4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 #include "qemu/mmap-alloc.h"
63 //#define DEBUG_SUBPAGE
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
89 #define RAM_RESIZEABLE (1 << 2)
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
102 #if !defined(CONFIG_USER_ONLY)
104 typedef struct PhysPageEntry PhysPageEntry;
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
119 #define P_L2_SIZE (1 << P_L2_BITS)
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
123 typedef PhysPageEntry Node[P_L2_SIZE];
125 typedef struct PhysPageMap {
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
131 unsigned nodes_nb_alloc;
133 MemoryRegionSection *sections;
136 struct AddressSpaceDispatch {
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
142 PhysPageEntry phys_map;
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
152 uint16_t sub_section[TARGET_PAGE_SIZE];
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
164 static MemoryRegion io_mem_watch;
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
173 struct CPUAddressSpace {
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
182 #if !defined(CONFIG_USER_ONLY)
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
200 ret = map->nodes_nb++;
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
254 unsigned valid_ptr = P_L2_SIZE;
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 phys_page_compact(&p[i], nodes, compacted);
276 /* We can only compress if there's only one child. */
281 assert(valid_ptr < P_L2_SIZE);
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
298 lp->skip += p[valid_ptr].skip;
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
304 DECLARE_BITMAP(compacted, nodes_nb);
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
315 hwaddr index = addr >> TARGET_PAGE_BITS;
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return §ions[PHYS_SECTION_UNASSIGNED];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return §ions[lp.ptr];
331 return §ions[PHYS_SECTION_UNASSIGNED];
335 bool memory_region_is_unassigned(MemoryRegion *mr)
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
344 bool resolve_subpage)
346 MemoryRegionSection *section;
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
362 MemoryRegionSection *section;
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
393 /* Called from RCU critical section */
394 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
399 MemoryRegionSection *section;
403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
407 if (!mr->iommu_ops) {
411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
420 as = iotlb.target_as;
423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
425 *plen = MIN(page, *plen);
432 /* Called from RCU critical section */
433 MemoryRegionSection *
434 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
437 MemoryRegionSection *section;
438 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
439 addr, xlat, plen, false);
441 assert(!section->mr->iommu_ops);
446 #if !defined(CONFIG_USER_ONLY)
448 static int cpu_common_post_load(void *opaque, int version_id)
450 CPUState *cpu = opaque;
452 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
453 version_id is increased. */
454 cpu->interrupt_request &= ~0x01;
460 static int cpu_common_pre_load(void *opaque)
462 CPUState *cpu = opaque;
464 cpu->exception_index = -1;
469 static bool cpu_common_exception_index_needed(void *opaque)
471 CPUState *cpu = opaque;
473 return tcg_enabled() && cpu->exception_index != -1;
476 static const VMStateDescription vmstate_cpu_common_exception_index = {
477 .name = "cpu_common/exception_index",
479 .minimum_version_id = 1,
480 .needed = cpu_common_exception_index_needed,
481 .fields = (VMStateField[]) {
482 VMSTATE_INT32(exception_index, CPUState),
483 VMSTATE_END_OF_LIST()
487 static bool cpu_common_crash_occurred_needed(void *opaque)
489 CPUState *cpu = opaque;
491 return cpu->crash_occurred;
494 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
495 .name = "cpu_common/crash_occurred",
497 .minimum_version_id = 1,
498 .needed = cpu_common_crash_occurred_needed,
499 .fields = (VMStateField[]) {
500 VMSTATE_BOOL(crash_occurred, CPUState),
501 VMSTATE_END_OF_LIST()
505 const VMStateDescription vmstate_cpu_common = {
506 .name = "cpu_common",
508 .minimum_version_id = 1,
509 .pre_load = cpu_common_pre_load,
510 .post_load = cpu_common_post_load,
511 .fields = (VMStateField[]) {
512 VMSTATE_UINT32(halted, CPUState),
513 VMSTATE_UINT32(interrupt_request, CPUState),
514 VMSTATE_END_OF_LIST()
516 .subsections = (const VMStateDescription*[]) {
517 &vmstate_cpu_common_exception_index,
518 &vmstate_cpu_common_crash_occurred,
525 CPUState *qemu_get_cpu(int index)
530 if (cpu->cpu_index == index) {
538 #if !defined(CONFIG_USER_ONLY)
539 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
541 /* We only support one address space per cpu at the moment. */
542 assert(cpu->as == as);
545 /* We've already registered the listener for our only AS */
549 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
550 cpu->cpu_ases[0].cpu = cpu;
551 cpu->cpu_ases[0].as = as;
552 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
553 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
557 #ifndef CONFIG_USER_ONLY
558 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
560 static int cpu_get_free_index(Error **errp)
562 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
564 if (cpu >= MAX_CPUMASK_BITS) {
565 error_setg(errp, "Trying to use more CPUs than max of %d",
570 bitmap_set(cpu_index_map, cpu, 1);
574 void cpu_exec_exit(CPUState *cpu)
576 if (cpu->cpu_index == -1) {
577 /* cpu_index was never allocated by this @cpu or was already freed. */
581 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
586 static int cpu_get_free_index(Error **errp)
591 CPU_FOREACH(some_cpu) {
597 void cpu_exec_exit(CPUState *cpu)
602 void cpu_exec_init(CPUState *cpu, Error **errp)
604 CPUClass *cc = CPU_GET_CLASS(cpu);
606 Error *local_err = NULL;
608 #ifndef CONFIG_USER_ONLY
609 cpu->as = &address_space_memory;
610 cpu->thread_id = qemu_get_thread_id();
613 #if defined(CONFIG_USER_ONLY)
616 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
618 error_propagate(errp, local_err);
619 #if defined(CONFIG_USER_ONLY)
624 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
625 #if defined(CONFIG_USER_ONLY)
628 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
629 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
631 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
632 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
633 cpu_save, cpu_load, cpu->env_ptr);
634 assert(cc->vmsd == NULL);
635 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
637 if (cc->vmsd != NULL) {
638 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
642 #if defined(CONFIG_USER_ONLY)
643 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
645 tb_invalidate_phys_page_range(pc, pc + 1, 0);
648 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
650 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
652 tb_invalidate_phys_addr(cpu->as,
653 phys | (pc & ~TARGET_PAGE_MASK));
658 #if defined(CONFIG_USER_ONLY)
659 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
664 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
670 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
674 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
675 int flags, CPUWatchpoint **watchpoint)
680 /* Add a watchpoint. */
681 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
682 int flags, CPUWatchpoint **watchpoint)
686 /* forbid ranges which are empty or run off the end of the address space */
687 if (len == 0 || (addr + len - 1) < addr) {
688 error_report("tried to set invalid watchpoint at %"
689 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
692 wp = g_malloc(sizeof(*wp));
698 /* keep all GDB-injected watchpoints in front */
699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
702 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
705 tlb_flush_page(cpu, addr);
712 /* Remove a specific watchpoint. */
713 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
718 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
719 if (addr == wp->vaddr && len == wp->len
720 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
721 cpu_watchpoint_remove_by_ref(cpu, wp);
728 /* Remove a specific watchpoint by reference. */
729 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
731 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
733 tlb_flush_page(cpu, watchpoint->vaddr);
738 /* Remove all matching watchpoints. */
739 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
741 CPUWatchpoint *wp, *next;
743 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
744 if (wp->flags & mask) {
745 cpu_watchpoint_remove_by_ref(cpu, wp);
750 /* Return true if this watchpoint address matches the specified
751 * access (ie the address range covered by the watchpoint overlaps
752 * partially or completely with the address range covered by the
755 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
759 /* We know the lengths are non-zero, but a little caution is
760 * required to avoid errors in the case where the range ends
761 * exactly at the top of the address space and so addr + len
762 * wraps round to zero.
764 vaddr wpend = wp->vaddr + wp->len - 1;
765 vaddr addrend = addr + len - 1;
767 return !(addr > wpend || wp->vaddr > addrend);
772 /* Add a breakpoint. */
773 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
774 CPUBreakpoint **breakpoint)
778 bp = g_malloc(sizeof(*bp));
783 /* keep all GDB-injected breakpoints in front */
784 if (flags & BP_GDB) {
785 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
787 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
790 breakpoint_invalidate(cpu, pc);
798 /* Remove a specific breakpoint. */
799 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
803 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
804 if (bp->pc == pc && bp->flags == flags) {
805 cpu_breakpoint_remove_by_ref(cpu, bp);
812 /* Remove a specific breakpoint by reference. */
813 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
815 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
817 breakpoint_invalidate(cpu, breakpoint->pc);
822 /* Remove all matching breakpoints. */
823 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
825 CPUBreakpoint *bp, *next;
827 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
828 if (bp->flags & mask) {
829 cpu_breakpoint_remove_by_ref(cpu, bp);
834 /* enable or disable single step mode. EXCP_DEBUG is returned by the
835 CPU loop after each instruction */
836 void cpu_single_step(CPUState *cpu, int enabled)
838 if (cpu->singlestep_enabled != enabled) {
839 cpu->singlestep_enabled = enabled;
841 kvm_update_guest_debug(cpu, 0);
843 /* must flush all the translated code to avoid inconsistencies */
844 /* XXX: only flush what is necessary */
850 void cpu_abort(CPUState *cpu, const char *fmt, ...)
857 fprintf(stderr, "qemu: fatal: ");
858 vfprintf(stderr, fmt, ap);
859 fprintf(stderr, "\n");
860 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
861 if (qemu_log_separate()) {
862 qemu_log("qemu: fatal: ");
863 qemu_log_vprintf(fmt, ap2);
865 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
872 #if defined(CONFIG_USER_ONLY)
874 struct sigaction act;
875 sigfillset(&act.sa_mask);
876 act.sa_handler = SIG_DFL;
877 sigaction(SIGABRT, &act, NULL);
883 #if !defined(CONFIG_USER_ONLY)
884 /* Called from RCU critical section */
885 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
889 block = atomic_rcu_read(&ram_list.mru_block);
890 if (block && addr - block->offset < block->max_length) {
893 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
894 if (addr - block->offset < block->max_length) {
899 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
903 /* It is safe to write mru_block outside the iothread lock. This
908 * xxx removed from list
912 * call_rcu(reclaim_ramblock, xxx);
915 * atomic_rcu_set is not needed here. The block was already published
916 * when it was placed into the list. Here we're just making an extra
917 * copy of the pointer.
919 ram_list.mru_block = block;
923 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
930 end = TARGET_PAGE_ALIGN(start + length);
931 start &= TARGET_PAGE_MASK;
934 block = qemu_get_ram_block(start);
935 assert(block == qemu_get_ram_block(end - 1));
936 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
938 tlb_reset_dirty(cpu, start1, length);
943 /* Note: start and end must be within the same ram block. */
944 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
948 unsigned long end, page;
955 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
956 page = start >> TARGET_PAGE_BITS;
957 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
960 if (dirty && tcg_enabled()) {
961 tlb_reset_dirty_range_all(start, length);
967 /* Called from RCU critical section */
968 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
969 MemoryRegionSection *section,
971 hwaddr paddr, hwaddr xlat,
973 target_ulong *address)
978 if (memory_region_is_ram(section->mr)) {
980 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
982 if (!section->readonly) {
983 iotlb |= PHYS_SECTION_NOTDIRTY;
985 iotlb |= PHYS_SECTION_ROM;
988 AddressSpaceDispatch *d;
990 d = atomic_rcu_read(§ion->address_space->dispatch);
991 iotlb = section - d->map.sections;
995 /* Make accesses to pages with watchpoints go via the
996 watchpoint trap routines. */
997 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
998 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
999 /* Avoid trapping reads of pages with a write breakpoint. */
1000 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1001 iotlb = PHYS_SECTION_WATCH + paddr;
1002 *address |= TLB_MMIO;
1010 #endif /* defined(CONFIG_USER_ONLY) */
1012 #if !defined(CONFIG_USER_ONLY)
1014 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1016 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1018 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1019 qemu_anon_ram_alloc;
1022 * Set a custom physical guest memory alloator.
1023 * Accelerators with unusual needs may need this. Hopefully, we can
1024 * get rid of it eventually.
1026 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1028 phys_mem_alloc = alloc;
1031 static uint16_t phys_section_add(PhysPageMap *map,
1032 MemoryRegionSection *section)
1034 /* The physical section number is ORed with a page-aligned
1035 * pointer to produce the iotlb entries. Thus it should
1036 * never overflow into the page-aligned value.
1038 assert(map->sections_nb < TARGET_PAGE_SIZE);
1040 if (map->sections_nb == map->sections_nb_alloc) {
1041 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1042 map->sections = g_renew(MemoryRegionSection, map->sections,
1043 map->sections_nb_alloc);
1045 map->sections[map->sections_nb] = *section;
1046 memory_region_ref(section->mr);
1047 return map->sections_nb++;
1050 static void phys_section_destroy(MemoryRegion *mr)
1052 bool have_sub_page = mr->subpage;
1054 memory_region_unref(mr);
1056 if (have_sub_page) {
1057 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1058 object_unref(OBJECT(&subpage->iomem));
1063 static void phys_sections_free(PhysPageMap *map)
1065 while (map->sections_nb > 0) {
1066 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1067 phys_section_destroy(section->mr);
1069 g_free(map->sections);
1073 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1076 hwaddr base = section->offset_within_address_space
1078 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1079 d->map.nodes, d->map.sections);
1080 MemoryRegionSection subsection = {
1081 .offset_within_address_space = base,
1082 .size = int128_make64(TARGET_PAGE_SIZE),
1086 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1088 if (!(existing->mr->subpage)) {
1089 subpage = subpage_init(d->as, base);
1090 subsection.address_space = d->as;
1091 subsection.mr = &subpage->iomem;
1092 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1093 phys_section_add(&d->map, &subsection));
1095 subpage = container_of(existing->mr, subpage_t, iomem);
1097 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1098 end = start + int128_get64(section->size) - 1;
1099 subpage_register(subpage, start, end,
1100 phys_section_add(&d->map, section));
1104 static void register_multipage(AddressSpaceDispatch *d,
1105 MemoryRegionSection *section)
1107 hwaddr start_addr = section->offset_within_address_space;
1108 uint16_t section_index = phys_section_add(&d->map, section);
1109 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1113 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1116 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1118 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1119 AddressSpaceDispatch *d = as->next_dispatch;
1120 MemoryRegionSection now = *section, remain = *section;
1121 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1123 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1124 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1125 - now.offset_within_address_space;
1127 now.size = int128_min(int128_make64(left), now.size);
1128 register_subpage(d, &now);
1130 now.size = int128_zero();
1132 while (int128_ne(remain.size, now.size)) {
1133 remain.size = int128_sub(remain.size, now.size);
1134 remain.offset_within_address_space += int128_get64(now.size);
1135 remain.offset_within_region += int128_get64(now.size);
1137 if (int128_lt(remain.size, page_size)) {
1138 register_subpage(d, &now);
1139 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1140 now.size = page_size;
1141 register_subpage(d, &now);
1143 now.size = int128_and(now.size, int128_neg(page_size));
1144 register_multipage(d, &now);
1149 void qemu_flush_coalesced_mmio_buffer(void)
1152 kvm_flush_coalesced_mmio_buffer();
1155 void qemu_mutex_lock_ramlist(void)
1157 qemu_mutex_lock(&ram_list.mutex);
1160 void qemu_mutex_unlock_ramlist(void)
1162 qemu_mutex_unlock(&ram_list.mutex);
1167 #include <sys/vfs.h>
1169 #define HUGETLBFS_MAGIC 0x958458f6
1171 static long gethugepagesize(const char *path, Error **errp)
1177 ret = statfs(path, &fs);
1178 } while (ret != 0 && errno == EINTR);
1181 error_setg_errno(errp, errno, "failed to get page size of file %s",
1189 static void *file_ram_alloc(RAMBlock *block,
1196 char *sanitized_name;
1201 Error *local_err = NULL;
1203 hpagesize = gethugepagesize(path, &local_err);
1205 error_propagate(errp, local_err);
1208 block->mr->align = hpagesize;
1210 if (memory < hpagesize) {
1211 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1212 "or larger than huge page size 0x%" PRIx64,
1217 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1219 "host lacks kvm mmu notifiers, -mem-path unsupported");
1223 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1224 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1225 sanitized_name = g_strdup(memory_region_name(block->mr));
1226 for (c = sanitized_name; *c != '\0'; c++) {
1232 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1234 g_free(sanitized_name);
1236 fd = mkstemp(filename);
1242 fd = open(path, O_RDWR | O_CREAT, 0644);
1246 error_setg_errno(errp, errno,
1247 "unable to create backing store for hugepages");
1251 memory = ROUND_UP(memory, hpagesize);
1254 * ftruncate is not supported by hugetlbfs in older
1255 * hosts, so don't bother bailing out on errors.
1256 * If anything goes wrong with it under other filesystems,
1259 if (ftruncate(fd, memory)) {
1260 perror("ftruncate");
1263 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1264 if (area == MAP_FAILED) {
1265 error_setg_errno(errp, errno,
1266 "unable to map backing store for hugepages");
1272 os_mem_prealloc(fd, area, memory);
1283 /* Called with the ramlist lock held. */
1284 static ram_addr_t find_ram_offset(ram_addr_t size)
1286 RAMBlock *block, *next_block;
1287 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1289 assert(size != 0); /* it would hand out same offset multiple times */
1291 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1295 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1296 ram_addr_t end, next = RAM_ADDR_MAX;
1298 end = block->offset + block->max_length;
1300 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1301 if (next_block->offset >= end) {
1302 next = MIN(next, next_block->offset);
1305 if (next - end >= size && next - end < mingap) {
1307 mingap = next - end;
1311 if (offset == RAM_ADDR_MAX) {
1312 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1320 ram_addr_t last_ram_offset(void)
1323 ram_addr_t last = 0;
1326 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1327 last = MAX(last, block->offset + block->max_length);
1333 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1337 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1338 if (!machine_dump_guest_core(current_machine)) {
1339 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1341 perror("qemu_madvise");
1342 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1343 "but dump_guest_core=off specified\n");
1348 /* Called within an RCU critical section, or while the ramlist lock
1351 static RAMBlock *find_ram_block(ram_addr_t addr)
1355 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1356 if (block->offset == addr) {
1364 const char *qemu_ram_get_idstr(RAMBlock *rb)
1369 /* Called with iothread lock held. */
1370 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1372 RAMBlock *new_block, *block;
1375 new_block = find_ram_block(addr);
1377 assert(!new_block->idstr[0]);
1380 char *id = qdev_get_dev_path(dev);
1382 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1386 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1388 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1389 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1390 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1398 /* Called with iothread lock held. */
1399 void qemu_ram_unset_idstr(ram_addr_t addr)
1403 /* FIXME: arch_init.c assumes that this is not called throughout
1404 * migration. Ignore the problem since hot-unplug during migration
1405 * does not work anyway.
1409 block = find_ram_block(addr);
1411 memset(block->idstr, 0, sizeof(block->idstr));
1416 static int memory_try_enable_merging(void *addr, size_t len)
1418 if (!machine_mem_merge(current_machine)) {
1419 /* disabled by the user */
1423 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1426 /* Only legal before guest might have detected the memory size: e.g. on
1427 * incoming migration, or right after reset.
1429 * As memory core doesn't know how is memory accessed, it is up to
1430 * resize callback to update device state and/or add assertions to detect
1431 * misuse, if necessary.
1433 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1435 RAMBlock *block = find_ram_block(base);
1439 newsize = HOST_PAGE_ALIGN(newsize);
1441 if (block->used_length == newsize) {
1445 if (!(block->flags & RAM_RESIZEABLE)) {
1446 error_setg_errno(errp, EINVAL,
1447 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1448 " in != 0x" RAM_ADDR_FMT, block->idstr,
1449 newsize, block->used_length);
1453 if (block->max_length < newsize) {
1454 error_setg_errno(errp, EINVAL,
1455 "Length too large: %s: 0x" RAM_ADDR_FMT
1456 " > 0x" RAM_ADDR_FMT, block->idstr,
1457 newsize, block->max_length);
1461 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1462 block->used_length = newsize;
1463 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1465 memory_region_set_size(block->mr, newsize);
1466 if (block->resized) {
1467 block->resized(block->idstr, newsize, block->host);
1472 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1475 RAMBlock *last_block = NULL;
1476 ram_addr_t old_ram_size, new_ram_size;
1479 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1481 qemu_mutex_lock_ramlist();
1482 new_block->offset = find_ram_offset(new_block->max_length);
1484 if (!new_block->host) {
1485 if (xen_enabled()) {
1486 xen_ram_alloc(new_block->offset, new_block->max_length,
1487 new_block->mr, &err);
1489 error_propagate(errp, err);
1490 qemu_mutex_unlock_ramlist();
1494 new_block->host = phys_mem_alloc(new_block->max_length,
1495 &new_block->mr->align);
1496 if (!new_block->host) {
1497 error_setg_errno(errp, errno,
1498 "cannot set up guest memory '%s'",
1499 memory_region_name(new_block->mr));
1500 qemu_mutex_unlock_ramlist();
1503 memory_try_enable_merging(new_block->host, new_block->max_length);
1507 new_ram_size = MAX(old_ram_size,
1508 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1509 if (new_ram_size > old_ram_size) {
1510 migration_bitmap_extend(old_ram_size, new_ram_size);
1512 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1513 * QLIST (which has an RCU-friendly variant) does not have insertion at
1514 * tail, so save the last element in last_block.
1516 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1518 if (block->max_length < new_block->max_length) {
1523 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1524 } else if (last_block) {
1525 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1526 } else { /* list is empty */
1527 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1529 ram_list.mru_block = NULL;
1531 /* Write list before version */
1534 qemu_mutex_unlock_ramlist();
1536 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1538 if (new_ram_size > old_ram_size) {
1541 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1542 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1543 ram_list.dirty_memory[i] =
1544 bitmap_zero_extend(ram_list.dirty_memory[i],
1545 old_ram_size, new_ram_size);
1548 cpu_physical_memory_set_dirty_range(new_block->offset,
1549 new_block->used_length,
1552 if (new_block->host) {
1553 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1554 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1555 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1556 if (kvm_enabled()) {
1557 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1561 return new_block->offset;
1565 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1566 bool share, const char *mem_path,
1569 RAMBlock *new_block;
1571 Error *local_err = NULL;
1573 if (xen_enabled()) {
1574 error_setg(errp, "-mem-path not supported with Xen");
1578 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1580 * file_ram_alloc() needs to allocate just like
1581 * phys_mem_alloc, but we haven't bothered to provide
1585 "-mem-path not supported with this accelerator");
1589 size = HOST_PAGE_ALIGN(size);
1590 new_block = g_malloc0(sizeof(*new_block));
1592 new_block->used_length = size;
1593 new_block->max_length = size;
1594 new_block->flags = share ? RAM_SHARED : 0;
1595 new_block->host = file_ram_alloc(new_block, size,
1597 if (!new_block->host) {
1602 addr = ram_block_add(new_block, &local_err);
1605 error_propagate(errp, local_err);
1613 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1614 void (*resized)(const char*,
1617 void *host, bool resizeable,
1618 MemoryRegion *mr, Error **errp)
1620 RAMBlock *new_block;
1622 Error *local_err = NULL;
1624 size = HOST_PAGE_ALIGN(size);
1625 max_size = HOST_PAGE_ALIGN(max_size);
1626 new_block = g_malloc0(sizeof(*new_block));
1628 new_block->resized = resized;
1629 new_block->used_length = size;
1630 new_block->max_length = max_size;
1631 assert(max_size >= size);
1633 new_block->host = host;
1635 new_block->flags |= RAM_PREALLOC;
1638 new_block->flags |= RAM_RESIZEABLE;
1640 addr = ram_block_add(new_block, &local_err);
1643 error_propagate(errp, local_err);
1649 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1650 MemoryRegion *mr, Error **errp)
1652 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1655 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1657 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1660 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1661 void (*resized)(const char*,
1664 MemoryRegion *mr, Error **errp)
1666 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1669 static void reclaim_ramblock(RAMBlock *block)
1671 if (block->flags & RAM_PREALLOC) {
1673 } else if (xen_enabled()) {
1674 xen_invalidate_map_cache_entry(block->host);
1676 } else if (block->fd >= 0) {
1677 qemu_ram_munmap(block->host, block->max_length);
1681 qemu_anon_ram_free(block->host, block->max_length);
1686 void qemu_ram_free(ram_addr_t addr)
1690 qemu_mutex_lock_ramlist();
1691 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1692 if (addr == block->offset) {
1693 QLIST_REMOVE_RCU(block, next);
1694 ram_list.mru_block = NULL;
1695 /* Write list before version */
1698 call_rcu(block, reclaim_ramblock, rcu);
1702 qemu_mutex_unlock_ramlist();
1706 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1713 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1714 offset = addr - block->offset;
1715 if (offset < block->max_length) {
1716 vaddr = ramblock_ptr(block, offset);
1717 if (block->flags & RAM_PREALLOC) {
1719 } else if (xen_enabled()) {
1723 if (block->fd >= 0) {
1724 flags |= (block->flags & RAM_SHARED ?
1725 MAP_SHARED : MAP_PRIVATE);
1726 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1727 flags, block->fd, offset);
1730 * Remap needs to match alloc. Accelerators that
1731 * set phys_mem_alloc never remap. If they did,
1732 * we'd need a remap hook here.
1734 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1736 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1737 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1740 if (area != vaddr) {
1741 fprintf(stderr, "Could not remap addr: "
1742 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1746 memory_try_enable_merging(vaddr, length);
1747 qemu_ram_setup_dump(vaddr, length);
1752 #endif /* !_WIN32 */
1754 int qemu_get_ram_fd(ram_addr_t addr)
1760 block = qemu_get_ram_block(addr);
1766 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1771 block = qemu_get_ram_block(addr);
1776 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1782 block = qemu_get_ram_block(addr);
1783 ptr = ramblock_ptr(block, 0);
1788 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1789 * This should not be used for general purpose DMA. Use address_space_map
1790 * or address_space_rw instead. For local memory (e.g. video ram) that the
1791 * device owns, use memory_region_get_ram_ptr.
1793 * Called within RCU critical section.
1795 void *qemu_get_ram_ptr(ram_addr_t addr)
1797 RAMBlock *block = qemu_get_ram_block(addr);
1799 if (xen_enabled() && block->host == NULL) {
1800 /* We need to check if the requested address is in the RAM
1801 * because we don't want to map the entire memory in QEMU.
1802 * In that case just map until the end of the page.
1804 if (block->offset == 0) {
1805 return xen_map_cache(addr, 0, 0);
1808 block->host = xen_map_cache(block->offset, block->max_length, 1);
1810 return ramblock_ptr(block, addr - block->offset);
1813 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1814 * but takes a size argument.
1816 * Called within RCU critical section.
1818 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1821 ram_addr_t offset_inside_block;
1826 block = qemu_get_ram_block(addr);
1827 offset_inside_block = addr - block->offset;
1828 *size = MIN(*size, block->max_length - offset_inside_block);
1830 if (xen_enabled() && block->host == NULL) {
1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map the requested area.
1835 if (block->offset == 0) {
1836 return xen_map_cache(addr, *size, 1);
1839 block->host = xen_map_cache(block->offset, block->max_length, 1);
1842 return ramblock_ptr(block, offset_inside_block);
1846 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1849 * ptr: Host pointer to look up
1850 * round_offset: If true round the result offset down to a page boundary
1851 * *ram_addr: set to result ram_addr
1852 * *offset: set to result offset within the RAMBlock
1854 * Returns: RAMBlock (or NULL if not found)
1856 * By the time this function returns, the returned pointer is not protected
1857 * by RCU anymore. If the caller is not within an RCU critical section and
1858 * does not hold the iothread lock, it must have other means of protecting the
1859 * pointer, such as a reference to the region that includes the incoming
1862 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1863 ram_addr_t *ram_addr,
1867 uint8_t *host = ptr;
1869 if (xen_enabled()) {
1871 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1872 block = qemu_get_ram_block(*ram_addr);
1874 *offset = (host - block->host);
1881 block = atomic_rcu_read(&ram_list.mru_block);
1882 if (block && block->host && host - block->host < block->max_length) {
1886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1887 /* This case append when the block is not mapped. */
1888 if (block->host == NULL) {
1891 if (host - block->host < block->max_length) {
1900 *offset = (host - block->host);
1902 *offset &= TARGET_PAGE_MASK;
1904 *ram_addr = block->offset + *offset;
1910 * Finds the named RAMBlock
1912 * name: The name of RAMBlock to find
1914 * Returns: RAMBlock (or NULL if not found)
1916 RAMBlock *qemu_ram_block_by_name(const char *name)
1920 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1921 if (!strcmp(name, block->idstr)) {
1929 /* Some of the softmmu routines need to translate from a host pointer
1930 (typically a TLB entry) back to a ram offset. */
1931 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1934 ram_addr_t offset; /* Not used */
1936 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1945 /* Called within RCU critical section. */
1946 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1947 uint64_t val, unsigned size)
1949 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1950 tb_invalidate_phys_page_fast(ram_addr, size);
1954 stb_p(qemu_get_ram_ptr(ram_addr), val);
1957 stw_p(qemu_get_ram_ptr(ram_addr), val);
1960 stl_p(qemu_get_ram_ptr(ram_addr), val);
1965 /* Set both VGA and migration bits for simplicity and to remove
1966 * the notdirty callback faster.
1968 cpu_physical_memory_set_dirty_range(ram_addr, size,
1969 DIRTY_CLIENTS_NOCODE);
1970 /* we remove the notdirty callback only if the code has been
1972 if (!cpu_physical_memory_is_clean(ram_addr)) {
1973 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1977 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1978 unsigned size, bool is_write)
1983 static const MemoryRegionOps notdirty_mem_ops = {
1984 .write = notdirty_mem_write,
1985 .valid.accepts = notdirty_mem_accepts,
1986 .endianness = DEVICE_NATIVE_ENDIAN,
1989 /* Generate a debug exception if a watchpoint has been hit. */
1990 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1992 CPUState *cpu = current_cpu;
1993 CPUArchState *env = cpu->env_ptr;
1994 target_ulong pc, cs_base;
1999 if (cpu->watchpoint_hit) {
2000 /* We re-entered the check after replacing the TB. Now raise
2001 * the debug interrupt so that is will trigger after the
2002 * current instruction. */
2003 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2006 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2007 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2008 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2009 && (wp->flags & flags)) {
2010 if (flags == BP_MEM_READ) {
2011 wp->flags |= BP_WATCHPOINT_HIT_READ;
2013 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2015 wp->hitaddr = vaddr;
2016 wp->hitattrs = attrs;
2017 if (!cpu->watchpoint_hit) {
2018 cpu->watchpoint_hit = wp;
2019 tb_check_watchpoint(cpu);
2020 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2021 cpu->exception_index = EXCP_DEBUG;
2024 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2025 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2026 cpu_resume_from_signal(cpu, NULL);
2030 wp->flags &= ~BP_WATCHPOINT_HIT;
2035 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2036 so these check for a hit then pass through to the normal out-of-line
2038 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2039 unsigned size, MemTxAttrs attrs)
2044 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2047 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2050 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2053 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2061 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2062 uint64_t val, unsigned size,
2067 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2070 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2073 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2076 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2083 static const MemoryRegionOps watch_mem_ops = {
2084 .read_with_attrs = watch_mem_read,
2085 .write_with_attrs = watch_mem_write,
2086 .endianness = DEVICE_NATIVE_ENDIAN,
2089 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2090 unsigned len, MemTxAttrs attrs)
2092 subpage_t *subpage = opaque;
2096 #if defined(DEBUG_SUBPAGE)
2097 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2098 subpage, len, addr);
2100 res = address_space_read(subpage->as, addr + subpage->base,
2107 *data = ldub_p(buf);
2110 *data = lduw_p(buf);
2123 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2124 uint64_t value, unsigned len, MemTxAttrs attrs)
2126 subpage_t *subpage = opaque;
2129 #if defined(DEBUG_SUBPAGE)
2130 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2131 " value %"PRIx64"\n",
2132 __func__, subpage, len, addr, value);
2150 return address_space_write(subpage->as, addr + subpage->base,
2154 static bool subpage_accepts(void *opaque, hwaddr addr,
2155 unsigned len, bool is_write)
2157 subpage_t *subpage = opaque;
2158 #if defined(DEBUG_SUBPAGE)
2159 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2160 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2163 return address_space_access_valid(subpage->as, addr + subpage->base,
2167 static const MemoryRegionOps subpage_ops = {
2168 .read_with_attrs = subpage_read,
2169 .write_with_attrs = subpage_write,
2170 .impl.min_access_size = 1,
2171 .impl.max_access_size = 8,
2172 .valid.min_access_size = 1,
2173 .valid.max_access_size = 8,
2174 .valid.accepts = subpage_accepts,
2175 .endianness = DEVICE_NATIVE_ENDIAN,
2178 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2183 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2185 idx = SUBPAGE_IDX(start);
2186 eidx = SUBPAGE_IDX(end);
2187 #if defined(DEBUG_SUBPAGE)
2188 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2189 __func__, mmio, start, end, idx, eidx, section);
2191 for (; idx <= eidx; idx++) {
2192 mmio->sub_section[idx] = section;
2198 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2202 mmio = g_malloc0(sizeof(subpage_t));
2206 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2207 NULL, TARGET_PAGE_SIZE);
2208 mmio->iomem.subpage = true;
2209 #if defined(DEBUG_SUBPAGE)
2210 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2211 mmio, base, TARGET_PAGE_SIZE);
2213 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2218 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2222 MemoryRegionSection section = {
2223 .address_space = as,
2225 .offset_within_address_space = 0,
2226 .offset_within_region = 0,
2227 .size = int128_2_64(),
2230 return phys_section_add(map, §ion);
2233 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2235 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2236 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2237 MemoryRegionSection *sections = d->map.sections;
2239 return sections[index & ~TARGET_PAGE_MASK].mr;
2242 static void io_mem_init(void)
2244 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2245 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2247 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2249 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2253 static void mem_begin(MemoryListener *listener)
2255 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2256 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2259 n = dummy_section(&d->map, as, &io_mem_unassigned);
2260 assert(n == PHYS_SECTION_UNASSIGNED);
2261 n = dummy_section(&d->map, as, &io_mem_notdirty);
2262 assert(n == PHYS_SECTION_NOTDIRTY);
2263 n = dummy_section(&d->map, as, &io_mem_rom);
2264 assert(n == PHYS_SECTION_ROM);
2265 n = dummy_section(&d->map, as, &io_mem_watch);
2266 assert(n == PHYS_SECTION_WATCH);
2268 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2270 as->next_dispatch = d;
2273 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2275 phys_sections_free(&d->map);
2279 static void mem_commit(MemoryListener *listener)
2281 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2282 AddressSpaceDispatch *cur = as->dispatch;
2283 AddressSpaceDispatch *next = as->next_dispatch;
2285 phys_page_compact_all(next, next->map.nodes_nb);
2287 atomic_rcu_set(&as->dispatch, next);
2289 call_rcu(cur, address_space_dispatch_free, rcu);
2293 static void tcg_commit(MemoryListener *listener)
2295 CPUAddressSpace *cpuas;
2296 AddressSpaceDispatch *d;
2298 /* since each CPU stores ram addresses in its TLB cache, we must
2299 reset the modified entries */
2300 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2301 cpu_reloading_memory_map();
2302 /* The CPU and TLB are protected by the iothread lock.
2303 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2304 * may have split the RCU critical section.
2306 d = atomic_rcu_read(&cpuas->as->dispatch);
2307 cpuas->memory_dispatch = d;
2308 tlb_flush(cpuas->cpu, 1);
2311 void address_space_init_dispatch(AddressSpace *as)
2313 as->dispatch = NULL;
2314 as->dispatch_listener = (MemoryListener) {
2316 .commit = mem_commit,
2317 .region_add = mem_add,
2318 .region_nop = mem_add,
2321 memory_listener_register(&as->dispatch_listener, as);
2324 void address_space_unregister(AddressSpace *as)
2326 memory_listener_unregister(&as->dispatch_listener);
2329 void address_space_destroy_dispatch(AddressSpace *as)
2331 AddressSpaceDispatch *d = as->dispatch;
2333 atomic_rcu_set(&as->dispatch, NULL);
2335 call_rcu(d, address_space_dispatch_free, rcu);
2339 static void memory_map_init(void)
2341 system_memory = g_malloc(sizeof(*system_memory));
2343 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2344 address_space_init(&address_space_memory, system_memory, "memory");
2346 system_io = g_malloc(sizeof(*system_io));
2347 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2349 address_space_init(&address_space_io, system_io, "I/O");
2352 MemoryRegion *get_system_memory(void)
2354 return system_memory;
2357 MemoryRegion *get_system_io(void)
2362 #endif /* !defined(CONFIG_USER_ONLY) */
2364 /* physical memory access (slow version, mainly for debug) */
2365 #if defined(CONFIG_USER_ONLY)
2366 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2367 uint8_t *buf, int len, int is_write)
2374 page = addr & TARGET_PAGE_MASK;
2375 l = (page + TARGET_PAGE_SIZE) - addr;
2378 flags = page_get_flags(page);
2379 if (!(flags & PAGE_VALID))
2382 if (!(flags & PAGE_WRITE))
2384 /* XXX: this code should not depend on lock_user */
2385 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2388 unlock_user(p, addr, l);
2390 if (!(flags & PAGE_READ))
2392 /* XXX: this code should not depend on lock_user */
2393 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2396 unlock_user(p, addr, 0);
2407 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2410 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2411 /* No early return if dirty_log_mask is or becomes 0, because
2412 * cpu_physical_memory_set_dirty_range will still call
2413 * xen_modified_memory.
2415 if (dirty_log_mask) {
2417 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2419 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2420 tb_invalidate_phys_range(addr, addr + length);
2421 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2423 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2426 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2428 unsigned access_size_max = mr->ops->valid.max_access_size;
2430 /* Regions are assumed to support 1-4 byte accesses unless
2431 otherwise specified. */
2432 if (access_size_max == 0) {
2433 access_size_max = 4;
2436 /* Bound the maximum access by the alignment of the address. */
2437 if (!mr->ops->impl.unaligned) {
2438 unsigned align_size_max = addr & -addr;
2439 if (align_size_max != 0 && align_size_max < access_size_max) {
2440 access_size_max = align_size_max;
2444 /* Don't attempt accesses larger than the maximum. */
2445 if (l > access_size_max) {
2446 l = access_size_max;
2453 static bool prepare_mmio_access(MemoryRegion *mr)
2455 bool unlocked = !qemu_mutex_iothread_locked();
2456 bool release_lock = false;
2458 if (unlocked && mr->global_locking) {
2459 qemu_mutex_lock_iothread();
2461 release_lock = true;
2463 if (mr->flush_coalesced_mmio) {
2465 qemu_mutex_lock_iothread();
2467 qemu_flush_coalesced_mmio_buffer();
2469 qemu_mutex_unlock_iothread();
2473 return release_lock;
2476 /* Called within RCU critical section. */
2477 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2480 int len, hwaddr addr1,
2481 hwaddr l, MemoryRegion *mr)
2485 MemTxResult result = MEMTX_OK;
2486 bool release_lock = false;
2489 if (!memory_access_is_direct(mr, true)) {
2490 release_lock |= prepare_mmio_access(mr);
2491 l = memory_access_size(mr, l, addr1);
2492 /* XXX: could force current_cpu to NULL to avoid
2496 /* 64 bit write access */
2498 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2502 /* 32 bit write access */
2504 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2508 /* 16 bit write access */
2510 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2514 /* 8 bit write access */
2516 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2523 addr1 += memory_region_get_ram_addr(mr);
2525 ptr = qemu_get_ram_ptr(addr1);
2526 memcpy(ptr, buf, l);
2527 invalidate_and_set_dirty(mr, addr1, l);
2531 qemu_mutex_unlock_iothread();
2532 release_lock = false;
2544 mr = address_space_translate(as, addr, &addr1, &l, true);
2550 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2551 const uint8_t *buf, int len)
2556 MemTxResult result = MEMTX_OK;
2561 mr = address_space_translate(as, addr, &addr1, &l, true);
2562 result = address_space_write_continue(as, addr, attrs, buf, len,
2570 /* Called within RCU critical section. */
2571 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2572 MemTxAttrs attrs, uint8_t *buf,
2573 int len, hwaddr addr1, hwaddr l,
2578 MemTxResult result = MEMTX_OK;
2579 bool release_lock = false;
2582 if (!memory_access_is_direct(mr, false)) {
2584 release_lock |= prepare_mmio_access(mr);
2585 l = memory_access_size(mr, l, addr1);
2588 /* 64 bit read access */
2589 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2594 /* 32 bit read access */
2595 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2600 /* 16 bit read access */
2601 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2606 /* 8 bit read access */
2607 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2616 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2617 memcpy(buf, ptr, l);
2621 qemu_mutex_unlock_iothread();
2622 release_lock = false;
2634 mr = address_space_translate(as, addr, &addr1, &l, false);
2640 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2641 MemTxAttrs attrs, uint8_t *buf, int len)
2646 MemTxResult result = MEMTX_OK;
2651 mr = address_space_translate(as, addr, &addr1, &l, false);
2652 result = address_space_read_continue(as, addr, attrs, buf, len,
2660 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2661 uint8_t *buf, int len, bool is_write)
2664 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2666 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2670 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2671 int len, int is_write)
2673 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2674 buf, len, is_write);
2677 enum write_rom_type {
2682 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2683 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2693 mr = address_space_translate(as, addr, &addr1, &l, true);
2695 if (!(memory_region_is_ram(mr) ||
2696 memory_region_is_romd(mr))) {
2697 l = memory_access_size(mr, l, addr1);
2699 addr1 += memory_region_get_ram_addr(mr);
2701 ptr = qemu_get_ram_ptr(addr1);
2704 memcpy(ptr, buf, l);
2705 invalidate_and_set_dirty(mr, addr1, l);
2708 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2719 /* used for ROM loading : can write in RAM and ROM */
2720 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2721 const uint8_t *buf, int len)
2723 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2726 void cpu_flush_icache_range(hwaddr start, int len)
2729 * This function should do the same thing as an icache flush that was
2730 * triggered from within the guest. For TCG we are always cache coherent,
2731 * so there is no need to flush anything. For KVM / Xen we need to flush
2732 * the host's instruction cache at least.
2734 if (tcg_enabled()) {
2738 cpu_physical_memory_write_rom_internal(&address_space_memory,
2739 start, NULL, len, FLUSH_CACHE);
2750 static BounceBuffer bounce;
2752 typedef struct MapClient {
2754 QLIST_ENTRY(MapClient) link;
2757 QemuMutex map_client_list_lock;
2758 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2759 = QLIST_HEAD_INITIALIZER(map_client_list);
2761 static void cpu_unregister_map_client_do(MapClient *client)
2763 QLIST_REMOVE(client, link);
2767 static void cpu_notify_map_clients_locked(void)
2771 while (!QLIST_EMPTY(&map_client_list)) {
2772 client = QLIST_FIRST(&map_client_list);
2773 qemu_bh_schedule(client->bh);
2774 cpu_unregister_map_client_do(client);
2778 void cpu_register_map_client(QEMUBH *bh)
2780 MapClient *client = g_malloc(sizeof(*client));
2782 qemu_mutex_lock(&map_client_list_lock);
2784 QLIST_INSERT_HEAD(&map_client_list, client, link);
2785 if (!atomic_read(&bounce.in_use)) {
2786 cpu_notify_map_clients_locked();
2788 qemu_mutex_unlock(&map_client_list_lock);
2791 void cpu_exec_init_all(void)
2793 qemu_mutex_init(&ram_list.mutex);
2796 qemu_mutex_init(&map_client_list_lock);
2799 void cpu_unregister_map_client(QEMUBH *bh)
2803 qemu_mutex_lock(&map_client_list_lock);
2804 QLIST_FOREACH(client, &map_client_list, link) {
2805 if (client->bh == bh) {
2806 cpu_unregister_map_client_do(client);
2810 qemu_mutex_unlock(&map_client_list_lock);
2813 static void cpu_notify_map_clients(void)
2815 qemu_mutex_lock(&map_client_list_lock);
2816 cpu_notify_map_clients_locked();
2817 qemu_mutex_unlock(&map_client_list_lock);
2820 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2828 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2829 if (!memory_access_is_direct(mr, is_write)) {
2830 l = memory_access_size(mr, l, addr);
2831 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2843 /* Map a physical memory region into a host virtual address.
2844 * May map a subset of the requested range, given by and returned in *plen.
2845 * May return NULL if resources needed to perform the mapping are exhausted.
2846 * Use only for reads OR writes - not for read-modify-write operations.
2847 * Use cpu_register_map_client() to know when retrying the map operation is
2848 * likely to succeed.
2850 void *address_space_map(AddressSpace *as,
2857 hwaddr l, xlat, base;
2858 MemoryRegion *mr, *this_mr;
2868 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2870 if (!memory_access_is_direct(mr, is_write)) {
2871 if (atomic_xchg(&bounce.in_use, true)) {
2875 /* Avoid unbounded allocations */
2876 l = MIN(l, TARGET_PAGE_SIZE);
2877 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2881 memory_region_ref(mr);
2884 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2890 return bounce.buffer;
2894 raddr = memory_region_get_ram_addr(mr);
2905 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2906 if (this_mr != mr || xlat != base + done) {
2911 memory_region_ref(mr);
2913 ptr = qemu_ram_ptr_length(raddr + base, plen);
2919 /* Unmaps a memory region previously mapped by address_space_map().
2920 * Will also mark the memory as dirty if is_write == 1. access_len gives
2921 * the amount of memory that was actually read or written by the caller.
2923 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2924 int is_write, hwaddr access_len)
2926 if (buffer != bounce.buffer) {
2930 mr = qemu_ram_addr_from_host(buffer, &addr1);
2933 invalidate_and_set_dirty(mr, addr1, access_len);
2935 if (xen_enabled()) {
2936 xen_invalidate_map_cache_entry(buffer);
2938 memory_region_unref(mr);
2942 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2943 bounce.buffer, access_len);
2945 qemu_vfree(bounce.buffer);
2946 bounce.buffer = NULL;
2947 memory_region_unref(bounce.mr);
2948 atomic_mb_set(&bounce.in_use, false);
2949 cpu_notify_map_clients();
2952 void *cpu_physical_memory_map(hwaddr addr,
2956 return address_space_map(&address_space_memory, addr, plen, is_write);
2959 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2960 int is_write, hwaddr access_len)
2962 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2965 /* warning: addr must be aligned */
2966 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2968 MemTxResult *result,
2969 enum device_endian endian)
2977 bool release_lock = false;
2980 mr = address_space_translate(as, addr, &addr1, &l, false);
2981 if (l < 4 || !memory_access_is_direct(mr, false)) {
2982 release_lock |= prepare_mmio_access(mr);
2985 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2986 #if defined(TARGET_WORDS_BIGENDIAN)
2987 if (endian == DEVICE_LITTLE_ENDIAN) {
2991 if (endian == DEVICE_BIG_ENDIAN) {
2997 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3001 case DEVICE_LITTLE_ENDIAN:
3002 val = ldl_le_p(ptr);
3004 case DEVICE_BIG_ENDIAN:
3005 val = ldl_be_p(ptr);
3017 qemu_mutex_unlock_iothread();
3023 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3024 MemTxAttrs attrs, MemTxResult *result)
3026 return address_space_ldl_internal(as, addr, attrs, result,
3027 DEVICE_NATIVE_ENDIAN);
3030 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs, MemTxResult *result)
3033 return address_space_ldl_internal(as, addr, attrs, result,
3034 DEVICE_LITTLE_ENDIAN);
3037 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3038 MemTxAttrs attrs, MemTxResult *result)
3040 return address_space_ldl_internal(as, addr, attrs, result,
3044 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3046 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3049 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3051 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3054 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3056 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3059 /* warning: addr must be aligned */
3060 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3062 MemTxResult *result,
3063 enum device_endian endian)
3071 bool release_lock = false;
3074 mr = address_space_translate(as, addr, &addr1, &l,
3076 if (l < 8 || !memory_access_is_direct(mr, false)) {
3077 release_lock |= prepare_mmio_access(mr);
3080 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3081 #if defined(TARGET_WORDS_BIGENDIAN)
3082 if (endian == DEVICE_LITTLE_ENDIAN) {
3086 if (endian == DEVICE_BIG_ENDIAN) {
3092 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3096 case DEVICE_LITTLE_ENDIAN:
3097 val = ldq_le_p(ptr);
3099 case DEVICE_BIG_ENDIAN:
3100 val = ldq_be_p(ptr);
3112 qemu_mutex_unlock_iothread();
3118 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3119 MemTxAttrs attrs, MemTxResult *result)
3121 return address_space_ldq_internal(as, addr, attrs, result,
3122 DEVICE_NATIVE_ENDIAN);
3125 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3126 MemTxAttrs attrs, MemTxResult *result)
3128 return address_space_ldq_internal(as, addr, attrs, result,
3129 DEVICE_LITTLE_ENDIAN);
3132 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3133 MemTxAttrs attrs, MemTxResult *result)
3135 return address_space_ldq_internal(as, addr, attrs, result,
3139 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3141 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3144 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3146 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3149 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3151 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3155 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3156 MemTxAttrs attrs, MemTxResult *result)
3161 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3168 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3170 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3173 /* warning: addr must be aligned */
3174 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3177 MemTxResult *result,
3178 enum device_endian endian)
3186 bool release_lock = false;
3189 mr = address_space_translate(as, addr, &addr1, &l,
3191 if (l < 2 || !memory_access_is_direct(mr, false)) {
3192 release_lock |= prepare_mmio_access(mr);
3195 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3196 #if defined(TARGET_WORDS_BIGENDIAN)
3197 if (endian == DEVICE_LITTLE_ENDIAN) {
3201 if (endian == DEVICE_BIG_ENDIAN) {
3207 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3211 case DEVICE_LITTLE_ENDIAN:
3212 val = lduw_le_p(ptr);
3214 case DEVICE_BIG_ENDIAN:
3215 val = lduw_be_p(ptr);
3227 qemu_mutex_unlock_iothread();
3233 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3234 MemTxAttrs attrs, MemTxResult *result)
3236 return address_space_lduw_internal(as, addr, attrs, result,
3237 DEVICE_NATIVE_ENDIAN);
3240 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3241 MemTxAttrs attrs, MemTxResult *result)
3243 return address_space_lduw_internal(as, addr, attrs, result,
3244 DEVICE_LITTLE_ENDIAN);
3247 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3248 MemTxAttrs attrs, MemTxResult *result)
3250 return address_space_lduw_internal(as, addr, attrs, result,
3254 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3256 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3259 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3261 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3264 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3266 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3269 /* warning: addr must be aligned. The ram page is not masked as dirty
3270 and the code inside is not invalidated. It is useful if the dirty
3271 bits are used to track modified PTEs */
3272 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3273 MemTxAttrs attrs, MemTxResult *result)
3280 uint8_t dirty_log_mask;
3281 bool release_lock = false;
3284 mr = address_space_translate(as, addr, &addr1, &l,
3286 if (l < 4 || !memory_access_is_direct(mr, true)) {
3287 release_lock |= prepare_mmio_access(mr);
3289 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3291 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3292 ptr = qemu_get_ram_ptr(addr1);
3295 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3296 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3297 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3304 qemu_mutex_unlock_iothread();
3309 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3311 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3314 /* warning: addr must be aligned */
3315 static inline void address_space_stl_internal(AddressSpace *as,
3316 hwaddr addr, uint32_t val,
3318 MemTxResult *result,
3319 enum device_endian endian)
3326 bool release_lock = false;
3329 mr = address_space_translate(as, addr, &addr1, &l,
3331 if (l < 4 || !memory_access_is_direct(mr, true)) {
3332 release_lock |= prepare_mmio_access(mr);
3334 #if defined(TARGET_WORDS_BIGENDIAN)
3335 if (endian == DEVICE_LITTLE_ENDIAN) {
3339 if (endian == DEVICE_BIG_ENDIAN) {
3343 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3346 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3347 ptr = qemu_get_ram_ptr(addr1);
3349 case DEVICE_LITTLE_ENDIAN:
3352 case DEVICE_BIG_ENDIAN:
3359 invalidate_and_set_dirty(mr, addr1, 4);
3366 qemu_mutex_unlock_iothread();
3371 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3372 MemTxAttrs attrs, MemTxResult *result)
3374 address_space_stl_internal(as, addr, val, attrs, result,
3375 DEVICE_NATIVE_ENDIAN);
3378 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3379 MemTxAttrs attrs, MemTxResult *result)
3381 address_space_stl_internal(as, addr, val, attrs, result,
3382 DEVICE_LITTLE_ENDIAN);
3385 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3388 address_space_stl_internal(as, addr, val, attrs, result,
3392 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3394 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3397 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3399 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3402 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3404 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3408 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3409 MemTxAttrs attrs, MemTxResult *result)
3414 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3420 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3422 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3425 /* warning: addr must be aligned */
3426 static inline void address_space_stw_internal(AddressSpace *as,
3427 hwaddr addr, uint32_t val,
3429 MemTxResult *result,
3430 enum device_endian endian)
3437 bool release_lock = false;
3440 mr = address_space_translate(as, addr, &addr1, &l, true);
3441 if (l < 2 || !memory_access_is_direct(mr, true)) {
3442 release_lock |= prepare_mmio_access(mr);
3444 #if defined(TARGET_WORDS_BIGENDIAN)
3445 if (endian == DEVICE_LITTLE_ENDIAN) {
3449 if (endian == DEVICE_BIG_ENDIAN) {
3453 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3456 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3457 ptr = qemu_get_ram_ptr(addr1);
3459 case DEVICE_LITTLE_ENDIAN:
3462 case DEVICE_BIG_ENDIAN:
3469 invalidate_and_set_dirty(mr, addr1, 2);
3476 qemu_mutex_unlock_iothread();
3481 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3482 MemTxAttrs attrs, MemTxResult *result)
3484 address_space_stw_internal(as, addr, val, attrs, result,
3485 DEVICE_NATIVE_ENDIAN);
3488 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3489 MemTxAttrs attrs, MemTxResult *result)
3491 address_space_stw_internal(as, addr, val, attrs, result,
3492 DEVICE_LITTLE_ENDIAN);
3495 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
3498 address_space_stw_internal(as, addr, val, attrs, result,
3502 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3504 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3507 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3509 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3512 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3514 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3518 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3519 MemTxAttrs attrs, MemTxResult *result)
3523 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3529 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3530 MemTxAttrs attrs, MemTxResult *result)
3533 val = cpu_to_le64(val);
3534 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3539 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3540 MemTxAttrs attrs, MemTxResult *result)
3543 val = cpu_to_be64(val);
3544 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3550 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3552 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3555 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3557 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3560 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3562 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3565 /* virtual memory access for debug (includes writing to ROM) */
3566 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3567 uint8_t *buf, int len, int is_write)
3574 page = addr & TARGET_PAGE_MASK;
3575 phys_addr = cpu_get_phys_page_debug(cpu, page);
3576 /* if no physical page mapped, return an error */
3577 if (phys_addr == -1)
3579 l = (page + TARGET_PAGE_SIZE) - addr;
3582 phys_addr += (addr & ~TARGET_PAGE_MASK);
3584 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3586 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3597 * Allows code that needs to deal with migration bitmaps etc to still be built
3598 * target independent.
3600 size_t qemu_target_page_bits(void)
3602 return TARGET_PAGE_BITS;
3608 * A helper function for the _utterly broken_ virtio device model to find out if
3609 * it's running on a big endian machine. Don't do this at home kids!
3611 bool target_words_bigendian(void);
3612 bool target_words_bigendian(void)
3614 #if defined(TARGET_WORDS_BIGENDIAN)
3621 #ifndef CONFIG_USER_ONLY
3622 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3629 mr = address_space_translate(&address_space_memory,
3630 phys_addr, &phys_addr, &l, false);
3632 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3637 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3643 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3644 ret = func(block->idstr, block->host, block->offset,
3645 block->used_length, opaque);
projects / qemu.git / blob