4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
85 #define RAM_RESIZEABLE (1 << 2)
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
92 DEFINE_TLS(CPUState *, current_cpu);
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
98 #if !defined(CONFIG_USER_ONLY)
100 typedef struct PhysPageEntry PhysPageEntry;
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
115 #define P_L2_SIZE (1 << P_L2_BITS)
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119 typedef PhysPageEntry Node[P_L2_SIZE];
121 typedef struct PhysPageMap {
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
127 unsigned nodes_nb_alloc;
129 MemoryRegionSection *sections;
132 struct AddressSpaceDispatch {
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
138 PhysPageEntry phys_map;
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
148 uint16_t sub_section[TARGET_PAGE_SIZE];
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
160 static MemoryRegion io_mem_watch;
163 #if !defined(CONFIG_USER_ONLY)
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
181 ret = map->nodes_nb++;
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 unsigned valid_ptr = P_L2_SIZE;
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
253 phys_page_compact(&p[i], nodes, compacted);
257 /* We can only compress if there's only one child. */
262 assert(valid_ptr < P_L2_SIZE);
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
279 lp->skip += p[valid_ptr].skip;
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 DECLARE_BITMAP(compacted, nodes_nb);
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
296 hwaddr index = addr >> TARGET_PAGE_BITS;
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return §ions[PHYS_SECTION_UNASSIGNED];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return §ions[lp.ptr];
312 return §ions[PHYS_SECTION_UNASSIGNED];
316 bool memory_region_is_unassigned(MemoryRegion *mr)
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 bool resolve_subpage)
327 MemoryRegionSection *section;
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
343 MemoryRegionSection *section;
347 section = address_space_lookup_region(d, addr, resolve_subpage);
348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
355 if (memory_region_is_ram(mr)) {
356 diff = int128_sub(section->size, int128_make64(addr));
357 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
362 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
364 if (memory_region_is_ram(mr)) {
365 return !(is_write && mr->readonly);
367 if (memory_region_is_romd(mr)) {
374 /* Called from RCU critical section */
375 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
376 hwaddr *xlat, hwaddr *plen,
380 MemoryRegionSection *section;
384 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
385 section = address_space_translate_internal(d, addr, &addr, plen, true);
388 if (!mr->iommu_ops) {
392 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
393 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
394 | (addr & iotlb.addr_mask));
395 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
396 if (!(iotlb.perm & (1 << is_write))) {
397 mr = &io_mem_unassigned;
401 as = iotlb.target_as;
404 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
405 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
406 *plen = MIN(page, *plen);
413 /* Called from RCU critical section */
414 MemoryRegionSection *
415 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
416 hwaddr *xlat, hwaddr *plen)
418 MemoryRegionSection *section;
419 section = address_space_translate_internal(cpu->memory_dispatch,
420 addr, xlat, plen, false);
422 assert(!section->mr->iommu_ops);
427 #if !defined(CONFIG_USER_ONLY)
429 static int cpu_common_post_load(void *opaque, int version_id)
431 CPUState *cpu = opaque;
433 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
434 version_id is increased. */
435 cpu->interrupt_request &= ~0x01;
441 static int cpu_common_pre_load(void *opaque)
443 CPUState *cpu = opaque;
445 cpu->exception_index = -1;
450 static bool cpu_common_exception_index_needed(void *opaque)
452 CPUState *cpu = opaque;
454 return tcg_enabled() && cpu->exception_index != -1;
457 static const VMStateDescription vmstate_cpu_common_exception_index = {
458 .name = "cpu_common/exception_index",
460 .minimum_version_id = 1,
461 .needed = cpu_common_exception_index_needed,
462 .fields = (VMStateField[]) {
463 VMSTATE_INT32(exception_index, CPUState),
464 VMSTATE_END_OF_LIST()
468 const VMStateDescription vmstate_cpu_common = {
469 .name = "cpu_common",
471 .minimum_version_id = 1,
472 .pre_load = cpu_common_pre_load,
473 .post_load = cpu_common_post_load,
474 .fields = (VMStateField[]) {
475 VMSTATE_UINT32(halted, CPUState),
476 VMSTATE_UINT32(interrupt_request, CPUState),
477 VMSTATE_END_OF_LIST()
479 .subsections = (const VMStateDescription*[]) {
480 &vmstate_cpu_common_exception_index,
487 CPUState *qemu_get_cpu(int index)
492 if (cpu->cpu_index == index) {
500 #if !defined(CONFIG_USER_ONLY)
501 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
503 /* We only support one address space per cpu at the moment. */
504 assert(cpu->as == as);
506 if (cpu->tcg_as_listener) {
507 memory_listener_unregister(cpu->tcg_as_listener);
509 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
511 cpu->tcg_as_listener->commit = tcg_commit;
512 memory_listener_register(cpu->tcg_as_listener, as);
516 void cpu_exec_init(CPUArchState *env)
518 CPUState *cpu = ENV_GET_CPU(env);
519 CPUClass *cc = CPU_GET_CLASS(cpu);
523 #if defined(CONFIG_USER_ONLY)
527 CPU_FOREACH(some_cpu) {
530 cpu->cpu_index = cpu_index;
532 QTAILQ_INIT(&cpu->breakpoints);
533 QTAILQ_INIT(&cpu->watchpoints);
534 #ifndef CONFIG_USER_ONLY
535 cpu->as = &address_space_memory;
536 cpu->thread_id = qemu_get_thread_id();
537 cpu_reload_memory_map(cpu);
539 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
540 #if defined(CONFIG_USER_ONLY)
543 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
544 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
546 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
547 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
548 cpu_save, cpu_load, env);
549 assert(cc->vmsd == NULL);
550 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
552 if (cc->vmsd != NULL) {
553 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
557 #if defined(CONFIG_USER_ONLY)
558 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
560 tb_invalidate_phys_page_range(pc, pc + 1, 0);
563 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
565 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
567 tb_invalidate_phys_addr(cpu->as,
568 phys | (pc & ~TARGET_PAGE_MASK));
573 #if defined(CONFIG_USER_ONLY)
574 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
579 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
585 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
589 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
590 int flags, CPUWatchpoint **watchpoint)
595 /* Add a watchpoint. */
596 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
597 int flags, CPUWatchpoint **watchpoint)
601 /* forbid ranges which are empty or run off the end of the address space */
602 if (len == 0 || (addr + len - 1) < addr) {
603 error_report("tried to set invalid watchpoint at %"
604 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
607 wp = g_malloc(sizeof(*wp));
613 /* keep all GDB-injected watchpoints in front */
614 if (flags & BP_GDB) {
615 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
617 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
620 tlb_flush_page(cpu, addr);
627 /* Remove a specific watchpoint. */
628 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
633 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
634 if (addr == wp->vaddr && len == wp->len
635 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
636 cpu_watchpoint_remove_by_ref(cpu, wp);
643 /* Remove a specific watchpoint by reference. */
644 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
646 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
648 tlb_flush_page(cpu, watchpoint->vaddr);
653 /* Remove all matching watchpoints. */
654 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
656 CPUWatchpoint *wp, *next;
658 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
659 if (wp->flags & mask) {
660 cpu_watchpoint_remove_by_ref(cpu, wp);
665 /* Return true if this watchpoint address matches the specified
666 * access (ie the address range covered by the watchpoint overlaps
667 * partially or completely with the address range covered by the
670 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
674 /* We know the lengths are non-zero, but a little caution is
675 * required to avoid errors in the case where the range ends
676 * exactly at the top of the address space and so addr + len
677 * wraps round to zero.
679 vaddr wpend = wp->vaddr + wp->len - 1;
680 vaddr addrend = addr + len - 1;
682 return !(addr > wpend || wp->vaddr > addrend);
687 /* Add a breakpoint. */
688 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
689 CPUBreakpoint **breakpoint)
693 bp = g_malloc(sizeof(*bp));
698 /* keep all GDB-injected breakpoints in front */
699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
702 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
705 breakpoint_invalidate(cpu, pc);
713 /* Remove a specific breakpoint. */
714 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
718 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
719 if (bp->pc == pc && bp->flags == flags) {
720 cpu_breakpoint_remove_by_ref(cpu, bp);
727 /* Remove a specific breakpoint by reference. */
728 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
730 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
732 breakpoint_invalidate(cpu, breakpoint->pc);
737 /* Remove all matching breakpoints. */
738 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
740 CPUBreakpoint *bp, *next;
742 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
743 if (bp->flags & mask) {
744 cpu_breakpoint_remove_by_ref(cpu, bp);
749 /* enable or disable single step mode. EXCP_DEBUG is returned by the
750 CPU loop after each instruction */
751 void cpu_single_step(CPUState *cpu, int enabled)
753 if (cpu->singlestep_enabled != enabled) {
754 cpu->singlestep_enabled = enabled;
756 kvm_update_guest_debug(cpu, 0);
758 /* must flush all the translated code to avoid inconsistencies */
759 /* XXX: only flush what is necessary */
760 CPUArchState *env = cpu->env_ptr;
766 void cpu_abort(CPUState *cpu, const char *fmt, ...)
773 fprintf(stderr, "qemu: fatal: ");
774 vfprintf(stderr, fmt, ap);
775 fprintf(stderr, "\n");
776 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
777 if (qemu_log_enabled()) {
778 qemu_log("qemu: fatal: ");
779 qemu_log_vprintf(fmt, ap2);
781 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
787 #if defined(CONFIG_USER_ONLY)
789 struct sigaction act;
790 sigfillset(&act.sa_mask);
791 act.sa_handler = SIG_DFL;
792 sigaction(SIGABRT, &act, NULL);
798 #if !defined(CONFIG_USER_ONLY)
799 /* Called from RCU critical section */
800 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
804 block = atomic_rcu_read(&ram_list.mru_block);
805 if (block && addr - block->offset < block->max_length) {
808 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
809 if (addr - block->offset < block->max_length) {
814 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
818 /* It is safe to write mru_block outside the iothread lock. This
823 * xxx removed from list
827 * call_rcu(reclaim_ramblock, xxx);
830 * atomic_rcu_set is not needed here. The block was already published
831 * when it was placed into the list. Here we're just making an extra
832 * copy of the pointer.
834 ram_list.mru_block = block;
838 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
844 end = TARGET_PAGE_ALIGN(start + length);
845 start &= TARGET_PAGE_MASK;
848 block = qemu_get_ram_block(start);
849 assert(block == qemu_get_ram_block(end - 1));
850 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
851 cpu_tlb_reset_dirty_all(start1, length);
855 /* Note: start and end must be within the same ram block. */
856 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
860 unsigned long end, page;
867 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
868 page = start >> TARGET_PAGE_BITS;
869 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
872 if (dirty && tcg_enabled()) {
873 tlb_reset_dirty_range_all(start, length);
879 /* Called from RCU critical section */
880 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
881 MemoryRegionSection *section,
883 hwaddr paddr, hwaddr xlat,
885 target_ulong *address)
890 if (memory_region_is_ram(section->mr)) {
892 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
894 if (!section->readonly) {
895 iotlb |= PHYS_SECTION_NOTDIRTY;
897 iotlb |= PHYS_SECTION_ROM;
900 iotlb = section - section->address_space->dispatch->map.sections;
904 /* Make accesses to pages with watchpoints go via the
905 watchpoint trap routines. */
906 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
907 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
908 /* Avoid trapping reads of pages with a write breakpoint. */
909 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
910 iotlb = PHYS_SECTION_WATCH + paddr;
911 *address |= TLB_MMIO;
919 #endif /* defined(CONFIG_USER_ONLY) */
921 #if !defined(CONFIG_USER_ONLY)
923 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
925 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
927 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
931 * Set a custom physical guest memory alloator.
932 * Accelerators with unusual needs may need this. Hopefully, we can
933 * get rid of it eventually.
935 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
937 phys_mem_alloc = alloc;
940 static uint16_t phys_section_add(PhysPageMap *map,
941 MemoryRegionSection *section)
943 /* The physical section number is ORed with a page-aligned
944 * pointer to produce the iotlb entries. Thus it should
945 * never overflow into the page-aligned value.
947 assert(map->sections_nb < TARGET_PAGE_SIZE);
949 if (map->sections_nb == map->sections_nb_alloc) {
950 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
951 map->sections = g_renew(MemoryRegionSection, map->sections,
952 map->sections_nb_alloc);
954 map->sections[map->sections_nb] = *section;
955 memory_region_ref(section->mr);
956 return map->sections_nb++;
959 static void phys_section_destroy(MemoryRegion *mr)
961 memory_region_unref(mr);
964 subpage_t *subpage = container_of(mr, subpage_t, iomem);
965 object_unref(OBJECT(&subpage->iomem));
970 static void phys_sections_free(PhysPageMap *map)
972 while (map->sections_nb > 0) {
973 MemoryRegionSection *section = &map->sections[--map->sections_nb];
974 phys_section_destroy(section->mr);
976 g_free(map->sections);
980 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
983 hwaddr base = section->offset_within_address_space
985 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
986 d->map.nodes, d->map.sections);
987 MemoryRegionSection subsection = {
988 .offset_within_address_space = base,
989 .size = int128_make64(TARGET_PAGE_SIZE),
993 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
995 if (!(existing->mr->subpage)) {
996 subpage = subpage_init(d->as, base);
997 subsection.address_space = d->as;
998 subsection.mr = &subpage->iomem;
999 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1000 phys_section_add(&d->map, &subsection));
1002 subpage = container_of(existing->mr, subpage_t, iomem);
1004 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1005 end = start + int128_get64(section->size) - 1;
1006 subpage_register(subpage, start, end,
1007 phys_section_add(&d->map, section));
1011 static void register_multipage(AddressSpaceDispatch *d,
1012 MemoryRegionSection *section)
1014 hwaddr start_addr = section->offset_within_address_space;
1015 uint16_t section_index = phys_section_add(&d->map, section);
1016 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1020 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1023 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1025 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1026 AddressSpaceDispatch *d = as->next_dispatch;
1027 MemoryRegionSection now = *section, remain = *section;
1028 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1030 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1031 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1032 - now.offset_within_address_space;
1034 now.size = int128_min(int128_make64(left), now.size);
1035 register_subpage(d, &now);
1037 now.size = int128_zero();
1039 while (int128_ne(remain.size, now.size)) {
1040 remain.size = int128_sub(remain.size, now.size);
1041 remain.offset_within_address_space += int128_get64(now.size);
1042 remain.offset_within_region += int128_get64(now.size);
1044 if (int128_lt(remain.size, page_size)) {
1045 register_subpage(d, &now);
1046 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1047 now.size = page_size;
1048 register_subpage(d, &now);
1050 now.size = int128_and(now.size, int128_neg(page_size));
1051 register_multipage(d, &now);
1056 void qemu_flush_coalesced_mmio_buffer(void)
1059 kvm_flush_coalesced_mmio_buffer();
1062 void qemu_mutex_lock_ramlist(void)
1064 qemu_mutex_lock(&ram_list.mutex);
1067 void qemu_mutex_unlock_ramlist(void)
1069 qemu_mutex_unlock(&ram_list.mutex);
1074 #include <sys/vfs.h>
1076 #define HUGETLBFS_MAGIC 0x958458f6
1078 static long gethugepagesize(const char *path, Error **errp)
1084 ret = statfs(path, &fs);
1085 } while (ret != 0 && errno == EINTR);
1088 error_setg_errno(errp, errno, "failed to get page size of file %s",
1093 if (fs.f_type != HUGETLBFS_MAGIC)
1094 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1099 static void *file_ram_alloc(RAMBlock *block,
1105 char *sanitized_name;
1110 Error *local_err = NULL;
1112 hpagesize = gethugepagesize(path, &local_err);
1114 error_propagate(errp, local_err);
1117 block->mr->align = hpagesize;
1119 if (memory < hpagesize) {
1120 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1121 "or larger than huge page size 0x%" PRIx64,
1126 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1128 "host lacks kvm mmu notifiers, -mem-path unsupported");
1132 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1133 sanitized_name = g_strdup(memory_region_name(block->mr));
1134 for (c = sanitized_name; *c != '\0'; c++) {
1139 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1141 g_free(sanitized_name);
1143 fd = mkstemp(filename);
1145 error_setg_errno(errp, errno,
1146 "unable to create backing store for hugepages");
1153 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1156 * ftruncate is not supported by hugetlbfs in older
1157 * hosts, so don't bother bailing out on errors.
1158 * If anything goes wrong with it under other filesystems,
1161 if (ftruncate(fd, memory)) {
1162 perror("ftruncate");
1165 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1166 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1168 if (area == MAP_FAILED) {
1169 error_setg_errno(errp, errno,
1170 "unable to map backing store for hugepages");
1176 os_mem_prealloc(fd, area, memory);
1184 error_report("%s", error_get_pretty(*errp));
1191 /* Called with the ramlist lock held. */
1192 static ram_addr_t find_ram_offset(ram_addr_t size)
1194 RAMBlock *block, *next_block;
1195 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1197 assert(size != 0); /* it would hand out same offset multiple times */
1199 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1203 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1204 ram_addr_t end, next = RAM_ADDR_MAX;
1206 end = block->offset + block->max_length;
1208 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1209 if (next_block->offset >= end) {
1210 next = MIN(next, next_block->offset);
1213 if (next - end >= size && next - end < mingap) {
1215 mingap = next - end;
1219 if (offset == RAM_ADDR_MAX) {
1220 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1228 ram_addr_t last_ram_offset(void)
1231 ram_addr_t last = 0;
1234 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1235 last = MAX(last, block->offset + block->max_length);
1241 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1245 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1246 if (!machine_dump_guest_core(current_machine)) {
1247 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1249 perror("qemu_madvise");
1250 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1251 "but dump_guest_core=off specified\n");
1256 /* Called within an RCU critical section, or while the ramlist lock
1259 static RAMBlock *find_ram_block(ram_addr_t addr)
1263 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1264 if (block->offset == addr) {
1272 /* Called with iothread lock held. */
1273 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1275 RAMBlock *new_block, *block;
1278 new_block = find_ram_block(addr);
1280 assert(!new_block->idstr[0]);
1283 char *id = qdev_get_dev_path(dev);
1285 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1289 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1291 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1292 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1293 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1301 /* Called with iothread lock held. */
1302 void qemu_ram_unset_idstr(ram_addr_t addr)
1306 /* FIXME: arch_init.c assumes that this is not called throughout
1307 * migration. Ignore the problem since hot-unplug during migration
1308 * does not work anyway.
1312 block = find_ram_block(addr);
1314 memset(block->idstr, 0, sizeof(block->idstr));
1319 static int memory_try_enable_merging(void *addr, size_t len)
1321 if (!machine_mem_merge(current_machine)) {
1322 /* disabled by the user */
1326 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1329 /* Only legal before guest might have detected the memory size: e.g. on
1330 * incoming migration, or right after reset.
1332 * As memory core doesn't know how is memory accessed, it is up to
1333 * resize callback to update device state and/or add assertions to detect
1334 * misuse, if necessary.
1336 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1338 RAMBlock *block = find_ram_block(base);
1342 newsize = TARGET_PAGE_ALIGN(newsize);
1344 if (block->used_length == newsize) {
1348 if (!(block->flags & RAM_RESIZEABLE)) {
1349 error_setg_errno(errp, EINVAL,
1350 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1351 " in != 0x" RAM_ADDR_FMT, block->idstr,
1352 newsize, block->used_length);
1356 if (block->max_length < newsize) {
1357 error_setg_errno(errp, EINVAL,
1358 "Length too large: %s: 0x" RAM_ADDR_FMT
1359 " > 0x" RAM_ADDR_FMT, block->idstr,
1360 newsize, block->max_length);
1364 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1365 block->used_length = newsize;
1366 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1368 memory_region_set_size(block->mr, newsize);
1369 if (block->resized) {
1370 block->resized(block->idstr, newsize, block->host);
1375 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1378 RAMBlock *last_block = NULL;
1379 ram_addr_t old_ram_size, new_ram_size;
1381 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1383 qemu_mutex_lock_ramlist();
1384 new_block->offset = find_ram_offset(new_block->max_length);
1386 if (!new_block->host) {
1387 if (xen_enabled()) {
1388 xen_ram_alloc(new_block->offset, new_block->max_length,
1391 new_block->host = phys_mem_alloc(new_block->max_length,
1392 &new_block->mr->align);
1393 if (!new_block->host) {
1394 error_setg_errno(errp, errno,
1395 "cannot set up guest memory '%s'",
1396 memory_region_name(new_block->mr));
1397 qemu_mutex_unlock_ramlist();
1400 memory_try_enable_merging(new_block->host, new_block->max_length);
1404 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1405 * QLIST (which has an RCU-friendly variant) does not have insertion at
1406 * tail, so save the last element in last_block.
1408 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1410 if (block->max_length < new_block->max_length) {
1415 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1416 } else if (last_block) {
1417 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1418 } else { /* list is empty */
1419 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1421 ram_list.mru_block = NULL;
1423 /* Write list before version */
1426 qemu_mutex_unlock_ramlist();
1428 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1430 if (new_ram_size > old_ram_size) {
1433 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1434 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1435 ram_list.dirty_memory[i] =
1436 bitmap_zero_extend(ram_list.dirty_memory[i],
1437 old_ram_size, new_ram_size);
1440 cpu_physical_memory_set_dirty_range(new_block->offset,
1441 new_block->used_length,
1444 if (new_block->host) {
1445 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1446 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1447 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1448 if (kvm_enabled()) {
1449 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1453 return new_block->offset;
1457 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1458 bool share, const char *mem_path,
1461 RAMBlock *new_block;
1463 Error *local_err = NULL;
1465 if (xen_enabled()) {
1466 error_setg(errp, "-mem-path not supported with Xen");
1470 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1472 * file_ram_alloc() needs to allocate just like
1473 * phys_mem_alloc, but we haven't bothered to provide
1477 "-mem-path not supported with this accelerator");
1481 size = TARGET_PAGE_ALIGN(size);
1482 new_block = g_malloc0(sizeof(*new_block));
1484 new_block->used_length = size;
1485 new_block->max_length = size;
1486 new_block->flags = share ? RAM_SHARED : 0;
1487 new_block->host = file_ram_alloc(new_block, size,
1489 if (!new_block->host) {
1494 addr = ram_block_add(new_block, &local_err);
1497 error_propagate(errp, local_err);
1505 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1506 void (*resized)(const char*,
1509 void *host, bool resizeable,
1510 MemoryRegion *mr, Error **errp)
1512 RAMBlock *new_block;
1514 Error *local_err = NULL;
1516 size = TARGET_PAGE_ALIGN(size);
1517 max_size = TARGET_PAGE_ALIGN(max_size);
1518 new_block = g_malloc0(sizeof(*new_block));
1520 new_block->resized = resized;
1521 new_block->used_length = size;
1522 new_block->max_length = max_size;
1523 assert(max_size >= size);
1525 new_block->host = host;
1527 new_block->flags |= RAM_PREALLOC;
1530 new_block->flags |= RAM_RESIZEABLE;
1532 addr = ram_block_add(new_block, &local_err);
1535 error_propagate(errp, local_err);
1541 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1542 MemoryRegion *mr, Error **errp)
1544 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1547 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1549 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1552 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1553 void (*resized)(const char*,
1556 MemoryRegion *mr, Error **errp)
1558 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1561 void qemu_ram_free_from_ptr(ram_addr_t addr)
1565 qemu_mutex_lock_ramlist();
1566 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1567 if (addr == block->offset) {
1568 QLIST_REMOVE_RCU(block, next);
1569 ram_list.mru_block = NULL;
1570 /* Write list before version */
1573 g_free_rcu(block, rcu);
1577 qemu_mutex_unlock_ramlist();
1580 static void reclaim_ramblock(RAMBlock *block)
1582 if (block->flags & RAM_PREALLOC) {
1584 } else if (xen_enabled()) {
1585 xen_invalidate_map_cache_entry(block->host);
1587 } else if (block->fd >= 0) {
1588 munmap(block->host, block->max_length);
1592 qemu_anon_ram_free(block->host, block->max_length);
1597 void qemu_ram_free(ram_addr_t addr)
1601 qemu_mutex_lock_ramlist();
1602 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1603 if (addr == block->offset) {
1604 QLIST_REMOVE_RCU(block, next);
1605 ram_list.mru_block = NULL;
1606 /* Write list before version */
1609 call_rcu(block, reclaim_ramblock, rcu);
1613 qemu_mutex_unlock_ramlist();
1617 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1624 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1625 offset = addr - block->offset;
1626 if (offset < block->max_length) {
1627 vaddr = ramblock_ptr(block, offset);
1628 if (block->flags & RAM_PREALLOC) {
1630 } else if (xen_enabled()) {
1634 if (block->fd >= 0) {
1635 flags |= (block->flags & RAM_SHARED ?
1636 MAP_SHARED : MAP_PRIVATE);
1637 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1638 flags, block->fd, offset);
1641 * Remap needs to match alloc. Accelerators that
1642 * set phys_mem_alloc never remap. If they did,
1643 * we'd need a remap hook here.
1645 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1647 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1648 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1651 if (area != vaddr) {
1652 fprintf(stderr, "Could not remap addr: "
1653 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1657 memory_try_enable_merging(vaddr, length);
1658 qemu_ram_setup_dump(vaddr, length);
1663 #endif /* !_WIN32 */
1665 int qemu_get_ram_fd(ram_addr_t addr)
1671 block = qemu_get_ram_block(addr);
1677 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1683 block = qemu_get_ram_block(addr);
1684 ptr = ramblock_ptr(block, 0);
1689 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1690 * This should not be used for general purpose DMA. Use address_space_map
1691 * or address_space_rw instead. For local memory (e.g. video ram) that the
1692 * device owns, use memory_region_get_ram_ptr.
1694 * By the time this function returns, the returned pointer is not protected
1695 * by RCU anymore. If the caller is not within an RCU critical section and
1696 * does not hold the iothread lock, it must have other means of protecting the
1697 * pointer, such as a reference to the region that includes the incoming
1700 void *qemu_get_ram_ptr(ram_addr_t addr)
1706 block = qemu_get_ram_block(addr);
1708 if (xen_enabled() && block->host == NULL) {
1709 /* We need to check if the requested address is in the RAM
1710 * because we don't want to map the entire memory in QEMU.
1711 * In that case just map until the end of the page.
1713 if (block->offset == 0) {
1714 ptr = xen_map_cache(addr, 0, 0);
1718 block->host = xen_map_cache(block->offset, block->max_length, 1);
1720 ptr = ramblock_ptr(block, addr - block->offset);
1727 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1728 * but takes a size argument.
1730 * By the time this function returns, the returned pointer is not protected
1731 * by RCU anymore. If the caller is not within an RCU critical section and
1732 * does not hold the iothread lock, it must have other means of protecting the
1733 * pointer, such as a reference to the region that includes the incoming
1736 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1742 if (xen_enabled()) {
1743 return xen_map_cache(addr, *size, 1);
1747 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1748 if (addr - block->offset < block->max_length) {
1749 if (addr - block->offset + *size > block->max_length)
1750 *size = block->max_length - addr + block->offset;
1751 ptr = ramblock_ptr(block, addr - block->offset);
1757 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1762 /* Some of the softmmu routines need to translate from a host pointer
1763 * (typically a TLB entry) back to a ram offset.
1765 * By the time this function returns, the returned pointer is not protected
1766 * by RCU anymore. If the caller is not within an RCU critical section and
1767 * does not hold the iothread lock, it must have other means of protecting the
1768 * pointer, such as a reference to the region that includes the incoming
1771 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1774 uint8_t *host = ptr;
1777 if (xen_enabled()) {
1779 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1780 mr = qemu_get_ram_block(*ram_addr)->mr;
1786 block = atomic_rcu_read(&ram_list.mru_block);
1787 if (block && block->host && host - block->host < block->max_length) {
1791 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1792 /* This case append when the block is not mapped. */
1793 if (block->host == NULL) {
1796 if (host - block->host < block->max_length) {
1805 *ram_addr = block->offset + (host - block->host);
1811 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1812 uint64_t val, unsigned size)
1814 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1815 tb_invalidate_phys_page_fast(ram_addr, size);
1819 stb_p(qemu_get_ram_ptr(ram_addr), val);
1822 stw_p(qemu_get_ram_ptr(ram_addr), val);
1825 stl_p(qemu_get_ram_ptr(ram_addr), val);
1830 /* Set both VGA and migration bits for simplicity and to remove
1831 * the notdirty callback faster.
1833 cpu_physical_memory_set_dirty_range(ram_addr, size,
1834 DIRTY_CLIENTS_NOCODE);
1835 /* we remove the notdirty callback only if the code has been
1837 if (!cpu_physical_memory_is_clean(ram_addr)) {
1838 CPUArchState *env = current_cpu->env_ptr;
1839 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1843 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1844 unsigned size, bool is_write)
1849 static const MemoryRegionOps notdirty_mem_ops = {
1850 .write = notdirty_mem_write,
1851 .valid.accepts = notdirty_mem_accepts,
1852 .endianness = DEVICE_NATIVE_ENDIAN,
1855 /* Generate a debug exception if a watchpoint has been hit. */
1856 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1858 CPUState *cpu = current_cpu;
1859 CPUArchState *env = cpu->env_ptr;
1860 target_ulong pc, cs_base;
1865 if (cpu->watchpoint_hit) {
1866 /* We re-entered the check after replacing the TB. Now raise
1867 * the debug interrupt so that is will trigger after the
1868 * current instruction. */
1869 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1872 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1873 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1874 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1875 && (wp->flags & flags)) {
1876 if (flags == BP_MEM_READ) {
1877 wp->flags |= BP_WATCHPOINT_HIT_READ;
1879 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1881 wp->hitaddr = vaddr;
1882 wp->hitattrs = attrs;
1883 if (!cpu->watchpoint_hit) {
1884 cpu->watchpoint_hit = wp;
1885 tb_check_watchpoint(cpu);
1886 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1887 cpu->exception_index = EXCP_DEBUG;
1890 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1891 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1892 cpu_resume_from_signal(cpu, NULL);
1896 wp->flags &= ~BP_WATCHPOINT_HIT;
1901 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1902 so these check for a hit then pass through to the normal out-of-line
1904 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1905 unsigned size, MemTxAttrs attrs)
1910 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1913 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1916 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1919 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1927 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1928 uint64_t val, unsigned size,
1933 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1936 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1939 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1942 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1949 static const MemoryRegionOps watch_mem_ops = {
1950 .read_with_attrs = watch_mem_read,
1951 .write_with_attrs = watch_mem_write,
1952 .endianness = DEVICE_NATIVE_ENDIAN,
1955 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1956 unsigned len, MemTxAttrs attrs)
1958 subpage_t *subpage = opaque;
1962 #if defined(DEBUG_SUBPAGE)
1963 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1964 subpage, len, addr);
1966 res = address_space_read(subpage->as, addr + subpage->base,
1973 *data = ldub_p(buf);
1976 *data = lduw_p(buf);
1989 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1990 uint64_t value, unsigned len, MemTxAttrs attrs)
1992 subpage_t *subpage = opaque;
1995 #if defined(DEBUG_SUBPAGE)
1996 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1997 " value %"PRIx64"\n",
1998 __func__, subpage, len, addr, value);
2016 return address_space_write(subpage->as, addr + subpage->base,
2020 static bool subpage_accepts(void *opaque, hwaddr addr,
2021 unsigned len, bool is_write)
2023 subpage_t *subpage = opaque;
2024 #if defined(DEBUG_SUBPAGE)
2025 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2026 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2029 return address_space_access_valid(subpage->as, addr + subpage->base,
2033 static const MemoryRegionOps subpage_ops = {
2034 .read_with_attrs = subpage_read,
2035 .write_with_attrs = subpage_write,
2036 .impl.min_access_size = 1,
2037 .impl.max_access_size = 8,
2038 .valid.min_access_size = 1,
2039 .valid.max_access_size = 8,
2040 .valid.accepts = subpage_accepts,
2041 .endianness = DEVICE_NATIVE_ENDIAN,
2044 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2049 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2051 idx = SUBPAGE_IDX(start);
2052 eidx = SUBPAGE_IDX(end);
2053 #if defined(DEBUG_SUBPAGE)
2054 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2055 __func__, mmio, start, end, idx, eidx, section);
2057 for (; idx <= eidx; idx++) {
2058 mmio->sub_section[idx] = section;
2064 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2068 mmio = g_malloc0(sizeof(subpage_t));
2072 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2073 NULL, TARGET_PAGE_SIZE);
2074 mmio->iomem.subpage = true;
2075 #if defined(DEBUG_SUBPAGE)
2076 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2077 mmio, base, TARGET_PAGE_SIZE);
2079 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2084 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2088 MemoryRegionSection section = {
2089 .address_space = as,
2091 .offset_within_address_space = 0,
2092 .offset_within_region = 0,
2093 .size = int128_2_64(),
2096 return phys_section_add(map, §ion);
2099 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2101 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2102 MemoryRegionSection *sections = d->map.sections;
2104 return sections[index & ~TARGET_PAGE_MASK].mr;
2107 static void io_mem_init(void)
2109 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2110 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2112 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2114 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2118 static void mem_begin(MemoryListener *listener)
2120 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2121 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2124 n = dummy_section(&d->map, as, &io_mem_unassigned);
2125 assert(n == PHYS_SECTION_UNASSIGNED);
2126 n = dummy_section(&d->map, as, &io_mem_notdirty);
2127 assert(n == PHYS_SECTION_NOTDIRTY);
2128 n = dummy_section(&d->map, as, &io_mem_rom);
2129 assert(n == PHYS_SECTION_ROM);
2130 n = dummy_section(&d->map, as, &io_mem_watch);
2131 assert(n == PHYS_SECTION_WATCH);
2133 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2135 as->next_dispatch = d;
2138 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2140 phys_sections_free(&d->map);
2144 static void mem_commit(MemoryListener *listener)
2146 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2147 AddressSpaceDispatch *cur = as->dispatch;
2148 AddressSpaceDispatch *next = as->next_dispatch;
2150 phys_page_compact_all(next, next->map.nodes_nb);
2152 atomic_rcu_set(&as->dispatch, next);
2154 call_rcu(cur, address_space_dispatch_free, rcu);
2158 static void tcg_commit(MemoryListener *listener)
2162 /* since each CPU stores ram addresses in its TLB cache, we must
2163 reset the modified entries */
2166 /* FIXME: Disentangle the cpu.h circular files deps so we can
2167 directly get the right CPU from listener. */
2168 if (cpu->tcg_as_listener != listener) {
2171 cpu_reload_memory_map(cpu);
2175 void address_space_init_dispatch(AddressSpace *as)
2177 as->dispatch = NULL;
2178 as->dispatch_listener = (MemoryListener) {
2180 .commit = mem_commit,
2181 .region_add = mem_add,
2182 .region_nop = mem_add,
2185 memory_listener_register(&as->dispatch_listener, as);
2188 void address_space_unregister(AddressSpace *as)
2190 memory_listener_unregister(&as->dispatch_listener);
2193 void address_space_destroy_dispatch(AddressSpace *as)
2195 AddressSpaceDispatch *d = as->dispatch;
2197 atomic_rcu_set(&as->dispatch, NULL);
2199 call_rcu(d, address_space_dispatch_free, rcu);
2203 static void memory_map_init(void)
2205 system_memory = g_malloc(sizeof(*system_memory));
2207 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2208 address_space_init(&address_space_memory, system_memory, "memory");
2210 system_io = g_malloc(sizeof(*system_io));
2211 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2213 address_space_init(&address_space_io, system_io, "I/O");
2216 MemoryRegion *get_system_memory(void)
2218 return system_memory;
2221 MemoryRegion *get_system_io(void)
2226 #endif /* !defined(CONFIG_USER_ONLY) */
2228 /* physical memory access (slow version, mainly for debug) */
2229 #if defined(CONFIG_USER_ONLY)
2230 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2231 uint8_t *buf, int len, int is_write)
2238 page = addr & TARGET_PAGE_MASK;
2239 l = (page + TARGET_PAGE_SIZE) - addr;
2242 flags = page_get_flags(page);
2243 if (!(flags & PAGE_VALID))
2246 if (!(flags & PAGE_WRITE))
2248 /* XXX: this code should not depend on lock_user */
2249 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2252 unlock_user(p, addr, l);
2254 if (!(flags & PAGE_READ))
2256 /* XXX: this code should not depend on lock_user */
2257 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2260 unlock_user(p, addr, 0);
2271 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2274 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2275 /* No early return if dirty_log_mask is or becomes 0, because
2276 * cpu_physical_memory_set_dirty_range will still call
2277 * xen_modified_memory.
2279 if (dirty_log_mask) {
2281 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2283 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2284 tb_invalidate_phys_range(addr, addr + length);
2285 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2287 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2290 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2292 unsigned access_size_max = mr->ops->valid.max_access_size;
2294 /* Regions are assumed to support 1-4 byte accesses unless
2295 otherwise specified. */
2296 if (access_size_max == 0) {
2297 access_size_max = 4;
2300 /* Bound the maximum access by the alignment of the address. */
2301 if (!mr->ops->impl.unaligned) {
2302 unsigned align_size_max = addr & -addr;
2303 if (align_size_max != 0 && align_size_max < access_size_max) {
2304 access_size_max = align_size_max;
2308 /* Don't attempt accesses larger than the maximum. */
2309 if (l > access_size_max) {
2310 l = access_size_max;
2313 l = 1 << (qemu_fls(l) - 1);
2319 static void prepare_mmio_access(MemoryRegion *mr)
2321 if (mr->flush_coalesced_mmio) {
2322 qemu_flush_coalesced_mmio_buffer();
2326 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2327 uint8_t *buf, int len, bool is_write)
2334 MemTxResult result = MEMTX_OK;
2339 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2342 if (!memory_access_is_direct(mr, is_write)) {
2343 prepare_mmio_access(mr);
2344 l = memory_access_size(mr, l, addr1);
2345 /* XXX: could force current_cpu to NULL to avoid
2349 /* 64 bit write access */
2351 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2355 /* 32 bit write access */
2357 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2361 /* 16 bit write access */
2363 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2367 /* 8 bit write access */
2369 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2376 addr1 += memory_region_get_ram_addr(mr);
2378 ptr = qemu_get_ram_ptr(addr1);
2379 memcpy(ptr, buf, l);
2380 invalidate_and_set_dirty(mr, addr1, l);
2383 if (!memory_access_is_direct(mr, is_write)) {
2385 prepare_mmio_access(mr);
2386 l = memory_access_size(mr, l, addr1);
2389 /* 64 bit read access */
2390 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2395 /* 32 bit read access */
2396 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2401 /* 16 bit read access */
2402 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2407 /* 8 bit read access */
2408 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2417 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2418 memcpy(buf, ptr, l);
2430 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2431 const uint8_t *buf, int len)
2433 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2436 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2437 uint8_t *buf, int len)
2439 return address_space_rw(as, addr, attrs, buf, len, false);
2443 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2444 int len, int is_write)
2446 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2447 buf, len, is_write);
2450 enum write_rom_type {
2455 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2456 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2466 mr = address_space_translate(as, addr, &addr1, &l, true);
2468 if (!(memory_region_is_ram(mr) ||
2469 memory_region_is_romd(mr))) {
2472 addr1 += memory_region_get_ram_addr(mr);
2474 ptr = qemu_get_ram_ptr(addr1);
2477 memcpy(ptr, buf, l);
2478 invalidate_and_set_dirty(mr, addr1, l);
2481 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2492 /* used for ROM loading : can write in RAM and ROM */
2493 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2494 const uint8_t *buf, int len)
2496 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2499 void cpu_flush_icache_range(hwaddr start, int len)
2502 * This function should do the same thing as an icache flush that was
2503 * triggered from within the guest. For TCG we are always cache coherent,
2504 * so there is no need to flush anything. For KVM / Xen we need to flush
2505 * the host's instruction cache at least.
2507 if (tcg_enabled()) {
2511 cpu_physical_memory_write_rom_internal(&address_space_memory,
2512 start, NULL, len, FLUSH_CACHE);
2523 static BounceBuffer bounce;
2525 typedef struct MapClient {
2527 QLIST_ENTRY(MapClient) link;
2530 QemuMutex map_client_list_lock;
2531 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2532 = QLIST_HEAD_INITIALIZER(map_client_list);
2534 static void cpu_unregister_map_client_do(MapClient *client)
2536 QLIST_REMOVE(client, link);
2540 static void cpu_notify_map_clients_locked(void)
2544 while (!QLIST_EMPTY(&map_client_list)) {
2545 client = QLIST_FIRST(&map_client_list);
2546 qemu_bh_schedule(client->bh);
2547 cpu_unregister_map_client_do(client);
2551 void cpu_register_map_client(QEMUBH *bh)
2553 MapClient *client = g_malloc(sizeof(*client));
2555 qemu_mutex_lock(&map_client_list_lock);
2557 QLIST_INSERT_HEAD(&map_client_list, client, link);
2558 if (!atomic_read(&bounce.in_use)) {
2559 cpu_notify_map_clients_locked();
2561 qemu_mutex_unlock(&map_client_list_lock);
2564 void cpu_exec_init_all(void)
2566 qemu_mutex_init(&ram_list.mutex);
2569 qemu_mutex_init(&map_client_list_lock);
2572 void cpu_unregister_map_client(QEMUBH *bh)
2576 qemu_mutex_lock(&map_client_list_lock);
2577 QLIST_FOREACH(client, &map_client_list, link) {
2578 if (client->bh == bh) {
2579 cpu_unregister_map_client_do(client);
2583 qemu_mutex_unlock(&map_client_list_lock);
2586 static void cpu_notify_map_clients(void)
2588 qemu_mutex_lock(&map_client_list_lock);
2589 cpu_notify_map_clients_locked();
2590 qemu_mutex_unlock(&map_client_list_lock);
2593 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2601 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2602 if (!memory_access_is_direct(mr, is_write)) {
2603 l = memory_access_size(mr, l, addr);
2604 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2616 /* Map a physical memory region into a host virtual address.
2617 * May map a subset of the requested range, given by and returned in *plen.
2618 * May return NULL if resources needed to perform the mapping are exhausted.
2619 * Use only for reads OR writes - not for read-modify-write operations.
2620 * Use cpu_register_map_client() to know when retrying the map operation is
2621 * likely to succeed.
2623 void *address_space_map(AddressSpace *as,
2630 hwaddr l, xlat, base;
2631 MemoryRegion *mr, *this_mr;
2640 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2642 if (!memory_access_is_direct(mr, is_write)) {
2643 if (atomic_xchg(&bounce.in_use, true)) {
2647 /* Avoid unbounded allocations */
2648 l = MIN(l, TARGET_PAGE_SIZE);
2649 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2653 memory_region_ref(mr);
2656 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2662 return bounce.buffer;
2666 raddr = memory_region_get_ram_addr(mr);
2677 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2678 if (this_mr != mr || xlat != base + done) {
2683 memory_region_ref(mr);
2686 return qemu_ram_ptr_length(raddr + base, plen);
2689 /* Unmaps a memory region previously mapped by address_space_map().
2690 * Will also mark the memory as dirty if is_write == 1. access_len gives
2691 * the amount of memory that was actually read or written by the caller.
2693 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2694 int is_write, hwaddr access_len)
2696 if (buffer != bounce.buffer) {
2700 mr = qemu_ram_addr_from_host(buffer, &addr1);
2703 invalidate_and_set_dirty(mr, addr1, access_len);
2705 if (xen_enabled()) {
2706 xen_invalidate_map_cache_entry(buffer);
2708 memory_region_unref(mr);
2712 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2713 bounce.buffer, access_len);
2715 qemu_vfree(bounce.buffer);
2716 bounce.buffer = NULL;
2717 memory_region_unref(bounce.mr);
2718 atomic_mb_set(&bounce.in_use, false);
2719 cpu_notify_map_clients();
2722 void *cpu_physical_memory_map(hwaddr addr,
2726 return address_space_map(&address_space_memory, addr, plen, is_write);
2729 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2730 int is_write, hwaddr access_len)
2732 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2735 /* warning: addr must be aligned */
2736 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2738 MemTxResult *result,
2739 enum device_endian endian)
2749 mr = address_space_translate(as, addr, &addr1, &l, false);
2750 if (l < 4 || !memory_access_is_direct(mr, false)) {
2751 prepare_mmio_access(mr);
2754 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2755 #if defined(TARGET_WORDS_BIGENDIAN)
2756 if (endian == DEVICE_LITTLE_ENDIAN) {
2760 if (endian == DEVICE_BIG_ENDIAN) {
2766 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2770 case DEVICE_LITTLE_ENDIAN:
2771 val = ldl_le_p(ptr);
2773 case DEVICE_BIG_ENDIAN:
2774 val = ldl_be_p(ptr);
2789 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2790 MemTxAttrs attrs, MemTxResult *result)
2792 return address_space_ldl_internal(as, addr, attrs, result,
2793 DEVICE_NATIVE_ENDIAN);
2796 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2797 MemTxAttrs attrs, MemTxResult *result)
2799 return address_space_ldl_internal(as, addr, attrs, result,
2800 DEVICE_LITTLE_ENDIAN);
2803 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2804 MemTxAttrs attrs, MemTxResult *result)
2806 return address_space_ldl_internal(as, addr, attrs, result,
2810 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2812 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2815 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2817 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2820 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2822 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2825 /* warning: addr must be aligned */
2826 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2828 MemTxResult *result,
2829 enum device_endian endian)
2839 mr = address_space_translate(as, addr, &addr1, &l,
2841 if (l < 8 || !memory_access_is_direct(mr, false)) {
2842 prepare_mmio_access(mr);
2845 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2846 #if defined(TARGET_WORDS_BIGENDIAN)
2847 if (endian == DEVICE_LITTLE_ENDIAN) {
2851 if (endian == DEVICE_BIG_ENDIAN) {
2857 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2861 case DEVICE_LITTLE_ENDIAN:
2862 val = ldq_le_p(ptr);
2864 case DEVICE_BIG_ENDIAN:
2865 val = ldq_be_p(ptr);
2880 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2881 MemTxAttrs attrs, MemTxResult *result)
2883 return address_space_ldq_internal(as, addr, attrs, result,
2884 DEVICE_NATIVE_ENDIAN);
2887 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2888 MemTxAttrs attrs, MemTxResult *result)
2890 return address_space_ldq_internal(as, addr, attrs, result,
2891 DEVICE_LITTLE_ENDIAN);
2894 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2895 MemTxAttrs attrs, MemTxResult *result)
2897 return address_space_ldq_internal(as, addr, attrs, result,
2901 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2903 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2906 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2908 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2911 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2913 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2917 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2918 MemTxAttrs attrs, MemTxResult *result)
2923 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2930 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2932 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2935 /* warning: addr must be aligned */
2936 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2939 MemTxResult *result,
2940 enum device_endian endian)
2950 mr = address_space_translate(as, addr, &addr1, &l,
2952 if (l < 2 || !memory_access_is_direct(mr, false)) {
2953 prepare_mmio_access(mr);
2956 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2957 #if defined(TARGET_WORDS_BIGENDIAN)
2958 if (endian == DEVICE_LITTLE_ENDIAN) {
2962 if (endian == DEVICE_BIG_ENDIAN) {
2968 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2972 case DEVICE_LITTLE_ENDIAN:
2973 val = lduw_le_p(ptr);
2975 case DEVICE_BIG_ENDIAN:
2976 val = lduw_be_p(ptr);
2991 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
2992 MemTxAttrs attrs, MemTxResult *result)
2994 return address_space_lduw_internal(as, addr, attrs, result,
2995 DEVICE_NATIVE_ENDIAN);
2998 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
2999 MemTxAttrs attrs, MemTxResult *result)
3001 return address_space_lduw_internal(as, addr, attrs, result,
3002 DEVICE_LITTLE_ENDIAN);
3005 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3006 MemTxAttrs attrs, MemTxResult *result)
3008 return address_space_lduw_internal(as, addr, attrs, result,
3012 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3014 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3017 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3019 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3022 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3024 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3027 /* warning: addr must be aligned. The ram page is not masked as dirty
3028 and the code inside is not invalidated. It is useful if the dirty
3029 bits are used to track modified PTEs */
3030 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3031 MemTxAttrs attrs, MemTxResult *result)
3038 uint8_t dirty_log_mask;
3041 mr = address_space_translate(as, addr, &addr1, &l,
3043 if (l < 4 || !memory_access_is_direct(mr, true)) {
3044 prepare_mmio_access(mr);
3046 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3048 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3049 ptr = qemu_get_ram_ptr(addr1);
3052 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3053 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3054 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3063 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3065 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3068 /* warning: addr must be aligned */
3069 static inline void address_space_stl_internal(AddressSpace *as,
3070 hwaddr addr, uint32_t val,
3072 MemTxResult *result,
3073 enum device_endian endian)
3082 mr = address_space_translate(as, addr, &addr1, &l,
3084 if (l < 4 || !memory_access_is_direct(mr, true)) {
3085 prepare_mmio_access(mr);
3087 #if defined(TARGET_WORDS_BIGENDIAN)
3088 if (endian == DEVICE_LITTLE_ENDIAN) {
3092 if (endian == DEVICE_BIG_ENDIAN) {
3096 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3099 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3100 ptr = qemu_get_ram_ptr(addr1);
3102 case DEVICE_LITTLE_ENDIAN:
3105 case DEVICE_BIG_ENDIAN:
3112 invalidate_and_set_dirty(mr, addr1, 4);
3121 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3122 MemTxAttrs attrs, MemTxResult *result)
3124 address_space_stl_internal(as, addr, val, attrs, result,
3125 DEVICE_NATIVE_ENDIAN);
3128 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3129 MemTxAttrs attrs, MemTxResult *result)
3131 address_space_stl_internal(as, addr, val, attrs, result,
3132 DEVICE_LITTLE_ENDIAN);
3135 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3136 MemTxAttrs attrs, MemTxResult *result)
3138 address_space_stl_internal(as, addr, val, attrs, result,
3142 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3144 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3147 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3149 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3152 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3154 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3158 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3159 MemTxAttrs attrs, MemTxResult *result)
3164 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3170 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3172 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3175 /* warning: addr must be aligned */
3176 static inline void address_space_stw_internal(AddressSpace *as,
3177 hwaddr addr, uint32_t val,
3179 MemTxResult *result,
3180 enum device_endian endian)
3189 mr = address_space_translate(as, addr, &addr1, &l, true);
3190 if (l < 2 || !memory_access_is_direct(mr, true)) {
3191 prepare_mmio_access(mr);
3193 #if defined(TARGET_WORDS_BIGENDIAN)
3194 if (endian == DEVICE_LITTLE_ENDIAN) {
3198 if (endian == DEVICE_BIG_ENDIAN) {
3202 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3205 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3206 ptr = qemu_get_ram_ptr(addr1);
3208 case DEVICE_LITTLE_ENDIAN:
3211 case DEVICE_BIG_ENDIAN:
3218 invalidate_and_set_dirty(mr, addr1, 2);
3227 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3228 MemTxAttrs attrs, MemTxResult *result)
3230 address_space_stw_internal(as, addr, val, attrs, result,
3231 DEVICE_NATIVE_ENDIAN);
3234 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3235 MemTxAttrs attrs, MemTxResult *result)
3237 address_space_stw_internal(as, addr, val, attrs, result,
3238 DEVICE_LITTLE_ENDIAN);
3241 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3242 MemTxAttrs attrs, MemTxResult *result)
3244 address_space_stw_internal(as, addr, val, attrs, result,
3248 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3250 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3253 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3255 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3258 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3260 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3264 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3265 MemTxAttrs attrs, MemTxResult *result)
3269 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3275 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3276 MemTxAttrs attrs, MemTxResult *result)
3279 val = cpu_to_le64(val);
3280 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3285 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3286 MemTxAttrs attrs, MemTxResult *result)
3289 val = cpu_to_be64(val);
3290 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3296 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3298 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3301 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3303 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3306 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3308 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3311 /* virtual memory access for debug (includes writing to ROM) */
3312 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3313 uint8_t *buf, int len, int is_write)
3320 page = addr & TARGET_PAGE_MASK;
3321 phys_addr = cpu_get_phys_page_debug(cpu, page);
3322 /* if no physical page mapped, return an error */
3323 if (phys_addr == -1)
3325 l = (page + TARGET_PAGE_SIZE) - addr;
3328 phys_addr += (addr & ~TARGET_PAGE_MASK);
3330 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3332 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3344 * A helper function for the _utterly broken_ virtio device model to find out if
3345 * it's running on a big endian machine. Don't do this at home kids!
3347 bool target_words_bigendian(void);
3348 bool target_words_bigendian(void)
3350 #if defined(TARGET_WORDS_BIGENDIAN)
3357 #ifndef CONFIG_USER_ONLY
3358 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3365 mr = address_space_translate(&address_space_memory,
3366 phys_addr, &phys_addr, &l, false);
3368 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3373 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3379 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3380 ret = func(block->idstr, block->host, block->offset,
3381 block->used_length, opaque);
projects / qemu.git / blob