4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_UNASSIGNED
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
58 static int in_migration;
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
67 DMAContext dma_context_memory;
69 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
70 static MemoryRegion io_mem_subpage_ram;
74 CPUArchState *first_cpu;
75 /* current CPU in the current thread. It is only valid inside
77 DEFINE_TLS(CPUArchState *,cpu_single_env);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
83 #if !defined(CONFIG_USER_ONLY)
85 static MemoryRegionSection *phys_sections;
86 static unsigned phys_sections_nb, phys_sections_nb_alloc;
87 static uint16_t phys_section_unassigned;
88 static uint16_t phys_section_notdirty;
89 static uint16_t phys_section_rom;
90 static uint16_t phys_section_watch;
92 /* Simple allocator for PhysPageEntry nodes */
93 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
94 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
96 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
98 static void io_mem_init(void);
99 static void memory_map_init(void);
100 static void *qemu_safe_ram_ptr(ram_addr_t addr);
102 static MemoryRegion io_mem_watch;
105 #if !defined(CONFIG_USER_ONLY)
107 static void phys_map_node_reserve(unsigned nodes)
109 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
110 typedef PhysPageEntry Node[L2_SIZE];
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
112 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
113 phys_map_nodes_nb + nodes);
114 phys_map_nodes = g_renew(Node, phys_map_nodes,
115 phys_map_nodes_nb_alloc);
119 static uint16_t phys_map_node_alloc(void)
124 ret = phys_map_nodes_nb++;
125 assert(ret != PHYS_MAP_NODE_NIL);
126 assert(ret != phys_map_nodes_nb_alloc);
127 for (i = 0; i < L2_SIZE; ++i) {
128 phys_map_nodes[ret][i].is_leaf = 0;
129 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
134 static void phys_map_nodes_reset(void)
136 phys_map_nodes_nb = 0;
140 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
141 hwaddr *nb, uint16_t leaf,
146 hwaddr step = (hwaddr)1 << (level * L2_BITS);
148 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
149 lp->ptr = phys_map_node_alloc();
150 p = phys_map_nodes[lp->ptr];
152 for (i = 0; i < L2_SIZE; i++) {
154 p[i].ptr = phys_section_unassigned;
158 p = phys_map_nodes[lp->ptr];
160 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
162 while (*nb && lp < &p[L2_SIZE]) {
163 if ((*index & (step - 1)) == 0 && *nb >= step) {
169 phys_page_set_level(lp, index, nb, leaf, level - 1);
175 static void phys_page_set(AddressSpaceDispatch *d,
176 hwaddr index, hwaddr nb,
179 /* Wildly overreserve - it doesn't matter much. */
180 phys_map_node_reserve(3 * P_L2_LEVELS);
182 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
185 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
187 PhysPageEntry lp = d->phys_map;
190 uint16_t s_index = phys_section_unassigned;
192 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
193 if (lp.ptr == PHYS_MAP_NODE_NIL) {
196 p = phys_map_nodes[lp.ptr];
197 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
202 return &phys_sections[s_index];
205 bool memory_region_is_unassigned(MemoryRegion *mr)
207 return mr != &io_mem_ram && mr != &io_mem_rom
208 && mr != &io_mem_notdirty && !mr->rom_device
209 && mr != &io_mem_watch;
213 void cpu_exec_init_all(void)
215 #if !defined(CONFIG_USER_ONLY)
216 qemu_mutex_init(&ram_list.mutex);
222 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
224 static int cpu_common_post_load(void *opaque, int version_id)
226 CPUArchState *env = opaque;
228 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
229 version_id is increased. */
230 env->interrupt_request &= ~0x01;
236 static const VMStateDescription vmstate_cpu_common = {
237 .name = "cpu_common",
239 .minimum_version_id = 1,
240 .minimum_version_id_old = 1,
241 .post_load = cpu_common_post_load,
242 .fields = (VMStateField []) {
243 VMSTATE_UINT32(halted, CPUArchState),
244 VMSTATE_UINT32(interrupt_request, CPUArchState),
245 VMSTATE_END_OF_LIST()
250 CPUState *qemu_get_cpu(int index)
252 CPUArchState *env = first_cpu;
253 CPUState *cpu = NULL;
256 cpu = ENV_GET_CPU(env);
257 if (cpu->cpu_index == index) {
266 void cpu_exec_init(CPUArchState *env)
268 CPUState *cpu = ENV_GET_CPU(env);
272 #if defined(CONFIG_USER_ONLY)
275 env->next_cpu = NULL;
278 while (*penv != NULL) {
279 penv = &(*penv)->next_cpu;
282 cpu->cpu_index = cpu_index;
284 QTAILQ_INIT(&env->breakpoints);
285 QTAILQ_INIT(&env->watchpoints);
286 #ifndef CONFIG_USER_ONLY
287 cpu->thread_id = qemu_get_thread_id();
290 #if defined(CONFIG_USER_ONLY)
293 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
294 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
295 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
296 cpu_save, cpu_load, env);
300 #if defined(TARGET_HAS_ICE)
301 #if defined(CONFIG_USER_ONLY)
302 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
304 tb_invalidate_phys_page_range(pc, pc + 1, 0);
307 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
309 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
310 (pc & ~TARGET_PAGE_MASK));
313 #endif /* TARGET_HAS_ICE */
315 #if defined(CONFIG_USER_ONLY)
316 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
321 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
322 int flags, CPUWatchpoint **watchpoint)
327 /* Add a watchpoint. */
328 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
329 int flags, CPUWatchpoint **watchpoint)
331 target_ulong len_mask = ~(len - 1);
334 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
335 if ((len & (len - 1)) || (addr & ~len_mask) ||
336 len == 0 || len > TARGET_PAGE_SIZE) {
337 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
338 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
341 wp = g_malloc(sizeof(*wp));
344 wp->len_mask = len_mask;
347 /* keep all GDB-injected watchpoints in front */
349 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
351 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
353 tlb_flush_page(env, addr);
360 /* Remove a specific watchpoint. */
361 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
364 target_ulong len_mask = ~(len - 1);
367 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
368 if (addr == wp->vaddr && len_mask == wp->len_mask
369 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
370 cpu_watchpoint_remove_by_ref(env, wp);
377 /* Remove a specific watchpoint by reference. */
378 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
380 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
382 tlb_flush_page(env, watchpoint->vaddr);
387 /* Remove all matching watchpoints. */
388 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
390 CPUWatchpoint *wp, *next;
392 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
393 if (wp->flags & mask)
394 cpu_watchpoint_remove_by_ref(env, wp);
399 /* Add a breakpoint. */
400 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
401 CPUBreakpoint **breakpoint)
403 #if defined(TARGET_HAS_ICE)
406 bp = g_malloc(sizeof(*bp));
411 /* keep all GDB-injected breakpoints in front */
413 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
415 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
417 breakpoint_invalidate(env, pc);
427 /* Remove a specific breakpoint. */
428 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
430 #if defined(TARGET_HAS_ICE)
433 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
434 if (bp->pc == pc && bp->flags == flags) {
435 cpu_breakpoint_remove_by_ref(env, bp);
445 /* Remove a specific breakpoint by reference. */
446 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
448 #if defined(TARGET_HAS_ICE)
449 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
451 breakpoint_invalidate(env, breakpoint->pc);
457 /* Remove all matching breakpoints. */
458 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
460 #if defined(TARGET_HAS_ICE)
461 CPUBreakpoint *bp, *next;
463 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
464 if (bp->flags & mask)
465 cpu_breakpoint_remove_by_ref(env, bp);
470 /* enable or disable single step mode. EXCP_DEBUG is returned by the
471 CPU loop after each instruction */
472 void cpu_single_step(CPUArchState *env, int enabled)
474 #if defined(TARGET_HAS_ICE)
475 if (env->singlestep_enabled != enabled) {
476 env->singlestep_enabled = enabled;
478 kvm_update_guest_debug(env, 0);
480 /* must flush all the translated code to avoid inconsistencies */
481 /* XXX: only flush what is necessary */
488 void cpu_reset_interrupt(CPUArchState *env, int mask)
490 env->interrupt_request &= ~mask;
493 void cpu_exit(CPUArchState *env)
495 env->exit_request = 1;
499 void cpu_abort(CPUArchState *env, const char *fmt, ...)
506 fprintf(stderr, "qemu: fatal: ");
507 vfprintf(stderr, fmt, ap);
508 fprintf(stderr, "\n");
509 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
510 if (qemu_log_enabled()) {
511 qemu_log("qemu: fatal: ");
512 qemu_log_vprintf(fmt, ap2);
514 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
520 #if defined(CONFIG_USER_ONLY)
522 struct sigaction act;
523 sigfillset(&act.sa_mask);
524 act.sa_handler = SIG_DFL;
525 sigaction(SIGABRT, &act, NULL);
531 CPUArchState *cpu_copy(CPUArchState *env)
533 CPUArchState *new_env = cpu_init(env->cpu_model_str);
534 CPUArchState *next_cpu = new_env->next_cpu;
535 #if defined(TARGET_HAS_ICE)
540 memcpy(new_env, env, sizeof(CPUArchState));
542 /* Preserve chaining. */
543 new_env->next_cpu = next_cpu;
545 /* Clone all break/watchpoints.
546 Note: Once we support ptrace with hw-debug register access, make sure
547 BP_CPU break/watchpoints are handled correctly on clone. */
548 QTAILQ_INIT(&env->breakpoints);
549 QTAILQ_INIT(&env->watchpoints);
550 #if defined(TARGET_HAS_ICE)
551 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
552 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
554 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
555 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
563 #if !defined(CONFIG_USER_ONLY)
564 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
569 /* we modify the TLB cache so that the dirty bit will be set again
570 when accessing the range */
571 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
572 /* Check that we don't span multiple blocks - this breaks the
573 address comparisons below. */
574 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
575 != (end - 1) - start) {
578 cpu_tlb_reset_dirty_all(start1, length);
582 /* Note: start and end must be within the same ram block. */
583 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
588 start &= TARGET_PAGE_MASK;
589 end = TARGET_PAGE_ALIGN(end);
591 length = end - start;
594 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
597 tlb_reset_dirty_range_all(start, end, length);
601 static int cpu_physical_memory_set_dirty_tracking(int enable)
604 in_migration = enable;
608 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
609 MemoryRegionSection *section,
613 target_ulong *address)
618 if (memory_region_is_ram(section->mr)) {
620 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
621 + memory_region_section_addr(section, paddr);
622 if (!section->readonly) {
623 iotlb |= phys_section_notdirty;
625 iotlb |= phys_section_rom;
628 /* IO handlers are currently passed a physical address.
629 It would be nice to pass an offset from the base address
630 of that region. This would avoid having to special case RAM,
631 and avoid full address decoding in every device.
632 We can't use the high bits of pd for this because
633 IO_MEM_ROMD uses these as a ram address. */
634 iotlb = section - phys_sections;
635 iotlb += memory_region_section_addr(section, paddr);
638 /* Make accesses to pages with watchpoints go via the
639 watchpoint trap routines. */
640 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
641 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
642 /* Avoid trapping reads of pages with a write breakpoint. */
643 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
644 iotlb = phys_section_watch + paddr;
645 *address |= TLB_MMIO;
653 #endif /* defined(CONFIG_USER_ONLY) */
655 #if !defined(CONFIG_USER_ONLY)
657 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
658 typedef struct subpage_t {
661 uint16_t sub_section[TARGET_PAGE_SIZE];
664 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
666 static subpage_t *subpage_init(hwaddr base);
667 static void destroy_page_desc(uint16_t section_index)
669 MemoryRegionSection *section = &phys_sections[section_index];
670 MemoryRegion *mr = section->mr;
673 subpage_t *subpage = container_of(mr, subpage_t, iomem);
674 memory_region_destroy(&subpage->iomem);
679 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
684 if (lp->ptr == PHYS_MAP_NODE_NIL) {
688 p = phys_map_nodes[lp->ptr];
689 for (i = 0; i < L2_SIZE; ++i) {
691 destroy_l2_mapping(&p[i], level - 1);
693 destroy_page_desc(p[i].ptr);
697 lp->ptr = PHYS_MAP_NODE_NIL;
700 static void destroy_all_mappings(AddressSpaceDispatch *d)
702 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
703 phys_map_nodes_reset();
706 static uint16_t phys_section_add(MemoryRegionSection *section)
708 if (phys_sections_nb == phys_sections_nb_alloc) {
709 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
710 phys_sections = g_renew(MemoryRegionSection, phys_sections,
711 phys_sections_nb_alloc);
713 phys_sections[phys_sections_nb] = *section;
714 return phys_sections_nb++;
717 static void phys_sections_clear(void)
719 phys_sections_nb = 0;
722 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
725 hwaddr base = section->offset_within_address_space
727 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
728 MemoryRegionSection subsection = {
729 .offset_within_address_space = base,
730 .size = TARGET_PAGE_SIZE,
734 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
736 if (!(existing->mr->subpage)) {
737 subpage = subpage_init(base);
738 subsection.mr = &subpage->iomem;
739 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
740 phys_section_add(&subsection));
742 subpage = container_of(existing->mr, subpage_t, iomem);
744 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
745 end = start + section->size - 1;
746 subpage_register(subpage, start, end, phys_section_add(section));
750 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
752 hwaddr start_addr = section->offset_within_address_space;
753 ram_addr_t size = section->size;
755 uint16_t section_index = phys_section_add(section);
760 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
764 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
766 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
767 MemoryRegionSection now = *section, remain = *section;
769 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
770 || (now.size < TARGET_PAGE_SIZE)) {
771 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
772 - now.offset_within_address_space,
774 register_subpage(d, &now);
775 remain.size -= now.size;
776 remain.offset_within_address_space += now.size;
777 remain.offset_within_region += now.size;
779 while (remain.size >= TARGET_PAGE_SIZE) {
781 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
782 now.size = TARGET_PAGE_SIZE;
783 register_subpage(d, &now);
785 now.size &= TARGET_PAGE_MASK;
786 register_multipage(d, &now);
788 remain.size -= now.size;
789 remain.offset_within_address_space += now.size;
790 remain.offset_within_region += now.size;
794 register_subpage(d, &now);
798 void qemu_flush_coalesced_mmio_buffer(void)
801 kvm_flush_coalesced_mmio_buffer();
804 void qemu_mutex_lock_ramlist(void)
806 qemu_mutex_lock(&ram_list.mutex);
809 void qemu_mutex_unlock_ramlist(void)
811 qemu_mutex_unlock(&ram_list.mutex);
814 #if defined(__linux__) && !defined(TARGET_S390X)
818 #define HUGETLBFS_MAGIC 0x958458f6
820 static long gethugepagesize(const char *path)
826 ret = statfs(path, &fs);
827 } while (ret != 0 && errno == EINTR);
834 if (fs.f_type != HUGETLBFS_MAGIC)
835 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
840 static void *file_ram_alloc(RAMBlock *block,
850 unsigned long hpagesize;
852 hpagesize = gethugepagesize(path);
857 if (memory < hpagesize) {
861 if (kvm_enabled() && !kvm_has_sync_mmu()) {
862 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
866 filename = g_strdup_printf("%s/qemu_back_mem.XXXXXX", path);
868 fd = mkstemp(filename);
870 perror("unable to create backing store for hugepages");
877 memory = (memory+hpagesize-1) & ~(hpagesize-1);
880 * ftruncate is not supported by hugetlbfs in older
881 * hosts, so don't bother bailing out on errors.
882 * If anything goes wrong with it under other filesystems,
885 if (ftruncate(fd, memory))
889 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
890 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
891 * to sidestep this quirk.
893 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
894 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
896 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
898 if (area == MAP_FAILED) {
899 perror("file_ram_alloc: can't mmap RAM pages");
908 static ram_addr_t find_ram_offset(ram_addr_t size)
910 RAMBlock *block, *next_block;
911 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
913 if (QTAILQ_EMPTY(&ram_list.blocks))
916 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
917 ram_addr_t end, next = RAM_ADDR_MAX;
919 end = block->offset + block->length;
921 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
922 if (next_block->offset >= end) {
923 next = MIN(next, next_block->offset);
926 if (next - end >= size && next - end < mingap) {
932 if (offset == RAM_ADDR_MAX) {
933 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
941 ram_addr_t last_ram_offset(void)
946 QTAILQ_FOREACH(block, &ram_list.blocks, next)
947 last = MAX(last, block->offset + block->length);
952 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
955 QemuOpts *machine_opts;
957 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
958 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
960 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
961 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
963 perror("qemu_madvise");
964 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
965 "but dump_guest_core=off specified\n");
970 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
972 RAMBlock *new_block, *block;
975 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
976 if (block->offset == addr) {
982 assert(!new_block->idstr[0]);
985 char *id = qdev_get_dev_path(dev);
987 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
991 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
993 /* This assumes the iothread lock is taken here too. */
994 qemu_mutex_lock_ramlist();
995 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
996 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
997 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1002 qemu_mutex_unlock_ramlist();
1005 static int memory_try_enable_merging(void *addr, size_t len)
1009 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1010 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1011 /* disabled by the user */
1015 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1018 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1021 RAMBlock *block, *new_block;
1023 size = TARGET_PAGE_ALIGN(size);
1024 new_block = g_malloc0(sizeof(*new_block));
1026 /* This assumes the iothread lock is taken here too. */
1027 qemu_mutex_lock_ramlist();
1029 new_block->offset = find_ram_offset(size);
1031 new_block->host = host;
1032 new_block->flags |= RAM_PREALLOC_MASK;
1035 #if defined (__linux__) && !defined(TARGET_S390X)
1036 new_block->host = file_ram_alloc(new_block, size, mem_path);
1037 if (!new_block->host) {
1038 new_block->host = qemu_vmalloc(size);
1039 memory_try_enable_merging(new_block->host, size);
1042 fprintf(stderr, "-mem-path option unsupported\n");
1046 if (xen_enabled()) {
1047 xen_ram_alloc(new_block->offset, size, mr);
1048 } else if (kvm_enabled()) {
1049 /* some s390/kvm configurations have special constraints */
1050 new_block->host = kvm_vmalloc(size);
1052 new_block->host = qemu_vmalloc(size);
1054 memory_try_enable_merging(new_block->host, size);
1057 new_block->length = size;
1059 /* Keep the list sorted from biggest to smallest block. */
1060 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1061 if (block->length < new_block->length) {
1066 QTAILQ_INSERT_BEFORE(block, new_block, next);
1068 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1070 ram_list.mru_block = NULL;
1073 qemu_mutex_unlock_ramlist();
1075 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1076 last_ram_offset() >> TARGET_PAGE_BITS);
1077 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1078 0, size >> TARGET_PAGE_BITS);
1079 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1081 qemu_ram_setup_dump(new_block->host, size);
1082 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1085 kvm_setup_guest_memory(new_block->host, size);
1087 return new_block->offset;
1090 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1092 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1095 void qemu_ram_free_from_ptr(ram_addr_t addr)
1099 /* This assumes the iothread lock is taken here too. */
1100 qemu_mutex_lock_ramlist();
1101 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1102 if (addr == block->offset) {
1103 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1104 ram_list.mru_block = NULL;
1110 qemu_mutex_unlock_ramlist();
1113 void qemu_ram_free(ram_addr_t addr)
1117 /* This assumes the iothread lock is taken here too. */
1118 qemu_mutex_lock_ramlist();
1119 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1120 if (addr == block->offset) {
1121 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1122 ram_list.mru_block = NULL;
1124 if (block->flags & RAM_PREALLOC_MASK) {
1126 } else if (mem_path) {
1127 #if defined (__linux__) && !defined(TARGET_S390X)
1129 munmap(block->host, block->length);
1132 qemu_vfree(block->host);
1138 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1139 munmap(block->host, block->length);
1141 if (xen_enabled()) {
1142 xen_invalidate_map_cache_entry(block->host);
1144 qemu_vfree(block->host);
1152 qemu_mutex_unlock_ramlist();
1157 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1164 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1165 offset = addr - block->offset;
1166 if (offset < block->length) {
1167 vaddr = block->host + offset;
1168 if (block->flags & RAM_PREALLOC_MASK) {
1172 munmap(vaddr, length);
1174 #if defined(__linux__) && !defined(TARGET_S390X)
1177 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1180 flags |= MAP_PRIVATE;
1182 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1183 flags, block->fd, offset);
1185 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1186 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1193 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1194 flags |= MAP_SHARED | MAP_ANONYMOUS;
1195 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1198 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1199 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1203 if (area != vaddr) {
1204 fprintf(stderr, "Could not remap addr: "
1205 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1209 memory_try_enable_merging(vaddr, length);
1210 qemu_ram_setup_dump(vaddr, length);
1216 #endif /* !_WIN32 */
1218 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1219 With the exception of the softmmu code in this file, this should
1220 only be used for local memory (e.g. video ram) that the device owns,
1221 and knows it isn't going to access beyond the end of the block.
1223 It should not be used for general purpose DMA.
1224 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1226 void *qemu_get_ram_ptr(ram_addr_t addr)
1230 /* The list is protected by the iothread lock here. */
1231 block = ram_list.mru_block;
1232 if (block && addr - block->offset < block->length) {
1235 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1236 if (addr - block->offset < block->length) {
1241 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1245 ram_list.mru_block = block;
1246 if (xen_enabled()) {
1247 /* We need to check if the requested address is in the RAM
1248 * because we don't want to map the entire memory in QEMU.
1249 * In that case just map until the end of the page.
1251 if (block->offset == 0) {
1252 return xen_map_cache(addr, 0, 0);
1253 } else if (block->host == NULL) {
1255 xen_map_cache(block->offset, block->length, 1);
1258 return block->host + (addr - block->offset);
1261 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1262 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1264 * ??? Is this still necessary?
1266 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1270 /* The list is protected by the iothread lock here. */
1271 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1272 if (addr - block->offset < block->length) {
1273 if (xen_enabled()) {
1274 /* We need to check if the requested address is in the RAM
1275 * because we don't want to map the entire memory in QEMU.
1276 * In that case just map until the end of the page.
1278 if (block->offset == 0) {
1279 return xen_map_cache(addr, 0, 0);
1280 } else if (block->host == NULL) {
1282 xen_map_cache(block->offset, block->length, 1);
1285 return block->host + (addr - block->offset);
1289 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1295 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1296 * but takes a size argument */
1297 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1302 if (xen_enabled()) {
1303 return xen_map_cache(addr, *size, 1);
1307 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1308 if (addr - block->offset < block->length) {
1309 if (addr - block->offset + *size > block->length)
1310 *size = block->length - addr + block->offset;
1311 return block->host + (addr - block->offset);
1315 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1320 void qemu_put_ram_ptr(void *addr)
1322 trace_qemu_put_ram_ptr(addr);
1325 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1328 uint8_t *host = ptr;
1330 if (xen_enabled()) {
1331 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1335 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1336 /* This case append when the block is not mapped. */
1337 if (block->host == NULL) {
1340 if (host - block->host < block->length) {
1341 *ram_addr = block->offset + (host - block->host);
1349 /* Some of the softmmu routines need to translate from a host pointer
1350 (typically a TLB entry) back to a ram offset. */
1351 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1353 ram_addr_t ram_addr;
1355 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1356 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1362 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1365 #ifdef DEBUG_UNASSIGNED
1366 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1368 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1369 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1374 static void unassigned_mem_write(void *opaque, hwaddr addr,
1375 uint64_t val, unsigned size)
1377 #ifdef DEBUG_UNASSIGNED
1378 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1380 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1381 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1385 static const MemoryRegionOps unassigned_mem_ops = {
1386 .read = unassigned_mem_read,
1387 .write = unassigned_mem_write,
1388 .endianness = DEVICE_NATIVE_ENDIAN,
1391 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1397 static void error_mem_write(void *opaque, hwaddr addr,
1398 uint64_t value, unsigned size)
1403 static const MemoryRegionOps error_mem_ops = {
1404 .read = error_mem_read,
1405 .write = error_mem_write,
1406 .endianness = DEVICE_NATIVE_ENDIAN,
1409 static const MemoryRegionOps rom_mem_ops = {
1410 .read = error_mem_read,
1411 .write = unassigned_mem_write,
1412 .endianness = DEVICE_NATIVE_ENDIAN,
1415 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1416 uint64_t val, unsigned size)
1419 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1420 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1421 #if !defined(CONFIG_USER_ONLY)
1422 tb_invalidate_phys_page_fast(ram_addr, size);
1423 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1428 stb_p(qemu_get_ram_ptr(ram_addr), val);
1431 stw_p(qemu_get_ram_ptr(ram_addr), val);
1434 stl_p(qemu_get_ram_ptr(ram_addr), val);
1439 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1440 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1441 /* we remove the notdirty callback only if the code has been
1443 if (dirty_flags == 0xff)
1444 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1447 static const MemoryRegionOps notdirty_mem_ops = {
1448 .read = error_mem_read,
1449 .write = notdirty_mem_write,
1450 .endianness = DEVICE_NATIVE_ENDIAN,
1453 /* Generate a debug exception if a watchpoint has been hit. */
1454 static void check_watchpoint(int offset, int len_mask, int flags)
1456 CPUArchState *env = cpu_single_env;
1457 target_ulong pc, cs_base;
1462 if (env->watchpoint_hit) {
1463 /* We re-entered the check after replacing the TB. Now raise
1464 * the debug interrupt so that is will trigger after the
1465 * current instruction. */
1466 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
1469 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1470 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1471 if ((vaddr == (wp->vaddr & len_mask) ||
1472 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1473 wp->flags |= BP_WATCHPOINT_HIT;
1474 if (!env->watchpoint_hit) {
1475 env->watchpoint_hit = wp;
1476 tb_check_watchpoint(env);
1477 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1478 env->exception_index = EXCP_DEBUG;
1481 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1482 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1483 cpu_resume_from_signal(env, NULL);
1487 wp->flags &= ~BP_WATCHPOINT_HIT;
1492 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1493 so these check for a hit then pass through to the normal out-of-line
1495 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1498 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1500 case 1: return ldub_phys(addr);
1501 case 2: return lduw_phys(addr);
1502 case 4: return ldl_phys(addr);
1507 static void watch_mem_write(void *opaque, hwaddr addr,
1508 uint64_t val, unsigned size)
1510 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1513 stb_phys(addr, val);
1516 stw_phys(addr, val);
1519 stl_phys(addr, val);
1525 static const MemoryRegionOps watch_mem_ops = {
1526 .read = watch_mem_read,
1527 .write = watch_mem_write,
1528 .endianness = DEVICE_NATIVE_ENDIAN,
1531 static uint64_t subpage_read(void *opaque, hwaddr addr,
1534 subpage_t *mmio = opaque;
1535 unsigned int idx = SUBPAGE_IDX(addr);
1536 MemoryRegionSection *section;
1537 #if defined(DEBUG_SUBPAGE)
1538 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1539 mmio, len, addr, idx);
1542 section = &phys_sections[mmio->sub_section[idx]];
1544 addr -= section->offset_within_address_space;
1545 addr += section->offset_within_region;
1546 return io_mem_read(section->mr, addr, len);
1549 static void subpage_write(void *opaque, hwaddr addr,
1550 uint64_t value, unsigned len)
1552 subpage_t *mmio = opaque;
1553 unsigned int idx = SUBPAGE_IDX(addr);
1554 MemoryRegionSection *section;
1555 #if defined(DEBUG_SUBPAGE)
1556 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1557 " idx %d value %"PRIx64"\n",
1558 __func__, mmio, len, addr, idx, value);
1561 section = &phys_sections[mmio->sub_section[idx]];
1563 addr -= section->offset_within_address_space;
1564 addr += section->offset_within_region;
1565 io_mem_write(section->mr, addr, value, len);
1568 static const MemoryRegionOps subpage_ops = {
1569 .read = subpage_read,
1570 .write = subpage_write,
1571 .endianness = DEVICE_NATIVE_ENDIAN,
1574 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1577 ram_addr_t raddr = addr;
1578 void *ptr = qemu_get_ram_ptr(raddr);
1580 case 1: return ldub_p(ptr);
1581 case 2: return lduw_p(ptr);
1582 case 4: return ldl_p(ptr);
1587 static void subpage_ram_write(void *opaque, hwaddr addr,
1588 uint64_t value, unsigned size)
1590 ram_addr_t raddr = addr;
1591 void *ptr = qemu_get_ram_ptr(raddr);
1593 case 1: return stb_p(ptr, value);
1594 case 2: return stw_p(ptr, value);
1595 case 4: return stl_p(ptr, value);
1600 static const MemoryRegionOps subpage_ram_ops = {
1601 .read = subpage_ram_read,
1602 .write = subpage_ram_write,
1603 .endianness = DEVICE_NATIVE_ENDIAN,
1606 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1611 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1613 idx = SUBPAGE_IDX(start);
1614 eidx = SUBPAGE_IDX(end);
1615 #if defined(DEBUG_SUBPAGE)
1616 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1617 mmio, start, end, idx, eidx, memory);
1619 if (memory_region_is_ram(phys_sections[section].mr)) {
1620 MemoryRegionSection new_section = phys_sections[section];
1621 new_section.mr = &io_mem_subpage_ram;
1622 section = phys_section_add(&new_section);
1624 for (; idx <= eidx; idx++) {
1625 mmio->sub_section[idx] = section;
1631 static subpage_t *subpage_init(hwaddr base)
1635 mmio = g_malloc0(sizeof(subpage_t));
1638 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1639 "subpage", TARGET_PAGE_SIZE);
1640 mmio->iomem.subpage = true;
1641 #if defined(DEBUG_SUBPAGE)
1642 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1643 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1645 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1650 static uint16_t dummy_section(MemoryRegion *mr)
1652 MemoryRegionSection section = {
1654 .offset_within_address_space = 0,
1655 .offset_within_region = 0,
1659 return phys_section_add(§ion);
1662 MemoryRegion *iotlb_to_region(hwaddr index)
1664 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1667 static void io_mem_init(void)
1669 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
1670 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1671 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1672 "unassigned", UINT64_MAX);
1673 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1674 "notdirty", UINT64_MAX);
1675 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1676 "subpage-ram", UINT64_MAX);
1677 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1678 "watch", UINT64_MAX);
1681 static void mem_begin(MemoryListener *listener)
1683 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1685 destroy_all_mappings(d);
1686 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1689 static void core_begin(MemoryListener *listener)
1691 phys_sections_clear();
1692 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1693 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1694 phys_section_rom = dummy_section(&io_mem_rom);
1695 phys_section_watch = dummy_section(&io_mem_watch);
1698 static void tcg_commit(MemoryListener *listener)
1702 /* since each CPU stores ram addresses in its TLB cache, we must
1703 reset the modified entries */
1705 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1710 static void core_log_global_start(MemoryListener *listener)
1712 cpu_physical_memory_set_dirty_tracking(1);
1715 static void core_log_global_stop(MemoryListener *listener)
1717 cpu_physical_memory_set_dirty_tracking(0);
1720 static void io_region_add(MemoryListener *listener,
1721 MemoryRegionSection *section)
1723 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1725 mrio->mr = section->mr;
1726 mrio->offset = section->offset_within_region;
1727 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1728 section->offset_within_address_space, section->size);
1729 ioport_register(&mrio->iorange);
1732 static void io_region_del(MemoryListener *listener,
1733 MemoryRegionSection *section)
1735 isa_unassign_ioport(section->offset_within_address_space, section->size);
1738 static MemoryListener core_memory_listener = {
1739 .begin = core_begin,
1740 .log_global_start = core_log_global_start,
1741 .log_global_stop = core_log_global_stop,
1745 static MemoryListener io_memory_listener = {
1746 .region_add = io_region_add,
1747 .region_del = io_region_del,
1751 static MemoryListener tcg_memory_listener = {
1752 .commit = tcg_commit,
1755 void address_space_init_dispatch(AddressSpace *as)
1757 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1759 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1760 d->listener = (MemoryListener) {
1762 .region_add = mem_add,
1763 .region_nop = mem_add,
1767 memory_listener_register(&d->listener, as);
1770 void address_space_destroy_dispatch(AddressSpace *as)
1772 AddressSpaceDispatch *d = as->dispatch;
1774 memory_listener_unregister(&d->listener);
1775 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1777 as->dispatch = NULL;
1780 static void memory_map_init(void)
1782 system_memory = g_malloc(sizeof(*system_memory));
1783 memory_region_init(system_memory, "system", INT64_MAX);
1784 address_space_init(&address_space_memory, system_memory);
1785 address_space_memory.name = "memory";
1787 system_io = g_malloc(sizeof(*system_io));
1788 memory_region_init(system_io, "io", 65536);
1789 address_space_init(&address_space_io, system_io);
1790 address_space_io.name = "I/O";
1792 memory_listener_register(&core_memory_listener, &address_space_memory);
1793 memory_listener_register(&io_memory_listener, &address_space_io);
1794 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1796 dma_context_init(&dma_context_memory, &address_space_memory,
1800 MemoryRegion *get_system_memory(void)
1802 return system_memory;
1805 MemoryRegion *get_system_io(void)
1810 #endif /* !defined(CONFIG_USER_ONLY) */
1812 /* physical memory access (slow version, mainly for debug) */
1813 #if defined(CONFIG_USER_ONLY)
1814 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1815 uint8_t *buf, int len, int is_write)
1822 page = addr & TARGET_PAGE_MASK;
1823 l = (page + TARGET_PAGE_SIZE) - addr;
1826 flags = page_get_flags(page);
1827 if (!(flags & PAGE_VALID))
1830 if (!(flags & PAGE_WRITE))
1832 /* XXX: this code should not depend on lock_user */
1833 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1836 unlock_user(p, addr, l);
1838 if (!(flags & PAGE_READ))
1840 /* XXX: this code should not depend on lock_user */
1841 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1844 unlock_user(p, addr, 0);
1855 static void invalidate_and_set_dirty(hwaddr addr,
1858 if (!cpu_physical_memory_is_dirty(addr)) {
1859 /* invalidate code */
1860 tb_invalidate_phys_page_range(addr, addr + length, 0);
1862 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1864 xen_modified_memory(addr, length);
1867 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1868 int len, bool is_write)
1870 AddressSpaceDispatch *d = as->dispatch;
1875 MemoryRegionSection *section;
1878 page = addr & TARGET_PAGE_MASK;
1879 l = (page + TARGET_PAGE_SIZE) - addr;
1882 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1885 if (!memory_region_is_ram(section->mr)) {
1887 addr1 = memory_region_section_addr(section, addr);
1888 /* XXX: could force cpu_single_env to NULL to avoid
1890 if (l >= 4 && ((addr1 & 3) == 0)) {
1891 /* 32 bit write access */
1893 io_mem_write(section->mr, addr1, val, 4);
1895 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1896 /* 16 bit write access */
1898 io_mem_write(section->mr, addr1, val, 2);
1901 /* 8 bit write access */
1903 io_mem_write(section->mr, addr1, val, 1);
1906 } else if (!section->readonly) {
1908 addr1 = memory_region_get_ram_addr(section->mr)
1909 + memory_region_section_addr(section, addr);
1911 ptr = qemu_get_ram_ptr(addr1);
1912 memcpy(ptr, buf, l);
1913 invalidate_and_set_dirty(addr1, l);
1914 qemu_put_ram_ptr(ptr);
1917 if (!(memory_region_is_ram(section->mr) ||
1918 memory_region_is_romd(section->mr))) {
1921 addr1 = memory_region_section_addr(section, addr);
1922 if (l >= 4 && ((addr1 & 3) == 0)) {
1923 /* 32 bit read access */
1924 val = io_mem_read(section->mr, addr1, 4);
1927 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1928 /* 16 bit read access */
1929 val = io_mem_read(section->mr, addr1, 2);
1933 /* 8 bit read access */
1934 val = io_mem_read(section->mr, addr1, 1);
1940 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1941 + memory_region_section_addr(section,
1943 memcpy(buf, ptr, l);
1944 qemu_put_ram_ptr(ptr);
1953 void address_space_write(AddressSpace *as, hwaddr addr,
1954 const uint8_t *buf, int len)
1956 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1960 * address_space_read: read from an address space.
1962 * @as: #AddressSpace to be accessed
1963 * @addr: address within that address space
1964 * @buf: buffer with the data transferred
1966 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1968 address_space_rw(as, addr, buf, len, false);
1972 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1973 int len, int is_write)
1975 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1978 /* used for ROM loading : can write in RAM and ROM */
1979 void cpu_physical_memory_write_rom(hwaddr addr,
1980 const uint8_t *buf, int len)
1982 AddressSpaceDispatch *d = address_space_memory.dispatch;
1986 MemoryRegionSection *section;
1989 page = addr & TARGET_PAGE_MASK;
1990 l = (page + TARGET_PAGE_SIZE) - addr;
1993 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1995 if (!(memory_region_is_ram(section->mr) ||
1996 memory_region_is_romd(section->mr))) {
1999 unsigned long addr1;
2000 addr1 = memory_region_get_ram_addr(section->mr)
2001 + memory_region_section_addr(section, addr);
2003 ptr = qemu_get_ram_ptr(addr1);
2004 memcpy(ptr, buf, l);
2005 invalidate_and_set_dirty(addr1, l);
2006 qemu_put_ram_ptr(ptr);
2020 static BounceBuffer bounce;
2022 typedef struct MapClient {
2024 void (*callback)(void *opaque);
2025 QLIST_ENTRY(MapClient) link;
2028 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2029 = QLIST_HEAD_INITIALIZER(map_client_list);
2031 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2033 MapClient *client = g_malloc(sizeof(*client));
2035 client->opaque = opaque;
2036 client->callback = callback;
2037 QLIST_INSERT_HEAD(&map_client_list, client, link);
2041 static void cpu_unregister_map_client(void *_client)
2043 MapClient *client = (MapClient *)_client;
2045 QLIST_REMOVE(client, link);
2049 static void cpu_notify_map_clients(void)
2053 while (!QLIST_EMPTY(&map_client_list)) {
2054 client = QLIST_FIRST(&map_client_list);
2055 client->callback(client->opaque);
2056 cpu_unregister_map_client(client);
2060 /* Map a physical memory region into a host virtual address.
2061 * May map a subset of the requested range, given by and returned in *plen.
2062 * May return NULL if resources needed to perform the mapping are exhausted.
2063 * Use only for reads OR writes - not for read-modify-write operations.
2064 * Use cpu_register_map_client() to know when retrying the map operation is
2065 * likely to succeed.
2067 void *address_space_map(AddressSpace *as,
2072 AddressSpaceDispatch *d = as->dispatch;
2077 MemoryRegionSection *section;
2078 ram_addr_t raddr = RAM_ADDR_MAX;
2083 page = addr & TARGET_PAGE_MASK;
2084 l = (page + TARGET_PAGE_SIZE) - addr;
2087 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2089 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2090 if (todo || bounce.buffer) {
2093 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2097 address_space_read(as, addr, bounce.buffer, l);
2101 return bounce.buffer;
2104 raddr = memory_region_get_ram_addr(section->mr)
2105 + memory_region_section_addr(section, addr);
2113 ret = qemu_ram_ptr_length(raddr, &rlen);
2118 /* Unmaps a memory region previously mapped by address_space_map().
2119 * Will also mark the memory as dirty if is_write == 1. access_len gives
2120 * the amount of memory that was actually read or written by the caller.
2122 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2123 int is_write, hwaddr access_len)
2125 if (buffer != bounce.buffer) {
2127 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2128 while (access_len) {
2130 l = TARGET_PAGE_SIZE;
2133 invalidate_and_set_dirty(addr1, l);
2138 if (xen_enabled()) {
2139 xen_invalidate_map_cache_entry(buffer);
2144 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2146 qemu_vfree(bounce.buffer);
2147 bounce.buffer = NULL;
2148 cpu_notify_map_clients();
2151 void *cpu_physical_memory_map(hwaddr addr,
2155 return address_space_map(&address_space_memory, addr, plen, is_write);
2158 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2159 int is_write, hwaddr access_len)
2161 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2164 /* warning: addr must be aligned */
2165 static inline uint32_t ldl_phys_internal(hwaddr addr,
2166 enum device_endian endian)
2170 MemoryRegionSection *section;
2172 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2174 if (!(memory_region_is_ram(section->mr) ||
2175 memory_region_is_romd(section->mr))) {
2177 addr = memory_region_section_addr(section, addr);
2178 val = io_mem_read(section->mr, addr, 4);
2179 #if defined(TARGET_WORDS_BIGENDIAN)
2180 if (endian == DEVICE_LITTLE_ENDIAN) {
2184 if (endian == DEVICE_BIG_ENDIAN) {
2190 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2192 + memory_region_section_addr(section, addr));
2194 case DEVICE_LITTLE_ENDIAN:
2195 val = ldl_le_p(ptr);
2197 case DEVICE_BIG_ENDIAN:
2198 val = ldl_be_p(ptr);
2208 uint32_t ldl_phys(hwaddr addr)
2210 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2213 uint32_t ldl_le_phys(hwaddr addr)
2215 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2218 uint32_t ldl_be_phys(hwaddr addr)
2220 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2223 /* warning: addr must be aligned */
2224 static inline uint64_t ldq_phys_internal(hwaddr addr,
2225 enum device_endian endian)
2229 MemoryRegionSection *section;
2231 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2233 if (!(memory_region_is_ram(section->mr) ||
2234 memory_region_is_romd(section->mr))) {
2236 addr = memory_region_section_addr(section, addr);
2238 /* XXX This is broken when device endian != cpu endian.
2239 Fix and add "endian" variable check */
2240 #ifdef TARGET_WORDS_BIGENDIAN
2241 val = io_mem_read(section->mr, addr, 4) << 32;
2242 val |= io_mem_read(section->mr, addr + 4, 4);
2244 val = io_mem_read(section->mr, addr, 4);
2245 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2249 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2251 + memory_region_section_addr(section, addr));
2253 case DEVICE_LITTLE_ENDIAN:
2254 val = ldq_le_p(ptr);
2256 case DEVICE_BIG_ENDIAN:
2257 val = ldq_be_p(ptr);
2267 uint64_t ldq_phys(hwaddr addr)
2269 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2272 uint64_t ldq_le_phys(hwaddr addr)
2274 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2277 uint64_t ldq_be_phys(hwaddr addr)
2279 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2283 uint32_t ldub_phys(hwaddr addr)
2286 cpu_physical_memory_read(addr, &val, 1);
2290 /* warning: addr must be aligned */
2291 static inline uint32_t lduw_phys_internal(hwaddr addr,
2292 enum device_endian endian)
2296 MemoryRegionSection *section;
2298 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2300 if (!(memory_region_is_ram(section->mr) ||
2301 memory_region_is_romd(section->mr))) {
2303 addr = memory_region_section_addr(section, addr);
2304 val = io_mem_read(section->mr, addr, 2);
2305 #if defined(TARGET_WORDS_BIGENDIAN)
2306 if (endian == DEVICE_LITTLE_ENDIAN) {
2310 if (endian == DEVICE_BIG_ENDIAN) {
2316 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2318 + memory_region_section_addr(section, addr));
2320 case DEVICE_LITTLE_ENDIAN:
2321 val = lduw_le_p(ptr);
2323 case DEVICE_BIG_ENDIAN:
2324 val = lduw_be_p(ptr);
2334 uint32_t lduw_phys(hwaddr addr)
2336 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2339 uint32_t lduw_le_phys(hwaddr addr)
2341 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2344 uint32_t lduw_be_phys(hwaddr addr)
2346 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2349 /* warning: addr must be aligned. The ram page is not masked as dirty
2350 and the code inside is not invalidated. It is useful if the dirty
2351 bits are used to track modified PTEs */
2352 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2355 MemoryRegionSection *section;
2357 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2359 if (!memory_region_is_ram(section->mr) || section->readonly) {
2360 addr = memory_region_section_addr(section, addr);
2361 if (memory_region_is_ram(section->mr)) {
2362 section = &phys_sections[phys_section_rom];
2364 io_mem_write(section->mr, addr, val, 4);
2366 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2368 + memory_region_section_addr(section, addr);
2369 ptr = qemu_get_ram_ptr(addr1);
2372 if (unlikely(in_migration)) {
2373 if (!cpu_physical_memory_is_dirty(addr1)) {
2374 /* invalidate code */
2375 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2377 cpu_physical_memory_set_dirty_flags(
2378 addr1, (0xff & ~CODE_DIRTY_FLAG));
2384 void stq_phys_notdirty(hwaddr addr, uint64_t val)
2387 MemoryRegionSection *section;
2389 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2391 if (!memory_region_is_ram(section->mr) || section->readonly) {
2392 addr = memory_region_section_addr(section, addr);
2393 if (memory_region_is_ram(section->mr)) {
2394 section = &phys_sections[phys_section_rom];
2396 #ifdef TARGET_WORDS_BIGENDIAN
2397 io_mem_write(section->mr, addr, val >> 32, 4);
2398 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
2400 io_mem_write(section->mr, addr, (uint32_t)val, 4);
2401 io_mem_write(section->mr, addr + 4, val >> 32, 4);
2404 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2406 + memory_region_section_addr(section, addr));
2411 /* warning: addr must be aligned */
2412 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2413 enum device_endian endian)
2416 MemoryRegionSection *section;
2418 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2420 if (!memory_region_is_ram(section->mr) || section->readonly) {
2421 addr = memory_region_section_addr(section, addr);
2422 if (memory_region_is_ram(section->mr)) {
2423 section = &phys_sections[phys_section_rom];
2425 #if defined(TARGET_WORDS_BIGENDIAN)
2426 if (endian == DEVICE_LITTLE_ENDIAN) {
2430 if (endian == DEVICE_BIG_ENDIAN) {
2434 io_mem_write(section->mr, addr, val, 4);
2436 unsigned long addr1;
2437 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2438 + memory_region_section_addr(section, addr);
2440 ptr = qemu_get_ram_ptr(addr1);
2442 case DEVICE_LITTLE_ENDIAN:
2445 case DEVICE_BIG_ENDIAN:
2452 invalidate_and_set_dirty(addr1, 4);
2456 void stl_phys(hwaddr addr, uint32_t val)
2458 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2461 void stl_le_phys(hwaddr addr, uint32_t val)
2463 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2466 void stl_be_phys(hwaddr addr, uint32_t val)
2468 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2472 void stb_phys(hwaddr addr, uint32_t val)
2475 cpu_physical_memory_write(addr, &v, 1);
2478 /* warning: addr must be aligned */
2479 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2480 enum device_endian endian)
2483 MemoryRegionSection *section;
2485 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2487 if (!memory_region_is_ram(section->mr) || section->readonly) {
2488 addr = memory_region_section_addr(section, addr);
2489 if (memory_region_is_ram(section->mr)) {
2490 section = &phys_sections[phys_section_rom];
2492 #if defined(TARGET_WORDS_BIGENDIAN)
2493 if (endian == DEVICE_LITTLE_ENDIAN) {
2497 if (endian == DEVICE_BIG_ENDIAN) {
2501 io_mem_write(section->mr, addr, val, 2);
2503 unsigned long addr1;
2504 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2505 + memory_region_section_addr(section, addr);
2507 ptr = qemu_get_ram_ptr(addr1);
2509 case DEVICE_LITTLE_ENDIAN:
2512 case DEVICE_BIG_ENDIAN:
2519 invalidate_and_set_dirty(addr1, 2);
2523 void stw_phys(hwaddr addr, uint32_t val)
2525 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2528 void stw_le_phys(hwaddr addr, uint32_t val)
2530 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2533 void stw_be_phys(hwaddr addr, uint32_t val)
2535 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2539 void stq_phys(hwaddr addr, uint64_t val)
2542 cpu_physical_memory_write(addr, &val, 8);
2545 void stq_le_phys(hwaddr addr, uint64_t val)
2547 val = cpu_to_le64(val);
2548 cpu_physical_memory_write(addr, &val, 8);
2551 void stq_be_phys(hwaddr addr, uint64_t val)
2553 val = cpu_to_be64(val);
2554 cpu_physical_memory_write(addr, &val, 8);
2557 /* virtual memory access for debug (includes writing to ROM) */
2558 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2559 uint8_t *buf, int len, int is_write)
2566 page = addr & TARGET_PAGE_MASK;
2567 phys_addr = cpu_get_phys_page_debug(env, page);
2568 /* if no physical page mapped, return an error */
2569 if (phys_addr == -1)
2571 l = (page + TARGET_PAGE_SIZE) - addr;
2574 phys_addr += (addr & ~TARGET_PAGE_MASK);
2576 cpu_physical_memory_write_rom(phys_addr, buf, l);
2578 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2587 #if !defined(CONFIG_USER_ONLY)
2590 * A helper function for the _utterly broken_ virtio device model to find out if
2591 * it's running on a big endian machine. Don't do this at home kids!
2593 bool virtio_is_big_endian(void);
2594 bool virtio_is_big_endian(void)
2596 #if defined(TARGET_WORDS_BIGENDIAN)
2605 #ifndef CONFIG_USER_ONLY
2606 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2608 MemoryRegionSection *section;
2610 section = phys_page_find(address_space_memory.dispatch,
2611 phys_addr >> TARGET_PAGE_BITS);
2613 return !(memory_region_is_ram(section->mr) ||
2614 memory_region_is_romd(section->mr));
projects / qemu.git / blob