass through to the normal out-of-line
2139 phys routines. */
66b9b43c
PM		 2140static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2141 unsigned size, MemTxAttrs attrs)
6658ffb8 2142{
66b9b43c
PM		 2143 MemTxResult res;
2144 uint64_t data;
79ed0416
PM		 2145 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2146 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2147
2148 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2149 switch (size) {
66b9b43c 2150 case 1:
79ed0416 2151 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2152 break;
2153 case 2:
79ed0416 2154 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2155 break;
2156 case 4:
79ed0416 2157 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2158 break;
1ec9b909
AK		 2159 default: abort();
2160 }
66b9b43c
PM		 2161 *pdata = data;
2162 return res;
6658ffb8
PB		 2163}
2164
66b9b43c
PM		 2165static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2166 uint64_t val, unsigned size,
2167 MemTxAttrs attrs)
6658ffb8 2168{
66b9b43c 2169 MemTxResult res;
79ed0416
PM		 2170 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2171 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2172
2173 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2174 switch (size) {
67364150 2175 case 1:
79ed0416 2176 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2177 break;
2178 case 2:
79ed0416 2179 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2180 break;
2181 case 4:
79ed0416 2182 address_space_stl(as, addr, val, attrs, &res);
67364150 2183 break;
1ec9b909
AK		 2184 default: abort();
2185 }
66b9b43c 2186 return res;
6658ffb8
PB		 2187}
2188
1ec9b909 2189static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2190 .read_with_attrs = watch_mem_read,
2191 .write_with_attrs = watch_mem_write,
1ec9b909 2192 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2193};
6658ffb8 2194
f25a49e0
PM		 2195static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2196 unsigned len, MemTxAttrs attrs)
db7b5426 2197{
acc9d80b 2198 subpage_t *subpage = opaque;
ff6cff75 2199 uint8_t buf[8];
5c9eb028 2200 MemTxResult res;
791af8c8 2201
db7b5426 2202#if defined(DEBUG_SUBPAGE)
016e9d62 2203 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2204 subpage, len, addr);
db7b5426 2205#endif
5c9eb028
PM		 2206 res = address_space_read(subpage->as, addr + subpage->base,
2207 attrs, buf, len);
2208 if (res) {
2209 return res;
f25a49e0 2210 }
acc9d80b
JK		 2211 switch (len) {
2212 case 1:
f25a49e0
PM		 2213 *data = ldub_p(buf);
2214 return MEMTX_OK;
acc9d80b 2215 case 2:
f25a49e0
PM		 2216 *data = lduw_p(buf);
2217 return MEMTX_OK;
acc9d80b 2218 case 4:
f25a49e0
PM		 2219 *data = ldl_p(buf);
2220 return MEMTX_OK;
ff6cff75 2221 case 8:
f25a49e0
PM		 2222 *data = ldq_p(buf);
2223 return MEMTX_OK;
acc9d80b
JK		 2224 default:
2225 abort();
2226 }
db7b5426
BS		 2227}
2228
f25a49e0
PM		 2229static MemTxResult subpage_write(void *opaque, hwaddr addr,
2230 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2231{
acc9d80b 2232 subpage_t *subpage = opaque;
ff6cff75 2233 uint8_t buf[8];
acc9d80b 2234
db7b5426 2235#if defined(DEBUG_SUBPAGE)
016e9d62 2236 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2237 " value %"PRIx64"\n",
2238 __func__, subpage, len, addr, value);
db7b5426 2239#endif
acc9d80b
JK		 2240 switch (len) {
2241 case 1:
2242 stb_p(buf, value);
2243 break;
2244 case 2:
2245 stw_p(buf, value);
2246 break;
2247 case 4:
2248 stl_p(buf, value);
2249 break;
ff6cff75
PB		 2250 case 8:
2251 stq_p(buf, value);
2252 break;
acc9d80b
JK		 2253 default:
2254 abort();
2255 }
5c9eb028
PM		 2256 return address_space_write(subpage->as, addr + subpage->base,
2257 attrs, buf, len);
db7b5426
BS		 2258}
2259
c353e4cc 2260static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2261 unsigned len, bool is_write)
c353e4cc 2262{
acc9d80b 2263 subpage_t *subpage = opaque;
c353e4cc 2264#if defined(DEBUG_SUBPAGE)
016e9d62 2265 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2266 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2267#endif
2268
acc9d80b 2269 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2270 len, is_write);
c353e4cc
PB		 2271}
2272
70c68e44 2273static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2274 .read_with_attrs = subpage_read,
2275 .write_with_attrs = subpage_write,
ff6cff75
PB		 2276 .impl.min_access_size = 1,
2277 .impl.max_access_size = 8,
2278 .valid.min_access_size = 1,
2279 .valid.max_access_size = 8,
c353e4cc 2280 .valid.accepts = subpage_accepts,
70c68e44 2281 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2282};
2283
c227f099 2284static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2285 uint16_t section)
db7b5426
BS		 2286{
2287 int idx, eidx;
2288
2289 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2290 return -1;
2291 idx = SUBPAGE_IDX(start);
2292 eidx = SUBPAGE_IDX(end);
2293#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2294 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2295 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2296#endif
db7b5426 2297 for (; idx <= eidx; idx++) {
5312bd8b 2298 mmio->sub_section[idx] = section;
db7b5426
BS		 2299 }
2300
2301 return 0;
2302}
2303
acc9d80b 2304static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2305{
c227f099 2306 subpage_t *mmio;
db7b5426 2307
7267c094 2308 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2309
acc9d80b 2310 mmio->as = as;
1eec614b 2311 mmio->base = base;
2c9b15ca 2312 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2313 NULL, TARGET_PAGE_SIZE);
b3b00c78 2314 mmio->iomem.subpage = true;
db7b5426 2315#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2316 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2317 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2318#endif
b41aac4f 2319 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2320
2321 return mmio;
2322}
2323
a656e22f
PC		 2324static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2325 MemoryRegion *mr)
5312bd8b 2326{
a656e22f 2327 assert(as);
5312bd8b 2328 MemoryRegionSection section = {
a656e22f 2329 .address_space = as,
5312bd8b
AK		 2330 .mr = mr,
2331 .offset_within_address_space = 0,
2332 .offset_within_region = 0,
052e87b0 2333 .size = int128_2_64(),
5312bd8b
AK		 2334 };
2335
53cb28cb 2336 return phys_section_add(map, &section);
5312bd8b
AK		 2337}
2338
a54c87b6 2339MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2340{
a54c87b6
PM		 2341 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2342 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2343 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2344 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2345
2346 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2347}
2348
e9179ce1
AK		 2349static void io_mem_init(void)
2350{
1f6245e5 2351 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2352 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2353 NULL, UINT64_MAX);
2c9b15ca 2354 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2355 NULL, UINT64_MAX);
2c9b15ca 2356 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2357 NULL, UINT64_MAX);
e9179ce1
AK		 2358}
2359
ac1970fb 2360static void mem_begin(MemoryListener *listener)
00752703
PB		 2361{
2362 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2363 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2364 uint16_t n;
2365
a656e22f 2366 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2367 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2368 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2369 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2370 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2371 assert(n == PHYS_SECTION_ROM);
a656e22f 2372 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2373 assert(n == PHYS_SECTION_WATCH);
00752703 2374
9736e55b 2375 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2376 d->as = as;
2377 as->next_dispatch = d;
2378}
2379
79e2b9ae
PB		 2380static void address_space_dispatch_free(AddressSpaceDispatch *d)
2381{
2382 phys_sections_free(&d->map);
2383 g_free(d);
2384}
2385
00752703 2386static void mem_commit(MemoryListener *listener)
ac1970fb 2387{
89ae337a 2388 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2389 AddressSpaceDispatch *cur = as->dispatch;
2390 AddressSpaceDispatch *next = as->next_dispatch;
2391
53cb28cb 2392 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2393
79e2b9ae 2394 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2395 if (cur) {
79e2b9ae 2396 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2397 }
9affd6fc
PB		 2398}
2399
1d71148e 2400static void tcg_commit(MemoryListener *listener)
50c1e149 2401{
32857f4d
PM		 2402 CPUAddressSpace *cpuas;
2403 AddressSpaceDispatch *d;
117712c3
AK		 2404
2405 /* since each CPU stores ram addresses in its TLB cache, we must
2406 reset the modified entries */
32857f4d
PM		 2407 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2408 cpu_reloading_memory_map();
2409 /* The CPU and TLB are protected by the iothread lock.
2410 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2411 * may have split the RCU critical section.
2412 */
2413 d = atomic_rcu_read(&cpuas->as->dispatch);
2414 cpuas->memory_dispatch = d;
2415 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2416}
2417
ac1970fb
AK		 2418void address_space_init_dispatch(AddressSpace *as)
2419{
00752703 2420 as->dispatch = NULL;
89ae337a 2421 as->dispatch_listener = (MemoryListener) {
ac1970fb 2422 .begin = mem_begin,
00752703 2423 .commit = mem_commit,
ac1970fb
AK		 2424 .region_add = mem_add,
2425 .region_nop = mem_add,
2426 .priority = 0,
2427 };
89ae337a 2428 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2429}
2430
6e48e8f9
PB		 2431void address_space_unregister(AddressSpace *as)
2432{
2433 memory_listener_unregister(&as->dispatch_listener);
2434}
2435
83f3c251
AK		 2436void address_space_destroy_dispatch(AddressSpace *as)
2437{
2438 AddressSpaceDispatch *d = as->dispatch;
2439
79e2b9ae
PB		 2440 atomic_rcu_set(&as->dispatch, NULL);
2441 if (d) {
2442 call_rcu(d, address_space_dispatch_free, rcu);
2443 }
83f3c251
AK		 2444}
2445
62152b8a
AK		 2446static void memory_map_init(void)
2447{
7267c094 2448 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2449
57271d63 2450 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2451 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2452
7267c094 2453 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2454 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2455 65536);
7dca8043 2456 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2457}
2458
2459MemoryRegion *get_system_memory(void)
2460{
2461 return system_memory;
2462}
2463
309cb471
AK		 2464MemoryRegion *get_system_io(void)
2465{
2466 return system_io;
2467}
2468
e2eef170
PB		 2469#endif /* !defined(CONFIG_USER_ONLY) */
2470
13eb76e0
FB		 2471/* physical memory access (slow version, mainly for debug) */
2472#if defined(CONFIG_USER_ONLY)
f17ec444 2473int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2474 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2475{
2476 int l, flags;
2477 target_ulong page;
53a5960a 2478 void * p;
13eb76e0
FB		 2479
2480 while (len > 0) {
2481 page = addr & TARGET_PAGE_MASK;
2482 l = (page + TARGET_PAGE_SIZE) - addr;
2483 if (l > len)
2484 l = len;
2485 flags = page_get_flags(page);
2486 if (!(flags & PAGE_VALID))
a68fe89c 2487 return -1;
13eb76e0
FB		 2488 if (is_write) {
2489 if (!(flags & PAGE_WRITE))
a68fe89c 2490 return -1;
579a97f7 2491 /* XXX: this code should not depend on lock_user */
72fb7daa 2492 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2493 return -1;
72fb7daa
AJ		 2494 memcpy(p, buf, l);
2495 unlock_user(p, addr, l);
13eb76e0
FB		 2496 } else {
2497 if (!(flags & PAGE_READ))
a68fe89c 2498 return -1;
579a97f7 2499 /* XXX: this code should not depend on lock_user */
72fb7daa 2500 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2501 return -1;
72fb7daa 2502 memcpy(buf, p, l);
5b257578 2503 unlock_user(p, addr, 0);
13eb76e0
FB		 2504 }
2505 len -= l;
2506 buf += l;
2507 addr += l;
2508 }
a68fe89c 2509 return 0;
13eb76e0 2510}
8df1cd07 2511
13eb76e0 2512#else
51d7a9eb 2513
845b6214 2514static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2515 hwaddr length)
51d7a9eb 2516{
e87f7778
PB		 2517 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2518 /* No early return if dirty_log_mask is or becomes 0, because
2519 * cpu_physical_memory_set_dirty_range will still call
2520 * xen_modified_memory.
2521 */
2522 if (dirty_log_mask) {
2523 dirty_log_mask =
2524 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2525 }
2526 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2527 tb_invalidate_phys_range(addr, addr + length);
2528 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2529 }
e87f7778 2530 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2531}
2532
23326164 2533static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2534{
e1622f4b 2535 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2536
2537 /* Regions are assumed to support 1-4 byte accesses unless
2538 otherwise specified. */
23326164
RH		 2539 if (access_size_max == 0) {
2540 access_size_max = 4;
2541 }
2542
2543 /* Bound the maximum access by the alignment of the address. */
2544 if (!mr->ops->impl.unaligned) {
2545 unsigned align_size_max = addr & -addr;
2546 if (align_size_max != 0 && align_size_max < access_size_max) {
2547 access_size_max = align_size_max;
2548 }
82f2563f 2549 }
23326164
RH		 2550
2551 /* Don't attempt accesses larger than the maximum. */
2552 if (l > access_size_max) {
2553 l = access_size_max;
82f2563f 2554 }
6554f5c0 2555 l = pow2floor(l);
23326164
RH		 2556
2557 return l;
82f2563f
PB		 2558}
2559
4840f10e 2560static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2561{
4840f10e
JK		 2562 bool unlocked = !qemu_mutex_iothread_locked();
2563 bool release_lock = false;
2564
2565 if (unlocked && mr->global_locking) {
2566 qemu_mutex_lock_iothread();
2567 unlocked = false;
2568 release_lock = true;
2569 }
125b3806 2570 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2571 if (unlocked) {
2572 qemu_mutex_lock_iothread();
2573 }
125b3806 2574 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2575 if (unlocked) {
2576 qemu_mutex_unlock_iothread();
2577 }
125b3806 2578 }
4840f10e
JK		 2579
2580 return release_lock;
125b3806
PB		 2581}
2582
a203ac70
PB		 2583/* Called within RCU critical section. */
2584static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2585 MemTxAttrs attrs,
2586 const uint8_t *buf,
2587 int len, hwaddr addr1,
2588 hwaddr l, MemoryRegion *mr)
13eb76e0 2589{
13eb76e0 2590 uint8_t *ptr;
791af8c8 2591 uint64_t val;
3b643495 2592 MemTxResult result = MEMTX_OK;
4840f10e 2593 bool release_lock = false;
3b46e624 2594
a203ac70 2595 for (;;) {
eb7eeb88
PB		 2596 if (!memory_access_is_direct(mr, true)) {
2597 release_lock |= prepare_mmio_access(mr);
2598 l = memory_access_size(mr, l, addr1);
2599 /* XXX: could force current_cpu to NULL to avoid
2600 potential bugs */
2601 switch (l) {
2602 case 8:
2603 /* 64 bit write access */
2604 val = ldq_p(buf);
2605 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2606 attrs);
2607 break;
2608 case 4:
2609 /* 32 bit write access */
2610 val = ldl_p(buf);
2611 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2612 attrs);
2613 break;
2614 case 2:
2615 /* 16 bit write access */
2616 val = lduw_p(buf);
2617 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2618 attrs);
2619 break;
2620 case 1:
2621 /* 8 bit write access */
2622 val = ldub_p(buf);
2623 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2624 attrs);
2625 break;
2626 default:
2627 abort();
13eb76e0
FB		 2628 }
2629 } else {
eb7eeb88
PB		 2630 addr1 += memory_region_get_ram_addr(mr);
2631 /* RAM case */
3655cb9c 2632 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2633 memcpy(ptr, buf, l);
2634 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2635 }
4840f10e
JK		 2636
2637 if (release_lock) {
2638 qemu_mutex_unlock_iothread();
2639 release_lock = false;
2640 }
2641
13eb76e0
FB		 2642 len -= l;
2643 buf += l;
2644 addr += l;
a203ac70
PB		 2645
2646 if (!len) {
2647 break;
2648 }
2649
2650 l = len;
2651 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2652 }
fd8aaa76 2653
3b643495 2654 return result;
13eb76e0 2655}
8df1cd07 2656
a203ac70
PB		 2657MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2658 const uint8_t *buf, int len)
ac1970fb 2659{
eb7eeb88 2660 hwaddr l;
eb7eeb88
PB		 2661 hwaddr addr1;
2662 MemoryRegion *mr;
2663 MemTxResult result = MEMTX_OK;
eb7eeb88 2664
a203ac70
PB		 2665 if (len > 0) {
2666 rcu_read_lock();
eb7eeb88 2667 l = len;
a203ac70
PB		 2668 mr = address_space_translate(as, addr, &addr1, &l, true);
2669 result = address_space_write_continue(as, addr, attrs, buf, len,
2670 addr1, l, mr);
2671 rcu_read_unlock();
2672 }
2673
2674 return result;
2675}
2676
2677/* Called within RCU critical section. */
2678MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2679 MemTxAttrs attrs, uint8_t *buf,
2680 int len, hwaddr addr1, hwaddr l,
2681 MemoryRegion *mr)
2682{
2683 uint8_t *ptr;
2684 uint64_t val;
2685 MemTxResult result = MEMTX_OK;
2686 bool release_lock = false;
eb7eeb88 2687
a203ac70 2688 for (;;) {
eb7eeb88
PB		 2689 if (!memory_access_is_direct(mr, false)) {
2690 /* I/O case */
2691 release_lock |= prepare_mmio_access(mr);
2692 l = memory_access_size(mr, l, addr1);
2693 switch (l) {
2694 case 8:
2695 /* 64 bit read access */
2696 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2697 attrs);
2698 stq_p(buf, val);
2699 break;
2700 case 4:
2701 /* 32 bit read access */
2702 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2703 attrs);
2704 stl_p(buf, val);
2705 break;
2706 case 2:
2707 /* 16 bit read access */
2708 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2709 attrs);
2710 stw_p(buf, val);
2711 break;
2712 case 1:
2713 /* 8 bit read access */
2714 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2715 attrs);
2716 stb_p(buf, val);
2717 break;
2718 default:
2719 abort();
2720 }
2721 } else {
2722 /* RAM case */
8e41fb63
FZ		 2723 ptr = qemu_get_ram_ptr(mr->ram_block,
2724 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2725 memcpy(buf, ptr, l);
2726 }
2727
2728 if (release_lock) {
2729 qemu_mutex_unlock_iothread();
2730 release_lock = false;
2731 }
2732
2733 len -= l;
2734 buf += l;
2735 addr += l;
a203ac70
PB		 2736
2737 if (!len) {
2738 break;
2739 }
2740
2741 l = len;
2742 mr = address_space_translate(as, addr, &addr1, &l, false);
2743 }
2744
2745 return result;
2746}
2747
3cc8f884
PB		 2748MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2749 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2750{
2751 hwaddr l;
2752 hwaddr addr1;
2753 MemoryRegion *mr;
2754 MemTxResult result = MEMTX_OK;
2755
2756 if (len > 0) {
2757 rcu_read_lock();
2758 l = len;
2759 mr = address_space_translate(as, addr, &addr1, &l, false);
2760 result = address_space_read_continue(as, addr, attrs, buf, len,
2761 addr1, l, mr);
2762 rcu_read_unlock();
eb7eeb88 2763 }
eb7eeb88
PB		 2764
2765 return result;
ac1970fb
AK		 2766}
2767
eb7eeb88
PB		 2768MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2769 uint8_t *buf, int len, bool is_write)
2770{
2771 if (is_write) {
2772 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2773 } else {
2774 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2775 }
2776}
ac1970fb 2777
a8170e5e 2778void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2779 int len, int is_write)
2780{
5c9eb028
PM		 2781 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2782 buf, len, is_write);
ac1970fb
AK		 2783}
2784
582b55a9
AG		 2785enum write_rom_type {
2786 WRITE_DATA,
2787 FLUSH_CACHE,
2788};
2789
2a221651 2790static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2791 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2792{
149f54b5 2793 hwaddr l;
d0ecd2aa 2794 uint8_t *ptr;
149f54b5 2795 hwaddr addr1;
5c8a00ce 2796 MemoryRegion *mr;
3b46e624 2797
41063e1e 2798 rcu_read_lock();
d0ecd2aa 2799 while (len > 0) {
149f54b5 2800 l = len;
2a221651 2801 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2802
5c8a00ce
PB		 2803 if (!(memory_region_is_ram(mr) ||
2804 memory_region_is_romd(mr))) {
b242e0e0 2805 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2806 } else {
5c8a00ce 2807 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2808 /* ROM/RAM case */
3655cb9c 2809 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2810 switch (type) {
2811 case WRITE_DATA:
2812 memcpy(ptr, buf, l);
845b6214 2813 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2814 break;
2815 case FLUSH_CACHE:
2816 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2817 break;
2818 }
d0ecd2aa
FB		 2819 }
2820 len -= l;
2821 buf += l;
2822 addr += l;
2823 }
41063e1e 2824 rcu_read_unlock();
d0ecd2aa
FB		 2825}
2826
582b55a9 2827/* used for ROM loading : can write in RAM and ROM */
2a221651 2828void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2829 const uint8_t *buf, int len)
2830{
2a221651 2831 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2832}
2833
2834void cpu_flush_icache_range(hwaddr start, int len)
2835{
2836 /*
2837 * This function should do the same thing as an icache flush that was
2838 * triggered from within the guest. For TCG we are always cache coherent,
2839 * so there is no need to flush anything. For KVM / Xen we need to flush
2840 * the host's instruction cache at least.
2841 */
2842 if (tcg_enabled()) {
2843 return;
2844 }
2845
2a221651
EI		 2846 cpu_physical_memory_write_rom_internal(&address_space_memory,
2847 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2848}
2849
6d16c2f8 2850typedef struct {
d3e71559 2851 MemoryRegion *mr;
6d16c2f8 2852 void *buffer;
a8170e5e
AK		 2853 hwaddr addr;
2854 hwaddr len;
c2cba0ff 2855 bool in_use;
6d16c2f8
AL		 2856} BounceBuffer;
2857
2858static BounceBuffer bounce;
2859
ba223c29 2860typedef struct MapClient {
e95205e1 2861 QEMUBH *bh;
72cf2d4f 2862 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2863} MapClient;
2864
38e047b5 2865QemuMutex map_client_list_lock;
72cf2d4f
BS		 2866static QLIST_HEAD(map_client_list, MapClient) map_client_list
2867 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2868
e95205e1
FZ		 2869static void cpu_unregister_map_client_do(MapClient *client)
2870{
2871 QLIST_REMOVE(client, link);
2872 g_free(client);
2873}
2874
33b6c2ed
FZ		 2875static void cpu_notify_map_clients_locked(void)
2876{
2877 MapClient *client;
2878
2879 while (!QLIST_EMPTY(&map_client_list)) {
2880 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2881 qemu_bh_schedule(client->bh);
2882 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2883 }
2884}
2885
e95205e1 2886void cpu_register_map_client(QEMUBH *bh)
ba223c29 2887{
7267c094 2888 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2889
38e047b5 2890 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2891 client->bh = bh;
72cf2d4f 2892 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2893 if (!atomic_read(&bounce.in_use)) {
2894 cpu_notify_map_clients_locked();
2895 }
38e047b5 2896 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2897}
2898
38e047b5 2899void cpu_exec_init_all(void)
ba223c29 2900{
38e047b5 2901 qemu_mutex_init(&ram_list.mutex);
38e047b5 2902 io_mem_init();
680a4783 2903 memory_map_init();
38e047b5 2904 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2905}
2906
e95205e1 2907void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2908{
2909 MapClient *client;
2910
e95205e1
FZ		 2911 qemu_mutex_lock(&map_client_list_lock);
2912 QLIST_FOREACH(client, &map_client_list, link) {
2913 if (client->bh == bh) {
2914 cpu_unregister_map_client_do(client);
2915 break;
2916 }
ba223c29 2917 }
e95205e1 2918 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2919}
2920
2921static void cpu_notify_map_clients(void)
2922{
38e047b5 2923 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2924 cpu_notify_map_clients_locked();
38e047b5 2925 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2926}
2927
51644ab7
PB		 2928bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2929{
5c8a00ce 2930 MemoryRegion *mr;
51644ab7
PB		 2931 hwaddr l, xlat;
2932
41063e1e 2933 rcu_read_lock();
51644ab7
PB		 2934 while (len > 0) {
2935 l = len;
5c8a00ce
PB		 2936 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2937 if (!memory_access_is_direct(mr, is_write)) {
2938 l = memory_access_size(mr, l, addr);
2939 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2940 return false;
2941 }
2942 }
2943
2944 len -= l;
2945 addr += l;
2946 }
41063e1e 2947 rcu_read_unlock();
51644ab7
PB		 2948 return true;
2949}
2950
6d16c2f8
AL		 2951/* Map a physical memory region into a host virtual address.
2952 * May map a subset of the requested range, given by and returned in *plen.
2953 * May return NULL if resources needed to perform the mapping are exhausted.
2954 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2955 * Use cpu_register_map_client() to know when retrying the map operation is
2956 * likely to succeed.
6d16c2f8 2957 */
ac1970fb 2958void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2959 hwaddr addr,
2960 hwaddr *plen,
ac1970fb 2961 bool is_write)
6d16c2f8 2962{
a8170e5e 2963 hwaddr len = *plen;
e3127ae0
PB		 2964 hwaddr done = 0;
2965 hwaddr l, xlat, base;
2966 MemoryRegion *mr, *this_mr;
2967 ram_addr_t raddr;
e81bcda5 2968 void *ptr;
6d16c2f8 2969
e3127ae0
PB		 2970 if (len == 0) {
2971 return NULL;
2972 }
38bee5dc 2973
e3127ae0 2974 l = len;
41063e1e 2975 rcu_read_lock();
e3127ae0 2976 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2977
e3127ae0 2978 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2979 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2980 rcu_read_unlock();
e3127ae0 2981 return NULL;
6d16c2f8 2982 }
e85d9db5
KW		 2983 /* Avoid unbounded allocations */
2984 l = MIN(l, TARGET_PAGE_SIZE);
2985 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2986 bounce.addr = addr;
2987 bounce.len = l;
d3e71559
PB		 2988
2989 memory_region_ref(mr);
2990 bounce.mr = mr;
e3127ae0 2991 if (!is_write) {
5c9eb028
PM		 2992 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2993 bounce.buffer, l);
8ab934f9 2994 }
6d16c2f8 2995
41063e1e 2996 rcu_read_unlock();
e3127ae0
PB		 2997 *plen = l;
2998 return bounce.buffer;
2999 }
3000
3001 base = xlat;
3002 raddr = memory_region_get_ram_addr(mr);
3003
3004 for (;;) {
6d16c2f8
AL		 3005 len -= l;
3006 addr += l;
e3127ae0
PB		 3007 done += l;
3008 if (len == 0) {
3009 break;
3010 }
3011
3012 l = len;
3013 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3014 if (this_mr != mr || xlat != base + done) {
3015 break;
3016 }
6d16c2f8 3017 }
e3127ae0 3018
d3e71559 3019 memory_region_ref(mr);
e3127ae0 3020 *plen = done;
3655cb9c 3021 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 3022 rcu_read_unlock();
3023
3024 return ptr;
6d16c2f8
AL		 3025}
3026
ac1970fb 3027/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3028 * Will also mark the memory as dirty if is_write == 1. access_len gives
3029 * the amount of memory that was actually read or written by the caller.
3030 */
a8170e5e
AK		 3031void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3032 int is_write, hwaddr access_len)
6d16c2f8
AL		 3033{
3034 if (buffer != bounce.buffer) {
d3e71559
PB		 3035 MemoryRegion *mr;
3036 ram_addr_t addr1;
3037
3038 mr = qemu_ram_addr_from_host(buffer, &addr1);
3039 assert(mr != NULL);
6d16c2f8 3040 if (is_write) {
845b6214 3041 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3042 }
868bb33f 3043 if (xen_enabled()) {
e41d7c69 3044 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3045 }
d3e71559 3046 memory_region_unref(mr);
6d16c2f8
AL		 3047 return;
3048 }
3049 if (is_write) {
5c9eb028
PM		 3050 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3051 bounce.buffer, access_len);
6d16c2f8 3052 }
f8a83245 3053 qemu_vfree(bounce.buffer);
6d16c2f8 3054 bounce.buffer = NULL;
d3e71559 3055 memory_region_unref(bounce.mr);
c2cba0ff 3056 atomic_mb_set(&bounce.in_use, false);
ba223c29 3057 cpu_notify_map_clients();
6d16c2f8 3058}
d0ecd2aa 3059
a8170e5e
AK		 3060void *cpu_physical_memory_map(hwaddr addr,
3061 hwaddr *plen,
ac1970fb
AK		 3062 int is_write)
3063{
3064 return address_space_map(&address_space_memory, addr, plen, is_write);
3065}
3066
a8170e5e
AK		 3067void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3068 int is_write, hwaddr access_len)
ac1970fb
AK		 3069{
3070 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3071}
3072
8df1cd07 3073/* warning: addr must be aligned */
50013115
PM		 3074static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3075 MemTxAttrs attrs,
3076 MemTxResult *result,
3077 enum device_endian endian)
8df1cd07 3078{
8df1cd07 3079 uint8_t *ptr;
791af8c8 3080 uint64_t val;
5c8a00ce 3081 MemoryRegion *mr;
149f54b5
PB		 3082 hwaddr l = 4;
3083 hwaddr addr1;
50013115 3084 MemTxResult r;
4840f10e 3085 bool release_lock = false;
8df1cd07 3086
41063e1e 3087 rcu_read_lock();
fdfba1a2 3088 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3089 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3090 release_lock |= prepare_mmio_access(mr);
125b3806 3091
8df1cd07 3092 /* I/O case */
50013115 3093 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3094#if defined(TARGET_WORDS_BIGENDIAN)
3095 if (endian == DEVICE_LITTLE_ENDIAN) {
3096 val = bswap32(val);
3097 }
3098#else
3099 if (endian == DEVICE_BIG_ENDIAN) {
3100 val = bswap32(val);
3101 }
3102#endif
8df1cd07
FB		 3103 } else {
3104 /* RAM case */
3655cb9c
GA		 3105 ptr = qemu_get_ram_ptr(mr->ram_block,
3106 (memory_region_get_ram_addr(mr)
06ef3525 3107 & TARGET_PAGE_MASK)
149f54b5 3108 + addr1);
1e78bcc1
AG		 3109 switch (endian) {
3110 case DEVICE_LITTLE_ENDIAN:
3111 val = ldl_le_p(ptr);
3112 break;
3113 case DEVICE_BIG_ENDIAN:
3114 val = ldl_be_p(ptr);
3115 break;
3116 default:
3117 val = ldl_p(ptr);
3118 break;
3119 }
50013115
PM		 3120 r = MEMTX_OK;
3121 }
3122 if (result) {
3123 *result = r;
8df1cd07 3124 }
4840f10e
JK		 3125 if (release_lock) {
3126 qemu_mutex_unlock_iothread();
3127 }
41063e1e 3128 rcu_read_unlock();
8df1cd07
FB		 3129 return val;
3130}
3131
50013115
PM		 3132uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3133 MemTxAttrs attrs, MemTxResult *result)
3134{
3135 return address_space_ldl_internal(as, addr, attrs, result,
3136 DEVICE_NATIVE_ENDIAN);
3137}
3138
3139uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3140 MemTxAttrs attrs, MemTxResult *result)
3141{
3142 return address_space_ldl_internal(as, addr, attrs, result,
3143 DEVICE_LITTLE_ENDIAN);
3144}
3145
3146uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3147 MemTxAttrs attrs, MemTxResult *result)
3148{
3149 return address_space_ldl_internal(as, addr, attrs, result,
3150 DEVICE_BIG_ENDIAN);
3151}
3152
fdfba1a2 3153uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3154{
50013115 3155 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3156}
3157
fdfba1a2 3158uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3159{
50013115 3160 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3161}
3162
fdfba1a2 3163uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3164{
50013115 3165 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3166}
3167
84b7b8e7 3168/* warning: addr must be aligned */
50013115
PM		 3169static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3170 MemTxAttrs attrs,
3171 MemTxResult *result,
3172 enum device_endian endian)
84b7b8e7 3173{
84b7b8e7
FB		 3174 uint8_t *ptr;
3175 uint64_t val;
5c8a00ce 3176 MemoryRegion *mr;
149f54b5
PB		 3177 hwaddr l = 8;
3178 hwaddr addr1;
50013115 3179 MemTxResult r;
4840f10e 3180 bool release_lock = false;
84b7b8e7 3181
41063e1e 3182 rcu_read_lock();
2c17449b 3183 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3184 false);
3185 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3186 release_lock |= prepare_mmio_access(mr);
125b3806 3187
84b7b8e7 3188 /* I/O case */
50013115 3189 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3190#if defined(TARGET_WORDS_BIGENDIAN)
3191 if (endian == DEVICE_LITTLE_ENDIAN) {
3192 val = bswap64(val);
3193 }
3194#else
3195 if (endian == DEVICE_BIG_ENDIAN) {
3196 val = bswap64(val);
3197 }
84b7b8e7
FB		 3198#endif
3199 } else {
3200 /* RAM case */
3655cb9c
GA		 3201 ptr = qemu_get_ram_ptr(mr->ram_block,
3202 (memory_region_get_ram_addr(mr)
06ef3525 3203 & TARGET_PAGE_MASK)
149f54b5 3204 + addr1);
1e78bcc1
AG		 3205 switch (endian) {
3206 case DEVICE_LITTLE_ENDIAN:
3207 val = ldq_le_p(ptr);
3208 break;
3209 case DEVICE_BIG_ENDIAN:
3210 val = ldq_be_p(ptr);
3211 break;
3212 default:
3213 val = ldq_p(ptr);
3214 break;
3215 }
50013115
PM		 3216 r = MEMTX_OK;
3217 }
3218 if (result) {
3219 *result = r;
84b7b8e7 3220 }
4840f10e
JK		 3221 if (release_lock) {
3222 qemu_mutex_unlock_iothread();
3223 }
41063e1e 3224 rcu_read_unlock();
84b7b8e7
FB		 3225 return val;
3226}
3227
50013115
PM		 3228uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3229 MemTxAttrs attrs, MemTxResult *result)
3230{
3231 return address_space_ldq_internal(as, addr, attrs, result,
3232 DEVICE_NATIVE_ENDIAN);
3233}
3234
3235uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3236 MemTxAttrs attrs, MemTxResult *result)
3237{
3238 return address_space_ldq_internal(as, addr, attrs, result,
3239 DEVICE_LITTLE_ENDIAN);
3240}
3241
3242uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3243 MemTxAttrs attrs, MemTxResult *result)
3244{
3245 return address_space_ldq_internal(as, addr, attrs, result,
3246 DEVICE_BIG_ENDIAN);
3247}
3248
2c17449b 3249uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3250{
50013115 3251 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3252}
3253
2c17449b 3254uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3255{
50013115 3256 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3257}
3258
2c17449b 3259uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3260{
50013115 3261 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3262}
3263
aab33094 3264/* XXX: optimize */
50013115
PM		 3265uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3266 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3267{
3268 uint8_t val;
50013115
PM		 3269 MemTxResult r;
3270
3271 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3272 if (result) {
3273 *result = r;
3274 }
aab33094
FB		 3275 return val;
3276}
3277
50013115
PM		 3278uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3279{
3280 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3281}
3282
733f0b02 3283/* warning: addr must be aligned */
50013115
PM		 3284static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3285 hwaddr addr,
3286 MemTxAttrs attrs,
3287 MemTxResult *result,
3288 enum device_endian endian)
aab33094 3289{
733f0b02
MT		 3290 uint8_t *ptr;
3291 uint64_t val;
5c8a00ce 3292 MemoryRegion *mr;
149f54b5
PB		 3293 hwaddr l = 2;
3294 hwaddr addr1;
50013115 3295 MemTxResult r;
4840f10e 3296 bool release_lock = false;
733f0b02 3297
41063e1e 3298 rcu_read_lock();
41701aa4 3299 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3300 false);
3301 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3302 release_lock |= prepare_mmio_access(mr);
125b3806 3303
733f0b02 3304 /* I/O case */
50013115 3305 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3306#if defined(TARGET_WORDS_BIGENDIAN)
3307 if (endian == DEVICE_LITTLE_ENDIAN) {
3308 val = bswap16(val);
3309 }
3310#else
3311 if (endian == DEVICE_BIG_ENDIAN) {
3312 val = bswap16(val);
3313 }
3314#endif
733f0b02
MT		 3315 } else {
3316 /* RAM case */
3655cb9c
GA		 3317 ptr = qemu_get_ram_ptr(mr->ram_block,
3318 (memory_region_get_ram_addr(mr)
06ef3525 3319 & TARGET_PAGE_MASK)
149f54b5 3320 + addr1);
1e78bcc1
AG		 3321 switch (endian) {
3322 case DEVICE_LITTLE_ENDIAN:
3323 val = lduw_le_p(ptr);
3324 break;
3325 case DEVICE_BIG_ENDIAN:
3326 val = lduw_be_p(ptr);
3327 break;
3328 default:
3329 val = lduw_p(ptr);
3330 break;
3331 }
50013115
PM		 3332 r = MEMTX_OK;
3333 }
3334 if (result) {
3335 *result = r;
733f0b02 3336 }
4840f10e
JK		 3337 if (release_lock) {
3338 qemu_mutex_unlock_iothread();
3339 }
41063e1e 3340 rcu_read_unlock();
733f0b02 3341 return val;
aab33094
FB		 3342}
3343
50013115
PM		 3344uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3345 MemTxAttrs attrs, MemTxResult *result)
3346{
3347 return address_space_lduw_internal(as, addr, attrs, result,
3348 DEVICE_NATIVE_ENDIAN);
3349}
3350
3351uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3352 MemTxAttrs attrs, MemTxResult *result)
3353{
3354 return address_space_lduw_internal(as, addr, attrs, result,
3355 DEVICE_LITTLE_ENDIAN);
3356}
3357
3358uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3359 MemTxAttrs attrs, MemTxResult *result)
3360{
3361 return address_space_lduw_internal(as, addr, attrs, result,
3362 DEVICE_BIG_ENDIAN);
3363}
3364
41701aa4 3365uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3366{
50013115 3367 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3368}
3369
41701aa4 3370uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3371{
50013115 3372 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3373}
3374
41701aa4 3375uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3376{
50013115 3377 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3378}
3379
8df1cd07
FB		 3380/* warning: addr must be aligned. The ram page is not masked as dirty
3381 and the code inside is not invalidated. It is useful if the dirty
3382 bits are used to track modified PTEs */
50013115
PM		 3383void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3384 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3385{
8df1cd07 3386 uint8_t *ptr;
5c8a00ce 3387 MemoryRegion *mr;
149f54b5
PB		 3388 hwaddr l = 4;
3389 hwaddr addr1;
50013115 3390 MemTxResult r;
845b6214 3391 uint8_t dirty_log_mask;
4840f10e 3392 bool release_lock = false;
8df1cd07 3393
41063e1e 3394 rcu_read_lock();
2198a121 3395 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3396 true);
3397 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3398 release_lock |= prepare_mmio_access(mr);
125b3806 3399
50013115 3400 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3401 } else {
5c8a00ce 3402 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3403 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3404 stl_p(ptr, val);
74576198 3405
845b6214
PB		 3406 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3407 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3408 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3409 r = MEMTX_OK;
3410 }
3411 if (result) {
3412 *result = r;
8df1cd07 3413 }
4840f10e
JK		 3414 if (release_lock) {
3415 qemu_mutex_unlock_iothread();
3416 }
41063e1e 3417 rcu_read_unlock();
8df1cd07
FB		 3418}
3419
50013115
PM		 3420void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3421{
3422 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3423}
3424
8df1cd07 3425/* warning: addr must be aligned */
50013115
PM		 3426static inline void address_space_stl_internal(AddressSpace *as,
3427 hwaddr addr, uint32_t val,
3428 MemTxAttrs attrs,
3429 MemTxResult *result,
3430 enum device_endian endian)
8df1cd07 3431{
8df1cd07 3432 uint8_t *ptr;
5c8a00ce 3433 MemoryRegion *mr;
149f54b5
PB		 3434 hwaddr l = 4;
3435 hwaddr addr1;
50013115 3436 MemTxResult r;
4840f10e 3437 bool release_lock = false;
8df1cd07 3438
41063e1e 3439 rcu_read_lock();
ab1da857 3440 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3441 true);
3442 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3443 release_lock |= prepare_mmio_access(mr);
125b3806 3444
1e78bcc1
AG		 3445#if defined(TARGET_WORDS_BIGENDIAN)
3446 if (endian == DEVICE_LITTLE_ENDIAN) {
3447 val = bswap32(val);
3448 }
3449#else
3450 if (endian == DEVICE_BIG_ENDIAN) {
3451 val = bswap32(val);
3452 }
3453#endif
50013115 3454 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3455 } else {
8df1cd07 3456 /* RAM case */
5c8a00ce 3457 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3458 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3459 switch (endian) {
3460 case DEVICE_LITTLE_ENDIAN:
3461 stl_le_p(ptr, val);
3462 break;
3463 case DEVICE_BIG_ENDIAN:
3464 stl_be_p(ptr, val);
3465 break;
3466 default:
3467 stl_p(ptr, val);
3468 break;
3469 }
845b6214 3470 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3471 r = MEMTX_OK;
3472 }
3473 if (result) {
3474 *result = r;
8df1cd07 3475 }
4840f10e
JK		 3476 if (release_lock) {
3477 qemu_mutex_unlock_iothread();
3478 }
41063e1e 3479 rcu_read_unlock();
8df1cd07
FB		 3480}
3481
50013115
PM		 3482void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3483 MemTxAttrs attrs, MemTxResult *result)
3484{
3485 address_space_stl_internal(as, addr, val, attrs, result,
3486 DEVICE_NATIVE_ENDIAN);
3487}
3488
3489void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3490 MemTxAttrs attrs, MemTxResult *result)
3491{
3492 address_space_stl_internal(as, addr, val, attrs, result,
3493 DEVICE_LITTLE_ENDIAN);
3494}
3495
3496void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3497 MemTxAttrs attrs, MemTxResult *result)
3498{
3499 address_space_stl_internal(as, addr, val, attrs, result,
3500 DEVICE_BIG_ENDIAN);
3501}
3502
ab1da857 3503void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3504{
50013115 3505 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3506}
3507
ab1da857 3508void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3509{
50013115 3510 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3511}
3512
ab1da857 3513void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3514{
50013115 3515 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3516}
3517
aab33094 3518/* XXX: optimize */
50013115
PM		 3519void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3520 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3521{
3522 uint8_t v = val;
50013115
PM		 3523 MemTxResult r;
3524
3525 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3526 if (result) {
3527 *result = r;
3528 }
3529}
3530
3531void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3532{
3533 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3534}
3535
733f0b02 3536/* warning: addr must be aligned */
50013115
PM		 3537static inline void address_space_stw_internal(AddressSpace *as,
3538 hwaddr addr, uint32_t val,
3539 MemTxAttrs attrs,
3540 MemTxResult *result,
3541 enum device_endian endian)
aab33094 3542{
733f0b02 3543 uint8_t *ptr;
5c8a00ce 3544 MemoryRegion *mr;
149f54b5
PB		 3545 hwaddr l = 2;
3546 hwaddr addr1;
50013115 3547 MemTxResult r;
4840f10e 3548 bool release_lock = false;
733f0b02 3549
41063e1e 3550 rcu_read_lock();
5ce5944d 3551 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3552 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3553 release_lock |= prepare_mmio_access(mr);
125b3806 3554
1e78bcc1
AG		 3555#if defined(TARGET_WORDS_BIGENDIAN)
3556 if (endian == DEVICE_LITTLE_ENDIAN) {
3557 val = bswap16(val);
3558 }
3559#else
3560 if (endian == DEVICE_BIG_ENDIAN) {
3561 val = bswap16(val);
3562 }
3563#endif
50013115 3564 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3565 } else {
733f0b02 3566 /* RAM case */
5c8a00ce 3567 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3568 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3569 switch (endian) {
3570 case DEVICE_LITTLE_ENDIAN:
3571 stw_le_p(ptr, val);
3572 break;
3573 case DEVICE_BIG_ENDIAN:
3574 stw_be_p(ptr, val);
3575 break;
3576 default:
3577 stw_p(ptr, val);
3578 break;
3579 }
845b6214 3580 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3581 r = MEMTX_OK;
3582 }
3583 if (result) {
3584 *result = r;
733f0b02 3585 }
4840f10e
JK		 3586 if (release_lock) {
3587 qemu_mutex_unlock_iothread();
3588 }
41063e1e 3589 rcu_read_unlock();
aab33094
FB		 3590}
3591
50013115
PM		 3592void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3593 MemTxAttrs attrs, MemTxResult *result)
3594{
3595 address_space_stw_internal(as, addr, val, attrs, result,
3596 DEVICE_NATIVE_ENDIAN);
3597}
3598
3599void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3600 MemTxAttrs attrs, MemTxResult *result)
3601{
3602 address_space_stw_internal(as, addr, val, attrs, result,
3603 DEVICE_LITTLE_ENDIAN);
3604}
3605
3606void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3607 MemTxAttrs attrs, MemTxResult *result)
3608{
3609 address_space_stw_internal(as, addr, val, attrs, result,
3610 DEVICE_BIG_ENDIAN);
3611}
3612
5ce5944d 3613void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3614{
50013115 3615 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3616}
3617
5ce5944d 3618void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3619{
50013115 3620 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3621}
3622
5ce5944d 3623void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3624{
50013115 3625 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3626}
3627
aab33094 3628/* XXX: optimize */
50013115
PM		 3629void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3630 MemTxAttrs attrs, MemTxResult *result)
aab33094 3631{
50013115 3632 MemTxResult r;
aab33094 3633 val = tswap64(val);
50013115
PM		 3634 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3635 if (result) {
3636 *result = r;
3637 }
aab33094
FB		 3638}
3639
50013115
PM		 3640void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3641 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3642{
50013115 3643 MemTxResult r;
1e78bcc1 3644 val = cpu_to_le64(val);
50013115
PM		 3645 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3646 if (result) {
3647 *result = r;
3648 }
3649}
3650void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3651 MemTxAttrs attrs, MemTxResult *result)
3652{
3653 MemTxResult r;
3654 val = cpu_to_be64(val);
3655 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3656 if (result) {
3657 *result = r;
3658 }
3659}
3660
3661void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3662{
3663 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3664}
3665
3666void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3667{
3668 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3669}
3670
f606604f 3671void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3672{
50013115 3673 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3674}
3675
5e2972fd 3676/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3677int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3678 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3679{
3680 int l;
a8170e5e 3681 hwaddr phys_addr;
9b3c35e0 3682 target_ulong page;
13eb76e0
FB		 3683
3684 while (len > 0) {
5232e4c7
PM		 3685 int asidx;
3686 MemTxAttrs attrs;
3687
13eb76e0 3688 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3689 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3690 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3691 /* if no physical page mapped, return an error */
3692 if (phys_addr == -1)
3693 return -1;
3694 l = (page + TARGET_PAGE_SIZE) - addr;
3695 if (l > len)
3696 l = len;
5e2972fd 3697 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3698 if (is_write) {
5232e4c7
PM		 3699 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3700 phys_addr, buf, l);
2e38847b 3701 } else {
5232e4c7
PM		 3702 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3703 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3704 buf, l, 0);
2e38847b 3705 }
13eb76e0
FB		 3706 len -= l;
3707 buf += l;
3708 addr += l;
3709 }
3710 return 0;
3711}
038629a6
DDAG		 3712
3713/*
3714 * Allows code that needs to deal with migration bitmaps etc to still be built
3715 * target independent.
3716 */
3717size_t qemu_target_page_bits(void)
3718{
3719 return TARGET_PAGE_BITS;
3720}
3721
a68fe89c 3722#endif
13eb76e0 3723
8e4a424b
BS		 3724/*
3725 * A helper function for the _utterly broken_ virtio device model to find out if
3726 * it's running on a big endian machine. Don't do this at home kids!
3727 */
98ed8ecf
GK		 3728bool target_words_bigendian(void);
3729bool target_words_bigendian(void)
8e4a424b
BS		 3730{
3731#if defined(TARGET_WORDS_BIGENDIAN)
3732 return true;
3733#else
3734 return false;
3735#endif
3736}
3737
76f35538 3738#ifndef CONFIG_USER_ONLY
a8170e5e 3739bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3740{
5c8a00ce 3741 MemoryRegion*mr;
149f54b5 3742 hwaddr l = 1;
41063e1e 3743 bool res;
76f35538 3744
41063e1e 3745 rcu_read_lock();
5c8a00ce
PB		 3746 mr = address_space_translate(&address_space_memory,
3747 phys_addr, &phys_addr, &l, false);
76f35538 3748
41063e1e
PB		 3749 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3750 rcu_read_unlock();
3751 return res;
76f35538 3752}
bd2fa51f 3753
e3807054 3754int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3755{
3756 RAMBlock *block;
e3807054 3757 int ret = 0;
bd2fa51f 3758
0dc3f44a
MD		 3759 rcu_read_lock();
3760 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3761 ret = func(block->idstr, block->host, block->offset,
3762 block->used_length, opaque);
3763 if (ret) {
3764 break;
3765 }
bd2fa51f 3766 }
0dc3f44a 3767 rcu_read_unlock();
e3807054 3768 return ret;
bd2fa51f 3769}
ec3f8c99 3770#endif
Empty description
This page took 1.599821 seconds and 4 git commands to generate.