2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
36 #include "qemu-common.h"
42 #include "qemu-timer.h"
43 #if defined(CONFIG_USER_ONLY)
46 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
47 #include <sys/param.h>
48 #if __FreeBSD_version >= 700104
49 #define HAVE_KINFO_GETVMMAP
50 #define sigqueue sigqueue_freebsd /* avoid redefinition */
53 #include <machine/profile.h>
63 //#define DEBUG_TB_INVALIDATE
66 //#define DEBUG_UNASSIGNED
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
101 #define code_gen_section \
102 __attribute__((aligned (32)))
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 uint8_t *code_gen_ptr;
112 #if !defined(CONFIG_USER_ONLY)
114 static int in_migration;
116 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
120 /* current CPU in the current thread. It is only valid inside
122 CPUState *cpu_single_env;
123 /* 0 = Do not count executed instructions.
124 1 = Precise instruction counting.
125 2 = Adaptive rate instruction counting. */
127 /* Current instruction counter. While executing translated code this may
128 include some instructions that have not yet been executed. */
131 typedef struct PageDesc {
132 /* list of TBs intersecting this ram page */
133 TranslationBlock *first_tb;
134 /* in order to optimize self modifying code, we count the number
135 of lookups we do to a given page to use a bitmap */
136 unsigned int code_write_count;
137 uint8_t *code_bitmap;
138 #if defined(CONFIG_USER_ONLY)
143 /* In system mode we want L1_MAP to be based on ram offsets,
144 while in user mode we want it to be based on virtual addresses. */
145 #if !defined(CONFIG_USER_ONLY)
146 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
147 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
152 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
155 /* Size of the L2 (and L3, etc) page tables. */
157 #define L2_SIZE (1 << L2_BITS)
159 /* The bits remaining after N lower levels of page tables. */
160 #define P_L1_BITS_REM \
161 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
162 #define V_L1_BITS_REM \
163 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165 /* Size of the L1 page table. Avoid silly small sizes. */
166 #if P_L1_BITS_REM < 4
167 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169 #define P_L1_BITS P_L1_BITS_REM
172 #if V_L1_BITS_REM < 4
173 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175 #define V_L1_BITS V_L1_BITS_REM
178 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
179 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
182 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184 unsigned long qemu_real_host_page_size;
185 unsigned long qemu_host_page_bits;
186 unsigned long qemu_host_page_size;
187 unsigned long qemu_host_page_mask;
189 /* This is a multi-level map on the virtual address space.
190 The bottom level has pointers to PageDesc. */
191 static void *l1_map[V_L1_SIZE];
193 #if !defined(CONFIG_USER_ONLY)
194 typedef struct PhysPageDesc {
195 /* offset in host memory of the page + io_index in the low bits */
196 ram_addr_t phys_offset;
197 ram_addr_t region_offset;
200 /* This is a multi-level map on the physical address space.
201 The bottom level has pointers to PhysPageDesc. */
202 static void *l1_phys_map[P_L1_SIZE];
204 static void io_mem_init(void);
206 /* io memory support */
207 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
208 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
209 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
210 static char io_mem_used[IO_MEM_NB_ENTRIES];
211 static int io_mem_watch;
216 static const char *logfilename = "qemu.log";
218 static const char *logfilename = "/tmp/qemu.log";
222 static int log_append = 0;
225 #if !defined(CONFIG_USER_ONLY)
226 static int tlb_flush_count;
228 static int tb_flush_count;
229 static int tb_phys_invalidate_count;
232 static void map_exec(void *addr, long size)
235 VirtualProtect(addr, size,
236 PAGE_EXECUTE_READWRITE, &old_protect);
240 static void map_exec(void *addr, long size)
242 unsigned long start, end, page_size;
244 page_size = getpagesize();
245 start = (unsigned long)addr;
246 start &= ~(page_size - 1);
248 end = (unsigned long)addr + size;
249 end += page_size - 1;
250 end &= ~(page_size - 1);
252 mprotect((void *)start, end - start,
253 PROT_READ | PROT_WRITE | PROT_EXEC);
257 static void page_init(void)
259 /* NOTE: we can always suppose that qemu_host_page_size >=
263 SYSTEM_INFO system_info;
265 GetSystemInfo(&system_info);
266 qemu_real_host_page_size = system_info.dwPageSize;
269 qemu_real_host_page_size = getpagesize();
271 if (qemu_host_page_size == 0)
272 qemu_host_page_size = qemu_real_host_page_size;
273 if (qemu_host_page_size < TARGET_PAGE_SIZE)
274 qemu_host_page_size = TARGET_PAGE_SIZE;
275 qemu_host_page_bits = 0;
276 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
277 qemu_host_page_bits++;
278 qemu_host_page_mask = ~(qemu_host_page_size - 1);
280 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
282 #ifdef HAVE_KINFO_GETVMMAP
283 struct kinfo_vmentry *freep;
286 freep = kinfo_getvmmap(getpid(), &cnt);
289 for (i = 0; i < cnt; i++) {
290 unsigned long startaddr, endaddr;
292 startaddr = freep[i].kve_start;
293 endaddr = freep[i].kve_end;
294 if (h2g_valid(startaddr)) {
295 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
297 if (h2g_valid(endaddr)) {
298 endaddr = h2g(endaddr);
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
301 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
303 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
314 last_brk = (unsigned long)sbrk(0);
316 f = fopen("/compat/linux/proc/self/maps", "r");
321 unsigned long startaddr, endaddr;
324 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
326 if (n == 2 && h2g_valid(startaddr)) {
327 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
329 if (h2g_valid(endaddr)) {
330 endaddr = h2g(endaddr);
334 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
346 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
352 #if defined(CONFIG_USER_ONLY)
353 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
354 # define ALLOC(P, SIZE) \
356 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
357 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
360 # define ALLOC(P, SIZE) \
361 do { P = qemu_mallocz(SIZE); } while (0)
364 /* Level 1. Always allocated. */
365 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
368 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
375 ALLOC(p, sizeof(void *) * L2_SIZE);
379 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
387 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
393 return pd + (index & (L2_SIZE - 1));
396 static inline PageDesc *page_find(tb_page_addr_t index)
398 return page_find_alloc(index, 0);
401 #if !defined(CONFIG_USER_ONLY)
402 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
408 /* Level 1. Always allocated. */
409 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
412 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
418 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
420 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
431 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
433 for (i = 0; i < L2_SIZE; i++) {
434 pd[i].phys_offset = IO_MEM_UNASSIGNED;
435 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
439 return pd + (index & (L2_SIZE - 1));
442 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
444 return phys_page_find_alloc(index, 0);
447 static void tlb_protect_code(ram_addr_t ram_addr);
448 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
450 #define mmap_lock() do { } while(0)
451 #define mmap_unlock() do { } while(0)
454 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
456 #if defined(CONFIG_USER_ONLY)
457 /* Currently it is not recommended to allocate big chunks of data in
458 user mode. It will change when a dedicated libc will be used */
459 #define USE_STATIC_CODE_GEN_BUFFER
462 #ifdef USE_STATIC_CODE_GEN_BUFFER
463 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
464 __attribute__((aligned (CODE_GEN_ALIGN)));
467 static void code_gen_alloc(unsigned long tb_size)
469 #ifdef USE_STATIC_CODE_GEN_BUFFER
470 code_gen_buffer = static_code_gen_buffer;
471 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
472 map_exec(code_gen_buffer, code_gen_buffer_size);
474 code_gen_buffer_size = tb_size;
475 if (code_gen_buffer_size == 0) {
476 #if defined(CONFIG_USER_ONLY)
477 /* in user mode, phys_ram_size is not meaningful */
478 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
480 /* XXX: needs adjustments */
481 code_gen_buffer_size = (unsigned long)(ram_size / 4);
484 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
485 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
486 /* The code gen buffer location may have constraints depending on
487 the host cpu and OS */
488 #if defined(__linux__)
493 flags = MAP_PRIVATE | MAP_ANONYMOUS;
494 #if defined(__x86_64__)
496 /* Cannot map more than that */
497 if (code_gen_buffer_size > (800 * 1024 * 1024))
498 code_gen_buffer_size = (800 * 1024 * 1024);
499 #elif defined(__sparc_v9__)
500 // Map the buffer below 2G, so we can use direct calls and branches
502 start = (void *) 0x60000000UL;
503 if (code_gen_buffer_size > (512 * 1024 * 1024))
504 code_gen_buffer_size = (512 * 1024 * 1024);
505 #elif defined(__arm__)
506 /* Map the buffer below 32M, so we can use direct calls and branches */
508 start = (void *) 0x01000000UL;
509 if (code_gen_buffer_size > 16 * 1024 * 1024)
510 code_gen_buffer_size = 16 * 1024 * 1024;
511 #elif defined(__s390x__)
512 /* Map the buffer so that we can use direct calls and branches. */
513 /* We have a +- 4GB range on the branches; leave some slop. */
514 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
515 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
517 start = (void *)0x90000000UL;
519 code_gen_buffer = mmap(start, code_gen_buffer_size,
520 PROT_WRITE | PROT_READ | PROT_EXEC,
522 if (code_gen_buffer == MAP_FAILED) {
523 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
527 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
531 flags = MAP_PRIVATE | MAP_ANONYMOUS;
532 #if defined(__x86_64__)
533 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
534 * 0x40000000 is free */
536 addr = (void *)0x40000000;
537 /* Cannot map more than that */
538 if (code_gen_buffer_size > (800 * 1024 * 1024))
539 code_gen_buffer_size = (800 * 1024 * 1024);
541 code_gen_buffer = mmap(addr, code_gen_buffer_size,
542 PROT_WRITE | PROT_READ | PROT_EXEC,
544 if (code_gen_buffer == MAP_FAILED) {
545 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
550 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
551 map_exec(code_gen_buffer, code_gen_buffer_size);
553 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
554 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
555 code_gen_buffer_max_size = code_gen_buffer_size -
556 (TCG_MAX_OP_SIZE * OPC_MAX_SIZE);
557 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
558 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
561 /* Must be called before using the QEMU cpus. 'tb_size' is the size
562 (in bytes) allocated to the translation buffer. Zero means default
564 void cpu_exec_init_all(unsigned long tb_size)
567 code_gen_alloc(tb_size);
568 code_gen_ptr = code_gen_buffer;
570 #if !defined(CONFIG_USER_ONLY)
573 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
574 /* There's no guest base to take into account, so go ahead and
575 initialize the prologue now. */
576 tcg_prologue_init(&tcg_ctx);
580 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
582 static int cpu_common_post_load(void *opaque, int version_id)
584 CPUState *env = opaque;
586 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
587 version_id is increased. */
588 env->interrupt_request &= ~0x01;
594 static const VMStateDescription vmstate_cpu_common = {
595 .name = "cpu_common",
597 .minimum_version_id = 1,
598 .minimum_version_id_old = 1,
599 .post_load = cpu_common_post_load,
600 .fields = (VMStateField []) {
601 VMSTATE_UINT32(halted, CPUState),
602 VMSTATE_UINT32(interrupt_request, CPUState),
603 VMSTATE_END_OF_LIST()
608 CPUState *qemu_get_cpu(int cpu)
610 CPUState *env = first_cpu;
613 if (env->cpu_index == cpu)
621 void cpu_exec_init(CPUState *env)
626 #if defined(CONFIG_USER_ONLY)
629 env->next_cpu = NULL;
632 while (*penv != NULL) {
633 penv = &(*penv)->next_cpu;
636 env->cpu_index = cpu_index;
638 QTAILQ_INIT(&env->breakpoints);
639 QTAILQ_INIT(&env->watchpoints);
641 #if defined(CONFIG_USER_ONLY)
644 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
645 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
647 cpu_save, cpu_load, env);
651 static inline void invalidate_page_bitmap(PageDesc *p)
653 if (p->code_bitmap) {
654 qemu_free(p->code_bitmap);
655 p->code_bitmap = NULL;
657 p->code_write_count = 0;
660 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
662 static void page_flush_tb_1 (int level, void **lp)
671 for (i = 0; i < L2_SIZE; ++i) {
672 pd[i].first_tb = NULL;
673 invalidate_page_bitmap(pd + i);
677 for (i = 0; i < L2_SIZE; ++i) {
678 page_flush_tb_1 (level - 1, pp + i);
683 static void page_flush_tb(void)
686 for (i = 0; i < V_L1_SIZE; i++) {
687 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
691 /* flush all the translation blocks */
692 /* XXX: tb_flush is currently not thread safe */
693 void tb_flush(CPUState *env1)
696 #if defined(DEBUG_FLUSH)
697 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
698 (unsigned long)(code_gen_ptr - code_gen_buffer),
700 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
702 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
703 cpu_abort(env1, "Internal error: code buffer overflow\n");
707 for(env = first_cpu; env != NULL; env = env->next_cpu) {
708 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
711 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
714 code_gen_ptr = code_gen_buffer;
715 /* XXX: flush processor icache at this point if cache flush is
720 #ifdef DEBUG_TB_CHECK
722 static void tb_invalidate_check(target_ulong address)
724 TranslationBlock *tb;
726 address &= TARGET_PAGE_MASK;
727 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
728 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
729 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
730 address >= tb->pc + tb->size)) {
731 printf("ERROR invalidate: address=" TARGET_FMT_lx
732 " PC=%08lx size=%04x\n",
733 address, (long)tb->pc, tb->size);
739 /* verify that all the pages have correct rights for code */
740 static void tb_page_check(void)
742 TranslationBlock *tb;
743 int i, flags1, flags2;
745 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
746 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
747 flags1 = page_get_flags(tb->pc);
748 flags2 = page_get_flags(tb->pc + tb->size - 1);
749 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
750 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
751 (long)tb->pc, tb->size, flags1, flags2);
759 /* invalidate one TB */
760 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
763 TranslationBlock *tb1;
767 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
770 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
774 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
776 TranslationBlock *tb1;
782 tb1 = (TranslationBlock *)((long)tb1 & ~3);
784 *ptb = tb1->page_next[n1];
787 ptb = &tb1->page_next[n1];
791 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
793 TranslationBlock *tb1, **ptb;
796 ptb = &tb->jmp_next[n];
799 /* find tb(n) in circular list */
803 tb1 = (TranslationBlock *)((long)tb1 & ~3);
804 if (n1 == n && tb1 == tb)
807 ptb = &tb1->jmp_first;
809 ptb = &tb1->jmp_next[n1];
812 /* now we can suppress tb(n) from the list */
813 *ptb = tb->jmp_next[n];
815 tb->jmp_next[n] = NULL;
819 /* reset the jump entry 'n' of a TB so that it is not chained to
821 static inline void tb_reset_jump(TranslationBlock *tb, int n)
823 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
826 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
831 tb_page_addr_t phys_pc;
832 TranslationBlock *tb1, *tb2;
834 /* remove the TB from the hash list */
835 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
836 h = tb_phys_hash_func(phys_pc);
837 tb_remove(&tb_phys_hash[h], tb,
838 offsetof(TranslationBlock, phys_hash_next));
840 /* remove the TB from the page list */
841 if (tb->page_addr[0] != page_addr) {
842 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
843 tb_page_remove(&p->first_tb, tb);
844 invalidate_page_bitmap(p);
846 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
847 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
848 tb_page_remove(&p->first_tb, tb);
849 invalidate_page_bitmap(p);
852 tb_invalidated_flag = 1;
854 /* remove the TB from the hash list */
855 h = tb_jmp_cache_hash_func(tb->pc);
856 for(env = first_cpu; env != NULL; env = env->next_cpu) {
857 if (env->tb_jmp_cache[h] == tb)
858 env->tb_jmp_cache[h] = NULL;
861 /* suppress this TB from the two jump lists */
862 tb_jmp_remove(tb, 0);
863 tb_jmp_remove(tb, 1);
865 /* suppress any remaining jumps to this TB */
871 tb1 = (TranslationBlock *)((long)tb1 & ~3);
872 tb2 = tb1->jmp_next[n1];
873 tb_reset_jump(tb1, n1);
874 tb1->jmp_next[n1] = NULL;
877 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
879 tb_phys_invalidate_count++;
882 static inline void set_bits(uint8_t *tab, int start, int len)
888 mask = 0xff << (start & 7);
889 if ((start & ~7) == (end & ~7)) {
891 mask &= ~(0xff << (end & 7));
896 start = (start + 8) & ~7;
898 while (start < end1) {
903 mask = ~(0xff << (end & 7));
909 static void build_page_bitmap(PageDesc *p)
911 int n, tb_start, tb_end;
912 TranslationBlock *tb;
914 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
919 tb = (TranslationBlock *)((long)tb & ~3);
920 /* NOTE: this is subtle as a TB may span two physical pages */
922 /* NOTE: tb_end may be after the end of the page, but
923 it is not a problem */
924 tb_start = tb->pc & ~TARGET_PAGE_MASK;
925 tb_end = tb_start + tb->size;
926 if (tb_end > TARGET_PAGE_SIZE)
927 tb_end = TARGET_PAGE_SIZE;
930 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
932 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
933 tb = tb->page_next[n];
937 TranslationBlock *tb_gen_code(CPUState *env,
938 target_ulong pc, target_ulong cs_base,
939 int flags, int cflags)
941 TranslationBlock *tb;
943 tb_page_addr_t phys_pc, phys_page2;
944 target_ulong virt_page2;
947 phys_pc = get_page_addr_code(env, pc);
950 /* flush must be done */
952 /* cannot fail at this point */
954 /* Don't forget to invalidate previous TB info. */
955 tb_invalidated_flag = 1;
957 tc_ptr = code_gen_ptr;
959 tb->cs_base = cs_base;
962 cpu_gen_code(env, tb, &code_gen_size);
963 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
965 /* check next page if needed */
966 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
968 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
969 phys_page2 = get_page_addr_code(env, virt_page2);
971 tb_link_page(tb, phys_pc, phys_page2);
975 /* invalidate all TBs which intersect with the target physical page
976 starting in range [start;end[. NOTE: start and end must refer to
977 the same physical page. 'is_cpu_write_access' should be true if called
978 from a real cpu write access: the virtual CPU will exit the current
979 TB if code is modified inside this TB. */
980 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
981 int is_cpu_write_access)
983 TranslationBlock *tb, *tb_next, *saved_tb;
984 CPUState *env = cpu_single_env;
985 tb_page_addr_t tb_start, tb_end;
988 #ifdef TARGET_HAS_PRECISE_SMC
989 int current_tb_not_found = is_cpu_write_access;
990 TranslationBlock *current_tb = NULL;
991 int current_tb_modified = 0;
992 target_ulong current_pc = 0;
993 target_ulong current_cs_base = 0;
994 int current_flags = 0;
995 #endif /* TARGET_HAS_PRECISE_SMC */
997 p = page_find(start >> TARGET_PAGE_BITS);
1000 if (!p->code_bitmap &&
1001 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1002 is_cpu_write_access) {
1003 /* build code bitmap */
1004 build_page_bitmap(p);
1007 /* we remove all the TBs in the range [start, end[ */
1008 /* XXX: see if in some cases it could be faster to invalidate all the code */
1010 while (tb != NULL) {
1012 tb = (TranslationBlock *)((long)tb & ~3);
1013 tb_next = tb->page_next[n];
1014 /* NOTE: this is subtle as a TB may span two physical pages */
1016 /* NOTE: tb_end may be after the end of the page, but
1017 it is not a problem */
1018 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1019 tb_end = tb_start + tb->size;
1021 tb_start = tb->page_addr[1];
1022 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1024 if (!(tb_end <= start || tb_start >= end)) {
1025 #ifdef TARGET_HAS_PRECISE_SMC
1026 if (current_tb_not_found) {
1027 current_tb_not_found = 0;
1029 if (env->mem_io_pc) {
1030 /* now we have a real cpu fault */
1031 current_tb = tb_find_pc(env->mem_io_pc);
1034 if (current_tb == tb &&
1035 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1036 /* If we are modifying the current TB, we must stop
1037 its execution. We could be more precise by checking
1038 that the modification is after the current PC, but it
1039 would require a specialized function to partially
1040 restore the CPU state */
1042 current_tb_modified = 1;
1043 cpu_restore_state(current_tb, env,
1044 env->mem_io_pc, NULL);
1045 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1048 #endif /* TARGET_HAS_PRECISE_SMC */
1049 /* we need to do that to handle the case where a signal
1050 occurs while doing tb_phys_invalidate() */
1053 saved_tb = env->current_tb;
1054 env->current_tb = NULL;
1056 tb_phys_invalidate(tb, -1);
1058 env->current_tb = saved_tb;
1059 if (env->interrupt_request && env->current_tb)
1060 cpu_interrupt(env, env->interrupt_request);
1065 #if !defined(CONFIG_USER_ONLY)
1066 /* if no code remaining, no need to continue to use slow writes */
1068 invalidate_page_bitmap(p);
1069 if (is_cpu_write_access) {
1070 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1074 #ifdef TARGET_HAS_PRECISE_SMC
1075 if (current_tb_modified) {
1076 /* we generate a block containing just the instruction
1077 modifying the memory. It will ensure that it cannot modify
1079 env->current_tb = NULL;
1080 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1081 cpu_resume_from_signal(env, NULL);
1086 /* len must be <= 8 and start must be a multiple of len */
1087 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1093 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1094 cpu_single_env->mem_io_vaddr, len,
1095 cpu_single_env->eip,
1096 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1099 p = page_find(start >> TARGET_PAGE_BITS);
1102 if (p->code_bitmap) {
1103 offset = start & ~TARGET_PAGE_MASK;
1104 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1105 if (b & ((1 << len) - 1))
1109 tb_invalidate_phys_page_range(start, start + len, 1);
1113 #if !defined(CONFIG_SOFTMMU)
1114 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1115 unsigned long pc, void *puc)
1117 TranslationBlock *tb;
1120 #ifdef TARGET_HAS_PRECISE_SMC
1121 TranslationBlock *current_tb = NULL;
1122 CPUState *env = cpu_single_env;
1123 int current_tb_modified = 0;
1124 target_ulong current_pc = 0;
1125 target_ulong current_cs_base = 0;
1126 int current_flags = 0;
1129 addr &= TARGET_PAGE_MASK;
1130 p = page_find(addr >> TARGET_PAGE_BITS);
1134 #ifdef TARGET_HAS_PRECISE_SMC
1135 if (tb && pc != 0) {
1136 current_tb = tb_find_pc(pc);
1139 while (tb != NULL) {
1141 tb = (TranslationBlock *)((long)tb & ~3);
1142 #ifdef TARGET_HAS_PRECISE_SMC
1143 if (current_tb == tb &&
1144 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1145 /* If we are modifying the current TB, we must stop
1146 its execution. We could be more precise by checking
1147 that the modification is after the current PC, but it
1148 would require a specialized function to partially
1149 restore the CPU state */
1151 current_tb_modified = 1;
1152 cpu_restore_state(current_tb, env, pc, puc);
1153 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1156 #endif /* TARGET_HAS_PRECISE_SMC */
1157 tb_phys_invalidate(tb, addr);
1158 tb = tb->page_next[n];
1161 #ifdef TARGET_HAS_PRECISE_SMC
1162 if (current_tb_modified) {
1163 /* we generate a block containing just the instruction
1164 modifying the memory. It will ensure that it cannot modify
1166 env->current_tb = NULL;
1167 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1168 cpu_resume_from_signal(env, puc);
1174 /* add the tb in the target page and protect it if necessary */
1175 static inline void tb_alloc_page(TranslationBlock *tb,
1176 unsigned int n, tb_page_addr_t page_addr)
1179 TranslationBlock *last_first_tb;
1181 tb->page_addr[n] = page_addr;
1182 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1183 tb->page_next[n] = p->first_tb;
1184 last_first_tb = p->first_tb;
1185 p->first_tb = (TranslationBlock *)((long)tb | n);
1186 invalidate_page_bitmap(p);
1188 #if defined(TARGET_HAS_SMC) || 1
1190 #if defined(CONFIG_USER_ONLY)
1191 if (p->flags & PAGE_WRITE) {
1196 /* force the host page as non writable (writes will have a
1197 page fault + mprotect overhead) */
1198 page_addr &= qemu_host_page_mask;
1200 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1201 addr += TARGET_PAGE_SIZE) {
1203 p2 = page_find (addr >> TARGET_PAGE_BITS);
1207 p2->flags &= ~PAGE_WRITE;
1209 mprotect(g2h(page_addr), qemu_host_page_size,
1210 (prot & PAGE_BITS) & ~PAGE_WRITE);
1211 #ifdef DEBUG_TB_INVALIDATE
1212 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1217 /* if some code is already present, then the pages are already
1218 protected. So we handle the case where only the first TB is
1219 allocated in a physical page */
1220 if (!last_first_tb) {
1221 tlb_protect_code(page_addr);
1225 #endif /* TARGET_HAS_SMC */
1228 /* Allocate a new translation block. Flush the translation buffer if
1229 too many translation blocks or too much generated code. */
1230 TranslationBlock *tb_alloc(target_ulong pc)
1232 TranslationBlock *tb;
1234 if (nb_tbs >= code_gen_max_blocks ||
1235 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1237 tb = &tbs[nb_tbs++];
1243 void tb_free(TranslationBlock *tb)
1245 /* In practice this is mostly used for single use temporary TB
1246 Ignore the hard cases and just back up if this TB happens to
1247 be the last one generated. */
1248 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1249 code_gen_ptr = tb->tc_ptr;
1254 /* add a new TB and link it to the physical page tables. phys_page2 is
1255 (-1) to indicate that only one page contains the TB. */
1256 void tb_link_page(TranslationBlock *tb,
1257 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1260 TranslationBlock **ptb;
1262 /* Grab the mmap lock to stop another thread invalidating this TB
1263 before we are done. */
1265 /* add in the physical hash table */
1266 h = tb_phys_hash_func(phys_pc);
1267 ptb = &tb_phys_hash[h];
1268 tb->phys_hash_next = *ptb;
1271 /* add in the page list */
1272 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1273 if (phys_page2 != -1)
1274 tb_alloc_page(tb, 1, phys_page2);
1276 tb->page_addr[1] = -1;
1278 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1279 tb->jmp_next[0] = NULL;
1280 tb->jmp_next[1] = NULL;
1282 /* init original jump addresses */
1283 if (tb->tb_next_offset[0] != 0xffff)
1284 tb_reset_jump(tb, 0);
1285 if (tb->tb_next_offset[1] != 0xffff)
1286 tb_reset_jump(tb, 1);
1288 #ifdef DEBUG_TB_CHECK
1294 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1295 tb[1].tc_ptr. Return NULL if not found */
1296 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1298 int m_min, m_max, m;
1300 TranslationBlock *tb;
1304 if (tc_ptr < (unsigned long)code_gen_buffer ||
1305 tc_ptr >= (unsigned long)code_gen_ptr)
1307 /* binary search (cf Knuth) */
1310 while (m_min <= m_max) {
1311 m = (m_min + m_max) >> 1;
1313 v = (unsigned long)tb->tc_ptr;
1316 else if (tc_ptr < v) {
1325 static void tb_reset_jump_recursive(TranslationBlock *tb);
1327 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1329 TranslationBlock *tb1, *tb_next, **ptb;
1332 tb1 = tb->jmp_next[n];
1334 /* find head of list */
1337 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1340 tb1 = tb1->jmp_next[n1];
1342 /* we are now sure now that tb jumps to tb1 */
1345 /* remove tb from the jmp_first list */
1346 ptb = &tb_next->jmp_first;
1350 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1351 if (n1 == n && tb1 == tb)
1353 ptb = &tb1->jmp_next[n1];
1355 *ptb = tb->jmp_next[n];
1356 tb->jmp_next[n] = NULL;
1358 /* suppress the jump to next tb in generated code */
1359 tb_reset_jump(tb, n);
1361 /* suppress jumps in the tb on which we could have jumped */
1362 tb_reset_jump_recursive(tb_next);
1366 static void tb_reset_jump_recursive(TranslationBlock *tb)
1368 tb_reset_jump_recursive2(tb, 0);
1369 tb_reset_jump_recursive2(tb, 1);
1372 #if defined(TARGET_HAS_ICE)
1373 #if defined(CONFIG_USER_ONLY)
1374 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1376 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1379 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1381 target_phys_addr_t addr;
1383 ram_addr_t ram_addr;
1386 addr = cpu_get_phys_page_debug(env, pc);
1387 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1389 pd = IO_MEM_UNASSIGNED;
1391 pd = p->phys_offset;
1393 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1394 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1397 #endif /* TARGET_HAS_ICE */
1399 #if defined(CONFIG_USER_ONLY)
1400 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1405 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1406 int flags, CPUWatchpoint **watchpoint)
1411 /* Add a watchpoint. */
1412 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1413 int flags, CPUWatchpoint **watchpoint)
1415 target_ulong len_mask = ~(len - 1);
1418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1419 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1420 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1421 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1424 wp = qemu_malloc(sizeof(*wp));
1427 wp->len_mask = len_mask;
1430 /* keep all GDB-injected watchpoints in front */
1432 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1434 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1436 tlb_flush_page(env, addr);
1443 /* Remove a specific watchpoint. */
1444 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1447 target_ulong len_mask = ~(len - 1);
1450 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1451 if (addr == wp->vaddr && len_mask == wp->len_mask
1452 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1453 cpu_watchpoint_remove_by_ref(env, wp);
1460 /* Remove a specific watchpoint by reference. */
1461 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1463 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1465 tlb_flush_page(env, watchpoint->vaddr);
1467 qemu_free(watchpoint);
1470 /* Remove all matching watchpoints. */
1471 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1473 CPUWatchpoint *wp, *next;
1475 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1476 if (wp->flags & mask)
1477 cpu_watchpoint_remove_by_ref(env, wp);
1482 /* Add a breakpoint. */
1483 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1484 CPUBreakpoint **breakpoint)
1486 #if defined(TARGET_HAS_ICE)
1489 bp = qemu_malloc(sizeof(*bp));
1494 /* keep all GDB-injected breakpoints in front */
1496 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1498 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1500 breakpoint_invalidate(env, pc);
1510 /* Remove a specific breakpoint. */
1511 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1513 #if defined(TARGET_HAS_ICE)
1516 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1517 if (bp->pc == pc && bp->flags == flags) {
1518 cpu_breakpoint_remove_by_ref(env, bp);
1528 /* Remove a specific breakpoint by reference. */
1529 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1531 #if defined(TARGET_HAS_ICE)
1532 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1534 breakpoint_invalidate(env, breakpoint->pc);
1536 qemu_free(breakpoint);
1540 /* Remove all matching breakpoints. */
1541 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1543 #if defined(TARGET_HAS_ICE)
1544 CPUBreakpoint *bp, *next;
1546 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1547 if (bp->flags & mask)
1548 cpu_breakpoint_remove_by_ref(env, bp);
1553 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1554 CPU loop after each instruction */
1555 void cpu_single_step(CPUState *env, int enabled)
1557 #if defined(TARGET_HAS_ICE)
1558 if (env->singlestep_enabled != enabled) {
1559 env->singlestep_enabled = enabled;
1561 kvm_update_guest_debug(env, 0);
1563 /* must flush all the translated code to avoid inconsistencies */
1564 /* XXX: only flush what is necessary */
1571 /* enable or disable low levels log */
1572 void cpu_set_log(int log_flags)
1574 loglevel = log_flags;
1575 if (loglevel && !logfile) {
1576 logfile = fopen(logfilename, log_append ? "a" : "w");
1578 perror(logfilename);
1581 #if !defined(CONFIG_SOFTMMU)
1582 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1584 static char logfile_buf[4096];
1585 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1587 #elif !defined(_WIN32)
1588 /* Win32 doesn't support line-buffering and requires size >= 2 */
1589 setvbuf(logfile, NULL, _IOLBF, 0);
1593 if (!loglevel && logfile) {
1599 void cpu_set_log_filename(const char *filename)
1601 logfilename = strdup(filename);
1606 cpu_set_log(loglevel);
1609 static void cpu_unlink_tb(CPUState *env)
1611 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1612 problem and hope the cpu will stop of its own accord. For userspace
1613 emulation this often isn't actually as bad as it sounds. Often
1614 signals are used primarily to interrupt blocking syscalls. */
1615 TranslationBlock *tb;
1616 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1618 spin_lock(&interrupt_lock);
1619 tb = env->current_tb;
1620 /* if the cpu is currently executing code, we must unlink it and
1621 all the potentially executing TB */
1623 env->current_tb = NULL;
1624 tb_reset_jump_recursive(tb);
1626 spin_unlock(&interrupt_lock);
1629 /* mask must never be zero, except for A20 change call */
1630 void cpu_interrupt(CPUState *env, int mask)
1634 old_mask = env->interrupt_request;
1635 env->interrupt_request |= mask;
1637 #ifndef CONFIG_USER_ONLY
1639 * If called from iothread context, wake the target cpu in
1642 if (!qemu_cpu_self(env)) {
1649 env->icount_decr.u16.high = 0xffff;
1650 #ifndef CONFIG_USER_ONLY
1652 && (mask & ~old_mask) != 0) {
1653 cpu_abort(env, "Raised interrupt while not in I/O function");
1661 void cpu_reset_interrupt(CPUState *env, int mask)
1663 env->interrupt_request &= ~mask;
1666 void cpu_exit(CPUState *env)
1668 env->exit_request = 1;
1672 const CPULogItem cpu_log_items[] = {
1673 { CPU_LOG_TB_OUT_ASM, "out_asm",
1674 "show generated host assembly code for each compiled TB" },
1675 { CPU_LOG_TB_IN_ASM, "in_asm",
1676 "show target assembly code for each compiled TB" },
1677 { CPU_LOG_TB_OP, "op",
1678 "show micro ops for each compiled TB" },
1679 { CPU_LOG_TB_OP_OPT, "op_opt",
1682 "before eflags optimization and "
1684 "after liveness analysis" },
1685 { CPU_LOG_INT, "int",
1686 "show interrupts/exceptions in short format" },
1687 { CPU_LOG_EXEC, "exec",
1688 "show trace before each executed TB (lots of logs)" },
1689 { CPU_LOG_TB_CPU, "cpu",
1690 "show CPU state before block translation" },
1692 { CPU_LOG_PCALL, "pcall",
1693 "show protected mode far calls/returns/exceptions" },
1694 { CPU_LOG_RESET, "cpu_reset",
1695 "show CPU state before CPU resets" },
1698 { CPU_LOG_IOPORT, "ioport",
1699 "show all i/o ports accesses" },
1704 #ifndef CONFIG_USER_ONLY
1705 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1706 = QLIST_HEAD_INITIALIZER(memory_client_list);
1708 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1710 ram_addr_t phys_offset)
1712 CPUPhysMemoryClient *client;
1713 QLIST_FOREACH(client, &memory_client_list, list) {
1714 client->set_memory(client, start_addr, size, phys_offset);
1718 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1719 target_phys_addr_t end)
1721 CPUPhysMemoryClient *client;
1722 QLIST_FOREACH(client, &memory_client_list, list) {
1723 int r = client->sync_dirty_bitmap(client, start, end);
1730 static int cpu_notify_migration_log(int enable)
1732 CPUPhysMemoryClient *client;
1733 QLIST_FOREACH(client, &memory_client_list, list) {
1734 int r = client->migration_log(client, enable);
1741 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1742 int level, void **lp)
1750 PhysPageDesc *pd = *lp;
1751 for (i = 0; i < L2_SIZE; ++i) {
1752 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1753 client->set_memory(client, pd[i].region_offset,
1754 TARGET_PAGE_SIZE, pd[i].phys_offset);
1759 for (i = 0; i < L2_SIZE; ++i) {
1760 phys_page_for_each_1(client, level - 1, pp + i);
1765 static void phys_page_for_each(CPUPhysMemoryClient *client)
1768 for (i = 0; i < P_L1_SIZE; ++i) {
1769 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1774 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1776 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1777 phys_page_for_each(client);
1780 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1782 QLIST_REMOVE(client, list);
1786 static int cmp1(const char *s1, int n, const char *s2)
1788 if (strlen(s2) != n)
1790 return memcmp(s1, s2, n) == 0;
1793 /* takes a comma separated list of log masks. Return 0 if error. */
1794 int cpu_str_to_log_mask(const char *str)
1796 const CPULogItem *item;
1803 p1 = strchr(p, ',');
1806 if(cmp1(p,p1-p,"all")) {
1807 for(item = cpu_log_items; item->mask != 0; item++) {
1811 for(item = cpu_log_items; item->mask != 0; item++) {
1812 if (cmp1(p, p1 - p, item->name))
1826 void cpu_abort(CPUState *env, const char *fmt, ...)
1833 fprintf(stderr, "qemu: fatal: ");
1834 vfprintf(stderr, fmt, ap);
1835 fprintf(stderr, "\n");
1837 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1839 cpu_dump_state(env, stderr, fprintf, 0);
1841 if (qemu_log_enabled()) {
1842 qemu_log("qemu: fatal: ");
1843 qemu_log_vprintf(fmt, ap2);
1846 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1848 log_cpu_state(env, 0);
1855 #if defined(CONFIG_USER_ONLY)
1857 struct sigaction act;
1858 sigfillset(&act.sa_mask);
1859 act.sa_handler = SIG_DFL;
1860 sigaction(SIGABRT, &act, NULL);
1866 CPUState *cpu_copy(CPUState *env)
1868 CPUState *new_env = cpu_init(env->cpu_model_str);
1869 CPUState *next_cpu = new_env->next_cpu;
1870 int cpu_index = new_env->cpu_index;
1871 #if defined(TARGET_HAS_ICE)
1876 memcpy(new_env, env, sizeof(CPUState));
1878 /* Preserve chaining and index. */
1879 new_env->next_cpu = next_cpu;
1880 new_env->cpu_index = cpu_index;
1882 /* Clone all break/watchpoints.
1883 Note: Once we support ptrace with hw-debug register access, make sure
1884 BP_CPU break/watchpoints are handled correctly on clone. */
1885 QTAILQ_INIT(&env->breakpoints);
1886 QTAILQ_INIT(&env->watchpoints);
1887 #if defined(TARGET_HAS_ICE)
1888 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1889 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1891 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1892 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1900 #if !defined(CONFIG_USER_ONLY)
1902 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1906 /* Discard jump cache entries for any tb which might potentially
1907 overlap the flushed page. */
1908 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1909 memset (&env->tb_jmp_cache[i], 0,
1910 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1912 i = tb_jmp_cache_hash_page(addr);
1913 memset (&env->tb_jmp_cache[i], 0,
1914 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1917 static CPUTLBEntry s_cputlb_empty_entry = {
1924 /* NOTE: if flush_global is true, also flush global entries (not
1926 void tlb_flush(CPUState *env, int flush_global)
1930 #if defined(DEBUG_TLB)
1931 printf("tlb_flush:\n");
1933 /* must reset current TB so that interrupts cannot modify the
1934 links while we are modifying them */
1935 env->current_tb = NULL;
1937 for(i = 0; i < CPU_TLB_SIZE; i++) {
1939 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1940 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1944 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1946 env->tlb_flush_addr = -1;
1947 env->tlb_flush_mask = 0;
1951 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1953 if (addr == (tlb_entry->addr_read &
1954 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1955 addr == (tlb_entry->addr_write &
1956 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1957 addr == (tlb_entry->addr_code &
1958 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1959 *tlb_entry = s_cputlb_empty_entry;
1963 void tlb_flush_page(CPUState *env, target_ulong addr)
1968 #if defined(DEBUG_TLB)
1969 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1971 /* Check if we need to flush due to large pages. */
1972 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1973 #if defined(DEBUG_TLB)
1974 printf("tlb_flush_page: forced full flush ("
1975 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1976 env->tlb_flush_addr, env->tlb_flush_mask);
1981 /* must reset current TB so that interrupts cannot modify the
1982 links while we are modifying them */
1983 env->current_tb = NULL;
1985 addr &= TARGET_PAGE_MASK;
1986 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1987 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1988 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1990 tlb_flush_jmp_cache(env, addr);
1993 /* update the TLBs so that writes to code in the virtual page 'addr'
1995 static void tlb_protect_code(ram_addr_t ram_addr)
1997 cpu_physical_memory_reset_dirty(ram_addr,
1998 ram_addr + TARGET_PAGE_SIZE,
2002 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2003 tested for self modifying code */
2004 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2007 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2010 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2011 unsigned long start, unsigned long length)
2014 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2015 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2016 if ((addr - start) < length) {
2017 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2022 /* Note: start and end must be within the same ram block. */
2023 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2027 unsigned long length, start1;
2030 start &= TARGET_PAGE_MASK;
2031 end = TARGET_PAGE_ALIGN(end);
2033 length = end - start;
2036 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2038 /* we modify the TLB cache so that the dirty bit will be set again
2039 when accessing the range */
2040 start1 = (unsigned long)qemu_get_ram_ptr(start);
2041 /* Chek that we don't span multiple blocks - this breaks the
2042 address comparisons below. */
2043 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2044 != (end - 1) - start) {
2048 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2050 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2051 for(i = 0; i < CPU_TLB_SIZE; i++)
2052 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2058 int cpu_physical_memory_set_dirty_tracking(int enable)
2061 in_migration = enable;
2062 ret = cpu_notify_migration_log(!!enable);
2066 int cpu_physical_memory_get_dirty_tracking(void)
2068 return in_migration;
2071 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2072 target_phys_addr_t end_addr)
2076 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2080 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2082 ram_addr_t ram_addr;
2085 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2086 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2087 + tlb_entry->addend);
2088 ram_addr = qemu_ram_addr_from_host(p);
2089 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2090 tlb_entry->addr_write |= TLB_NOTDIRTY;
2095 /* update the TLB according to the current state of the dirty bits */
2096 void cpu_tlb_update_dirty(CPUState *env)
2100 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2101 for(i = 0; i < CPU_TLB_SIZE; i++)
2102 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2106 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2108 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2109 tlb_entry->addr_write = vaddr;
2112 /* update the TLB corresponding to virtual page vaddr
2113 so that it is no longer dirty */
2114 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2119 vaddr &= TARGET_PAGE_MASK;
2120 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2121 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2122 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2125 /* Our TLB does not support large pages, so remember the area covered by
2126 large pages and trigger a full TLB flush if these are invalidated. */
2127 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2130 target_ulong mask = ~(size - 1);
2132 if (env->tlb_flush_addr == (target_ulong)-1) {
2133 env->tlb_flush_addr = vaddr & mask;
2134 env->tlb_flush_mask = mask;
2137 /* Extend the existing region to include the new page.
2138 This is a compromise between unnecessary flushes and the cost
2139 of maintaining a full variable size TLB. */
2140 mask &= env->tlb_flush_mask;
2141 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2144 env->tlb_flush_addr &= mask;
2145 env->tlb_flush_mask = mask;
2148 /* Add a new TLB entry. At most one entry for a given virtual address
2149 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2150 supplied size is only used by tlb_flush_page. */
2151 void tlb_set_page(CPUState *env, target_ulong vaddr,
2152 target_phys_addr_t paddr, int prot,
2153 int mmu_idx, target_ulong size)
2158 target_ulong address;
2159 target_ulong code_address;
2160 unsigned long addend;
2163 target_phys_addr_t iotlb;
2165 assert(size >= TARGET_PAGE_SIZE);
2166 if (size != TARGET_PAGE_SIZE) {
2167 tlb_add_large_page(env, vaddr, size);
2169 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2171 pd = IO_MEM_UNASSIGNED;
2173 pd = p->phys_offset;
2175 #if defined(DEBUG_TLB)
2176 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2177 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2181 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2182 /* IO memory case (romd handled later) */
2183 address |= TLB_MMIO;
2185 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2186 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2188 iotlb = pd & TARGET_PAGE_MASK;
2189 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2190 iotlb |= IO_MEM_NOTDIRTY;
2192 iotlb |= IO_MEM_ROM;
2194 /* IO handlers are currently passed a physical address.
2195 It would be nice to pass an offset from the base address
2196 of that region. This would avoid having to special case RAM,
2197 and avoid full address decoding in every device.
2198 We can't use the high bits of pd for this because
2199 IO_MEM_ROMD uses these as a ram address. */
2200 iotlb = (pd & ~TARGET_PAGE_MASK);
2202 iotlb += p->region_offset;
2208 code_address = address;
2209 /* Make accesses to pages with watchpoints go via the
2210 watchpoint trap routines. */
2211 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2212 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2213 /* Avoid trapping reads of pages with a write breakpoint. */
2214 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2215 iotlb = io_mem_watch + paddr;
2216 address |= TLB_MMIO;
2222 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2223 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2224 te = &env->tlb_table[mmu_idx][index];
2225 te->addend = addend - vaddr;
2226 if (prot & PAGE_READ) {
2227 te->addr_read = address;
2232 if (prot & PAGE_EXEC) {
2233 te->addr_code = code_address;
2237 if (prot & PAGE_WRITE) {
2238 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2239 (pd & IO_MEM_ROMD)) {
2240 /* Write access calls the I/O callback. */
2241 te->addr_write = address | TLB_MMIO;
2242 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2243 !cpu_physical_memory_is_dirty(pd)) {
2244 te->addr_write = address | TLB_NOTDIRTY;
2246 te->addr_write = address;
2249 te->addr_write = -1;
2255 void tlb_flush(CPUState *env, int flush_global)
2259 void tlb_flush_page(CPUState *env, target_ulong addr)
2264 * Walks guest process memory "regions" one by one
2265 * and calls callback function 'fn' for each region.
2268 struct walk_memory_regions_data
2270 walk_memory_regions_fn fn;
2272 unsigned long start;
2276 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2277 abi_ulong end, int new_prot)
2279 if (data->start != -1ul) {
2280 int rc = data->fn(data->priv, data->start, end, data->prot);
2286 data->start = (new_prot ? end : -1ul);
2287 data->prot = new_prot;
2292 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2293 abi_ulong base, int level, void **lp)
2299 return walk_memory_regions_end(data, base, 0);
2304 for (i = 0; i < L2_SIZE; ++i) {
2305 int prot = pd[i].flags;
2307 pa = base | (i << TARGET_PAGE_BITS);
2308 if (prot != data->prot) {
2309 rc = walk_memory_regions_end(data, pa, prot);
2317 for (i = 0; i < L2_SIZE; ++i) {
2318 pa = base | ((abi_ulong)i <<
2319 (TARGET_PAGE_BITS + L2_BITS * level));
2320 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2330 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2332 struct walk_memory_regions_data data;
2340 for (i = 0; i < V_L1_SIZE; i++) {
2341 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2342 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2348 return walk_memory_regions_end(&data, 0, 0);
2351 static int dump_region(void *priv, abi_ulong start,
2352 abi_ulong end, unsigned long prot)
2354 FILE *f = (FILE *)priv;
2356 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2357 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2358 start, end, end - start,
2359 ((prot & PAGE_READ) ? 'r' : '-'),
2360 ((prot & PAGE_WRITE) ? 'w' : '-'),
2361 ((prot & PAGE_EXEC) ? 'x' : '-'));
2366 /* dump memory mappings */
2367 void page_dump(FILE *f)
2369 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2370 "start", "end", "size", "prot");
2371 walk_memory_regions(f, dump_region);
2374 int page_get_flags(target_ulong address)
2378 p = page_find(address >> TARGET_PAGE_BITS);
2384 /* Modify the flags of a page and invalidate the code if necessary.
2385 The flag PAGE_WRITE_ORG is positioned automatically depending
2386 on PAGE_WRITE. The mmap_lock should already be held. */
2387 void page_set_flags(target_ulong start, target_ulong end, int flags)
2389 target_ulong addr, len;
2391 /* This function should never be called with addresses outside the
2392 guest address space. If this assert fires, it probably indicates
2393 a missing call to h2g_valid. */
2394 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2395 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2397 assert(start < end);
2399 start = start & TARGET_PAGE_MASK;
2400 end = TARGET_PAGE_ALIGN(end);
2402 if (flags & PAGE_WRITE) {
2403 flags |= PAGE_WRITE_ORG;
2406 for (addr = start, len = end - start;
2408 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2409 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2411 /* If the write protection bit is set, then we invalidate
2413 if (!(p->flags & PAGE_WRITE) &&
2414 (flags & PAGE_WRITE) &&
2416 tb_invalidate_phys_page(addr, 0, NULL);
2422 int page_check_range(target_ulong start, target_ulong len, int flags)
2428 /* This function should never be called with addresses outside the
2429 guest address space. If this assert fires, it probably indicates
2430 a missing call to h2g_valid. */
2431 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2432 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2438 if (start + len - 1 < start) {
2439 /* We've wrapped around. */
2443 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2444 start = start & TARGET_PAGE_MASK;
2446 for (addr = start, len = end - start;
2448 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2449 p = page_find(addr >> TARGET_PAGE_BITS);
2452 if( !(p->flags & PAGE_VALID) )
2455 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2457 if (flags & PAGE_WRITE) {
2458 if (!(p->flags & PAGE_WRITE_ORG))
2460 /* unprotect the page if it was put read-only because it
2461 contains translated code */
2462 if (!(p->flags & PAGE_WRITE)) {
2463 if (!page_unprotect(addr, 0, NULL))
2472 /* called from signal handler: invalidate the code and unprotect the
2473 page. Return TRUE if the fault was successfully handled. */
2474 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2478 target_ulong host_start, host_end, addr;
2480 /* Technically this isn't safe inside a signal handler. However we
2481 know this only ever happens in a synchronous SEGV handler, so in
2482 practice it seems to be ok. */
2485 p = page_find(address >> TARGET_PAGE_BITS);
2491 /* if the page was really writable, then we change its
2492 protection back to writable */
2493 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2494 host_start = address & qemu_host_page_mask;
2495 host_end = host_start + qemu_host_page_size;
2498 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2499 p = page_find(addr >> TARGET_PAGE_BITS);
2500 p->flags |= PAGE_WRITE;
2503 /* and since the content will be modified, we must invalidate
2504 the corresponding translated code. */
2505 tb_invalidate_phys_page(addr, pc, puc);
2506 #ifdef DEBUG_TB_CHECK
2507 tb_invalidate_check(addr);
2510 mprotect((void *)g2h(host_start), qemu_host_page_size,
2520 static inline void tlb_set_dirty(CPUState *env,
2521 unsigned long addr, target_ulong vaddr)
2524 #endif /* defined(CONFIG_USER_ONLY) */
2526 #if !defined(CONFIG_USER_ONLY)
2528 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2529 typedef struct subpage_t {
2530 target_phys_addr_t base;
2531 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2532 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2535 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2536 ram_addr_t memory, ram_addr_t region_offset);
2537 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2538 ram_addr_t orig_memory,
2539 ram_addr_t region_offset);
2540 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2543 if (addr > start_addr) \
2546 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2547 if (start_addr2 > 0) \
2551 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2552 end_addr2 = TARGET_PAGE_SIZE - 1; \
2554 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2555 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2560 /* register physical memory.
2561 For RAM, 'size' must be a multiple of the target page size.
2562 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2563 io memory page. The address used when calling the IO function is
2564 the offset from the start of the region, plus region_offset. Both
2565 start_addr and region_offset are rounded down to a page boundary
2566 before calculating this offset. This should not be a problem unless
2567 the low bits of start_addr and region_offset differ. */
2568 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2570 ram_addr_t phys_offset,
2571 ram_addr_t region_offset)
2573 target_phys_addr_t addr, end_addr;
2576 ram_addr_t orig_size = size;
2579 cpu_notify_set_memory(start_addr, size, phys_offset);
2581 if (phys_offset == IO_MEM_UNASSIGNED) {
2582 region_offset = start_addr;
2584 region_offset &= TARGET_PAGE_MASK;
2585 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2586 end_addr = start_addr + (target_phys_addr_t)size;
2587 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2588 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2589 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2590 ram_addr_t orig_memory = p->phys_offset;
2591 target_phys_addr_t start_addr2, end_addr2;
2592 int need_subpage = 0;
2594 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2597 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2598 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2599 &p->phys_offset, orig_memory,
2602 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2605 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2607 p->region_offset = 0;
2609 p->phys_offset = phys_offset;
2610 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2611 (phys_offset & IO_MEM_ROMD))
2612 phys_offset += TARGET_PAGE_SIZE;
2615 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2616 p->phys_offset = phys_offset;
2617 p->region_offset = region_offset;
2618 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2619 (phys_offset & IO_MEM_ROMD)) {
2620 phys_offset += TARGET_PAGE_SIZE;
2622 target_phys_addr_t start_addr2, end_addr2;
2623 int need_subpage = 0;
2625 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2626 end_addr2, need_subpage);
2629 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2630 &p->phys_offset, IO_MEM_UNASSIGNED,
2631 addr & TARGET_PAGE_MASK);
2632 subpage_register(subpage, start_addr2, end_addr2,
2633 phys_offset, region_offset);
2634 p->region_offset = 0;
2638 region_offset += TARGET_PAGE_SIZE;
2641 /* since each CPU stores ram addresses in its TLB cache, we must
2642 reset the modified entries */
2644 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2649 /* XXX: temporary until new memory mapping API */
2650 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2654 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2656 return IO_MEM_UNASSIGNED;
2657 return p->phys_offset;
2660 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2663 kvm_coalesce_mmio_region(addr, size);
2666 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2669 kvm_uncoalesce_mmio_region(addr, size);
2672 void qemu_flush_coalesced_mmio_buffer(void)
2675 kvm_flush_coalesced_mmio_buffer();
2678 #if defined(__linux__) && !defined(TARGET_S390X)
2680 #include <sys/vfs.h>
2682 #define HUGETLBFS_MAGIC 0x958458f6
2684 static long gethugepagesize(const char *path)
2690 ret = statfs(path, &fs);
2691 } while (ret != 0 && errno == EINTR);
2698 if (fs.f_type != HUGETLBFS_MAGIC)
2699 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2704 static void *file_ram_alloc(RAMBlock *block,
2714 unsigned long hpagesize;
2716 hpagesize = gethugepagesize(path);
2721 if (memory < hpagesize) {
2725 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2726 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2730 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2734 fd = mkstemp(filename);
2736 perror("unable to create backing store for hugepages");
2743 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2746 * ftruncate is not supported by hugetlbfs in older
2747 * hosts, so don't bother bailing out on errors.
2748 * If anything goes wrong with it under other filesystems,
2751 if (ftruncate(fd, memory))
2752 perror("ftruncate");
2755 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2756 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2757 * to sidestep this quirk.
2759 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2760 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2762 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2764 if (area == MAP_FAILED) {
2765 perror("file_ram_alloc: can't mmap RAM pages");
2774 static ram_addr_t find_ram_offset(ram_addr_t size)
2776 RAMBlock *block, *next_block;
2777 ram_addr_t offset, mingap = ULONG_MAX;
2779 if (QLIST_EMPTY(&ram_list.blocks))
2782 QLIST_FOREACH(block, &ram_list.blocks, next) {
2783 ram_addr_t end, next = ULONG_MAX;
2785 end = block->offset + block->length;
2787 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2788 if (next_block->offset >= end) {
2789 next = MIN(next, next_block->offset);
2792 if (next - end >= size && next - end < mingap) {
2794 mingap = next - end;
2800 static ram_addr_t last_ram_offset(void)
2803 ram_addr_t last = 0;
2805 QLIST_FOREACH(block, &ram_list.blocks, next)
2806 last = MAX(last, block->offset + block->length);
2811 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2813 RAMBlock *new_block, *block;
2815 size = TARGET_PAGE_ALIGN(size);
2816 new_block = qemu_mallocz(sizeof(*new_block));
2818 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2819 char *id = dev->parent_bus->info->get_dev_path(dev);
2821 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2825 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2827 QLIST_FOREACH(block, &ram_list.blocks, next) {
2828 if (!strcmp(block->idstr, new_block->idstr)) {
2829 if (block->length == new_block->length) {
2830 fprintf(stderr, "RAMBlock \"%s\" exists, assuming lack of"
2831 "free.\n", new_block->idstr);
2832 qemu_free(new_block);
2833 return block->offset;
2835 fprintf(stderr, "RAMBlock \"%s\" already registered with"
2836 "different size, abort\n", new_block->idstr);
2843 #if defined (__linux__) && !defined(TARGET_S390X)
2844 new_block->host = file_ram_alloc(new_block, size, mem_path);
2845 if (!new_block->host) {
2846 new_block->host = qemu_vmalloc(size);
2847 #ifdef MADV_MERGEABLE
2848 madvise(new_block->host, size, MADV_MERGEABLE);
2852 fprintf(stderr, "-mem-path option unsupported\n");
2856 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2857 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2858 new_block->host = mmap((void*)0x1000000, size,
2859 PROT_EXEC|PROT_READ|PROT_WRITE,
2860 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2862 new_block->host = qemu_vmalloc(size);
2864 #ifdef MADV_MERGEABLE
2865 madvise(new_block->host, size, MADV_MERGEABLE);
2868 new_block->offset = find_ram_offset(size);
2869 new_block->length = size;
2871 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2873 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
2874 last_ram_offset() >> TARGET_PAGE_BITS);
2875 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2876 0xff, size >> TARGET_PAGE_BITS);
2879 kvm_setup_guest_memory(new_block->host, size);
2881 return new_block->offset;
2884 void qemu_ram_free(ram_addr_t addr)
2888 QLIST_FOREACH(block, &ram_list.blocks, next) {
2889 if (addr == block->offset) {
2890 QLIST_REMOVE(block, next);
2892 #if defined (__linux__) && !defined(TARGET_S390X)
2894 munmap(block->host, block->length);
2897 qemu_vfree(block->host);
2901 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2902 munmap(block->host, block->length);
2904 qemu_vfree(block->host);
2914 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2915 With the exception of the softmmu code in this file, this should
2916 only be used for local memory (e.g. video ram) that the device owns,
2917 and knows it isn't going to access beyond the end of the block.
2919 It should not be used for general purpose DMA.
2920 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2922 void *qemu_get_ram_ptr(ram_addr_t addr)
2926 QLIST_FOREACH(block, &ram_list.blocks, next) {
2927 if (addr - block->offset < block->length) {
2928 QLIST_REMOVE(block, next);
2929 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2930 return block->host + (addr - block->offset);
2934 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2940 /* Some of the softmmu routines need to translate from a host pointer
2941 (typically a TLB entry) back to a ram offset. */
2942 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2945 uint8_t *host = ptr;
2947 QLIST_FOREACH(block, &ram_list.blocks, next) {
2948 if (host - block->host < block->length) {
2949 return block->offset + (host - block->host);
2953 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2959 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2961 #ifdef DEBUG_UNASSIGNED
2962 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2964 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2965 do_unassigned_access(addr, 0, 0, 0, 1);
2970 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2972 #ifdef DEBUG_UNASSIGNED
2973 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2975 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2976 do_unassigned_access(addr, 0, 0, 0, 2);
2981 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2983 #ifdef DEBUG_UNASSIGNED
2984 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2986 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2987 do_unassigned_access(addr, 0, 0, 0, 4);
2992 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2994 #ifdef DEBUG_UNASSIGNED
2995 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2997 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2998 do_unassigned_access(addr, 1, 0, 0, 1);
3002 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3004 #ifdef DEBUG_UNASSIGNED
3005 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3007 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3008 do_unassigned_access(addr, 1, 0, 0, 2);
3012 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3014 #ifdef DEBUG_UNASSIGNED
3015 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3017 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3018 do_unassigned_access(addr, 1, 0, 0, 4);
3022 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3023 unassigned_mem_readb,
3024 unassigned_mem_readw,
3025 unassigned_mem_readl,
3028 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3029 unassigned_mem_writeb,
3030 unassigned_mem_writew,
3031 unassigned_mem_writel,
3034 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3038 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3039 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3040 #if !defined(CONFIG_USER_ONLY)
3041 tb_invalidate_phys_page_fast(ram_addr, 1);
3042 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3045 stb_p(qemu_get_ram_ptr(ram_addr), val);
3046 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3047 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3048 /* we remove the notdirty callback only if the code has been
3050 if (dirty_flags == 0xff)
3051 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3054 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3058 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3059 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3060 #if !defined(CONFIG_USER_ONLY)
3061 tb_invalidate_phys_page_fast(ram_addr, 2);
3062 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3065 stw_p(qemu_get_ram_ptr(ram_addr), val);
3066 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3067 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3068 /* we remove the notdirty callback only if the code has been
3070 if (dirty_flags == 0xff)
3071 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3074 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3078 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3079 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3080 #if !defined(CONFIG_USER_ONLY)
3081 tb_invalidate_phys_page_fast(ram_addr, 4);
3082 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3085 stl_p(qemu_get_ram_ptr(ram_addr), val);
3086 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3087 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3088 /* we remove the notdirty callback only if the code has been
3090 if (dirty_flags == 0xff)
3091 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3094 static CPUReadMemoryFunc * const error_mem_read[3] = {
3095 NULL, /* never used */
3096 NULL, /* never used */
3097 NULL, /* never used */
3100 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3101 notdirty_mem_writeb,
3102 notdirty_mem_writew,
3103 notdirty_mem_writel,
3106 /* Generate a debug exception if a watchpoint has been hit. */
3107 static void check_watchpoint(int offset, int len_mask, int flags)
3109 CPUState *env = cpu_single_env;
3110 target_ulong pc, cs_base;
3111 TranslationBlock *tb;
3116 if (env->watchpoint_hit) {
3117 /* We re-entered the check after replacing the TB. Now raise
3118 * the debug interrupt so that is will trigger after the
3119 * current instruction. */
3120 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3123 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3124 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3125 if ((vaddr == (wp->vaddr & len_mask) ||
3126 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3127 wp->flags |= BP_WATCHPOINT_HIT;
3128 if (!env->watchpoint_hit) {
3129 env->watchpoint_hit = wp;
3130 tb = tb_find_pc(env->mem_io_pc);
3132 cpu_abort(env, "check_watchpoint: could not find TB for "
3133 "pc=%p", (void *)env->mem_io_pc);
3135 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3136 tb_phys_invalidate(tb, -1);
3137 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3138 env->exception_index = EXCP_DEBUG;
3140 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3141 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3143 cpu_resume_from_signal(env, NULL);
3146 wp->flags &= ~BP_WATCHPOINT_HIT;
3151 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3152 so these check for a hit then pass through to the normal out-of-line
3154 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3156 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3157 return ldub_phys(addr);
3160 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3162 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3163 return lduw_phys(addr);
3166 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3168 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3169 return ldl_phys(addr);
3172 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3175 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3176 stb_phys(addr, val);
3179 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3182 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3183 stw_phys(addr, val);
3186 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3189 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3190 stl_phys(addr, val);
3193 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3199 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3205 static inline uint32_t subpage_readlen (subpage_t *mmio,
3206 target_phys_addr_t addr,
3209 unsigned int idx = SUBPAGE_IDX(addr);
3210 #if defined(DEBUG_SUBPAGE)
3211 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3212 mmio, len, addr, idx);
3215 addr += mmio->region_offset[idx];
3216 idx = mmio->sub_io_index[idx];
3217 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3220 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3221 uint32_t value, unsigned int len)
3223 unsigned int idx = SUBPAGE_IDX(addr);
3224 #if defined(DEBUG_SUBPAGE)
3225 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3226 __func__, mmio, len, addr, idx, value);
3229 addr += mmio->region_offset[idx];
3230 idx = mmio->sub_io_index[idx];
3231 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3234 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3236 return subpage_readlen(opaque, addr, 0);
3239 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3242 subpage_writelen(opaque, addr, value, 0);
3245 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3247 return subpage_readlen(opaque, addr, 1);
3250 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3253 subpage_writelen(opaque, addr, value, 1);
3256 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3258 return subpage_readlen(opaque, addr, 2);
3261 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3264 subpage_writelen(opaque, addr, value, 2);
3267 static CPUReadMemoryFunc * const subpage_read[] = {
3273 static CPUWriteMemoryFunc * const subpage_write[] = {
3279 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3280 ram_addr_t memory, ram_addr_t region_offset)
3284 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3286 idx = SUBPAGE_IDX(start);
3287 eidx = SUBPAGE_IDX(end);
3288 #if defined(DEBUG_SUBPAGE)
3289 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3290 mmio, start, end, idx, eidx, memory);
3292 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3293 for (; idx <= eidx; idx++) {
3294 mmio->sub_io_index[idx] = memory;
3295 mmio->region_offset[idx] = region_offset;
3301 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3302 ram_addr_t orig_memory,
3303 ram_addr_t region_offset)
3308 mmio = qemu_mallocz(sizeof(subpage_t));
3311 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3312 #if defined(DEBUG_SUBPAGE)
3313 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3314 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3316 *phys = subpage_memory | IO_MEM_SUBPAGE;
3317 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3322 static int get_free_io_mem_idx(void)
3326 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3327 if (!io_mem_used[i]) {
3331 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3335 /* mem_read and mem_write are arrays of functions containing the
3336 function to access byte (index 0), word (index 1) and dword (index
3337 2). Functions can be omitted with a NULL function pointer.
3338 If io_index is non zero, the corresponding io zone is
3339 modified. If it is zero, a new io zone is allocated. The return
3340 value can be used with cpu_register_physical_memory(). (-1) is
3341 returned if error. */
3342 static int cpu_register_io_memory_fixed(int io_index,
3343 CPUReadMemoryFunc * const *mem_read,
3344 CPUWriteMemoryFunc * const *mem_write,
3349 if (io_index <= 0) {
3350 io_index = get_free_io_mem_idx();
3354 io_index >>= IO_MEM_SHIFT;
3355 if (io_index >= IO_MEM_NB_ENTRIES)
3359 for (i = 0; i < 3; ++i) {
3360 io_mem_read[io_index][i]
3361 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3363 for (i = 0; i < 3; ++i) {
3364 io_mem_write[io_index][i]
3365 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3367 io_mem_opaque[io_index] = opaque;
3369 return (io_index << IO_MEM_SHIFT);
3372 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3373 CPUWriteMemoryFunc * const *mem_write,
3376 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3379 void cpu_unregister_io_memory(int io_table_address)
3382 int io_index = io_table_address >> IO_MEM_SHIFT;
3384 for (i=0;i < 3; i++) {
3385 io_mem_read[io_index][i] = unassigned_mem_read[i];
3386 io_mem_write[io_index][i] = unassigned_mem_write[i];
3388 io_mem_opaque[io_index] = NULL;
3389 io_mem_used[io_index] = 0;
3392 static void io_mem_init(void)
3396 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3397 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3398 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3402 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3403 watch_mem_write, NULL);
3406 #endif /* !defined(CONFIG_USER_ONLY) */
3408 /* physical memory access (slow version, mainly for debug) */
3409 #if defined(CONFIG_USER_ONLY)
3410 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3411 uint8_t *buf, int len, int is_write)
3418 page = addr & TARGET_PAGE_MASK;
3419 l = (page + TARGET_PAGE_SIZE) - addr;
3422 flags = page_get_flags(page);
3423 if (!(flags & PAGE_VALID))
3426 if (!(flags & PAGE_WRITE))
3428 /* XXX: this code should not depend on lock_user */
3429 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3432 unlock_user(p, addr, l);
3434 if (!(flags & PAGE_READ))
3436 /* XXX: this code should not depend on lock_user */
3437 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3440 unlock_user(p, addr, 0);
3450 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3451 int len, int is_write)
3456 target_phys_addr_t page;
3461 page = addr & TARGET_PAGE_MASK;
3462 l = (page + TARGET_PAGE_SIZE) - addr;
3465 p = phys_page_find(page >> TARGET_PAGE_BITS);
3467 pd = IO_MEM_UNASSIGNED;
3469 pd = p->phys_offset;
3473 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3474 target_phys_addr_t addr1 = addr;
3475 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3477 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3478 /* XXX: could force cpu_single_env to NULL to avoid
3480 if (l >= 4 && ((addr1 & 3) == 0)) {
3481 /* 32 bit write access */
3483 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3485 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3486 /* 16 bit write access */
3488 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3491 /* 8 bit write access */
3493 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3497 unsigned long addr1;
3498 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3500 ptr = qemu_get_ram_ptr(addr1);
3501 memcpy(ptr, buf, l);
3502 if (!cpu_physical_memory_is_dirty(addr1)) {
3503 /* invalidate code */
3504 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3506 cpu_physical_memory_set_dirty_flags(
3507 addr1, (0xff & ~CODE_DIRTY_FLAG));
3511 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3512 !(pd & IO_MEM_ROMD)) {
3513 target_phys_addr_t addr1 = addr;
3515 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3517 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3518 if (l >= 4 && ((addr1 & 3) == 0)) {
3519 /* 32 bit read access */
3520 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3523 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3524 /* 16 bit read access */
3525 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3529 /* 8 bit read access */
3530 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3536 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3537 (addr & ~TARGET_PAGE_MASK);
3538 memcpy(buf, ptr, l);
3547 /* used for ROM loading : can write in RAM and ROM */
3548 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3549 const uint8_t *buf, int len)
3553 target_phys_addr_t page;
3558 page = addr & TARGET_PAGE_MASK;
3559 l = (page + TARGET_PAGE_SIZE) - addr;
3562 p = phys_page_find(page >> TARGET_PAGE_BITS);
3564 pd = IO_MEM_UNASSIGNED;
3566 pd = p->phys_offset;
3569 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3570 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3571 !(pd & IO_MEM_ROMD)) {
3574 unsigned long addr1;
3575 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3577 ptr = qemu_get_ram_ptr(addr1);
3578 memcpy(ptr, buf, l);
3588 target_phys_addr_t addr;
3589 target_phys_addr_t len;
3592 static BounceBuffer bounce;
3594 typedef struct MapClient {
3596 void (*callback)(void *opaque);
3597 QLIST_ENTRY(MapClient) link;
3600 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3601 = QLIST_HEAD_INITIALIZER(map_client_list);
3603 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3605 MapClient *client = qemu_malloc(sizeof(*client));
3607 client->opaque = opaque;
3608 client->callback = callback;
3609 QLIST_INSERT_HEAD(&map_client_list, client, link);
3613 void cpu_unregister_map_client(void *_client)
3615 MapClient *client = (MapClient *)_client;
3617 QLIST_REMOVE(client, link);
3621 static void cpu_notify_map_clients(void)
3625 while (!QLIST_EMPTY(&map_client_list)) {
3626 client = QLIST_FIRST(&map_client_list);
3627 client->callback(client->opaque);
3628 cpu_unregister_map_client(client);
3632 /* Map a physical memory region into a host virtual address.
3633 * May map a subset of the requested range, given by and returned in *plen.
3634 * May return NULL if resources needed to perform the mapping are exhausted.
3635 * Use only for reads OR writes - not for read-modify-write operations.
3636 * Use cpu_register_map_client() to know when retrying the map operation is
3637 * likely to succeed.
3639 void *cpu_physical_memory_map(target_phys_addr_t addr,
3640 target_phys_addr_t *plen,
3643 target_phys_addr_t len = *plen;
3644 target_phys_addr_t done = 0;
3646 uint8_t *ret = NULL;
3648 target_phys_addr_t page;
3651 unsigned long addr1;
3654 page = addr & TARGET_PAGE_MASK;
3655 l = (page + TARGET_PAGE_SIZE) - addr;
3658 p = phys_page_find(page >> TARGET_PAGE_BITS);
3660 pd = IO_MEM_UNASSIGNED;
3662 pd = p->phys_offset;
3665 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3666 if (done || bounce.buffer) {
3669 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3673 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3675 ptr = bounce.buffer;
3677 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3678 ptr = qemu_get_ram_ptr(addr1);
3682 } else if (ret + done != ptr) {
3694 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3695 * Will also mark the memory as dirty if is_write == 1. access_len gives
3696 * the amount of memory that was actually read or written by the caller.
3698 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3699 int is_write, target_phys_addr_t access_len)
3701 if (buffer != bounce.buffer) {
3703 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3704 while (access_len) {
3706 l = TARGET_PAGE_SIZE;
3709 if (!cpu_physical_memory_is_dirty(addr1)) {
3710 /* invalidate code */
3711 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3713 cpu_physical_memory_set_dirty_flags(
3714 addr1, (0xff & ~CODE_DIRTY_FLAG));
3723 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3725 qemu_vfree(bounce.buffer);
3726 bounce.buffer = NULL;
3727 cpu_notify_map_clients();
3730 /* warning: addr must be aligned */
3731 uint32_t ldl_phys(target_phys_addr_t addr)
3739 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3741 pd = IO_MEM_UNASSIGNED;
3743 pd = p->phys_offset;
3746 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3747 !(pd & IO_MEM_ROMD)) {
3749 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3751 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3752 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3755 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3756 (addr & ~TARGET_PAGE_MASK);
3762 /* warning: addr must be aligned */
3763 uint64_t ldq_phys(target_phys_addr_t addr)
3771 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3773 pd = IO_MEM_UNASSIGNED;
3775 pd = p->phys_offset;
3778 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3779 !(pd & IO_MEM_ROMD)) {
3781 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3783 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3784 #ifdef TARGET_WORDS_BIGENDIAN
3785 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3786 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3788 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3789 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3793 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3794 (addr & ~TARGET_PAGE_MASK);
3801 uint32_t ldub_phys(target_phys_addr_t addr)
3804 cpu_physical_memory_read(addr, &val, 1);
3808 /* warning: addr must be aligned */
3809 uint32_t lduw_phys(target_phys_addr_t addr)
3817 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3819 pd = IO_MEM_UNASSIGNED;
3821 pd = p->phys_offset;
3824 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3825 !(pd & IO_MEM_ROMD)) {
3827 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3829 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3830 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
3833 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3834 (addr & ~TARGET_PAGE_MASK);
3840 /* warning: addr must be aligned. The ram page is not masked as dirty
3841 and the code inside is not invalidated. It is useful if the dirty
3842 bits are used to track modified PTEs */
3843 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3850 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3852 pd = IO_MEM_UNASSIGNED;
3854 pd = p->phys_offset;
3857 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3858 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3860 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3861 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3863 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3864 ptr = qemu_get_ram_ptr(addr1);
3867 if (unlikely(in_migration)) {
3868 if (!cpu_physical_memory_is_dirty(addr1)) {
3869 /* invalidate code */
3870 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3872 cpu_physical_memory_set_dirty_flags(
3873 addr1, (0xff & ~CODE_DIRTY_FLAG));
3879 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3886 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3888 pd = IO_MEM_UNASSIGNED;
3890 pd = p->phys_offset;
3893 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3894 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3896 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3897 #ifdef TARGET_WORDS_BIGENDIAN
3898 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3899 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3901 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3902 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3905 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3906 (addr & ~TARGET_PAGE_MASK);
3911 /* warning: addr must be aligned */
3912 void stl_phys(target_phys_addr_t addr, uint32_t val)
3919 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3921 pd = IO_MEM_UNASSIGNED;
3923 pd = p->phys_offset;
3926 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3927 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3929 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3930 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3932 unsigned long addr1;
3933 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3935 ptr = qemu_get_ram_ptr(addr1);
3937 if (!cpu_physical_memory_is_dirty(addr1)) {
3938 /* invalidate code */
3939 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3941 cpu_physical_memory_set_dirty_flags(addr1,
3942 (0xff & ~CODE_DIRTY_FLAG));
3948 void stb_phys(target_phys_addr_t addr, uint32_t val)
3951 cpu_physical_memory_write(addr, &v, 1);
3954 /* warning: addr must be aligned */
3955 void stw_phys(target_phys_addr_t addr, uint32_t val)
3962 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3964 pd = IO_MEM_UNASSIGNED;
3966 pd = p->phys_offset;
3969 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3970 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3972 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3973 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
3975 unsigned long addr1;
3976 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3978 ptr = qemu_get_ram_ptr(addr1);
3980 if (!cpu_physical_memory_is_dirty(addr1)) {
3981 /* invalidate code */
3982 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
3984 cpu_physical_memory_set_dirty_flags(addr1,
3985 (0xff & ~CODE_DIRTY_FLAG));
3991 void stq_phys(target_phys_addr_t addr, uint64_t val)
3994 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3997 /* virtual memory access for debug (includes writing to ROM) */
3998 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3999 uint8_t *buf, int len, int is_write)
4002 target_phys_addr_t phys_addr;
4006 page = addr & TARGET_PAGE_MASK;
4007 phys_addr = cpu_get_phys_page_debug(env, page);
4008 /* if no physical page mapped, return an error */
4009 if (phys_addr == -1)
4011 l = (page + TARGET_PAGE_SIZE) - addr;
4014 phys_addr += (addr & ~TARGET_PAGE_MASK);
4016 cpu_physical_memory_write_rom(phys_addr, buf, l);
4018 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4027 /* in deterministic execution mode, instructions doing device I/Os
4028 must be at the end of the TB */
4029 void cpu_io_recompile(CPUState *env, void *retaddr)
4031 TranslationBlock *tb;
4033 target_ulong pc, cs_base;
4036 tb = tb_find_pc((unsigned long)retaddr);
4038 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4041 n = env->icount_decr.u16.low + tb->icount;
4042 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
4043 /* Calculate how many instructions had been executed before the fault
4045 n = n - env->icount_decr.u16.low;
4046 /* Generate a new TB ending on the I/O insn. */
4048 /* On MIPS and SH, delay slot instructions can only be restarted if
4049 they were already the first instruction in the TB. If this is not
4050 the first instruction in a TB then re-execute the preceding
4052 #if defined(TARGET_MIPS)
4053 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4054 env->active_tc.PC -= 4;
4055 env->icount_decr.u16.low++;
4056 env->hflags &= ~MIPS_HFLAG_BMASK;
4058 #elif defined(TARGET_SH4)
4059 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4062 env->icount_decr.u16.low++;
4063 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4066 /* This should never happen. */
4067 if (n > CF_COUNT_MASK)
4068 cpu_abort(env, "TB too big during recompile");
4070 cflags = n | CF_LAST_IO;
4072 cs_base = tb->cs_base;
4074 tb_phys_invalidate(tb, -1);
4075 /* FIXME: In theory this could raise an exception. In practice
4076 we have already translated the block once so it's probably ok. */
4077 tb_gen_code(env, pc, cs_base, flags, cflags);
4078 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4079 the first in the TB) then we end up generating a whole new TB and
4080 repeating the fault, which is horribly inefficient.
4081 Better would be to execute just this insn uncached, or generate a
4083 cpu_resume_from_signal(env, NULL);
4086 #if !defined(CONFIG_USER_ONLY)
4088 void dump_exec_info(FILE *f,
4089 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
4091 int i, target_code_size, max_target_code_size;
4092 int direct_jmp_count, direct_jmp2_count, cross_page;
4093 TranslationBlock *tb;
4095 target_code_size = 0;
4096 max_target_code_size = 0;
4098 direct_jmp_count = 0;
4099 direct_jmp2_count = 0;
4100 for(i = 0; i < nb_tbs; i++) {
4102 target_code_size += tb->size;
4103 if (tb->size > max_target_code_size)
4104 max_target_code_size = tb->size;
4105 if (tb->page_addr[1] != -1)
4107 if (tb->tb_next_offset[0] != 0xffff) {
4109 if (tb->tb_next_offset[1] != 0xffff) {
4110 direct_jmp2_count++;
4114 /* XXX: avoid using doubles ? */
4115 cpu_fprintf(f, "Translation buffer state:\n");
4116 cpu_fprintf(f, "gen code size %ld/%ld\n",
4117 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4118 cpu_fprintf(f, "TB count %d/%d\n",
4119 nb_tbs, code_gen_max_blocks);
4120 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4121 nb_tbs ? target_code_size / nb_tbs : 0,
4122 max_target_code_size);
4123 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4124 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4125 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4126 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4128 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4129 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4131 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4133 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4134 cpu_fprintf(f, "\nStatistics:\n");
4135 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4136 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4137 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4138 tcg_dump_info(f, cpu_fprintf);
4141 #define MMUSUFFIX _cmmu
4142 #define GETPC() NULL
4143 #define env cpu_single_env
4144 #define SOFTMMU_CODE_ACCESS
4147 #include "softmmu_template.h"
4150 #include "softmmu_template.h"
4153 #include "softmmu_template.h"
4156 #include "softmmu_template.h"
projects / qemu.git / blob