]> Git Repo - qemu.git/blame_incremental - exec.c
projects / qemu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
memory: Drop FlatRange.romd_mode
[qemu.git] / exec.c
... / ...
CommitLineData
1/*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19#include "qemu/osdep.h"
20#include "qapi/error.h"
21#ifndef _WIN32
22#include <sys/mman.h>
23#endif
24
25#include "qemu/cutils.h"
26#include "cpu.h"
27#include "exec/exec-all.h"
28#include "tcg.h"
29#include "hw/qdev-core.h"
30#if !defined(CONFIG_USER_ONLY)
31#include "hw/boards.h"
32#include "hw/xen/xen.h"
33#endif
34#include "sysemu/kvm.h"
35#include "sysemu/sysemu.h"
36#include "qemu/timer.h"
37#include "qemu/config-file.h"
38#include "qemu/error-report.h"
39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
41#else /* !CONFIG_USER_ONLY */
42#include "hw/hw.h"
43#include "exec/memory.h"
44#include "exec/ioport.h"
45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
47#include "sysemu/xen-mapcache.h"
48#include "trace.h"
49#endif
50#include "exec/cpu-all.h"
51#include "qemu/rcu_queue.h"
52#include "qemu/main-loop.h"
53#include "translate-all.h"
54#include "sysemu/replay.h"
55
56#include "exec/memory-internal.h"
57#include "exec/ram_addr.h"
58#include "exec/log.h"
59
60#include "qemu/range.h"
61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
64
65//#define DEBUG_SUBPAGE
66
67#if !defined(CONFIG_USER_ONLY)
68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
72
73static MemoryRegion *system_memory;
74static MemoryRegion *system_io;
75
76AddressSpace address_space_io;
77AddressSpace address_space_memory;
78
79MemoryRegion io_mem_rom, io_mem_notdirty;
80static MemoryRegion io_mem_unassigned;
81
82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
93#endif
94
95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
98__thread CPUState *current_cpu;
99/* 0 = Do not count executed instructions.
100 1 = Precise instruction counting.
101 2 = Adaptive rate instruction counting. */
102int use_icount;
103
104#if !defined(CONFIG_USER_ONLY)
105
106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
110 uint32_t skip : 6;
111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
112 uint32_t ptr : 26;
113};
114
115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
117/* Size of the L2 (and L3, etc) page tables. */
118#define ADDR_SPACE_BITS 64
119
120#define P_L2_BITS 9
121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
126
127typedef struct PhysPageMap {
128 struct rcu_head rcu;
129
130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
138struct AddressSpaceDispatch {
139 struct rcu_head rcu;
140
141 MemoryRegionSection *mru_section;
142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
146 PhysPageMap map;
147 AddressSpace *as;
148};
149
150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
153 AddressSpace *as;
154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
162
163static void io_mem_init(void);
164static void memory_map_init(void);
165static void tcg_commit(MemoryListener *listener);
166
167static MemoryRegion io_mem_watch;
168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
183#endif
184
185#if !defined(CONFIG_USER_ONLY)
186
187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
188{
189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
193 }
194}
195
196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
197{
198 unsigned i;
199 uint32_t ret;
200 PhysPageEntry e;
201 PhysPageEntry *p;
202
203 ret = map->nodes_nb++;
204 p = map->nodes[ret];
205 assert(ret != PHYS_MAP_NODE_NIL);
206 assert(ret != map->nodes_nb_alloc);
207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
210 for (i = 0; i < P_L2_SIZE; ++i) {
211 memcpy(&p[i], &e, sizeof(e));
212 }
213 return ret;
214}
215
216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
218 int level)
219{
220 PhysPageEntry *p;
221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
222
223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
224 lp->ptr = phys_map_node_alloc(map, level == 0);
225 }
226 p = map->nodes[lp->ptr];
227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
228
229 while (*nb && lp < &p[P_L2_SIZE]) {
230 if ((*index & (step - 1)) == 0 && *nb >= step) {
231 lp->skip = 0;
232 lp->ptr = leaf;
233 *index += step;
234 *nb -= step;
235 } else {
236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
237 }
238 ++lp;
239 }
240}
241
242static void phys_page_set(AddressSpaceDispatch *d,
243 hwaddr index, hwaddr nb,
244 uint16_t leaf)
245{
246 /* Wildly overreserve - it doesn't matter much. */
247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
248
249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
250}
251
252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
311 }
312}
313
314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
326 Node *nodes, MemoryRegionSection *sections)
327{
328 PhysPageEntry *p;
329 hwaddr index = addr >> TARGET_PAGE_BITS;
330 int i;
331
332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
334 return &sections[PHYS_SECTION_UNASSIGNED];
335 }
336 p = nodes[lp.ptr];
337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
338 }
339
340 if (section_covers_addr(&sections[lp.ptr], addr)) {
341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
345}
346
347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
350 && mr != &io_mem_watch;
351}
352
353/* Called from RCU critical section */
354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
355 hwaddr addr,
356 bool resolve_subpage)
357{
358 MemoryRegionSection *section = atomic_read(&d->mru_section);
359 subpage_t *subpage;
360 bool update;
361
362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
373 }
374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
377 return section;
378}
379
380/* Called from RCU critical section */
381static MemoryRegionSection *
382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
383 hwaddr *plen, bool resolve_subpage)
384{
385 MemoryRegionSection *section;
386 MemoryRegion *mr;
387 Int128 diff;
388
389 section = address_space_lookup_region(d, addr, resolve_subpage);
390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
396 mr = section->mr;
397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
409 if (memory_region_is_ram(mr)) {
410 diff = int128_sub(section->size, int128_make64(addr));
411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
413 return section;
414}
415
416/* Called from RCU critical section */
417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
420{
421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
424
425 for (;;) {
426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
448 *plen = MIN(page, *plen);
449 }
450
451 *xlat = addr;
452 return mr;
453}
454
455/* Called from RCU critical section */
456MemoryRegionSection *
457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
458 hwaddr *xlat, hwaddr *plen)
459{
460 MemoryRegionSection *section;
461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
464
465 assert(!section->mr->iommu_ops);
466 return section;
467}
468#endif
469
470#if !defined(CONFIG_USER_ONLY)
471
472static int cpu_common_post_load(void *opaque, int version_id)
473{
474 CPUState *cpu = opaque;
475
476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
478 cpu->interrupt_request &= ~0x01;
479 tlb_flush(cpu, 1);
480
481 return 0;
482}
483
484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
488 cpu->exception_index = -1;
489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
497 return tcg_enabled() && cpu->exception_index != -1;
498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
504 .needed = cpu_common_exception_index_needed,
505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
529const VMStateDescription vmstate_cpu_common = {
530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
533 .pre_load = cpu_common_pre_load,
534 .post_load = cpu_common_post_load,
535 .fields = (VMStateField[]) {
536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
538 VMSTATE_END_OF_LIST()
539 },
540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
542 &vmstate_cpu_common_crash_occurred,
543 NULL
544 }
545};
546
547#endif
548
549CPUState *qemu_get_cpu(int index)
550{
551 CPUState *cpu;
552
553 CPU_FOREACH(cpu) {
554 if (cpu->cpu_index == index) {
555 return cpu;
556 }
557 }
558
559 return NULL;
560}
561
562#if !defined(CONFIG_USER_ONLY)
563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
564{
565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
577
578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
580 }
581
582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
585 if (tcg_enabled()) {
586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
588 }
589}
590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
596#endif
597
598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
643void cpu_exec_init(CPUState *cpu, Error **errp)
644{
645 CPUClass *cc = CPU_GET_CLASS(cpu);
646 Error *local_err = NULL;
647
648 cpu->as = NULL;
649 cpu->num_ases = 0;
650
651#ifndef CONFIG_USER_ONLY
652 cpu->thread_id = qemu_get_thread_id();
653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
667#endif
668
669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
672 cpu->cpu_index = cpu_get_free_index(&local_err);
673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
679 }
680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
681#if defined(CONFIG_USER_ONLY)
682 (void) cc;
683 cpu_list_unlock();
684#else
685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
687 }
688 if (cc->vmsd != NULL) {
689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
690 }
691#endif
692}
693
694#if defined(CONFIG_USER_ONLY)
695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
701{
702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
705 if (phys != -1) {
706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
707 phys | (pc & ~TARGET_PAGE_MASK));
708 }
709}
710#endif
711
712#if defined(CONFIG_USER_ONLY)
713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
714
715{
716}
717
718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
734/* Add a watchpoint. */
735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
736 int flags, CPUWatchpoint **watchpoint)
737{
738 CPUWatchpoint *wp;
739
740 /* forbid ranges which are empty or run off the end of the address space */
741 if (len == 0 || (addr + len - 1) < addr) {
742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
744 return -EINVAL;
745 }
746 wp = g_malloc(sizeof(*wp));
747
748 wp->vaddr = addr;
749 wp->len = len;
750 wp->flags = flags;
751
752 /* keep all GDB-injected watchpoints in front */
753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
758
759 tlb_flush_page(cpu, addr);
760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
764}
765
766/* Remove a specific watchpoint. */
767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
768 int flags)
769{
770 CPUWatchpoint *wp;
771
772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
773 if (addr == wp->vaddr && len == wp->len
774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
775 cpu_watchpoint_remove_by_ref(cpu, wp);
776 return 0;
777 }
778 }
779 return -ENOENT;
780}
781
782/* Remove a specific watchpoint by reference. */
783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
784{
785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
786
787 tlb_flush_page(cpu, watchpoint->vaddr);
788
789 g_free(watchpoint);
790}
791
792/* Remove all matching watchpoints. */
793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
794{
795 CPUWatchpoint *wp, *next;
796
797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
801 }
802}
803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
824#endif
825
826/* Add a breakpoint. */
827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
828 CPUBreakpoint **breakpoint)
829{
830 CPUBreakpoint *bp;
831
832 bp = g_malloc(sizeof(*bp));
833
834 bp->pc = pc;
835 bp->flags = flags;
836
837 /* keep all GDB-injected breakpoints in front */
838 if (flags & BP_GDB) {
839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
840 } else {
841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
842 }
843
844 breakpoint_invalidate(cpu, pc);
845
846 if (breakpoint) {
847 *breakpoint = bp;
848 }
849 return 0;
850}
851
852/* Remove a specific breakpoint. */
853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
854{
855 CPUBreakpoint *bp;
856
857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
858 if (bp->pc == pc && bp->flags == flags) {
859 cpu_breakpoint_remove_by_ref(cpu, bp);
860 return 0;
861 }
862 }
863 return -ENOENT;
864}
865
866/* Remove a specific breakpoint by reference. */
867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
868{
869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
872
873 g_free(breakpoint);
874}
875
876/* Remove all matching breakpoints. */
877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
878{
879 CPUBreakpoint *bp, *next;
880
881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
885 }
886}
887
888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
890void cpu_single_step(CPUState *cpu, int enabled)
891{
892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
895 kvm_update_guest_debug(cpu, 0);
896 } else {
897 /* must flush all the translated code to avoid inconsistencies */
898 /* XXX: only flush what is necessary */
899 tb_flush(cpu);
900 }
901 }
902}
903
904void cpu_abort(CPUState *cpu, const char *fmt, ...)
905{
906 va_list ap;
907 va_list ap2;
908
909 va_start(ap, fmt);
910 va_copy(ap2, ap);
911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
915 if (qemu_log_separate()) {
916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
920 qemu_log_flush();
921 qemu_log_close();
922 }
923 va_end(ap2);
924 va_end(ap);
925 replay_finish();
926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
934 abort();
935}
936
937#if !defined(CONFIG_USER_ONLY)
938/* Called from RCU critical section */
939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
943 block = atomic_rcu_read(&ram_list.mru_block);
944 if (block && addr - block->offset < block->max_length) {
945 return block;
946 }
947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
948 if (addr - block->offset < block->max_length) {
949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
973 ram_list.mru_block = block;
974 return block;
975}
976
977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
978{
979 CPUState *cpu;
980 ram_addr_t start1;
981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
986
987 rcu_read_lock();
988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
994 rcu_read_unlock();
995}
996
997/* Note: start and end must be within the same ram block. */
998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1001{
1002 DirtyMemoryBlocks *blocks;
1003 unsigned long end, page;
1004 bool dirty = false;
1005
1006 if (length == 0) {
1007 return false;
1008 }
1009
1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
1028
1029 if (dirty && tcg_enabled()) {
1030 tlb_reset_dirty_range_all(start, length);
1031 }
1032
1033 return dirty;
1034}
1035
1036/* Called from RCU critical section */
1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
1043{
1044 hwaddr iotlb;
1045 CPUWatchpoint *wp;
1046
1047 if (memory_region_is_ram(section->mr)) {
1048 /* Normal RAM. */
1049 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1050 + xlat;
1051 if (!section->readonly) {
1052 iotlb |= PHYS_SECTION_NOTDIRTY;
1053 } else {
1054 iotlb |= PHYS_SECTION_ROM;
1055 }
1056 } else {
1057 AddressSpaceDispatch *d;
1058
1059 d = atomic_rcu_read(&section->address_space->dispatch);
1060 iotlb = section - d->map.sections;
1061 iotlb += xlat;
1062 }
1063
1064 /* Make accesses to pages with watchpoints go via the
1065 watchpoint trap routines. */
1066 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1067 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1068 /* Avoid trapping reads of pages with a write breakpoint. */
1069 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1070 iotlb = PHYS_SECTION_WATCH + paddr;
1071 *address |= TLB_MMIO;
1072 break;
1073 }
1074 }
1075 }
1076
1077 return iotlb;
1078}
1079#endif /* defined(CONFIG_USER_ONLY) */
1080
1081#if !defined(CONFIG_USER_ONLY)
1082
1083static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1084 uint16_t section);
1085static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1086
1087static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1088 qemu_anon_ram_alloc;
1089
1090/*
1091 * Set a custom physical guest memory alloator.
1092 * Accelerators with unusual needs may need this. Hopefully, we can
1093 * get rid of it eventually.
1094 */
1095void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1096{
1097 phys_mem_alloc = alloc;
1098}
1099
1100static uint16_t phys_section_add(PhysPageMap *map,
1101 MemoryRegionSection *section)
1102{
1103 /* The physical section number is ORed with a page-aligned
1104 * pointer to produce the iotlb entries. Thus it should
1105 * never overflow into the page-aligned value.
1106 */
1107 assert(map->sections_nb < TARGET_PAGE_SIZE);
1108
1109 if (map->sections_nb == map->sections_nb_alloc) {
1110 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1111 map->sections = g_renew(MemoryRegionSection, map->sections,
1112 map->sections_nb_alloc);
1113 }
1114 map->sections[map->sections_nb] = *section;
1115 memory_region_ref(section->mr);
1116 return map->sections_nb++;
1117}
1118
1119static void phys_section_destroy(MemoryRegion *mr)
1120{
1121 bool have_sub_page = mr->subpage;
1122
1123 memory_region_unref(mr);
1124
1125 if (have_sub_page) {
1126 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1127 object_unref(OBJECT(&subpage->iomem));
1128 g_free(subpage);
1129 }
1130}
1131
1132static void phys_sections_free(PhysPageMap *map)
1133{
1134 while (map->sections_nb > 0) {
1135 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1136 phys_section_destroy(section->mr);
1137 }
1138 g_free(map->sections);
1139 g_free(map->nodes);
1140}
1141
1142static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1143{
1144 subpage_t *subpage;
1145 hwaddr base = section->offset_within_address_space
1146 & TARGET_PAGE_MASK;
1147 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1148 d->map.nodes, d->map.sections);
1149 MemoryRegionSection subsection = {
1150 .offset_within_address_space = base,
1151 .size = int128_make64(TARGET_PAGE_SIZE),
1152 };
1153 hwaddr start, end;
1154
1155 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1156
1157 if (!(existing->mr->subpage)) {
1158 subpage = subpage_init(d->as, base);
1159 subsection.address_space = d->as;
1160 subsection.mr = &subpage->iomem;
1161 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1162 phys_section_add(&d->map, &subsection));
1163 } else {
1164 subpage = container_of(existing->mr, subpage_t, iomem);
1165 }
1166 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1167 end = start + int128_get64(section->size) - 1;
1168 subpage_register(subpage, start, end,
1169 phys_section_add(&d->map, section));
1170}
1171
1172
1173static void register_multipage(AddressSpaceDispatch *d,
1174 MemoryRegionSection *section)
1175{
1176 hwaddr start_addr = section->offset_within_address_space;
1177 uint16_t section_index = phys_section_add(&d->map, section);
1178 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1179 TARGET_PAGE_BITS));
1180
1181 assert(num_pages);
1182 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1183}
1184
1185static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1186{
1187 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1188 AddressSpaceDispatch *d = as->next_dispatch;
1189 MemoryRegionSection now = *section, remain = *section;
1190 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1191
1192 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1193 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1194 - now.offset_within_address_space;
1195
1196 now.size = int128_min(int128_make64(left), now.size);
1197 register_subpage(d, &now);
1198 } else {
1199 now.size = int128_zero();
1200 }
1201 while (int128_ne(remain.size, now.size)) {
1202 remain.size = int128_sub(remain.size, now.size);
1203 remain.offset_within_address_space += int128_get64(now.size);
1204 remain.offset_within_region += int128_get64(now.size);
1205 now = remain;
1206 if (int128_lt(remain.size, page_size)) {
1207 register_subpage(d, &now);
1208 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1209 now.size = page_size;
1210 register_subpage(d, &now);
1211 } else {
1212 now.size = int128_and(now.size, int128_neg(page_size));
1213 register_multipage(d, &now);
1214 }
1215 }
1216}
1217
1218void qemu_flush_coalesced_mmio_buffer(void)
1219{
1220 if (kvm_enabled())
1221 kvm_flush_coalesced_mmio_buffer();
1222}
1223
1224void qemu_mutex_lock_ramlist(void)
1225{
1226 qemu_mutex_lock(&ram_list.mutex);
1227}
1228
1229void qemu_mutex_unlock_ramlist(void)
1230{
1231 qemu_mutex_unlock(&ram_list.mutex);
1232}
1233
1234#ifdef __linux__
1235static void *file_ram_alloc(RAMBlock *block,
1236 ram_addr_t memory,
1237 const char *path,
1238 Error **errp)
1239{
1240 bool unlink_on_error = false;
1241 char *filename;
1242 char *sanitized_name;
1243 char *c;
1244 void *area;
1245 int fd = -1;
1246 int64_t page_size;
1247
1248 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1249 error_setg(errp,
1250 "host lacks kvm mmu notifiers, -mem-path unsupported");
1251 return NULL;
1252 }
1253
1254 for (;;) {
1255 fd = open(path, O_RDWR);
1256 if (fd >= 0) {
1257 /* @path names an existing file, use it */
1258 break;
1259 }
1260 if (errno == ENOENT) {
1261 /* @path names a file that doesn't exist, create it */
1262 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1263 if (fd >= 0) {
1264 unlink_on_error = true;
1265 break;
1266 }
1267 } else if (errno == EISDIR) {
1268 /* @path names a directory, create a file there */
1269 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1270 sanitized_name = g_strdup(memory_region_name(block->mr));
1271 for (c = sanitized_name; *c != '\0'; c++) {
1272 if (*c == '/') {
1273 *c = '_';
1274 }
1275 }
1276
1277 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1278 sanitized_name);
1279 g_free(sanitized_name);
1280
1281 fd = mkstemp(filename);
1282 if (fd >= 0) {
1283 unlink(filename);
1284 g_free(filename);
1285 break;
1286 }
1287 g_free(filename);
1288 }
1289 if (errno != EEXIST && errno != EINTR) {
1290 error_setg_errno(errp, errno,
1291 "can't open backing store %s for guest RAM",
1292 path);
1293 goto error;
1294 }
1295 /*
1296 * Try again on EINTR and EEXIST. The latter happens when
1297 * something else creates the file between our two open().
1298 */
1299 }
1300
1301 page_size = qemu_fd_getpagesize(fd);
1302 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
1303
1304 if (memory < page_size) {
1305 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1306 "or larger than page size 0x%" PRIx64,
1307 memory, page_size);
1308 goto error;
1309 }
1310
1311 memory = ROUND_UP(memory, page_size);
1312
1313 /*
1314 * ftruncate is not supported by hugetlbfs in older
1315 * hosts, so don't bother bailing out on errors.
1316 * If anything goes wrong with it under other filesystems,
1317 * mmap will fail.
1318 */
1319 if (ftruncate(fd, memory)) {
1320 perror("ftruncate");
1321 }
1322
1323 area = qemu_ram_mmap(fd, memory, block->mr->align,
1324 block->flags & RAM_SHARED);
1325 if (area == MAP_FAILED) {
1326 error_setg_errno(errp, errno,
1327 "unable to map backing store for guest RAM");
1328 goto error;
1329 }
1330
1331 if (mem_prealloc) {
1332 os_mem_prealloc(fd, area, memory);
1333 }
1334
1335 block->fd = fd;
1336 return area;
1337
1338error:
1339 if (unlink_on_error) {
1340 unlink(path);
1341 }
1342 if (fd != -1) {
1343 close(fd);
1344 }
1345 return NULL;
1346}
1347#endif
1348
1349/* Called with the ramlist lock held. */
1350static ram_addr_t find_ram_offset(ram_addr_t size)
1351{
1352 RAMBlock *block, *next_block;
1353 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1354
1355 assert(size != 0); /* it would hand out same offset multiple times */
1356
1357 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1358 return 0;
1359 }
1360
1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1362 ram_addr_t end, next = RAM_ADDR_MAX;
1363
1364 end = block->offset + block->max_length;
1365
1366 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1367 if (next_block->offset >= end) {
1368 next = MIN(next, next_block->offset);
1369 }
1370 }
1371 if (next - end >= size && next - end < mingap) {
1372 offset = end;
1373 mingap = next - end;
1374 }
1375 }
1376
1377 if (offset == RAM_ADDR_MAX) {
1378 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1379 (uint64_t)size);
1380 abort();
1381 }
1382
1383 return offset;
1384}
1385
1386ram_addr_t last_ram_offset(void)
1387{
1388 RAMBlock *block;
1389 ram_addr_t last = 0;
1390
1391 rcu_read_lock();
1392 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1393 last = MAX(last, block->offset + block->max_length);
1394 }
1395 rcu_read_unlock();
1396 return last;
1397}
1398
1399static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1400{
1401 int ret;
1402
1403 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1404 if (!machine_dump_guest_core(current_machine)) {
1405 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1406 if (ret) {
1407 perror("qemu_madvise");
1408 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1409 "but dump_guest_core=off specified\n");
1410 }
1411 }
1412}
1413
1414const char *qemu_ram_get_idstr(RAMBlock *rb)
1415{
1416 return rb->idstr;
1417}
1418
1419/* Called with iothread lock held. */
1420void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1421{
1422 RAMBlock *block;
1423
1424 assert(new_block);
1425 assert(!new_block->idstr[0]);
1426
1427 if (dev) {
1428 char *id = qdev_get_dev_path(dev);
1429 if (id) {
1430 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1431 g_free(id);
1432 }
1433 }
1434 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1435
1436 rcu_read_lock();
1437 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1438 if (block != new_block &&
1439 !strcmp(block->idstr, new_block->idstr)) {
1440 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1441 new_block->idstr);
1442 abort();
1443 }
1444 }
1445 rcu_read_unlock();
1446}
1447
1448/* Called with iothread lock held. */
1449void qemu_ram_unset_idstr(RAMBlock *block)
1450{
1451 /* FIXME: arch_init.c assumes that this is not called throughout
1452 * migration. Ignore the problem since hot-unplug during migration
1453 * does not work anyway.
1454 */
1455 if (block) {
1456 memset(block->idstr, 0, sizeof(block->idstr));
1457 }
1458}
1459
1460static int memory_try_enable_merging(void *addr, size_t len)
1461{
1462 if (!machine_mem_merge(current_machine)) {
1463 /* disabled by the user */
1464 return 0;
1465 }
1466
1467 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1468}
1469
1470/* Only legal before guest might have detected the memory size: e.g. on
1471 * incoming migration, or right after reset.
1472 *
1473 * As memory core doesn't know how is memory accessed, it is up to
1474 * resize callback to update device state and/or add assertions to detect
1475 * misuse, if necessary.
1476 */
1477int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1478{
1479 assert(block);
1480
1481 newsize = HOST_PAGE_ALIGN(newsize);
1482
1483 if (block->used_length == newsize) {
1484 return 0;
1485 }
1486
1487 if (!(block->flags & RAM_RESIZEABLE)) {
1488 error_setg_errno(errp, EINVAL,
1489 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1490 " in != 0x" RAM_ADDR_FMT, block->idstr,
1491 newsize, block->used_length);
1492 return -EINVAL;
1493 }
1494
1495 if (block->max_length < newsize) {
1496 error_setg_errno(errp, EINVAL,
1497 "Length too large: %s: 0x" RAM_ADDR_FMT
1498 " > 0x" RAM_ADDR_FMT, block->idstr,
1499 newsize, block->max_length);
1500 return -EINVAL;
1501 }
1502
1503 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1504 block->used_length = newsize;
1505 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1506 DIRTY_CLIENTS_ALL);
1507 memory_region_set_size(block->mr, newsize);
1508 if (block->resized) {
1509 block->resized(block->idstr, newsize, block->host);
1510 }
1511 return 0;
1512}
1513
1514/* Called with ram_list.mutex held */
1515static void dirty_memory_extend(ram_addr_t old_ram_size,
1516 ram_addr_t new_ram_size)
1517{
1518 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1519 DIRTY_MEMORY_BLOCK_SIZE);
1520 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1521 DIRTY_MEMORY_BLOCK_SIZE);
1522 int i;
1523
1524 /* Only need to extend if block count increased */
1525 if (new_num_blocks <= old_num_blocks) {
1526 return;
1527 }
1528
1529 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1530 DirtyMemoryBlocks *old_blocks;
1531 DirtyMemoryBlocks *new_blocks;
1532 int j;
1533
1534 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1535 new_blocks = g_malloc(sizeof(*new_blocks) +
1536 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1537
1538 if (old_num_blocks) {
1539 memcpy(new_blocks->blocks, old_blocks->blocks,
1540 old_num_blocks * sizeof(old_blocks->blocks[0]));
1541 }
1542
1543 for (j = old_num_blocks; j < new_num_blocks; j++) {
1544 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1545 }
1546
1547 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1548
1549 if (old_blocks) {
1550 g_free_rcu(old_blocks, rcu);
1551 }
1552 }
1553}
1554
1555static void ram_block_add(RAMBlock *new_block, Error **errp)
1556{
1557 RAMBlock *block;
1558 RAMBlock *last_block = NULL;
1559 ram_addr_t old_ram_size, new_ram_size;
1560 Error *err = NULL;
1561
1562 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1563
1564 qemu_mutex_lock_ramlist();
1565 new_block->offset = find_ram_offset(new_block->max_length);
1566
1567 if (!new_block->host) {
1568 if (xen_enabled()) {
1569 xen_ram_alloc(new_block->offset, new_block->max_length,
1570 new_block->mr, &err);
1571 if (err) {
1572 error_propagate(errp, err);
1573 qemu_mutex_unlock_ramlist();
1574 return;
1575 }
1576 } else {
1577 new_block->host = phys_mem_alloc(new_block->max_length,
1578 &new_block->mr->align);
1579 if (!new_block->host) {
1580 error_setg_errno(errp, errno,
1581 "cannot set up guest memory '%s'",
1582 memory_region_name(new_block->mr));
1583 qemu_mutex_unlock_ramlist();
1584 return;
1585 }
1586 memory_try_enable_merging(new_block->host, new_block->max_length);
1587 }
1588 }
1589
1590 new_ram_size = MAX(old_ram_size,
1591 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1592 if (new_ram_size > old_ram_size) {
1593 migration_bitmap_extend(old_ram_size, new_ram_size);
1594 dirty_memory_extend(old_ram_size, new_ram_size);
1595 }
1596 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1597 * QLIST (which has an RCU-friendly variant) does not have insertion at
1598 * tail, so save the last element in last_block.
1599 */
1600 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1601 last_block = block;
1602 if (block->max_length < new_block->max_length) {
1603 break;
1604 }
1605 }
1606 if (block) {
1607 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1608 } else if (last_block) {
1609 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1610 } else { /* list is empty */
1611 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1612 }
1613 ram_list.mru_block = NULL;
1614
1615 /* Write list before version */
1616 smp_wmb();
1617 ram_list.version++;
1618 qemu_mutex_unlock_ramlist();
1619
1620 cpu_physical_memory_set_dirty_range(new_block->offset,
1621 new_block->used_length,
1622 DIRTY_CLIENTS_ALL);
1623
1624 if (new_block->host) {
1625 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1626 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1627 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1628 if (kvm_enabled()) {
1629 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1630 }
1631 }
1632}
1633
1634#ifdef __linux__
1635RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1636 bool share, const char *mem_path,
1637 Error **errp)
1638{
1639 RAMBlock *new_block;
1640 Error *local_err = NULL;
1641
1642 if (xen_enabled()) {
1643 error_setg(errp, "-mem-path not supported with Xen");
1644 return NULL;
1645 }
1646
1647 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1648 /*
1649 * file_ram_alloc() needs to allocate just like
1650 * phys_mem_alloc, but we haven't bothered to provide
1651 * a hook there.
1652 */
1653 error_setg(errp,
1654 "-mem-path not supported with this accelerator");
1655 return NULL;
1656 }
1657
1658 size = HOST_PAGE_ALIGN(size);
1659 new_block = g_malloc0(sizeof(*new_block));
1660 new_block->mr = mr;
1661 new_block->used_length = size;
1662 new_block->max_length = size;
1663 new_block->flags = share ? RAM_SHARED : 0;
1664 new_block->host = file_ram_alloc(new_block, size,
1665 mem_path, errp);
1666 if (!new_block->host) {
1667 g_free(new_block);
1668 return NULL;
1669 }
1670
1671 ram_block_add(new_block, &local_err);
1672 if (local_err) {
1673 g_free(new_block);
1674 error_propagate(errp, local_err);
1675 return NULL;
1676 }
1677 return new_block;
1678}
1679#endif
1680
1681static
1682RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1683 void (*resized)(const char*,
1684 uint64_t length,
1685 void *host),
1686 void *host, bool resizeable,
1687 MemoryRegion *mr, Error **errp)
1688{
1689 RAMBlock *new_block;
1690 Error *local_err = NULL;
1691
1692 size = HOST_PAGE_ALIGN(size);
1693 max_size = HOST_PAGE_ALIGN(max_size);
1694 new_block = g_malloc0(sizeof(*new_block));
1695 new_block->mr = mr;
1696 new_block->resized = resized;
1697 new_block->used_length = size;
1698 new_block->max_length = max_size;
1699 assert(max_size >= size);
1700 new_block->fd = -1;
1701 new_block->host = host;
1702 if (host) {
1703 new_block->flags |= RAM_PREALLOC;
1704 }
1705 if (resizeable) {
1706 new_block->flags |= RAM_RESIZEABLE;
1707 }
1708 ram_block_add(new_block, &local_err);
1709 if (local_err) {
1710 g_free(new_block);
1711 error_propagate(errp, local_err);
1712 return NULL;
1713 }
1714 return new_block;
1715}
1716
1717RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1718 MemoryRegion *mr, Error **errp)
1719{
1720 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1721}
1722
1723RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1724{
1725 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1726}
1727
1728RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1729 void (*resized)(const char*,
1730 uint64_t length,
1731 void *host),
1732 MemoryRegion *mr, Error **errp)
1733{
1734 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1735}
1736
1737static void reclaim_ramblock(RAMBlock *block)
1738{
1739 if (block->flags & RAM_PREALLOC) {
1740 ;
1741 } else if (xen_enabled()) {
1742 xen_invalidate_map_cache_entry(block->host);
1743#ifndef _WIN32
1744 } else if (block->fd >= 0) {
1745 qemu_ram_munmap(block->host, block->max_length);
1746 close(block->fd);
1747#endif
1748 } else {
1749 qemu_anon_ram_free(block->host, block->max_length);
1750 }
1751 g_free(block);
1752}
1753
1754void qemu_ram_free(RAMBlock *block)
1755{
1756 if (!block) {
1757 return;
1758 }
1759
1760 qemu_mutex_lock_ramlist();
1761 QLIST_REMOVE_RCU(block, next);
1762 ram_list.mru_block = NULL;
1763 /* Write list before version */
1764 smp_wmb();
1765 ram_list.version++;
1766 call_rcu(block, reclaim_ramblock, rcu);
1767 qemu_mutex_unlock_ramlist();
1768}
1769
1770#ifndef _WIN32
1771void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1772{
1773 RAMBlock *block;
1774 ram_addr_t offset;
1775 int flags;
1776 void *area, *vaddr;
1777
1778 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1779 offset = addr - block->offset;
1780 if (offset < block->max_length) {
1781 vaddr = ramblock_ptr(block, offset);
1782 if (block->flags & RAM_PREALLOC) {
1783 ;
1784 } else if (xen_enabled()) {
1785 abort();
1786 } else {
1787 flags = MAP_FIXED;
1788 if (block->fd >= 0) {
1789 flags |= (block->flags & RAM_SHARED ?
1790 MAP_SHARED : MAP_PRIVATE);
1791 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1792 flags, block->fd, offset);
1793 } else {
1794 /*
1795 * Remap needs to match alloc. Accelerators that
1796 * set phys_mem_alloc never remap. If they did,
1797 * we'd need a remap hook here.
1798 */
1799 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1800
1801 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1802 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1803 flags, -1, 0);
1804 }
1805 if (area != vaddr) {
1806 fprintf(stderr, "Could not remap addr: "
1807 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1808 length, addr);
1809 exit(1);
1810 }
1811 memory_try_enable_merging(vaddr, length);
1812 qemu_ram_setup_dump(vaddr, length);
1813 }
1814 }
1815 }
1816}
1817#endif /* !_WIN32 */
1818
1819int qemu_get_ram_fd(ram_addr_t addr)
1820{
1821 RAMBlock *block;
1822 int fd;
1823
1824 rcu_read_lock();
1825 block = qemu_get_ram_block(addr);
1826 fd = block->fd;
1827 rcu_read_unlock();
1828 return fd;
1829}
1830
1831void qemu_set_ram_fd(ram_addr_t addr, int fd)
1832{
1833 RAMBlock *block;
1834
1835 rcu_read_lock();
1836 block = qemu_get_ram_block(addr);
1837 block->fd = fd;
1838 rcu_read_unlock();
1839}
1840
1841void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1842{
1843 RAMBlock *block;
1844 void *ptr;
1845
1846 rcu_read_lock();
1847 block = qemu_get_ram_block(addr);
1848 ptr = ramblock_ptr(block, 0);
1849 rcu_read_unlock();
1850 return ptr;
1851}
1852
1853/* Return a host pointer to ram allocated with qemu_ram_alloc.
1854 * This should not be used for general purpose DMA. Use address_space_map
1855 * or address_space_rw instead. For local memory (e.g. video ram) that the
1856 * device owns, use memory_region_get_ram_ptr.
1857 *
1858 * Called within RCU critical section.
1859 */
1860void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1861{
1862 RAMBlock *block = ram_block;
1863
1864 if (block == NULL) {
1865 block = qemu_get_ram_block(addr);
1866 }
1867
1868 if (xen_enabled() && block->host == NULL) {
1869 /* We need to check if the requested address is in the RAM
1870 * because we don't want to map the entire memory in QEMU.
1871 * In that case just map until the end of the page.
1872 */
1873 if (block->offset == 0) {
1874 return xen_map_cache(addr, 0, 0);
1875 }
1876
1877 block->host = xen_map_cache(block->offset, block->max_length, 1);
1878 }
1879 return ramblock_ptr(block, addr - block->offset);
1880}
1881
1882/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1883 * but takes a size argument.
1884 *
1885 * Called within RCU critical section.
1886 */
1887static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1888 hwaddr *size)
1889{
1890 RAMBlock *block = ram_block;
1891 ram_addr_t offset_inside_block;
1892 if (*size == 0) {
1893 return NULL;
1894 }
1895
1896 if (block == NULL) {
1897 block = qemu_get_ram_block(addr);
1898 }
1899 offset_inside_block = addr - block->offset;
1900 *size = MIN(*size, block->max_length - offset_inside_block);
1901
1902 if (xen_enabled() && block->host == NULL) {
1903 /* We need to check if the requested address is in the RAM
1904 * because we don't want to map the entire memory in QEMU.
1905 * In that case just map the requested area.
1906 */
1907 if (block->offset == 0) {
1908 return xen_map_cache(addr, *size, 1);
1909 }
1910
1911 block->host = xen_map_cache(block->offset, block->max_length, 1);
1912 }
1913
1914 return ramblock_ptr(block, offset_inside_block);
1915}
1916
1917/*
1918 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1919 * in that RAMBlock.
1920 *
1921 * ptr: Host pointer to look up
1922 * round_offset: If true round the result offset down to a page boundary
1923 * *ram_addr: set to result ram_addr
1924 * *offset: set to result offset within the RAMBlock
1925 *
1926 * Returns: RAMBlock (or NULL if not found)
1927 *
1928 * By the time this function returns, the returned pointer is not protected
1929 * by RCU anymore. If the caller is not within an RCU critical section and
1930 * does not hold the iothread lock, it must have other means of protecting the
1931 * pointer, such as a reference to the region that includes the incoming
1932 * ram_addr_t.
1933 */
1934RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1935 ram_addr_t *ram_addr,
1936 ram_addr_t *offset)
1937{
1938 RAMBlock *block;
1939 uint8_t *host = ptr;
1940
1941 if (xen_enabled()) {
1942 rcu_read_lock();
1943 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1944 block = qemu_get_ram_block(*ram_addr);
1945 if (block) {
1946 *offset = (host - block->host);
1947 }
1948 rcu_read_unlock();
1949 return block;
1950 }
1951
1952 rcu_read_lock();
1953 block = atomic_rcu_read(&ram_list.mru_block);
1954 if (block && block->host && host - block->host < block->max_length) {
1955 goto found;
1956 }
1957
1958 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1959 /* This case append when the block is not mapped. */
1960 if (block->host == NULL) {
1961 continue;
1962 }
1963 if (host - block->host < block->max_length) {
1964 goto found;
1965 }
1966 }
1967
1968 rcu_read_unlock();
1969 return NULL;
1970
1971found:
1972 *offset = (host - block->host);
1973 if (round_offset) {
1974 *offset &= TARGET_PAGE_MASK;
1975 }
1976 *ram_addr = block->offset + *offset;
1977 rcu_read_unlock();
1978 return block;
1979}
1980
1981/*
1982 * Finds the named RAMBlock
1983 *
1984 * name: The name of RAMBlock to find
1985 *
1986 * Returns: RAMBlock (or NULL if not found)
1987 */
1988RAMBlock *qemu_ram_block_by_name(const char *name)
1989{
1990 RAMBlock *block;
1991
1992 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1993 if (!strcmp(name, block->idstr)) {
1994 return block;
1995 }
1996 }
1997
1998 return NULL;
1999}
2000
2001/* Some of the softmmu routines need to translate from a host pointer
2002 (typically a TLB entry) back to a ram offset. */
2003MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2004{
2005 RAMBlock *block;
2006 ram_addr_t offset; /* Not used */
2007
2008 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2009
2010 if (!block) {
2011 return NULL;
2012 }
2013
2014 return block->mr;
2015}
2016
2017/* Called within RCU critical section. */
2018static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
2019 uint64_t val, unsigned size)
2020{
2021 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
2022 tb_invalidate_phys_page_fast(ram_addr, size);
2023 }
2024 switch (size) {
2025 case 1:
2026 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2027 break;
2028 case 2:
2029 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2030 break;
2031 case 4:
2032 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2033 break;
2034 default:
2035 abort();
2036 }
2037 /* Set both VGA and migration bits for simplicity and to remove
2038 * the notdirty callback faster.
2039 */
2040 cpu_physical_memory_set_dirty_range(ram_addr, size,
2041 DIRTY_CLIENTS_NOCODE);
2042 /* we remove the notdirty callback only if the code has been
2043 flushed */
2044 if (!cpu_physical_memory_is_clean(ram_addr)) {
2045 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2046 }
2047}
2048
2049static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2050 unsigned size, bool is_write)
2051{
2052 return is_write;
2053}
2054
2055static const MemoryRegionOps notdirty_mem_ops = {
2056 .write = notdirty_mem_write,
2057 .valid.accepts = notdirty_mem_accepts,
2058 .endianness = DEVICE_NATIVE_ENDIAN,
2059};
2060
2061/* Generate a debug exception if a watchpoint has been hit. */
2062static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2063{
2064 CPUState *cpu = current_cpu;
2065 CPUClass *cc = CPU_GET_CLASS(cpu);
2066 CPUArchState *env = cpu->env_ptr;
2067 target_ulong pc, cs_base;
2068 target_ulong vaddr;
2069 CPUWatchpoint *wp;
2070 uint32_t cpu_flags;
2071
2072 if (cpu->watchpoint_hit) {
2073 /* We re-entered the check after replacing the TB. Now raise
2074 * the debug interrupt so that is will trigger after the
2075 * current instruction. */
2076 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2077 return;
2078 }
2079 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2080 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2081 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2082 && (wp->flags & flags)) {
2083 if (flags == BP_MEM_READ) {
2084 wp->flags |= BP_WATCHPOINT_HIT_READ;
2085 } else {
2086 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2087 }
2088 wp->hitaddr = vaddr;
2089 wp->hitattrs = attrs;
2090 if (!cpu->watchpoint_hit) {
2091 if (wp->flags & BP_CPU &&
2092 !cc->debug_check_watchpoint(cpu, wp)) {
2093 wp->flags &= ~BP_WATCHPOINT_HIT;
2094 continue;
2095 }
2096 cpu->watchpoint_hit = wp;
2097 tb_check_watchpoint(cpu);
2098 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2099 cpu->exception_index = EXCP_DEBUG;
2100 cpu_loop_exit(cpu);
2101 } else {
2102 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2103 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2104 cpu_resume_from_signal(cpu, NULL);
2105 }
2106 }
2107 } else {
2108 wp->flags &= ~BP_WATCHPOINT_HIT;
2109 }
2110 }
2111}
2112
2113/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2114 so these check for a hit then pass through to the normal out-of-line
2115 phys routines. */
2116static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2117 unsigned size, MemTxAttrs attrs)
2118{
2119 MemTxResult res;
2120 uint64_t data;
2121 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2122 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2123
2124 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2125 switch (size) {
2126 case 1:
2127 data = address_space_ldub(as, addr, attrs, &res);
2128 break;
2129 case 2:
2130 data = address_space_lduw(as, addr, attrs, &res);
2131 break;
2132 case 4:
2133 data = address_space_ldl(as, addr, attrs, &res);
2134 break;
2135 default: abort();
2136 }
2137 *pdata = data;
2138 return res;
2139}
2140
2141static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2142 uint64_t val, unsigned size,
2143 MemTxAttrs attrs)
2144{
2145 MemTxResult res;
2146 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2147 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2148
2149 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2150 switch (size) {
2151 case 1:
2152 address_space_stb(as, addr, val, attrs, &res);
2153 break;
2154 case 2:
2155 address_space_stw(as, addr, val, attrs, &res);
2156 break;
2157 case 4:
2158 address_space_stl(as, addr, val, attrs, &res);
2159 break;
2160 default: abort();
2161 }
2162 return res;
2163}
2164
2165static const MemoryRegionOps watch_mem_ops = {
2166 .read_with_attrs = watch_mem_read,
2167 .write_with_attrs = watch_mem_write,
2168 .endianness = DEVICE_NATIVE_ENDIAN,
2169};
2170
2171static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2172 unsigned len, MemTxAttrs attrs)
2173{
2174 subpage_t *subpage = opaque;
2175 uint8_t buf[8];
2176 MemTxResult res;
2177
2178#if defined(DEBUG_SUBPAGE)
2179 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2180 subpage, len, addr);
2181#endif
2182 res = address_space_read(subpage->as, addr + subpage->base,
2183 attrs, buf, len);
2184 if (res) {
2185 return res;
2186 }
2187 switch (len) {
2188 case 1:
2189 *data = ldub_p(buf);
2190 return MEMTX_OK;
2191 case 2:
2192 *data = lduw_p(buf);
2193 return MEMTX_OK;
2194 case 4:
2195 *data = ldl_p(buf);
2196 return MEMTX_OK;
2197 case 8:
2198 *data = ldq_p(buf);
2199 return MEMTX_OK;
2200 default:
2201 abort();
2202 }
2203}
2204
2205static MemTxResult subpage_write(void *opaque, hwaddr addr,
2206 uint64_t value, unsigned len, MemTxAttrs attrs)
2207{
2208 subpage_t *subpage = opaque;
2209 uint8_t buf[8];
2210
2211#if defined(DEBUG_SUBPAGE)
2212 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2213 " value %"PRIx64"\n",
2214 __func__, subpage, len, addr, value);
2215#endif
2216 switch (len) {
2217 case 1:
2218 stb_p(buf, value);
2219 break;
2220 case 2:
2221 stw_p(buf, value);
2222 break;
2223 case 4:
2224 stl_p(buf, value);
2225 break;
2226 case 8:
2227 stq_p(buf, value);
2228 break;
2229 default:
2230 abort();
2231 }
2232 return address_space_write(subpage->as, addr + subpage->base,
2233 attrs, buf, len);
2234}
2235
2236static bool subpage_accepts(void *opaque, hwaddr addr,
2237 unsigned len, bool is_write)
2238{
2239 subpage_t *subpage = opaque;
2240#if defined(DEBUG_SUBPAGE)
2241 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2242 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2243#endif
2244
2245 return address_space_access_valid(subpage->as, addr + subpage->base,
2246 len, is_write);
2247}
2248
2249static const MemoryRegionOps subpage_ops = {
2250 .read_with_attrs = subpage_read,
2251 .write_with_attrs = subpage_write,
2252 .impl.min_access_size = 1,
2253 .impl.max_access_size = 8,
2254 .valid.min_access_size = 1,
2255 .valid.max_access_size = 8,
2256 .valid.accepts = subpage_accepts,
2257 .endianness = DEVICE_NATIVE_ENDIAN,
2258};
2259
2260static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2261 uint16_t section)
2262{
2263 int idx, eidx;
2264
2265 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2266 return -1;
2267 idx = SUBPAGE_IDX(start);
2268 eidx = SUBPAGE_IDX(end);
2269#if defined(DEBUG_SUBPAGE)
2270 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2271 __func__, mmio, start, end, idx, eidx, section);
2272#endif
2273 for (; idx <= eidx; idx++) {
2274 mmio->sub_section[idx] = section;
2275 }
2276
2277 return 0;
2278}
2279
2280static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2281{
2282 subpage_t *mmio;
2283
2284 mmio = g_malloc0(sizeof(subpage_t));
2285
2286 mmio->as = as;
2287 mmio->base = base;
2288 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2289 NULL, TARGET_PAGE_SIZE);
2290 mmio->iomem.subpage = true;
2291#if defined(DEBUG_SUBPAGE)
2292 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2293 mmio, base, TARGET_PAGE_SIZE);
2294#endif
2295 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2296
2297 return mmio;
2298}
2299
2300static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2301 MemoryRegion *mr)
2302{
2303 assert(as);
2304 MemoryRegionSection section = {
2305 .address_space = as,
2306 .mr = mr,
2307 .offset_within_address_space = 0,
2308 .offset_within_region = 0,
2309 .size = int128_2_64(),
2310 };
2311
2312 return phys_section_add(map, &section);
2313}
2314
2315MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2316{
2317 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2318 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2319 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2320 MemoryRegionSection *sections = d->map.sections;
2321
2322 return sections[index & ~TARGET_PAGE_MASK].mr;
2323}
2324
2325static void io_mem_init(void)
2326{
2327 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2328 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2329 NULL, UINT64_MAX);
2330 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2331 NULL, UINT64_MAX);
2332 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2333 NULL, UINT64_MAX);
2334}
2335
2336static void mem_begin(MemoryListener *listener)
2337{
2338 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2339 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2340 uint16_t n;
2341
2342 n = dummy_section(&d->map, as, &io_mem_unassigned);
2343 assert(n == PHYS_SECTION_UNASSIGNED);
2344 n = dummy_section(&d->map, as, &io_mem_notdirty);
2345 assert(n == PHYS_SECTION_NOTDIRTY);
2346 n = dummy_section(&d->map, as, &io_mem_rom);
2347 assert(n == PHYS_SECTION_ROM);
2348 n = dummy_section(&d->map, as, &io_mem_watch);
2349 assert(n == PHYS_SECTION_WATCH);
2350
2351 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2352 d->as = as;
2353 as->next_dispatch = d;
2354}
2355
2356static void address_space_dispatch_free(AddressSpaceDispatch *d)
2357{
2358 phys_sections_free(&d->map);
2359 g_free(d);
2360}
2361
2362static void mem_commit(MemoryListener *listener)
2363{
2364 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2365 AddressSpaceDispatch *cur = as->dispatch;
2366 AddressSpaceDispatch *next = as->next_dispatch;
2367
2368 phys_page_compact_all(next, next->map.nodes_nb);
2369
2370 atomic_rcu_set(&as->dispatch, next);
2371 if (cur) {
2372 call_rcu(cur, address_space_dispatch_free, rcu);
2373 }
2374}
2375
2376static void tcg_commit(MemoryListener *listener)
2377{
2378 CPUAddressSpace *cpuas;
2379 AddressSpaceDispatch *d;
2380
2381 /* since each CPU stores ram addresses in its TLB cache, we must
2382 reset the modified entries */
2383 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2384 cpu_reloading_memory_map();
2385 /* The CPU and TLB are protected by the iothread lock.
2386 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2387 * may have split the RCU critical section.
2388 */
2389 d = atomic_rcu_read(&cpuas->as->dispatch);
2390 cpuas->memory_dispatch = d;
2391 tlb_flush(cpuas->cpu, 1);
2392}
2393
2394void address_space_init_dispatch(AddressSpace *as)
2395{
2396 as->dispatch = NULL;
2397 as->dispatch_listener = (MemoryListener) {
2398 .begin = mem_begin,
2399 .commit = mem_commit,
2400 .region_add = mem_add,
2401 .region_nop = mem_add,
2402 .priority = 0,
2403 };
2404 memory_listener_register(&as->dispatch_listener, as);
2405}
2406
2407void address_space_unregister(AddressSpace *as)
2408{
2409 memory_listener_unregister(&as->dispatch_listener);
2410}
2411
2412void address_space_destroy_dispatch(AddressSpace *as)
2413{
2414 AddressSpaceDispatch *d = as->dispatch;
2415
2416 atomic_rcu_set(&as->dispatch, NULL);
2417 if (d) {
2418 call_rcu(d, address_space_dispatch_free, rcu);
2419 }
2420}
2421
2422static void memory_map_init(void)
2423{
2424 system_memory = g_malloc(sizeof(*system_memory));
2425
2426 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2427 address_space_init(&address_space_memory, system_memory, "memory");
2428
2429 system_io = g_malloc(sizeof(*system_io));
2430 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2431 65536);
2432 address_space_init(&address_space_io, system_io, "I/O");
2433}
2434
2435MemoryRegion *get_system_memory(void)
2436{
2437 return system_memory;
2438}
2439
2440MemoryRegion *get_system_io(void)
2441{
2442 return system_io;
2443}
2444
2445#endif /* !defined(CONFIG_USER_ONLY) */
2446
2447/* physical memory access (slow version, mainly for debug) */
2448#if defined(CONFIG_USER_ONLY)
2449int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2450 uint8_t *buf, int len, int is_write)
2451{
2452 int l, flags;
2453 target_ulong page;
2454 void * p;
2455
2456 while (len > 0) {
2457 page = addr & TARGET_PAGE_MASK;
2458 l = (page + TARGET_PAGE_SIZE) - addr;
2459 if (l > len)
2460 l = len;
2461 flags = page_get_flags(page);
2462 if (!(flags & PAGE_VALID))
2463 return -1;
2464 if (is_write) {
2465 if (!(flags & PAGE_WRITE))
2466 return -1;
2467 /* XXX: this code should not depend on lock_user */
2468 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2469 return -1;
2470 memcpy(p, buf, l);
2471 unlock_user(p, addr, l);
2472 } else {
2473 if (!(flags & PAGE_READ))
2474 return -1;
2475 /* XXX: this code should not depend on lock_user */
2476 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2477 return -1;
2478 memcpy(buf, p, l);
2479 unlock_user(p, addr, 0);
2480 }
2481 len -= l;
2482 buf += l;
2483 addr += l;
2484 }
2485 return 0;
2486}
2487
2488#else
2489
2490static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2491 hwaddr length)
2492{
2493 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2494 /* No early return if dirty_log_mask is or becomes 0, because
2495 * cpu_physical_memory_set_dirty_range will still call
2496 * xen_modified_memory.
2497 */
2498 if (dirty_log_mask) {
2499 dirty_log_mask =
2500 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2501 }
2502 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2503 tb_invalidate_phys_range(addr, addr + length);
2504 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2505 }
2506 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2507}
2508
2509static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2510{
2511 unsigned access_size_max = mr->ops->valid.max_access_size;
2512
2513 /* Regions are assumed to support 1-4 byte accesses unless
2514 otherwise specified. */
2515 if (access_size_max == 0) {
2516 access_size_max = 4;
2517 }
2518
2519 /* Bound the maximum access by the alignment of the address. */
2520 if (!mr->ops->impl.unaligned) {
2521 unsigned align_size_max = addr & -addr;
2522 if (align_size_max != 0 && align_size_max < access_size_max) {
2523 access_size_max = align_size_max;
2524 }
2525 }
2526
2527 /* Don't attempt accesses larger than the maximum. */
2528 if (l > access_size_max) {
2529 l = access_size_max;
2530 }
2531 l = pow2floor(l);
2532
2533 return l;
2534}
2535
2536static bool prepare_mmio_access(MemoryRegion *mr)
2537{
2538 bool unlocked = !qemu_mutex_iothread_locked();
2539 bool release_lock = false;
2540
2541 if (unlocked && mr->global_locking) {
2542 qemu_mutex_lock_iothread();
2543 unlocked = false;
2544 release_lock = true;
2545 }
2546 if (mr->flush_coalesced_mmio) {
2547 if (unlocked) {
2548 qemu_mutex_lock_iothread();
2549 }
2550 qemu_flush_coalesced_mmio_buffer();
2551 if (unlocked) {
2552 qemu_mutex_unlock_iothread();
2553 }
2554 }
2555
2556 return release_lock;
2557}
2558
2559/* Called within RCU critical section. */
2560static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2561 MemTxAttrs attrs,
2562 const uint8_t *buf,
2563 int len, hwaddr addr1,
2564 hwaddr l, MemoryRegion *mr)
2565{
2566 uint8_t *ptr;
2567 uint64_t val;
2568 MemTxResult result = MEMTX_OK;
2569 bool release_lock = false;
2570
2571 for (;;) {
2572 if (!memory_access_is_direct(mr, true)) {
2573 release_lock |= prepare_mmio_access(mr);
2574 l = memory_access_size(mr, l, addr1);
2575 /* XXX: could force current_cpu to NULL to avoid
2576 potential bugs */
2577 switch (l) {
2578 case 8:
2579 /* 64 bit write access */
2580 val = ldq_p(buf);
2581 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2582 attrs);
2583 break;
2584 case 4:
2585 /* 32 bit write access */
2586 val = ldl_p(buf);
2587 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2588 attrs);
2589 break;
2590 case 2:
2591 /* 16 bit write access */
2592 val = lduw_p(buf);
2593 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2594 attrs);
2595 break;
2596 case 1:
2597 /* 8 bit write access */
2598 val = ldub_p(buf);
2599 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2600 attrs);
2601 break;
2602 default:
2603 abort();
2604 }
2605 } else {
2606 addr1 += memory_region_get_ram_addr(mr);
2607 /* RAM case */
2608 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2609 memcpy(ptr, buf, l);
2610 invalidate_and_set_dirty(mr, addr1, l);
2611 }
2612
2613 if (release_lock) {
2614 qemu_mutex_unlock_iothread();
2615 release_lock = false;
2616 }
2617
2618 len -= l;
2619 buf += l;
2620 addr += l;
2621
2622 if (!len) {
2623 break;
2624 }
2625
2626 l = len;
2627 mr = address_space_translate(as, addr, &addr1, &l, true);
2628 }
2629
2630 return result;
2631}
2632
2633MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2634 const uint8_t *buf, int len)
2635{
2636 hwaddr l;
2637 hwaddr addr1;
2638 MemoryRegion *mr;
2639 MemTxResult result = MEMTX_OK;
2640
2641 if (len > 0) {
2642 rcu_read_lock();
2643 l = len;
2644 mr = address_space_translate(as, addr, &addr1, &l, true);
2645 result = address_space_write_continue(as, addr, attrs, buf, len,
2646 addr1, l, mr);
2647 rcu_read_unlock();
2648 }
2649
2650 return result;
2651}
2652
2653/* Called within RCU critical section. */
2654MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2655 MemTxAttrs attrs, uint8_t *buf,
2656 int len, hwaddr addr1, hwaddr l,
2657 MemoryRegion *mr)
2658{
2659 uint8_t *ptr;
2660 uint64_t val;
2661 MemTxResult result = MEMTX_OK;
2662 bool release_lock = false;
2663
2664 for (;;) {
2665 if (!memory_access_is_direct(mr, false)) {
2666 /* I/O case */
2667 release_lock |= prepare_mmio_access(mr);
2668 l = memory_access_size(mr, l, addr1);
2669 switch (l) {
2670 case 8:
2671 /* 64 bit read access */
2672 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2673 attrs);
2674 stq_p(buf, val);
2675 break;
2676 case 4:
2677 /* 32 bit read access */
2678 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2679 attrs);
2680 stl_p(buf, val);
2681 break;
2682 case 2:
2683 /* 16 bit read access */
2684 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2685 attrs);
2686 stw_p(buf, val);
2687 break;
2688 case 1:
2689 /* 8 bit read access */
2690 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2691 attrs);
2692 stb_p(buf, val);
2693 break;
2694 default:
2695 abort();
2696 }
2697 } else {
2698 /* RAM case */
2699 ptr = qemu_get_ram_ptr(mr->ram_block,
2700 memory_region_get_ram_addr(mr) + addr1);
2701 memcpy(buf, ptr, l);
2702 }
2703
2704 if (release_lock) {
2705 qemu_mutex_unlock_iothread();
2706 release_lock = false;
2707 }
2708
2709 len -= l;
2710 buf += l;
2711 addr += l;
2712
2713 if (!len) {
2714 break;
2715 }
2716
2717 l = len;
2718 mr = address_space_translate(as, addr, &addr1, &l, false);
2719 }
2720
2721 return result;
2722}
2723
2724MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2725 MemTxAttrs attrs, uint8_t *buf, int len)
2726{
2727 hwaddr l;
2728 hwaddr addr1;
2729 MemoryRegion *mr;
2730 MemTxResult result = MEMTX_OK;
2731
2732 if (len > 0) {
2733 rcu_read_lock();
2734 l = len;
2735 mr = address_space_translate(as, addr, &addr1, &l, false);
2736 result = address_space_read_continue(as, addr, attrs, buf, len,
2737 addr1, l, mr);
2738 rcu_read_unlock();
2739 }
2740
2741 return result;
2742}
2743
2744MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2745 uint8_t *buf, int len, bool is_write)
2746{
2747 if (is_write) {
2748 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2749 } else {
2750 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2751 }
2752}
2753
2754void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2755 int len, int is_write)
2756{
2757 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2758 buf, len, is_write);
2759}
2760
2761enum write_rom_type {
2762 WRITE_DATA,
2763 FLUSH_CACHE,
2764};
2765
2766static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2767 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2768{
2769 hwaddr l;
2770 uint8_t *ptr;
2771 hwaddr addr1;
2772 MemoryRegion *mr;
2773
2774 rcu_read_lock();
2775 while (len > 0) {
2776 l = len;
2777 mr = address_space_translate(as, addr, &addr1, &l, true);
2778
2779 if (!(memory_region_is_ram(mr) ||
2780 memory_region_is_romd(mr))) {
2781 l = memory_access_size(mr, l, addr1);
2782 } else {
2783 addr1 += memory_region_get_ram_addr(mr);
2784 /* ROM/RAM case */
2785 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2786 switch (type) {
2787 case WRITE_DATA:
2788 memcpy(ptr, buf, l);
2789 invalidate_and_set_dirty(mr, addr1, l);
2790 break;
2791 case FLUSH_CACHE:
2792 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2793 break;
2794 }
2795 }
2796 len -= l;
2797 buf += l;
2798 addr += l;
2799 }
2800 rcu_read_unlock();
2801}
2802
2803/* used for ROM loading : can write in RAM and ROM */
2804void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2805 const uint8_t *buf, int len)
2806{
2807 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2808}
2809
2810void cpu_flush_icache_range(hwaddr start, int len)
2811{
2812 /*
2813 * This function should do the same thing as an icache flush that was
2814 * triggered from within the guest. For TCG we are always cache coherent,
2815 * so there is no need to flush anything. For KVM / Xen we need to flush
2816 * the host's instruction cache at least.
2817 */
2818 if (tcg_enabled()) {
2819 return;
2820 }
2821
2822 cpu_physical_memory_write_rom_internal(&address_space_memory,
2823 start, NULL, len, FLUSH_CACHE);
2824}
2825
2826typedef struct {
2827 MemoryRegion *mr;
2828 void *buffer;
2829 hwaddr addr;
2830 hwaddr len;
2831 bool in_use;
2832} BounceBuffer;
2833
2834static BounceBuffer bounce;
2835
2836typedef struct MapClient {
2837 QEMUBH *bh;
2838 QLIST_ENTRY(MapClient) link;
2839} MapClient;
2840
2841QemuMutex map_client_list_lock;
2842static QLIST_HEAD(map_client_list, MapClient) map_client_list
2843 = QLIST_HEAD_INITIALIZER(map_client_list);
2844
2845static void cpu_unregister_map_client_do(MapClient *client)
2846{
2847 QLIST_REMOVE(client, link);
2848 g_free(client);
2849}
2850
2851static void cpu_notify_map_clients_locked(void)
2852{
2853 MapClient *client;
2854
2855 while (!QLIST_EMPTY(&map_client_list)) {
2856 client = QLIST_FIRST(&map_client_list);
2857 qemu_bh_schedule(client->bh);
2858 cpu_unregister_map_client_do(client);
2859 }
2860}
2861
2862void cpu_register_map_client(QEMUBH *bh)
2863{
2864 MapClient *client = g_malloc(sizeof(*client));
2865
2866 qemu_mutex_lock(&map_client_list_lock);
2867 client->bh = bh;
2868 QLIST_INSERT_HEAD(&map_client_list, client, link);
2869 if (!atomic_read(&bounce.in_use)) {
2870 cpu_notify_map_clients_locked();
2871 }
2872 qemu_mutex_unlock(&map_client_list_lock);
2873}
2874
2875void cpu_exec_init_all(void)
2876{
2877 qemu_mutex_init(&ram_list.mutex);
2878 io_mem_init();
2879 memory_map_init();
2880 qemu_mutex_init(&map_client_list_lock);
2881}
2882
2883void cpu_unregister_map_client(QEMUBH *bh)
2884{
2885 MapClient *client;
2886
2887 qemu_mutex_lock(&map_client_list_lock);
2888 QLIST_FOREACH(client, &map_client_list, link) {
2889 if (client->bh == bh) {
2890 cpu_unregister_map_client_do(client);
2891 break;
2892 }
2893 }
2894 qemu_mutex_unlock(&map_client_list_lock);
2895}
2896
2897static void cpu_notify_map_clients(void)
2898{
2899 qemu_mutex_lock(&map_client_list_lock);
2900 cpu_notify_map_clients_locked();
2901 qemu_mutex_unlock(&map_client_list_lock);
2902}
2903
2904bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2905{
2906 MemoryRegion *mr;
2907 hwaddr l, xlat;
2908
2909 rcu_read_lock();
2910 while (len > 0) {
2911 l = len;
2912 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2913 if (!memory_access_is_direct(mr, is_write)) {
2914 l = memory_access_size(mr, l, addr);
2915 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2916 return false;
2917 }
2918 }
2919
2920 len -= l;
2921 addr += l;
2922 }
2923 rcu_read_unlock();
2924 return true;
2925}
2926
2927/* Map a physical memory region into a host virtual address.
2928 * May map a subset of the requested range, given by and returned in *plen.
2929 * May return NULL if resources needed to perform the mapping are exhausted.
2930 * Use only for reads OR writes - not for read-modify-write operations.
2931 * Use cpu_register_map_client() to know when retrying the map operation is
2932 * likely to succeed.
2933 */
2934void *address_space_map(AddressSpace *as,
2935 hwaddr addr,
2936 hwaddr *plen,
2937 bool is_write)
2938{
2939 hwaddr len = *plen;
2940 hwaddr done = 0;
2941 hwaddr l, xlat, base;
2942 MemoryRegion *mr, *this_mr;
2943 ram_addr_t raddr;
2944 void *ptr;
2945
2946 if (len == 0) {
2947 return NULL;
2948 }
2949
2950 l = len;
2951 rcu_read_lock();
2952 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2953
2954 if (!memory_access_is_direct(mr, is_write)) {
2955 if (atomic_xchg(&bounce.in_use, true)) {
2956 rcu_read_unlock();
2957 return NULL;
2958 }
2959 /* Avoid unbounded allocations */
2960 l = MIN(l, TARGET_PAGE_SIZE);
2961 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2962 bounce.addr = addr;
2963 bounce.len = l;
2964
2965 memory_region_ref(mr);
2966 bounce.mr = mr;
2967 if (!is_write) {
2968 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2969 bounce.buffer, l);
2970 }
2971
2972 rcu_read_unlock();
2973 *plen = l;
2974 return bounce.buffer;
2975 }
2976
2977 base = xlat;
2978 raddr = memory_region_get_ram_addr(mr);
2979
2980 for (;;) {
2981 len -= l;
2982 addr += l;
2983 done += l;
2984 if (len == 0) {
2985 break;
2986 }
2987
2988 l = len;
2989 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2990 if (this_mr != mr || xlat != base + done) {
2991 break;
2992 }
2993 }
2994
2995 memory_region_ref(mr);
2996 *plen = done;
2997 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
2998 rcu_read_unlock();
2999
3000 return ptr;
3001}
3002
3003/* Unmaps a memory region previously mapped by address_space_map().
3004 * Will also mark the memory as dirty if is_write == 1. access_len gives
3005 * the amount of memory that was actually read or written by the caller.
3006 */
3007void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3008 int is_write, hwaddr access_len)
3009{
3010 if (buffer != bounce.buffer) {
3011 MemoryRegion *mr;
3012 ram_addr_t addr1;
3013
3014 mr = qemu_ram_addr_from_host(buffer, &addr1);
3015 assert(mr != NULL);
3016 if (is_write) {
3017 invalidate_and_set_dirty(mr, addr1, access_len);
3018 }
3019 if (xen_enabled()) {
3020 xen_invalidate_map_cache_entry(buffer);
3021 }
3022 memory_region_unref(mr);
3023 return;
3024 }
3025 if (is_write) {
3026 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3027 bounce.buffer, access_len);
3028 }
3029 qemu_vfree(bounce.buffer);
3030 bounce.buffer = NULL;
3031 memory_region_unref(bounce.mr);
3032 atomic_mb_set(&bounce.in_use, false);
3033 cpu_notify_map_clients();
3034}
3035
3036void *cpu_physical_memory_map(hwaddr addr,
3037 hwaddr *plen,
3038 int is_write)
3039{
3040 return address_space_map(&address_space_memory, addr, plen, is_write);
3041}
3042
3043void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3044 int is_write, hwaddr access_len)
3045{
3046 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3047}
3048
3049/* warning: addr must be aligned */
3050static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3051 MemTxAttrs attrs,
3052 MemTxResult *result,
3053 enum device_endian endian)
3054{
3055 uint8_t *ptr;
3056 uint64_t val;
3057 MemoryRegion *mr;
3058 hwaddr l = 4;
3059 hwaddr addr1;
3060 MemTxResult r;
3061 bool release_lock = false;
3062
3063 rcu_read_lock();
3064 mr = address_space_translate(as, addr, &addr1, &l, false);
3065 if (l < 4 || !memory_access_is_direct(mr, false)) {
3066 release_lock |= prepare_mmio_access(mr);
3067
3068 /* I/O case */
3069 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3070#if defined(TARGET_WORDS_BIGENDIAN)
3071 if (endian == DEVICE_LITTLE_ENDIAN) {
3072 val = bswap32(val);
3073 }
3074#else
3075 if (endian == DEVICE_BIG_ENDIAN) {
3076 val = bswap32(val);
3077 }
3078#endif
3079 } else {
3080 /* RAM case */
3081 ptr = qemu_get_ram_ptr(mr->ram_block,
3082 (memory_region_get_ram_addr(mr)
3083 & TARGET_PAGE_MASK)
3084 + addr1);
3085 switch (endian) {
3086 case DEVICE_LITTLE_ENDIAN:
3087 val = ldl_le_p(ptr);
3088 break;
3089 case DEVICE_BIG_ENDIAN:
3090 val = ldl_be_p(ptr);
3091 break;
3092 default:
3093 val = ldl_p(ptr);
3094 break;
3095 }
3096 r = MEMTX_OK;
3097 }
3098 if (result) {
3099 *result = r;
3100 }
3101 if (release_lock) {
3102 qemu_mutex_unlock_iothread();
3103 }
3104 rcu_read_unlock();
3105 return val;
3106}
3107
3108uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3109 MemTxAttrs attrs, MemTxResult *result)
3110{
3111 return address_space_ldl_internal(as, addr, attrs, result,
3112 DEVICE_NATIVE_ENDIAN);
3113}
3114
3115uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3116 MemTxAttrs attrs, MemTxResult *result)
3117{
3118 return address_space_ldl_internal(as, addr, attrs, result,
3119 DEVICE_LITTLE_ENDIAN);
3120}
3121
3122uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs, MemTxResult *result)
3124{
3125 return address_space_ldl_internal(as, addr, attrs, result,
3126 DEVICE_BIG_ENDIAN);
3127}
3128
3129uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3130{
3131 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3132}
3133
3134uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3135{
3136 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3137}
3138
3139uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3140{
3141 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3142}
3143
3144/* warning: addr must be aligned */
3145static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs,
3147 MemTxResult *result,
3148 enum device_endian endian)
3149{
3150 uint8_t *ptr;
3151 uint64_t val;
3152 MemoryRegion *mr;
3153 hwaddr l = 8;
3154 hwaddr addr1;
3155 MemTxResult r;
3156 bool release_lock = false;
3157
3158 rcu_read_lock();
3159 mr = address_space_translate(as, addr, &addr1, &l,
3160 false);
3161 if (l < 8 || !memory_access_is_direct(mr, false)) {
3162 release_lock |= prepare_mmio_access(mr);
3163
3164 /* I/O case */
3165 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3166#if defined(TARGET_WORDS_BIGENDIAN)
3167 if (endian == DEVICE_LITTLE_ENDIAN) {
3168 val = bswap64(val);
3169 }
3170#else
3171 if (endian == DEVICE_BIG_ENDIAN) {
3172 val = bswap64(val);
3173 }
3174#endif
3175 } else {
3176 /* RAM case */
3177 ptr = qemu_get_ram_ptr(mr->ram_block,
3178 (memory_region_get_ram_addr(mr)
3179 & TARGET_PAGE_MASK)
3180 + addr1);
3181 switch (endian) {
3182 case DEVICE_LITTLE_ENDIAN:
3183 val = ldq_le_p(ptr);
3184 break;
3185 case DEVICE_BIG_ENDIAN:
3186 val = ldq_be_p(ptr);
3187 break;
3188 default:
3189 val = ldq_p(ptr);
3190 break;
3191 }
3192 r = MEMTX_OK;
3193 }
3194 if (result) {
3195 *result = r;
3196 }
3197 if (release_lock) {
3198 qemu_mutex_unlock_iothread();
3199 }
3200 rcu_read_unlock();
3201 return val;
3202}
3203
3204uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3205 MemTxAttrs attrs, MemTxResult *result)
3206{
3207 return address_space_ldq_internal(as, addr, attrs, result,
3208 DEVICE_NATIVE_ENDIAN);
3209}
3210
3211uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3212 MemTxAttrs attrs, MemTxResult *result)
3213{
3214 return address_space_ldq_internal(as, addr, attrs, result,
3215 DEVICE_LITTLE_ENDIAN);
3216}
3217
3218uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3219 MemTxAttrs attrs, MemTxResult *result)
3220{
3221 return address_space_ldq_internal(as, addr, attrs, result,
3222 DEVICE_BIG_ENDIAN);
3223}
3224
3225uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3226{
3227 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3228}
3229
3230uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3231{
3232 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3233}
3234
3235uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3236{
3237 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3238}
3239
3240/* XXX: optimize */
3241uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3243{
3244 uint8_t val;
3245 MemTxResult r;
3246
3247 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3248 if (result) {
3249 *result = r;
3250 }
3251 return val;
3252}
3253
3254uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3255{
3256 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3257}
3258
3259/* warning: addr must be aligned */
3260static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3261 hwaddr addr,
3262 MemTxAttrs attrs,
3263 MemTxResult *result,
3264 enum device_endian endian)
3265{
3266 uint8_t *ptr;
3267 uint64_t val;
3268 MemoryRegion *mr;
3269 hwaddr l = 2;
3270 hwaddr addr1;
3271 MemTxResult r;
3272 bool release_lock = false;
3273
3274 rcu_read_lock();
3275 mr = address_space_translate(as, addr, &addr1, &l,
3276 false);
3277 if (l < 2 || !memory_access_is_direct(mr, false)) {
3278 release_lock |= prepare_mmio_access(mr);
3279
3280 /* I/O case */
3281 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3282#if defined(TARGET_WORDS_BIGENDIAN)
3283 if (endian == DEVICE_LITTLE_ENDIAN) {
3284 val = bswap16(val);
3285 }
3286#else
3287 if (endian == DEVICE_BIG_ENDIAN) {
3288 val = bswap16(val);
3289 }
3290#endif
3291 } else {
3292 /* RAM case */
3293 ptr = qemu_get_ram_ptr(mr->ram_block,
3294 (memory_region_get_ram_addr(mr)
3295 & TARGET_PAGE_MASK)
3296 + addr1);
3297 switch (endian) {
3298 case DEVICE_LITTLE_ENDIAN:
3299 val = lduw_le_p(ptr);
3300 break;
3301 case DEVICE_BIG_ENDIAN:
3302 val = lduw_be_p(ptr);
3303 break;
3304 default:
3305 val = lduw_p(ptr);
3306 break;
3307 }
3308 r = MEMTX_OK;
3309 }
3310 if (result) {
3311 *result = r;
3312 }
3313 if (release_lock) {
3314 qemu_mutex_unlock_iothread();
3315 }
3316 rcu_read_unlock();
3317 return val;
3318}
3319
3320uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3321 MemTxAttrs attrs, MemTxResult *result)
3322{
3323 return address_space_lduw_internal(as, addr, attrs, result,
3324 DEVICE_NATIVE_ENDIAN);
3325}
3326
3327uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3328 MemTxAttrs attrs, MemTxResult *result)
3329{
3330 return address_space_lduw_internal(as, addr, attrs, result,
3331 DEVICE_LITTLE_ENDIAN);
3332}
3333
3334uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3335 MemTxAttrs attrs, MemTxResult *result)
3336{
3337 return address_space_lduw_internal(as, addr, attrs, result,
3338 DEVICE_BIG_ENDIAN);
3339}
3340
3341uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3342{
3343 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3344}
3345
3346uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3347{
3348 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3349}
3350
3351uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3352{
3353 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3354}
3355
3356/* warning: addr must be aligned. The ram page is not masked as dirty
3357 and the code inside is not invalidated. It is useful if the dirty
3358 bits are used to track modified PTEs */
3359void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3360 MemTxAttrs attrs, MemTxResult *result)
3361{
3362 uint8_t *ptr;
3363 MemoryRegion *mr;
3364 hwaddr l = 4;
3365 hwaddr addr1;
3366 MemTxResult r;
3367 uint8_t dirty_log_mask;
3368 bool release_lock = false;
3369
3370 rcu_read_lock();
3371 mr = address_space_translate(as, addr, &addr1, &l,
3372 true);
3373 if (l < 4 || !memory_access_is_direct(mr, true)) {
3374 release_lock |= prepare_mmio_access(mr);
3375
3376 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3377 } else {
3378 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3379 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3380 stl_p(ptr, val);
3381
3382 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3383 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3384 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3385 r = MEMTX_OK;
3386 }
3387 if (result) {
3388 *result = r;
3389 }
3390 if (release_lock) {
3391 qemu_mutex_unlock_iothread();
3392 }
3393 rcu_read_unlock();
3394}
3395
3396void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3397{
3398 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3399}
3400
3401/* warning: addr must be aligned */
3402static inline void address_space_stl_internal(AddressSpace *as,
3403 hwaddr addr, uint32_t val,
3404 MemTxAttrs attrs,
3405 MemTxResult *result,
3406 enum device_endian endian)
3407{
3408 uint8_t *ptr;
3409 MemoryRegion *mr;
3410 hwaddr l = 4;
3411 hwaddr addr1;
3412 MemTxResult r;
3413 bool release_lock = false;
3414
3415 rcu_read_lock();
3416 mr = address_space_translate(as, addr, &addr1, &l,
3417 true);
3418 if (l < 4 || !memory_access_is_direct(mr, true)) {
3419 release_lock |= prepare_mmio_access(mr);
3420
3421#if defined(TARGET_WORDS_BIGENDIAN)
3422 if (endian == DEVICE_LITTLE_ENDIAN) {
3423 val = bswap32(val);
3424 }
3425#else
3426 if (endian == DEVICE_BIG_ENDIAN) {
3427 val = bswap32(val);
3428 }
3429#endif
3430 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3431 } else {
3432 /* RAM case */
3433 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3434 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3435 switch (endian) {
3436 case DEVICE_LITTLE_ENDIAN:
3437 stl_le_p(ptr, val);
3438 break;
3439 case DEVICE_BIG_ENDIAN:
3440 stl_be_p(ptr, val);
3441 break;
3442 default:
3443 stl_p(ptr, val);
3444 break;
3445 }
3446 invalidate_and_set_dirty(mr, addr1, 4);
3447 r = MEMTX_OK;
3448 }
3449 if (result) {
3450 *result = r;
3451 }
3452 if (release_lock) {
3453 qemu_mutex_unlock_iothread();
3454 }
3455 rcu_read_unlock();
3456}
3457
3458void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3459 MemTxAttrs attrs, MemTxResult *result)
3460{
3461 address_space_stl_internal(as, addr, val, attrs, result,
3462 DEVICE_NATIVE_ENDIAN);
3463}
3464
3465void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
3467{
3468 address_space_stl_internal(as, addr, val, attrs, result,
3469 DEVICE_LITTLE_ENDIAN);
3470}
3471
3472void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3473 MemTxAttrs attrs, MemTxResult *result)
3474{
3475 address_space_stl_internal(as, addr, val, attrs, result,
3476 DEVICE_BIG_ENDIAN);
3477}
3478
3479void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3480{
3481 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3482}
3483
3484void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3485{
3486 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3487}
3488
3489void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3490{
3491 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3492}
3493
3494/* XXX: optimize */
3495void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
3497{
3498 uint8_t v = val;
3499 MemTxResult r;
3500
3501 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3502 if (result) {
3503 *result = r;
3504 }
3505}
3506
3507void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3508{
3509 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3510}
3511
3512/* warning: addr must be aligned */
3513static inline void address_space_stw_internal(AddressSpace *as,
3514 hwaddr addr, uint32_t val,
3515 MemTxAttrs attrs,
3516 MemTxResult *result,
3517 enum device_endian endian)
3518{
3519 uint8_t *ptr;
3520 MemoryRegion *mr;
3521 hwaddr l = 2;
3522 hwaddr addr1;
3523 MemTxResult r;
3524 bool release_lock = false;
3525
3526 rcu_read_lock();
3527 mr = address_space_translate(as, addr, &addr1, &l, true);
3528 if (l < 2 || !memory_access_is_direct(mr, true)) {
3529 release_lock |= prepare_mmio_access(mr);
3530
3531#if defined(TARGET_WORDS_BIGENDIAN)
3532 if (endian == DEVICE_LITTLE_ENDIAN) {
3533 val = bswap16(val);
3534 }
3535#else
3536 if (endian == DEVICE_BIG_ENDIAN) {
3537 val = bswap16(val);
3538 }
3539#endif
3540 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3541 } else {
3542 /* RAM case */
3543 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3544 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3545 switch (endian) {
3546 case DEVICE_LITTLE_ENDIAN:
3547 stw_le_p(ptr, val);
3548 break;
3549 case DEVICE_BIG_ENDIAN:
3550 stw_be_p(ptr, val);
3551 break;
3552 default:
3553 stw_p(ptr, val);
3554 break;
3555 }
3556 invalidate_and_set_dirty(mr, addr1, 2);
3557 r = MEMTX_OK;
3558 }
3559 if (result) {
3560 *result = r;
3561 }
3562 if (release_lock) {
3563 qemu_mutex_unlock_iothread();
3564 }
3565 rcu_read_unlock();
3566}
3567
3568void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3569 MemTxAttrs attrs, MemTxResult *result)
3570{
3571 address_space_stw_internal(as, addr, val, attrs, result,
3572 DEVICE_NATIVE_ENDIAN);
3573}
3574
3575void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3576 MemTxAttrs attrs, MemTxResult *result)
3577{
3578 address_space_stw_internal(as, addr, val, attrs, result,
3579 DEVICE_LITTLE_ENDIAN);
3580}
3581
3582void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3583 MemTxAttrs attrs, MemTxResult *result)
3584{
3585 address_space_stw_internal(as, addr, val, attrs, result,
3586 DEVICE_BIG_ENDIAN);
3587}
3588
3589void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3590{
3591 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3592}
3593
3594void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3595{
3596 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3597}
3598
3599void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3600{
3601 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3602}
3603
3604/* XXX: optimize */
3605void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3606 MemTxAttrs attrs, MemTxResult *result)
3607{
3608 MemTxResult r;
3609 val = tswap64(val);
3610 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3611 if (result) {
3612 *result = r;
3613 }
3614}
3615
3616void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3617 MemTxAttrs attrs, MemTxResult *result)
3618{
3619 MemTxResult r;
3620 val = cpu_to_le64(val);
3621 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3622 if (result) {
3623 *result = r;
3624 }
3625}
3626void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3627 MemTxAttrs attrs, MemTxResult *result)
3628{
3629 MemTxResult r;
3630 val = cpu_to_be64(val);
3631 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3632 if (result) {
3633 *result = r;
3634 }
3635}
3636
3637void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3638{
3639 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3640}
3641
3642void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3643{
3644 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3645}
3646
3647void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3648{
3649 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3650}
3651
3652/* virtual memory access for debug (includes writing to ROM) */
3653int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3654 uint8_t *buf, int len, int is_write)
3655{
3656 int l;
3657 hwaddr phys_addr;
3658 target_ulong page;
3659
3660 while (len > 0) {
3661 int asidx;
3662 MemTxAttrs attrs;
3663
3664 page = addr & TARGET_PAGE_MASK;
3665 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3666 asidx = cpu_asidx_from_attrs(cpu, attrs);
3667 /* if no physical page mapped, return an error */
3668 if (phys_addr == -1)
3669 return -1;
3670 l = (page + TARGET_PAGE_SIZE) - addr;
3671 if (l > len)
3672 l = len;
3673 phys_addr += (addr & ~TARGET_PAGE_MASK);
3674 if (is_write) {
3675 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3676 phys_addr, buf, l);
3677 } else {
3678 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3679 MEMTXATTRS_UNSPECIFIED,
3680 buf, l, 0);
3681 }
3682 len -= l;
3683 buf += l;
3684 addr += l;
3685 }
3686 return 0;
3687}
3688
3689/*
3690 * Allows code that needs to deal with migration bitmaps etc to still be built
3691 * target independent.
3692 */
3693size_t qemu_target_page_bits(void)
3694{
3695 return TARGET_PAGE_BITS;
3696}
3697
3698#endif
3699
3700/*
3701 * A helper function for the _utterly broken_ virtio device model to find out if
3702 * it's running on a big endian machine. Don't do this at home kids!
3703 */
3704bool target_words_bigendian(void);
3705bool target_words_bigendian(void)
3706{
3707#if defined(TARGET_WORDS_BIGENDIAN)
3708 return true;
3709#else
3710 return false;
3711#endif
3712}
3713
3714#ifndef CONFIG_USER_ONLY
3715bool cpu_physical_memory_is_io(hwaddr phys_addr)
3716{
3717 MemoryRegion*mr;
3718 hwaddr l = 1;
3719 bool res;
3720
3721 rcu_read_lock();
3722 mr = address_space_translate(&address_space_memory,
3723 phys_addr, &phys_addr, &l, false);
3724
3725 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3726 rcu_read_unlock();
3727 return res;
3728}
3729
3730int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3731{
3732 RAMBlock *block;
3733 int ret = 0;
3734
3735 rcu_read_lock();
3736 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3737 ret = func(block->idstr, block->host, block->offset,
3738 block->used_length, opaque);
3739 if (ret) {
3740 break;
3741 }
3742 }
3743 rcu_read_unlock();
3744 return ret;
3745}
3746#endif
Empty description
This page took 0.058665 seconds and 4 git commands to generate.