4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 typedef struct PhysPageEntry PhysPageEntry;
86 struct PhysPageEntry {
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
96 PhysPageEntry phys_map;
97 MemoryListener listener;
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
106 uint16_t sub_section[TARGET_PAGE_SIZE];
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
126 static MemoryRegion io_mem_watch;
129 #if !defined(CONFIG_USER_ONLY)
131 static void phys_map_node_reserve(unsigned nodes)
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
143 static uint16_t phys_map_node_alloc(void)
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
158 static void phys_map_nodes_reset(void)
160 phys_map_nodes_nb = 0;
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
176 for (i = 0; i < L2_SIZE; i++) {
178 p[i].ptr = phys_section_unassigned;
182 p = phys_map_nodes[lp->ptr];
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
211 PhysPageEntry lp = d->phys_map;
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
222 return &phys_sections[lp.ptr];
225 bool memory_region_is_unassigned(MemoryRegion *mr)
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
233 bool resolve_subpage)
235 MemoryRegionSection *section;
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
250 MemoryRegionSection *section;
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
269 return address_space_translate_internal(as, addr, xlat, plen, true)->mr;
272 MemoryRegionSection *
273 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
276 return address_space_translate_internal(as, addr, xlat, plen, false);
280 void cpu_exec_init_all(void)
282 #if !defined(CONFIG_USER_ONLY)
283 qemu_mutex_init(&ram_list.mutex);
289 #if !defined(CONFIG_USER_ONLY)
291 static int cpu_common_post_load(void *opaque, int version_id)
293 CPUState *cpu = opaque;
295 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
296 version_id is increased. */
297 cpu->interrupt_request &= ~0x01;
298 tlb_flush(cpu->env_ptr, 1);
303 static const VMStateDescription vmstate_cpu_common = {
304 .name = "cpu_common",
306 .minimum_version_id = 1,
307 .minimum_version_id_old = 1,
308 .post_load = cpu_common_post_load,
309 .fields = (VMStateField []) {
310 VMSTATE_UINT32(halted, CPUState),
311 VMSTATE_UINT32(interrupt_request, CPUState),
312 VMSTATE_END_OF_LIST()
316 #define vmstate_cpu_common vmstate_dummy
319 CPUState *qemu_get_cpu(int index)
321 CPUArchState *env = first_cpu;
322 CPUState *cpu = NULL;
325 cpu = ENV_GET_CPU(env);
326 if (cpu->cpu_index == index) {
332 return env ? cpu : NULL;
335 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
337 CPUArchState *env = first_cpu;
340 func(ENV_GET_CPU(env), data);
345 void cpu_exec_init(CPUArchState *env)
347 CPUState *cpu = ENV_GET_CPU(env);
348 CPUClass *cc = CPU_GET_CLASS(cpu);
352 #if defined(CONFIG_USER_ONLY)
355 env->next_cpu = NULL;
358 while (*penv != NULL) {
359 penv = &(*penv)->next_cpu;
362 cpu->cpu_index = cpu_index;
364 QTAILQ_INIT(&env->breakpoints);
365 QTAILQ_INIT(&env->watchpoints);
366 #ifndef CONFIG_USER_ONLY
367 cpu->thread_id = qemu_get_thread_id();
370 #if defined(CONFIG_USER_ONLY)
373 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
374 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
375 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
376 cpu_save, cpu_load, env);
377 assert(cc->vmsd == NULL);
379 if (cc->vmsd != NULL) {
380 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
384 #if defined(TARGET_HAS_ICE)
385 #if defined(CONFIG_USER_ONLY)
386 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
388 tb_invalidate_phys_page_range(pc, pc + 1, 0);
391 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
393 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
394 (pc & ~TARGET_PAGE_MASK));
397 #endif /* TARGET_HAS_ICE */
399 #if defined(CONFIG_USER_ONLY)
400 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
405 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
406 int flags, CPUWatchpoint **watchpoint)
411 /* Add a watchpoint. */
412 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
413 int flags, CPUWatchpoint **watchpoint)
415 target_ulong len_mask = ~(len - 1);
418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
419 if ((len & (len - 1)) || (addr & ~len_mask) ||
420 len == 0 || len > TARGET_PAGE_SIZE) {
421 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
422 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
425 wp = g_malloc(sizeof(*wp));
428 wp->len_mask = len_mask;
431 /* keep all GDB-injected watchpoints in front */
433 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
435 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
437 tlb_flush_page(env, addr);
444 /* Remove a specific watchpoint. */
445 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
448 target_ulong len_mask = ~(len - 1);
451 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
452 if (addr == wp->vaddr && len_mask == wp->len_mask
453 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
454 cpu_watchpoint_remove_by_ref(env, wp);
461 /* Remove a specific watchpoint by reference. */
462 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
464 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
466 tlb_flush_page(env, watchpoint->vaddr);
471 /* Remove all matching watchpoints. */
472 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
474 CPUWatchpoint *wp, *next;
476 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
477 if (wp->flags & mask)
478 cpu_watchpoint_remove_by_ref(env, wp);
483 /* Add a breakpoint. */
484 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
485 CPUBreakpoint **breakpoint)
487 #if defined(TARGET_HAS_ICE)
490 bp = g_malloc(sizeof(*bp));
495 /* keep all GDB-injected breakpoints in front */
497 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
499 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
501 breakpoint_invalidate(env, pc);
511 /* Remove a specific breakpoint. */
512 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
514 #if defined(TARGET_HAS_ICE)
517 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
518 if (bp->pc == pc && bp->flags == flags) {
519 cpu_breakpoint_remove_by_ref(env, bp);
529 /* Remove a specific breakpoint by reference. */
530 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
532 #if defined(TARGET_HAS_ICE)
533 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
535 breakpoint_invalidate(env, breakpoint->pc);
541 /* Remove all matching breakpoints. */
542 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
544 #if defined(TARGET_HAS_ICE)
545 CPUBreakpoint *bp, *next;
547 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
548 if (bp->flags & mask)
549 cpu_breakpoint_remove_by_ref(env, bp);
554 /* enable or disable single step mode. EXCP_DEBUG is returned by the
555 CPU loop after each instruction */
556 void cpu_single_step(CPUArchState *env, int enabled)
558 #if defined(TARGET_HAS_ICE)
559 if (env->singlestep_enabled != enabled) {
560 env->singlestep_enabled = enabled;
562 kvm_update_guest_debug(env, 0);
564 /* must flush all the translated code to avoid inconsistencies */
565 /* XXX: only flush what is necessary */
572 void cpu_exit(CPUArchState *env)
574 CPUState *cpu = ENV_GET_CPU(env);
576 cpu->exit_request = 1;
577 cpu->tcg_exit_req = 1;
580 void cpu_abort(CPUArchState *env, const char *fmt, ...)
587 fprintf(stderr, "qemu: fatal: ");
588 vfprintf(stderr, fmt, ap);
589 fprintf(stderr, "\n");
590 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
591 if (qemu_log_enabled()) {
592 qemu_log("qemu: fatal: ");
593 qemu_log_vprintf(fmt, ap2);
595 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
601 #if defined(CONFIG_USER_ONLY)
603 struct sigaction act;
604 sigfillset(&act.sa_mask);
605 act.sa_handler = SIG_DFL;
606 sigaction(SIGABRT, &act, NULL);
612 CPUArchState *cpu_copy(CPUArchState *env)
614 CPUArchState *new_env = cpu_init(env->cpu_model_str);
615 CPUArchState *next_cpu = new_env->next_cpu;
616 #if defined(TARGET_HAS_ICE)
621 memcpy(new_env, env, sizeof(CPUArchState));
623 /* Preserve chaining. */
624 new_env->next_cpu = next_cpu;
626 /* Clone all break/watchpoints.
627 Note: Once we support ptrace with hw-debug register access, make sure
628 BP_CPU break/watchpoints are handled correctly on clone. */
629 QTAILQ_INIT(&env->breakpoints);
630 QTAILQ_INIT(&env->watchpoints);
631 #if defined(TARGET_HAS_ICE)
632 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
633 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
635 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
636 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
644 #if !defined(CONFIG_USER_ONLY)
645 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
650 /* we modify the TLB cache so that the dirty bit will be set again
651 when accessing the range */
652 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
653 /* Check that we don't span multiple blocks - this breaks the
654 address comparisons below. */
655 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
656 != (end - 1) - start) {
659 cpu_tlb_reset_dirty_all(start1, length);
663 /* Note: start and end must be within the same ram block. */
664 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
669 start &= TARGET_PAGE_MASK;
670 end = TARGET_PAGE_ALIGN(end);
672 length = end - start;
675 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
678 tlb_reset_dirty_range_all(start, end, length);
682 static int cpu_physical_memory_set_dirty_tracking(int enable)
685 in_migration = enable;
689 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
690 MemoryRegionSection *section,
692 hwaddr paddr, hwaddr xlat,
694 target_ulong *address)
699 if (memory_region_is_ram(section->mr)) {
701 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
703 if (!section->readonly) {
704 iotlb |= phys_section_notdirty;
706 iotlb |= phys_section_rom;
709 iotlb = section - phys_sections;
713 /* Make accesses to pages with watchpoints go via the
714 watchpoint trap routines. */
715 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
716 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
717 /* Avoid trapping reads of pages with a write breakpoint. */
718 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
719 iotlb = phys_section_watch + paddr;
720 *address |= TLB_MMIO;
728 #endif /* defined(CONFIG_USER_ONLY) */
730 #if !defined(CONFIG_USER_ONLY)
732 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
734 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
735 static void destroy_page_desc(uint16_t section_index)
737 MemoryRegionSection *section = &phys_sections[section_index];
738 MemoryRegion *mr = section->mr;
741 subpage_t *subpage = container_of(mr, subpage_t, iomem);
742 memory_region_destroy(&subpage->iomem);
747 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
752 if (lp->ptr == PHYS_MAP_NODE_NIL) {
756 p = phys_map_nodes[lp->ptr];
757 for (i = 0; i < L2_SIZE; ++i) {
759 destroy_l2_mapping(&p[i], level - 1);
761 destroy_page_desc(p[i].ptr);
765 lp->ptr = PHYS_MAP_NODE_NIL;
768 static void destroy_all_mappings(AddressSpaceDispatch *d)
770 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
771 phys_map_nodes_reset();
774 static uint16_t phys_section_add(MemoryRegionSection *section)
776 /* The physical section number is ORed with a page-aligned
777 * pointer to produce the iotlb entries. Thus it should
778 * never overflow into the page-aligned value.
780 assert(phys_sections_nb < TARGET_PAGE_SIZE);
782 if (phys_sections_nb == phys_sections_nb_alloc) {
783 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
784 phys_sections = g_renew(MemoryRegionSection, phys_sections,
785 phys_sections_nb_alloc);
787 phys_sections[phys_sections_nb] = *section;
788 return phys_sections_nb++;
791 static void phys_sections_clear(void)
793 phys_sections_nb = 0;
796 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
799 hwaddr base = section->offset_within_address_space
801 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
802 MemoryRegionSection subsection = {
803 .offset_within_address_space = base,
804 .size = int128_make64(TARGET_PAGE_SIZE),
808 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
810 if (!(existing->mr->subpage)) {
811 subpage = subpage_init(d->as, base);
812 subsection.mr = &subpage->iomem;
813 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
814 phys_section_add(&subsection));
816 subpage = container_of(existing->mr, subpage_t, iomem);
818 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
819 end = start + int128_get64(section->size) - 1;
820 subpage_register(subpage, start, end, phys_section_add(section));
824 static void register_multipage(AddressSpaceDispatch *d,
825 MemoryRegionSection *section)
827 hwaddr start_addr = section->offset_within_address_space;
828 uint16_t section_index = phys_section_add(section);
829 uint64_t num_pages = int128_get64(int128_rshift(section->size,
833 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
836 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
838 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
839 MemoryRegionSection now = *section, remain = *section;
840 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
842 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
843 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
844 - now.offset_within_address_space;
846 now.size = int128_min(int128_make64(left), now.size);
847 register_subpage(d, &now);
849 now.size = int128_zero();
851 while (int128_ne(remain.size, now.size)) {
852 remain.size = int128_sub(remain.size, now.size);
853 remain.offset_within_address_space += int128_get64(now.size);
854 remain.offset_within_region += int128_get64(now.size);
856 if (int128_lt(remain.size, page_size)) {
857 register_subpage(d, &now);
858 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
859 now.size = page_size;
860 register_subpage(d, &now);
862 now.size = int128_and(now.size, int128_neg(page_size));
863 register_multipage(d, &now);
868 void qemu_flush_coalesced_mmio_buffer(void)
871 kvm_flush_coalesced_mmio_buffer();
874 void qemu_mutex_lock_ramlist(void)
876 qemu_mutex_lock(&ram_list.mutex);
879 void qemu_mutex_unlock_ramlist(void)
881 qemu_mutex_unlock(&ram_list.mutex);
884 #if defined(__linux__) && !defined(TARGET_S390X)
888 #define HUGETLBFS_MAGIC 0x958458f6
890 static long gethugepagesize(const char *path)
896 ret = statfs(path, &fs);
897 } while (ret != 0 && errno == EINTR);
904 if (fs.f_type != HUGETLBFS_MAGIC)
905 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
910 static void *file_ram_alloc(RAMBlock *block,
915 char *sanitized_name;
922 unsigned long hpagesize;
924 hpagesize = gethugepagesize(path);
929 if (memory < hpagesize) {
933 if (kvm_enabled() && !kvm_has_sync_mmu()) {
934 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
938 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
939 sanitized_name = g_strdup(block->mr->name);
940 for (c = sanitized_name; *c != '\0'; c++) {
945 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
947 g_free(sanitized_name);
949 fd = mkstemp(filename);
951 perror("unable to create backing store for hugepages");
958 memory = (memory+hpagesize-1) & ~(hpagesize-1);
961 * ftruncate is not supported by hugetlbfs in older
962 * hosts, so don't bother bailing out on errors.
963 * If anything goes wrong with it under other filesystems,
966 if (ftruncate(fd, memory))
970 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
971 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
972 * to sidestep this quirk.
974 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
975 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
977 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
979 if (area == MAP_FAILED) {
980 perror("file_ram_alloc: can't mmap RAM pages");
989 static ram_addr_t find_ram_offset(ram_addr_t size)
991 RAMBlock *block, *next_block;
992 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
994 assert(size != 0); /* it would hand out same offset multiple times */
996 if (QTAILQ_EMPTY(&ram_list.blocks))
999 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1000 ram_addr_t end, next = RAM_ADDR_MAX;
1002 end = block->offset + block->length;
1004 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1005 if (next_block->offset >= end) {
1006 next = MIN(next, next_block->offset);
1009 if (next - end >= size && next - end < mingap) {
1011 mingap = next - end;
1015 if (offset == RAM_ADDR_MAX) {
1016 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1024 ram_addr_t last_ram_offset(void)
1027 ram_addr_t last = 0;
1029 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1030 last = MAX(last, block->offset + block->length);
1035 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1038 QemuOpts *machine_opts;
1040 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1041 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1043 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1044 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1046 perror("qemu_madvise");
1047 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1048 "but dump_guest_core=off specified\n");
1053 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1055 RAMBlock *new_block, *block;
1058 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1059 if (block->offset == addr) {
1065 assert(!new_block->idstr[0]);
1068 char *id = qdev_get_dev_path(dev);
1070 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1074 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1076 /* This assumes the iothread lock is taken here too. */
1077 qemu_mutex_lock_ramlist();
1078 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1079 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1080 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1085 qemu_mutex_unlock_ramlist();
1088 static int memory_try_enable_merging(void *addr, size_t len)
1092 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1093 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1094 /* disabled by the user */
1098 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1101 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1104 RAMBlock *block, *new_block;
1106 size = TARGET_PAGE_ALIGN(size);
1107 new_block = g_malloc0(sizeof(*new_block));
1109 /* This assumes the iothread lock is taken here too. */
1110 qemu_mutex_lock_ramlist();
1112 new_block->offset = find_ram_offset(size);
1114 new_block->host = host;
1115 new_block->flags |= RAM_PREALLOC_MASK;
1118 #if defined (__linux__) && !defined(TARGET_S390X)
1119 new_block->host = file_ram_alloc(new_block, size, mem_path);
1120 if (!new_block->host) {
1121 new_block->host = qemu_anon_ram_alloc(size);
1122 memory_try_enable_merging(new_block->host, size);
1125 fprintf(stderr, "-mem-path option unsupported\n");
1129 if (xen_enabled()) {
1130 xen_ram_alloc(new_block->offset, size, mr);
1131 } else if (kvm_enabled()) {
1132 /* some s390/kvm configurations have special constraints */
1133 new_block->host = kvm_ram_alloc(size);
1135 new_block->host = qemu_anon_ram_alloc(size);
1137 memory_try_enable_merging(new_block->host, size);
1140 new_block->length = size;
1142 /* Keep the list sorted from biggest to smallest block. */
1143 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1144 if (block->length < new_block->length) {
1149 QTAILQ_INSERT_BEFORE(block, new_block, next);
1151 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1153 ram_list.mru_block = NULL;
1156 qemu_mutex_unlock_ramlist();
1158 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1159 last_ram_offset() >> TARGET_PAGE_BITS);
1160 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1161 0, size >> TARGET_PAGE_BITS);
1162 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1164 qemu_ram_setup_dump(new_block->host, size);
1165 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1168 kvm_setup_guest_memory(new_block->host, size);
1170 return new_block->offset;
1173 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1175 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1178 void qemu_ram_free_from_ptr(ram_addr_t addr)
1182 /* This assumes the iothread lock is taken here too. */
1183 qemu_mutex_lock_ramlist();
1184 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1185 if (addr == block->offset) {
1186 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1187 ram_list.mru_block = NULL;
1193 qemu_mutex_unlock_ramlist();
1196 void qemu_ram_free(ram_addr_t addr)
1200 /* This assumes the iothread lock is taken here too. */
1201 qemu_mutex_lock_ramlist();
1202 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1203 if (addr == block->offset) {
1204 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1205 ram_list.mru_block = NULL;
1207 if (block->flags & RAM_PREALLOC_MASK) {
1209 } else if (mem_path) {
1210 #if defined (__linux__) && !defined(TARGET_S390X)
1212 munmap(block->host, block->length);
1215 qemu_anon_ram_free(block->host, block->length);
1221 if (xen_enabled()) {
1222 xen_invalidate_map_cache_entry(block->host);
1224 qemu_anon_ram_free(block->host, block->length);
1231 qemu_mutex_unlock_ramlist();
1236 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1243 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1244 offset = addr - block->offset;
1245 if (offset < block->length) {
1246 vaddr = block->host + offset;
1247 if (block->flags & RAM_PREALLOC_MASK) {
1251 munmap(vaddr, length);
1253 #if defined(__linux__) && !defined(TARGET_S390X)
1256 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1259 flags |= MAP_PRIVATE;
1261 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1262 flags, block->fd, offset);
1264 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1265 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1272 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1273 flags |= MAP_SHARED | MAP_ANONYMOUS;
1274 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1277 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1278 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1282 if (area != vaddr) {
1283 fprintf(stderr, "Could not remap addr: "
1284 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1288 memory_try_enable_merging(vaddr, length);
1289 qemu_ram_setup_dump(vaddr, length);
1295 #endif /* !_WIN32 */
1297 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1298 With the exception of the softmmu code in this file, this should
1299 only be used for local memory (e.g. video ram) that the device owns,
1300 and knows it isn't going to access beyond the end of the block.
1302 It should not be used for general purpose DMA.
1303 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1305 void *qemu_get_ram_ptr(ram_addr_t addr)
1309 /* The list is protected by the iothread lock here. */
1310 block = ram_list.mru_block;
1311 if (block && addr - block->offset < block->length) {
1314 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1315 if (addr - block->offset < block->length) {
1320 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1324 ram_list.mru_block = block;
1325 if (xen_enabled()) {
1326 /* We need to check if the requested address is in the RAM
1327 * because we don't want to map the entire memory in QEMU.
1328 * In that case just map until the end of the page.
1330 if (block->offset == 0) {
1331 return xen_map_cache(addr, 0, 0);
1332 } else if (block->host == NULL) {
1334 xen_map_cache(block->offset, block->length, 1);
1337 return block->host + (addr - block->offset);
1340 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1341 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1343 * ??? Is this still necessary?
1345 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1349 /* The list is protected by the iothread lock here. */
1350 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1351 if (addr - block->offset < block->length) {
1352 if (xen_enabled()) {
1353 /* We need to check if the requested address is in the RAM
1354 * because we don't want to map the entire memory in QEMU.
1355 * In that case just map until the end of the page.
1357 if (block->offset == 0) {
1358 return xen_map_cache(addr, 0, 0);
1359 } else if (block->host == NULL) {
1361 xen_map_cache(block->offset, block->length, 1);
1364 return block->host + (addr - block->offset);
1368 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1374 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1375 * but takes a size argument */
1376 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1381 if (xen_enabled()) {
1382 return xen_map_cache(addr, *size, 1);
1386 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1387 if (addr - block->offset < block->length) {
1388 if (addr - block->offset + *size > block->length)
1389 *size = block->length - addr + block->offset;
1390 return block->host + (addr - block->offset);
1394 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1399 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1402 uint8_t *host = ptr;
1404 if (xen_enabled()) {
1405 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1409 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1410 /* This case append when the block is not mapped. */
1411 if (block->host == NULL) {
1414 if (host - block->host < block->length) {
1415 *ram_addr = block->offset + (host - block->host);
1423 /* Some of the softmmu routines need to translate from a host pointer
1424 (typically a TLB entry) back to a ram offset. */
1425 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1427 ram_addr_t ram_addr;
1429 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1430 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1436 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1437 uint64_t val, unsigned size)
1440 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1441 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1442 tb_invalidate_phys_page_fast(ram_addr, size);
1443 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1447 stb_p(qemu_get_ram_ptr(ram_addr), val);
1450 stw_p(qemu_get_ram_ptr(ram_addr), val);
1453 stl_p(qemu_get_ram_ptr(ram_addr), val);
1458 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1459 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1460 /* we remove the notdirty callback only if the code has been
1462 if (dirty_flags == 0xff)
1463 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1466 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1467 unsigned size, bool is_write)
1472 static const MemoryRegionOps notdirty_mem_ops = {
1473 .write = notdirty_mem_write,
1474 .valid.accepts = notdirty_mem_accepts,
1475 .endianness = DEVICE_NATIVE_ENDIAN,
1478 /* Generate a debug exception if a watchpoint has been hit. */
1479 static void check_watchpoint(int offset, int len_mask, int flags)
1481 CPUArchState *env = cpu_single_env;
1482 target_ulong pc, cs_base;
1487 if (env->watchpoint_hit) {
1488 /* We re-entered the check after replacing the TB. Now raise
1489 * the debug interrupt so that is will trigger after the
1490 * current instruction. */
1491 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1494 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1495 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1496 if ((vaddr == (wp->vaddr & len_mask) ||
1497 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1498 wp->flags |= BP_WATCHPOINT_HIT;
1499 if (!env->watchpoint_hit) {
1500 env->watchpoint_hit = wp;
1501 tb_check_watchpoint(env);
1502 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1503 env->exception_index = EXCP_DEBUG;
1506 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1507 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1508 cpu_resume_from_signal(env, NULL);
1512 wp->flags &= ~BP_WATCHPOINT_HIT;
1517 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1518 so these check for a hit then pass through to the normal out-of-line
1520 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1523 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1525 case 1: return ldub_phys(addr);
1526 case 2: return lduw_phys(addr);
1527 case 4: return ldl_phys(addr);
1532 static void watch_mem_write(void *opaque, hwaddr addr,
1533 uint64_t val, unsigned size)
1535 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1538 stb_phys(addr, val);
1541 stw_phys(addr, val);
1544 stl_phys(addr, val);
1550 static const MemoryRegionOps watch_mem_ops = {
1551 .read = watch_mem_read,
1552 .write = watch_mem_write,
1553 .endianness = DEVICE_NATIVE_ENDIAN,
1556 static uint64_t subpage_read(void *opaque, hwaddr addr,
1559 subpage_t *subpage = opaque;
1562 #if defined(DEBUG_SUBPAGE)
1563 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1564 subpage, len, addr);
1566 address_space_read(subpage->as, addr + subpage->base, buf, len);
1579 static void subpage_write(void *opaque, hwaddr addr,
1580 uint64_t value, unsigned len)
1582 subpage_t *subpage = opaque;
1585 #if defined(DEBUG_SUBPAGE)
1586 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1587 " value %"PRIx64"\n",
1588 __func__, subpage, len, addr, value);
1603 address_space_write(subpage->as, addr + subpage->base, buf, len);
1606 static bool subpage_accepts(void *opaque, hwaddr addr,
1607 unsigned size, bool is_write)
1609 subpage_t *subpage = opaque;
1610 #if defined(DEBUG_SUBPAGE)
1611 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1612 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1615 return address_space_access_valid(subpage->as, addr + subpage->base,
1619 static const MemoryRegionOps subpage_ops = {
1620 .read = subpage_read,
1621 .write = subpage_write,
1622 .valid.accepts = subpage_accepts,
1623 .endianness = DEVICE_NATIVE_ENDIAN,
1626 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1631 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1633 idx = SUBPAGE_IDX(start);
1634 eidx = SUBPAGE_IDX(end);
1635 #if defined(DEBUG_SUBPAGE)
1636 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1637 mmio, start, end, idx, eidx, memory);
1639 for (; idx <= eidx; idx++) {
1640 mmio->sub_section[idx] = section;
1646 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1650 mmio = g_malloc0(sizeof(subpage_t));
1654 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1655 "subpage", TARGET_PAGE_SIZE);
1656 mmio->iomem.subpage = true;
1657 #if defined(DEBUG_SUBPAGE)
1658 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1659 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1661 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1666 static uint16_t dummy_section(MemoryRegion *mr)
1668 MemoryRegionSection section = {
1670 .offset_within_address_space = 0,
1671 .offset_within_region = 0,
1672 .size = int128_2_64(),
1675 return phys_section_add(§ion);
1678 MemoryRegion *iotlb_to_region(hwaddr index)
1680 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1683 static void io_mem_init(void)
1685 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1686 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1687 "unassigned", UINT64_MAX);
1688 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1689 "notdirty", UINT64_MAX);
1690 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1691 "watch", UINT64_MAX);
1694 static void mem_begin(MemoryListener *listener)
1696 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1698 destroy_all_mappings(d);
1699 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1702 static void core_begin(MemoryListener *listener)
1704 phys_sections_clear();
1705 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1706 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1707 phys_section_rom = dummy_section(&io_mem_rom);
1708 phys_section_watch = dummy_section(&io_mem_watch);
1711 static void tcg_commit(MemoryListener *listener)
1715 /* since each CPU stores ram addresses in its TLB cache, we must
1716 reset the modified entries */
1718 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1723 static void core_log_global_start(MemoryListener *listener)
1725 cpu_physical_memory_set_dirty_tracking(1);
1728 static void core_log_global_stop(MemoryListener *listener)
1730 cpu_physical_memory_set_dirty_tracking(0);
1733 static void io_region_add(MemoryListener *listener,
1734 MemoryRegionSection *section)
1736 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1738 mrio->mr = section->mr;
1739 mrio->offset = section->offset_within_region;
1740 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1741 section->offset_within_address_space,
1742 int128_get64(section->size));
1743 ioport_register(&mrio->iorange);
1746 static void io_region_del(MemoryListener *listener,
1747 MemoryRegionSection *section)
1749 isa_unassign_ioport(section->offset_within_address_space,
1750 int128_get64(section->size));
1753 static MemoryListener core_memory_listener = {
1754 .begin = core_begin,
1755 .log_global_start = core_log_global_start,
1756 .log_global_stop = core_log_global_stop,
1760 static MemoryListener io_memory_listener = {
1761 .region_add = io_region_add,
1762 .region_del = io_region_del,
1766 static MemoryListener tcg_memory_listener = {
1767 .commit = tcg_commit,
1770 void address_space_init_dispatch(AddressSpace *as)
1772 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1774 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1775 d->listener = (MemoryListener) {
1777 .region_add = mem_add,
1778 .region_nop = mem_add,
1783 memory_listener_register(&d->listener, as);
1786 void address_space_destroy_dispatch(AddressSpace *as)
1788 AddressSpaceDispatch *d = as->dispatch;
1790 memory_listener_unregister(&d->listener);
1791 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1793 as->dispatch = NULL;
1796 static void memory_map_init(void)
1798 system_memory = g_malloc(sizeof(*system_memory));
1799 memory_region_init(system_memory, "system", INT64_MAX);
1800 address_space_init(&address_space_memory, system_memory);
1801 address_space_memory.name = "memory";
1803 system_io = g_malloc(sizeof(*system_io));
1804 memory_region_init(system_io, "io", 65536);
1805 address_space_init(&address_space_io, system_io);
1806 address_space_io.name = "I/O";
1808 memory_listener_register(&core_memory_listener, &address_space_memory);
1809 memory_listener_register(&io_memory_listener, &address_space_io);
1810 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1812 dma_context_init(&dma_context_memory, &address_space_memory,
1816 MemoryRegion *get_system_memory(void)
1818 return system_memory;
1821 MemoryRegion *get_system_io(void)
1826 #endif /* !defined(CONFIG_USER_ONLY) */
1828 /* physical memory access (slow version, mainly for debug) */
1829 #if defined(CONFIG_USER_ONLY)
1830 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1831 uint8_t *buf, int len, int is_write)
1838 page = addr & TARGET_PAGE_MASK;
1839 l = (page + TARGET_PAGE_SIZE) - addr;
1842 flags = page_get_flags(page);
1843 if (!(flags & PAGE_VALID))
1846 if (!(flags & PAGE_WRITE))
1848 /* XXX: this code should not depend on lock_user */
1849 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1852 unlock_user(p, addr, l);
1854 if (!(flags & PAGE_READ))
1856 /* XXX: this code should not depend on lock_user */
1857 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1860 unlock_user(p, addr, 0);
1871 static void invalidate_and_set_dirty(hwaddr addr,
1874 if (!cpu_physical_memory_is_dirty(addr)) {
1875 /* invalidate code */
1876 tb_invalidate_phys_page_range(addr, addr + length, 0);
1878 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1880 xen_modified_memory(addr, length);
1883 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1885 if (memory_region_is_ram(mr)) {
1886 return !(is_write && mr->readonly);
1888 if (memory_region_is_romd(mr)) {
1895 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1897 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1900 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1906 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1907 int len, bool is_write)
1918 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1921 if (!memory_access_is_direct(mr, is_write)) {
1922 l = memory_access_size(mr, l, addr1);
1923 /* XXX: could force cpu_single_env to NULL to avoid
1926 /* 32 bit write access */
1928 error |= io_mem_write(mr, addr1, val, 4);
1929 } else if (l == 2) {
1930 /* 16 bit write access */
1932 error |= io_mem_write(mr, addr1, val, 2);
1934 /* 8 bit write access */
1936 error |= io_mem_write(mr, addr1, val, 1);
1939 addr1 += memory_region_get_ram_addr(mr);
1941 ptr = qemu_get_ram_ptr(addr1);
1942 memcpy(ptr, buf, l);
1943 invalidate_and_set_dirty(addr1, l);
1946 if (!memory_access_is_direct(mr, is_write)) {
1948 l = memory_access_size(mr, l, addr1);
1950 /* 32 bit read access */
1951 error |= io_mem_read(mr, addr1, &val, 4);
1953 } else if (l == 2) {
1954 /* 16 bit read access */
1955 error |= io_mem_read(mr, addr1, &val, 2);
1958 /* 8 bit read access */
1959 error |= io_mem_read(mr, addr1, &val, 1);
1964 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1965 memcpy(buf, ptr, l);
1976 bool address_space_write(AddressSpace *as, hwaddr addr,
1977 const uint8_t *buf, int len)
1979 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1982 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1984 return address_space_rw(as, addr, buf, len, false);
1988 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1989 int len, int is_write)
1991 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1994 /* used for ROM loading : can write in RAM and ROM */
1995 void cpu_physical_memory_write_rom(hwaddr addr,
1996 const uint8_t *buf, int len)
2005 mr = address_space_translate(&address_space_memory,
2006 addr, &addr1, &l, true);
2008 if (!(memory_region_is_ram(mr) ||
2009 memory_region_is_romd(mr))) {
2012 addr1 += memory_region_get_ram_addr(mr);
2014 ptr = qemu_get_ram_ptr(addr1);
2015 memcpy(ptr, buf, l);
2016 invalidate_and_set_dirty(addr1, l);
2030 static BounceBuffer bounce;
2032 typedef struct MapClient {
2034 void (*callback)(void *opaque);
2035 QLIST_ENTRY(MapClient) link;
2038 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2039 = QLIST_HEAD_INITIALIZER(map_client_list);
2041 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2043 MapClient *client = g_malloc(sizeof(*client));
2045 client->opaque = opaque;
2046 client->callback = callback;
2047 QLIST_INSERT_HEAD(&map_client_list, client, link);
2051 static void cpu_unregister_map_client(void *_client)
2053 MapClient *client = (MapClient *)_client;
2055 QLIST_REMOVE(client, link);
2059 static void cpu_notify_map_clients(void)
2063 while (!QLIST_EMPTY(&map_client_list)) {
2064 client = QLIST_FIRST(&map_client_list);
2065 client->callback(client->opaque);
2066 cpu_unregister_map_client(client);
2070 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2077 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2078 if (!memory_access_is_direct(mr, is_write)) {
2079 l = memory_access_size(mr, l, addr);
2080 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2091 /* Map a physical memory region into a host virtual address.
2092 * May map a subset of the requested range, given by and returned in *plen.
2093 * May return NULL if resources needed to perform the mapping are exhausted.
2094 * Use only for reads OR writes - not for read-modify-write operations.
2095 * Use cpu_register_map_client() to know when retrying the map operation is
2096 * likely to succeed.
2098 void *address_space_map(AddressSpace *as,
2107 ram_addr_t raddr = RAM_ADDR_MAX;
2113 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2115 if (!memory_access_is_direct(mr, is_write)) {
2116 if (todo || bounce.buffer) {
2119 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2123 address_space_read(as, addr, bounce.buffer, l);
2127 return bounce.buffer;
2130 raddr = memory_region_get_ram_addr(mr) + xlat;
2132 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2142 ret = qemu_ram_ptr_length(raddr, &rlen);
2147 /* Unmaps a memory region previously mapped by address_space_map().
2148 * Will also mark the memory as dirty if is_write == 1. access_len gives
2149 * the amount of memory that was actually read or written by the caller.
2151 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2152 int is_write, hwaddr access_len)
2154 if (buffer != bounce.buffer) {
2156 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2157 while (access_len) {
2159 l = TARGET_PAGE_SIZE;
2162 invalidate_and_set_dirty(addr1, l);
2167 if (xen_enabled()) {
2168 xen_invalidate_map_cache_entry(buffer);
2173 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2175 qemu_vfree(bounce.buffer);
2176 bounce.buffer = NULL;
2177 cpu_notify_map_clients();
2180 void *cpu_physical_memory_map(hwaddr addr,
2184 return address_space_map(&address_space_memory, addr, plen, is_write);
2187 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2188 int is_write, hwaddr access_len)
2190 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2193 /* warning: addr must be aligned */
2194 static inline uint32_t ldl_phys_internal(hwaddr addr,
2195 enum device_endian endian)
2203 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2205 if (l < 4 || !memory_access_is_direct(mr, false)) {
2207 io_mem_read(mr, addr1, &val, 4);
2208 #if defined(TARGET_WORDS_BIGENDIAN)
2209 if (endian == DEVICE_LITTLE_ENDIAN) {
2213 if (endian == DEVICE_BIG_ENDIAN) {
2219 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2223 case DEVICE_LITTLE_ENDIAN:
2224 val = ldl_le_p(ptr);
2226 case DEVICE_BIG_ENDIAN:
2227 val = ldl_be_p(ptr);
2237 uint32_t ldl_phys(hwaddr addr)
2239 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2242 uint32_t ldl_le_phys(hwaddr addr)
2244 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2247 uint32_t ldl_be_phys(hwaddr addr)
2249 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2252 /* warning: addr must be aligned */
2253 static inline uint64_t ldq_phys_internal(hwaddr addr,
2254 enum device_endian endian)
2262 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2264 if (l < 8 || !memory_access_is_direct(mr, false)) {
2266 io_mem_read(mr, addr1, &val, 8);
2267 #if defined(TARGET_WORDS_BIGENDIAN)
2268 if (endian == DEVICE_LITTLE_ENDIAN) {
2272 if (endian == DEVICE_BIG_ENDIAN) {
2278 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2282 case DEVICE_LITTLE_ENDIAN:
2283 val = ldq_le_p(ptr);
2285 case DEVICE_BIG_ENDIAN:
2286 val = ldq_be_p(ptr);
2296 uint64_t ldq_phys(hwaddr addr)
2298 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2301 uint64_t ldq_le_phys(hwaddr addr)
2303 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2306 uint64_t ldq_be_phys(hwaddr addr)
2308 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2312 uint32_t ldub_phys(hwaddr addr)
2315 cpu_physical_memory_read(addr, &val, 1);
2319 /* warning: addr must be aligned */
2320 static inline uint32_t lduw_phys_internal(hwaddr addr,
2321 enum device_endian endian)
2329 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2331 if (l < 2 || !memory_access_is_direct(mr, false)) {
2333 io_mem_read(mr, addr1, &val, 2);
2334 #if defined(TARGET_WORDS_BIGENDIAN)
2335 if (endian == DEVICE_LITTLE_ENDIAN) {
2339 if (endian == DEVICE_BIG_ENDIAN) {
2345 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2349 case DEVICE_LITTLE_ENDIAN:
2350 val = lduw_le_p(ptr);
2352 case DEVICE_BIG_ENDIAN:
2353 val = lduw_be_p(ptr);
2363 uint32_t lduw_phys(hwaddr addr)
2365 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2368 uint32_t lduw_le_phys(hwaddr addr)
2370 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2373 uint32_t lduw_be_phys(hwaddr addr)
2375 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2378 /* warning: addr must be aligned. The ram page is not masked as dirty
2379 and the code inside is not invalidated. It is useful if the dirty
2380 bits are used to track modified PTEs */
2381 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2388 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2390 if (l < 4 || !memory_access_is_direct(mr, true)) {
2391 io_mem_write(mr, addr1, val, 4);
2393 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2394 ptr = qemu_get_ram_ptr(addr1);
2397 if (unlikely(in_migration)) {
2398 if (!cpu_physical_memory_is_dirty(addr1)) {
2399 /* invalidate code */
2400 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2402 cpu_physical_memory_set_dirty_flags(
2403 addr1, (0xff & ~CODE_DIRTY_FLAG));
2409 /* warning: addr must be aligned */
2410 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2411 enum device_endian endian)
2418 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2420 if (l < 4 || !memory_access_is_direct(mr, true)) {
2421 #if defined(TARGET_WORDS_BIGENDIAN)
2422 if (endian == DEVICE_LITTLE_ENDIAN) {
2426 if (endian == DEVICE_BIG_ENDIAN) {
2430 io_mem_write(mr, addr1, val, 4);
2433 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2434 ptr = qemu_get_ram_ptr(addr1);
2436 case DEVICE_LITTLE_ENDIAN:
2439 case DEVICE_BIG_ENDIAN:
2446 invalidate_and_set_dirty(addr1, 4);
2450 void stl_phys(hwaddr addr, uint32_t val)
2452 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2455 void stl_le_phys(hwaddr addr, uint32_t val)
2457 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2460 void stl_be_phys(hwaddr addr, uint32_t val)
2462 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2466 void stb_phys(hwaddr addr, uint32_t val)
2469 cpu_physical_memory_write(addr, &v, 1);
2472 /* warning: addr must be aligned */
2473 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2474 enum device_endian endian)
2481 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2483 if (l < 2 || !memory_access_is_direct(mr, true)) {
2484 #if defined(TARGET_WORDS_BIGENDIAN)
2485 if (endian == DEVICE_LITTLE_ENDIAN) {
2489 if (endian == DEVICE_BIG_ENDIAN) {
2493 io_mem_write(mr, addr1, val, 2);
2496 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2497 ptr = qemu_get_ram_ptr(addr1);
2499 case DEVICE_LITTLE_ENDIAN:
2502 case DEVICE_BIG_ENDIAN:
2509 invalidate_and_set_dirty(addr1, 2);
2513 void stw_phys(hwaddr addr, uint32_t val)
2515 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2518 void stw_le_phys(hwaddr addr, uint32_t val)
2520 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2523 void stw_be_phys(hwaddr addr, uint32_t val)
2525 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2529 void stq_phys(hwaddr addr, uint64_t val)
2532 cpu_physical_memory_write(addr, &val, 8);
2535 void stq_le_phys(hwaddr addr, uint64_t val)
2537 val = cpu_to_le64(val);
2538 cpu_physical_memory_write(addr, &val, 8);
2541 void stq_be_phys(hwaddr addr, uint64_t val)
2543 val = cpu_to_be64(val);
2544 cpu_physical_memory_write(addr, &val, 8);
2547 /* virtual memory access for debug (includes writing to ROM) */
2548 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2549 uint8_t *buf, int len, int is_write)
2556 page = addr & TARGET_PAGE_MASK;
2557 phys_addr = cpu_get_phys_page_debug(env, page);
2558 /* if no physical page mapped, return an error */
2559 if (phys_addr == -1)
2561 l = (page + TARGET_PAGE_SIZE) - addr;
2564 phys_addr += (addr & ~TARGET_PAGE_MASK);
2566 cpu_physical_memory_write_rom(phys_addr, buf, l);
2568 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2577 #if !defined(CONFIG_USER_ONLY)
2580 * A helper function for the _utterly broken_ virtio device model to find out if
2581 * it's running on a big endian machine. Don't do this at home kids!
2583 bool virtio_is_big_endian(void);
2584 bool virtio_is_big_endian(void)
2586 #if defined(TARGET_WORDS_BIGENDIAN)
2595 #ifndef CONFIG_USER_ONLY
2596 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2601 mr = address_space_translate(&address_space_memory,
2602 phys_addr, &phys_addr, &l, false);
2604 return !(memory_region_is_ram(mr) ||
2605 memory_region_is_romd(mr));
projects / qemu.git / blob