4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 //#define DEBUG_SUBPAGE
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
86 #define RAM_RESIZEABLE (1 << 2)
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
99 #if !defined(CONFIG_USER_ONLY)
101 typedef struct PhysPageEntry PhysPageEntry;
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
116 #define P_L2_SIZE (1 << P_L2_BITS)
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
120 typedef PhysPageEntry Node[P_L2_SIZE];
122 typedef struct PhysPageMap {
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
128 unsigned nodes_nb_alloc;
130 MemoryRegionSection *sections;
133 struct AddressSpaceDispatch {
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
139 PhysPageEntry phys_map;
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
149 uint16_t sub_section[TARGET_PAGE_SIZE];
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
161 static MemoryRegion io_mem_watch;
164 #if !defined(CONFIG_USER_ONLY)
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
182 ret = map->nodes_nb++;
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
236 unsigned valid_ptr = P_L2_SIZE;
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
254 phys_page_compact(&p[i], nodes, compacted);
258 /* We can only compress if there's only one child. */
263 assert(valid_ptr < P_L2_SIZE);
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
280 lp->skip += p[valid_ptr].skip;
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
286 DECLARE_BITMAP(compacted, nodes_nb);
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
297 hwaddr index = addr >> TARGET_PAGE_BITS;
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return §ions[PHYS_SECTION_UNASSIGNED];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return §ions[lp.ptr];
313 return §ions[PHYS_SECTION_UNASSIGNED];
317 bool memory_region_is_unassigned(MemoryRegion *mr)
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
326 bool resolve_subpage)
328 MemoryRegionSection *section;
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
344 MemoryRegionSection *section;
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
380 if (memory_region_is_romd(mr)) {
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
393 MemoryRegionSection *section;
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
401 if (!mr->iommu_ops) {
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
414 as = iotlb.target_as;
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
435 assert(!section->mr->iommu_ops);
440 #if !defined(CONFIG_USER_ONLY)
442 static int cpu_common_post_load(void *opaque, int version_id)
444 CPUState *cpu = opaque;
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
454 static int cpu_common_pre_load(void *opaque)
456 CPUState *cpu = opaque;
458 cpu->exception_index = -1;
463 static bool cpu_common_exception_index_needed(void *opaque)
465 CPUState *cpu = opaque;
467 return tcg_enabled() && cpu->exception_index != -1;
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
481 const VMStateDescription vmstate_cpu_common = {
482 .name = "cpu_common",
484 .minimum_version_id = 1,
485 .pre_load = cpu_common_pre_load,
486 .post_load = cpu_common_post_load,
487 .fields = (VMStateField[]) {
488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
490 VMSTATE_END_OF_LIST()
492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
500 CPUState *qemu_get_cpu(int index)
505 if (cpu->cpu_index == index) {
513 #if !defined(CONFIG_USER_ONLY)
514 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
529 #ifndef CONFIG_USER_ONLY
530 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
532 static int cpu_get_free_index(Error **errp)
534 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
536 if (cpu >= MAX_CPUMASK_BITS) {
537 error_setg(errp, "Trying to use more CPUs than max of %d",
542 bitmap_set(cpu_index_map, cpu, 1);
546 void cpu_exec_exit(CPUState *cpu)
548 if (cpu->cpu_index == -1) {
549 /* cpu_index was never allocated by this @cpu or was already freed. */
553 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
558 static int cpu_get_free_index(Error **errp)
563 CPU_FOREACH(some_cpu) {
569 void cpu_exec_exit(CPUState *cpu)
574 void cpu_exec_init(CPUState *cpu, Error **errp)
576 CPUClass *cc = CPU_GET_CLASS(cpu);
578 Error *local_err = NULL;
580 #ifndef CONFIG_USER_ONLY
581 cpu->as = &address_space_memory;
582 cpu->thread_id = qemu_get_thread_id();
583 cpu_reload_memory_map(cpu);
586 #if defined(CONFIG_USER_ONLY)
589 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
591 error_propagate(errp, local_err);
592 #if defined(CONFIG_USER_ONLY)
597 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
598 #if defined(CONFIG_USER_ONLY)
601 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
602 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
604 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
605 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
606 cpu_save, cpu_load, cpu->env_ptr);
607 assert(cc->vmsd == NULL);
608 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
610 if (cc->vmsd != NULL) {
611 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
615 #if defined(CONFIG_USER_ONLY)
616 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
618 tb_invalidate_phys_page_range(pc, pc + 1, 0);
621 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
623 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
625 tb_invalidate_phys_addr(cpu->as,
626 phys | (pc & ~TARGET_PAGE_MASK));
631 #if defined(CONFIG_USER_ONLY)
632 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
637 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
643 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
647 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
648 int flags, CPUWatchpoint **watchpoint)
653 /* Add a watchpoint. */
654 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
655 int flags, CPUWatchpoint **watchpoint)
659 /* forbid ranges which are empty or run off the end of the address space */
660 if (len == 0 || (addr + len - 1) < addr) {
661 error_report("tried to set invalid watchpoint at %"
662 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
665 wp = g_malloc(sizeof(*wp));
671 /* keep all GDB-injected watchpoints in front */
672 if (flags & BP_GDB) {
673 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
675 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
678 tlb_flush_page(cpu, addr);
685 /* Remove a specific watchpoint. */
686 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
691 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
692 if (addr == wp->vaddr && len == wp->len
693 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
694 cpu_watchpoint_remove_by_ref(cpu, wp);
701 /* Remove a specific watchpoint by reference. */
702 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
704 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
706 tlb_flush_page(cpu, watchpoint->vaddr);
711 /* Remove all matching watchpoints. */
712 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
714 CPUWatchpoint *wp, *next;
716 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
717 if (wp->flags & mask) {
718 cpu_watchpoint_remove_by_ref(cpu, wp);
723 /* Return true if this watchpoint address matches the specified
724 * access (ie the address range covered by the watchpoint overlaps
725 * partially or completely with the address range covered by the
728 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
732 /* We know the lengths are non-zero, but a little caution is
733 * required to avoid errors in the case where the range ends
734 * exactly at the top of the address space and so addr + len
735 * wraps round to zero.
737 vaddr wpend = wp->vaddr + wp->len - 1;
738 vaddr addrend = addr + len - 1;
740 return !(addr > wpend || wp->vaddr > addrend);
745 /* Add a breakpoint. */
746 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
747 CPUBreakpoint **breakpoint)
751 bp = g_malloc(sizeof(*bp));
756 /* keep all GDB-injected breakpoints in front */
757 if (flags & BP_GDB) {
758 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
760 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
763 breakpoint_invalidate(cpu, pc);
771 /* Remove a specific breakpoint. */
772 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
776 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
777 if (bp->pc == pc && bp->flags == flags) {
778 cpu_breakpoint_remove_by_ref(cpu, bp);
785 /* Remove a specific breakpoint by reference. */
786 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
788 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
790 breakpoint_invalidate(cpu, breakpoint->pc);
795 /* Remove all matching breakpoints. */
796 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
798 CPUBreakpoint *bp, *next;
800 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
801 if (bp->flags & mask) {
802 cpu_breakpoint_remove_by_ref(cpu, bp);
807 /* enable or disable single step mode. EXCP_DEBUG is returned by the
808 CPU loop after each instruction */
809 void cpu_single_step(CPUState *cpu, int enabled)
811 if (cpu->singlestep_enabled != enabled) {
812 cpu->singlestep_enabled = enabled;
814 kvm_update_guest_debug(cpu, 0);
816 /* must flush all the translated code to avoid inconsistencies */
817 /* XXX: only flush what is necessary */
823 void cpu_abort(CPUState *cpu, const char *fmt, ...)
830 fprintf(stderr, "qemu: fatal: ");
831 vfprintf(stderr, fmt, ap);
832 fprintf(stderr, "\n");
833 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
834 if (qemu_log_enabled()) {
835 qemu_log("qemu: fatal: ");
836 qemu_log_vprintf(fmt, ap2);
838 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
844 #if defined(CONFIG_USER_ONLY)
846 struct sigaction act;
847 sigfillset(&act.sa_mask);
848 act.sa_handler = SIG_DFL;
849 sigaction(SIGABRT, &act, NULL);
855 #if !defined(CONFIG_USER_ONLY)
856 /* Called from RCU critical section */
857 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
861 block = atomic_rcu_read(&ram_list.mru_block);
862 if (block && addr - block->offset < block->max_length) {
865 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
866 if (addr - block->offset < block->max_length) {
871 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
875 /* It is safe to write mru_block outside the iothread lock. This
880 * xxx removed from list
884 * call_rcu(reclaim_ramblock, xxx);
887 * atomic_rcu_set is not needed here. The block was already published
888 * when it was placed into the list. Here we're just making an extra
889 * copy of the pointer.
891 ram_list.mru_block = block;
895 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
901 end = TARGET_PAGE_ALIGN(start + length);
902 start &= TARGET_PAGE_MASK;
905 block = qemu_get_ram_block(start);
906 assert(block == qemu_get_ram_block(end - 1));
907 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
908 cpu_tlb_reset_dirty_all(start1, length);
912 /* Note: start and end must be within the same ram block. */
913 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
917 unsigned long end, page;
924 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
925 page = start >> TARGET_PAGE_BITS;
926 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
929 if (dirty && tcg_enabled()) {
930 tlb_reset_dirty_range_all(start, length);
936 /* Called from RCU critical section */
937 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
938 MemoryRegionSection *section,
940 hwaddr paddr, hwaddr xlat,
942 target_ulong *address)
947 if (memory_region_is_ram(section->mr)) {
949 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
951 if (!section->readonly) {
952 iotlb |= PHYS_SECTION_NOTDIRTY;
954 iotlb |= PHYS_SECTION_ROM;
957 AddressSpaceDispatch *d;
959 d = atomic_rcu_read(§ion->address_space->dispatch);
960 iotlb = section - d->map.sections;
964 /* Make accesses to pages with watchpoints go via the
965 watchpoint trap routines. */
966 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
967 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
968 /* Avoid trapping reads of pages with a write breakpoint. */
969 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
970 iotlb = PHYS_SECTION_WATCH + paddr;
971 *address |= TLB_MMIO;
979 #endif /* defined(CONFIG_USER_ONLY) */
981 #if !defined(CONFIG_USER_ONLY)
983 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
985 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
987 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
991 * Set a custom physical guest memory alloator.
992 * Accelerators with unusual needs may need this. Hopefully, we can
993 * get rid of it eventually.
995 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
997 phys_mem_alloc = alloc;
1000 static uint16_t phys_section_add(PhysPageMap *map,
1001 MemoryRegionSection *section)
1003 /* The physical section number is ORed with a page-aligned
1004 * pointer to produce the iotlb entries. Thus it should
1005 * never overflow into the page-aligned value.
1007 assert(map->sections_nb < TARGET_PAGE_SIZE);
1009 if (map->sections_nb == map->sections_nb_alloc) {
1010 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1011 map->sections = g_renew(MemoryRegionSection, map->sections,
1012 map->sections_nb_alloc);
1014 map->sections[map->sections_nb] = *section;
1015 memory_region_ref(section->mr);
1016 return map->sections_nb++;
1019 static void phys_section_destroy(MemoryRegion *mr)
1021 memory_region_unref(mr);
1024 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1025 object_unref(OBJECT(&subpage->iomem));
1030 static void phys_sections_free(PhysPageMap *map)
1032 while (map->sections_nb > 0) {
1033 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1034 phys_section_destroy(section->mr);
1036 g_free(map->sections);
1040 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1043 hwaddr base = section->offset_within_address_space
1045 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1046 d->map.nodes, d->map.sections);
1047 MemoryRegionSection subsection = {
1048 .offset_within_address_space = base,
1049 .size = int128_make64(TARGET_PAGE_SIZE),
1053 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1055 if (!(existing->mr->subpage)) {
1056 subpage = subpage_init(d->as, base);
1057 subsection.address_space = d->as;
1058 subsection.mr = &subpage->iomem;
1059 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1060 phys_section_add(&d->map, &subsection));
1062 subpage = container_of(existing->mr, subpage_t, iomem);
1064 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1065 end = start + int128_get64(section->size) - 1;
1066 subpage_register(subpage, start, end,
1067 phys_section_add(&d->map, section));
1071 static void register_multipage(AddressSpaceDispatch *d,
1072 MemoryRegionSection *section)
1074 hwaddr start_addr = section->offset_within_address_space;
1075 uint16_t section_index = phys_section_add(&d->map, section);
1076 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1080 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1083 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1085 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1086 AddressSpaceDispatch *d = as->next_dispatch;
1087 MemoryRegionSection now = *section, remain = *section;
1088 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1090 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1091 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1092 - now.offset_within_address_space;
1094 now.size = int128_min(int128_make64(left), now.size);
1095 register_subpage(d, &now);
1097 now.size = int128_zero();
1099 while (int128_ne(remain.size, now.size)) {
1100 remain.size = int128_sub(remain.size, now.size);
1101 remain.offset_within_address_space += int128_get64(now.size);
1102 remain.offset_within_region += int128_get64(now.size);
1104 if (int128_lt(remain.size, page_size)) {
1105 register_subpage(d, &now);
1106 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1107 now.size = page_size;
1108 register_subpage(d, &now);
1110 now.size = int128_and(now.size, int128_neg(page_size));
1111 register_multipage(d, &now);
1116 void qemu_flush_coalesced_mmio_buffer(void)
1119 kvm_flush_coalesced_mmio_buffer();
1122 void qemu_mutex_lock_ramlist(void)
1124 qemu_mutex_lock(&ram_list.mutex);
1127 void qemu_mutex_unlock_ramlist(void)
1129 qemu_mutex_unlock(&ram_list.mutex);
1134 #include <sys/vfs.h>
1136 #define HUGETLBFS_MAGIC 0x958458f6
1138 static long gethugepagesize(const char *path, Error **errp)
1144 ret = statfs(path, &fs);
1145 } while (ret != 0 && errno == EINTR);
1148 error_setg_errno(errp, errno, "failed to get page size of file %s",
1153 if (fs.f_type != HUGETLBFS_MAGIC)
1154 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1159 static void *file_ram_alloc(RAMBlock *block,
1165 char *sanitized_name;
1170 Error *local_err = NULL;
1172 hpagesize = gethugepagesize(path, &local_err);
1174 error_propagate(errp, local_err);
1177 block->mr->align = hpagesize;
1179 if (memory < hpagesize) {
1180 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1181 "or larger than huge page size 0x%" PRIx64,
1186 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1188 "host lacks kvm mmu notifiers, -mem-path unsupported");
1192 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1193 sanitized_name = g_strdup(memory_region_name(block->mr));
1194 for (c = sanitized_name; *c != '\0'; c++) {
1199 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1201 g_free(sanitized_name);
1203 fd = mkstemp(filename);
1205 error_setg_errno(errp, errno,
1206 "unable to create backing store for hugepages");
1213 memory = ROUND_UP(memory, hpagesize);
1216 * ftruncate is not supported by hugetlbfs in older
1217 * hosts, so don't bother bailing out on errors.
1218 * If anything goes wrong with it under other filesystems,
1221 if (ftruncate(fd, memory)) {
1222 perror("ftruncate");
1225 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1226 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1228 if (area == MAP_FAILED) {
1229 error_setg_errno(errp, errno,
1230 "unable to map backing store for hugepages");
1236 os_mem_prealloc(fd, area, memory);
1244 error_report("%s", error_get_pretty(*errp));
1251 /* Called with the ramlist lock held. */
1252 static ram_addr_t find_ram_offset(ram_addr_t size)
1254 RAMBlock *block, *next_block;
1255 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1257 assert(size != 0); /* it would hand out same offset multiple times */
1259 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1263 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1264 ram_addr_t end, next = RAM_ADDR_MAX;
1266 end = block->offset + block->max_length;
1268 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1269 if (next_block->offset >= end) {
1270 next = MIN(next, next_block->offset);
1273 if (next - end >= size && next - end < mingap) {
1275 mingap = next - end;
1279 if (offset == RAM_ADDR_MAX) {
1280 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1288 ram_addr_t last_ram_offset(void)
1291 ram_addr_t last = 0;
1294 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1295 last = MAX(last, block->offset + block->max_length);
1301 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1305 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1306 if (!machine_dump_guest_core(current_machine)) {
1307 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1309 perror("qemu_madvise");
1310 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1311 "but dump_guest_core=off specified\n");
1316 /* Called within an RCU critical section, or while the ramlist lock
1319 static RAMBlock *find_ram_block(ram_addr_t addr)
1323 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1324 if (block->offset == addr) {
1332 /* Called with iothread lock held. */
1333 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1335 RAMBlock *new_block, *block;
1338 new_block = find_ram_block(addr);
1340 assert(!new_block->idstr[0]);
1343 char *id = qdev_get_dev_path(dev);
1345 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1349 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1351 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1352 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1353 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1361 /* Called with iothread lock held. */
1362 void qemu_ram_unset_idstr(ram_addr_t addr)
1366 /* FIXME: arch_init.c assumes that this is not called throughout
1367 * migration. Ignore the problem since hot-unplug during migration
1368 * does not work anyway.
1372 block = find_ram_block(addr);
1374 memset(block->idstr, 0, sizeof(block->idstr));
1379 static int memory_try_enable_merging(void *addr, size_t len)
1381 if (!machine_mem_merge(current_machine)) {
1382 /* disabled by the user */
1386 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1389 /* Only legal before guest might have detected the memory size: e.g. on
1390 * incoming migration, or right after reset.
1392 * As memory core doesn't know how is memory accessed, it is up to
1393 * resize callback to update device state and/or add assertions to detect
1394 * misuse, if necessary.
1396 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1398 RAMBlock *block = find_ram_block(base);
1402 newsize = TARGET_PAGE_ALIGN(newsize);
1404 if (block->used_length == newsize) {
1408 if (!(block->flags & RAM_RESIZEABLE)) {
1409 error_setg_errno(errp, EINVAL,
1410 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1411 " in != 0x" RAM_ADDR_FMT, block->idstr,
1412 newsize, block->used_length);
1416 if (block->max_length < newsize) {
1417 error_setg_errno(errp, EINVAL,
1418 "Length too large: %s: 0x" RAM_ADDR_FMT
1419 " > 0x" RAM_ADDR_FMT, block->idstr,
1420 newsize, block->max_length);
1424 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1425 block->used_length = newsize;
1426 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1428 memory_region_set_size(block->mr, newsize);
1429 if (block->resized) {
1430 block->resized(block->idstr, newsize, block->host);
1435 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1438 RAMBlock *last_block = NULL;
1439 ram_addr_t old_ram_size, new_ram_size;
1441 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1443 qemu_mutex_lock_ramlist();
1444 new_block->offset = find_ram_offset(new_block->max_length);
1446 if (!new_block->host) {
1447 if (xen_enabled()) {
1448 xen_ram_alloc(new_block->offset, new_block->max_length,
1451 new_block->host = phys_mem_alloc(new_block->max_length,
1452 &new_block->mr->align);
1453 if (!new_block->host) {
1454 error_setg_errno(errp, errno,
1455 "cannot set up guest memory '%s'",
1456 memory_region_name(new_block->mr));
1457 qemu_mutex_unlock_ramlist();
1460 memory_try_enable_merging(new_block->host, new_block->max_length);
1464 new_ram_size = MAX(old_ram_size,
1465 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1466 if (new_ram_size > old_ram_size) {
1467 migration_bitmap_extend(old_ram_size, new_ram_size);
1469 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1470 * QLIST (which has an RCU-friendly variant) does not have insertion at
1471 * tail, so save the last element in last_block.
1473 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1475 if (block->max_length < new_block->max_length) {
1480 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1481 } else if (last_block) {
1482 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1483 } else { /* list is empty */
1484 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1486 ram_list.mru_block = NULL;
1488 /* Write list before version */
1491 qemu_mutex_unlock_ramlist();
1493 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1495 if (new_ram_size > old_ram_size) {
1498 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1499 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1500 ram_list.dirty_memory[i] =
1501 bitmap_zero_extend(ram_list.dirty_memory[i],
1502 old_ram_size, new_ram_size);
1505 cpu_physical_memory_set_dirty_range(new_block->offset,
1506 new_block->used_length,
1509 if (new_block->host) {
1510 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1511 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1512 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1513 if (kvm_enabled()) {
1514 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1518 return new_block->offset;
1522 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1523 bool share, const char *mem_path,
1526 RAMBlock *new_block;
1528 Error *local_err = NULL;
1530 if (xen_enabled()) {
1531 error_setg(errp, "-mem-path not supported with Xen");
1535 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1537 * file_ram_alloc() needs to allocate just like
1538 * phys_mem_alloc, but we haven't bothered to provide
1542 "-mem-path not supported with this accelerator");
1546 size = TARGET_PAGE_ALIGN(size);
1547 new_block = g_malloc0(sizeof(*new_block));
1549 new_block->used_length = size;
1550 new_block->max_length = size;
1551 new_block->flags = share ? RAM_SHARED : 0;
1552 new_block->host = file_ram_alloc(new_block, size,
1554 if (!new_block->host) {
1559 addr = ram_block_add(new_block, &local_err);
1562 error_propagate(errp, local_err);
1570 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1571 void (*resized)(const char*,
1574 void *host, bool resizeable,
1575 MemoryRegion *mr, Error **errp)
1577 RAMBlock *new_block;
1579 Error *local_err = NULL;
1581 size = TARGET_PAGE_ALIGN(size);
1582 max_size = TARGET_PAGE_ALIGN(max_size);
1583 new_block = g_malloc0(sizeof(*new_block));
1585 new_block->resized = resized;
1586 new_block->used_length = size;
1587 new_block->max_length = max_size;
1588 assert(max_size >= size);
1590 new_block->host = host;
1592 new_block->flags |= RAM_PREALLOC;
1595 new_block->flags |= RAM_RESIZEABLE;
1597 addr = ram_block_add(new_block, &local_err);
1600 error_propagate(errp, local_err);
1606 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1607 MemoryRegion *mr, Error **errp)
1609 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1612 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1614 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1617 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1618 void (*resized)(const char*,
1621 MemoryRegion *mr, Error **errp)
1623 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1626 void qemu_ram_free_from_ptr(ram_addr_t addr)
1630 qemu_mutex_lock_ramlist();
1631 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1632 if (addr == block->offset) {
1633 QLIST_REMOVE_RCU(block, next);
1634 ram_list.mru_block = NULL;
1635 /* Write list before version */
1638 g_free_rcu(block, rcu);
1642 qemu_mutex_unlock_ramlist();
1645 static void reclaim_ramblock(RAMBlock *block)
1647 if (block->flags & RAM_PREALLOC) {
1649 } else if (xen_enabled()) {
1650 xen_invalidate_map_cache_entry(block->host);
1652 } else if (block->fd >= 0) {
1653 munmap(block->host, block->max_length);
1657 qemu_anon_ram_free(block->host, block->max_length);
1662 void qemu_ram_free(ram_addr_t addr)
1666 qemu_mutex_lock_ramlist();
1667 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1668 if (addr == block->offset) {
1669 QLIST_REMOVE_RCU(block, next);
1670 ram_list.mru_block = NULL;
1671 /* Write list before version */
1674 call_rcu(block, reclaim_ramblock, rcu);
1678 qemu_mutex_unlock_ramlist();
1682 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1689 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1690 offset = addr - block->offset;
1691 if (offset < block->max_length) {
1692 vaddr = ramblock_ptr(block, offset);
1693 if (block->flags & RAM_PREALLOC) {
1695 } else if (xen_enabled()) {
1699 if (block->fd >= 0) {
1700 flags |= (block->flags & RAM_SHARED ?
1701 MAP_SHARED : MAP_PRIVATE);
1702 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1703 flags, block->fd, offset);
1706 * Remap needs to match alloc. Accelerators that
1707 * set phys_mem_alloc never remap. If they did,
1708 * we'd need a remap hook here.
1710 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1712 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1713 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1716 if (area != vaddr) {
1717 fprintf(stderr, "Could not remap addr: "
1718 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1722 memory_try_enable_merging(vaddr, length);
1723 qemu_ram_setup_dump(vaddr, length);
1728 #endif /* !_WIN32 */
1730 int qemu_get_ram_fd(ram_addr_t addr)
1736 block = qemu_get_ram_block(addr);
1742 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1748 block = qemu_get_ram_block(addr);
1749 ptr = ramblock_ptr(block, 0);
1754 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1755 * This should not be used for general purpose DMA. Use address_space_map
1756 * or address_space_rw instead. For local memory (e.g. video ram) that the
1757 * device owns, use memory_region_get_ram_ptr.
1759 * By the time this function returns, the returned pointer is not protected
1760 * by RCU anymore. If the caller is not within an RCU critical section and
1761 * does not hold the iothread lock, it must have other means of protecting the
1762 * pointer, such as a reference to the region that includes the incoming
1765 void *qemu_get_ram_ptr(ram_addr_t addr)
1771 block = qemu_get_ram_block(addr);
1773 if (xen_enabled() && block->host == NULL) {
1774 /* We need to check if the requested address is in the RAM
1775 * because we don't want to map the entire memory in QEMU.
1776 * In that case just map until the end of the page.
1778 if (block->offset == 0) {
1779 ptr = xen_map_cache(addr, 0, 0);
1783 block->host = xen_map_cache(block->offset, block->max_length, 1);
1785 ptr = ramblock_ptr(block, addr - block->offset);
1792 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1793 * but takes a size argument.
1795 * By the time this function returns, the returned pointer is not protected
1796 * by RCU anymore. If the caller is not within an RCU critical section and
1797 * does not hold the iothread lock, it must have other means of protecting the
1798 * pointer, such as a reference to the region that includes the incoming
1801 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1807 if (xen_enabled()) {
1808 return xen_map_cache(addr, *size, 1);
1812 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1813 if (addr - block->offset < block->max_length) {
1814 if (addr - block->offset + *size > block->max_length)
1815 *size = block->max_length - addr + block->offset;
1816 ptr = ramblock_ptr(block, addr - block->offset);
1822 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1827 /* Some of the softmmu routines need to translate from a host pointer
1828 * (typically a TLB entry) back to a ram offset.
1830 * By the time this function returns, the returned pointer is not protected
1831 * by RCU anymore. If the caller is not within an RCU critical section and
1832 * does not hold the iothread lock, it must have other means of protecting the
1833 * pointer, such as a reference to the region that includes the incoming
1836 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1839 uint8_t *host = ptr;
1842 if (xen_enabled()) {
1844 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1845 mr = qemu_get_ram_block(*ram_addr)->mr;
1851 block = atomic_rcu_read(&ram_list.mru_block);
1852 if (block && block->host && host - block->host < block->max_length) {
1856 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1857 /* This case append when the block is not mapped. */
1858 if (block->host == NULL) {
1861 if (host - block->host < block->max_length) {
1870 *ram_addr = block->offset + (host - block->host);
1876 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1877 uint64_t val, unsigned size)
1879 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1880 tb_invalidate_phys_page_fast(ram_addr, size);
1884 stb_p(qemu_get_ram_ptr(ram_addr), val);
1887 stw_p(qemu_get_ram_ptr(ram_addr), val);
1890 stl_p(qemu_get_ram_ptr(ram_addr), val);
1895 /* Set both VGA and migration bits for simplicity and to remove
1896 * the notdirty callback faster.
1898 cpu_physical_memory_set_dirty_range(ram_addr, size,
1899 DIRTY_CLIENTS_NOCODE);
1900 /* we remove the notdirty callback only if the code has been
1902 if (!cpu_physical_memory_is_clean(ram_addr)) {
1903 CPUArchState *env = current_cpu->env_ptr;
1904 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1908 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1909 unsigned size, bool is_write)
1914 static const MemoryRegionOps notdirty_mem_ops = {
1915 .write = notdirty_mem_write,
1916 .valid.accepts = notdirty_mem_accepts,
1917 .endianness = DEVICE_NATIVE_ENDIAN,
1920 /* Generate a debug exception if a watchpoint has been hit. */
1921 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1923 CPUState *cpu = current_cpu;
1924 CPUArchState *env = cpu->env_ptr;
1925 target_ulong pc, cs_base;
1930 if (cpu->watchpoint_hit) {
1931 /* We re-entered the check after replacing the TB. Now raise
1932 * the debug interrupt so that is will trigger after the
1933 * current instruction. */
1934 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1937 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1938 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1939 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1940 && (wp->flags & flags)) {
1941 if (flags == BP_MEM_READ) {
1942 wp->flags |= BP_WATCHPOINT_HIT_READ;
1944 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1946 wp->hitaddr = vaddr;
1947 wp->hitattrs = attrs;
1948 if (!cpu->watchpoint_hit) {
1949 cpu->watchpoint_hit = wp;
1950 tb_check_watchpoint(cpu);
1951 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1952 cpu->exception_index = EXCP_DEBUG;
1955 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1956 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1957 cpu_resume_from_signal(cpu, NULL);
1961 wp->flags &= ~BP_WATCHPOINT_HIT;
1966 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1967 so these check for a hit then pass through to the normal out-of-line
1969 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1970 unsigned size, MemTxAttrs attrs)
1975 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1978 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1981 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1984 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1992 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1993 uint64_t val, unsigned size,
1998 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2001 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2004 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2007 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2014 static const MemoryRegionOps watch_mem_ops = {
2015 .read_with_attrs = watch_mem_read,
2016 .write_with_attrs = watch_mem_write,
2017 .endianness = DEVICE_NATIVE_ENDIAN,
2020 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2021 unsigned len, MemTxAttrs attrs)
2023 subpage_t *subpage = opaque;
2027 #if defined(DEBUG_SUBPAGE)
2028 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2029 subpage, len, addr);
2031 res = address_space_read(subpage->as, addr + subpage->base,
2038 *data = ldub_p(buf);
2041 *data = lduw_p(buf);
2054 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2055 uint64_t value, unsigned len, MemTxAttrs attrs)
2057 subpage_t *subpage = opaque;
2060 #if defined(DEBUG_SUBPAGE)
2061 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2062 " value %"PRIx64"\n",
2063 __func__, subpage, len, addr, value);
2081 return address_space_write(subpage->as, addr + subpage->base,
2085 static bool subpage_accepts(void *opaque, hwaddr addr,
2086 unsigned len, bool is_write)
2088 subpage_t *subpage = opaque;
2089 #if defined(DEBUG_SUBPAGE)
2090 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2091 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2094 return address_space_access_valid(subpage->as, addr + subpage->base,
2098 static const MemoryRegionOps subpage_ops = {
2099 .read_with_attrs = subpage_read,
2100 .write_with_attrs = subpage_write,
2101 .impl.min_access_size = 1,
2102 .impl.max_access_size = 8,
2103 .valid.min_access_size = 1,
2104 .valid.max_access_size = 8,
2105 .valid.accepts = subpage_accepts,
2106 .endianness = DEVICE_NATIVE_ENDIAN,
2109 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2114 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2116 idx = SUBPAGE_IDX(start);
2117 eidx = SUBPAGE_IDX(end);
2118 #if defined(DEBUG_SUBPAGE)
2119 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2120 __func__, mmio, start, end, idx, eidx, section);
2122 for (; idx <= eidx; idx++) {
2123 mmio->sub_section[idx] = section;
2129 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2133 mmio = g_malloc0(sizeof(subpage_t));
2137 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2138 NULL, TARGET_PAGE_SIZE);
2139 mmio->iomem.subpage = true;
2140 #if defined(DEBUG_SUBPAGE)
2141 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2142 mmio, base, TARGET_PAGE_SIZE);
2144 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2149 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2153 MemoryRegionSection section = {
2154 .address_space = as,
2156 .offset_within_address_space = 0,
2157 .offset_within_region = 0,
2158 .size = int128_2_64(),
2161 return phys_section_add(map, §ion);
2164 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2166 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2167 MemoryRegionSection *sections = d->map.sections;
2169 return sections[index & ~TARGET_PAGE_MASK].mr;
2172 static void io_mem_init(void)
2174 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2175 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2177 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2179 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2183 static void mem_begin(MemoryListener *listener)
2185 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2186 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2189 n = dummy_section(&d->map, as, &io_mem_unassigned);
2190 assert(n == PHYS_SECTION_UNASSIGNED);
2191 n = dummy_section(&d->map, as, &io_mem_notdirty);
2192 assert(n == PHYS_SECTION_NOTDIRTY);
2193 n = dummy_section(&d->map, as, &io_mem_rom);
2194 assert(n == PHYS_SECTION_ROM);
2195 n = dummy_section(&d->map, as, &io_mem_watch);
2196 assert(n == PHYS_SECTION_WATCH);
2198 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2200 as->next_dispatch = d;
2203 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2205 phys_sections_free(&d->map);
2209 static void mem_commit(MemoryListener *listener)
2211 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2212 AddressSpaceDispatch *cur = as->dispatch;
2213 AddressSpaceDispatch *next = as->next_dispatch;
2215 phys_page_compact_all(next, next->map.nodes_nb);
2217 atomic_rcu_set(&as->dispatch, next);
2219 call_rcu(cur, address_space_dispatch_free, rcu);
2223 static void tcg_commit(MemoryListener *listener)
2227 /* since each CPU stores ram addresses in its TLB cache, we must
2228 reset the modified entries */
2231 /* FIXME: Disentangle the cpu.h circular files deps so we can
2232 directly get the right CPU from listener. */
2233 if (cpu->tcg_as_listener != listener) {
2236 cpu_reload_memory_map(cpu);
2240 void address_space_init_dispatch(AddressSpace *as)
2242 as->dispatch = NULL;
2243 as->dispatch_listener = (MemoryListener) {
2245 .commit = mem_commit,
2246 .region_add = mem_add,
2247 .region_nop = mem_add,
2250 memory_listener_register(&as->dispatch_listener, as);
2253 void address_space_unregister(AddressSpace *as)
2255 memory_listener_unregister(&as->dispatch_listener);
2258 void address_space_destroy_dispatch(AddressSpace *as)
2260 AddressSpaceDispatch *d = as->dispatch;
2262 atomic_rcu_set(&as->dispatch, NULL);
2264 call_rcu(d, address_space_dispatch_free, rcu);
2268 static void memory_map_init(void)
2270 system_memory = g_malloc(sizeof(*system_memory));
2272 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2273 address_space_init(&address_space_memory, system_memory, "memory");
2275 system_io = g_malloc(sizeof(*system_io));
2276 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2278 address_space_init(&address_space_io, system_io, "I/O");
2281 MemoryRegion *get_system_memory(void)
2283 return system_memory;
2286 MemoryRegion *get_system_io(void)
2291 #endif /* !defined(CONFIG_USER_ONLY) */
2293 /* physical memory access (slow version, mainly for debug) */
2294 #if defined(CONFIG_USER_ONLY)
2295 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2296 uint8_t *buf, int len, int is_write)
2303 page = addr & TARGET_PAGE_MASK;
2304 l = (page + TARGET_PAGE_SIZE) - addr;
2307 flags = page_get_flags(page);
2308 if (!(flags & PAGE_VALID))
2311 if (!(flags & PAGE_WRITE))
2313 /* XXX: this code should not depend on lock_user */
2314 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2317 unlock_user(p, addr, l);
2319 if (!(flags & PAGE_READ))
2321 /* XXX: this code should not depend on lock_user */
2322 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2325 unlock_user(p, addr, 0);
2336 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2339 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2340 /* No early return if dirty_log_mask is or becomes 0, because
2341 * cpu_physical_memory_set_dirty_range will still call
2342 * xen_modified_memory.
2344 if (dirty_log_mask) {
2346 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2348 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2349 tb_invalidate_phys_range(addr, addr + length);
2350 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2352 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2355 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2357 unsigned access_size_max = mr->ops->valid.max_access_size;
2359 /* Regions are assumed to support 1-4 byte accesses unless
2360 otherwise specified. */
2361 if (access_size_max == 0) {
2362 access_size_max = 4;
2365 /* Bound the maximum access by the alignment of the address. */
2366 if (!mr->ops->impl.unaligned) {
2367 unsigned align_size_max = addr & -addr;
2368 if (align_size_max != 0 && align_size_max < access_size_max) {
2369 access_size_max = align_size_max;
2373 /* Don't attempt accesses larger than the maximum. */
2374 if (l > access_size_max) {
2375 l = access_size_max;
2382 static bool prepare_mmio_access(MemoryRegion *mr)
2384 bool unlocked = !qemu_mutex_iothread_locked();
2385 bool release_lock = false;
2387 if (unlocked && mr->global_locking) {
2388 qemu_mutex_lock_iothread();
2390 release_lock = true;
2392 if (mr->flush_coalesced_mmio) {
2394 qemu_mutex_lock_iothread();
2396 qemu_flush_coalesced_mmio_buffer();
2398 qemu_mutex_unlock_iothread();
2402 return release_lock;
2405 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2406 uint8_t *buf, int len, bool is_write)
2413 MemTxResult result = MEMTX_OK;
2414 bool release_lock = false;
2419 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2422 if (!memory_access_is_direct(mr, is_write)) {
2423 release_lock |= prepare_mmio_access(mr);
2424 l = memory_access_size(mr, l, addr1);
2425 /* XXX: could force current_cpu to NULL to avoid
2429 /* 64 bit write access */
2431 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2435 /* 32 bit write access */
2437 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2441 /* 16 bit write access */
2443 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2447 /* 8 bit write access */
2449 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2456 addr1 += memory_region_get_ram_addr(mr);
2458 ptr = qemu_get_ram_ptr(addr1);
2459 memcpy(ptr, buf, l);
2460 invalidate_and_set_dirty(mr, addr1, l);
2463 if (!memory_access_is_direct(mr, is_write)) {
2465 release_lock |= prepare_mmio_access(mr);
2466 l = memory_access_size(mr, l, addr1);
2469 /* 64 bit read access */
2470 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2475 /* 32 bit read access */
2476 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2481 /* 16 bit read access */
2482 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2487 /* 8 bit read access */
2488 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2497 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2498 memcpy(buf, ptr, l);
2503 qemu_mutex_unlock_iothread();
2504 release_lock = false;
2516 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2517 const uint8_t *buf, int len)
2519 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2522 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2523 uint8_t *buf, int len)
2525 return address_space_rw(as, addr, attrs, buf, len, false);
2529 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2530 int len, int is_write)
2532 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2533 buf, len, is_write);
2536 enum write_rom_type {
2541 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2542 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2552 mr = address_space_translate(as, addr, &addr1, &l, true);
2554 if (!(memory_region_is_ram(mr) ||
2555 memory_region_is_romd(mr))) {
2556 l = memory_access_size(mr, l, addr1);
2558 addr1 += memory_region_get_ram_addr(mr);
2560 ptr = qemu_get_ram_ptr(addr1);
2563 memcpy(ptr, buf, l);
2564 invalidate_and_set_dirty(mr, addr1, l);
2567 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2578 /* used for ROM loading : can write in RAM and ROM */
2579 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2580 const uint8_t *buf, int len)
2582 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2585 void cpu_flush_icache_range(hwaddr start, int len)
2588 * This function should do the same thing as an icache flush that was
2589 * triggered from within the guest. For TCG we are always cache coherent,
2590 * so there is no need to flush anything. For KVM / Xen we need to flush
2591 * the host's instruction cache at least.
2593 if (tcg_enabled()) {
2597 cpu_physical_memory_write_rom_internal(&address_space_memory,
2598 start, NULL, len, FLUSH_CACHE);
2609 static BounceBuffer bounce;
2611 typedef struct MapClient {
2613 QLIST_ENTRY(MapClient) link;
2616 QemuMutex map_client_list_lock;
2617 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2618 = QLIST_HEAD_INITIALIZER(map_client_list);
2620 static void cpu_unregister_map_client_do(MapClient *client)
2622 QLIST_REMOVE(client, link);
2626 static void cpu_notify_map_clients_locked(void)
2630 while (!QLIST_EMPTY(&map_client_list)) {
2631 client = QLIST_FIRST(&map_client_list);
2632 qemu_bh_schedule(client->bh);
2633 cpu_unregister_map_client_do(client);
2637 void cpu_register_map_client(QEMUBH *bh)
2639 MapClient *client = g_malloc(sizeof(*client));
2641 qemu_mutex_lock(&map_client_list_lock);
2643 QLIST_INSERT_HEAD(&map_client_list, client, link);
2644 if (!atomic_read(&bounce.in_use)) {
2645 cpu_notify_map_clients_locked();
2647 qemu_mutex_unlock(&map_client_list_lock);
2650 void cpu_exec_init_all(void)
2652 qemu_mutex_init(&ram_list.mutex);
2655 qemu_mutex_init(&map_client_list_lock);
2658 void cpu_unregister_map_client(QEMUBH *bh)
2662 qemu_mutex_lock(&map_client_list_lock);
2663 QLIST_FOREACH(client, &map_client_list, link) {
2664 if (client->bh == bh) {
2665 cpu_unregister_map_client_do(client);
2669 qemu_mutex_unlock(&map_client_list_lock);
2672 static void cpu_notify_map_clients(void)
2674 qemu_mutex_lock(&map_client_list_lock);
2675 cpu_notify_map_clients_locked();
2676 qemu_mutex_unlock(&map_client_list_lock);
2679 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2687 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2688 if (!memory_access_is_direct(mr, is_write)) {
2689 l = memory_access_size(mr, l, addr);
2690 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2702 /* Map a physical memory region into a host virtual address.
2703 * May map a subset of the requested range, given by and returned in *plen.
2704 * May return NULL if resources needed to perform the mapping are exhausted.
2705 * Use only for reads OR writes - not for read-modify-write operations.
2706 * Use cpu_register_map_client() to know when retrying the map operation is
2707 * likely to succeed.
2709 void *address_space_map(AddressSpace *as,
2716 hwaddr l, xlat, base;
2717 MemoryRegion *mr, *this_mr;
2726 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2728 if (!memory_access_is_direct(mr, is_write)) {
2729 if (atomic_xchg(&bounce.in_use, true)) {
2733 /* Avoid unbounded allocations */
2734 l = MIN(l, TARGET_PAGE_SIZE);
2735 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2739 memory_region_ref(mr);
2742 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2748 return bounce.buffer;
2752 raddr = memory_region_get_ram_addr(mr);
2763 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2764 if (this_mr != mr || xlat != base + done) {
2769 memory_region_ref(mr);
2772 return qemu_ram_ptr_length(raddr + base, plen);
2775 /* Unmaps a memory region previously mapped by address_space_map().
2776 * Will also mark the memory as dirty if is_write == 1. access_len gives
2777 * the amount of memory that was actually read or written by the caller.
2779 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2780 int is_write, hwaddr access_len)
2782 if (buffer != bounce.buffer) {
2786 mr = qemu_ram_addr_from_host(buffer, &addr1);
2789 invalidate_and_set_dirty(mr, addr1, access_len);
2791 if (xen_enabled()) {
2792 xen_invalidate_map_cache_entry(buffer);
2794 memory_region_unref(mr);
2798 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2799 bounce.buffer, access_len);
2801 qemu_vfree(bounce.buffer);
2802 bounce.buffer = NULL;
2803 memory_region_unref(bounce.mr);
2804 atomic_mb_set(&bounce.in_use, false);
2805 cpu_notify_map_clients();
2808 void *cpu_physical_memory_map(hwaddr addr,
2812 return address_space_map(&address_space_memory, addr, plen, is_write);
2815 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2816 int is_write, hwaddr access_len)
2818 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2821 /* warning: addr must be aligned */
2822 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2824 MemTxResult *result,
2825 enum device_endian endian)
2833 bool release_lock = false;
2836 mr = address_space_translate(as, addr, &addr1, &l, false);
2837 if (l < 4 || !memory_access_is_direct(mr, false)) {
2838 release_lock |= prepare_mmio_access(mr);
2841 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2842 #if defined(TARGET_WORDS_BIGENDIAN)
2843 if (endian == DEVICE_LITTLE_ENDIAN) {
2847 if (endian == DEVICE_BIG_ENDIAN) {
2853 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2857 case DEVICE_LITTLE_ENDIAN:
2858 val = ldl_le_p(ptr);
2860 case DEVICE_BIG_ENDIAN:
2861 val = ldl_be_p(ptr);
2873 qemu_mutex_unlock_iothread();
2879 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2880 MemTxAttrs attrs, MemTxResult *result)
2882 return address_space_ldl_internal(as, addr, attrs, result,
2883 DEVICE_NATIVE_ENDIAN);
2886 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2887 MemTxAttrs attrs, MemTxResult *result)
2889 return address_space_ldl_internal(as, addr, attrs, result,
2890 DEVICE_LITTLE_ENDIAN);
2893 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2894 MemTxAttrs attrs, MemTxResult *result)
2896 return address_space_ldl_internal(as, addr, attrs, result,
2900 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2902 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2905 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2907 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2910 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2912 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2915 /* warning: addr must be aligned */
2916 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2918 MemTxResult *result,
2919 enum device_endian endian)
2927 bool release_lock = false;
2930 mr = address_space_translate(as, addr, &addr1, &l,
2932 if (l < 8 || !memory_access_is_direct(mr, false)) {
2933 release_lock |= prepare_mmio_access(mr);
2936 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2937 #if defined(TARGET_WORDS_BIGENDIAN)
2938 if (endian == DEVICE_LITTLE_ENDIAN) {
2942 if (endian == DEVICE_BIG_ENDIAN) {
2948 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2952 case DEVICE_LITTLE_ENDIAN:
2953 val = ldq_le_p(ptr);
2955 case DEVICE_BIG_ENDIAN:
2956 val = ldq_be_p(ptr);
2968 qemu_mutex_unlock_iothread();
2974 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2975 MemTxAttrs attrs, MemTxResult *result)
2977 return address_space_ldq_internal(as, addr, attrs, result,
2978 DEVICE_NATIVE_ENDIAN);
2981 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2982 MemTxAttrs attrs, MemTxResult *result)
2984 return address_space_ldq_internal(as, addr, attrs, result,
2985 DEVICE_LITTLE_ENDIAN);
2988 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2989 MemTxAttrs attrs, MemTxResult *result)
2991 return address_space_ldq_internal(as, addr, attrs, result,
2995 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2997 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3000 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3002 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3005 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3007 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3011 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3012 MemTxAttrs attrs, MemTxResult *result)
3017 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3024 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3026 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3029 /* warning: addr must be aligned */
3030 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3033 MemTxResult *result,
3034 enum device_endian endian)
3042 bool release_lock = false;
3045 mr = address_space_translate(as, addr, &addr1, &l,
3047 if (l < 2 || !memory_access_is_direct(mr, false)) {
3048 release_lock |= prepare_mmio_access(mr);
3051 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3052 #if defined(TARGET_WORDS_BIGENDIAN)
3053 if (endian == DEVICE_LITTLE_ENDIAN) {
3057 if (endian == DEVICE_BIG_ENDIAN) {
3063 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3067 case DEVICE_LITTLE_ENDIAN:
3068 val = lduw_le_p(ptr);
3070 case DEVICE_BIG_ENDIAN:
3071 val = lduw_be_p(ptr);
3083 qemu_mutex_unlock_iothread();
3089 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3090 MemTxAttrs attrs, MemTxResult *result)
3092 return address_space_lduw_internal(as, addr, attrs, result,
3093 DEVICE_NATIVE_ENDIAN);
3096 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3097 MemTxAttrs attrs, MemTxResult *result)
3099 return address_space_lduw_internal(as, addr, attrs, result,
3100 DEVICE_LITTLE_ENDIAN);
3103 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3104 MemTxAttrs attrs, MemTxResult *result)
3106 return address_space_lduw_internal(as, addr, attrs, result,
3110 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3112 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3115 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3117 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3120 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3122 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3125 /* warning: addr must be aligned. The ram page is not masked as dirty
3126 and the code inside is not invalidated. It is useful if the dirty
3127 bits are used to track modified PTEs */
3128 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3129 MemTxAttrs attrs, MemTxResult *result)
3136 uint8_t dirty_log_mask;
3137 bool release_lock = false;
3140 mr = address_space_translate(as, addr, &addr1, &l,
3142 if (l < 4 || !memory_access_is_direct(mr, true)) {
3143 release_lock |= prepare_mmio_access(mr);
3145 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3147 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3148 ptr = qemu_get_ram_ptr(addr1);
3151 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3152 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3153 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3160 qemu_mutex_unlock_iothread();
3165 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3167 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3170 /* warning: addr must be aligned */
3171 static inline void address_space_stl_internal(AddressSpace *as,
3172 hwaddr addr, uint32_t val,
3174 MemTxResult *result,
3175 enum device_endian endian)
3182 bool release_lock = false;
3185 mr = address_space_translate(as, addr, &addr1, &l,
3187 if (l < 4 || !memory_access_is_direct(mr, true)) {
3188 release_lock |= prepare_mmio_access(mr);
3190 #if defined(TARGET_WORDS_BIGENDIAN)
3191 if (endian == DEVICE_LITTLE_ENDIAN) {
3195 if (endian == DEVICE_BIG_ENDIAN) {
3199 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3202 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3203 ptr = qemu_get_ram_ptr(addr1);
3205 case DEVICE_LITTLE_ENDIAN:
3208 case DEVICE_BIG_ENDIAN:
3215 invalidate_and_set_dirty(mr, addr1, 4);
3222 qemu_mutex_unlock_iothread();
3227 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3228 MemTxAttrs attrs, MemTxResult *result)
3230 address_space_stl_internal(as, addr, val, attrs, result,
3231 DEVICE_NATIVE_ENDIAN);
3234 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3235 MemTxAttrs attrs, MemTxResult *result)
3237 address_space_stl_internal(as, addr, val, attrs, result,
3238 DEVICE_LITTLE_ENDIAN);
3241 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3242 MemTxAttrs attrs, MemTxResult *result)
3244 address_space_stl_internal(as, addr, val, attrs, result,
3248 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3250 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3253 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3255 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3258 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3260 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3264 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3265 MemTxAttrs attrs, MemTxResult *result)
3270 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3276 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3278 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3281 /* warning: addr must be aligned */
3282 static inline void address_space_stw_internal(AddressSpace *as,
3283 hwaddr addr, uint32_t val,
3285 MemTxResult *result,
3286 enum device_endian endian)
3293 bool release_lock = false;
3296 mr = address_space_translate(as, addr, &addr1, &l, true);
3297 if (l < 2 || !memory_access_is_direct(mr, true)) {
3298 release_lock |= prepare_mmio_access(mr);
3300 #if defined(TARGET_WORDS_BIGENDIAN)
3301 if (endian == DEVICE_LITTLE_ENDIAN) {
3305 if (endian == DEVICE_BIG_ENDIAN) {
3309 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3312 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3313 ptr = qemu_get_ram_ptr(addr1);
3315 case DEVICE_LITTLE_ENDIAN:
3318 case DEVICE_BIG_ENDIAN:
3325 invalidate_and_set_dirty(mr, addr1, 2);
3332 qemu_mutex_unlock_iothread();
3337 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3338 MemTxAttrs attrs, MemTxResult *result)
3340 address_space_stw_internal(as, addr, val, attrs, result,
3341 DEVICE_NATIVE_ENDIAN);
3344 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3345 MemTxAttrs attrs, MemTxResult *result)
3347 address_space_stw_internal(as, addr, val, attrs, result,
3348 DEVICE_LITTLE_ENDIAN);
3351 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3352 MemTxAttrs attrs, MemTxResult *result)
3354 address_space_stw_internal(as, addr, val, attrs, result,
3358 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3360 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3363 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3365 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3368 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3370 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3374 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3375 MemTxAttrs attrs, MemTxResult *result)
3379 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3385 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3389 val = cpu_to_le64(val);
3390 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3395 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3399 val = cpu_to_be64(val);
3400 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3406 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3408 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3411 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3413 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3416 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3418 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3421 /* virtual memory access for debug (includes writing to ROM) */
3422 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3423 uint8_t *buf, int len, int is_write)
3430 page = addr & TARGET_PAGE_MASK;
3431 phys_addr = cpu_get_phys_page_debug(cpu, page);
3432 /* if no physical page mapped, return an error */
3433 if (phys_addr == -1)
3435 l = (page + TARGET_PAGE_SIZE) - addr;
3438 phys_addr += (addr & ~TARGET_PAGE_MASK);
3440 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3442 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3454 * A helper function for the _utterly broken_ virtio device model to find out if
3455 * it's running on a big endian machine. Don't do this at home kids!
3457 bool target_words_bigendian(void);
3458 bool target_words_bigendian(void)
3460 #if defined(TARGET_WORDS_BIGENDIAN)
3467 #ifndef CONFIG_USER_ONLY
3468 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3475 mr = address_space_translate(&address_space_memory,
3476 phys_addr, &phys_addr, &l, false);
3478 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3483 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3489 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3490 ret = func(block->idstr, block->host, block->offset,
3491 block->used_length, opaque);
projects / qemu.git / blob