4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 typedef struct PhysPageEntry PhysPageEntry;
86 struct PhysPageEntry {
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
96 PhysPageEntry phys_map;
97 MemoryListener listener;
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
106 uint16_t sub_section[TARGET_PAGE_SIZE];
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
126 static MemoryRegion io_mem_watch;
129 #if !defined(CONFIG_USER_ONLY)
131 static void phys_map_node_reserve(unsigned nodes)
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
143 static uint16_t phys_map_node_alloc(void)
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
158 static void phys_map_nodes_reset(void)
160 phys_map_nodes_nb = 0;
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
176 for (i = 0; i < L2_SIZE; i++) {
178 p[i].ptr = phys_section_unassigned;
182 p = phys_map_nodes[lp->ptr];
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
211 PhysPageEntry lp = d->phys_map;
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
222 return &phys_sections[lp.ptr];
225 bool memory_region_is_unassigned(MemoryRegion *mr)
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
233 bool resolve_subpage)
235 MemoryRegionSection *section;
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
250 MemoryRegionSection *section;
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
270 MemoryRegionSection *section;
275 section = address_space_translate_internal(as, addr, &addr, plen, true);
278 if (!mr->iommu_ops) {
282 iotlb = mr->iommu_ops->translate(mr, addr);
283 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
284 | (addr & iotlb.addr_mask));
285 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
286 if (!(iotlb.perm & (1 << is_write))) {
287 mr = &io_mem_unassigned;
291 as = iotlb.target_as;
299 MemoryRegionSection *
300 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
303 MemoryRegionSection *section;
304 section = address_space_translate_internal(as, addr, xlat, plen, false);
306 assert(!section->mr->iommu_ops);
311 void cpu_exec_init_all(void)
313 #if !defined(CONFIG_USER_ONLY)
314 qemu_mutex_init(&ram_list.mutex);
320 #if !defined(CONFIG_USER_ONLY)
322 static int cpu_common_post_load(void *opaque, int version_id)
324 CPUState *cpu = opaque;
326 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
327 version_id is increased. */
328 cpu->interrupt_request &= ~0x01;
329 tlb_flush(cpu->env_ptr, 1);
334 static const VMStateDescription vmstate_cpu_common = {
335 .name = "cpu_common",
337 .minimum_version_id = 1,
338 .minimum_version_id_old = 1,
339 .post_load = cpu_common_post_load,
340 .fields = (VMStateField []) {
341 VMSTATE_UINT32(halted, CPUState),
342 VMSTATE_UINT32(interrupt_request, CPUState),
343 VMSTATE_END_OF_LIST()
347 #define vmstate_cpu_common vmstate_dummy
350 CPUState *qemu_get_cpu(int index)
352 CPUArchState *env = first_cpu;
353 CPUState *cpu = NULL;
356 cpu = ENV_GET_CPU(env);
357 if (cpu->cpu_index == index) {
363 return env ? cpu : NULL;
366 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
368 CPUArchState *env = first_cpu;
371 func(ENV_GET_CPU(env), data);
376 void cpu_exec_init(CPUArchState *env)
378 CPUState *cpu = ENV_GET_CPU(env);
379 CPUClass *cc = CPU_GET_CLASS(cpu);
383 #if defined(CONFIG_USER_ONLY)
386 env->next_cpu = NULL;
389 while (*penv != NULL) {
390 penv = &(*penv)->next_cpu;
393 cpu->cpu_index = cpu_index;
395 QTAILQ_INIT(&env->breakpoints);
396 QTAILQ_INIT(&env->watchpoints);
397 #ifndef CONFIG_USER_ONLY
398 cpu->thread_id = qemu_get_thread_id();
401 #if defined(CONFIG_USER_ONLY)
404 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
405 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
406 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
407 cpu_save, cpu_load, env);
408 assert(cc->vmsd == NULL);
410 if (cc->vmsd != NULL) {
411 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
415 #if defined(TARGET_HAS_ICE)
416 #if defined(CONFIG_USER_ONLY)
417 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
419 tb_invalidate_phys_page_range(pc, pc + 1, 0);
422 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
424 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
425 (pc & ~TARGET_PAGE_MASK));
428 #endif /* TARGET_HAS_ICE */
430 #if defined(CONFIG_USER_ONLY)
431 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
436 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
437 int flags, CPUWatchpoint **watchpoint)
442 /* Add a watchpoint. */
443 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
444 int flags, CPUWatchpoint **watchpoint)
446 target_ulong len_mask = ~(len - 1);
449 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
450 if ((len & (len - 1)) || (addr & ~len_mask) ||
451 len == 0 || len > TARGET_PAGE_SIZE) {
452 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
453 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
456 wp = g_malloc(sizeof(*wp));
459 wp->len_mask = len_mask;
462 /* keep all GDB-injected watchpoints in front */
464 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
466 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
468 tlb_flush_page(env, addr);
475 /* Remove a specific watchpoint. */
476 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
479 target_ulong len_mask = ~(len - 1);
482 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
483 if (addr == wp->vaddr && len_mask == wp->len_mask
484 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
485 cpu_watchpoint_remove_by_ref(env, wp);
492 /* Remove a specific watchpoint by reference. */
493 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
495 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
497 tlb_flush_page(env, watchpoint->vaddr);
502 /* Remove all matching watchpoints. */
503 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
505 CPUWatchpoint *wp, *next;
507 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
508 if (wp->flags & mask)
509 cpu_watchpoint_remove_by_ref(env, wp);
514 /* Add a breakpoint. */
515 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
516 CPUBreakpoint **breakpoint)
518 #if defined(TARGET_HAS_ICE)
521 bp = g_malloc(sizeof(*bp));
526 /* keep all GDB-injected breakpoints in front */
528 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
530 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
532 breakpoint_invalidate(env, pc);
542 /* Remove a specific breakpoint. */
543 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
545 #if defined(TARGET_HAS_ICE)
548 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
549 if (bp->pc == pc && bp->flags == flags) {
550 cpu_breakpoint_remove_by_ref(env, bp);
560 /* Remove a specific breakpoint by reference. */
561 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
563 #if defined(TARGET_HAS_ICE)
564 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
566 breakpoint_invalidate(env, breakpoint->pc);
572 /* Remove all matching breakpoints. */
573 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
575 #if defined(TARGET_HAS_ICE)
576 CPUBreakpoint *bp, *next;
578 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
579 if (bp->flags & mask)
580 cpu_breakpoint_remove_by_ref(env, bp);
585 /* enable or disable single step mode. EXCP_DEBUG is returned by the
586 CPU loop after each instruction */
587 void cpu_single_step(CPUArchState *env, int enabled)
589 #if defined(TARGET_HAS_ICE)
590 if (env->singlestep_enabled != enabled) {
591 env->singlestep_enabled = enabled;
593 kvm_update_guest_debug(env, 0);
595 /* must flush all the translated code to avoid inconsistencies */
596 /* XXX: only flush what is necessary */
603 void cpu_exit(CPUArchState *env)
605 CPUState *cpu = ENV_GET_CPU(env);
607 cpu->exit_request = 1;
608 cpu->tcg_exit_req = 1;
611 void cpu_abort(CPUArchState *env, const char *fmt, ...)
618 fprintf(stderr, "qemu: fatal: ");
619 vfprintf(stderr, fmt, ap);
620 fprintf(stderr, "\n");
621 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
622 if (qemu_log_enabled()) {
623 qemu_log("qemu: fatal: ");
624 qemu_log_vprintf(fmt, ap2);
626 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
632 #if defined(CONFIG_USER_ONLY)
634 struct sigaction act;
635 sigfillset(&act.sa_mask);
636 act.sa_handler = SIG_DFL;
637 sigaction(SIGABRT, &act, NULL);
643 CPUArchState *cpu_copy(CPUArchState *env)
645 CPUArchState *new_env = cpu_init(env->cpu_model_str);
646 CPUArchState *next_cpu = new_env->next_cpu;
647 #if defined(TARGET_HAS_ICE)
652 memcpy(new_env, env, sizeof(CPUArchState));
654 /* Preserve chaining. */
655 new_env->next_cpu = next_cpu;
657 /* Clone all break/watchpoints.
658 Note: Once we support ptrace with hw-debug register access, make sure
659 BP_CPU break/watchpoints are handled correctly on clone. */
660 QTAILQ_INIT(&env->breakpoints);
661 QTAILQ_INIT(&env->watchpoints);
662 #if defined(TARGET_HAS_ICE)
663 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
664 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
666 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
667 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
675 #if !defined(CONFIG_USER_ONLY)
676 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
681 /* we modify the TLB cache so that the dirty bit will be set again
682 when accessing the range */
683 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
684 /* Check that we don't span multiple blocks - this breaks the
685 address comparisons below. */
686 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
687 != (end - 1) - start) {
690 cpu_tlb_reset_dirty_all(start1, length);
694 /* Note: start and end must be within the same ram block. */
695 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
700 start &= TARGET_PAGE_MASK;
701 end = TARGET_PAGE_ALIGN(end);
703 length = end - start;
706 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
709 tlb_reset_dirty_range_all(start, end, length);
713 static int cpu_physical_memory_set_dirty_tracking(int enable)
716 in_migration = enable;
720 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
721 MemoryRegionSection *section,
723 hwaddr paddr, hwaddr xlat,
725 target_ulong *address)
730 if (memory_region_is_ram(section->mr)) {
732 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
734 if (!section->readonly) {
735 iotlb |= phys_section_notdirty;
737 iotlb |= phys_section_rom;
740 iotlb = section - phys_sections;
744 /* Make accesses to pages with watchpoints go via the
745 watchpoint trap routines. */
746 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
747 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
748 /* Avoid trapping reads of pages with a write breakpoint. */
749 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
750 iotlb = phys_section_watch + paddr;
751 *address |= TLB_MMIO;
759 #endif /* defined(CONFIG_USER_ONLY) */
761 #if !defined(CONFIG_USER_ONLY)
763 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
765 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
766 static void destroy_page_desc(uint16_t section_index)
768 MemoryRegionSection *section = &phys_sections[section_index];
769 MemoryRegion *mr = section->mr;
772 subpage_t *subpage = container_of(mr, subpage_t, iomem);
773 memory_region_destroy(&subpage->iomem);
778 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
783 if (lp->ptr == PHYS_MAP_NODE_NIL) {
787 p = phys_map_nodes[lp->ptr];
788 for (i = 0; i < L2_SIZE; ++i) {
790 destroy_l2_mapping(&p[i], level - 1);
792 destroy_page_desc(p[i].ptr);
796 lp->ptr = PHYS_MAP_NODE_NIL;
799 static void destroy_all_mappings(AddressSpaceDispatch *d)
801 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
802 phys_map_nodes_reset();
805 static uint16_t phys_section_add(MemoryRegionSection *section)
807 /* The physical section number is ORed with a page-aligned
808 * pointer to produce the iotlb entries. Thus it should
809 * never overflow into the page-aligned value.
811 assert(phys_sections_nb < TARGET_PAGE_SIZE);
813 if (phys_sections_nb == phys_sections_nb_alloc) {
814 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
815 phys_sections = g_renew(MemoryRegionSection, phys_sections,
816 phys_sections_nb_alloc);
818 phys_sections[phys_sections_nb] = *section;
819 return phys_sections_nb++;
822 static void phys_sections_clear(void)
824 phys_sections_nb = 0;
827 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
830 hwaddr base = section->offset_within_address_space
832 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
833 MemoryRegionSection subsection = {
834 .offset_within_address_space = base,
835 .size = int128_make64(TARGET_PAGE_SIZE),
839 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
841 if (!(existing->mr->subpage)) {
842 subpage = subpage_init(d->as, base);
843 subsection.mr = &subpage->iomem;
844 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
845 phys_section_add(&subsection));
847 subpage = container_of(existing->mr, subpage_t, iomem);
849 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
850 end = start + int128_get64(section->size) - 1;
851 subpage_register(subpage, start, end, phys_section_add(section));
855 static void register_multipage(AddressSpaceDispatch *d,
856 MemoryRegionSection *section)
858 hwaddr start_addr = section->offset_within_address_space;
859 uint16_t section_index = phys_section_add(section);
860 uint64_t num_pages = int128_get64(int128_rshift(section->size,
864 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
867 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
869 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
870 MemoryRegionSection now = *section, remain = *section;
871 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
873 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
874 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
875 - now.offset_within_address_space;
877 now.size = int128_min(int128_make64(left), now.size);
878 register_subpage(d, &now);
880 now.size = int128_zero();
882 while (int128_ne(remain.size, now.size)) {
883 remain.size = int128_sub(remain.size, now.size);
884 remain.offset_within_address_space += int128_get64(now.size);
885 remain.offset_within_region += int128_get64(now.size);
887 if (int128_lt(remain.size, page_size)) {
888 register_subpage(d, &now);
889 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
890 now.size = page_size;
891 register_subpage(d, &now);
893 now.size = int128_and(now.size, int128_neg(page_size));
894 register_multipage(d, &now);
899 void qemu_flush_coalesced_mmio_buffer(void)
902 kvm_flush_coalesced_mmio_buffer();
905 void qemu_mutex_lock_ramlist(void)
907 qemu_mutex_lock(&ram_list.mutex);
910 void qemu_mutex_unlock_ramlist(void)
912 qemu_mutex_unlock(&ram_list.mutex);
915 #if defined(__linux__) && !defined(TARGET_S390X)
919 #define HUGETLBFS_MAGIC 0x958458f6
921 static long gethugepagesize(const char *path)
927 ret = statfs(path, &fs);
928 } while (ret != 0 && errno == EINTR);
935 if (fs.f_type != HUGETLBFS_MAGIC)
936 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
941 static void *file_ram_alloc(RAMBlock *block,
946 char *sanitized_name;
953 unsigned long hpagesize;
955 hpagesize = gethugepagesize(path);
960 if (memory < hpagesize) {
964 if (kvm_enabled() && !kvm_has_sync_mmu()) {
965 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
969 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
970 sanitized_name = g_strdup(block->mr->name);
971 for (c = sanitized_name; *c != '\0'; c++) {
976 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
978 g_free(sanitized_name);
980 fd = mkstemp(filename);
982 perror("unable to create backing store for hugepages");
989 memory = (memory+hpagesize-1) & ~(hpagesize-1);
992 * ftruncate is not supported by hugetlbfs in older
993 * hosts, so don't bother bailing out on errors.
994 * If anything goes wrong with it under other filesystems,
997 if (ftruncate(fd, memory))
1001 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
1002 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
1003 * to sidestep this quirk.
1005 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
1006 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
1008 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1010 if (area == MAP_FAILED) {
1011 perror("file_ram_alloc: can't mmap RAM pages");
1020 static ram_addr_t find_ram_offset(ram_addr_t size)
1022 RAMBlock *block, *next_block;
1023 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1025 assert(size != 0); /* it would hand out same offset multiple times */
1027 if (QTAILQ_EMPTY(&ram_list.blocks))
1030 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1031 ram_addr_t end, next = RAM_ADDR_MAX;
1033 end = block->offset + block->length;
1035 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1036 if (next_block->offset >= end) {
1037 next = MIN(next, next_block->offset);
1040 if (next - end >= size && next - end < mingap) {
1042 mingap = next - end;
1046 if (offset == RAM_ADDR_MAX) {
1047 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1055 ram_addr_t last_ram_offset(void)
1058 ram_addr_t last = 0;
1060 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1061 last = MAX(last, block->offset + block->length);
1066 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1069 QemuOpts *machine_opts;
1071 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1072 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1074 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1075 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1077 perror("qemu_madvise");
1078 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1079 "but dump_guest_core=off specified\n");
1084 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1086 RAMBlock *new_block, *block;
1089 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1090 if (block->offset == addr) {
1096 assert(!new_block->idstr[0]);
1099 char *id = qdev_get_dev_path(dev);
1101 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1105 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1107 /* This assumes the iothread lock is taken here too. */
1108 qemu_mutex_lock_ramlist();
1109 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1110 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1111 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1116 qemu_mutex_unlock_ramlist();
1119 static int memory_try_enable_merging(void *addr, size_t len)
1123 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1124 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1125 /* disabled by the user */
1129 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1132 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1135 RAMBlock *block, *new_block;
1137 size = TARGET_PAGE_ALIGN(size);
1138 new_block = g_malloc0(sizeof(*new_block));
1140 /* This assumes the iothread lock is taken here too. */
1141 qemu_mutex_lock_ramlist();
1143 new_block->offset = find_ram_offset(size);
1145 new_block->host = host;
1146 new_block->flags |= RAM_PREALLOC_MASK;
1149 #if defined (__linux__) && !defined(TARGET_S390X)
1150 new_block->host = file_ram_alloc(new_block, size, mem_path);
1151 if (!new_block->host) {
1152 new_block->host = qemu_anon_ram_alloc(size);
1153 memory_try_enable_merging(new_block->host, size);
1156 fprintf(stderr, "-mem-path option unsupported\n");
1160 if (xen_enabled()) {
1161 xen_ram_alloc(new_block->offset, size, mr);
1162 } else if (kvm_enabled()) {
1163 /* some s390/kvm configurations have special constraints */
1164 new_block->host = kvm_ram_alloc(size);
1166 new_block->host = qemu_anon_ram_alloc(size);
1168 memory_try_enable_merging(new_block->host, size);
1171 new_block->length = size;
1173 /* Keep the list sorted from biggest to smallest block. */
1174 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1175 if (block->length < new_block->length) {
1180 QTAILQ_INSERT_BEFORE(block, new_block, next);
1182 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1184 ram_list.mru_block = NULL;
1187 qemu_mutex_unlock_ramlist();
1189 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1190 last_ram_offset() >> TARGET_PAGE_BITS);
1191 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1192 0, size >> TARGET_PAGE_BITS);
1193 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1195 qemu_ram_setup_dump(new_block->host, size);
1196 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1199 kvm_setup_guest_memory(new_block->host, size);
1201 return new_block->offset;
1204 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1206 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1209 void qemu_ram_free_from_ptr(ram_addr_t addr)
1213 /* This assumes the iothread lock is taken here too. */
1214 qemu_mutex_lock_ramlist();
1215 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1216 if (addr == block->offset) {
1217 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1218 ram_list.mru_block = NULL;
1224 qemu_mutex_unlock_ramlist();
1227 void qemu_ram_free(ram_addr_t addr)
1231 /* This assumes the iothread lock is taken here too. */
1232 qemu_mutex_lock_ramlist();
1233 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1234 if (addr == block->offset) {
1235 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1236 ram_list.mru_block = NULL;
1238 if (block->flags & RAM_PREALLOC_MASK) {
1240 } else if (mem_path) {
1241 #if defined (__linux__) && !defined(TARGET_S390X)
1243 munmap(block->host, block->length);
1246 qemu_anon_ram_free(block->host, block->length);
1252 if (xen_enabled()) {
1253 xen_invalidate_map_cache_entry(block->host);
1255 qemu_anon_ram_free(block->host, block->length);
1262 qemu_mutex_unlock_ramlist();
1267 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1274 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1275 offset = addr - block->offset;
1276 if (offset < block->length) {
1277 vaddr = block->host + offset;
1278 if (block->flags & RAM_PREALLOC_MASK) {
1282 munmap(vaddr, length);
1284 #if defined(__linux__) && !defined(TARGET_S390X)
1287 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1290 flags |= MAP_PRIVATE;
1292 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1293 flags, block->fd, offset);
1295 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1296 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1303 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1304 flags |= MAP_SHARED | MAP_ANONYMOUS;
1305 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1308 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1309 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1313 if (area != vaddr) {
1314 fprintf(stderr, "Could not remap addr: "
1315 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1319 memory_try_enable_merging(vaddr, length);
1320 qemu_ram_setup_dump(vaddr, length);
1326 #endif /* !_WIN32 */
1328 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1329 With the exception of the softmmu code in this file, this should
1330 only be used for local memory (e.g. video ram) that the device owns,
1331 and knows it isn't going to access beyond the end of the block.
1333 It should not be used for general purpose DMA.
1334 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1336 void *qemu_get_ram_ptr(ram_addr_t addr)
1340 /* The list is protected by the iothread lock here. */
1341 block = ram_list.mru_block;
1342 if (block && addr - block->offset < block->length) {
1345 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1346 if (addr - block->offset < block->length) {
1351 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1355 ram_list.mru_block = block;
1356 if (xen_enabled()) {
1357 /* We need to check if the requested address is in the RAM
1358 * because we don't want to map the entire memory in QEMU.
1359 * In that case just map until the end of the page.
1361 if (block->offset == 0) {
1362 return xen_map_cache(addr, 0, 0);
1363 } else if (block->host == NULL) {
1365 xen_map_cache(block->offset, block->length, 1);
1368 return block->host + (addr - block->offset);
1371 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1372 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1374 * ??? Is this still necessary?
1376 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1380 /* The list is protected by the iothread lock here. */
1381 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1382 if (addr - block->offset < block->length) {
1383 if (xen_enabled()) {
1384 /* We need to check if the requested address is in the RAM
1385 * because we don't want to map the entire memory in QEMU.
1386 * In that case just map until the end of the page.
1388 if (block->offset == 0) {
1389 return xen_map_cache(addr, 0, 0);
1390 } else if (block->host == NULL) {
1392 xen_map_cache(block->offset, block->length, 1);
1395 return block->host + (addr - block->offset);
1399 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1405 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1406 * but takes a size argument */
1407 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1412 if (xen_enabled()) {
1413 return xen_map_cache(addr, *size, 1);
1417 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1418 if (addr - block->offset < block->length) {
1419 if (addr - block->offset + *size > block->length)
1420 *size = block->length - addr + block->offset;
1421 return block->host + (addr - block->offset);
1425 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1430 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1433 uint8_t *host = ptr;
1435 if (xen_enabled()) {
1436 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1440 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1441 /* This case append when the block is not mapped. */
1442 if (block->host == NULL) {
1445 if (host - block->host < block->length) {
1446 *ram_addr = block->offset + (host - block->host);
1454 /* Some of the softmmu routines need to translate from a host pointer
1455 (typically a TLB entry) back to a ram offset. */
1456 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1458 ram_addr_t ram_addr;
1460 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1461 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1467 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1468 uint64_t val, unsigned size)
1471 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1472 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1473 tb_invalidate_phys_page_fast(ram_addr, size);
1474 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1478 stb_p(qemu_get_ram_ptr(ram_addr), val);
1481 stw_p(qemu_get_ram_ptr(ram_addr), val);
1484 stl_p(qemu_get_ram_ptr(ram_addr), val);
1489 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1490 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1491 /* we remove the notdirty callback only if the code has been
1493 if (dirty_flags == 0xff)
1494 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1497 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1498 unsigned size, bool is_write)
1503 static const MemoryRegionOps notdirty_mem_ops = {
1504 .write = notdirty_mem_write,
1505 .valid.accepts = notdirty_mem_accepts,
1506 .endianness = DEVICE_NATIVE_ENDIAN,
1509 /* Generate a debug exception if a watchpoint has been hit. */
1510 static void check_watchpoint(int offset, int len_mask, int flags)
1512 CPUArchState *env = cpu_single_env;
1513 target_ulong pc, cs_base;
1518 if (env->watchpoint_hit) {
1519 /* We re-entered the check after replacing the TB. Now raise
1520 * the debug interrupt so that is will trigger after the
1521 * current instruction. */
1522 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1525 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1526 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1527 if ((vaddr == (wp->vaddr & len_mask) ||
1528 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1529 wp->flags |= BP_WATCHPOINT_HIT;
1530 if (!env->watchpoint_hit) {
1531 env->watchpoint_hit = wp;
1532 tb_check_watchpoint(env);
1533 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1534 env->exception_index = EXCP_DEBUG;
1537 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1538 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1539 cpu_resume_from_signal(env, NULL);
1543 wp->flags &= ~BP_WATCHPOINT_HIT;
1548 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1549 so these check for a hit then pass through to the normal out-of-line
1551 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1554 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1556 case 1: return ldub_phys(addr);
1557 case 2: return lduw_phys(addr);
1558 case 4: return ldl_phys(addr);
1563 static void watch_mem_write(void *opaque, hwaddr addr,
1564 uint64_t val, unsigned size)
1566 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1569 stb_phys(addr, val);
1572 stw_phys(addr, val);
1575 stl_phys(addr, val);
1581 static const MemoryRegionOps watch_mem_ops = {
1582 .read = watch_mem_read,
1583 .write = watch_mem_write,
1584 .endianness = DEVICE_NATIVE_ENDIAN,
1587 static uint64_t subpage_read(void *opaque, hwaddr addr,
1590 subpage_t *subpage = opaque;
1593 #if defined(DEBUG_SUBPAGE)
1594 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1595 subpage, len, addr);
1597 address_space_read(subpage->as, addr + subpage->base, buf, len);
1610 static void subpage_write(void *opaque, hwaddr addr,
1611 uint64_t value, unsigned len)
1613 subpage_t *subpage = opaque;
1616 #if defined(DEBUG_SUBPAGE)
1617 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1618 " value %"PRIx64"\n",
1619 __func__, subpage, len, addr, value);
1634 address_space_write(subpage->as, addr + subpage->base, buf, len);
1637 static bool subpage_accepts(void *opaque, hwaddr addr,
1638 unsigned size, bool is_write)
1640 subpage_t *subpage = opaque;
1641 #if defined(DEBUG_SUBPAGE)
1642 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1643 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1646 return address_space_access_valid(subpage->as, addr + subpage->base,
1650 static const MemoryRegionOps subpage_ops = {
1651 .read = subpage_read,
1652 .write = subpage_write,
1653 .valid.accepts = subpage_accepts,
1654 .endianness = DEVICE_NATIVE_ENDIAN,
1657 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1662 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1664 idx = SUBPAGE_IDX(start);
1665 eidx = SUBPAGE_IDX(end);
1666 #if defined(DEBUG_SUBPAGE)
1667 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1668 mmio, start, end, idx, eidx, memory);
1670 for (; idx <= eidx; idx++) {
1671 mmio->sub_section[idx] = section;
1677 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1681 mmio = g_malloc0(sizeof(subpage_t));
1685 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1686 "subpage", TARGET_PAGE_SIZE);
1687 mmio->iomem.subpage = true;
1688 #if defined(DEBUG_SUBPAGE)
1689 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1690 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1692 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1697 static uint16_t dummy_section(MemoryRegion *mr)
1699 MemoryRegionSection section = {
1701 .offset_within_address_space = 0,
1702 .offset_within_region = 0,
1703 .size = int128_2_64(),
1706 return phys_section_add(§ion);
1709 MemoryRegion *iotlb_to_region(hwaddr index)
1711 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1714 static void io_mem_init(void)
1716 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1717 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1718 "unassigned", UINT64_MAX);
1719 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1720 "notdirty", UINT64_MAX);
1721 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1722 "watch", UINT64_MAX);
1725 static void mem_begin(MemoryListener *listener)
1727 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1729 destroy_all_mappings(d);
1730 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1733 static void core_begin(MemoryListener *listener)
1735 phys_sections_clear();
1736 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1737 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1738 phys_section_rom = dummy_section(&io_mem_rom);
1739 phys_section_watch = dummy_section(&io_mem_watch);
1742 static void tcg_commit(MemoryListener *listener)
1746 /* since each CPU stores ram addresses in its TLB cache, we must
1747 reset the modified entries */
1749 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1754 static void core_log_global_start(MemoryListener *listener)
1756 cpu_physical_memory_set_dirty_tracking(1);
1759 static void core_log_global_stop(MemoryListener *listener)
1761 cpu_physical_memory_set_dirty_tracking(0);
1764 static void io_region_add(MemoryListener *listener,
1765 MemoryRegionSection *section)
1767 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1769 mrio->mr = section->mr;
1770 mrio->offset = section->offset_within_region;
1771 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1772 section->offset_within_address_space,
1773 int128_get64(section->size));
1774 ioport_register(&mrio->iorange);
1777 static void io_region_del(MemoryListener *listener,
1778 MemoryRegionSection *section)
1780 isa_unassign_ioport(section->offset_within_address_space,
1781 int128_get64(section->size));
1784 static MemoryListener core_memory_listener = {
1785 .begin = core_begin,
1786 .log_global_start = core_log_global_start,
1787 .log_global_stop = core_log_global_stop,
1791 static MemoryListener io_memory_listener = {
1792 .region_add = io_region_add,
1793 .region_del = io_region_del,
1797 static MemoryListener tcg_memory_listener = {
1798 .commit = tcg_commit,
1801 void address_space_init_dispatch(AddressSpace *as)
1803 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1805 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1806 d->listener = (MemoryListener) {
1808 .region_add = mem_add,
1809 .region_nop = mem_add,
1814 memory_listener_register(&d->listener, as);
1817 void address_space_destroy_dispatch(AddressSpace *as)
1819 AddressSpaceDispatch *d = as->dispatch;
1821 memory_listener_unregister(&d->listener);
1822 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1824 as->dispatch = NULL;
1827 static void memory_map_init(void)
1829 system_memory = g_malloc(sizeof(*system_memory));
1830 memory_region_init(system_memory, "system", INT64_MAX);
1831 address_space_init(&address_space_memory, system_memory);
1832 address_space_memory.name = "memory";
1834 system_io = g_malloc(sizeof(*system_io));
1835 memory_region_init(system_io, "io", 65536);
1836 address_space_init(&address_space_io, system_io);
1837 address_space_io.name = "I/O";
1839 memory_listener_register(&core_memory_listener, &address_space_memory);
1840 memory_listener_register(&io_memory_listener, &address_space_io);
1841 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1843 dma_context_init(&dma_context_memory, &address_space_memory);
1846 MemoryRegion *get_system_memory(void)
1848 return system_memory;
1851 MemoryRegion *get_system_io(void)
1856 #endif /* !defined(CONFIG_USER_ONLY) */
1858 /* physical memory access (slow version, mainly for debug) */
1859 #if defined(CONFIG_USER_ONLY)
1860 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1861 uint8_t *buf, int len, int is_write)
1868 page = addr & TARGET_PAGE_MASK;
1869 l = (page + TARGET_PAGE_SIZE) - addr;
1872 flags = page_get_flags(page);
1873 if (!(flags & PAGE_VALID))
1876 if (!(flags & PAGE_WRITE))
1878 /* XXX: this code should not depend on lock_user */
1879 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1882 unlock_user(p, addr, l);
1884 if (!(flags & PAGE_READ))
1886 /* XXX: this code should not depend on lock_user */
1887 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1890 unlock_user(p, addr, 0);
1901 static void invalidate_and_set_dirty(hwaddr addr,
1904 if (!cpu_physical_memory_is_dirty(addr)) {
1905 /* invalidate code */
1906 tb_invalidate_phys_page_range(addr, addr + length, 0);
1908 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1910 xen_modified_memory(addr, length);
1913 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1915 if (memory_region_is_ram(mr)) {
1916 return !(is_write && mr->readonly);
1918 if (memory_region_is_romd(mr)) {
1925 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1927 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1930 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1936 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1937 int len, bool is_write)
1948 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1951 if (!memory_access_is_direct(mr, is_write)) {
1952 l = memory_access_size(mr, l, addr1);
1953 /* XXX: could force cpu_single_env to NULL to avoid
1956 /* 32 bit write access */
1958 error |= io_mem_write(mr, addr1, val, 4);
1959 } else if (l == 2) {
1960 /* 16 bit write access */
1962 error |= io_mem_write(mr, addr1, val, 2);
1964 /* 8 bit write access */
1966 error |= io_mem_write(mr, addr1, val, 1);
1969 addr1 += memory_region_get_ram_addr(mr);
1971 ptr = qemu_get_ram_ptr(addr1);
1972 memcpy(ptr, buf, l);
1973 invalidate_and_set_dirty(addr1, l);
1976 if (!memory_access_is_direct(mr, is_write)) {
1978 l = memory_access_size(mr, l, addr1);
1980 /* 32 bit read access */
1981 error |= io_mem_read(mr, addr1, &val, 4);
1983 } else if (l == 2) {
1984 /* 16 bit read access */
1985 error |= io_mem_read(mr, addr1, &val, 2);
1988 /* 8 bit read access */
1989 error |= io_mem_read(mr, addr1, &val, 1);
1994 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1995 memcpy(buf, ptr, l);
2006 bool address_space_write(AddressSpace *as, hwaddr addr,
2007 const uint8_t *buf, int len)
2009 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2012 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2014 return address_space_rw(as, addr, buf, len, false);
2018 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2019 int len, int is_write)
2021 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2024 /* used for ROM loading : can write in RAM and ROM */
2025 void cpu_physical_memory_write_rom(hwaddr addr,
2026 const uint8_t *buf, int len)
2035 mr = address_space_translate(&address_space_memory,
2036 addr, &addr1, &l, true);
2038 if (!(memory_region_is_ram(mr) ||
2039 memory_region_is_romd(mr))) {
2042 addr1 += memory_region_get_ram_addr(mr);
2044 ptr = qemu_get_ram_ptr(addr1);
2045 memcpy(ptr, buf, l);
2046 invalidate_and_set_dirty(addr1, l);
2060 static BounceBuffer bounce;
2062 typedef struct MapClient {
2064 void (*callback)(void *opaque);
2065 QLIST_ENTRY(MapClient) link;
2068 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2069 = QLIST_HEAD_INITIALIZER(map_client_list);
2071 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2073 MapClient *client = g_malloc(sizeof(*client));
2075 client->opaque = opaque;
2076 client->callback = callback;
2077 QLIST_INSERT_HEAD(&map_client_list, client, link);
2081 static void cpu_unregister_map_client(void *_client)
2083 MapClient *client = (MapClient *)_client;
2085 QLIST_REMOVE(client, link);
2089 static void cpu_notify_map_clients(void)
2093 while (!QLIST_EMPTY(&map_client_list)) {
2094 client = QLIST_FIRST(&map_client_list);
2095 client->callback(client->opaque);
2096 cpu_unregister_map_client(client);
2100 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2107 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2108 if (!memory_access_is_direct(mr, is_write)) {
2109 l = memory_access_size(mr, l, addr);
2110 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2121 /* Map a physical memory region into a host virtual address.
2122 * May map a subset of the requested range, given by and returned in *plen.
2123 * May return NULL if resources needed to perform the mapping are exhausted.
2124 * Use only for reads OR writes - not for read-modify-write operations.
2125 * Use cpu_register_map_client() to know when retrying the map operation is
2126 * likely to succeed.
2128 void *address_space_map(AddressSpace *as,
2137 ram_addr_t raddr = RAM_ADDR_MAX;
2143 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2145 if (!memory_access_is_direct(mr, is_write)) {
2146 if (todo || bounce.buffer) {
2149 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2153 address_space_read(as, addr, bounce.buffer, l);
2157 return bounce.buffer;
2160 raddr = memory_region_get_ram_addr(mr) + xlat;
2162 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2172 ret = qemu_ram_ptr_length(raddr, &rlen);
2177 /* Unmaps a memory region previously mapped by address_space_map().
2178 * Will also mark the memory as dirty if is_write == 1. access_len gives
2179 * the amount of memory that was actually read or written by the caller.
2181 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2182 int is_write, hwaddr access_len)
2184 if (buffer != bounce.buffer) {
2186 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2187 while (access_len) {
2189 l = TARGET_PAGE_SIZE;
2192 invalidate_and_set_dirty(addr1, l);
2197 if (xen_enabled()) {
2198 xen_invalidate_map_cache_entry(buffer);
2203 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2205 qemu_vfree(bounce.buffer);
2206 bounce.buffer = NULL;
2207 cpu_notify_map_clients();
2210 void *cpu_physical_memory_map(hwaddr addr,
2214 return address_space_map(&address_space_memory, addr, plen, is_write);
2217 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2218 int is_write, hwaddr access_len)
2220 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2223 /* warning: addr must be aligned */
2224 static inline uint32_t ldl_phys_internal(hwaddr addr,
2225 enum device_endian endian)
2233 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2235 if (l < 4 || !memory_access_is_direct(mr, false)) {
2237 io_mem_read(mr, addr1, &val, 4);
2238 #if defined(TARGET_WORDS_BIGENDIAN)
2239 if (endian == DEVICE_LITTLE_ENDIAN) {
2243 if (endian == DEVICE_BIG_ENDIAN) {
2249 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2253 case DEVICE_LITTLE_ENDIAN:
2254 val = ldl_le_p(ptr);
2256 case DEVICE_BIG_ENDIAN:
2257 val = ldl_be_p(ptr);
2267 uint32_t ldl_phys(hwaddr addr)
2269 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2272 uint32_t ldl_le_phys(hwaddr addr)
2274 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2277 uint32_t ldl_be_phys(hwaddr addr)
2279 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2282 /* warning: addr must be aligned */
2283 static inline uint64_t ldq_phys_internal(hwaddr addr,
2284 enum device_endian endian)
2292 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2294 if (l < 8 || !memory_access_is_direct(mr, false)) {
2296 io_mem_read(mr, addr1, &val, 8);
2297 #if defined(TARGET_WORDS_BIGENDIAN)
2298 if (endian == DEVICE_LITTLE_ENDIAN) {
2302 if (endian == DEVICE_BIG_ENDIAN) {
2308 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2312 case DEVICE_LITTLE_ENDIAN:
2313 val = ldq_le_p(ptr);
2315 case DEVICE_BIG_ENDIAN:
2316 val = ldq_be_p(ptr);
2326 uint64_t ldq_phys(hwaddr addr)
2328 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2331 uint64_t ldq_le_phys(hwaddr addr)
2333 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2336 uint64_t ldq_be_phys(hwaddr addr)
2338 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2342 uint32_t ldub_phys(hwaddr addr)
2345 cpu_physical_memory_read(addr, &val, 1);
2349 /* warning: addr must be aligned */
2350 static inline uint32_t lduw_phys_internal(hwaddr addr,
2351 enum device_endian endian)
2359 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2361 if (l < 2 || !memory_access_is_direct(mr, false)) {
2363 io_mem_read(mr, addr1, &val, 2);
2364 #if defined(TARGET_WORDS_BIGENDIAN)
2365 if (endian == DEVICE_LITTLE_ENDIAN) {
2369 if (endian == DEVICE_BIG_ENDIAN) {
2375 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2379 case DEVICE_LITTLE_ENDIAN:
2380 val = lduw_le_p(ptr);
2382 case DEVICE_BIG_ENDIAN:
2383 val = lduw_be_p(ptr);
2393 uint32_t lduw_phys(hwaddr addr)
2395 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2398 uint32_t lduw_le_phys(hwaddr addr)
2400 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2403 uint32_t lduw_be_phys(hwaddr addr)
2405 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2408 /* warning: addr must be aligned. The ram page is not masked as dirty
2409 and the code inside is not invalidated. It is useful if the dirty
2410 bits are used to track modified PTEs */
2411 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2418 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2420 if (l < 4 || !memory_access_is_direct(mr, true)) {
2421 io_mem_write(mr, addr1, val, 4);
2423 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2424 ptr = qemu_get_ram_ptr(addr1);
2427 if (unlikely(in_migration)) {
2428 if (!cpu_physical_memory_is_dirty(addr1)) {
2429 /* invalidate code */
2430 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2432 cpu_physical_memory_set_dirty_flags(
2433 addr1, (0xff & ~CODE_DIRTY_FLAG));
2439 /* warning: addr must be aligned */
2440 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2441 enum device_endian endian)
2448 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2450 if (l < 4 || !memory_access_is_direct(mr, true)) {
2451 #if defined(TARGET_WORDS_BIGENDIAN)
2452 if (endian == DEVICE_LITTLE_ENDIAN) {
2456 if (endian == DEVICE_BIG_ENDIAN) {
2460 io_mem_write(mr, addr1, val, 4);
2463 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2464 ptr = qemu_get_ram_ptr(addr1);
2466 case DEVICE_LITTLE_ENDIAN:
2469 case DEVICE_BIG_ENDIAN:
2476 invalidate_and_set_dirty(addr1, 4);
2480 void stl_phys(hwaddr addr, uint32_t val)
2482 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2485 void stl_le_phys(hwaddr addr, uint32_t val)
2487 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2490 void stl_be_phys(hwaddr addr, uint32_t val)
2492 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2496 void stb_phys(hwaddr addr, uint32_t val)
2499 cpu_physical_memory_write(addr, &v, 1);
2502 /* warning: addr must be aligned */
2503 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2504 enum device_endian endian)
2511 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2513 if (l < 2 || !memory_access_is_direct(mr, true)) {
2514 #if defined(TARGET_WORDS_BIGENDIAN)
2515 if (endian == DEVICE_LITTLE_ENDIAN) {
2519 if (endian == DEVICE_BIG_ENDIAN) {
2523 io_mem_write(mr, addr1, val, 2);
2526 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2527 ptr = qemu_get_ram_ptr(addr1);
2529 case DEVICE_LITTLE_ENDIAN:
2532 case DEVICE_BIG_ENDIAN:
2539 invalidate_and_set_dirty(addr1, 2);
2543 void stw_phys(hwaddr addr, uint32_t val)
2545 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2548 void stw_le_phys(hwaddr addr, uint32_t val)
2550 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2553 void stw_be_phys(hwaddr addr, uint32_t val)
2555 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2559 void stq_phys(hwaddr addr, uint64_t val)
2562 cpu_physical_memory_write(addr, &val, 8);
2565 void stq_le_phys(hwaddr addr, uint64_t val)
2567 val = cpu_to_le64(val);
2568 cpu_physical_memory_write(addr, &val, 8);
2571 void stq_be_phys(hwaddr addr, uint64_t val)
2573 val = cpu_to_be64(val);
2574 cpu_physical_memory_write(addr, &val, 8);
2577 /* virtual memory access for debug (includes writing to ROM) */
2578 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2579 uint8_t *buf, int len, int is_write)
2586 page = addr & TARGET_PAGE_MASK;
2587 phys_addr = cpu_get_phys_page_debug(env, page);
2588 /* if no physical page mapped, return an error */
2589 if (phys_addr == -1)
2591 l = (page + TARGET_PAGE_SIZE) - addr;
2594 phys_addr += (addr & ~TARGET_PAGE_MASK);
2596 cpu_physical_memory_write_rom(phys_addr, buf, l);
2598 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2607 #if !defined(CONFIG_USER_ONLY)
2610 * A helper function for the _utterly broken_ virtio device model to find out if
2611 * it's running on a big endian machine. Don't do this at home kids!
2613 bool virtio_is_big_endian(void);
2614 bool virtio_is_big_endian(void)
2616 #if defined(TARGET_WORDS_BIGENDIAN)
2625 #ifndef CONFIG_USER_ONLY
2626 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2631 mr = address_space_translate(&address_space_memory,
2632 phys_addr, &phys_addr, &l, false);
2634 return !(memory_region_is_ram(mr) ||
2635 memory_region_is_romd(mr));
projects / qemu.git / blob