2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
36 #include "qemu-common.h"
41 #if defined(CONFIG_USER_ONLY)
45 //#define DEBUG_TB_INVALIDATE
48 //#define DEBUG_UNASSIGNED
50 /* make various TB consistency checks */
51 //#define DEBUG_TB_CHECK
52 //#define DEBUG_TLB_CHECK
54 //#define DEBUG_IOPORT
55 //#define DEBUG_SUBPAGE
57 #if !defined(CONFIG_USER_ONLY)
58 /* TB consistency checks only implemented for usermode emulation. */
62 #define SMC_BITMAP_USE_THRESHOLD 10
64 #if defined(TARGET_SPARC64)
65 #define TARGET_PHYS_ADDR_SPACE_BITS 41
66 #elif defined(TARGET_SPARC)
67 #define TARGET_PHYS_ADDR_SPACE_BITS 36
68 #elif defined(TARGET_ALPHA)
69 #define TARGET_PHYS_ADDR_SPACE_BITS 42
70 #define TARGET_VIRT_ADDR_SPACE_BITS 42
71 #elif defined(TARGET_PPC64)
72 #define TARGET_PHYS_ADDR_SPACE_BITS 42
73 #elif defined(TARGET_X86_64) && !defined(CONFIG_KQEMU)
74 #define TARGET_PHYS_ADDR_SPACE_BITS 42
75 #elif defined(TARGET_I386) && !defined(CONFIG_KQEMU)
76 #define TARGET_PHYS_ADDR_SPACE_BITS 36
78 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
79 #define TARGET_PHYS_ADDR_SPACE_BITS 32
82 static TranslationBlock *tbs;
83 int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
101 #define code_gen_section \
102 __attribute__((aligned (32)))
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 uint8_t *code_gen_ptr;
112 #if !defined(CONFIG_USER_ONLY)
114 uint8_t *phys_ram_dirty;
115 static int in_migration;
117 typedef struct RAMBlock {
121 struct RAMBlock *next;
124 static RAMBlock *ram_blocks;
125 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
126 then we can no longer assume contiguous ram offsets, and external uses
127 of this variable will break. */
128 ram_addr_t last_ram_offset;
132 /* current CPU in the current thread. It is only valid inside
134 CPUState *cpu_single_env;
135 /* 0 = Do not count executed instructions.
136 1 = Precise instruction counting.
137 2 = Adaptive rate instruction counting. */
139 /* Current instruction counter. While executing translated code this may
140 include some instructions that have not yet been executed. */
143 typedef struct PageDesc {
144 /* list of TBs intersecting this ram page */
145 TranslationBlock *first_tb;
146 /* in order to optimize self modifying code, we count the number
147 of lookups we do to a given page to use a bitmap */
148 unsigned int code_write_count;
149 uint8_t *code_bitmap;
150 #if defined(CONFIG_USER_ONLY)
155 typedef struct PhysPageDesc {
156 /* offset in host memory of the page + io_index in the low bits */
157 ram_addr_t phys_offset;
158 ram_addr_t region_offset;
162 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
163 /* XXX: this is a temporary hack for alpha target.
164 * In the future, this is to be replaced by a multi-level table
165 * to actually be able to handle the complete 64 bits address space.
167 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
169 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
172 #define L1_SIZE (1 << L1_BITS)
173 #define L2_SIZE (1 << L2_BITS)
175 unsigned long qemu_real_host_page_size;
176 unsigned long qemu_host_page_bits;
177 unsigned long qemu_host_page_size;
178 unsigned long qemu_host_page_mask;
180 /* XXX: for system emulation, it could just be an array */
181 static PageDesc *l1_map[L1_SIZE];
182 static PhysPageDesc **l1_phys_map;
184 #if !defined(CONFIG_USER_ONLY)
185 static void io_mem_init(void);
187 /* io memory support */
188 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
189 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
190 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
191 static char io_mem_used[IO_MEM_NB_ENTRIES];
192 static int io_mem_watch;
196 static const char *logfilename = "/tmp/qemu.log";
199 static int log_append = 0;
202 static int tlb_flush_count;
203 static int tb_flush_count;
204 static int tb_phys_invalidate_count;
206 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
207 typedef struct subpage_t {
208 target_phys_addr_t base;
209 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
210 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
211 void *opaque[TARGET_PAGE_SIZE][2][4];
212 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
216 static void map_exec(void *addr, long size)
219 VirtualProtect(addr, size,
220 PAGE_EXECUTE_READWRITE, &old_protect);
224 static void map_exec(void *addr, long size)
226 unsigned long start, end, page_size;
228 page_size = getpagesize();
229 start = (unsigned long)addr;
230 start &= ~(page_size - 1);
232 end = (unsigned long)addr + size;
233 end += page_size - 1;
234 end &= ~(page_size - 1);
236 mprotect((void *)start, end - start,
237 PROT_READ | PROT_WRITE | PROT_EXEC);
241 static void page_init(void)
243 /* NOTE: we can always suppose that qemu_host_page_size >=
247 SYSTEM_INFO system_info;
249 GetSystemInfo(&system_info);
250 qemu_real_host_page_size = system_info.dwPageSize;
253 qemu_real_host_page_size = getpagesize();
255 if (qemu_host_page_size == 0)
256 qemu_host_page_size = qemu_real_host_page_size;
257 if (qemu_host_page_size < TARGET_PAGE_SIZE)
258 qemu_host_page_size = TARGET_PAGE_SIZE;
259 qemu_host_page_bits = 0;
260 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
261 qemu_host_page_bits++;
262 qemu_host_page_mask = ~(qemu_host_page_size - 1);
263 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
264 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
266 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
268 long long startaddr, endaddr;
273 last_brk = (unsigned long)sbrk(0);
274 f = fopen("/proc/self/maps", "r");
277 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
279 startaddr = MIN(startaddr,
280 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
281 endaddr = MIN(endaddr,
282 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
283 page_set_flags(startaddr & TARGET_PAGE_MASK,
284 TARGET_PAGE_ALIGN(endaddr),
295 static inline PageDesc **page_l1_map(target_ulong index)
297 #if TARGET_LONG_BITS > 32
298 /* Host memory outside guest VM. For 32-bit targets we have already
299 excluded high addresses. */
300 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
303 return &l1_map[index >> L2_BITS];
306 static inline PageDesc *page_find_alloc(target_ulong index)
309 lp = page_l1_map(index);
315 /* allocate if not found */
316 #if defined(CONFIG_USER_ONLY)
317 size_t len = sizeof(PageDesc) * L2_SIZE;
318 /* Don't use qemu_malloc because it may recurse. */
319 p = mmap(NULL, len, PROT_READ | PROT_WRITE,
320 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
323 unsigned long addr = h2g(p);
324 page_set_flags(addr & TARGET_PAGE_MASK,
325 TARGET_PAGE_ALIGN(addr + len),
329 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
333 return p + (index & (L2_SIZE - 1));
336 static inline PageDesc *page_find(target_ulong index)
339 lp = page_l1_map(index);
347 return p + (index & (L2_SIZE - 1));
350 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
355 p = (void **)l1_phys_map;
356 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
358 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
359 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
361 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
364 /* allocate if not found */
367 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
368 memset(p, 0, sizeof(void *) * L1_SIZE);
372 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
376 /* allocate if not found */
379 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
381 for (i = 0; i < L2_SIZE; i++) {
382 pd[i].phys_offset = IO_MEM_UNASSIGNED;
383 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
386 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
389 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
391 return phys_page_find_alloc(index, 0);
394 #if !defined(CONFIG_USER_ONLY)
395 static void tlb_protect_code(ram_addr_t ram_addr);
396 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
398 #define mmap_lock() do { } while(0)
399 #define mmap_unlock() do { } while(0)
402 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
404 #if defined(CONFIG_USER_ONLY)
405 /* Currently it is not recommended to allocate big chunks of data in
406 user mode. It will change when a dedicated libc will be used */
407 #define USE_STATIC_CODE_GEN_BUFFER
410 #ifdef USE_STATIC_CODE_GEN_BUFFER
411 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
414 static void code_gen_alloc(unsigned long tb_size)
416 #ifdef USE_STATIC_CODE_GEN_BUFFER
417 code_gen_buffer = static_code_gen_buffer;
418 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
419 map_exec(code_gen_buffer, code_gen_buffer_size);
421 code_gen_buffer_size = tb_size;
422 if (code_gen_buffer_size == 0) {
423 #if defined(CONFIG_USER_ONLY)
424 /* in user mode, phys_ram_size is not meaningful */
425 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
427 /* XXX: needs adjustments */
428 code_gen_buffer_size = (unsigned long)(ram_size / 4);
431 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
432 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
433 /* The code gen buffer location may have constraints depending on
434 the host cpu and OS */
435 #if defined(__linux__)
440 flags = MAP_PRIVATE | MAP_ANONYMOUS;
441 #if defined(__x86_64__)
443 /* Cannot map more than that */
444 if (code_gen_buffer_size > (800 * 1024 * 1024))
445 code_gen_buffer_size = (800 * 1024 * 1024);
446 #elif defined(__sparc_v9__)
447 // Map the buffer below 2G, so we can use direct calls and branches
449 start = (void *) 0x60000000UL;
450 if (code_gen_buffer_size > (512 * 1024 * 1024))
451 code_gen_buffer_size = (512 * 1024 * 1024);
452 #elif defined(__arm__)
453 /* Map the buffer below 32M, so we can use direct calls and branches */
455 start = (void *) 0x01000000UL;
456 if (code_gen_buffer_size > 16 * 1024 * 1024)
457 code_gen_buffer_size = 16 * 1024 * 1024;
459 code_gen_buffer = mmap(start, code_gen_buffer_size,
460 PROT_WRITE | PROT_READ | PROT_EXEC,
462 if (code_gen_buffer == MAP_FAILED) {
463 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
467 #elif defined(__FreeBSD__) || defined(__DragonFly__)
471 flags = MAP_PRIVATE | MAP_ANONYMOUS;
472 #if defined(__x86_64__)
473 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
474 * 0x40000000 is free */
476 addr = (void *)0x40000000;
477 /* Cannot map more than that */
478 if (code_gen_buffer_size > (800 * 1024 * 1024))
479 code_gen_buffer_size = (800 * 1024 * 1024);
481 code_gen_buffer = mmap(addr, code_gen_buffer_size,
482 PROT_WRITE | PROT_READ | PROT_EXEC,
484 if (code_gen_buffer == MAP_FAILED) {
485 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
490 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
491 map_exec(code_gen_buffer, code_gen_buffer_size);
493 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
494 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
495 code_gen_buffer_max_size = code_gen_buffer_size -
496 code_gen_max_block_size();
497 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
498 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
501 /* Must be called before using the QEMU cpus. 'tb_size' is the size
502 (in bytes) allocated to the translation buffer. Zero means default
504 void cpu_exec_init_all(unsigned long tb_size)
507 code_gen_alloc(tb_size);
508 code_gen_ptr = code_gen_buffer;
510 #if !defined(CONFIG_USER_ONLY)
515 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
517 #define CPU_COMMON_SAVE_VERSION 1
519 static void cpu_common_save(QEMUFile *f, void *opaque)
521 CPUState *env = opaque;
523 cpu_synchronize_state(env, 0);
525 qemu_put_be32s(f, &env->halted);
526 qemu_put_be32s(f, &env->interrupt_request);
529 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
531 CPUState *env = opaque;
533 if (version_id != CPU_COMMON_SAVE_VERSION)
536 qemu_get_be32s(f, &env->halted);
537 qemu_get_be32s(f, &env->interrupt_request);
538 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
539 version_id is increased. */
540 env->interrupt_request &= ~0x01;
542 cpu_synchronize_state(env, 1);
548 CPUState *qemu_get_cpu(int cpu)
550 CPUState *env = first_cpu;
553 if (env->cpu_index == cpu)
561 void cpu_exec_init(CPUState *env)
566 #if defined(CONFIG_USER_ONLY)
569 env->next_cpu = NULL;
572 while (*penv != NULL) {
573 penv = &(*penv)->next_cpu;
576 env->cpu_index = cpu_index;
578 TAILQ_INIT(&env->breakpoints);
579 TAILQ_INIT(&env->watchpoints);
581 #if defined(CONFIG_USER_ONLY)
584 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
585 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
586 cpu_common_save, cpu_common_load, env);
587 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
588 cpu_save, cpu_load, env);
592 static inline void invalidate_page_bitmap(PageDesc *p)
594 if (p->code_bitmap) {
595 qemu_free(p->code_bitmap);
596 p->code_bitmap = NULL;
598 p->code_write_count = 0;
601 /* set to NULL all the 'first_tb' fields in all PageDescs */
602 static void page_flush_tb(void)
607 for(i = 0; i < L1_SIZE; i++) {
610 for(j = 0; j < L2_SIZE; j++) {
612 invalidate_page_bitmap(p);
619 /* flush all the translation blocks */
620 /* XXX: tb_flush is currently not thread safe */
621 void tb_flush(CPUState *env1)
624 #if defined(DEBUG_FLUSH)
625 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
626 (unsigned long)(code_gen_ptr - code_gen_buffer),
628 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
630 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
631 cpu_abort(env1, "Internal error: code buffer overflow\n");
635 for(env = first_cpu; env != NULL; env = env->next_cpu) {
636 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
639 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
642 code_gen_ptr = code_gen_buffer;
643 /* XXX: flush processor icache at this point if cache flush is
648 #ifdef DEBUG_TB_CHECK
650 static void tb_invalidate_check(target_ulong address)
652 TranslationBlock *tb;
654 address &= TARGET_PAGE_MASK;
655 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
656 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
657 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
658 address >= tb->pc + tb->size)) {
659 printf("ERROR invalidate: address=" TARGET_FMT_lx
660 " PC=%08lx size=%04x\n",
661 address, (long)tb->pc, tb->size);
667 /* verify that all the pages have correct rights for code */
668 static void tb_page_check(void)
670 TranslationBlock *tb;
671 int i, flags1, flags2;
673 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
674 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
675 flags1 = page_get_flags(tb->pc);
676 flags2 = page_get_flags(tb->pc + tb->size - 1);
677 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
678 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
679 (long)tb->pc, tb->size, flags1, flags2);
687 /* invalidate one TB */
688 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
691 TranslationBlock *tb1;
695 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
698 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
702 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
704 TranslationBlock *tb1;
710 tb1 = (TranslationBlock *)((long)tb1 & ~3);
712 *ptb = tb1->page_next[n1];
715 ptb = &tb1->page_next[n1];
719 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
721 TranslationBlock *tb1, **ptb;
724 ptb = &tb->jmp_next[n];
727 /* find tb(n) in circular list */
731 tb1 = (TranslationBlock *)((long)tb1 & ~3);
732 if (n1 == n && tb1 == tb)
735 ptb = &tb1->jmp_first;
737 ptb = &tb1->jmp_next[n1];
740 /* now we can suppress tb(n) from the list */
741 *ptb = tb->jmp_next[n];
743 tb->jmp_next[n] = NULL;
747 /* reset the jump entry 'n' of a TB so that it is not chained to
749 static inline void tb_reset_jump(TranslationBlock *tb, int n)
751 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
754 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
759 target_phys_addr_t phys_pc;
760 TranslationBlock *tb1, *tb2;
762 /* remove the TB from the hash list */
763 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
764 h = tb_phys_hash_func(phys_pc);
765 tb_remove(&tb_phys_hash[h], tb,
766 offsetof(TranslationBlock, phys_hash_next));
768 /* remove the TB from the page list */
769 if (tb->page_addr[0] != page_addr) {
770 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
771 tb_page_remove(&p->first_tb, tb);
772 invalidate_page_bitmap(p);
774 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
775 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
776 tb_page_remove(&p->first_tb, tb);
777 invalidate_page_bitmap(p);
780 tb_invalidated_flag = 1;
782 /* remove the TB from the hash list */
783 h = tb_jmp_cache_hash_func(tb->pc);
784 for(env = first_cpu; env != NULL; env = env->next_cpu) {
785 if (env->tb_jmp_cache[h] == tb)
786 env->tb_jmp_cache[h] = NULL;
789 /* suppress this TB from the two jump lists */
790 tb_jmp_remove(tb, 0);
791 tb_jmp_remove(tb, 1);
793 /* suppress any remaining jumps to this TB */
799 tb1 = (TranslationBlock *)((long)tb1 & ~3);
800 tb2 = tb1->jmp_next[n1];
801 tb_reset_jump(tb1, n1);
802 tb1->jmp_next[n1] = NULL;
805 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
807 tb_phys_invalidate_count++;
810 static inline void set_bits(uint8_t *tab, int start, int len)
816 mask = 0xff << (start & 7);
817 if ((start & ~7) == (end & ~7)) {
819 mask &= ~(0xff << (end & 7));
824 start = (start + 8) & ~7;
826 while (start < end1) {
831 mask = ~(0xff << (end & 7));
837 static void build_page_bitmap(PageDesc *p)
839 int n, tb_start, tb_end;
840 TranslationBlock *tb;
842 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
847 tb = (TranslationBlock *)((long)tb & ~3);
848 /* NOTE: this is subtle as a TB may span two physical pages */
850 /* NOTE: tb_end may be after the end of the page, but
851 it is not a problem */
852 tb_start = tb->pc & ~TARGET_PAGE_MASK;
853 tb_end = tb_start + tb->size;
854 if (tb_end > TARGET_PAGE_SIZE)
855 tb_end = TARGET_PAGE_SIZE;
858 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
860 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
861 tb = tb->page_next[n];
865 TranslationBlock *tb_gen_code(CPUState *env,
866 target_ulong pc, target_ulong cs_base,
867 int flags, int cflags)
869 TranslationBlock *tb;
871 target_ulong phys_pc, phys_page2, virt_page2;
874 phys_pc = get_phys_addr_code(env, pc);
877 /* flush must be done */
879 /* cannot fail at this point */
881 /* Don't forget to invalidate previous TB info. */
882 tb_invalidated_flag = 1;
884 tc_ptr = code_gen_ptr;
886 tb->cs_base = cs_base;
889 cpu_gen_code(env, tb, &code_gen_size);
890 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
892 /* check next page if needed */
893 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
895 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
896 phys_page2 = get_phys_addr_code(env, virt_page2);
898 tb_link_phys(tb, phys_pc, phys_page2);
902 /* invalidate all TBs which intersect with the target physical page
903 starting in range [start;end[. NOTE: start and end must refer to
904 the same physical page. 'is_cpu_write_access' should be true if called
905 from a real cpu write access: the virtual CPU will exit the current
906 TB if code is modified inside this TB. */
907 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
908 int is_cpu_write_access)
910 TranslationBlock *tb, *tb_next, *saved_tb;
911 CPUState *env = cpu_single_env;
912 target_ulong tb_start, tb_end;
915 #ifdef TARGET_HAS_PRECISE_SMC
916 int current_tb_not_found = is_cpu_write_access;
917 TranslationBlock *current_tb = NULL;
918 int current_tb_modified = 0;
919 target_ulong current_pc = 0;
920 target_ulong current_cs_base = 0;
921 int current_flags = 0;
922 #endif /* TARGET_HAS_PRECISE_SMC */
924 p = page_find(start >> TARGET_PAGE_BITS);
927 if (!p->code_bitmap &&
928 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
929 is_cpu_write_access) {
930 /* build code bitmap */
931 build_page_bitmap(p);
934 /* we remove all the TBs in the range [start, end[ */
935 /* XXX: see if in some cases it could be faster to invalidate all the code */
939 tb = (TranslationBlock *)((long)tb & ~3);
940 tb_next = tb->page_next[n];
941 /* NOTE: this is subtle as a TB may span two physical pages */
943 /* NOTE: tb_end may be after the end of the page, but
944 it is not a problem */
945 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
946 tb_end = tb_start + tb->size;
948 tb_start = tb->page_addr[1];
949 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
951 if (!(tb_end <= start || tb_start >= end)) {
952 #ifdef TARGET_HAS_PRECISE_SMC
953 if (current_tb_not_found) {
954 current_tb_not_found = 0;
956 if (env->mem_io_pc) {
957 /* now we have a real cpu fault */
958 current_tb = tb_find_pc(env->mem_io_pc);
961 if (current_tb == tb &&
962 (current_tb->cflags & CF_COUNT_MASK) != 1) {
963 /* If we are modifying the current TB, we must stop
964 its execution. We could be more precise by checking
965 that the modification is after the current PC, but it
966 would require a specialized function to partially
967 restore the CPU state */
969 current_tb_modified = 1;
970 cpu_restore_state(current_tb, env,
971 env->mem_io_pc, NULL);
972 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
975 #endif /* TARGET_HAS_PRECISE_SMC */
976 /* we need to do that to handle the case where a signal
977 occurs while doing tb_phys_invalidate() */
980 saved_tb = env->current_tb;
981 env->current_tb = NULL;
983 tb_phys_invalidate(tb, -1);
985 env->current_tb = saved_tb;
986 if (env->interrupt_request && env->current_tb)
987 cpu_interrupt(env, env->interrupt_request);
992 #if !defined(CONFIG_USER_ONLY)
993 /* if no code remaining, no need to continue to use slow writes */
995 invalidate_page_bitmap(p);
996 if (is_cpu_write_access) {
997 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1001 #ifdef TARGET_HAS_PRECISE_SMC
1002 if (current_tb_modified) {
1003 /* we generate a block containing just the instruction
1004 modifying the memory. It will ensure that it cannot modify
1006 env->current_tb = NULL;
1007 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1008 cpu_resume_from_signal(env, NULL);
1013 /* len must be <= 8 and start must be a multiple of len */
1014 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1020 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1021 cpu_single_env->mem_io_vaddr, len,
1022 cpu_single_env->eip,
1023 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1026 p = page_find(start >> TARGET_PAGE_BITS);
1029 if (p->code_bitmap) {
1030 offset = start & ~TARGET_PAGE_MASK;
1031 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1032 if (b & ((1 << len) - 1))
1036 tb_invalidate_phys_page_range(start, start + len, 1);
1040 #if !defined(CONFIG_SOFTMMU)
1041 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1042 unsigned long pc, void *puc)
1044 TranslationBlock *tb;
1047 #ifdef TARGET_HAS_PRECISE_SMC
1048 TranslationBlock *current_tb = NULL;
1049 CPUState *env = cpu_single_env;
1050 int current_tb_modified = 0;
1051 target_ulong current_pc = 0;
1052 target_ulong current_cs_base = 0;
1053 int current_flags = 0;
1056 addr &= TARGET_PAGE_MASK;
1057 p = page_find(addr >> TARGET_PAGE_BITS);
1061 #ifdef TARGET_HAS_PRECISE_SMC
1062 if (tb && pc != 0) {
1063 current_tb = tb_find_pc(pc);
1066 while (tb != NULL) {
1068 tb = (TranslationBlock *)((long)tb & ~3);
1069 #ifdef TARGET_HAS_PRECISE_SMC
1070 if (current_tb == tb &&
1071 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1072 /* If we are modifying the current TB, we must stop
1073 its execution. We could be more precise by checking
1074 that the modification is after the current PC, but it
1075 would require a specialized function to partially
1076 restore the CPU state */
1078 current_tb_modified = 1;
1079 cpu_restore_state(current_tb, env, pc, puc);
1080 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1083 #endif /* TARGET_HAS_PRECISE_SMC */
1084 tb_phys_invalidate(tb, addr);
1085 tb = tb->page_next[n];
1088 #ifdef TARGET_HAS_PRECISE_SMC
1089 if (current_tb_modified) {
1090 /* we generate a block containing just the instruction
1091 modifying the memory. It will ensure that it cannot modify
1093 env->current_tb = NULL;
1094 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1095 cpu_resume_from_signal(env, puc);
1101 /* add the tb in the target page and protect it if necessary */
1102 static inline void tb_alloc_page(TranslationBlock *tb,
1103 unsigned int n, target_ulong page_addr)
1106 TranslationBlock *last_first_tb;
1108 tb->page_addr[n] = page_addr;
1109 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1110 tb->page_next[n] = p->first_tb;
1111 last_first_tb = p->first_tb;
1112 p->first_tb = (TranslationBlock *)((long)tb | n);
1113 invalidate_page_bitmap(p);
1115 #if defined(TARGET_HAS_SMC) || 1
1117 #if defined(CONFIG_USER_ONLY)
1118 if (p->flags & PAGE_WRITE) {
1123 /* force the host page as non writable (writes will have a
1124 page fault + mprotect overhead) */
1125 page_addr &= qemu_host_page_mask;
1127 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1128 addr += TARGET_PAGE_SIZE) {
1130 p2 = page_find (addr >> TARGET_PAGE_BITS);
1134 p2->flags &= ~PAGE_WRITE;
1135 page_get_flags(addr);
1137 mprotect(g2h(page_addr), qemu_host_page_size,
1138 (prot & PAGE_BITS) & ~PAGE_WRITE);
1139 #ifdef DEBUG_TB_INVALIDATE
1140 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1145 /* if some code is already present, then the pages are already
1146 protected. So we handle the case where only the first TB is
1147 allocated in a physical page */
1148 if (!last_first_tb) {
1149 tlb_protect_code(page_addr);
1153 #endif /* TARGET_HAS_SMC */
1156 /* Allocate a new translation block. Flush the translation buffer if
1157 too many translation blocks or too much generated code. */
1158 TranslationBlock *tb_alloc(target_ulong pc)
1160 TranslationBlock *tb;
1162 if (nb_tbs >= code_gen_max_blocks ||
1163 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1165 tb = &tbs[nb_tbs++];
1171 void tb_free(TranslationBlock *tb)
1173 /* In practice this is mostly used for single use temporary TB
1174 Ignore the hard cases and just back up if this TB happens to
1175 be the last one generated. */
1176 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1177 code_gen_ptr = tb->tc_ptr;
1182 /* add a new TB and link it to the physical page tables. phys_page2 is
1183 (-1) to indicate that only one page contains the TB. */
1184 void tb_link_phys(TranslationBlock *tb,
1185 target_ulong phys_pc, target_ulong phys_page2)
1188 TranslationBlock **ptb;
1190 /* Grab the mmap lock to stop another thread invalidating this TB
1191 before we are done. */
1193 /* add in the physical hash table */
1194 h = tb_phys_hash_func(phys_pc);
1195 ptb = &tb_phys_hash[h];
1196 tb->phys_hash_next = *ptb;
1199 /* add in the page list */
1200 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1201 if (phys_page2 != -1)
1202 tb_alloc_page(tb, 1, phys_page2);
1204 tb->page_addr[1] = -1;
1206 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1207 tb->jmp_next[0] = NULL;
1208 tb->jmp_next[1] = NULL;
1210 /* init original jump addresses */
1211 if (tb->tb_next_offset[0] != 0xffff)
1212 tb_reset_jump(tb, 0);
1213 if (tb->tb_next_offset[1] != 0xffff)
1214 tb_reset_jump(tb, 1);
1216 #ifdef DEBUG_TB_CHECK
1222 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1223 tb[1].tc_ptr. Return NULL if not found */
1224 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1226 int m_min, m_max, m;
1228 TranslationBlock *tb;
1232 if (tc_ptr < (unsigned long)code_gen_buffer ||
1233 tc_ptr >= (unsigned long)code_gen_ptr)
1235 /* binary search (cf Knuth) */
1238 while (m_min <= m_max) {
1239 m = (m_min + m_max) >> 1;
1241 v = (unsigned long)tb->tc_ptr;
1244 else if (tc_ptr < v) {
1253 static void tb_reset_jump_recursive(TranslationBlock *tb);
1255 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1257 TranslationBlock *tb1, *tb_next, **ptb;
1260 tb1 = tb->jmp_next[n];
1262 /* find head of list */
1265 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1268 tb1 = tb1->jmp_next[n1];
1270 /* we are now sure now that tb jumps to tb1 */
1273 /* remove tb from the jmp_first list */
1274 ptb = &tb_next->jmp_first;
1278 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1279 if (n1 == n && tb1 == tb)
1281 ptb = &tb1->jmp_next[n1];
1283 *ptb = tb->jmp_next[n];
1284 tb->jmp_next[n] = NULL;
1286 /* suppress the jump to next tb in generated code */
1287 tb_reset_jump(tb, n);
1289 /* suppress jumps in the tb on which we could have jumped */
1290 tb_reset_jump_recursive(tb_next);
1294 static void tb_reset_jump_recursive(TranslationBlock *tb)
1296 tb_reset_jump_recursive2(tb, 0);
1297 tb_reset_jump_recursive2(tb, 1);
1300 #if defined(TARGET_HAS_ICE)
1301 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1303 target_phys_addr_t addr;
1305 ram_addr_t ram_addr;
1308 addr = cpu_get_phys_page_debug(env, pc);
1309 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1311 pd = IO_MEM_UNASSIGNED;
1313 pd = p->phys_offset;
1315 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1316 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1320 /* Add a watchpoint. */
1321 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1322 int flags, CPUWatchpoint **watchpoint)
1324 target_ulong len_mask = ~(len - 1);
1327 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1328 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1329 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1330 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1333 wp = qemu_malloc(sizeof(*wp));
1336 wp->len_mask = len_mask;
1339 /* keep all GDB-injected watchpoints in front */
1341 TAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1343 TAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1345 tlb_flush_page(env, addr);
1352 /* Remove a specific watchpoint. */
1353 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1356 target_ulong len_mask = ~(len - 1);
1359 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1360 if (addr == wp->vaddr && len_mask == wp->len_mask
1361 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1362 cpu_watchpoint_remove_by_ref(env, wp);
1369 /* Remove a specific watchpoint by reference. */
1370 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1372 TAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1374 tlb_flush_page(env, watchpoint->vaddr);
1376 qemu_free(watchpoint);
1379 /* Remove all matching watchpoints. */
1380 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1382 CPUWatchpoint *wp, *next;
1384 TAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1385 if (wp->flags & mask)
1386 cpu_watchpoint_remove_by_ref(env, wp);
1390 /* Add a breakpoint. */
1391 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1392 CPUBreakpoint **breakpoint)
1394 #if defined(TARGET_HAS_ICE)
1397 bp = qemu_malloc(sizeof(*bp));
1402 /* keep all GDB-injected breakpoints in front */
1404 TAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1406 TAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1408 breakpoint_invalidate(env, pc);
1418 /* Remove a specific breakpoint. */
1419 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1421 #if defined(TARGET_HAS_ICE)
1424 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1425 if (bp->pc == pc && bp->flags == flags) {
1426 cpu_breakpoint_remove_by_ref(env, bp);
1436 /* Remove a specific breakpoint by reference. */
1437 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1439 #if defined(TARGET_HAS_ICE)
1440 TAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1442 breakpoint_invalidate(env, breakpoint->pc);
1444 qemu_free(breakpoint);
1448 /* Remove all matching breakpoints. */
1449 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1451 #if defined(TARGET_HAS_ICE)
1452 CPUBreakpoint *bp, *next;
1454 TAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1455 if (bp->flags & mask)
1456 cpu_breakpoint_remove_by_ref(env, bp);
1461 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1462 CPU loop after each instruction */
1463 void cpu_single_step(CPUState *env, int enabled)
1465 #if defined(TARGET_HAS_ICE)
1466 if (env->singlestep_enabled != enabled) {
1467 env->singlestep_enabled = enabled;
1469 kvm_update_guest_debug(env, 0);
1471 /* must flush all the translated code to avoid inconsistencies */
1472 /* XXX: only flush what is necessary */
1479 /* enable or disable low levels log */
1480 void cpu_set_log(int log_flags)
1482 loglevel = log_flags;
1483 if (loglevel && !logfile) {
1484 logfile = fopen(logfilename, log_append ? "a" : "w");
1486 perror(logfilename);
1489 #if !defined(CONFIG_SOFTMMU)
1490 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1492 static char logfile_buf[4096];
1493 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1495 #elif !defined(_WIN32)
1496 /* Win32 doesn't support line-buffering and requires size >= 2 */
1497 setvbuf(logfile, NULL, _IOLBF, 0);
1501 if (!loglevel && logfile) {
1507 void cpu_set_log_filename(const char *filename)
1509 logfilename = strdup(filename);
1514 cpu_set_log(loglevel);
1517 static void cpu_unlink_tb(CPUState *env)
1519 #if defined(CONFIG_USE_NPTL)
1520 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1521 problem and hope the cpu will stop of its own accord. For userspace
1522 emulation this often isn't actually as bad as it sounds. Often
1523 signals are used primarily to interrupt blocking syscalls. */
1525 TranslationBlock *tb;
1526 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1528 tb = env->current_tb;
1529 /* if the cpu is currently executing code, we must unlink it and
1530 all the potentially executing TB */
1531 if (tb && !testandset(&interrupt_lock)) {
1532 env->current_tb = NULL;
1533 tb_reset_jump_recursive(tb);
1534 resetlock(&interrupt_lock);
1539 /* mask must never be zero, except for A20 change call */
1540 void cpu_interrupt(CPUState *env, int mask)
1544 old_mask = env->interrupt_request;
1545 env->interrupt_request |= mask;
1547 #ifndef CONFIG_USER_ONLY
1549 * If called from iothread context, wake the target cpu in
1552 if (!qemu_cpu_self(env)) {
1559 env->icount_decr.u16.high = 0xffff;
1560 #ifndef CONFIG_USER_ONLY
1562 && (mask & ~old_mask) != 0) {
1563 cpu_abort(env, "Raised interrupt while not in I/O function");
1571 void cpu_reset_interrupt(CPUState *env, int mask)
1573 env->interrupt_request &= ~mask;
1576 void cpu_exit(CPUState *env)
1578 env->exit_request = 1;
1582 const CPULogItem cpu_log_items[] = {
1583 { CPU_LOG_TB_OUT_ASM, "out_asm",
1584 "show generated host assembly code for each compiled TB" },
1585 { CPU_LOG_TB_IN_ASM, "in_asm",
1586 "show target assembly code for each compiled TB" },
1587 { CPU_LOG_TB_OP, "op",
1588 "show micro ops for each compiled TB" },
1589 { CPU_LOG_TB_OP_OPT, "op_opt",
1592 "before eflags optimization and "
1594 "after liveness analysis" },
1595 { CPU_LOG_INT, "int",
1596 "show interrupts/exceptions in short format" },
1597 { CPU_LOG_EXEC, "exec",
1598 "show trace before each executed TB (lots of logs)" },
1599 { CPU_LOG_TB_CPU, "cpu",
1600 "show CPU state before block translation" },
1602 { CPU_LOG_PCALL, "pcall",
1603 "show protected mode far calls/returns/exceptions" },
1604 { CPU_LOG_RESET, "cpu_reset",
1605 "show CPU state before CPU resets" },
1608 { CPU_LOG_IOPORT, "ioport",
1609 "show all i/o ports accesses" },
1614 static int cmp1(const char *s1, int n, const char *s2)
1616 if (strlen(s2) != n)
1618 return memcmp(s1, s2, n) == 0;
1621 /* takes a comma separated list of log masks. Return 0 if error. */
1622 int cpu_str_to_log_mask(const char *str)
1624 const CPULogItem *item;
1631 p1 = strchr(p, ',');
1634 if(cmp1(p,p1-p,"all")) {
1635 for(item = cpu_log_items; item->mask != 0; item++) {
1639 for(item = cpu_log_items; item->mask != 0; item++) {
1640 if (cmp1(p, p1 - p, item->name))
1654 void cpu_abort(CPUState *env, const char *fmt, ...)
1661 fprintf(stderr, "qemu: fatal: ");
1662 vfprintf(stderr, fmt, ap);
1663 fprintf(stderr, "\n");
1665 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1667 cpu_dump_state(env, stderr, fprintf, 0);
1669 if (qemu_log_enabled()) {
1670 qemu_log("qemu: fatal: ");
1671 qemu_log_vprintf(fmt, ap2);
1674 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1676 log_cpu_state(env, 0);
1686 CPUState *cpu_copy(CPUState *env)
1688 CPUState *new_env = cpu_init(env->cpu_model_str);
1689 CPUState *next_cpu = new_env->next_cpu;
1690 int cpu_index = new_env->cpu_index;
1691 #if defined(TARGET_HAS_ICE)
1696 memcpy(new_env, env, sizeof(CPUState));
1698 /* Preserve chaining and index. */
1699 new_env->next_cpu = next_cpu;
1700 new_env->cpu_index = cpu_index;
1702 /* Clone all break/watchpoints.
1703 Note: Once we support ptrace with hw-debug register access, make sure
1704 BP_CPU break/watchpoints are handled correctly on clone. */
1705 TAILQ_INIT(&env->breakpoints);
1706 TAILQ_INIT(&env->watchpoints);
1707 #if defined(TARGET_HAS_ICE)
1708 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1709 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1711 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1712 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1720 #if !defined(CONFIG_USER_ONLY)
1722 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1726 /* Discard jump cache entries for any tb which might potentially
1727 overlap the flushed page. */
1728 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1729 memset (&env->tb_jmp_cache[i], 0,
1730 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1732 i = tb_jmp_cache_hash_page(addr);
1733 memset (&env->tb_jmp_cache[i], 0,
1734 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1737 static CPUTLBEntry s_cputlb_empty_entry = {
1744 /* NOTE: if flush_global is true, also flush global entries (not
1746 void tlb_flush(CPUState *env, int flush_global)
1750 #if defined(DEBUG_TLB)
1751 printf("tlb_flush:\n");
1753 /* must reset current TB so that interrupts cannot modify the
1754 links while we are modifying them */
1755 env->current_tb = NULL;
1757 for(i = 0; i < CPU_TLB_SIZE; i++) {
1759 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1760 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1764 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1767 if (env->kqemu_enabled) {
1768 kqemu_flush(env, flush_global);
1774 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1776 if (addr == (tlb_entry->addr_read &
1777 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1778 addr == (tlb_entry->addr_write &
1779 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1780 addr == (tlb_entry->addr_code &
1781 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1782 *tlb_entry = s_cputlb_empty_entry;
1786 void tlb_flush_page(CPUState *env, target_ulong addr)
1791 #if defined(DEBUG_TLB)
1792 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1794 /* must reset current TB so that interrupts cannot modify the
1795 links while we are modifying them */
1796 env->current_tb = NULL;
1798 addr &= TARGET_PAGE_MASK;
1799 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1800 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1801 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1803 tlb_flush_jmp_cache(env, addr);
1806 if (env->kqemu_enabled) {
1807 kqemu_flush_page(env, addr);
1812 /* update the TLBs so that writes to code in the virtual page 'addr'
1814 static void tlb_protect_code(ram_addr_t ram_addr)
1816 cpu_physical_memory_reset_dirty(ram_addr,
1817 ram_addr + TARGET_PAGE_SIZE,
1821 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1822 tested for self modifying code */
1823 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1826 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1829 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1830 unsigned long start, unsigned long length)
1833 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1834 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1835 if ((addr - start) < length) {
1836 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1841 /* Note: start and end must be within the same ram block. */
1842 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1846 unsigned long length, start1;
1850 start &= TARGET_PAGE_MASK;
1851 end = TARGET_PAGE_ALIGN(end);
1853 length = end - start;
1856 len = length >> TARGET_PAGE_BITS;
1858 /* XXX: should not depend on cpu context */
1860 if (env->kqemu_enabled) {
1863 for(i = 0; i < len; i++) {
1864 kqemu_set_notdirty(env, addr);
1865 addr += TARGET_PAGE_SIZE;
1869 mask = ~dirty_flags;
1870 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1871 for(i = 0; i < len; i++)
1874 /* we modify the TLB cache so that the dirty bit will be set again
1875 when accessing the range */
1876 start1 = (unsigned long)qemu_get_ram_ptr(start);
1877 /* Chek that we don't span multiple blocks - this breaks the
1878 address comparisons below. */
1879 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
1880 != (end - 1) - start) {
1884 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1886 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1887 for(i = 0; i < CPU_TLB_SIZE; i++)
1888 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
1894 int cpu_physical_memory_set_dirty_tracking(int enable)
1896 in_migration = enable;
1897 if (kvm_enabled()) {
1898 return kvm_set_migration_log(enable);
1903 int cpu_physical_memory_get_dirty_tracking(void)
1905 return in_migration;
1908 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
1909 target_phys_addr_t end_addr)
1914 ret = kvm_physical_sync_dirty_bitmap(start_addr, end_addr);
1918 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1920 ram_addr_t ram_addr;
1923 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1924 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
1925 + tlb_entry->addend);
1926 ram_addr = qemu_ram_addr_from_host(p);
1927 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1928 tlb_entry->addr_write |= TLB_NOTDIRTY;
1933 /* update the TLB according to the current state of the dirty bits */
1934 void cpu_tlb_update_dirty(CPUState *env)
1938 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1939 for(i = 0; i < CPU_TLB_SIZE; i++)
1940 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
1944 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1946 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1947 tlb_entry->addr_write = vaddr;
1950 /* update the TLB corresponding to virtual page vaddr
1951 so that it is no longer dirty */
1952 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1957 vaddr &= TARGET_PAGE_MASK;
1958 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1959 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1960 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
1963 /* add a new TLB entry. At most one entry for a given virtual address
1964 is permitted. Return 0 if OK or 2 if the page could not be mapped
1965 (can only happen in non SOFTMMU mode for I/O pages or pages
1966 conflicting with the host address space). */
1967 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1968 target_phys_addr_t paddr, int prot,
1969 int mmu_idx, int is_softmmu)
1974 target_ulong address;
1975 target_ulong code_address;
1976 target_phys_addr_t addend;
1980 target_phys_addr_t iotlb;
1982 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1984 pd = IO_MEM_UNASSIGNED;
1986 pd = p->phys_offset;
1988 #if defined(DEBUG_TLB)
1989 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1990 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1995 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1996 /* IO memory case (romd handled later) */
1997 address |= TLB_MMIO;
1999 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2000 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2002 iotlb = pd & TARGET_PAGE_MASK;
2003 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2004 iotlb |= IO_MEM_NOTDIRTY;
2006 iotlb |= IO_MEM_ROM;
2008 /* IO handlers are currently passed a physical address.
2009 It would be nice to pass an offset from the base address
2010 of that region. This would avoid having to special case RAM,
2011 and avoid full address decoding in every device.
2012 We can't use the high bits of pd for this because
2013 IO_MEM_ROMD uses these as a ram address. */
2014 iotlb = (pd & ~TARGET_PAGE_MASK);
2016 iotlb += p->region_offset;
2022 code_address = address;
2023 /* Make accesses to pages with watchpoints go via the
2024 watchpoint trap routines. */
2025 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2026 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2027 iotlb = io_mem_watch + paddr;
2028 /* TODO: The memory case can be optimized by not trapping
2029 reads of pages with a write breakpoint. */
2030 address |= TLB_MMIO;
2034 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2035 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2036 te = &env->tlb_table[mmu_idx][index];
2037 te->addend = addend - vaddr;
2038 if (prot & PAGE_READ) {
2039 te->addr_read = address;
2044 if (prot & PAGE_EXEC) {
2045 te->addr_code = code_address;
2049 if (prot & PAGE_WRITE) {
2050 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2051 (pd & IO_MEM_ROMD)) {
2052 /* Write access calls the I/O callback. */
2053 te->addr_write = address | TLB_MMIO;
2054 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2055 !cpu_physical_memory_is_dirty(pd)) {
2056 te->addr_write = address | TLB_NOTDIRTY;
2058 te->addr_write = address;
2061 te->addr_write = -1;
2068 void tlb_flush(CPUState *env, int flush_global)
2072 void tlb_flush_page(CPUState *env, target_ulong addr)
2076 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2077 target_phys_addr_t paddr, int prot,
2078 int mmu_idx, int is_softmmu)
2084 * Walks guest process memory "regions" one by one
2085 * and calls callback function 'fn' for each region.
2087 int walk_memory_regions(void *priv,
2088 int (*fn)(void *, unsigned long, unsigned long, unsigned long))
2090 unsigned long start, end;
2092 int i, j, prot, prot1;
2098 for (i = 0; i <= L1_SIZE; i++) {
2099 p = (i < L1_SIZE) ? l1_map[i] : NULL;
2100 for (j = 0; j < L2_SIZE; j++) {
2101 prot1 = (p == NULL) ? 0 : p[j].flags;
2103 * "region" is one continuous chunk of memory
2104 * that has same protection flags set.
2106 if (prot1 != prot) {
2107 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2109 rc = (*fn)(priv, start, end, prot);
2110 /* callback can stop iteration by returning != 0 */
2127 static int dump_region(void *priv, unsigned long start,
2128 unsigned long end, unsigned long prot)
2130 FILE *f = (FILE *)priv;
2132 (void) fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2133 start, end, end - start,
2134 ((prot & PAGE_READ) ? 'r' : '-'),
2135 ((prot & PAGE_WRITE) ? 'w' : '-'),
2136 ((prot & PAGE_EXEC) ? 'x' : '-'));
2141 /* dump memory mappings */
2142 void page_dump(FILE *f)
2144 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2145 "start", "end", "size", "prot");
2146 walk_memory_regions(f, dump_region);
2149 int page_get_flags(target_ulong address)
2153 p = page_find(address >> TARGET_PAGE_BITS);
2159 /* modify the flags of a page and invalidate the code if
2160 necessary. The flag PAGE_WRITE_ORG is positioned automatically
2161 depending on PAGE_WRITE */
2162 void page_set_flags(target_ulong start, target_ulong end, int flags)
2167 /* mmap_lock should already be held. */
2168 start = start & TARGET_PAGE_MASK;
2169 end = TARGET_PAGE_ALIGN(end);
2170 if (flags & PAGE_WRITE)
2171 flags |= PAGE_WRITE_ORG;
2172 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2173 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2174 /* We may be called for host regions that are outside guest
2178 /* if the write protection is set, then we invalidate the code
2180 if (!(p->flags & PAGE_WRITE) &&
2181 (flags & PAGE_WRITE) &&
2183 tb_invalidate_phys_page(addr, 0, NULL);
2189 int page_check_range(target_ulong start, target_ulong len, int flags)
2195 if (start + len < start)
2196 /* we've wrapped around */
2199 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2200 start = start & TARGET_PAGE_MASK;
2202 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2203 p = page_find(addr >> TARGET_PAGE_BITS);
2206 if( !(p->flags & PAGE_VALID) )
2209 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2211 if (flags & PAGE_WRITE) {
2212 if (!(p->flags & PAGE_WRITE_ORG))
2214 /* unprotect the page if it was put read-only because it
2215 contains translated code */
2216 if (!(p->flags & PAGE_WRITE)) {
2217 if (!page_unprotect(addr, 0, NULL))
2226 /* called from signal handler: invalidate the code and unprotect the
2227 page. Return TRUE if the fault was successfully handled. */
2228 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2230 unsigned int page_index, prot, pindex;
2232 target_ulong host_start, host_end, addr;
2234 /* Technically this isn't safe inside a signal handler. However we
2235 know this only ever happens in a synchronous SEGV handler, so in
2236 practice it seems to be ok. */
2239 host_start = address & qemu_host_page_mask;
2240 page_index = host_start >> TARGET_PAGE_BITS;
2241 p1 = page_find(page_index);
2246 host_end = host_start + qemu_host_page_size;
2249 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2253 /* if the page was really writable, then we change its
2254 protection back to writable */
2255 if (prot & PAGE_WRITE_ORG) {
2256 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2257 if (!(p1[pindex].flags & PAGE_WRITE)) {
2258 mprotect((void *)g2h(host_start), qemu_host_page_size,
2259 (prot & PAGE_BITS) | PAGE_WRITE);
2260 p1[pindex].flags |= PAGE_WRITE;
2261 /* and since the content will be modified, we must invalidate
2262 the corresponding translated code. */
2263 tb_invalidate_phys_page(address, pc, puc);
2264 #ifdef DEBUG_TB_CHECK
2265 tb_invalidate_check(address);
2275 static inline void tlb_set_dirty(CPUState *env,
2276 unsigned long addr, target_ulong vaddr)
2279 #endif /* defined(CONFIG_USER_ONLY) */
2281 #if !defined(CONFIG_USER_ONLY)
2283 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2284 ram_addr_t memory, ram_addr_t region_offset);
2285 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2286 ram_addr_t orig_memory, ram_addr_t region_offset);
2287 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2290 if (addr > start_addr) \
2293 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2294 if (start_addr2 > 0) \
2298 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2299 end_addr2 = TARGET_PAGE_SIZE - 1; \
2301 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2302 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2307 /* register physical memory. 'size' must be a multiple of the target
2308 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2309 io memory page. The address used when calling the IO function is
2310 the offset from the start of the region, plus region_offset. Both
2311 start_addr and region_offset are rounded down to a page boundary
2312 before calculating this offset. This should not be a problem unless
2313 the low bits of start_addr and region_offset differ. */
2314 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2316 ram_addr_t phys_offset,
2317 ram_addr_t region_offset)
2319 target_phys_addr_t addr, end_addr;
2322 ram_addr_t orig_size = size;
2326 /* XXX: should not depend on cpu context */
2328 if (env->kqemu_enabled) {
2329 kqemu_set_phys_mem(start_addr, size, phys_offset);
2333 kvm_set_phys_mem(start_addr, size, phys_offset);
2335 if (phys_offset == IO_MEM_UNASSIGNED) {
2336 region_offset = start_addr;
2338 region_offset &= TARGET_PAGE_MASK;
2339 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2340 end_addr = start_addr + (target_phys_addr_t)size;
2341 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2342 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2343 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2344 ram_addr_t orig_memory = p->phys_offset;
2345 target_phys_addr_t start_addr2, end_addr2;
2346 int need_subpage = 0;
2348 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2350 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2351 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2352 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2353 &p->phys_offset, orig_memory,
2356 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2359 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2361 p->region_offset = 0;
2363 p->phys_offset = phys_offset;
2364 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2365 (phys_offset & IO_MEM_ROMD))
2366 phys_offset += TARGET_PAGE_SIZE;
2369 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2370 p->phys_offset = phys_offset;
2371 p->region_offset = region_offset;
2372 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2373 (phys_offset & IO_MEM_ROMD)) {
2374 phys_offset += TARGET_PAGE_SIZE;
2376 target_phys_addr_t start_addr2, end_addr2;
2377 int need_subpage = 0;
2379 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2380 end_addr2, need_subpage);
2382 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2383 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2384 &p->phys_offset, IO_MEM_UNASSIGNED,
2385 addr & TARGET_PAGE_MASK);
2386 subpage_register(subpage, start_addr2, end_addr2,
2387 phys_offset, region_offset);
2388 p->region_offset = 0;
2392 region_offset += TARGET_PAGE_SIZE;
2395 /* since each CPU stores ram addresses in its TLB cache, we must
2396 reset the modified entries */
2398 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2403 /* XXX: temporary until new memory mapping API */
2404 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2408 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2410 return IO_MEM_UNASSIGNED;
2411 return p->phys_offset;
2414 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2417 kvm_coalesce_mmio_region(addr, size);
2420 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2423 kvm_uncoalesce_mmio_region(addr, size);
2427 /* XXX: better than nothing */
2428 static ram_addr_t kqemu_ram_alloc(ram_addr_t size)
2431 if ((last_ram_offset + size) > kqemu_phys_ram_size) {
2432 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2433 (uint64_t)size, (uint64_t)kqemu_phys_ram_size);
2436 addr = last_ram_offset;
2437 last_ram_offset = TARGET_PAGE_ALIGN(last_ram_offset + size);
2442 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2444 RAMBlock *new_block;
2447 if (kqemu_phys_ram_base) {
2448 return kqemu_ram_alloc(size);
2452 size = TARGET_PAGE_ALIGN(size);
2453 new_block = qemu_malloc(sizeof(*new_block));
2455 new_block->host = qemu_vmalloc(size);
2456 new_block->offset = last_ram_offset;
2457 new_block->length = size;
2459 new_block->next = ram_blocks;
2460 ram_blocks = new_block;
2462 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2463 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2464 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2465 0xff, size >> TARGET_PAGE_BITS);
2467 last_ram_offset += size;
2470 kvm_setup_guest_memory(new_block->host, size);
2472 return new_block->offset;
2475 void qemu_ram_free(ram_addr_t addr)
2477 /* TODO: implement this. */
2480 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2481 With the exception of the softmmu code in this file, this should
2482 only be used for local memory (e.g. video ram) that the device owns,
2483 and knows it isn't going to access beyond the end of the block.
2485 It should not be used for general purpose DMA.
2486 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2488 void *qemu_get_ram_ptr(ram_addr_t addr)
2495 if (kqemu_phys_ram_base) {
2496 return kqemu_phys_ram_base + addr;
2501 prevp = &ram_blocks;
2503 while (block && (block->offset > addr
2504 || block->offset + block->length <= addr)) {
2506 prevp = &prev->next;
2508 block = block->next;
2511 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2514 /* Move this entry to to start of the list. */
2516 prev->next = block->next;
2517 block->next = *prevp;
2520 return block->host + (addr - block->offset);
2523 /* Some of the softmmu routines need to translate from a host pointer
2524 (typically a TLB entry) back to a ram offset. */
2525 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2530 uint8_t *host = ptr;
2533 if (kqemu_phys_ram_base) {
2534 return host - kqemu_phys_ram_base;
2539 prevp = &ram_blocks;
2541 while (block && (block->host > host
2542 || block->host + block->length <= host)) {
2544 prevp = &prev->next;
2546 block = block->next;
2549 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2552 return block->offset + (host - block->host);
2555 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2557 #ifdef DEBUG_UNASSIGNED
2558 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2560 #if defined(TARGET_SPARC)
2561 do_unassigned_access(addr, 0, 0, 0, 1);
2566 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2568 #ifdef DEBUG_UNASSIGNED
2569 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2571 #if defined(TARGET_SPARC)
2572 do_unassigned_access(addr, 0, 0, 0, 2);
2577 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2579 #ifdef DEBUG_UNASSIGNED
2580 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2582 #if defined(TARGET_SPARC)
2583 do_unassigned_access(addr, 0, 0, 0, 4);
2588 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2590 #ifdef DEBUG_UNASSIGNED
2591 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2593 #if defined(TARGET_SPARC)
2594 do_unassigned_access(addr, 1, 0, 0, 1);
2598 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2600 #ifdef DEBUG_UNASSIGNED
2601 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2603 #if defined(TARGET_SPARC)
2604 do_unassigned_access(addr, 1, 0, 0, 2);
2608 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2610 #ifdef DEBUG_UNASSIGNED
2611 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2613 #if defined(TARGET_SPARC)
2614 do_unassigned_access(addr, 1, 0, 0, 4);
2618 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2619 unassigned_mem_readb,
2620 unassigned_mem_readw,
2621 unassigned_mem_readl,
2624 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2625 unassigned_mem_writeb,
2626 unassigned_mem_writew,
2627 unassigned_mem_writel,
2630 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2634 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2635 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2636 #if !defined(CONFIG_USER_ONLY)
2637 tb_invalidate_phys_page_fast(ram_addr, 1);
2638 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2641 stb_p(qemu_get_ram_ptr(ram_addr), val);
2643 if (cpu_single_env->kqemu_enabled &&
2644 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2645 kqemu_modify_page(cpu_single_env, ram_addr);
2647 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2648 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2649 /* we remove the notdirty callback only if the code has been
2651 if (dirty_flags == 0xff)
2652 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2655 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2659 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2660 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2661 #if !defined(CONFIG_USER_ONLY)
2662 tb_invalidate_phys_page_fast(ram_addr, 2);
2663 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2666 stw_p(qemu_get_ram_ptr(ram_addr), val);
2668 if (cpu_single_env->kqemu_enabled &&
2669 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2670 kqemu_modify_page(cpu_single_env, ram_addr);
2672 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2673 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2674 /* we remove the notdirty callback only if the code has been
2676 if (dirty_flags == 0xff)
2677 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2680 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2684 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2685 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2686 #if !defined(CONFIG_USER_ONLY)
2687 tb_invalidate_phys_page_fast(ram_addr, 4);
2688 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2691 stl_p(qemu_get_ram_ptr(ram_addr), val);
2693 if (cpu_single_env->kqemu_enabled &&
2694 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2695 kqemu_modify_page(cpu_single_env, ram_addr);
2697 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2698 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2699 /* we remove the notdirty callback only if the code has been
2701 if (dirty_flags == 0xff)
2702 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2705 static CPUReadMemoryFunc *error_mem_read[3] = {
2706 NULL, /* never used */
2707 NULL, /* never used */
2708 NULL, /* never used */
2711 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2712 notdirty_mem_writeb,
2713 notdirty_mem_writew,
2714 notdirty_mem_writel,
2717 /* Generate a debug exception if a watchpoint has been hit. */
2718 static void check_watchpoint(int offset, int len_mask, int flags)
2720 CPUState *env = cpu_single_env;
2721 target_ulong pc, cs_base;
2722 TranslationBlock *tb;
2727 if (env->watchpoint_hit) {
2728 /* We re-entered the check after replacing the TB. Now raise
2729 * the debug interrupt so that is will trigger after the
2730 * current instruction. */
2731 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2734 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2735 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2736 if ((vaddr == (wp->vaddr & len_mask) ||
2737 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2738 wp->flags |= BP_WATCHPOINT_HIT;
2739 if (!env->watchpoint_hit) {
2740 env->watchpoint_hit = wp;
2741 tb = tb_find_pc(env->mem_io_pc);
2743 cpu_abort(env, "check_watchpoint: could not find TB for "
2744 "pc=%p", (void *)env->mem_io_pc);
2746 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2747 tb_phys_invalidate(tb, -1);
2748 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2749 env->exception_index = EXCP_DEBUG;
2751 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2752 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2754 cpu_resume_from_signal(env, NULL);
2757 wp->flags &= ~BP_WATCHPOINT_HIT;
2762 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2763 so these check for a hit then pass through to the normal out-of-line
2765 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2767 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2768 return ldub_phys(addr);
2771 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2773 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2774 return lduw_phys(addr);
2777 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2779 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2780 return ldl_phys(addr);
2783 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2786 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2787 stb_phys(addr, val);
2790 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2793 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2794 stw_phys(addr, val);
2797 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2800 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2801 stl_phys(addr, val);
2804 static CPUReadMemoryFunc *watch_mem_read[3] = {
2810 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2816 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2822 idx = SUBPAGE_IDX(addr);
2823 #if defined(DEBUG_SUBPAGE)
2824 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2825 mmio, len, addr, idx);
2827 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2828 addr + mmio->region_offset[idx][0][len]);
2833 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2834 uint32_t value, unsigned int len)
2838 idx = SUBPAGE_IDX(addr);
2839 #if defined(DEBUG_SUBPAGE)
2840 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2841 mmio, len, addr, idx, value);
2843 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2844 addr + mmio->region_offset[idx][1][len],
2848 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2850 #if defined(DEBUG_SUBPAGE)
2851 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2854 return subpage_readlen(opaque, addr, 0);
2857 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2860 #if defined(DEBUG_SUBPAGE)
2861 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2863 subpage_writelen(opaque, addr, value, 0);
2866 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2868 #if defined(DEBUG_SUBPAGE)
2869 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2872 return subpage_readlen(opaque, addr, 1);
2875 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2878 #if defined(DEBUG_SUBPAGE)
2879 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2881 subpage_writelen(opaque, addr, value, 1);
2884 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2886 #if defined(DEBUG_SUBPAGE)
2887 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2890 return subpage_readlen(opaque, addr, 2);
2893 static void subpage_writel (void *opaque,
2894 target_phys_addr_t addr, uint32_t value)
2896 #if defined(DEBUG_SUBPAGE)
2897 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2899 subpage_writelen(opaque, addr, value, 2);
2902 static CPUReadMemoryFunc *subpage_read[] = {
2908 static CPUWriteMemoryFunc *subpage_write[] = {
2914 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2915 ram_addr_t memory, ram_addr_t region_offset)
2920 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2922 idx = SUBPAGE_IDX(start);
2923 eidx = SUBPAGE_IDX(end);
2924 #if defined(DEBUG_SUBPAGE)
2925 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
2926 mmio, start, end, idx, eidx, memory);
2928 memory >>= IO_MEM_SHIFT;
2929 for (; idx <= eidx; idx++) {
2930 for (i = 0; i < 4; i++) {
2931 if (io_mem_read[memory][i]) {
2932 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2933 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2934 mmio->region_offset[idx][0][i] = region_offset;
2936 if (io_mem_write[memory][i]) {
2937 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2938 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2939 mmio->region_offset[idx][1][i] = region_offset;
2947 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2948 ram_addr_t orig_memory, ram_addr_t region_offset)
2953 mmio = qemu_mallocz(sizeof(subpage_t));
2956 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
2957 #if defined(DEBUG_SUBPAGE)
2958 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2959 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2961 *phys = subpage_memory | IO_MEM_SUBPAGE;
2962 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
2968 static int get_free_io_mem_idx(void)
2972 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
2973 if (!io_mem_used[i]) {
2981 /* mem_read and mem_write are arrays of functions containing the
2982 function to access byte (index 0), word (index 1) and dword (index
2983 2). Functions can be omitted with a NULL function pointer.
2984 If io_index is non zero, the corresponding io zone is
2985 modified. If it is zero, a new io zone is allocated. The return
2986 value can be used with cpu_register_physical_memory(). (-1) is
2987 returned if error. */
2988 static int cpu_register_io_memory_fixed(int io_index,
2989 CPUReadMemoryFunc **mem_read,
2990 CPUWriteMemoryFunc **mem_write,
2993 int i, subwidth = 0;
2995 if (io_index <= 0) {
2996 io_index = get_free_io_mem_idx();
3000 io_index >>= IO_MEM_SHIFT;
3001 if (io_index >= IO_MEM_NB_ENTRIES)
3005 for(i = 0;i < 3; i++) {
3006 if (!mem_read[i] || !mem_write[i])
3007 subwidth = IO_MEM_SUBWIDTH;
3008 io_mem_read[io_index][i] = mem_read[i];
3009 io_mem_write[io_index][i] = mem_write[i];
3011 io_mem_opaque[io_index] = opaque;
3012 return (io_index << IO_MEM_SHIFT) | subwidth;
3015 int cpu_register_io_memory(CPUReadMemoryFunc **mem_read,
3016 CPUWriteMemoryFunc **mem_write,
3019 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3022 void cpu_unregister_io_memory(int io_table_address)
3025 int io_index = io_table_address >> IO_MEM_SHIFT;
3027 for (i=0;i < 3; i++) {
3028 io_mem_read[io_index][i] = unassigned_mem_read[i];
3029 io_mem_write[io_index][i] = unassigned_mem_write[i];
3031 io_mem_opaque[io_index] = NULL;
3032 io_mem_used[io_index] = 0;
3035 static void io_mem_init(void)
3039 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3040 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3041 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3045 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3046 watch_mem_write, NULL);
3048 if (kqemu_phys_ram_base) {
3049 /* alloc dirty bits array */
3050 phys_ram_dirty = qemu_vmalloc(kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3051 memset(phys_ram_dirty, 0xff, kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3056 #endif /* !defined(CONFIG_USER_ONLY) */
3058 /* physical memory access (slow version, mainly for debug) */
3059 #if defined(CONFIG_USER_ONLY)
3060 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3061 int len, int is_write)
3068 page = addr & TARGET_PAGE_MASK;
3069 l = (page + TARGET_PAGE_SIZE) - addr;
3072 flags = page_get_flags(page);
3073 if (!(flags & PAGE_VALID))
3076 if (!(flags & PAGE_WRITE))
3078 /* XXX: this code should not depend on lock_user */
3079 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3080 /* FIXME - should this return an error rather than just fail? */
3083 unlock_user(p, addr, l);
3085 if (!(flags & PAGE_READ))
3087 /* XXX: this code should not depend on lock_user */
3088 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3089 /* FIXME - should this return an error rather than just fail? */
3092 unlock_user(p, addr, 0);
3101 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3102 int len, int is_write)
3107 target_phys_addr_t page;
3112 page = addr & TARGET_PAGE_MASK;
3113 l = (page + TARGET_PAGE_SIZE) - addr;
3116 p = phys_page_find(page >> TARGET_PAGE_BITS);
3118 pd = IO_MEM_UNASSIGNED;
3120 pd = p->phys_offset;
3124 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3125 target_phys_addr_t addr1 = addr;
3126 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3128 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3129 /* XXX: could force cpu_single_env to NULL to avoid
3131 if (l >= 4 && ((addr1 & 3) == 0)) {
3132 /* 32 bit write access */
3134 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3136 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3137 /* 16 bit write access */
3139 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3142 /* 8 bit write access */
3144 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3148 unsigned long addr1;
3149 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3151 ptr = qemu_get_ram_ptr(addr1);
3152 memcpy(ptr, buf, l);
3153 if (!cpu_physical_memory_is_dirty(addr1)) {
3154 /* invalidate code */
3155 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3157 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3158 (0xff & ~CODE_DIRTY_FLAG);
3162 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3163 !(pd & IO_MEM_ROMD)) {
3164 target_phys_addr_t addr1 = addr;
3166 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3168 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3169 if (l >= 4 && ((addr1 & 3) == 0)) {
3170 /* 32 bit read access */
3171 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3174 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3175 /* 16 bit read access */
3176 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3180 /* 8 bit read access */
3181 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3187 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3188 (addr & ~TARGET_PAGE_MASK);
3189 memcpy(buf, ptr, l);
3198 /* used for ROM loading : can write in RAM and ROM */
3199 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3200 const uint8_t *buf, int len)
3204 target_phys_addr_t page;
3209 page = addr & TARGET_PAGE_MASK;
3210 l = (page + TARGET_PAGE_SIZE) - addr;
3213 p = phys_page_find(page >> TARGET_PAGE_BITS);
3215 pd = IO_MEM_UNASSIGNED;
3217 pd = p->phys_offset;
3220 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3221 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3222 !(pd & IO_MEM_ROMD)) {
3225 unsigned long addr1;
3226 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3228 ptr = qemu_get_ram_ptr(addr1);
3229 memcpy(ptr, buf, l);
3239 target_phys_addr_t addr;
3240 target_phys_addr_t len;
3243 static BounceBuffer bounce;
3245 typedef struct MapClient {
3247 void (*callback)(void *opaque);
3248 LIST_ENTRY(MapClient) link;
3251 static LIST_HEAD(map_client_list, MapClient) map_client_list
3252 = LIST_HEAD_INITIALIZER(map_client_list);
3254 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3256 MapClient *client = qemu_malloc(sizeof(*client));
3258 client->opaque = opaque;
3259 client->callback = callback;
3260 LIST_INSERT_HEAD(&map_client_list, client, link);
3264 void cpu_unregister_map_client(void *_client)
3266 MapClient *client = (MapClient *)_client;
3268 LIST_REMOVE(client, link);
3272 static void cpu_notify_map_clients(void)
3276 while (!LIST_EMPTY(&map_client_list)) {
3277 client = LIST_FIRST(&map_client_list);
3278 client->callback(client->opaque);
3279 cpu_unregister_map_client(client);
3283 /* Map a physical memory region into a host virtual address.
3284 * May map a subset of the requested range, given by and returned in *plen.
3285 * May return NULL if resources needed to perform the mapping are exhausted.
3286 * Use only for reads OR writes - not for read-modify-write operations.
3287 * Use cpu_register_map_client() to know when retrying the map operation is
3288 * likely to succeed.
3290 void *cpu_physical_memory_map(target_phys_addr_t addr,
3291 target_phys_addr_t *plen,
3294 target_phys_addr_t len = *plen;
3295 target_phys_addr_t done = 0;
3297 uint8_t *ret = NULL;
3299 target_phys_addr_t page;
3302 unsigned long addr1;
3305 page = addr & TARGET_PAGE_MASK;
3306 l = (page + TARGET_PAGE_SIZE) - addr;
3309 p = phys_page_find(page >> TARGET_PAGE_BITS);
3311 pd = IO_MEM_UNASSIGNED;
3313 pd = p->phys_offset;
3316 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3317 if (done || bounce.buffer) {
3320 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3324 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3326 ptr = bounce.buffer;
3328 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3329 ptr = qemu_get_ram_ptr(addr1);
3333 } else if (ret + done != ptr) {
3345 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3346 * Will also mark the memory as dirty if is_write == 1. access_len gives
3347 * the amount of memory that was actually read or written by the caller.
3349 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3350 int is_write, target_phys_addr_t access_len)
3352 if (buffer != bounce.buffer) {
3354 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3355 while (access_len) {
3357 l = TARGET_PAGE_SIZE;
3360 if (!cpu_physical_memory_is_dirty(addr1)) {
3361 /* invalidate code */
3362 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3364 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3365 (0xff & ~CODE_DIRTY_FLAG);
3374 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3376 qemu_free(bounce.buffer);
3377 bounce.buffer = NULL;
3378 cpu_notify_map_clients();
3381 /* warning: addr must be aligned */
3382 uint32_t ldl_phys(target_phys_addr_t addr)
3390 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3392 pd = IO_MEM_UNASSIGNED;
3394 pd = p->phys_offset;
3397 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3398 !(pd & IO_MEM_ROMD)) {
3400 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3402 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3403 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3406 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3407 (addr & ~TARGET_PAGE_MASK);
3413 /* warning: addr must be aligned */
3414 uint64_t ldq_phys(target_phys_addr_t addr)
3422 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3424 pd = IO_MEM_UNASSIGNED;
3426 pd = p->phys_offset;
3429 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3430 !(pd & IO_MEM_ROMD)) {
3432 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3434 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3435 #ifdef TARGET_WORDS_BIGENDIAN
3436 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3437 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3439 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3440 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3444 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3445 (addr & ~TARGET_PAGE_MASK);
3452 uint32_t ldub_phys(target_phys_addr_t addr)
3455 cpu_physical_memory_read(addr, &val, 1);
3460 uint32_t lduw_phys(target_phys_addr_t addr)
3463 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3464 return tswap16(val);
3467 /* warning: addr must be aligned. The ram page is not masked as dirty
3468 and the code inside is not invalidated. It is useful if the dirty
3469 bits are used to track modified PTEs */
3470 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3477 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3479 pd = IO_MEM_UNASSIGNED;
3481 pd = p->phys_offset;
3484 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3485 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3487 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3488 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3490 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3491 ptr = qemu_get_ram_ptr(addr1);
3494 if (unlikely(in_migration)) {
3495 if (!cpu_physical_memory_is_dirty(addr1)) {
3496 /* invalidate code */
3497 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3499 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3500 (0xff & ~CODE_DIRTY_FLAG);
3506 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3513 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3515 pd = IO_MEM_UNASSIGNED;
3517 pd = p->phys_offset;
3520 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3521 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3523 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3524 #ifdef TARGET_WORDS_BIGENDIAN
3525 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3526 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3528 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3529 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3532 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3533 (addr & ~TARGET_PAGE_MASK);
3538 /* warning: addr must be aligned */
3539 void stl_phys(target_phys_addr_t addr, uint32_t val)
3546 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3548 pd = IO_MEM_UNASSIGNED;
3550 pd = p->phys_offset;
3553 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3554 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3556 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3557 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3559 unsigned long addr1;
3560 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3562 ptr = qemu_get_ram_ptr(addr1);
3564 if (!cpu_physical_memory_is_dirty(addr1)) {
3565 /* invalidate code */
3566 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3568 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3569 (0xff & ~CODE_DIRTY_FLAG);
3575 void stb_phys(target_phys_addr_t addr, uint32_t val)
3578 cpu_physical_memory_write(addr, &v, 1);
3582 void stw_phys(target_phys_addr_t addr, uint32_t val)
3584 uint16_t v = tswap16(val);
3585 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3589 void stq_phys(target_phys_addr_t addr, uint64_t val)
3592 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3597 /* virtual memory access for debug (includes writing to ROM) */
3598 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3599 uint8_t *buf, int len, int is_write)
3602 target_phys_addr_t phys_addr;
3606 page = addr & TARGET_PAGE_MASK;
3607 phys_addr = cpu_get_phys_page_debug(env, page);
3608 /* if no physical page mapped, return an error */
3609 if (phys_addr == -1)
3611 l = (page + TARGET_PAGE_SIZE) - addr;
3614 phys_addr += (addr & ~TARGET_PAGE_MASK);
3615 #if !defined(CONFIG_USER_ONLY)
3617 cpu_physical_memory_write_rom(phys_addr, buf, l);
3620 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3628 /* in deterministic execution mode, instructions doing device I/Os
3629 must be at the end of the TB */
3630 void cpu_io_recompile(CPUState *env, void *retaddr)
3632 TranslationBlock *tb;
3634 target_ulong pc, cs_base;
3637 tb = tb_find_pc((unsigned long)retaddr);
3639 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3642 n = env->icount_decr.u16.low + tb->icount;
3643 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3644 /* Calculate how many instructions had been executed before the fault
3646 n = n - env->icount_decr.u16.low;
3647 /* Generate a new TB ending on the I/O insn. */
3649 /* On MIPS and SH, delay slot instructions can only be restarted if
3650 they were already the first instruction in the TB. If this is not
3651 the first instruction in a TB then re-execute the preceding
3653 #if defined(TARGET_MIPS)
3654 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3655 env->active_tc.PC -= 4;
3656 env->icount_decr.u16.low++;
3657 env->hflags &= ~MIPS_HFLAG_BMASK;
3659 #elif defined(TARGET_SH4)
3660 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3663 env->icount_decr.u16.low++;
3664 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3667 /* This should never happen. */
3668 if (n > CF_COUNT_MASK)
3669 cpu_abort(env, "TB too big during recompile");
3671 cflags = n | CF_LAST_IO;
3673 cs_base = tb->cs_base;
3675 tb_phys_invalidate(tb, -1);
3676 /* FIXME: In theory this could raise an exception. In practice
3677 we have already translated the block once so it's probably ok. */
3678 tb_gen_code(env, pc, cs_base, flags, cflags);
3679 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3680 the first in the TB) then we end up generating a whole new TB and
3681 repeating the fault, which is horribly inefficient.
3682 Better would be to execute just this insn uncached, or generate a
3684 cpu_resume_from_signal(env, NULL);
3687 void dump_exec_info(FILE *f,
3688 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3690 int i, target_code_size, max_target_code_size;
3691 int direct_jmp_count, direct_jmp2_count, cross_page;
3692 TranslationBlock *tb;
3694 target_code_size = 0;
3695 max_target_code_size = 0;
3697 direct_jmp_count = 0;
3698 direct_jmp2_count = 0;
3699 for(i = 0; i < nb_tbs; i++) {
3701 target_code_size += tb->size;
3702 if (tb->size > max_target_code_size)
3703 max_target_code_size = tb->size;
3704 if (tb->page_addr[1] != -1)
3706 if (tb->tb_next_offset[0] != 0xffff) {
3708 if (tb->tb_next_offset[1] != 0xffff) {
3709 direct_jmp2_count++;
3713 /* XXX: avoid using doubles ? */
3714 cpu_fprintf(f, "Translation buffer state:\n");
3715 cpu_fprintf(f, "gen code size %ld/%ld\n",
3716 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3717 cpu_fprintf(f, "TB count %d/%d\n",
3718 nb_tbs, code_gen_max_blocks);
3719 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3720 nb_tbs ? target_code_size / nb_tbs : 0,
3721 max_target_code_size);
3722 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3723 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3724 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3725 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3727 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3728 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3730 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3732 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3733 cpu_fprintf(f, "\nStatistics:\n");
3734 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3735 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3736 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3737 tcg_dump_info(f, cpu_fprintf);
3740 #if !defined(CONFIG_USER_ONLY)
3742 #define MMUSUFFIX _cmmu
3743 #define GETPC() NULL
3744 #define env cpu_single_env
3745 #define SOFTMMU_CODE_ACCESS
3748 #include "softmmu_template.h"
3751 #include "softmmu_template.h"
3754 #include "softmmu_template.h"
3757 #include "softmmu_template.h"
projects / qemu.git / blob