4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 //#define DEBUG_SUBPAGE
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
86 #define RAM_RESIZEABLE (1 << 2)
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
99 #if !defined(CONFIG_USER_ONLY)
101 typedef struct PhysPageEntry PhysPageEntry;
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
116 #define P_L2_SIZE (1 << P_L2_BITS)
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
120 typedef PhysPageEntry Node[P_L2_SIZE];
122 typedef struct PhysPageMap {
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
128 unsigned nodes_nb_alloc;
130 MemoryRegionSection *sections;
133 struct AddressSpaceDispatch {
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
139 PhysPageEntry phys_map;
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
149 uint16_t sub_section[TARGET_PAGE_SIZE];
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
161 static MemoryRegion io_mem_watch;
164 #if !defined(CONFIG_USER_ONLY)
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
182 ret = map->nodes_nb++;
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
236 unsigned valid_ptr = P_L2_SIZE;
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
254 phys_page_compact(&p[i], nodes, compacted);
258 /* We can only compress if there's only one child. */
263 assert(valid_ptr < P_L2_SIZE);
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
280 lp->skip += p[valid_ptr].skip;
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
286 DECLARE_BITMAP(compacted, nodes_nb);
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
297 hwaddr index = addr >> TARGET_PAGE_BITS;
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return §ions[PHYS_SECTION_UNASSIGNED];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return §ions[lp.ptr];
313 return §ions[PHYS_SECTION_UNASSIGNED];
317 bool memory_region_is_unassigned(MemoryRegion *mr)
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
326 bool resolve_subpage)
328 MemoryRegionSection *section;
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
344 MemoryRegionSection *section;
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
380 if (memory_region_is_romd(mr)) {
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
393 MemoryRegionSection *section;
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
401 if (!mr->iommu_ops) {
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
414 as = iotlb.target_as;
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
435 assert(!section->mr->iommu_ops);
440 #if !defined(CONFIG_USER_ONLY)
442 static int cpu_common_post_load(void *opaque, int version_id)
444 CPUState *cpu = opaque;
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
454 static int cpu_common_pre_load(void *opaque)
456 CPUState *cpu = opaque;
458 cpu->exception_index = -1;
463 static bool cpu_common_exception_index_needed(void *opaque)
465 CPUState *cpu = opaque;
467 return tcg_enabled() && cpu->exception_index != -1;
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
481 const VMStateDescription vmstate_cpu_common = {
482 .name = "cpu_common",
484 .minimum_version_id = 1,
485 .pre_load = cpu_common_pre_load,
486 .post_load = cpu_common_post_load,
487 .fields = (VMStateField[]) {
488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
490 VMSTATE_END_OF_LIST()
492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
500 CPUState *qemu_get_cpu(int index)
505 if (cpu->cpu_index == index) {
513 #if !defined(CONFIG_USER_ONLY)
514 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
529 void cpu_exec_init(CPUArchState *env)
531 CPUState *cpu = ENV_GET_CPU(env);
532 CPUClass *cc = CPU_GET_CLASS(cpu);
536 #if defined(CONFIG_USER_ONLY)
540 CPU_FOREACH(some_cpu) {
543 cpu->cpu_index = cpu_index;
545 QTAILQ_INIT(&cpu->breakpoints);
546 QTAILQ_INIT(&cpu->watchpoints);
547 #ifndef CONFIG_USER_ONLY
548 cpu->as = &address_space_memory;
549 cpu->thread_id = qemu_get_thread_id();
550 cpu_reload_memory_map(cpu);
552 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
553 #if defined(CONFIG_USER_ONLY)
556 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
557 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
559 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
560 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
561 cpu_save, cpu_load, env);
562 assert(cc->vmsd == NULL);
563 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
565 if (cc->vmsd != NULL) {
566 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
570 #if defined(CONFIG_USER_ONLY)
571 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
573 tb_invalidate_phys_page_range(pc, pc + 1, 0);
576 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
578 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
580 tb_invalidate_phys_addr(cpu->as,
581 phys | (pc & ~TARGET_PAGE_MASK));
586 #if defined(CONFIG_USER_ONLY)
587 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
592 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
598 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
602 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
603 int flags, CPUWatchpoint **watchpoint)
608 /* Add a watchpoint. */
609 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
610 int flags, CPUWatchpoint **watchpoint)
614 /* forbid ranges which are empty or run off the end of the address space */
615 if (len == 0 || (addr + len - 1) < addr) {
616 error_report("tried to set invalid watchpoint at %"
617 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
620 wp = g_malloc(sizeof(*wp));
626 /* keep all GDB-injected watchpoints in front */
627 if (flags & BP_GDB) {
628 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
630 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
633 tlb_flush_page(cpu, addr);
640 /* Remove a specific watchpoint. */
641 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
646 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
647 if (addr == wp->vaddr && len == wp->len
648 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
649 cpu_watchpoint_remove_by_ref(cpu, wp);
656 /* Remove a specific watchpoint by reference. */
657 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
659 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
661 tlb_flush_page(cpu, watchpoint->vaddr);
666 /* Remove all matching watchpoints. */
667 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
669 CPUWatchpoint *wp, *next;
671 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
672 if (wp->flags & mask) {
673 cpu_watchpoint_remove_by_ref(cpu, wp);
678 /* Return true if this watchpoint address matches the specified
679 * access (ie the address range covered by the watchpoint overlaps
680 * partially or completely with the address range covered by the
683 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
687 /* We know the lengths are non-zero, but a little caution is
688 * required to avoid errors in the case where the range ends
689 * exactly at the top of the address space and so addr + len
690 * wraps round to zero.
692 vaddr wpend = wp->vaddr + wp->len - 1;
693 vaddr addrend = addr + len - 1;
695 return !(addr > wpend || wp->vaddr > addrend);
700 /* Add a breakpoint. */
701 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
702 CPUBreakpoint **breakpoint)
706 bp = g_malloc(sizeof(*bp));
711 /* keep all GDB-injected breakpoints in front */
712 if (flags & BP_GDB) {
713 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
715 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
718 breakpoint_invalidate(cpu, pc);
726 /* Remove a specific breakpoint. */
727 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
731 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
732 if (bp->pc == pc && bp->flags == flags) {
733 cpu_breakpoint_remove_by_ref(cpu, bp);
740 /* Remove a specific breakpoint by reference. */
741 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
743 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
745 breakpoint_invalidate(cpu, breakpoint->pc);
750 /* Remove all matching breakpoints. */
751 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
753 CPUBreakpoint *bp, *next;
755 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
756 if (bp->flags & mask) {
757 cpu_breakpoint_remove_by_ref(cpu, bp);
762 /* enable or disable single step mode. EXCP_DEBUG is returned by the
763 CPU loop after each instruction */
764 void cpu_single_step(CPUState *cpu, int enabled)
766 if (cpu->singlestep_enabled != enabled) {
767 cpu->singlestep_enabled = enabled;
769 kvm_update_guest_debug(cpu, 0);
771 /* must flush all the translated code to avoid inconsistencies */
772 /* XXX: only flush what is necessary */
773 CPUArchState *env = cpu->env_ptr;
779 void cpu_abort(CPUState *cpu, const char *fmt, ...)
786 fprintf(stderr, "qemu: fatal: ");
787 vfprintf(stderr, fmt, ap);
788 fprintf(stderr, "\n");
789 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
790 if (qemu_log_enabled()) {
791 qemu_log("qemu: fatal: ");
792 qemu_log_vprintf(fmt, ap2);
794 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
800 #if defined(CONFIG_USER_ONLY)
802 struct sigaction act;
803 sigfillset(&act.sa_mask);
804 act.sa_handler = SIG_DFL;
805 sigaction(SIGABRT, &act, NULL);
811 #if !defined(CONFIG_USER_ONLY)
812 /* Called from RCU critical section */
813 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
817 block = atomic_rcu_read(&ram_list.mru_block);
818 if (block && addr - block->offset < block->max_length) {
821 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
822 if (addr - block->offset < block->max_length) {
827 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
831 /* It is safe to write mru_block outside the iothread lock. This
836 * xxx removed from list
840 * call_rcu(reclaim_ramblock, xxx);
843 * atomic_rcu_set is not needed here. The block was already published
844 * when it was placed into the list. Here we're just making an extra
845 * copy of the pointer.
847 ram_list.mru_block = block;
851 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
857 end = TARGET_PAGE_ALIGN(start + length);
858 start &= TARGET_PAGE_MASK;
861 block = qemu_get_ram_block(start);
862 assert(block == qemu_get_ram_block(end - 1));
863 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
864 cpu_tlb_reset_dirty_all(start1, length);
868 /* Note: start and end must be within the same ram block. */
869 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
873 unsigned long end, page;
880 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
881 page = start >> TARGET_PAGE_BITS;
882 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
885 if (dirty && tcg_enabled()) {
886 tlb_reset_dirty_range_all(start, length);
892 /* Called from RCU critical section */
893 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
894 MemoryRegionSection *section,
896 hwaddr paddr, hwaddr xlat,
898 target_ulong *address)
903 if (memory_region_is_ram(section->mr)) {
905 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
907 if (!section->readonly) {
908 iotlb |= PHYS_SECTION_NOTDIRTY;
910 iotlb |= PHYS_SECTION_ROM;
913 iotlb = section - section->address_space->dispatch->map.sections;
917 /* Make accesses to pages with watchpoints go via the
918 watchpoint trap routines. */
919 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
920 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
921 /* Avoid trapping reads of pages with a write breakpoint. */
922 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
923 iotlb = PHYS_SECTION_WATCH + paddr;
924 *address |= TLB_MMIO;
932 #endif /* defined(CONFIG_USER_ONLY) */
934 #if !defined(CONFIG_USER_ONLY)
936 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
938 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
940 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
944 * Set a custom physical guest memory alloator.
945 * Accelerators with unusual needs may need this. Hopefully, we can
946 * get rid of it eventually.
948 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
950 phys_mem_alloc = alloc;
953 static uint16_t phys_section_add(PhysPageMap *map,
954 MemoryRegionSection *section)
956 /* The physical section number is ORed with a page-aligned
957 * pointer to produce the iotlb entries. Thus it should
958 * never overflow into the page-aligned value.
960 assert(map->sections_nb < TARGET_PAGE_SIZE);
962 if (map->sections_nb == map->sections_nb_alloc) {
963 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
964 map->sections = g_renew(MemoryRegionSection, map->sections,
965 map->sections_nb_alloc);
967 map->sections[map->sections_nb] = *section;
968 memory_region_ref(section->mr);
969 return map->sections_nb++;
972 static void phys_section_destroy(MemoryRegion *mr)
974 memory_region_unref(mr);
977 subpage_t *subpage = container_of(mr, subpage_t, iomem);
978 object_unref(OBJECT(&subpage->iomem));
983 static void phys_sections_free(PhysPageMap *map)
985 while (map->sections_nb > 0) {
986 MemoryRegionSection *section = &map->sections[--map->sections_nb];
987 phys_section_destroy(section->mr);
989 g_free(map->sections);
993 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
996 hwaddr base = section->offset_within_address_space
998 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
999 d->map.nodes, d->map.sections);
1000 MemoryRegionSection subsection = {
1001 .offset_within_address_space = base,
1002 .size = int128_make64(TARGET_PAGE_SIZE),
1006 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1008 if (!(existing->mr->subpage)) {
1009 subpage = subpage_init(d->as, base);
1010 subsection.address_space = d->as;
1011 subsection.mr = &subpage->iomem;
1012 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1013 phys_section_add(&d->map, &subsection));
1015 subpage = container_of(existing->mr, subpage_t, iomem);
1017 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1018 end = start + int128_get64(section->size) - 1;
1019 subpage_register(subpage, start, end,
1020 phys_section_add(&d->map, section));
1024 static void register_multipage(AddressSpaceDispatch *d,
1025 MemoryRegionSection *section)
1027 hwaddr start_addr = section->offset_within_address_space;
1028 uint16_t section_index = phys_section_add(&d->map, section);
1029 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1033 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1036 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1038 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1039 AddressSpaceDispatch *d = as->next_dispatch;
1040 MemoryRegionSection now = *section, remain = *section;
1041 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1043 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1044 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1045 - now.offset_within_address_space;
1047 now.size = int128_min(int128_make64(left), now.size);
1048 register_subpage(d, &now);
1050 now.size = int128_zero();
1052 while (int128_ne(remain.size, now.size)) {
1053 remain.size = int128_sub(remain.size, now.size);
1054 remain.offset_within_address_space += int128_get64(now.size);
1055 remain.offset_within_region += int128_get64(now.size);
1057 if (int128_lt(remain.size, page_size)) {
1058 register_subpage(d, &now);
1059 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1060 now.size = page_size;
1061 register_subpage(d, &now);
1063 now.size = int128_and(now.size, int128_neg(page_size));
1064 register_multipage(d, &now);
1069 void qemu_flush_coalesced_mmio_buffer(void)
1072 kvm_flush_coalesced_mmio_buffer();
1075 void qemu_mutex_lock_ramlist(void)
1077 qemu_mutex_lock(&ram_list.mutex);
1080 void qemu_mutex_unlock_ramlist(void)
1082 qemu_mutex_unlock(&ram_list.mutex);
1087 #include <sys/vfs.h>
1089 #define HUGETLBFS_MAGIC 0x958458f6
1091 static long gethugepagesize(const char *path, Error **errp)
1097 ret = statfs(path, &fs);
1098 } while (ret != 0 && errno == EINTR);
1101 error_setg_errno(errp, errno, "failed to get page size of file %s",
1106 if (fs.f_type != HUGETLBFS_MAGIC)
1107 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1112 static void *file_ram_alloc(RAMBlock *block,
1118 char *sanitized_name;
1123 Error *local_err = NULL;
1125 hpagesize = gethugepagesize(path, &local_err);
1127 error_propagate(errp, local_err);
1130 block->mr->align = hpagesize;
1132 if (memory < hpagesize) {
1133 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1134 "or larger than huge page size 0x%" PRIx64,
1139 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1141 "host lacks kvm mmu notifiers, -mem-path unsupported");
1145 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1146 sanitized_name = g_strdup(memory_region_name(block->mr));
1147 for (c = sanitized_name; *c != '\0'; c++) {
1152 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1154 g_free(sanitized_name);
1156 fd = mkstemp(filename);
1158 error_setg_errno(errp, errno,
1159 "unable to create backing store for hugepages");
1166 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1169 * ftruncate is not supported by hugetlbfs in older
1170 * hosts, so don't bother bailing out on errors.
1171 * If anything goes wrong with it under other filesystems,
1174 if (ftruncate(fd, memory)) {
1175 perror("ftruncate");
1178 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1179 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1181 if (area == MAP_FAILED) {
1182 error_setg_errno(errp, errno,
1183 "unable to map backing store for hugepages");
1189 os_mem_prealloc(fd, area, memory);
1197 error_report("%s", error_get_pretty(*errp));
1204 /* Called with the ramlist lock held. */
1205 static ram_addr_t find_ram_offset(ram_addr_t size)
1207 RAMBlock *block, *next_block;
1208 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1210 assert(size != 0); /* it would hand out same offset multiple times */
1212 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1216 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1217 ram_addr_t end, next = RAM_ADDR_MAX;
1219 end = block->offset + block->max_length;
1221 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1222 if (next_block->offset >= end) {
1223 next = MIN(next, next_block->offset);
1226 if (next - end >= size && next - end < mingap) {
1228 mingap = next - end;
1232 if (offset == RAM_ADDR_MAX) {
1233 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1241 ram_addr_t last_ram_offset(void)
1244 ram_addr_t last = 0;
1247 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1248 last = MAX(last, block->offset + block->max_length);
1254 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1258 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1259 if (!machine_dump_guest_core(current_machine)) {
1260 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1262 perror("qemu_madvise");
1263 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1264 "but dump_guest_core=off specified\n");
1269 /* Called within an RCU critical section, or while the ramlist lock
1272 static RAMBlock *find_ram_block(ram_addr_t addr)
1276 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1277 if (block->offset == addr) {
1285 /* Called with iothread lock held. */
1286 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1288 RAMBlock *new_block, *block;
1291 new_block = find_ram_block(addr);
1293 assert(!new_block->idstr[0]);
1296 char *id = qdev_get_dev_path(dev);
1298 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1302 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1304 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1305 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1306 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1314 /* Called with iothread lock held. */
1315 void qemu_ram_unset_idstr(ram_addr_t addr)
1319 /* FIXME: arch_init.c assumes that this is not called throughout
1320 * migration. Ignore the problem since hot-unplug during migration
1321 * does not work anyway.
1325 block = find_ram_block(addr);
1327 memset(block->idstr, 0, sizeof(block->idstr));
1332 static int memory_try_enable_merging(void *addr, size_t len)
1334 if (!machine_mem_merge(current_machine)) {
1335 /* disabled by the user */
1339 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1342 /* Only legal before guest might have detected the memory size: e.g. on
1343 * incoming migration, or right after reset.
1345 * As memory core doesn't know how is memory accessed, it is up to
1346 * resize callback to update device state and/or add assertions to detect
1347 * misuse, if necessary.
1349 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1351 RAMBlock *block = find_ram_block(base);
1355 newsize = TARGET_PAGE_ALIGN(newsize);
1357 if (block->used_length == newsize) {
1361 if (!(block->flags & RAM_RESIZEABLE)) {
1362 error_setg_errno(errp, EINVAL,
1363 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1364 " in != 0x" RAM_ADDR_FMT, block->idstr,
1365 newsize, block->used_length);
1369 if (block->max_length < newsize) {
1370 error_setg_errno(errp, EINVAL,
1371 "Length too large: %s: 0x" RAM_ADDR_FMT
1372 " > 0x" RAM_ADDR_FMT, block->idstr,
1373 newsize, block->max_length);
1377 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1378 block->used_length = newsize;
1379 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1381 memory_region_set_size(block->mr, newsize);
1382 if (block->resized) {
1383 block->resized(block->idstr, newsize, block->host);
1388 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1391 RAMBlock *last_block = NULL;
1392 ram_addr_t old_ram_size, new_ram_size;
1394 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1396 qemu_mutex_lock_ramlist();
1397 new_block->offset = find_ram_offset(new_block->max_length);
1399 if (!new_block->host) {
1400 if (xen_enabled()) {
1401 xen_ram_alloc(new_block->offset, new_block->max_length,
1404 new_block->host = phys_mem_alloc(new_block->max_length,
1405 &new_block->mr->align);
1406 if (!new_block->host) {
1407 error_setg_errno(errp, errno,
1408 "cannot set up guest memory '%s'",
1409 memory_region_name(new_block->mr));
1410 qemu_mutex_unlock_ramlist();
1413 memory_try_enable_merging(new_block->host, new_block->max_length);
1417 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1418 * QLIST (which has an RCU-friendly variant) does not have insertion at
1419 * tail, so save the last element in last_block.
1421 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1423 if (block->max_length < new_block->max_length) {
1428 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1429 } else if (last_block) {
1430 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1431 } else { /* list is empty */
1432 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1434 ram_list.mru_block = NULL;
1436 /* Write list before version */
1439 qemu_mutex_unlock_ramlist();
1441 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1443 if (new_ram_size > old_ram_size) {
1446 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1447 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1448 ram_list.dirty_memory[i] =
1449 bitmap_zero_extend(ram_list.dirty_memory[i],
1450 old_ram_size, new_ram_size);
1453 cpu_physical_memory_set_dirty_range(new_block->offset,
1454 new_block->used_length,
1457 if (new_block->host) {
1458 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1459 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1460 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1461 if (kvm_enabled()) {
1462 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1466 return new_block->offset;
1470 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1471 bool share, const char *mem_path,
1474 RAMBlock *new_block;
1476 Error *local_err = NULL;
1478 if (xen_enabled()) {
1479 error_setg(errp, "-mem-path not supported with Xen");
1483 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1485 * file_ram_alloc() needs to allocate just like
1486 * phys_mem_alloc, but we haven't bothered to provide
1490 "-mem-path not supported with this accelerator");
1494 size = TARGET_PAGE_ALIGN(size);
1495 new_block = g_malloc0(sizeof(*new_block));
1497 new_block->used_length = size;
1498 new_block->max_length = size;
1499 new_block->flags = share ? RAM_SHARED : 0;
1500 new_block->host = file_ram_alloc(new_block, size,
1502 if (!new_block->host) {
1507 addr = ram_block_add(new_block, &local_err);
1510 error_propagate(errp, local_err);
1518 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1519 void (*resized)(const char*,
1522 void *host, bool resizeable,
1523 MemoryRegion *mr, Error **errp)
1525 RAMBlock *new_block;
1527 Error *local_err = NULL;
1529 size = TARGET_PAGE_ALIGN(size);
1530 max_size = TARGET_PAGE_ALIGN(max_size);
1531 new_block = g_malloc0(sizeof(*new_block));
1533 new_block->resized = resized;
1534 new_block->used_length = size;
1535 new_block->max_length = max_size;
1536 assert(max_size >= size);
1538 new_block->host = host;
1540 new_block->flags |= RAM_PREALLOC;
1543 new_block->flags |= RAM_RESIZEABLE;
1545 addr = ram_block_add(new_block, &local_err);
1548 error_propagate(errp, local_err);
1554 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1555 MemoryRegion *mr, Error **errp)
1557 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1560 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1562 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1565 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1566 void (*resized)(const char*,
1569 MemoryRegion *mr, Error **errp)
1571 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1574 void qemu_ram_free_from_ptr(ram_addr_t addr)
1578 qemu_mutex_lock_ramlist();
1579 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1580 if (addr == block->offset) {
1581 QLIST_REMOVE_RCU(block, next);
1582 ram_list.mru_block = NULL;
1583 /* Write list before version */
1586 g_free_rcu(block, rcu);
1590 qemu_mutex_unlock_ramlist();
1593 static void reclaim_ramblock(RAMBlock *block)
1595 if (block->flags & RAM_PREALLOC) {
1597 } else if (xen_enabled()) {
1598 xen_invalidate_map_cache_entry(block->host);
1600 } else if (block->fd >= 0) {
1601 munmap(block->host, block->max_length);
1605 qemu_anon_ram_free(block->host, block->max_length);
1610 void qemu_ram_free(ram_addr_t addr)
1614 qemu_mutex_lock_ramlist();
1615 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1616 if (addr == block->offset) {
1617 QLIST_REMOVE_RCU(block, next);
1618 ram_list.mru_block = NULL;
1619 /* Write list before version */
1622 call_rcu(block, reclaim_ramblock, rcu);
1626 qemu_mutex_unlock_ramlist();
1630 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1637 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1638 offset = addr - block->offset;
1639 if (offset < block->max_length) {
1640 vaddr = ramblock_ptr(block, offset);
1641 if (block->flags & RAM_PREALLOC) {
1643 } else if (xen_enabled()) {
1647 if (block->fd >= 0) {
1648 flags |= (block->flags & RAM_SHARED ?
1649 MAP_SHARED : MAP_PRIVATE);
1650 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1651 flags, block->fd, offset);
1654 * Remap needs to match alloc. Accelerators that
1655 * set phys_mem_alloc never remap. If they did,
1656 * we'd need a remap hook here.
1658 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1660 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1661 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1664 if (area != vaddr) {
1665 fprintf(stderr, "Could not remap addr: "
1666 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1670 memory_try_enable_merging(vaddr, length);
1671 qemu_ram_setup_dump(vaddr, length);
1676 #endif /* !_WIN32 */
1678 int qemu_get_ram_fd(ram_addr_t addr)
1684 block = qemu_get_ram_block(addr);
1690 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1696 block = qemu_get_ram_block(addr);
1697 ptr = ramblock_ptr(block, 0);
1702 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1703 * This should not be used for general purpose DMA. Use address_space_map
1704 * or address_space_rw instead. For local memory (e.g. video ram) that the
1705 * device owns, use memory_region_get_ram_ptr.
1707 * By the time this function returns, the returned pointer is not protected
1708 * by RCU anymore. If the caller is not within an RCU critical section and
1709 * does not hold the iothread lock, it must have other means of protecting the
1710 * pointer, such as a reference to the region that includes the incoming
1713 void *qemu_get_ram_ptr(ram_addr_t addr)
1719 block = qemu_get_ram_block(addr);
1721 if (xen_enabled() && block->host == NULL) {
1722 /* We need to check if the requested address is in the RAM
1723 * because we don't want to map the entire memory in QEMU.
1724 * In that case just map until the end of the page.
1726 if (block->offset == 0) {
1727 ptr = xen_map_cache(addr, 0, 0);
1731 block->host = xen_map_cache(block->offset, block->max_length, 1);
1733 ptr = ramblock_ptr(block, addr - block->offset);
1740 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1741 * but takes a size argument.
1743 * By the time this function returns, the returned pointer is not protected
1744 * by RCU anymore. If the caller is not within an RCU critical section and
1745 * does not hold the iothread lock, it must have other means of protecting the
1746 * pointer, such as a reference to the region that includes the incoming
1749 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1755 if (xen_enabled()) {
1756 return xen_map_cache(addr, *size, 1);
1760 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1761 if (addr - block->offset < block->max_length) {
1762 if (addr - block->offset + *size > block->max_length)
1763 *size = block->max_length - addr + block->offset;
1764 ptr = ramblock_ptr(block, addr - block->offset);
1770 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1775 /* Some of the softmmu routines need to translate from a host pointer
1776 * (typically a TLB entry) back to a ram offset.
1778 * By the time this function returns, the returned pointer is not protected
1779 * by RCU anymore. If the caller is not within an RCU critical section and
1780 * does not hold the iothread lock, it must have other means of protecting the
1781 * pointer, such as a reference to the region that includes the incoming
1784 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1787 uint8_t *host = ptr;
1790 if (xen_enabled()) {
1792 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1793 mr = qemu_get_ram_block(*ram_addr)->mr;
1799 block = atomic_rcu_read(&ram_list.mru_block);
1800 if (block && block->host && host - block->host < block->max_length) {
1804 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1805 /* This case append when the block is not mapped. */
1806 if (block->host == NULL) {
1809 if (host - block->host < block->max_length) {
1818 *ram_addr = block->offset + (host - block->host);
1824 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1825 uint64_t val, unsigned size)
1827 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1828 tb_invalidate_phys_page_fast(ram_addr, size);
1832 stb_p(qemu_get_ram_ptr(ram_addr), val);
1835 stw_p(qemu_get_ram_ptr(ram_addr), val);
1838 stl_p(qemu_get_ram_ptr(ram_addr), val);
1843 /* Set both VGA and migration bits for simplicity and to remove
1844 * the notdirty callback faster.
1846 cpu_physical_memory_set_dirty_range(ram_addr, size,
1847 DIRTY_CLIENTS_NOCODE);
1848 /* we remove the notdirty callback only if the code has been
1850 if (!cpu_physical_memory_is_clean(ram_addr)) {
1851 CPUArchState *env = current_cpu->env_ptr;
1852 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1856 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1857 unsigned size, bool is_write)
1862 static const MemoryRegionOps notdirty_mem_ops = {
1863 .write = notdirty_mem_write,
1864 .valid.accepts = notdirty_mem_accepts,
1865 .endianness = DEVICE_NATIVE_ENDIAN,
1868 /* Generate a debug exception if a watchpoint has been hit. */
1869 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1871 CPUState *cpu = current_cpu;
1872 CPUArchState *env = cpu->env_ptr;
1873 target_ulong pc, cs_base;
1878 if (cpu->watchpoint_hit) {
1879 /* We re-entered the check after replacing the TB. Now raise
1880 * the debug interrupt so that is will trigger after the
1881 * current instruction. */
1882 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1885 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1886 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1887 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1888 && (wp->flags & flags)) {
1889 if (flags == BP_MEM_READ) {
1890 wp->flags |= BP_WATCHPOINT_HIT_READ;
1892 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1894 wp->hitaddr = vaddr;
1895 wp->hitattrs = attrs;
1896 if (!cpu->watchpoint_hit) {
1897 cpu->watchpoint_hit = wp;
1898 tb_check_watchpoint(cpu);
1899 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1900 cpu->exception_index = EXCP_DEBUG;
1903 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1904 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1905 cpu_resume_from_signal(cpu, NULL);
1909 wp->flags &= ~BP_WATCHPOINT_HIT;
1914 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1915 so these check for a hit then pass through to the normal out-of-line
1917 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1918 unsigned size, MemTxAttrs attrs)
1923 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1926 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1929 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1932 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1940 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1941 uint64_t val, unsigned size,
1946 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1949 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1952 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1955 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1962 static const MemoryRegionOps watch_mem_ops = {
1963 .read_with_attrs = watch_mem_read,
1964 .write_with_attrs = watch_mem_write,
1965 .endianness = DEVICE_NATIVE_ENDIAN,
1968 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1969 unsigned len, MemTxAttrs attrs)
1971 subpage_t *subpage = opaque;
1975 #if defined(DEBUG_SUBPAGE)
1976 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1977 subpage, len, addr);
1979 res = address_space_read(subpage->as, addr + subpage->base,
1986 *data = ldub_p(buf);
1989 *data = lduw_p(buf);
2002 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2003 uint64_t value, unsigned len, MemTxAttrs attrs)
2005 subpage_t *subpage = opaque;
2008 #if defined(DEBUG_SUBPAGE)
2009 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2010 " value %"PRIx64"\n",
2011 __func__, subpage, len, addr, value);
2029 return address_space_write(subpage->as, addr + subpage->base,
2033 static bool subpage_accepts(void *opaque, hwaddr addr,
2034 unsigned len, bool is_write)
2036 subpage_t *subpage = opaque;
2037 #if defined(DEBUG_SUBPAGE)
2038 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2039 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2042 return address_space_access_valid(subpage->as, addr + subpage->base,
2046 static const MemoryRegionOps subpage_ops = {
2047 .read_with_attrs = subpage_read,
2048 .write_with_attrs = subpage_write,
2049 .impl.min_access_size = 1,
2050 .impl.max_access_size = 8,
2051 .valid.min_access_size = 1,
2052 .valid.max_access_size = 8,
2053 .valid.accepts = subpage_accepts,
2054 .endianness = DEVICE_NATIVE_ENDIAN,
2057 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2062 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2064 idx = SUBPAGE_IDX(start);
2065 eidx = SUBPAGE_IDX(end);
2066 #if defined(DEBUG_SUBPAGE)
2067 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2068 __func__, mmio, start, end, idx, eidx, section);
2070 for (; idx <= eidx; idx++) {
2071 mmio->sub_section[idx] = section;
2077 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2081 mmio = g_malloc0(sizeof(subpage_t));
2085 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2086 NULL, TARGET_PAGE_SIZE);
2087 mmio->iomem.subpage = true;
2088 #if defined(DEBUG_SUBPAGE)
2089 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2090 mmio, base, TARGET_PAGE_SIZE);
2092 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2097 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2101 MemoryRegionSection section = {
2102 .address_space = as,
2104 .offset_within_address_space = 0,
2105 .offset_within_region = 0,
2106 .size = int128_2_64(),
2109 return phys_section_add(map, §ion);
2112 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2114 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2115 MemoryRegionSection *sections = d->map.sections;
2117 return sections[index & ~TARGET_PAGE_MASK].mr;
2120 static void io_mem_init(void)
2122 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2123 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2125 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2127 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2131 static void mem_begin(MemoryListener *listener)
2133 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2134 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2137 n = dummy_section(&d->map, as, &io_mem_unassigned);
2138 assert(n == PHYS_SECTION_UNASSIGNED);
2139 n = dummy_section(&d->map, as, &io_mem_notdirty);
2140 assert(n == PHYS_SECTION_NOTDIRTY);
2141 n = dummy_section(&d->map, as, &io_mem_rom);
2142 assert(n == PHYS_SECTION_ROM);
2143 n = dummy_section(&d->map, as, &io_mem_watch);
2144 assert(n == PHYS_SECTION_WATCH);
2146 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2148 as->next_dispatch = d;
2151 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2153 phys_sections_free(&d->map);
2157 static void mem_commit(MemoryListener *listener)
2159 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2160 AddressSpaceDispatch *cur = as->dispatch;
2161 AddressSpaceDispatch *next = as->next_dispatch;
2163 phys_page_compact_all(next, next->map.nodes_nb);
2165 atomic_rcu_set(&as->dispatch, next);
2167 call_rcu(cur, address_space_dispatch_free, rcu);
2171 static void tcg_commit(MemoryListener *listener)
2175 /* since each CPU stores ram addresses in its TLB cache, we must
2176 reset the modified entries */
2179 /* FIXME: Disentangle the cpu.h circular files deps so we can
2180 directly get the right CPU from listener. */
2181 if (cpu->tcg_as_listener != listener) {
2184 cpu_reload_memory_map(cpu);
2188 void address_space_init_dispatch(AddressSpace *as)
2190 as->dispatch = NULL;
2191 as->dispatch_listener = (MemoryListener) {
2193 .commit = mem_commit,
2194 .region_add = mem_add,
2195 .region_nop = mem_add,
2198 memory_listener_register(&as->dispatch_listener, as);
2201 void address_space_unregister(AddressSpace *as)
2203 memory_listener_unregister(&as->dispatch_listener);
2206 void address_space_destroy_dispatch(AddressSpace *as)
2208 AddressSpaceDispatch *d = as->dispatch;
2210 atomic_rcu_set(&as->dispatch, NULL);
2212 call_rcu(d, address_space_dispatch_free, rcu);
2216 static void memory_map_init(void)
2218 system_memory = g_malloc(sizeof(*system_memory));
2220 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2221 address_space_init(&address_space_memory, system_memory, "memory");
2223 system_io = g_malloc(sizeof(*system_io));
2224 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2226 address_space_init(&address_space_io, system_io, "I/O");
2229 MemoryRegion *get_system_memory(void)
2231 return system_memory;
2234 MemoryRegion *get_system_io(void)
2239 #endif /* !defined(CONFIG_USER_ONLY) */
2241 /* physical memory access (slow version, mainly for debug) */
2242 #if defined(CONFIG_USER_ONLY)
2243 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2244 uint8_t *buf, int len, int is_write)
2251 page = addr & TARGET_PAGE_MASK;
2252 l = (page + TARGET_PAGE_SIZE) - addr;
2255 flags = page_get_flags(page);
2256 if (!(flags & PAGE_VALID))
2259 if (!(flags & PAGE_WRITE))
2261 /* XXX: this code should not depend on lock_user */
2262 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2265 unlock_user(p, addr, l);
2267 if (!(flags & PAGE_READ))
2269 /* XXX: this code should not depend on lock_user */
2270 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2273 unlock_user(p, addr, 0);
2284 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2287 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2288 /* No early return if dirty_log_mask is or becomes 0, because
2289 * cpu_physical_memory_set_dirty_range will still call
2290 * xen_modified_memory.
2292 if (dirty_log_mask) {
2294 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2296 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2297 tb_invalidate_phys_range(addr, addr + length);
2298 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2300 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2303 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2305 unsigned access_size_max = mr->ops->valid.max_access_size;
2307 /* Regions are assumed to support 1-4 byte accesses unless
2308 otherwise specified. */
2309 if (access_size_max == 0) {
2310 access_size_max = 4;
2313 /* Bound the maximum access by the alignment of the address. */
2314 if (!mr->ops->impl.unaligned) {
2315 unsigned align_size_max = addr & -addr;
2316 if (align_size_max != 0 && align_size_max < access_size_max) {
2317 access_size_max = align_size_max;
2321 /* Don't attempt accesses larger than the maximum. */
2322 if (l > access_size_max) {
2323 l = access_size_max;
2326 l = 1 << (qemu_fls(l) - 1);
2332 static bool prepare_mmio_access(MemoryRegion *mr)
2334 bool unlocked = !qemu_mutex_iothread_locked();
2335 bool release_lock = false;
2337 if (unlocked && mr->global_locking) {
2338 qemu_mutex_lock_iothread();
2340 release_lock = true;
2342 if (mr->flush_coalesced_mmio) {
2344 qemu_mutex_lock_iothread();
2346 qemu_flush_coalesced_mmio_buffer();
2348 qemu_mutex_unlock_iothread();
2352 return release_lock;
2355 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2356 uint8_t *buf, int len, bool is_write)
2363 MemTxResult result = MEMTX_OK;
2364 bool release_lock = false;
2369 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2372 if (!memory_access_is_direct(mr, is_write)) {
2373 release_lock |= prepare_mmio_access(mr);
2374 l = memory_access_size(mr, l, addr1);
2375 /* XXX: could force current_cpu to NULL to avoid
2379 /* 64 bit write access */
2381 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2385 /* 32 bit write access */
2387 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2391 /* 16 bit write access */
2393 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2397 /* 8 bit write access */
2399 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2406 addr1 += memory_region_get_ram_addr(mr);
2408 ptr = qemu_get_ram_ptr(addr1);
2409 memcpy(ptr, buf, l);
2410 invalidate_and_set_dirty(mr, addr1, l);
2413 if (!memory_access_is_direct(mr, is_write)) {
2415 release_lock |= prepare_mmio_access(mr);
2416 l = memory_access_size(mr, l, addr1);
2419 /* 64 bit read access */
2420 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2425 /* 32 bit read access */
2426 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2431 /* 16 bit read access */
2432 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2437 /* 8 bit read access */
2438 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2447 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2448 memcpy(buf, ptr, l);
2453 qemu_mutex_unlock_iothread();
2454 release_lock = false;
2466 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2467 const uint8_t *buf, int len)
2469 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2472 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2473 uint8_t *buf, int len)
2475 return address_space_rw(as, addr, attrs, buf, len, false);
2479 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2480 int len, int is_write)
2482 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2483 buf, len, is_write);
2486 enum write_rom_type {
2491 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2492 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2502 mr = address_space_translate(as, addr, &addr1, &l, true);
2504 if (!(memory_region_is_ram(mr) ||
2505 memory_region_is_romd(mr))) {
2506 l = memory_access_size(mr, l, addr1);
2508 addr1 += memory_region_get_ram_addr(mr);
2510 ptr = qemu_get_ram_ptr(addr1);
2513 memcpy(ptr, buf, l);
2514 invalidate_and_set_dirty(mr, addr1, l);
2517 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2528 /* used for ROM loading : can write in RAM and ROM */
2529 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2530 const uint8_t *buf, int len)
2532 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2535 void cpu_flush_icache_range(hwaddr start, int len)
2538 * This function should do the same thing as an icache flush that was
2539 * triggered from within the guest. For TCG we are always cache coherent,
2540 * so there is no need to flush anything. For KVM / Xen we need to flush
2541 * the host's instruction cache at least.
2543 if (tcg_enabled()) {
2547 cpu_physical_memory_write_rom_internal(&address_space_memory,
2548 start, NULL, len, FLUSH_CACHE);
2559 static BounceBuffer bounce;
2561 typedef struct MapClient {
2563 QLIST_ENTRY(MapClient) link;
2566 QemuMutex map_client_list_lock;
2567 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2568 = QLIST_HEAD_INITIALIZER(map_client_list);
2570 static void cpu_unregister_map_client_do(MapClient *client)
2572 QLIST_REMOVE(client, link);
2576 static void cpu_notify_map_clients_locked(void)
2580 while (!QLIST_EMPTY(&map_client_list)) {
2581 client = QLIST_FIRST(&map_client_list);
2582 qemu_bh_schedule(client->bh);
2583 cpu_unregister_map_client_do(client);
2587 void cpu_register_map_client(QEMUBH *bh)
2589 MapClient *client = g_malloc(sizeof(*client));
2591 qemu_mutex_lock(&map_client_list_lock);
2593 QLIST_INSERT_HEAD(&map_client_list, client, link);
2594 if (!atomic_read(&bounce.in_use)) {
2595 cpu_notify_map_clients_locked();
2597 qemu_mutex_unlock(&map_client_list_lock);
2600 void cpu_exec_init_all(void)
2602 qemu_mutex_init(&ram_list.mutex);
2605 qemu_mutex_init(&map_client_list_lock);
2608 void cpu_unregister_map_client(QEMUBH *bh)
2612 qemu_mutex_lock(&map_client_list_lock);
2613 QLIST_FOREACH(client, &map_client_list, link) {
2614 if (client->bh == bh) {
2615 cpu_unregister_map_client_do(client);
2619 qemu_mutex_unlock(&map_client_list_lock);
2622 static void cpu_notify_map_clients(void)
2624 qemu_mutex_lock(&map_client_list_lock);
2625 cpu_notify_map_clients_locked();
2626 qemu_mutex_unlock(&map_client_list_lock);
2629 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2637 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2638 if (!memory_access_is_direct(mr, is_write)) {
2639 l = memory_access_size(mr, l, addr);
2640 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2652 /* Map a physical memory region into a host virtual address.
2653 * May map a subset of the requested range, given by and returned in *plen.
2654 * May return NULL if resources needed to perform the mapping are exhausted.
2655 * Use only for reads OR writes - not for read-modify-write operations.
2656 * Use cpu_register_map_client() to know when retrying the map operation is
2657 * likely to succeed.
2659 void *address_space_map(AddressSpace *as,
2666 hwaddr l, xlat, base;
2667 MemoryRegion *mr, *this_mr;
2676 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2678 if (!memory_access_is_direct(mr, is_write)) {
2679 if (atomic_xchg(&bounce.in_use, true)) {
2683 /* Avoid unbounded allocations */
2684 l = MIN(l, TARGET_PAGE_SIZE);
2685 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2689 memory_region_ref(mr);
2692 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2698 return bounce.buffer;
2702 raddr = memory_region_get_ram_addr(mr);
2713 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2714 if (this_mr != mr || xlat != base + done) {
2719 memory_region_ref(mr);
2722 return qemu_ram_ptr_length(raddr + base, plen);
2725 /* Unmaps a memory region previously mapped by address_space_map().
2726 * Will also mark the memory as dirty if is_write == 1. access_len gives
2727 * the amount of memory that was actually read or written by the caller.
2729 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2730 int is_write, hwaddr access_len)
2732 if (buffer != bounce.buffer) {
2736 mr = qemu_ram_addr_from_host(buffer, &addr1);
2739 invalidate_and_set_dirty(mr, addr1, access_len);
2741 if (xen_enabled()) {
2742 xen_invalidate_map_cache_entry(buffer);
2744 memory_region_unref(mr);
2748 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2749 bounce.buffer, access_len);
2751 qemu_vfree(bounce.buffer);
2752 bounce.buffer = NULL;
2753 memory_region_unref(bounce.mr);
2754 atomic_mb_set(&bounce.in_use, false);
2755 cpu_notify_map_clients();
2758 void *cpu_physical_memory_map(hwaddr addr,
2762 return address_space_map(&address_space_memory, addr, plen, is_write);
2765 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2766 int is_write, hwaddr access_len)
2768 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2771 /* warning: addr must be aligned */
2772 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2774 MemTxResult *result,
2775 enum device_endian endian)
2783 bool release_lock = false;
2786 mr = address_space_translate(as, addr, &addr1, &l, false);
2787 if (l < 4 || !memory_access_is_direct(mr, false)) {
2788 release_lock |= prepare_mmio_access(mr);
2791 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2792 #if defined(TARGET_WORDS_BIGENDIAN)
2793 if (endian == DEVICE_LITTLE_ENDIAN) {
2797 if (endian == DEVICE_BIG_ENDIAN) {
2803 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2807 case DEVICE_LITTLE_ENDIAN:
2808 val = ldl_le_p(ptr);
2810 case DEVICE_BIG_ENDIAN:
2811 val = ldl_be_p(ptr);
2823 qemu_mutex_unlock_iothread();
2829 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2830 MemTxAttrs attrs, MemTxResult *result)
2832 return address_space_ldl_internal(as, addr, attrs, result,
2833 DEVICE_NATIVE_ENDIAN);
2836 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2837 MemTxAttrs attrs, MemTxResult *result)
2839 return address_space_ldl_internal(as, addr, attrs, result,
2840 DEVICE_LITTLE_ENDIAN);
2843 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2844 MemTxAttrs attrs, MemTxResult *result)
2846 return address_space_ldl_internal(as, addr, attrs, result,
2850 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2852 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2855 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2857 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2860 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2862 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2865 /* warning: addr must be aligned */
2866 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2868 MemTxResult *result,
2869 enum device_endian endian)
2877 bool release_lock = false;
2880 mr = address_space_translate(as, addr, &addr1, &l,
2882 if (l < 8 || !memory_access_is_direct(mr, false)) {
2883 release_lock |= prepare_mmio_access(mr);
2886 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2887 #if defined(TARGET_WORDS_BIGENDIAN)
2888 if (endian == DEVICE_LITTLE_ENDIAN) {
2892 if (endian == DEVICE_BIG_ENDIAN) {
2898 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2902 case DEVICE_LITTLE_ENDIAN:
2903 val = ldq_le_p(ptr);
2905 case DEVICE_BIG_ENDIAN:
2906 val = ldq_be_p(ptr);
2918 qemu_mutex_unlock_iothread();
2924 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2925 MemTxAttrs attrs, MemTxResult *result)
2927 return address_space_ldq_internal(as, addr, attrs, result,
2928 DEVICE_NATIVE_ENDIAN);
2931 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2932 MemTxAttrs attrs, MemTxResult *result)
2934 return address_space_ldq_internal(as, addr, attrs, result,
2935 DEVICE_LITTLE_ENDIAN);
2938 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2939 MemTxAttrs attrs, MemTxResult *result)
2941 return address_space_ldq_internal(as, addr, attrs, result,
2945 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2947 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2950 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2952 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2955 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2957 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2961 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2962 MemTxAttrs attrs, MemTxResult *result)
2967 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2974 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2976 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2979 /* warning: addr must be aligned */
2980 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2983 MemTxResult *result,
2984 enum device_endian endian)
2992 bool release_lock = false;
2995 mr = address_space_translate(as, addr, &addr1, &l,
2997 if (l < 2 || !memory_access_is_direct(mr, false)) {
2998 release_lock |= prepare_mmio_access(mr);
3001 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3002 #if defined(TARGET_WORDS_BIGENDIAN)
3003 if (endian == DEVICE_LITTLE_ENDIAN) {
3007 if (endian == DEVICE_BIG_ENDIAN) {
3013 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3017 case DEVICE_LITTLE_ENDIAN:
3018 val = lduw_le_p(ptr);
3020 case DEVICE_BIG_ENDIAN:
3021 val = lduw_be_p(ptr);
3033 qemu_mutex_unlock_iothread();
3039 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3040 MemTxAttrs attrs, MemTxResult *result)
3042 return address_space_lduw_internal(as, addr, attrs, result,
3043 DEVICE_NATIVE_ENDIAN);
3046 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3047 MemTxAttrs attrs, MemTxResult *result)
3049 return address_space_lduw_internal(as, addr, attrs, result,
3050 DEVICE_LITTLE_ENDIAN);
3053 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3054 MemTxAttrs attrs, MemTxResult *result)
3056 return address_space_lduw_internal(as, addr, attrs, result,
3060 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3062 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3065 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3067 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3070 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3072 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3075 /* warning: addr must be aligned. The ram page is not masked as dirty
3076 and the code inside is not invalidated. It is useful if the dirty
3077 bits are used to track modified PTEs */
3078 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3079 MemTxAttrs attrs, MemTxResult *result)
3086 uint8_t dirty_log_mask;
3087 bool release_lock = false;
3090 mr = address_space_translate(as, addr, &addr1, &l,
3092 if (l < 4 || !memory_access_is_direct(mr, true)) {
3093 release_lock |= prepare_mmio_access(mr);
3095 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3097 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3098 ptr = qemu_get_ram_ptr(addr1);
3101 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3102 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3103 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3110 qemu_mutex_unlock_iothread();
3115 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3117 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3120 /* warning: addr must be aligned */
3121 static inline void address_space_stl_internal(AddressSpace *as,
3122 hwaddr addr, uint32_t val,
3124 MemTxResult *result,
3125 enum device_endian endian)
3132 bool release_lock = false;
3135 mr = address_space_translate(as, addr, &addr1, &l,
3137 if (l < 4 || !memory_access_is_direct(mr, true)) {
3138 release_lock |= prepare_mmio_access(mr);
3140 #if defined(TARGET_WORDS_BIGENDIAN)
3141 if (endian == DEVICE_LITTLE_ENDIAN) {
3145 if (endian == DEVICE_BIG_ENDIAN) {
3149 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3152 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3153 ptr = qemu_get_ram_ptr(addr1);
3155 case DEVICE_LITTLE_ENDIAN:
3158 case DEVICE_BIG_ENDIAN:
3165 invalidate_and_set_dirty(mr, addr1, 4);
3172 qemu_mutex_unlock_iothread();
3177 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3178 MemTxAttrs attrs, MemTxResult *result)
3180 address_space_stl_internal(as, addr, val, attrs, result,
3181 DEVICE_NATIVE_ENDIAN);
3184 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3185 MemTxAttrs attrs, MemTxResult *result)
3187 address_space_stl_internal(as, addr, val, attrs, result,
3188 DEVICE_LITTLE_ENDIAN);
3191 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3192 MemTxAttrs attrs, MemTxResult *result)
3194 address_space_stl_internal(as, addr, val, attrs, result,
3198 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3200 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3203 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3205 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3208 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3210 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3214 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3215 MemTxAttrs attrs, MemTxResult *result)
3220 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3226 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3228 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3231 /* warning: addr must be aligned */
3232 static inline void address_space_stw_internal(AddressSpace *as,
3233 hwaddr addr, uint32_t val,
3235 MemTxResult *result,
3236 enum device_endian endian)
3243 bool release_lock = false;
3246 mr = address_space_translate(as, addr, &addr1, &l, true);
3247 if (l < 2 || !memory_access_is_direct(mr, true)) {
3248 release_lock |= prepare_mmio_access(mr);
3250 #if defined(TARGET_WORDS_BIGENDIAN)
3251 if (endian == DEVICE_LITTLE_ENDIAN) {
3255 if (endian == DEVICE_BIG_ENDIAN) {
3259 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3262 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3263 ptr = qemu_get_ram_ptr(addr1);
3265 case DEVICE_LITTLE_ENDIAN:
3268 case DEVICE_BIG_ENDIAN:
3275 invalidate_and_set_dirty(mr, addr1, 2);
3282 qemu_mutex_unlock_iothread();
3287 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3288 MemTxAttrs attrs, MemTxResult *result)
3290 address_space_stw_internal(as, addr, val, attrs, result,
3291 DEVICE_NATIVE_ENDIAN);
3294 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3295 MemTxAttrs attrs, MemTxResult *result)
3297 address_space_stw_internal(as, addr, val, attrs, result,
3298 DEVICE_LITTLE_ENDIAN);
3301 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3302 MemTxAttrs attrs, MemTxResult *result)
3304 address_space_stw_internal(as, addr, val, attrs, result,
3308 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3310 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3313 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3315 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3318 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3320 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3324 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3325 MemTxAttrs attrs, MemTxResult *result)
3329 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3335 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3336 MemTxAttrs attrs, MemTxResult *result)
3339 val = cpu_to_le64(val);
3340 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3345 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3346 MemTxAttrs attrs, MemTxResult *result)
3349 val = cpu_to_be64(val);
3350 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3356 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3358 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3361 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3363 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3366 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3368 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3371 /* virtual memory access for debug (includes writing to ROM) */
3372 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3373 uint8_t *buf, int len, int is_write)
3380 page = addr & TARGET_PAGE_MASK;
3381 phys_addr = cpu_get_phys_page_debug(cpu, page);
3382 /* if no physical page mapped, return an error */
3383 if (phys_addr == -1)
3385 l = (page + TARGET_PAGE_SIZE) - addr;
3388 phys_addr += (addr & ~TARGET_PAGE_MASK);
3390 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3392 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3404 * A helper function for the _utterly broken_ virtio device model to find out if
3405 * it's running on a big endian machine. Don't do this at home kids!
3407 bool target_words_bigendian(void);
3408 bool target_words_bigendian(void)
3410 #if defined(TARGET_WORDS_BIGENDIAN)
3417 #ifndef CONFIG_USER_ONLY
3418 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3425 mr = address_space_translate(&address_space_memory,
3426 phys_addr, &phys_addr, &l, false);
3428 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3433 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3439 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3440 ret = func(block->idstr, block->host, block->offset,
3441 block->used_length, opaque);
projects / qemu.git / blob