4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 static bool in_migration;
64 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
65 * are protected by the ramlist lock.
67 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
69 static MemoryRegion *system_memory;
70 static MemoryRegion *system_io;
72 AddressSpace address_space_io;
73 AddressSpace address_space_memory;
75 MemoryRegion io_mem_rom, io_mem_notdirty;
76 static MemoryRegion io_mem_unassigned;
78 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
79 #define RAM_PREALLOC (1 << 0)
81 /* RAM is mmap-ed with MAP_SHARED */
82 #define RAM_SHARED (1 << 1)
84 /* Only a portion of RAM (used_length) is actually used, and migrated.
85 * This used_length size can change across reboots.
87 #define RAM_RESIZEABLE (1 << 2)
91 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
92 /* current CPU in the current thread. It is only valid inside
94 DEFINE_TLS(CPUState *, current_cpu);
95 /* 0 = Do not count executed instructions.
96 1 = Precise instruction counting.
97 2 = Adaptive rate instruction counting. */
100 #if !defined(CONFIG_USER_ONLY)
102 typedef struct PhysPageEntry PhysPageEntry;
104 struct PhysPageEntry {
105 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
107 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
111 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113 /* Size of the L2 (and L3, etc) page tables. */
114 #define ADDR_SPACE_BITS 64
117 #define P_L2_SIZE (1 << P_L2_BITS)
119 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121 typedef PhysPageEntry Node[P_L2_SIZE];
123 typedef struct PhysPageMap {
126 unsigned sections_nb;
127 unsigned sections_nb_alloc;
129 unsigned nodes_nb_alloc;
131 MemoryRegionSection *sections;
134 struct AddressSpaceDispatch {
137 /* This is a multi-level map on the physical address space.
138 * The bottom level has pointers to MemoryRegionSections.
140 PhysPageEntry phys_map;
145 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
146 typedef struct subpage_t {
150 uint16_t sub_section[TARGET_PAGE_SIZE];
153 #define PHYS_SECTION_UNASSIGNED 0
154 #define PHYS_SECTION_NOTDIRTY 1
155 #define PHYS_SECTION_ROM 2
156 #define PHYS_SECTION_WATCH 3
158 static void io_mem_init(void);
159 static void memory_map_init(void);
160 static void tcg_commit(MemoryListener *listener);
162 static MemoryRegion io_mem_watch;
165 #if !defined(CONFIG_USER_ONLY)
167 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
169 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
171 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
172 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
176 static uint32_t phys_map_node_alloc(PhysPageMap *map)
181 ret = map->nodes_nb++;
182 assert(ret != PHYS_MAP_NODE_NIL);
183 assert(ret != map->nodes_nb_alloc);
184 for (i = 0; i < P_L2_SIZE; ++i) {
185 map->nodes[ret][i].skip = 1;
186 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
191 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
192 hwaddr *index, hwaddr *nb, uint16_t leaf,
197 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
199 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
200 lp->ptr = phys_map_node_alloc(map);
201 p = map->nodes[lp->ptr];
203 for (i = 0; i < P_L2_SIZE; i++) {
205 p[i].ptr = PHYS_SECTION_UNASSIGNED;
209 p = map->nodes[lp->ptr];
211 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
213 while (*nb && lp < &p[P_L2_SIZE]) {
214 if ((*index & (step - 1)) == 0 && *nb >= step) {
220 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
226 static void phys_page_set(AddressSpaceDispatch *d,
227 hwaddr index, hwaddr nb,
230 /* Wildly overreserve - it doesn't matter much. */
231 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
233 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
236 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
237 * and update our entry so we can skip it and go directly to the destination.
239 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
241 unsigned valid_ptr = P_L2_SIZE;
246 if (lp->ptr == PHYS_MAP_NODE_NIL) {
251 for (i = 0; i < P_L2_SIZE; i++) {
252 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
259 phys_page_compact(&p[i], nodes, compacted);
263 /* We can only compress if there's only one child. */
268 assert(valid_ptr < P_L2_SIZE);
270 /* Don't compress if it won't fit in the # of bits we have. */
271 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
275 lp->ptr = p[valid_ptr].ptr;
276 if (!p[valid_ptr].skip) {
277 /* If our only child is a leaf, make this a leaf. */
278 /* By design, we should have made this node a leaf to begin with so we
279 * should never reach here.
280 * But since it's so simple to handle this, let's do it just in case we
285 lp->skip += p[valid_ptr].skip;
289 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
291 DECLARE_BITMAP(compacted, nodes_nb);
293 if (d->phys_map.skip) {
294 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
298 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
299 Node *nodes, MemoryRegionSection *sections)
302 hwaddr index = addr >> TARGET_PAGE_BITS;
305 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
306 if (lp.ptr == PHYS_MAP_NODE_NIL) {
307 return §ions[PHYS_SECTION_UNASSIGNED];
310 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
313 if (sections[lp.ptr].size.hi ||
314 range_covers_byte(sections[lp.ptr].offset_within_address_space,
315 sections[lp.ptr].size.lo, addr)) {
316 return §ions[lp.ptr];
318 return §ions[PHYS_SECTION_UNASSIGNED];
322 bool memory_region_is_unassigned(MemoryRegion *mr)
324 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
325 && mr != &io_mem_watch;
328 /* Called from RCU critical section */
329 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
331 bool resolve_subpage)
333 MemoryRegionSection *section;
336 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
337 if (resolve_subpage && section->mr->subpage) {
338 subpage = container_of(section->mr, subpage_t, iomem);
339 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
344 /* Called from RCU critical section */
345 static MemoryRegionSection *
346 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
347 hwaddr *plen, bool resolve_subpage)
349 MemoryRegionSection *section;
352 section = address_space_lookup_region(d, addr, resolve_subpage);
353 /* Compute offset within MemoryRegionSection */
354 addr -= section->offset_within_address_space;
356 /* Compute offset within MemoryRegion */
357 *xlat = addr + section->offset_within_region;
359 diff = int128_sub(section->mr->size, int128_make64(addr));
360 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
364 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
366 if (memory_region_is_ram(mr)) {
367 return !(is_write && mr->readonly);
369 if (memory_region_is_romd(mr)) {
376 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
377 hwaddr *xlat, hwaddr *plen,
381 MemoryRegionSection *section;
386 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
387 section = address_space_translate_internal(d, addr, &addr, plen, true);
390 if (!mr->iommu_ops) {
394 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
395 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
396 | (addr & iotlb.addr_mask));
397 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
398 if (!(iotlb.perm & (1 << is_write))) {
399 mr = &io_mem_unassigned;
403 as = iotlb.target_as;
406 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
407 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
408 *plen = MIN(page, *plen);
416 /* Called from RCU critical section */
417 MemoryRegionSection *
418 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen)
421 MemoryRegionSection *section;
422 section = address_space_translate_internal(cpu->memory_dispatch,
423 addr, xlat, plen, false);
425 assert(!section->mr->iommu_ops);
430 void cpu_exec_init_all(void)
432 #if !defined(CONFIG_USER_ONLY)
433 qemu_mutex_init(&ram_list.mutex);
439 #if !defined(CONFIG_USER_ONLY)
441 static int cpu_common_post_load(void *opaque, int version_id)
443 CPUState *cpu = opaque;
445 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
446 version_id is increased. */
447 cpu->interrupt_request &= ~0x01;
453 static int cpu_common_pre_load(void *opaque)
455 CPUState *cpu = opaque;
457 cpu->exception_index = -1;
462 static bool cpu_common_exception_index_needed(void *opaque)
464 CPUState *cpu = opaque;
466 return tcg_enabled() && cpu->exception_index != -1;
469 static const VMStateDescription vmstate_cpu_common_exception_index = {
470 .name = "cpu_common/exception_index",
472 .minimum_version_id = 1,
473 .fields = (VMStateField[]) {
474 VMSTATE_INT32(exception_index, CPUState),
475 VMSTATE_END_OF_LIST()
479 const VMStateDescription vmstate_cpu_common = {
480 .name = "cpu_common",
482 .minimum_version_id = 1,
483 .pre_load = cpu_common_pre_load,
484 .post_load = cpu_common_post_load,
485 .fields = (VMStateField[]) {
486 VMSTATE_UINT32(halted, CPUState),
487 VMSTATE_UINT32(interrupt_request, CPUState),
488 VMSTATE_END_OF_LIST()
490 .subsections = (VMStateSubsection[]) {
492 .vmsd = &vmstate_cpu_common_exception_index,
493 .needed = cpu_common_exception_index_needed,
502 CPUState *qemu_get_cpu(int index)
507 if (cpu->cpu_index == index) {
515 #if !defined(CONFIG_USER_ONLY)
516 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
518 /* We only support one address space per cpu at the moment. */
519 assert(cpu->as == as);
521 if (cpu->tcg_as_listener) {
522 memory_listener_unregister(cpu->tcg_as_listener);
524 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
526 cpu->tcg_as_listener->commit = tcg_commit;
527 memory_listener_register(cpu->tcg_as_listener, as);
531 void cpu_exec_init(CPUArchState *env)
533 CPUState *cpu = ENV_GET_CPU(env);
534 CPUClass *cc = CPU_GET_CLASS(cpu);
538 #if defined(CONFIG_USER_ONLY)
542 CPU_FOREACH(some_cpu) {
545 cpu->cpu_index = cpu_index;
547 QTAILQ_INIT(&cpu->breakpoints);
548 QTAILQ_INIT(&cpu->watchpoints);
549 #ifndef CONFIG_USER_ONLY
550 cpu->as = &address_space_memory;
551 cpu->thread_id = qemu_get_thread_id();
552 cpu_reload_memory_map(cpu);
554 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
555 #if defined(CONFIG_USER_ONLY)
558 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
559 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
561 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
562 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
563 cpu_save, cpu_load, env);
564 assert(cc->vmsd == NULL);
565 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
567 if (cc->vmsd != NULL) {
568 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
572 #if defined(CONFIG_USER_ONLY)
573 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
575 tb_invalidate_phys_page_range(pc, pc + 1, 0);
578 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
580 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
582 tb_invalidate_phys_addr(cpu->as,
583 phys | (pc & ~TARGET_PAGE_MASK));
588 #if defined(CONFIG_USER_ONLY)
589 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
594 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
600 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
604 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
605 int flags, CPUWatchpoint **watchpoint)
610 /* Add a watchpoint. */
611 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
612 int flags, CPUWatchpoint **watchpoint)
616 /* forbid ranges which are empty or run off the end of the address space */
617 if (len == 0 || (addr + len - 1) < addr) {
618 error_report("tried to set invalid watchpoint at %"
619 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
622 wp = g_malloc(sizeof(*wp));
628 /* keep all GDB-injected watchpoints in front */
629 if (flags & BP_GDB) {
630 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
632 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
635 tlb_flush_page(cpu, addr);
642 /* Remove a specific watchpoint. */
643 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
648 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
649 if (addr == wp->vaddr && len == wp->len
650 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
651 cpu_watchpoint_remove_by_ref(cpu, wp);
658 /* Remove a specific watchpoint by reference. */
659 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
661 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
663 tlb_flush_page(cpu, watchpoint->vaddr);
668 /* Remove all matching watchpoints. */
669 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
671 CPUWatchpoint *wp, *next;
673 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
674 if (wp->flags & mask) {
675 cpu_watchpoint_remove_by_ref(cpu, wp);
680 /* Return true if this watchpoint address matches the specified
681 * access (ie the address range covered by the watchpoint overlaps
682 * partially or completely with the address range covered by the
685 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
689 /* We know the lengths are non-zero, but a little caution is
690 * required to avoid errors in the case where the range ends
691 * exactly at the top of the address space and so addr + len
692 * wraps round to zero.
694 vaddr wpend = wp->vaddr + wp->len - 1;
695 vaddr addrend = addr + len - 1;
697 return !(addr > wpend || wp->vaddr > addrend);
702 /* Add a breakpoint. */
703 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
704 CPUBreakpoint **breakpoint)
708 bp = g_malloc(sizeof(*bp));
713 /* keep all GDB-injected breakpoints in front */
714 if (flags & BP_GDB) {
715 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
717 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
720 breakpoint_invalidate(cpu, pc);
728 /* Remove a specific breakpoint. */
729 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
733 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
734 if (bp->pc == pc && bp->flags == flags) {
735 cpu_breakpoint_remove_by_ref(cpu, bp);
742 /* Remove a specific breakpoint by reference. */
743 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
745 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
747 breakpoint_invalidate(cpu, breakpoint->pc);
752 /* Remove all matching breakpoints. */
753 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
755 CPUBreakpoint *bp, *next;
757 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
758 if (bp->flags & mask) {
759 cpu_breakpoint_remove_by_ref(cpu, bp);
764 /* enable or disable single step mode. EXCP_DEBUG is returned by the
765 CPU loop after each instruction */
766 void cpu_single_step(CPUState *cpu, int enabled)
768 if (cpu->singlestep_enabled != enabled) {
769 cpu->singlestep_enabled = enabled;
771 kvm_update_guest_debug(cpu, 0);
773 /* must flush all the translated code to avoid inconsistencies */
774 /* XXX: only flush what is necessary */
775 CPUArchState *env = cpu->env_ptr;
781 void cpu_abort(CPUState *cpu, const char *fmt, ...)
788 fprintf(stderr, "qemu: fatal: ");
789 vfprintf(stderr, fmt, ap);
790 fprintf(stderr, "\n");
791 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
792 if (qemu_log_enabled()) {
793 qemu_log("qemu: fatal: ");
794 qemu_log_vprintf(fmt, ap2);
796 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
802 #if defined(CONFIG_USER_ONLY)
804 struct sigaction act;
805 sigfillset(&act.sa_mask);
806 act.sa_handler = SIG_DFL;
807 sigaction(SIGABRT, &act, NULL);
813 #if !defined(CONFIG_USER_ONLY)
814 /* Called from RCU critical section */
815 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
819 block = atomic_rcu_read(&ram_list.mru_block);
820 if (block && addr - block->offset < block->max_length) {
823 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
824 if (addr - block->offset < block->max_length) {
829 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
833 /* It is safe to write mru_block outside the iothread lock. This
838 * xxx removed from list
842 * call_rcu(reclaim_ramblock, xxx);
845 * atomic_rcu_set is not needed here. The block was already published
846 * when it was placed into the list. Here we're just making an extra
847 * copy of the pointer.
849 ram_list.mru_block = block;
853 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
859 end = TARGET_PAGE_ALIGN(start + length);
860 start &= TARGET_PAGE_MASK;
863 block = qemu_get_ram_block(start);
864 assert(block == qemu_get_ram_block(end - 1));
865 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
866 cpu_tlb_reset_dirty_all(start1, length);
870 /* Note: start and end must be within the same ram block. */
871 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
876 cpu_physical_memory_clear_dirty_range_type(start, length, client);
879 tlb_reset_dirty_range_all(start, length);
883 static void cpu_physical_memory_set_dirty_tracking(bool enable)
885 in_migration = enable;
888 /* Called from RCU critical section */
889 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
890 MemoryRegionSection *section,
892 hwaddr paddr, hwaddr xlat,
894 target_ulong *address)
899 if (memory_region_is_ram(section->mr)) {
901 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
903 if (!section->readonly) {
904 iotlb |= PHYS_SECTION_NOTDIRTY;
906 iotlb |= PHYS_SECTION_ROM;
909 iotlb = section - section->address_space->dispatch->map.sections;
913 /* Make accesses to pages with watchpoints go via the
914 watchpoint trap routines. */
915 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
916 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
917 /* Avoid trapping reads of pages with a write breakpoint. */
918 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
919 iotlb = PHYS_SECTION_WATCH + paddr;
920 *address |= TLB_MMIO;
928 #endif /* defined(CONFIG_USER_ONLY) */
930 #if !defined(CONFIG_USER_ONLY)
932 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
934 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
936 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
940 * Set a custom physical guest memory alloator.
941 * Accelerators with unusual needs may need this. Hopefully, we can
942 * get rid of it eventually.
944 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
946 phys_mem_alloc = alloc;
949 static uint16_t phys_section_add(PhysPageMap *map,
950 MemoryRegionSection *section)
952 /* The physical section number is ORed with a page-aligned
953 * pointer to produce the iotlb entries. Thus it should
954 * never overflow into the page-aligned value.
956 assert(map->sections_nb < TARGET_PAGE_SIZE);
958 if (map->sections_nb == map->sections_nb_alloc) {
959 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
960 map->sections = g_renew(MemoryRegionSection, map->sections,
961 map->sections_nb_alloc);
963 map->sections[map->sections_nb] = *section;
964 memory_region_ref(section->mr);
965 return map->sections_nb++;
968 static void phys_section_destroy(MemoryRegion *mr)
970 memory_region_unref(mr);
973 subpage_t *subpage = container_of(mr, subpage_t, iomem);
974 object_unref(OBJECT(&subpage->iomem));
979 static void phys_sections_free(PhysPageMap *map)
981 while (map->sections_nb > 0) {
982 MemoryRegionSection *section = &map->sections[--map->sections_nb];
983 phys_section_destroy(section->mr);
985 g_free(map->sections);
989 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
992 hwaddr base = section->offset_within_address_space
994 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
995 d->map.nodes, d->map.sections);
996 MemoryRegionSection subsection = {
997 .offset_within_address_space = base,
998 .size = int128_make64(TARGET_PAGE_SIZE),
1002 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1004 if (!(existing->mr->subpage)) {
1005 subpage = subpage_init(d->as, base);
1006 subsection.address_space = d->as;
1007 subsection.mr = &subpage->iomem;
1008 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1009 phys_section_add(&d->map, &subsection));
1011 subpage = container_of(existing->mr, subpage_t, iomem);
1013 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1014 end = start + int128_get64(section->size) - 1;
1015 subpage_register(subpage, start, end,
1016 phys_section_add(&d->map, section));
1020 static void register_multipage(AddressSpaceDispatch *d,
1021 MemoryRegionSection *section)
1023 hwaddr start_addr = section->offset_within_address_space;
1024 uint16_t section_index = phys_section_add(&d->map, section);
1025 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1029 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1032 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1034 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1035 AddressSpaceDispatch *d = as->next_dispatch;
1036 MemoryRegionSection now = *section, remain = *section;
1037 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1039 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1040 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1041 - now.offset_within_address_space;
1043 now.size = int128_min(int128_make64(left), now.size);
1044 register_subpage(d, &now);
1046 now.size = int128_zero();
1048 while (int128_ne(remain.size, now.size)) {
1049 remain.size = int128_sub(remain.size, now.size);
1050 remain.offset_within_address_space += int128_get64(now.size);
1051 remain.offset_within_region += int128_get64(now.size);
1053 if (int128_lt(remain.size, page_size)) {
1054 register_subpage(d, &now);
1055 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1056 now.size = page_size;
1057 register_subpage(d, &now);
1059 now.size = int128_and(now.size, int128_neg(page_size));
1060 register_multipage(d, &now);
1065 void qemu_flush_coalesced_mmio_buffer(void)
1068 kvm_flush_coalesced_mmio_buffer();
1071 void qemu_mutex_lock_ramlist(void)
1073 qemu_mutex_lock(&ram_list.mutex);
1076 void qemu_mutex_unlock_ramlist(void)
1078 qemu_mutex_unlock(&ram_list.mutex);
1083 #include <sys/vfs.h>
1085 #define HUGETLBFS_MAGIC 0x958458f6
1087 static long gethugepagesize(const char *path, Error **errp)
1093 ret = statfs(path, &fs);
1094 } while (ret != 0 && errno == EINTR);
1097 error_setg_errno(errp, errno, "failed to get page size of file %s",
1102 if (fs.f_type != HUGETLBFS_MAGIC)
1103 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1108 static void *file_ram_alloc(RAMBlock *block,
1114 char *sanitized_name;
1119 Error *local_err = NULL;
1121 hpagesize = gethugepagesize(path, &local_err);
1123 error_propagate(errp, local_err);
1126 block->mr->align = hpagesize;
1128 if (memory < hpagesize) {
1129 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1130 "or larger than huge page size 0x%" PRIx64,
1135 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1137 "host lacks kvm mmu notifiers, -mem-path unsupported");
1141 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1142 sanitized_name = g_strdup(memory_region_name(block->mr));
1143 for (c = sanitized_name; *c != '\0'; c++) {
1148 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1150 g_free(sanitized_name);
1152 fd = mkstemp(filename);
1154 error_setg_errno(errp, errno,
1155 "unable to create backing store for hugepages");
1162 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1165 * ftruncate is not supported by hugetlbfs in older
1166 * hosts, so don't bother bailing out on errors.
1167 * If anything goes wrong with it under other filesystems,
1170 if (ftruncate(fd, memory)) {
1171 perror("ftruncate");
1174 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1175 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1177 if (area == MAP_FAILED) {
1178 error_setg_errno(errp, errno,
1179 "unable to map backing store for hugepages");
1185 os_mem_prealloc(fd, area, memory);
1193 error_report("%s", error_get_pretty(*errp));
1200 /* Called with the ramlist lock held. */
1201 static ram_addr_t find_ram_offset(ram_addr_t size)
1203 RAMBlock *block, *next_block;
1204 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1206 assert(size != 0); /* it would hand out same offset multiple times */
1208 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1212 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1213 ram_addr_t end, next = RAM_ADDR_MAX;
1215 end = block->offset + block->max_length;
1217 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1218 if (next_block->offset >= end) {
1219 next = MIN(next, next_block->offset);
1222 if (next - end >= size && next - end < mingap) {
1224 mingap = next - end;
1228 if (offset == RAM_ADDR_MAX) {
1229 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1237 ram_addr_t last_ram_offset(void)
1240 ram_addr_t last = 0;
1243 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1244 last = MAX(last, block->offset + block->max_length);
1250 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1254 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1255 if (!machine_dump_guest_core(current_machine)) {
1256 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1258 perror("qemu_madvise");
1259 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1260 "but dump_guest_core=off specified\n");
1265 /* Called within an RCU critical section, or while the ramlist lock
1268 static RAMBlock *find_ram_block(ram_addr_t addr)
1272 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1273 if (block->offset == addr) {
1281 /* Called with iothread lock held. */
1282 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1284 RAMBlock *new_block, *block;
1287 new_block = find_ram_block(addr);
1289 assert(!new_block->idstr[0]);
1292 char *id = qdev_get_dev_path(dev);
1294 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1298 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1300 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1301 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1302 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1310 /* Called with iothread lock held. */
1311 void qemu_ram_unset_idstr(ram_addr_t addr)
1315 /* FIXME: arch_init.c assumes that this is not called throughout
1316 * migration. Ignore the problem since hot-unplug during migration
1317 * does not work anyway.
1321 block = find_ram_block(addr);
1323 memset(block->idstr, 0, sizeof(block->idstr));
1328 static int memory_try_enable_merging(void *addr, size_t len)
1330 if (!machine_mem_merge(current_machine)) {
1331 /* disabled by the user */
1335 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1338 /* Only legal before guest might have detected the memory size: e.g. on
1339 * incoming migration, or right after reset.
1341 * As memory core doesn't know how is memory accessed, it is up to
1342 * resize callback to update device state and/or add assertions to detect
1343 * misuse, if necessary.
1345 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1347 RAMBlock *block = find_ram_block(base);
1351 newsize = TARGET_PAGE_ALIGN(newsize);
1353 if (block->used_length == newsize) {
1357 if (!(block->flags & RAM_RESIZEABLE)) {
1358 error_setg_errno(errp, EINVAL,
1359 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1360 " in != 0x" RAM_ADDR_FMT, block->idstr,
1361 newsize, block->used_length);
1365 if (block->max_length < newsize) {
1366 error_setg_errno(errp, EINVAL,
1367 "Length too large: %s: 0x" RAM_ADDR_FMT
1368 " > 0x" RAM_ADDR_FMT, block->idstr,
1369 newsize, block->max_length);
1373 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1374 block->used_length = newsize;
1375 cpu_physical_memory_set_dirty_range(block->offset, block->used_length);
1376 memory_region_set_size(block->mr, newsize);
1377 if (block->resized) {
1378 block->resized(block->idstr, newsize, block->host);
1383 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1386 RAMBlock *last_block = NULL;
1387 ram_addr_t old_ram_size, new_ram_size;
1389 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1391 qemu_mutex_lock_ramlist();
1392 new_block->offset = find_ram_offset(new_block->max_length);
1394 if (!new_block->host) {
1395 if (xen_enabled()) {
1396 xen_ram_alloc(new_block->offset, new_block->max_length,
1399 new_block->host = phys_mem_alloc(new_block->max_length,
1400 &new_block->mr->align);
1401 if (!new_block->host) {
1402 error_setg_errno(errp, errno,
1403 "cannot set up guest memory '%s'",
1404 memory_region_name(new_block->mr));
1405 qemu_mutex_unlock_ramlist();
1408 memory_try_enable_merging(new_block->host, new_block->max_length);
1412 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1413 * QLIST (which has an RCU-friendly variant) does not have insertion at
1414 * tail, so save the last element in last_block.
1416 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1418 if (block->max_length < new_block->max_length) {
1423 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1424 } else if (last_block) {
1425 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1426 } else { /* list is empty */
1427 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1429 ram_list.mru_block = NULL;
1431 /* Write list before version */
1434 qemu_mutex_unlock_ramlist();
1436 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1438 if (new_ram_size > old_ram_size) {
1441 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1442 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1443 ram_list.dirty_memory[i] =
1444 bitmap_zero_extend(ram_list.dirty_memory[i],
1445 old_ram_size, new_ram_size);
1448 cpu_physical_memory_set_dirty_range(new_block->offset,
1449 new_block->used_length);
1451 if (new_block->host) {
1452 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1453 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1454 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1455 if (kvm_enabled()) {
1456 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1460 return new_block->offset;
1464 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1465 bool share, const char *mem_path,
1468 RAMBlock *new_block;
1470 Error *local_err = NULL;
1472 if (xen_enabled()) {
1473 error_setg(errp, "-mem-path not supported with Xen");
1477 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1479 * file_ram_alloc() needs to allocate just like
1480 * phys_mem_alloc, but we haven't bothered to provide
1484 "-mem-path not supported with this accelerator");
1488 size = TARGET_PAGE_ALIGN(size);
1489 new_block = g_malloc0(sizeof(*new_block));
1491 new_block->used_length = size;
1492 new_block->max_length = size;
1493 new_block->flags = share ? RAM_SHARED : 0;
1494 new_block->host = file_ram_alloc(new_block, size,
1496 if (!new_block->host) {
1501 addr = ram_block_add(new_block, &local_err);
1504 error_propagate(errp, local_err);
1512 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1513 void (*resized)(const char*,
1516 void *host, bool resizeable,
1517 MemoryRegion *mr, Error **errp)
1519 RAMBlock *new_block;
1521 Error *local_err = NULL;
1523 size = TARGET_PAGE_ALIGN(size);
1524 max_size = TARGET_PAGE_ALIGN(max_size);
1525 new_block = g_malloc0(sizeof(*new_block));
1527 new_block->resized = resized;
1528 new_block->used_length = size;
1529 new_block->max_length = max_size;
1530 assert(max_size >= size);
1532 new_block->host = host;
1534 new_block->flags |= RAM_PREALLOC;
1537 new_block->flags |= RAM_RESIZEABLE;
1539 addr = ram_block_add(new_block, &local_err);
1542 error_propagate(errp, local_err);
1548 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1549 MemoryRegion *mr, Error **errp)
1551 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1554 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1556 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1559 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1560 void (*resized)(const char*,
1563 MemoryRegion *mr, Error **errp)
1565 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1568 void qemu_ram_free_from_ptr(ram_addr_t addr)
1572 qemu_mutex_lock_ramlist();
1573 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1574 if (addr == block->offset) {
1575 QLIST_REMOVE_RCU(block, next);
1576 ram_list.mru_block = NULL;
1577 /* Write list before version */
1580 g_free_rcu(block, rcu);
1584 qemu_mutex_unlock_ramlist();
1587 static void reclaim_ramblock(RAMBlock *block)
1589 if (block->flags & RAM_PREALLOC) {
1591 } else if (xen_enabled()) {
1592 xen_invalidate_map_cache_entry(block->host);
1594 } else if (block->fd >= 0) {
1595 munmap(block->host, block->max_length);
1599 qemu_anon_ram_free(block->host, block->max_length);
1604 void qemu_ram_free(ram_addr_t addr)
1608 qemu_mutex_lock_ramlist();
1609 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1610 if (addr == block->offset) {
1611 QLIST_REMOVE_RCU(block, next);
1612 ram_list.mru_block = NULL;
1613 /* Write list before version */
1616 call_rcu(block, reclaim_ramblock, rcu);
1620 qemu_mutex_unlock_ramlist();
1624 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1631 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1632 offset = addr - block->offset;
1633 if (offset < block->max_length) {
1634 vaddr = ramblock_ptr(block, offset);
1635 if (block->flags & RAM_PREALLOC) {
1637 } else if (xen_enabled()) {
1641 munmap(vaddr, length);
1642 if (block->fd >= 0) {
1643 flags |= (block->flags & RAM_SHARED ?
1644 MAP_SHARED : MAP_PRIVATE);
1645 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1646 flags, block->fd, offset);
1649 * Remap needs to match alloc. Accelerators that
1650 * set phys_mem_alloc never remap. If they did,
1651 * we'd need a remap hook here.
1653 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1655 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1656 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1659 if (area != vaddr) {
1660 fprintf(stderr, "Could not remap addr: "
1661 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1665 memory_try_enable_merging(vaddr, length);
1666 qemu_ram_setup_dump(vaddr, length);
1671 #endif /* !_WIN32 */
1673 int qemu_get_ram_fd(ram_addr_t addr)
1679 block = qemu_get_ram_block(addr);
1685 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1691 block = qemu_get_ram_block(addr);
1692 ptr = ramblock_ptr(block, 0);
1697 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1698 * This should not be used for general purpose DMA. Use address_space_map
1699 * or address_space_rw instead. For local memory (e.g. video ram) that the
1700 * device owns, use memory_region_get_ram_ptr.
1702 * By the time this function returns, the returned pointer is not protected
1703 * by RCU anymore. If the caller is not within an RCU critical section and
1704 * does not hold the iothread lock, it must have other means of protecting the
1705 * pointer, such as a reference to the region that includes the incoming
1708 void *qemu_get_ram_ptr(ram_addr_t addr)
1714 block = qemu_get_ram_block(addr);
1716 if (xen_enabled() && block->host == NULL) {
1717 /* We need to check if the requested address is in the RAM
1718 * because we don't want to map the entire memory in QEMU.
1719 * In that case just map until the end of the page.
1721 if (block->offset == 0) {
1722 ptr = xen_map_cache(addr, 0, 0);
1726 block->host = xen_map_cache(block->offset, block->max_length, 1);
1728 ptr = ramblock_ptr(block, addr - block->offset);
1735 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1736 * but takes a size argument.
1738 * By the time this function returns, the returned pointer is not protected
1739 * by RCU anymore. If the caller is not within an RCU critical section and
1740 * does not hold the iothread lock, it must have other means of protecting the
1741 * pointer, such as a reference to the region that includes the incoming
1744 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1750 if (xen_enabled()) {
1751 return xen_map_cache(addr, *size, 1);
1755 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1756 if (addr - block->offset < block->max_length) {
1757 if (addr - block->offset + *size > block->max_length)
1758 *size = block->max_length - addr + block->offset;
1759 ptr = ramblock_ptr(block, addr - block->offset);
1765 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1770 /* Some of the softmmu routines need to translate from a host pointer
1771 * (typically a TLB entry) back to a ram offset.
1773 * By the time this function returns, the returned pointer is not protected
1774 * by RCU anymore. If the caller is not within an RCU critical section and
1775 * does not hold the iothread lock, it must have other means of protecting the
1776 * pointer, such as a reference to the region that includes the incoming
1779 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1782 uint8_t *host = ptr;
1785 if (xen_enabled()) {
1787 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1788 mr = qemu_get_ram_block(*ram_addr)->mr;
1794 block = atomic_rcu_read(&ram_list.mru_block);
1795 if (block && block->host && host - block->host < block->max_length) {
1799 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1800 /* This case append when the block is not mapped. */
1801 if (block->host == NULL) {
1804 if (host - block->host < block->max_length) {
1813 *ram_addr = block->offset + (host - block->host);
1819 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1820 uint64_t val, unsigned size)
1822 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1823 tb_invalidate_phys_page_fast(ram_addr, size);
1827 stb_p(qemu_get_ram_ptr(ram_addr), val);
1830 stw_p(qemu_get_ram_ptr(ram_addr), val);
1833 stl_p(qemu_get_ram_ptr(ram_addr), val);
1838 cpu_physical_memory_set_dirty_range_nocode(ram_addr, size);
1839 /* we remove the notdirty callback only if the code has been
1841 if (!cpu_physical_memory_is_clean(ram_addr)) {
1842 CPUArchState *env = current_cpu->env_ptr;
1843 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1847 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1848 unsigned size, bool is_write)
1853 static const MemoryRegionOps notdirty_mem_ops = {
1854 .write = notdirty_mem_write,
1855 .valid.accepts = notdirty_mem_accepts,
1856 .endianness = DEVICE_NATIVE_ENDIAN,
1859 /* Generate a debug exception if a watchpoint has been hit. */
1860 static void check_watchpoint(int offset, int len, int flags)
1862 CPUState *cpu = current_cpu;
1863 CPUArchState *env = cpu->env_ptr;
1864 target_ulong pc, cs_base;
1869 if (cpu->watchpoint_hit) {
1870 /* We re-entered the check after replacing the TB. Now raise
1871 * the debug interrupt so that is will trigger after the
1872 * current instruction. */
1873 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1876 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1877 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1878 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1879 && (wp->flags & flags)) {
1880 if (flags == BP_MEM_READ) {
1881 wp->flags |= BP_WATCHPOINT_HIT_READ;
1883 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1885 wp->hitaddr = vaddr;
1886 if (!cpu->watchpoint_hit) {
1887 cpu->watchpoint_hit = wp;
1888 tb_check_watchpoint(cpu);
1889 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1890 cpu->exception_index = EXCP_DEBUG;
1893 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1894 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1895 cpu_resume_from_signal(cpu, NULL);
1899 wp->flags &= ~BP_WATCHPOINT_HIT;
1904 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1905 so these check for a hit then pass through to the normal out-of-line
1907 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1910 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_READ);
1912 case 1: return ldub_phys(&address_space_memory, addr);
1913 case 2: return lduw_phys(&address_space_memory, addr);
1914 case 4: return ldl_phys(&address_space_memory, addr);
1919 static void watch_mem_write(void *opaque, hwaddr addr,
1920 uint64_t val, unsigned size)
1922 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_WRITE);
1925 stb_phys(&address_space_memory, addr, val);
1928 stw_phys(&address_space_memory, addr, val);
1931 stl_phys(&address_space_memory, addr, val);
1937 static const MemoryRegionOps watch_mem_ops = {
1938 .read = watch_mem_read,
1939 .write = watch_mem_write,
1940 .endianness = DEVICE_NATIVE_ENDIAN,
1943 static uint64_t subpage_read(void *opaque, hwaddr addr,
1946 subpage_t *subpage = opaque;
1949 #if defined(DEBUG_SUBPAGE)
1950 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1951 subpage, len, addr);
1953 address_space_read(subpage->as, addr + subpage->base, buf, len);
1968 static void subpage_write(void *opaque, hwaddr addr,
1969 uint64_t value, unsigned len)
1971 subpage_t *subpage = opaque;
1974 #if defined(DEBUG_SUBPAGE)
1975 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1976 " value %"PRIx64"\n",
1977 __func__, subpage, len, addr, value);
1995 address_space_write(subpage->as, addr + subpage->base, buf, len);
1998 static bool subpage_accepts(void *opaque, hwaddr addr,
1999 unsigned len, bool is_write)
2001 subpage_t *subpage = opaque;
2002 #if defined(DEBUG_SUBPAGE)
2003 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2004 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2007 return address_space_access_valid(subpage->as, addr + subpage->base,
2011 static const MemoryRegionOps subpage_ops = {
2012 .read = subpage_read,
2013 .write = subpage_write,
2014 .impl.min_access_size = 1,
2015 .impl.max_access_size = 8,
2016 .valid.min_access_size = 1,
2017 .valid.max_access_size = 8,
2018 .valid.accepts = subpage_accepts,
2019 .endianness = DEVICE_NATIVE_ENDIAN,
2022 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2027 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2029 idx = SUBPAGE_IDX(start);
2030 eidx = SUBPAGE_IDX(end);
2031 #if defined(DEBUG_SUBPAGE)
2032 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2033 __func__, mmio, start, end, idx, eidx, section);
2035 for (; idx <= eidx; idx++) {
2036 mmio->sub_section[idx] = section;
2042 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2046 mmio = g_malloc0(sizeof(subpage_t));
2050 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2051 NULL, TARGET_PAGE_SIZE);
2052 mmio->iomem.subpage = true;
2053 #if defined(DEBUG_SUBPAGE)
2054 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2055 mmio, base, TARGET_PAGE_SIZE);
2057 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2062 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2066 MemoryRegionSection section = {
2067 .address_space = as,
2069 .offset_within_address_space = 0,
2070 .offset_within_region = 0,
2071 .size = int128_2_64(),
2074 return phys_section_add(map, §ion);
2077 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2079 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2080 MemoryRegionSection *sections = d->map.sections;
2082 return sections[index & ~TARGET_PAGE_MASK].mr;
2085 static void io_mem_init(void)
2087 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2088 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2090 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2092 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2096 static void mem_begin(MemoryListener *listener)
2098 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2099 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2102 n = dummy_section(&d->map, as, &io_mem_unassigned);
2103 assert(n == PHYS_SECTION_UNASSIGNED);
2104 n = dummy_section(&d->map, as, &io_mem_notdirty);
2105 assert(n == PHYS_SECTION_NOTDIRTY);
2106 n = dummy_section(&d->map, as, &io_mem_rom);
2107 assert(n == PHYS_SECTION_ROM);
2108 n = dummy_section(&d->map, as, &io_mem_watch);
2109 assert(n == PHYS_SECTION_WATCH);
2111 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2113 as->next_dispatch = d;
2116 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2118 phys_sections_free(&d->map);
2122 static void mem_commit(MemoryListener *listener)
2124 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2125 AddressSpaceDispatch *cur = as->dispatch;
2126 AddressSpaceDispatch *next = as->next_dispatch;
2128 phys_page_compact_all(next, next->map.nodes_nb);
2130 atomic_rcu_set(&as->dispatch, next);
2132 call_rcu(cur, address_space_dispatch_free, rcu);
2136 static void tcg_commit(MemoryListener *listener)
2140 /* since each CPU stores ram addresses in its TLB cache, we must
2141 reset the modified entries */
2144 /* FIXME: Disentangle the cpu.h circular files deps so we can
2145 directly get the right CPU from listener. */
2146 if (cpu->tcg_as_listener != listener) {
2149 cpu_reload_memory_map(cpu);
2153 static void core_log_global_start(MemoryListener *listener)
2155 cpu_physical_memory_set_dirty_tracking(true);
2158 static void core_log_global_stop(MemoryListener *listener)
2160 cpu_physical_memory_set_dirty_tracking(false);
2163 static MemoryListener core_memory_listener = {
2164 .log_global_start = core_log_global_start,
2165 .log_global_stop = core_log_global_stop,
2169 void address_space_init_dispatch(AddressSpace *as)
2171 as->dispatch = NULL;
2172 as->dispatch_listener = (MemoryListener) {
2174 .commit = mem_commit,
2175 .region_add = mem_add,
2176 .region_nop = mem_add,
2179 memory_listener_register(&as->dispatch_listener, as);
2182 void address_space_unregister(AddressSpace *as)
2184 memory_listener_unregister(&as->dispatch_listener);
2187 void address_space_destroy_dispatch(AddressSpace *as)
2189 AddressSpaceDispatch *d = as->dispatch;
2191 atomic_rcu_set(&as->dispatch, NULL);
2193 call_rcu(d, address_space_dispatch_free, rcu);
2197 static void memory_map_init(void)
2199 system_memory = g_malloc(sizeof(*system_memory));
2201 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2202 address_space_init(&address_space_memory, system_memory, "memory");
2204 system_io = g_malloc(sizeof(*system_io));
2205 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2207 address_space_init(&address_space_io, system_io, "I/O");
2209 memory_listener_register(&core_memory_listener, &address_space_memory);
2212 MemoryRegion *get_system_memory(void)
2214 return system_memory;
2217 MemoryRegion *get_system_io(void)
2222 #endif /* !defined(CONFIG_USER_ONLY) */
2224 /* physical memory access (slow version, mainly for debug) */
2225 #if defined(CONFIG_USER_ONLY)
2226 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2227 uint8_t *buf, int len, int is_write)
2234 page = addr & TARGET_PAGE_MASK;
2235 l = (page + TARGET_PAGE_SIZE) - addr;
2238 flags = page_get_flags(page);
2239 if (!(flags & PAGE_VALID))
2242 if (!(flags & PAGE_WRITE))
2244 /* XXX: this code should not depend on lock_user */
2245 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2248 unlock_user(p, addr, l);
2250 if (!(flags & PAGE_READ))
2252 /* XXX: this code should not depend on lock_user */
2253 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2256 unlock_user(p, addr, 0);
2267 static void invalidate_and_set_dirty(hwaddr addr,
2270 if (cpu_physical_memory_range_includes_clean(addr, length)) {
2271 tb_invalidate_phys_range(addr, addr + length, 0);
2272 cpu_physical_memory_set_dirty_range_nocode(addr, length);
2274 xen_modified_memory(addr, length);
2277 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2279 unsigned access_size_max = mr->ops->valid.max_access_size;
2281 /* Regions are assumed to support 1-4 byte accesses unless
2282 otherwise specified. */
2283 if (access_size_max == 0) {
2284 access_size_max = 4;
2287 /* Bound the maximum access by the alignment of the address. */
2288 if (!mr->ops->impl.unaligned) {
2289 unsigned align_size_max = addr & -addr;
2290 if (align_size_max != 0 && align_size_max < access_size_max) {
2291 access_size_max = align_size_max;
2295 /* Don't attempt accesses larger than the maximum. */
2296 if (l > access_size_max) {
2297 l = access_size_max;
2300 l = 1 << (qemu_fls(l) - 1);
2306 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
2307 int len, bool is_write)
2318 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2321 if (!memory_access_is_direct(mr, is_write)) {
2322 l = memory_access_size(mr, l, addr1);
2323 /* XXX: could force current_cpu to NULL to avoid
2327 /* 64 bit write access */
2329 error |= io_mem_write(mr, addr1, val, 8);
2332 /* 32 bit write access */
2334 error |= io_mem_write(mr, addr1, val, 4);
2337 /* 16 bit write access */
2339 error |= io_mem_write(mr, addr1, val, 2);
2342 /* 8 bit write access */
2344 error |= io_mem_write(mr, addr1, val, 1);
2350 addr1 += memory_region_get_ram_addr(mr);
2352 ptr = qemu_get_ram_ptr(addr1);
2353 memcpy(ptr, buf, l);
2354 invalidate_and_set_dirty(addr1, l);
2357 if (!memory_access_is_direct(mr, is_write)) {
2359 l = memory_access_size(mr, l, addr1);
2362 /* 64 bit read access */
2363 error |= io_mem_read(mr, addr1, &val, 8);
2367 /* 32 bit read access */
2368 error |= io_mem_read(mr, addr1, &val, 4);
2372 /* 16 bit read access */
2373 error |= io_mem_read(mr, addr1, &val, 2);
2377 /* 8 bit read access */
2378 error |= io_mem_read(mr, addr1, &val, 1);
2386 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2387 memcpy(buf, ptr, l);
2398 bool address_space_write(AddressSpace *as, hwaddr addr,
2399 const uint8_t *buf, int len)
2401 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2404 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2406 return address_space_rw(as, addr, buf, len, false);
2410 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2411 int len, int is_write)
2413 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2416 enum write_rom_type {
2421 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2422 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2431 mr = address_space_translate(as, addr, &addr1, &l, true);
2433 if (!(memory_region_is_ram(mr) ||
2434 memory_region_is_romd(mr))) {
2437 addr1 += memory_region_get_ram_addr(mr);
2439 ptr = qemu_get_ram_ptr(addr1);
2442 memcpy(ptr, buf, l);
2443 invalidate_and_set_dirty(addr1, l);
2446 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2456 /* used for ROM loading : can write in RAM and ROM */
2457 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2458 const uint8_t *buf, int len)
2460 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2463 void cpu_flush_icache_range(hwaddr start, int len)
2466 * This function should do the same thing as an icache flush that was
2467 * triggered from within the guest. For TCG we are always cache coherent,
2468 * so there is no need to flush anything. For KVM / Xen we need to flush
2469 * the host's instruction cache at least.
2471 if (tcg_enabled()) {
2475 cpu_physical_memory_write_rom_internal(&address_space_memory,
2476 start, NULL, len, FLUSH_CACHE);
2486 static BounceBuffer bounce;
2488 typedef struct MapClient {
2490 void (*callback)(void *opaque);
2491 QLIST_ENTRY(MapClient) link;
2494 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2495 = QLIST_HEAD_INITIALIZER(map_client_list);
2497 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2499 MapClient *client = g_malloc(sizeof(*client));
2501 client->opaque = opaque;
2502 client->callback = callback;
2503 QLIST_INSERT_HEAD(&map_client_list, client, link);
2507 static void cpu_unregister_map_client(void *_client)
2509 MapClient *client = (MapClient *)_client;
2511 QLIST_REMOVE(client, link);
2515 static void cpu_notify_map_clients(void)
2519 while (!QLIST_EMPTY(&map_client_list)) {
2520 client = QLIST_FIRST(&map_client_list);
2521 client->callback(client->opaque);
2522 cpu_unregister_map_client(client);
2526 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2533 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2534 if (!memory_access_is_direct(mr, is_write)) {
2535 l = memory_access_size(mr, l, addr);
2536 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2547 /* Map a physical memory region into a host virtual address.
2548 * May map a subset of the requested range, given by and returned in *plen.
2549 * May return NULL if resources needed to perform the mapping are exhausted.
2550 * Use only for reads OR writes - not for read-modify-write operations.
2551 * Use cpu_register_map_client() to know when retrying the map operation is
2552 * likely to succeed.
2554 void *address_space_map(AddressSpace *as,
2561 hwaddr l, xlat, base;
2562 MemoryRegion *mr, *this_mr;
2570 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2571 if (!memory_access_is_direct(mr, is_write)) {
2572 if (bounce.buffer) {
2575 /* Avoid unbounded allocations */
2576 l = MIN(l, TARGET_PAGE_SIZE);
2577 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2581 memory_region_ref(mr);
2584 address_space_read(as, addr, bounce.buffer, l);
2588 return bounce.buffer;
2592 raddr = memory_region_get_ram_addr(mr);
2603 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2604 if (this_mr != mr || xlat != base + done) {
2609 memory_region_ref(mr);
2611 return qemu_ram_ptr_length(raddr + base, plen);
2614 /* Unmaps a memory region previously mapped by address_space_map().
2615 * Will also mark the memory as dirty if is_write == 1. access_len gives
2616 * the amount of memory that was actually read or written by the caller.
2618 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2619 int is_write, hwaddr access_len)
2621 if (buffer != bounce.buffer) {
2625 mr = qemu_ram_addr_from_host(buffer, &addr1);
2628 invalidate_and_set_dirty(addr1, access_len);
2630 if (xen_enabled()) {
2631 xen_invalidate_map_cache_entry(buffer);
2633 memory_region_unref(mr);
2637 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2639 qemu_vfree(bounce.buffer);
2640 bounce.buffer = NULL;
2641 memory_region_unref(bounce.mr);
2642 cpu_notify_map_clients();
2645 void *cpu_physical_memory_map(hwaddr addr,
2649 return address_space_map(&address_space_memory, addr, plen, is_write);
2652 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2653 int is_write, hwaddr access_len)
2655 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2658 /* warning: addr must be aligned */
2659 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2660 enum device_endian endian)
2668 mr = address_space_translate(as, addr, &addr1, &l, false);
2669 if (l < 4 || !memory_access_is_direct(mr, false)) {
2671 io_mem_read(mr, addr1, &val, 4);
2672 #if defined(TARGET_WORDS_BIGENDIAN)
2673 if (endian == DEVICE_LITTLE_ENDIAN) {
2677 if (endian == DEVICE_BIG_ENDIAN) {
2683 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2687 case DEVICE_LITTLE_ENDIAN:
2688 val = ldl_le_p(ptr);
2690 case DEVICE_BIG_ENDIAN:
2691 val = ldl_be_p(ptr);
2701 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2703 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2706 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2708 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2711 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2713 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2716 /* warning: addr must be aligned */
2717 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2718 enum device_endian endian)
2726 mr = address_space_translate(as, addr, &addr1, &l,
2728 if (l < 8 || !memory_access_is_direct(mr, false)) {
2730 io_mem_read(mr, addr1, &val, 8);
2731 #if defined(TARGET_WORDS_BIGENDIAN)
2732 if (endian == DEVICE_LITTLE_ENDIAN) {
2736 if (endian == DEVICE_BIG_ENDIAN) {
2742 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2746 case DEVICE_LITTLE_ENDIAN:
2747 val = ldq_le_p(ptr);
2749 case DEVICE_BIG_ENDIAN:
2750 val = ldq_be_p(ptr);
2760 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2762 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2765 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2767 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2770 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2772 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2776 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2779 address_space_rw(as, addr, &val, 1, 0);
2783 /* warning: addr must be aligned */
2784 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2785 enum device_endian endian)
2793 mr = address_space_translate(as, addr, &addr1, &l,
2795 if (l < 2 || !memory_access_is_direct(mr, false)) {
2797 io_mem_read(mr, addr1, &val, 2);
2798 #if defined(TARGET_WORDS_BIGENDIAN)
2799 if (endian == DEVICE_LITTLE_ENDIAN) {
2803 if (endian == DEVICE_BIG_ENDIAN) {
2809 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2813 case DEVICE_LITTLE_ENDIAN:
2814 val = lduw_le_p(ptr);
2816 case DEVICE_BIG_ENDIAN:
2817 val = lduw_be_p(ptr);
2827 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2829 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2832 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2834 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2837 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2839 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2842 /* warning: addr must be aligned. The ram page is not masked as dirty
2843 and the code inside is not invalidated. It is useful if the dirty
2844 bits are used to track modified PTEs */
2845 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2852 mr = address_space_translate(as, addr, &addr1, &l,
2854 if (l < 4 || !memory_access_is_direct(mr, true)) {
2855 io_mem_write(mr, addr1, val, 4);
2857 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2858 ptr = qemu_get_ram_ptr(addr1);
2861 if (unlikely(in_migration)) {
2862 if (cpu_physical_memory_is_clean(addr1)) {
2863 /* invalidate code */
2864 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2866 cpu_physical_memory_set_dirty_range_nocode(addr1, 4);
2872 /* warning: addr must be aligned */
2873 static inline void stl_phys_internal(AddressSpace *as,
2874 hwaddr addr, uint32_t val,
2875 enum device_endian endian)
2882 mr = address_space_translate(as, addr, &addr1, &l,
2884 if (l < 4 || !memory_access_is_direct(mr, true)) {
2885 #if defined(TARGET_WORDS_BIGENDIAN)
2886 if (endian == DEVICE_LITTLE_ENDIAN) {
2890 if (endian == DEVICE_BIG_ENDIAN) {
2894 io_mem_write(mr, addr1, val, 4);
2897 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2898 ptr = qemu_get_ram_ptr(addr1);
2900 case DEVICE_LITTLE_ENDIAN:
2903 case DEVICE_BIG_ENDIAN:
2910 invalidate_and_set_dirty(addr1, 4);
2914 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2916 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2919 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2921 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2924 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2926 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2930 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2933 address_space_rw(as, addr, &v, 1, 1);
2936 /* warning: addr must be aligned */
2937 static inline void stw_phys_internal(AddressSpace *as,
2938 hwaddr addr, uint32_t val,
2939 enum device_endian endian)
2946 mr = address_space_translate(as, addr, &addr1, &l, true);
2947 if (l < 2 || !memory_access_is_direct(mr, true)) {
2948 #if defined(TARGET_WORDS_BIGENDIAN)
2949 if (endian == DEVICE_LITTLE_ENDIAN) {
2953 if (endian == DEVICE_BIG_ENDIAN) {
2957 io_mem_write(mr, addr1, val, 2);
2960 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2961 ptr = qemu_get_ram_ptr(addr1);
2963 case DEVICE_LITTLE_ENDIAN:
2966 case DEVICE_BIG_ENDIAN:
2973 invalidate_and_set_dirty(addr1, 2);
2977 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2979 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2982 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2984 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2987 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2989 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2993 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2996 address_space_rw(as, addr, (void *) &val, 8, 1);
2999 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3001 val = cpu_to_le64(val);
3002 address_space_rw(as, addr, (void *) &val, 8, 1);
3005 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3007 val = cpu_to_be64(val);
3008 address_space_rw(as, addr, (void *) &val, 8, 1);
3011 /* virtual memory access for debug (includes writing to ROM) */
3012 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3013 uint8_t *buf, int len, int is_write)
3020 page = addr & TARGET_PAGE_MASK;
3021 phys_addr = cpu_get_phys_page_debug(cpu, page);
3022 /* if no physical page mapped, return an error */
3023 if (phys_addr == -1)
3025 l = (page + TARGET_PAGE_SIZE) - addr;
3028 phys_addr += (addr & ~TARGET_PAGE_MASK);
3030 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3032 address_space_rw(cpu->as, phys_addr, buf, l, 0);
3043 * A helper function for the _utterly broken_ virtio device model to find out if
3044 * it's running on a big endian machine. Don't do this at home kids!
3046 bool target_words_bigendian(void);
3047 bool target_words_bigendian(void)
3049 #if defined(TARGET_WORDS_BIGENDIAN)
3056 #ifndef CONFIG_USER_ONLY
3057 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3062 mr = address_space_translate(&address_space_memory,
3063 phys_addr, &phys_addr, &l, false);
3065 return !(memory_region_is_ram(mr) ||
3066 memory_region_is_romd(mr));
3069 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3074 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3075 func(block->host, block->offset, block->used_length, opaque);
projects / qemu.git / blob