2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
35 #include "qemu-timer.h"
37 #include "exec-memory.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
55 #else /* !CONFIG_USER_ONLY */
56 #include "xen-mapcache.h"
60 #define WANT_EXEC_OBSOLETE
61 #include "exec-obsolete.h"
63 //#define DEBUG_TB_INVALIDATE
66 //#define DEBUG_UNASSIGNED
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
101 #define code_gen_section \
102 __attribute__((aligned (32)))
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 static uint8_t *code_gen_ptr;
112 #if !defined(CONFIG_USER_ONLY)
114 static int in_migration;
116 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
118 static MemoryRegion *system_memory;
119 static MemoryRegion *system_io;
121 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
122 static MemoryRegion io_mem_subpage_ram;
126 CPUArchState *first_cpu;
127 /* current CPU in the current thread. It is only valid inside
129 DEFINE_TLS(CPUArchState *,cpu_single_env);
130 /* 0 = Do not count executed instructions.
131 1 = Precise instruction counting.
132 2 = Adaptive rate instruction counting. */
135 typedef struct PageDesc {
136 /* list of TBs intersecting this ram page */
137 TranslationBlock *first_tb;
138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142 #if defined(CONFIG_USER_ONLY)
147 /* In system mode we want L1_MAP to be based on ram offsets,
148 while in user mode we want it to be based on virtual addresses. */
149 #if !defined(CONFIG_USER_ONLY)
150 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
153 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
156 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
159 /* Size of the L2 (and L3, etc) page tables. */
161 #define L2_SIZE (1 << L2_BITS)
163 #define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
166 /* The bits remaining after N lower levels of page tables. */
167 #define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
170 #if V_L1_BITS_REM < 4
171 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
173 #define V_L1_BITS V_L1_BITS_REM
176 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
178 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
180 unsigned long qemu_real_host_page_size;
181 unsigned long qemu_host_page_size;
182 unsigned long qemu_host_page_mask;
184 /* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186 static void *l1_map[V_L1_SIZE];
188 #if !defined(CONFIG_USER_ONLY)
189 typedef struct PhysPageEntry PhysPageEntry;
191 static MemoryRegionSection *phys_sections;
192 static unsigned phys_sections_nb, phys_sections_nb_alloc;
193 static uint16_t phys_section_unassigned;
194 static uint16_t phys_section_notdirty;
195 static uint16_t phys_section_rom;
196 static uint16_t phys_section_watch;
198 struct PhysPageEntry {
199 uint16_t is_leaf : 1;
200 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
204 /* Simple allocator for PhysPageEntry nodes */
205 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
206 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
208 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
210 /* This is a multi-level map on the physical address space.
211 The bottom level has pointers to MemoryRegionSections. */
212 static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
214 static void io_mem_init(void);
215 static void memory_map_init(void);
217 static MemoryRegion io_mem_watch;
222 static const char *logfilename = "qemu.log";
224 static const char *logfilename = "/tmp/qemu.log";
228 static int log_append = 0;
231 #if !defined(CONFIG_USER_ONLY)
232 static int tlb_flush_count;
234 static int tb_flush_count;
235 static int tb_phys_invalidate_count;
238 static void map_exec(void *addr, long size)
241 VirtualProtect(addr, size,
242 PAGE_EXECUTE_READWRITE, &old_protect);
246 static void map_exec(void *addr, long size)
248 unsigned long start, end, page_size;
250 page_size = getpagesize();
251 start = (unsigned long)addr;
252 start &= ~(page_size - 1);
254 end = (unsigned long)addr + size;
255 end += page_size - 1;
256 end &= ~(page_size - 1);
258 mprotect((void *)start, end - start,
259 PROT_READ | PROT_WRITE | PROT_EXEC);
263 static void page_init(void)
265 /* NOTE: we can always suppose that qemu_host_page_size >=
269 SYSTEM_INFO system_info;
271 GetSystemInfo(&system_info);
272 qemu_real_host_page_size = system_info.dwPageSize;
275 qemu_real_host_page_size = getpagesize();
277 if (qemu_host_page_size == 0)
278 qemu_host_page_size = qemu_real_host_page_size;
279 if (qemu_host_page_size < TARGET_PAGE_SIZE)
280 qemu_host_page_size = TARGET_PAGE_SIZE;
281 qemu_host_page_mask = ~(qemu_host_page_size - 1);
283 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
285 #ifdef HAVE_KINFO_GETVMMAP
286 struct kinfo_vmentry *freep;
289 freep = kinfo_getvmmap(getpid(), &cnt);
292 for (i = 0; i < cnt; i++) {
293 unsigned long startaddr, endaddr;
295 startaddr = freep[i].kve_start;
296 endaddr = freep[i].kve_end;
297 if (h2g_valid(startaddr)) {
298 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
300 if (h2g_valid(endaddr)) {
301 endaddr = h2g(endaddr);
302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
304 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
306 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
317 last_brk = (unsigned long)sbrk(0);
319 f = fopen("/compat/linux/proc/self/maps", "r");
324 unsigned long startaddr, endaddr;
327 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
329 if (n == 2 && h2g_valid(startaddr)) {
330 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
332 if (h2g_valid(endaddr)) {
333 endaddr = h2g(endaddr);
337 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
349 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
355 #if defined(CONFIG_USER_ONLY)
356 /* We can't use g_malloc because it may recurse into a locked mutex. */
357 # define ALLOC(P, SIZE) \
359 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
360 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
363 # define ALLOC(P, SIZE) \
364 do { P = g_malloc0(SIZE); } while (0)
367 /* Level 1. Always allocated. */
368 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
371 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
378 ALLOC(p, sizeof(void *) * L2_SIZE);
382 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
390 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
396 return pd + (index & (L2_SIZE - 1));
399 static inline PageDesc *page_find(tb_page_addr_t index)
401 return page_find_alloc(index, 0);
404 #if !defined(CONFIG_USER_ONLY)
406 static void phys_map_node_reserve(unsigned nodes)
408 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
409 typedef PhysPageEntry Node[L2_SIZE];
410 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
411 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
412 phys_map_nodes_nb + nodes);
413 phys_map_nodes = g_renew(Node, phys_map_nodes,
414 phys_map_nodes_nb_alloc);
418 static uint16_t phys_map_node_alloc(void)
423 ret = phys_map_nodes_nb++;
424 assert(ret != PHYS_MAP_NODE_NIL);
425 assert(ret != phys_map_nodes_nb_alloc);
426 for (i = 0; i < L2_SIZE; ++i) {
427 phys_map_nodes[ret][i].is_leaf = 0;
428 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
433 static void phys_map_nodes_reset(void)
435 phys_map_nodes_nb = 0;
439 static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
440 target_phys_addr_t *nb, uint16_t leaf,
445 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
447 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
448 lp->ptr = phys_map_node_alloc();
449 p = phys_map_nodes[lp->ptr];
451 for (i = 0; i < L2_SIZE; i++) {
453 p[i].ptr = phys_section_unassigned;
457 p = phys_map_nodes[lp->ptr];
459 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
461 while (*nb && lp < &p[L2_SIZE]) {
462 if ((*index & (step - 1)) == 0 && *nb >= step) {
468 phys_page_set_level(lp, index, nb, leaf, level - 1);
474 static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
477 /* Wildly overreserve - it doesn't matter much. */
478 phys_map_node_reserve(3 * P_L2_LEVELS);
480 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
483 static MemoryRegionSection *phys_page_find(target_phys_addr_t index)
485 PhysPageEntry lp = phys_map;
488 uint16_t s_index = phys_section_unassigned;
490 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
491 if (lp.ptr == PHYS_MAP_NODE_NIL) {
494 p = phys_map_nodes[lp.ptr];
495 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
500 return &phys_sections[s_index];
503 static target_phys_addr_t section_addr(MemoryRegionSection *section,
504 target_phys_addr_t addr)
506 addr -= section->offset_within_address_space;
507 addr += section->offset_within_region;
511 static void tlb_protect_code(ram_addr_t ram_addr);
512 static void tlb_unprotect_code_phys(CPUArchState *env, ram_addr_t ram_addr,
514 #define mmap_lock() do { } while(0)
515 #define mmap_unlock() do { } while(0)
518 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
520 #if defined(CONFIG_USER_ONLY)
521 /* Currently it is not recommended to allocate big chunks of data in
522 user mode. It will change when a dedicated libc will be used */
523 #define USE_STATIC_CODE_GEN_BUFFER
526 #ifdef USE_STATIC_CODE_GEN_BUFFER
527 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
528 __attribute__((aligned (CODE_GEN_ALIGN)));
531 static void code_gen_alloc(unsigned long tb_size)
533 #ifdef USE_STATIC_CODE_GEN_BUFFER
534 code_gen_buffer = static_code_gen_buffer;
535 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
536 map_exec(code_gen_buffer, code_gen_buffer_size);
538 code_gen_buffer_size = tb_size;
539 if (code_gen_buffer_size == 0) {
540 #if defined(CONFIG_USER_ONLY)
541 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
543 /* XXX: needs adjustments */
544 code_gen_buffer_size = (unsigned long)(ram_size / 4);
547 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
548 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
549 /* The code gen buffer location may have constraints depending on
550 the host cpu and OS */
551 #if defined(__linux__)
556 flags = MAP_PRIVATE | MAP_ANONYMOUS;
557 #if defined(__x86_64__)
559 /* Cannot map more than that */
560 if (code_gen_buffer_size > (800 * 1024 * 1024))
561 code_gen_buffer_size = (800 * 1024 * 1024);
562 #elif defined(__sparc_v9__)
563 // Map the buffer below 2G, so we can use direct calls and branches
565 start = (void *) 0x60000000UL;
566 if (code_gen_buffer_size > (512 * 1024 * 1024))
567 code_gen_buffer_size = (512 * 1024 * 1024);
568 #elif defined(__arm__)
569 /* Keep the buffer no bigger than 16MB to branch between blocks */
570 if (code_gen_buffer_size > 16 * 1024 * 1024)
571 code_gen_buffer_size = 16 * 1024 * 1024;
572 #elif defined(__s390x__)
573 /* Map the buffer so that we can use direct calls and branches. */
574 /* We have a +- 4GB range on the branches; leave some slop. */
575 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
576 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
578 start = (void *)0x90000000UL;
580 code_gen_buffer = mmap(start, code_gen_buffer_size,
581 PROT_WRITE | PROT_READ | PROT_EXEC,
583 if (code_gen_buffer == MAP_FAILED) {
584 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
588 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
589 || defined(__DragonFly__) || defined(__OpenBSD__) \
590 || defined(__NetBSD__)
594 flags = MAP_PRIVATE | MAP_ANONYMOUS;
595 #if defined(__x86_64__)
596 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
597 * 0x40000000 is free */
599 addr = (void *)0x40000000;
600 /* Cannot map more than that */
601 if (code_gen_buffer_size > (800 * 1024 * 1024))
602 code_gen_buffer_size = (800 * 1024 * 1024);
603 #elif defined(__sparc_v9__)
604 // Map the buffer below 2G, so we can use direct calls and branches
606 addr = (void *) 0x60000000UL;
607 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
608 code_gen_buffer_size = (512 * 1024 * 1024);
611 code_gen_buffer = mmap(addr, code_gen_buffer_size,
612 PROT_WRITE | PROT_READ | PROT_EXEC,
614 if (code_gen_buffer == MAP_FAILED) {
615 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
620 code_gen_buffer = g_malloc(code_gen_buffer_size);
621 map_exec(code_gen_buffer, code_gen_buffer_size);
623 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
624 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
625 code_gen_buffer_max_size = code_gen_buffer_size -
626 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
627 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
628 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
631 /* Must be called before using the QEMU cpus. 'tb_size' is the size
632 (in bytes) allocated to the translation buffer. Zero means default
634 void tcg_exec_init(unsigned long tb_size)
637 code_gen_alloc(tb_size);
638 code_gen_ptr = code_gen_buffer;
640 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
641 /* There's no guest base to take into account, so go ahead and
642 initialize the prologue now. */
643 tcg_prologue_init(&tcg_ctx);
647 bool tcg_enabled(void)
649 return code_gen_buffer != NULL;
652 void cpu_exec_init_all(void)
654 #if !defined(CONFIG_USER_ONLY)
660 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
662 static int cpu_common_post_load(void *opaque, int version_id)
664 CPUArchState *env = opaque;
666 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
667 version_id is increased. */
668 env->interrupt_request &= ~0x01;
674 static const VMStateDescription vmstate_cpu_common = {
675 .name = "cpu_common",
677 .minimum_version_id = 1,
678 .minimum_version_id_old = 1,
679 .post_load = cpu_common_post_load,
680 .fields = (VMStateField []) {
681 VMSTATE_UINT32(halted, CPUArchState),
682 VMSTATE_UINT32(interrupt_request, CPUArchState),
683 VMSTATE_END_OF_LIST()
688 CPUArchState *qemu_get_cpu(int cpu)
690 CPUArchState *env = first_cpu;
693 if (env->cpu_index == cpu)
701 void cpu_exec_init(CPUArchState *env)
706 #if defined(CONFIG_USER_ONLY)
709 env->next_cpu = NULL;
712 while (*penv != NULL) {
713 penv = &(*penv)->next_cpu;
716 env->cpu_index = cpu_index;
718 QTAILQ_INIT(&env->breakpoints);
719 QTAILQ_INIT(&env->watchpoints);
720 #ifndef CONFIG_USER_ONLY
721 env->thread_id = qemu_get_thread_id();
724 #if defined(CONFIG_USER_ONLY)
727 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
728 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
729 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
730 cpu_save, cpu_load, env);
734 /* Allocate a new translation block. Flush the translation buffer if
735 too many translation blocks or too much generated code. */
736 static TranslationBlock *tb_alloc(target_ulong pc)
738 TranslationBlock *tb;
740 if (nb_tbs >= code_gen_max_blocks ||
741 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
749 void tb_free(TranslationBlock *tb)
751 /* In practice this is mostly used for single use temporary TB
752 Ignore the hard cases and just back up if this TB happens to
753 be the last one generated. */
754 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
755 code_gen_ptr = tb->tc_ptr;
760 static inline void invalidate_page_bitmap(PageDesc *p)
762 if (p->code_bitmap) {
763 g_free(p->code_bitmap);
764 p->code_bitmap = NULL;
766 p->code_write_count = 0;
769 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
771 static void page_flush_tb_1 (int level, void **lp)
780 for (i = 0; i < L2_SIZE; ++i) {
781 pd[i].first_tb = NULL;
782 invalidate_page_bitmap(pd + i);
786 for (i = 0; i < L2_SIZE; ++i) {
787 page_flush_tb_1 (level - 1, pp + i);
792 static void page_flush_tb(void)
795 for (i = 0; i < V_L1_SIZE; i++) {
796 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
800 /* flush all the translation blocks */
801 /* XXX: tb_flush is currently not thread safe */
802 void tb_flush(CPUArchState *env1)
805 #if defined(DEBUG_FLUSH)
806 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
807 (unsigned long)(code_gen_ptr - code_gen_buffer),
809 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
811 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
812 cpu_abort(env1, "Internal error: code buffer overflow\n");
816 for(env = first_cpu; env != NULL; env = env->next_cpu) {
817 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
820 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
823 code_gen_ptr = code_gen_buffer;
824 /* XXX: flush processor icache at this point if cache flush is
829 #ifdef DEBUG_TB_CHECK
831 static void tb_invalidate_check(target_ulong address)
833 TranslationBlock *tb;
835 address &= TARGET_PAGE_MASK;
836 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
837 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
838 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
839 address >= tb->pc + tb->size)) {
840 printf("ERROR invalidate: address=" TARGET_FMT_lx
841 " PC=%08lx size=%04x\n",
842 address, (long)tb->pc, tb->size);
848 /* verify that all the pages have correct rights for code */
849 static void tb_page_check(void)
851 TranslationBlock *tb;
852 int i, flags1, flags2;
854 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
855 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
856 flags1 = page_get_flags(tb->pc);
857 flags2 = page_get_flags(tb->pc + tb->size - 1);
858 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
859 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
860 (long)tb->pc, tb->size, flags1, flags2);
868 /* invalidate one TB */
869 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
872 TranslationBlock *tb1;
876 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
879 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
883 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
885 TranslationBlock *tb1;
891 tb1 = (TranslationBlock *)((long)tb1 & ~3);
893 *ptb = tb1->page_next[n1];
896 ptb = &tb1->page_next[n1];
900 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
902 TranslationBlock *tb1, **ptb;
905 ptb = &tb->jmp_next[n];
908 /* find tb(n) in circular list */
912 tb1 = (TranslationBlock *)((long)tb1 & ~3);
913 if (n1 == n && tb1 == tb)
916 ptb = &tb1->jmp_first;
918 ptb = &tb1->jmp_next[n1];
921 /* now we can suppress tb(n) from the list */
922 *ptb = tb->jmp_next[n];
924 tb->jmp_next[n] = NULL;
928 /* reset the jump entry 'n' of a TB so that it is not chained to
930 static inline void tb_reset_jump(TranslationBlock *tb, int n)
932 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
935 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
940 tb_page_addr_t phys_pc;
941 TranslationBlock *tb1, *tb2;
943 /* remove the TB from the hash list */
944 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
945 h = tb_phys_hash_func(phys_pc);
946 tb_remove(&tb_phys_hash[h], tb,
947 offsetof(TranslationBlock, phys_hash_next));
949 /* remove the TB from the page list */
950 if (tb->page_addr[0] != page_addr) {
951 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
952 tb_page_remove(&p->first_tb, tb);
953 invalidate_page_bitmap(p);
955 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
956 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
957 tb_page_remove(&p->first_tb, tb);
958 invalidate_page_bitmap(p);
961 tb_invalidated_flag = 1;
963 /* remove the TB from the hash list */
964 h = tb_jmp_cache_hash_func(tb->pc);
965 for(env = first_cpu; env != NULL; env = env->next_cpu) {
966 if (env->tb_jmp_cache[h] == tb)
967 env->tb_jmp_cache[h] = NULL;
970 /* suppress this TB from the two jump lists */
971 tb_jmp_remove(tb, 0);
972 tb_jmp_remove(tb, 1);
974 /* suppress any remaining jumps to this TB */
980 tb1 = (TranslationBlock *)((long)tb1 & ~3);
981 tb2 = tb1->jmp_next[n1];
982 tb_reset_jump(tb1, n1);
983 tb1->jmp_next[n1] = NULL;
986 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
988 tb_phys_invalidate_count++;
991 static inline void set_bits(uint8_t *tab, int start, int len)
997 mask = 0xff << (start & 7);
998 if ((start & ~7) == (end & ~7)) {
1000 mask &= ~(0xff << (end & 7));
1005 start = (start + 8) & ~7;
1007 while (start < end1) {
1012 mask = ~(0xff << (end & 7));
1018 static void build_page_bitmap(PageDesc *p)
1020 int n, tb_start, tb_end;
1021 TranslationBlock *tb;
1023 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
1026 while (tb != NULL) {
1028 tb = (TranslationBlock *)((long)tb & ~3);
1029 /* NOTE: this is subtle as a TB may span two physical pages */
1031 /* NOTE: tb_end may be after the end of the page, but
1032 it is not a problem */
1033 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1034 tb_end = tb_start + tb->size;
1035 if (tb_end > TARGET_PAGE_SIZE)
1036 tb_end = TARGET_PAGE_SIZE;
1039 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1041 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1042 tb = tb->page_next[n];
1046 TranslationBlock *tb_gen_code(CPUArchState *env,
1047 target_ulong pc, target_ulong cs_base,
1048 int flags, int cflags)
1050 TranslationBlock *tb;
1052 tb_page_addr_t phys_pc, phys_page2;
1053 target_ulong virt_page2;
1056 phys_pc = get_page_addr_code(env, pc);
1059 /* flush must be done */
1061 /* cannot fail at this point */
1063 /* Don't forget to invalidate previous TB info. */
1064 tb_invalidated_flag = 1;
1066 tc_ptr = code_gen_ptr;
1067 tb->tc_ptr = tc_ptr;
1068 tb->cs_base = cs_base;
1070 tb->cflags = cflags;
1071 cpu_gen_code(env, tb, &code_gen_size);
1072 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1074 /* check next page if needed */
1075 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1077 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1078 phys_page2 = get_page_addr_code(env, virt_page2);
1080 tb_link_page(tb, phys_pc, phys_page2);
1084 /* invalidate all TBs which intersect with the target physical page
1085 starting in range [start;end[. NOTE: start and end must refer to
1086 the same physical page. 'is_cpu_write_access' should be true if called
1087 from a real cpu write access: the virtual CPU will exit the current
1088 TB if code is modified inside this TB. */
1089 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1090 int is_cpu_write_access)
1092 TranslationBlock *tb, *tb_next, *saved_tb;
1093 CPUArchState *env = cpu_single_env;
1094 tb_page_addr_t tb_start, tb_end;
1097 #ifdef TARGET_HAS_PRECISE_SMC
1098 int current_tb_not_found = is_cpu_write_access;
1099 TranslationBlock *current_tb = NULL;
1100 int current_tb_modified = 0;
1101 target_ulong current_pc = 0;
1102 target_ulong current_cs_base = 0;
1103 int current_flags = 0;
1104 #endif /* TARGET_HAS_PRECISE_SMC */
1106 p = page_find(start >> TARGET_PAGE_BITS);
1109 if (!p->code_bitmap &&
1110 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1111 is_cpu_write_access) {
1112 /* build code bitmap */
1113 build_page_bitmap(p);
1116 /* we remove all the TBs in the range [start, end[ */
1117 /* XXX: see if in some cases it could be faster to invalidate all the code */
1119 while (tb != NULL) {
1121 tb = (TranslationBlock *)((long)tb & ~3);
1122 tb_next = tb->page_next[n];
1123 /* NOTE: this is subtle as a TB may span two physical pages */
1125 /* NOTE: tb_end may be after the end of the page, but
1126 it is not a problem */
1127 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1128 tb_end = tb_start + tb->size;
1130 tb_start = tb->page_addr[1];
1131 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1133 if (!(tb_end <= start || tb_start >= end)) {
1134 #ifdef TARGET_HAS_PRECISE_SMC
1135 if (current_tb_not_found) {
1136 current_tb_not_found = 0;
1138 if (env->mem_io_pc) {
1139 /* now we have a real cpu fault */
1140 current_tb = tb_find_pc(env->mem_io_pc);
1143 if (current_tb == tb &&
1144 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1145 /* If we are modifying the current TB, we must stop
1146 its execution. We could be more precise by checking
1147 that the modification is after the current PC, but it
1148 would require a specialized function to partially
1149 restore the CPU state */
1151 current_tb_modified = 1;
1152 cpu_restore_state(current_tb, env, env->mem_io_pc);
1153 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1156 #endif /* TARGET_HAS_PRECISE_SMC */
1157 /* we need to do that to handle the case where a signal
1158 occurs while doing tb_phys_invalidate() */
1161 saved_tb = env->current_tb;
1162 env->current_tb = NULL;
1164 tb_phys_invalidate(tb, -1);
1166 env->current_tb = saved_tb;
1167 if (env->interrupt_request && env->current_tb)
1168 cpu_interrupt(env, env->interrupt_request);
1173 #if !defined(CONFIG_USER_ONLY)
1174 /* if no code remaining, no need to continue to use slow writes */
1176 invalidate_page_bitmap(p);
1177 if (is_cpu_write_access) {
1178 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1182 #ifdef TARGET_HAS_PRECISE_SMC
1183 if (current_tb_modified) {
1184 /* we generate a block containing just the instruction
1185 modifying the memory. It will ensure that it cannot modify
1187 env->current_tb = NULL;
1188 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1189 cpu_resume_from_signal(env, NULL);
1194 /* len must be <= 8 and start must be a multiple of len */
1195 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1201 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1202 cpu_single_env->mem_io_vaddr, len,
1203 cpu_single_env->eip,
1204 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1207 p = page_find(start >> TARGET_PAGE_BITS);
1210 if (p->code_bitmap) {
1211 offset = start & ~TARGET_PAGE_MASK;
1212 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1213 if (b & ((1 << len) - 1))
1217 tb_invalidate_phys_page_range(start, start + len, 1);
1221 #if !defined(CONFIG_SOFTMMU)
1222 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1223 unsigned long pc, void *puc)
1225 TranslationBlock *tb;
1228 #ifdef TARGET_HAS_PRECISE_SMC
1229 TranslationBlock *current_tb = NULL;
1230 CPUArchState *env = cpu_single_env;
1231 int current_tb_modified = 0;
1232 target_ulong current_pc = 0;
1233 target_ulong current_cs_base = 0;
1234 int current_flags = 0;
1237 addr &= TARGET_PAGE_MASK;
1238 p = page_find(addr >> TARGET_PAGE_BITS);
1242 #ifdef TARGET_HAS_PRECISE_SMC
1243 if (tb && pc != 0) {
1244 current_tb = tb_find_pc(pc);
1247 while (tb != NULL) {
1249 tb = (TranslationBlock *)((long)tb & ~3);
1250 #ifdef TARGET_HAS_PRECISE_SMC
1251 if (current_tb == tb &&
1252 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1253 /* If we are modifying the current TB, we must stop
1254 its execution. We could be more precise by checking
1255 that the modification is after the current PC, but it
1256 would require a specialized function to partially
1257 restore the CPU state */
1259 current_tb_modified = 1;
1260 cpu_restore_state(current_tb, env, pc);
1261 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1264 #endif /* TARGET_HAS_PRECISE_SMC */
1265 tb_phys_invalidate(tb, addr);
1266 tb = tb->page_next[n];
1269 #ifdef TARGET_HAS_PRECISE_SMC
1270 if (current_tb_modified) {
1271 /* we generate a block containing just the instruction
1272 modifying the memory. It will ensure that it cannot modify
1274 env->current_tb = NULL;
1275 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1276 cpu_resume_from_signal(env, puc);
1282 /* add the tb in the target page and protect it if necessary */
1283 static inline void tb_alloc_page(TranslationBlock *tb,
1284 unsigned int n, tb_page_addr_t page_addr)
1287 #ifndef CONFIG_USER_ONLY
1288 bool page_already_protected;
1291 tb->page_addr[n] = page_addr;
1292 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1293 tb->page_next[n] = p->first_tb;
1294 #ifndef CONFIG_USER_ONLY
1295 page_already_protected = p->first_tb != NULL;
1297 p->first_tb = (TranslationBlock *)((long)tb | n);
1298 invalidate_page_bitmap(p);
1300 #if defined(TARGET_HAS_SMC) || 1
1302 #if defined(CONFIG_USER_ONLY)
1303 if (p->flags & PAGE_WRITE) {
1308 /* force the host page as non writable (writes will have a
1309 page fault + mprotect overhead) */
1310 page_addr &= qemu_host_page_mask;
1312 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1313 addr += TARGET_PAGE_SIZE) {
1315 p2 = page_find (addr >> TARGET_PAGE_BITS);
1319 p2->flags &= ~PAGE_WRITE;
1321 mprotect(g2h(page_addr), qemu_host_page_size,
1322 (prot & PAGE_BITS) & ~PAGE_WRITE);
1323 #ifdef DEBUG_TB_INVALIDATE
1324 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1329 /* if some code is already present, then the pages are already
1330 protected. So we handle the case where only the first TB is
1331 allocated in a physical page */
1332 if (!page_already_protected) {
1333 tlb_protect_code(page_addr);
1337 #endif /* TARGET_HAS_SMC */
1340 /* add a new TB and link it to the physical page tables. phys_page2 is
1341 (-1) to indicate that only one page contains the TB. */
1342 void tb_link_page(TranslationBlock *tb,
1343 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1346 TranslationBlock **ptb;
1348 /* Grab the mmap lock to stop another thread invalidating this TB
1349 before we are done. */
1351 /* add in the physical hash table */
1352 h = tb_phys_hash_func(phys_pc);
1353 ptb = &tb_phys_hash[h];
1354 tb->phys_hash_next = *ptb;
1357 /* add in the page list */
1358 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1359 if (phys_page2 != -1)
1360 tb_alloc_page(tb, 1, phys_page2);
1362 tb->page_addr[1] = -1;
1364 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1365 tb->jmp_next[0] = NULL;
1366 tb->jmp_next[1] = NULL;
1368 /* init original jump addresses */
1369 if (tb->tb_next_offset[0] != 0xffff)
1370 tb_reset_jump(tb, 0);
1371 if (tb->tb_next_offset[1] != 0xffff)
1372 tb_reset_jump(tb, 1);
1374 #ifdef DEBUG_TB_CHECK
1380 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1381 tb[1].tc_ptr. Return NULL if not found */
1382 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1384 int m_min, m_max, m;
1386 TranslationBlock *tb;
1390 if (tc_ptr < (unsigned long)code_gen_buffer ||
1391 tc_ptr >= (unsigned long)code_gen_ptr)
1393 /* binary search (cf Knuth) */
1396 while (m_min <= m_max) {
1397 m = (m_min + m_max) >> 1;
1399 v = (unsigned long)tb->tc_ptr;
1402 else if (tc_ptr < v) {
1411 static void tb_reset_jump_recursive(TranslationBlock *tb);
1413 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1415 TranslationBlock *tb1, *tb_next, **ptb;
1418 tb1 = tb->jmp_next[n];
1420 /* find head of list */
1423 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1426 tb1 = tb1->jmp_next[n1];
1428 /* we are now sure now that tb jumps to tb1 */
1431 /* remove tb from the jmp_first list */
1432 ptb = &tb_next->jmp_first;
1436 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1437 if (n1 == n && tb1 == tb)
1439 ptb = &tb1->jmp_next[n1];
1441 *ptb = tb->jmp_next[n];
1442 tb->jmp_next[n] = NULL;
1444 /* suppress the jump to next tb in generated code */
1445 tb_reset_jump(tb, n);
1447 /* suppress jumps in the tb on which we could have jumped */
1448 tb_reset_jump_recursive(tb_next);
1452 static void tb_reset_jump_recursive(TranslationBlock *tb)
1454 tb_reset_jump_recursive2(tb, 0);
1455 tb_reset_jump_recursive2(tb, 1);
1458 #if defined(TARGET_HAS_ICE)
1459 #if defined(CONFIG_USER_ONLY)
1460 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1462 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1465 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1467 target_phys_addr_t addr;
1468 ram_addr_t ram_addr;
1469 MemoryRegionSection *section;
1471 addr = cpu_get_phys_page_debug(env, pc);
1472 section = phys_page_find(addr >> TARGET_PAGE_BITS);
1473 if (!(memory_region_is_ram(section->mr)
1474 || (section->mr->rom_device && section->mr->readable))) {
1477 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1478 + section_addr(section, addr);
1479 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1482 #endif /* TARGET_HAS_ICE */
1484 #if defined(CONFIG_USER_ONLY)
1485 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1490 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1491 int flags, CPUWatchpoint **watchpoint)
1496 /* Add a watchpoint. */
1497 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1498 int flags, CPUWatchpoint **watchpoint)
1500 target_ulong len_mask = ~(len - 1);
1503 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1504 if ((len & (len - 1)) || (addr & ~len_mask) ||
1505 len == 0 || len > TARGET_PAGE_SIZE) {
1506 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1507 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1510 wp = g_malloc(sizeof(*wp));
1513 wp->len_mask = len_mask;
1516 /* keep all GDB-injected watchpoints in front */
1518 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1520 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1522 tlb_flush_page(env, addr);
1529 /* Remove a specific watchpoint. */
1530 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
1533 target_ulong len_mask = ~(len - 1);
1536 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1537 if (addr == wp->vaddr && len_mask == wp->len_mask
1538 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1539 cpu_watchpoint_remove_by_ref(env, wp);
1546 /* Remove a specific watchpoint by reference. */
1547 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
1549 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1551 tlb_flush_page(env, watchpoint->vaddr);
1556 /* Remove all matching watchpoints. */
1557 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1559 CPUWatchpoint *wp, *next;
1561 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1562 if (wp->flags & mask)
1563 cpu_watchpoint_remove_by_ref(env, wp);
1568 /* Add a breakpoint. */
1569 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
1570 CPUBreakpoint **breakpoint)
1572 #if defined(TARGET_HAS_ICE)
1575 bp = g_malloc(sizeof(*bp));
1580 /* keep all GDB-injected breakpoints in front */
1582 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1584 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1586 breakpoint_invalidate(env, pc);
1596 /* Remove a specific breakpoint. */
1597 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
1599 #if defined(TARGET_HAS_ICE)
1602 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1603 if (bp->pc == pc && bp->flags == flags) {
1604 cpu_breakpoint_remove_by_ref(env, bp);
1614 /* Remove a specific breakpoint by reference. */
1615 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
1617 #if defined(TARGET_HAS_ICE)
1618 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1620 breakpoint_invalidate(env, breakpoint->pc);
1626 /* Remove all matching breakpoints. */
1627 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
1629 #if defined(TARGET_HAS_ICE)
1630 CPUBreakpoint *bp, *next;
1632 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1633 if (bp->flags & mask)
1634 cpu_breakpoint_remove_by_ref(env, bp);
1639 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1640 CPU loop after each instruction */
1641 void cpu_single_step(CPUArchState *env, int enabled)
1643 #if defined(TARGET_HAS_ICE)
1644 if (env->singlestep_enabled != enabled) {
1645 env->singlestep_enabled = enabled;
1647 kvm_update_guest_debug(env, 0);
1649 /* must flush all the translated code to avoid inconsistencies */
1650 /* XXX: only flush what is necessary */
1657 /* enable or disable low levels log */
1658 void cpu_set_log(int log_flags)
1660 loglevel = log_flags;
1661 if (loglevel && !logfile) {
1662 logfile = fopen(logfilename, log_append ? "a" : "w");
1664 perror(logfilename);
1667 #if !defined(CONFIG_SOFTMMU)
1668 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1670 static char logfile_buf[4096];
1671 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1673 #elif defined(_WIN32)
1674 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1675 setvbuf(logfile, NULL, _IONBF, 0);
1677 setvbuf(logfile, NULL, _IOLBF, 0);
1681 if (!loglevel && logfile) {
1687 void cpu_set_log_filename(const char *filename)
1689 logfilename = strdup(filename);
1694 cpu_set_log(loglevel);
1697 static void cpu_unlink_tb(CPUArchState *env)
1699 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1700 problem and hope the cpu will stop of its own accord. For userspace
1701 emulation this often isn't actually as bad as it sounds. Often
1702 signals are used primarily to interrupt blocking syscalls. */
1703 TranslationBlock *tb;
1704 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1706 spin_lock(&interrupt_lock);
1707 tb = env->current_tb;
1708 /* if the cpu is currently executing code, we must unlink it and
1709 all the potentially executing TB */
1711 env->current_tb = NULL;
1712 tb_reset_jump_recursive(tb);
1714 spin_unlock(&interrupt_lock);
1717 #ifndef CONFIG_USER_ONLY
1718 /* mask must never be zero, except for A20 change call */
1719 static void tcg_handle_interrupt(CPUArchState *env, int mask)
1723 old_mask = env->interrupt_request;
1724 env->interrupt_request |= mask;
1727 * If called from iothread context, wake the target cpu in
1730 if (!qemu_cpu_is_self(env)) {
1736 env->icount_decr.u16.high = 0xffff;
1738 && (mask & ~old_mask) != 0) {
1739 cpu_abort(env, "Raised interrupt while not in I/O function");
1746 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1748 #else /* CONFIG_USER_ONLY */
1750 void cpu_interrupt(CPUArchState *env, int mask)
1752 env->interrupt_request |= mask;
1755 #endif /* CONFIG_USER_ONLY */
1757 void cpu_reset_interrupt(CPUArchState *env, int mask)
1759 env->interrupt_request &= ~mask;
1762 void cpu_exit(CPUArchState *env)
1764 env->exit_request = 1;
1768 const CPULogItem cpu_log_items[] = {
1769 { CPU_LOG_TB_OUT_ASM, "out_asm",
1770 "show generated host assembly code for each compiled TB" },
1771 { CPU_LOG_TB_IN_ASM, "in_asm",
1772 "show target assembly code for each compiled TB" },
1773 { CPU_LOG_TB_OP, "op",
1774 "show micro ops for each compiled TB" },
1775 { CPU_LOG_TB_OP_OPT, "op_opt",
1778 "before eflags optimization and "
1780 "after liveness analysis" },
1781 { CPU_LOG_INT, "int",
1782 "show interrupts/exceptions in short format" },
1783 { CPU_LOG_EXEC, "exec",
1784 "show trace before each executed TB (lots of logs)" },
1785 { CPU_LOG_TB_CPU, "cpu",
1786 "show CPU state before block translation" },
1788 { CPU_LOG_PCALL, "pcall",
1789 "show protected mode far calls/returns/exceptions" },
1790 { CPU_LOG_RESET, "cpu_reset",
1791 "show CPU state before CPU resets" },
1794 { CPU_LOG_IOPORT, "ioport",
1795 "show all i/o ports accesses" },
1800 static int cmp1(const char *s1, int n, const char *s2)
1802 if (strlen(s2) != n)
1804 return memcmp(s1, s2, n) == 0;
1807 /* takes a comma separated list of log masks. Return 0 if error. */
1808 int cpu_str_to_log_mask(const char *str)
1810 const CPULogItem *item;
1817 p1 = strchr(p, ',');
1820 if(cmp1(p,p1-p,"all")) {
1821 for(item = cpu_log_items; item->mask != 0; item++) {
1825 for(item = cpu_log_items; item->mask != 0; item++) {
1826 if (cmp1(p, p1 - p, item->name))
1840 void cpu_abort(CPUArchState *env, const char *fmt, ...)
1847 fprintf(stderr, "qemu: fatal: ");
1848 vfprintf(stderr, fmt, ap);
1849 fprintf(stderr, "\n");
1851 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1853 cpu_dump_state(env, stderr, fprintf, 0);
1855 if (qemu_log_enabled()) {
1856 qemu_log("qemu: fatal: ");
1857 qemu_log_vprintf(fmt, ap2);
1860 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1862 log_cpu_state(env, 0);
1869 #if defined(CONFIG_USER_ONLY)
1871 struct sigaction act;
1872 sigfillset(&act.sa_mask);
1873 act.sa_handler = SIG_DFL;
1874 sigaction(SIGABRT, &act, NULL);
1880 CPUArchState *cpu_copy(CPUArchState *env)
1882 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1883 CPUArchState *next_cpu = new_env->next_cpu;
1884 int cpu_index = new_env->cpu_index;
1885 #if defined(TARGET_HAS_ICE)
1890 memcpy(new_env, env, sizeof(CPUArchState));
1892 /* Preserve chaining and index. */
1893 new_env->next_cpu = next_cpu;
1894 new_env->cpu_index = cpu_index;
1896 /* Clone all break/watchpoints.
1897 Note: Once we support ptrace with hw-debug register access, make sure
1898 BP_CPU break/watchpoints are handled correctly on clone. */
1899 QTAILQ_INIT(&env->breakpoints);
1900 QTAILQ_INIT(&env->watchpoints);
1901 #if defined(TARGET_HAS_ICE)
1902 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1903 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1905 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1906 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1914 #if !defined(CONFIG_USER_ONLY)
1916 static inline void tlb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1920 /* Discard jump cache entries for any tb which might potentially
1921 overlap the flushed page. */
1922 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1923 memset (&env->tb_jmp_cache[i], 0,
1924 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1926 i = tb_jmp_cache_hash_page(addr);
1927 memset (&env->tb_jmp_cache[i], 0,
1928 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1931 static CPUTLBEntry s_cputlb_empty_entry = {
1939 * If flush_global is true (the usual case), flush all tlb entries.
1940 * If flush_global is false, flush (at least) all tlb entries not
1943 * Since QEMU doesn't currently implement a global/not-global flag
1944 * for tlb entries, at the moment tlb_flush() will also flush all
1945 * tlb entries in the flush_global == false case. This is OK because
1946 * CPU architectures generally permit an implementation to drop
1947 * entries from the TLB at any time, so flushing more entries than
1948 * required is only an efficiency issue, not a correctness issue.
1950 void tlb_flush(CPUArchState *env, int flush_global)
1954 #if defined(DEBUG_TLB)
1955 printf("tlb_flush:\n");
1957 /* must reset current TB so that interrupts cannot modify the
1958 links while we are modifying them */
1959 env->current_tb = NULL;
1961 for(i = 0; i < CPU_TLB_SIZE; i++) {
1963 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1964 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1968 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1970 env->tlb_flush_addr = -1;
1971 env->tlb_flush_mask = 0;
1975 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1977 if (addr == (tlb_entry->addr_read &
1978 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1979 addr == (tlb_entry->addr_write &
1980 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1981 addr == (tlb_entry->addr_code &
1982 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1983 *tlb_entry = s_cputlb_empty_entry;
1987 void tlb_flush_page(CPUArchState *env, target_ulong addr)
1992 #if defined(DEBUG_TLB)
1993 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1995 /* Check if we need to flush due to large pages. */
1996 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1997 #if defined(DEBUG_TLB)
1998 printf("tlb_flush_page: forced full flush ("
1999 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2000 env->tlb_flush_addr, env->tlb_flush_mask);
2005 /* must reset current TB so that interrupts cannot modify the
2006 links while we are modifying them */
2007 env->current_tb = NULL;
2009 addr &= TARGET_PAGE_MASK;
2010 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2011 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2012 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
2014 tlb_flush_jmp_cache(env, addr);
2017 /* update the TLBs so that writes to code in the virtual page 'addr'
2019 static void tlb_protect_code(ram_addr_t ram_addr)
2021 cpu_physical_memory_reset_dirty(ram_addr,
2022 ram_addr + TARGET_PAGE_SIZE,
2026 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2027 tested for self modifying code */
2028 static void tlb_unprotect_code_phys(CPUArchState *env, ram_addr_t ram_addr,
2031 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2034 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2035 unsigned long start, unsigned long length)
2038 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
2039 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2040 if ((addr - start) < length) {
2041 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2046 /* Note: start and end must be within the same ram block. */
2047 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2051 unsigned long length, start1;
2054 start &= TARGET_PAGE_MASK;
2055 end = TARGET_PAGE_ALIGN(end);
2057 length = end - start;
2060 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2062 /* we modify the TLB cache so that the dirty bit will be set again
2063 when accessing the range */
2064 start1 = (unsigned long)qemu_safe_ram_ptr(start);
2065 /* Check that we don't span multiple blocks - this breaks the
2066 address comparisons below. */
2067 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
2068 != (end - 1) - start) {
2072 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2074 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2075 for(i = 0; i < CPU_TLB_SIZE; i++)
2076 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2082 int cpu_physical_memory_set_dirty_tracking(int enable)
2085 in_migration = enable;
2089 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2091 ram_addr_t ram_addr;
2094 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
2095 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2096 + tlb_entry->addend);
2097 ram_addr = qemu_ram_addr_from_host_nofail(p);
2098 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2099 tlb_entry->addr_write |= TLB_NOTDIRTY;
2104 /* update the TLB according to the current state of the dirty bits */
2105 void cpu_tlb_update_dirty(CPUArchState *env)
2109 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2110 for(i = 0; i < CPU_TLB_SIZE; i++)
2111 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2115 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2117 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2118 tlb_entry->addr_write = vaddr;
2121 /* update the TLB corresponding to virtual page vaddr
2122 so that it is no longer dirty */
2123 static inline void tlb_set_dirty(CPUArchState *env, target_ulong vaddr)
2128 vaddr &= TARGET_PAGE_MASK;
2129 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2130 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2131 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2134 /* Our TLB does not support large pages, so remember the area covered by
2135 large pages and trigger a full TLB flush if these are invalidated. */
2136 static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr,
2139 target_ulong mask = ~(size - 1);
2141 if (env->tlb_flush_addr == (target_ulong)-1) {
2142 env->tlb_flush_addr = vaddr & mask;
2143 env->tlb_flush_mask = mask;
2146 /* Extend the existing region to include the new page.
2147 This is a compromise between unnecessary flushes and the cost
2148 of maintaining a full variable size TLB. */
2149 mask &= env->tlb_flush_mask;
2150 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2153 env->tlb_flush_addr &= mask;
2154 env->tlb_flush_mask = mask;
2157 static bool is_ram_rom(MemoryRegionSection *s)
2159 return memory_region_is_ram(s->mr);
2162 static bool is_romd(MemoryRegionSection *s)
2164 MemoryRegion *mr = s->mr;
2166 return mr->rom_device && mr->readable;
2169 static bool is_ram_rom_romd(MemoryRegionSection *s)
2171 return is_ram_rom(s) || is_romd(s);
2174 /* Add a new TLB entry. At most one entry for a given virtual address
2175 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2176 supplied size is only used by tlb_flush_page. */
2177 void tlb_set_page(CPUArchState *env, target_ulong vaddr,
2178 target_phys_addr_t paddr, int prot,
2179 int mmu_idx, target_ulong size)
2181 MemoryRegionSection *section;
2183 target_ulong address;
2184 target_ulong code_address;
2185 unsigned long addend;
2188 target_phys_addr_t iotlb;
2190 assert(size >= TARGET_PAGE_SIZE);
2191 if (size != TARGET_PAGE_SIZE) {
2192 tlb_add_large_page(env, vaddr, size);
2194 section = phys_page_find(paddr >> TARGET_PAGE_BITS);
2195 #if defined(DEBUG_TLB)
2196 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2197 " prot=%x idx=%d pd=0x%08lx\n",
2198 vaddr, paddr, prot, mmu_idx, pd);
2202 if (!is_ram_rom_romd(section)) {
2203 /* IO memory case (romd handled later) */
2204 address |= TLB_MMIO;
2206 if (is_ram_rom_romd(section)) {
2207 addend = (unsigned long)memory_region_get_ram_ptr(section->mr)
2208 + section_addr(section, paddr);
2212 if (is_ram_rom(section)) {
2214 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2215 + section_addr(section, paddr);
2216 if (!section->readonly)
2217 iotlb |= phys_section_notdirty;
2219 iotlb |= phys_section_rom;
2221 /* IO handlers are currently passed a physical address.
2222 It would be nice to pass an offset from the base address
2223 of that region. This would avoid having to special case RAM,
2224 and avoid full address decoding in every device.
2225 We can't use the high bits of pd for this because
2226 IO_MEM_ROMD uses these as a ram address. */
2227 iotlb = section - phys_sections;
2228 iotlb += section_addr(section, paddr);
2231 code_address = address;
2232 /* Make accesses to pages with watchpoints go via the
2233 watchpoint trap routines. */
2234 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2235 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2236 /* Avoid trapping reads of pages with a write breakpoint. */
2237 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2238 iotlb = phys_section_watch + paddr;
2239 address |= TLB_MMIO;
2245 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2246 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2247 te = &env->tlb_table[mmu_idx][index];
2248 te->addend = addend - vaddr;
2249 if (prot & PAGE_READ) {
2250 te->addr_read = address;
2255 if (prot & PAGE_EXEC) {
2256 te->addr_code = code_address;
2260 if (prot & PAGE_WRITE) {
2261 if ((memory_region_is_ram(section->mr) && section->readonly)
2262 || is_romd(section)) {
2263 /* Write access calls the I/O callback. */
2264 te->addr_write = address | TLB_MMIO;
2265 } else if (memory_region_is_ram(section->mr)
2266 && !cpu_physical_memory_is_dirty(
2267 section->mr->ram_addr
2268 + section_addr(section, paddr))) {
2269 te->addr_write = address | TLB_NOTDIRTY;
2271 te->addr_write = address;
2274 te->addr_write = -1;
2280 void tlb_flush(CPUArchState *env, int flush_global)
2284 void tlb_flush_page(CPUArchState *env, target_ulong addr)
2289 * Walks guest process memory "regions" one by one
2290 * and calls callback function 'fn' for each region.
2293 struct walk_memory_regions_data
2295 walk_memory_regions_fn fn;
2297 unsigned long start;
2301 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2302 abi_ulong end, int new_prot)
2304 if (data->start != -1ul) {
2305 int rc = data->fn(data->priv, data->start, end, data->prot);
2311 data->start = (new_prot ? end : -1ul);
2312 data->prot = new_prot;
2317 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2318 abi_ulong base, int level, void **lp)
2324 return walk_memory_regions_end(data, base, 0);
2329 for (i = 0; i < L2_SIZE; ++i) {
2330 int prot = pd[i].flags;
2332 pa = base | (i << TARGET_PAGE_BITS);
2333 if (prot != data->prot) {
2334 rc = walk_memory_regions_end(data, pa, prot);
2342 for (i = 0; i < L2_SIZE; ++i) {
2343 pa = base | ((abi_ulong)i <<
2344 (TARGET_PAGE_BITS + L2_BITS * level));
2345 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2355 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2357 struct walk_memory_regions_data data;
2365 for (i = 0; i < V_L1_SIZE; i++) {
2366 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2367 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2373 return walk_memory_regions_end(&data, 0, 0);
2376 static int dump_region(void *priv, abi_ulong start,
2377 abi_ulong end, unsigned long prot)
2379 FILE *f = (FILE *)priv;
2381 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2382 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2383 start, end, end - start,
2384 ((prot & PAGE_READ) ? 'r' : '-'),
2385 ((prot & PAGE_WRITE) ? 'w' : '-'),
2386 ((prot & PAGE_EXEC) ? 'x' : '-'));
2391 /* dump memory mappings */
2392 void page_dump(FILE *f)
2394 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2395 "start", "end", "size", "prot");
2396 walk_memory_regions(f, dump_region);
2399 int page_get_flags(target_ulong address)
2403 p = page_find(address >> TARGET_PAGE_BITS);
2409 /* Modify the flags of a page and invalidate the code if necessary.
2410 The flag PAGE_WRITE_ORG is positioned automatically depending
2411 on PAGE_WRITE. The mmap_lock should already be held. */
2412 void page_set_flags(target_ulong start, target_ulong end, int flags)
2414 target_ulong addr, len;
2416 /* This function should never be called with addresses outside the
2417 guest address space. If this assert fires, it probably indicates
2418 a missing call to h2g_valid. */
2419 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2420 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2422 assert(start < end);
2424 start = start & TARGET_PAGE_MASK;
2425 end = TARGET_PAGE_ALIGN(end);
2427 if (flags & PAGE_WRITE) {
2428 flags |= PAGE_WRITE_ORG;
2431 for (addr = start, len = end - start;
2433 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2434 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2436 /* If the write protection bit is set, then we invalidate
2438 if (!(p->flags & PAGE_WRITE) &&
2439 (flags & PAGE_WRITE) &&
2441 tb_invalidate_phys_page(addr, 0, NULL);
2447 int page_check_range(target_ulong start, target_ulong len, int flags)
2453 /* This function should never be called with addresses outside the
2454 guest address space. If this assert fires, it probably indicates
2455 a missing call to h2g_valid. */
2456 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2457 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2463 if (start + len - 1 < start) {
2464 /* We've wrapped around. */
2468 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2469 start = start & TARGET_PAGE_MASK;
2471 for (addr = start, len = end - start;
2473 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2474 p = page_find(addr >> TARGET_PAGE_BITS);
2477 if( !(p->flags & PAGE_VALID) )
2480 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2482 if (flags & PAGE_WRITE) {
2483 if (!(p->flags & PAGE_WRITE_ORG))
2485 /* unprotect the page if it was put read-only because it
2486 contains translated code */
2487 if (!(p->flags & PAGE_WRITE)) {
2488 if (!page_unprotect(addr, 0, NULL))
2497 /* called from signal handler: invalidate the code and unprotect the
2498 page. Return TRUE if the fault was successfully handled. */
2499 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2503 target_ulong host_start, host_end, addr;
2505 /* Technically this isn't safe inside a signal handler. However we
2506 know this only ever happens in a synchronous SEGV handler, so in
2507 practice it seems to be ok. */
2510 p = page_find(address >> TARGET_PAGE_BITS);
2516 /* if the page was really writable, then we change its
2517 protection back to writable */
2518 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2519 host_start = address & qemu_host_page_mask;
2520 host_end = host_start + qemu_host_page_size;
2523 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2524 p = page_find(addr >> TARGET_PAGE_BITS);
2525 p->flags |= PAGE_WRITE;
2528 /* and since the content will be modified, we must invalidate
2529 the corresponding translated code. */
2530 tb_invalidate_phys_page(addr, pc, puc);
2531 #ifdef DEBUG_TB_CHECK
2532 tb_invalidate_check(addr);
2535 mprotect((void *)g2h(host_start), qemu_host_page_size,
2545 static inline void tlb_set_dirty(CPUArchState *env,
2546 unsigned long addr, target_ulong vaddr)
2549 #endif /* defined(CONFIG_USER_ONLY) */
2551 #if !defined(CONFIG_USER_ONLY)
2553 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2554 typedef struct subpage_t {
2556 target_phys_addr_t base;
2557 uint16_t sub_section[TARGET_PAGE_SIZE];
2560 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2562 static subpage_t *subpage_init(target_phys_addr_t base);
2563 static void destroy_page_desc(uint16_t section_index)
2565 MemoryRegionSection *section = &phys_sections[section_index];
2566 MemoryRegion *mr = section->mr;
2569 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2570 memory_region_destroy(&subpage->iomem);
2575 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
2580 if (lp->ptr == PHYS_MAP_NODE_NIL) {
2584 p = phys_map_nodes[lp->ptr];
2585 for (i = 0; i < L2_SIZE; ++i) {
2586 if (!p[i].is_leaf) {
2587 destroy_l2_mapping(&p[i], level - 1);
2589 destroy_page_desc(p[i].ptr);
2593 lp->ptr = PHYS_MAP_NODE_NIL;
2596 static void destroy_all_mappings(void)
2598 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
2599 phys_map_nodes_reset();
2602 static uint16_t phys_section_add(MemoryRegionSection *section)
2604 if (phys_sections_nb == phys_sections_nb_alloc) {
2605 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2606 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2607 phys_sections_nb_alloc);
2609 phys_sections[phys_sections_nb] = *section;
2610 return phys_sections_nb++;
2613 static void phys_sections_clear(void)
2615 phys_sections_nb = 0;
2618 /* register physical memory.
2619 For RAM, 'size' must be a multiple of the target page size.
2620 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2621 io memory page. The address used when calling the IO function is
2622 the offset from the start of the region, plus region_offset. Both
2623 start_addr and region_offset are rounded down to a page boundary
2624 before calculating this offset. This should not be a problem unless
2625 the low bits of start_addr and region_offset differ. */
2626 static void register_subpage(MemoryRegionSection *section)
2629 target_phys_addr_t base = section->offset_within_address_space
2631 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
2632 MemoryRegionSection subsection = {
2633 .offset_within_address_space = base,
2634 .size = TARGET_PAGE_SIZE,
2636 target_phys_addr_t start, end;
2638 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
2640 if (!(existing->mr->subpage)) {
2641 subpage = subpage_init(base);
2642 subsection.mr = &subpage->iomem;
2643 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2644 phys_section_add(&subsection));
2646 subpage = container_of(existing->mr, subpage_t, iomem);
2648 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2649 end = start + section->size;
2650 subpage_register(subpage, start, end, phys_section_add(section));
2654 static void register_multipage(MemoryRegionSection *section)
2656 target_phys_addr_t start_addr = section->offset_within_address_space;
2657 ram_addr_t size = section->size;
2658 target_phys_addr_t addr;
2659 uint16_t section_index = phys_section_add(section);
2664 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2668 void cpu_register_physical_memory_log(MemoryRegionSection *section,
2671 MemoryRegionSection now = *section, remain = *section;
2673 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2674 || (now.size < TARGET_PAGE_SIZE)) {
2675 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2676 - now.offset_within_address_space,
2678 register_subpage(&now);
2679 remain.size -= now.size;
2680 remain.offset_within_address_space += now.size;
2681 remain.offset_within_region += now.size;
2684 now.size &= TARGET_PAGE_MASK;
2686 register_multipage(&now);
2687 remain.size -= now.size;
2688 remain.offset_within_address_space += now.size;
2689 remain.offset_within_region += now.size;
2693 register_subpage(&now);
2698 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2701 kvm_coalesce_mmio_region(addr, size);
2704 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2707 kvm_uncoalesce_mmio_region(addr, size);
2710 void qemu_flush_coalesced_mmio_buffer(void)
2713 kvm_flush_coalesced_mmio_buffer();
2716 #if defined(__linux__) && !defined(TARGET_S390X)
2718 #include <sys/vfs.h>
2720 #define HUGETLBFS_MAGIC 0x958458f6
2722 static long gethugepagesize(const char *path)
2728 ret = statfs(path, &fs);
2729 } while (ret != 0 && errno == EINTR);
2736 if (fs.f_type != HUGETLBFS_MAGIC)
2737 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2742 static void *file_ram_alloc(RAMBlock *block,
2752 unsigned long hpagesize;
2754 hpagesize = gethugepagesize(path);
2759 if (memory < hpagesize) {
2763 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2764 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2768 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2772 fd = mkstemp(filename);
2774 perror("unable to create backing store for hugepages");
2781 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2784 * ftruncate is not supported by hugetlbfs in older
2785 * hosts, so don't bother bailing out on errors.
2786 * If anything goes wrong with it under other filesystems,
2789 if (ftruncate(fd, memory))
2790 perror("ftruncate");
2793 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2794 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2795 * to sidestep this quirk.
2797 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2798 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2800 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2802 if (area == MAP_FAILED) {
2803 perror("file_ram_alloc: can't mmap RAM pages");
2812 static ram_addr_t find_ram_offset(ram_addr_t size)
2814 RAMBlock *block, *next_block;
2815 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2817 if (QLIST_EMPTY(&ram_list.blocks))
2820 QLIST_FOREACH(block, &ram_list.blocks, next) {
2821 ram_addr_t end, next = RAM_ADDR_MAX;
2823 end = block->offset + block->length;
2825 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2826 if (next_block->offset >= end) {
2827 next = MIN(next, next_block->offset);
2830 if (next - end >= size && next - end < mingap) {
2832 mingap = next - end;
2836 if (offset == RAM_ADDR_MAX) {
2837 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2845 static ram_addr_t last_ram_offset(void)
2848 ram_addr_t last = 0;
2850 QLIST_FOREACH(block, &ram_list.blocks, next)
2851 last = MAX(last, block->offset + block->length);
2856 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
2858 RAMBlock *new_block, *block;
2861 QLIST_FOREACH(block, &ram_list.blocks, next) {
2862 if (block->offset == addr) {
2868 assert(!new_block->idstr[0]);
2870 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2871 char *id = dev->parent_bus->info->get_dev_path(dev);
2873 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2877 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2879 QLIST_FOREACH(block, &ram_list.blocks, next) {
2880 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
2881 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2888 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2891 RAMBlock *new_block;
2893 size = TARGET_PAGE_ALIGN(size);
2894 new_block = g_malloc0(sizeof(*new_block));
2897 new_block->offset = find_ram_offset(size);
2899 new_block->host = host;
2900 new_block->flags |= RAM_PREALLOC_MASK;
2903 #if defined (__linux__) && !defined(TARGET_S390X)
2904 new_block->host = file_ram_alloc(new_block, size, mem_path);
2905 if (!new_block->host) {
2906 new_block->host = qemu_vmalloc(size);
2907 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2910 fprintf(stderr, "-mem-path option unsupported\n");
2914 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2915 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2916 an system defined value, which is at least 256GB. Larger systems
2917 have larger values. We put the guest between the end of data
2918 segment (system break) and this value. We use 32GB as a base to
2919 have enough room for the system break to grow. */
2920 new_block->host = mmap((void*)0x800000000, size,
2921 PROT_EXEC|PROT_READ|PROT_WRITE,
2922 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
2923 if (new_block->host == MAP_FAILED) {
2924 fprintf(stderr, "Allocating RAM failed\n");
2928 if (xen_enabled()) {
2929 xen_ram_alloc(new_block->offset, size, mr);
2931 new_block->host = qemu_vmalloc(size);
2934 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2937 new_block->length = size;
2939 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2941 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2942 last_ram_offset() >> TARGET_PAGE_BITS);
2943 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2944 0xff, size >> TARGET_PAGE_BITS);
2947 kvm_setup_guest_memory(new_block->host, size);
2949 return new_block->offset;
2952 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
2954 return qemu_ram_alloc_from_ptr(size, NULL, mr);
2957 void qemu_ram_free_from_ptr(ram_addr_t addr)
2961 QLIST_FOREACH(block, &ram_list.blocks, next) {
2962 if (addr == block->offset) {
2963 QLIST_REMOVE(block, next);
2970 void qemu_ram_free(ram_addr_t addr)
2974 QLIST_FOREACH(block, &ram_list.blocks, next) {
2975 if (addr == block->offset) {
2976 QLIST_REMOVE(block, next);
2977 if (block->flags & RAM_PREALLOC_MASK) {
2979 } else if (mem_path) {
2980 #if defined (__linux__) && !defined(TARGET_S390X)
2982 munmap(block->host, block->length);
2985 qemu_vfree(block->host);
2991 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2992 munmap(block->host, block->length);
2994 if (xen_enabled()) {
2995 xen_invalidate_map_cache_entry(block->host);
2997 qemu_vfree(block->host);
3009 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3016 QLIST_FOREACH(block, &ram_list.blocks, next) {
3017 offset = addr - block->offset;
3018 if (offset < block->length) {
3019 vaddr = block->host + offset;
3020 if (block->flags & RAM_PREALLOC_MASK) {
3024 munmap(vaddr, length);
3026 #if defined(__linux__) && !defined(TARGET_S390X)
3029 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3032 flags |= MAP_PRIVATE;
3034 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3035 flags, block->fd, offset);
3037 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3038 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3045 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
3046 flags |= MAP_SHARED | MAP_ANONYMOUS;
3047 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3050 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3051 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3055 if (area != vaddr) {
3056 fprintf(stderr, "Could not remap addr: "
3057 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
3061 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3067 #endif /* !_WIN32 */
3069 /* Return a host pointer to ram allocated with qemu_ram_alloc.
3070 With the exception of the softmmu code in this file, this should
3071 only be used for local memory (e.g. video ram) that the device owns,
3072 and knows it isn't going to access beyond the end of the block.
3074 It should not be used for general purpose DMA.
3075 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3077 void *qemu_get_ram_ptr(ram_addr_t addr)
3081 QLIST_FOREACH(block, &ram_list.blocks, next) {
3082 if (addr - block->offset < block->length) {
3083 /* Move this entry to to start of the list. */
3084 if (block != QLIST_FIRST(&ram_list.blocks)) {
3085 QLIST_REMOVE(block, next);
3086 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3088 if (xen_enabled()) {
3089 /* We need to check if the requested address is in the RAM
3090 * because we don't want to map the entire memory in QEMU.
3091 * In that case just map until the end of the page.
3093 if (block->offset == 0) {
3094 return xen_map_cache(addr, 0, 0);
3095 } else if (block->host == NULL) {
3097 xen_map_cache(block->offset, block->length, 1);
3100 return block->host + (addr - block->offset);
3104 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3110 /* Return a host pointer to ram allocated with qemu_ram_alloc.
3111 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3113 void *qemu_safe_ram_ptr(ram_addr_t addr)
3117 QLIST_FOREACH(block, &ram_list.blocks, next) {
3118 if (addr - block->offset < block->length) {
3119 if (xen_enabled()) {
3120 /* We need to check if the requested address is in the RAM
3121 * because we don't want to map the entire memory in QEMU.
3122 * In that case just map until the end of the page.
3124 if (block->offset == 0) {
3125 return xen_map_cache(addr, 0, 0);
3126 } else if (block->host == NULL) {
3128 xen_map_cache(block->offset, block->length, 1);
3131 return block->host + (addr - block->offset);
3135 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3141 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3142 * but takes a size argument */
3143 void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
3148 if (xen_enabled()) {
3149 return xen_map_cache(addr, *size, 1);
3153 QLIST_FOREACH(block, &ram_list.blocks, next) {
3154 if (addr - block->offset < block->length) {
3155 if (addr - block->offset + *size > block->length)
3156 *size = block->length - addr + block->offset;
3157 return block->host + (addr - block->offset);
3161 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3166 void qemu_put_ram_ptr(void *addr)
3168 trace_qemu_put_ram_ptr(addr);
3171 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
3174 uint8_t *host = ptr;
3176 if (xen_enabled()) {
3177 *ram_addr = xen_ram_addr_from_mapcache(ptr);
3181 QLIST_FOREACH(block, &ram_list.blocks, next) {
3182 /* This case append when the block is not mapped. */
3183 if (block->host == NULL) {
3186 if (host - block->host < block->length) {
3187 *ram_addr = block->offset + (host - block->host);
3195 /* Some of the softmmu routines need to translate from a host pointer
3196 (typically a TLB entry) back to a ram offset. */
3197 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3199 ram_addr_t ram_addr;
3201 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3202 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3208 static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3211 #ifdef DEBUG_UNASSIGNED
3212 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3214 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3215 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
3220 static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3221 uint64_t val, unsigned size)
3223 #ifdef DEBUG_UNASSIGNED
3224 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
3226 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3227 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
3231 static const MemoryRegionOps unassigned_mem_ops = {
3232 .read = unassigned_mem_read,
3233 .write = unassigned_mem_write,
3234 .endianness = DEVICE_NATIVE_ENDIAN,
3237 static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3243 static void error_mem_write(void *opaque, target_phys_addr_t addr,
3244 uint64_t value, unsigned size)
3249 static const MemoryRegionOps error_mem_ops = {
3250 .read = error_mem_read,
3251 .write = error_mem_write,
3252 .endianness = DEVICE_NATIVE_ENDIAN,
3255 static const MemoryRegionOps rom_mem_ops = {
3256 .read = error_mem_read,
3257 .write = unassigned_mem_write,
3258 .endianness = DEVICE_NATIVE_ENDIAN,
3261 static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3262 uint64_t val, unsigned size)
3265 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3266 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3267 #if !defined(CONFIG_USER_ONLY)
3268 tb_invalidate_phys_page_fast(ram_addr, size);
3269 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3274 stb_p(qemu_get_ram_ptr(ram_addr), val);
3277 stw_p(qemu_get_ram_ptr(ram_addr), val);
3280 stl_p(qemu_get_ram_ptr(ram_addr), val);
3285 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3286 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3287 /* we remove the notdirty callback only if the code has been
3289 if (dirty_flags == 0xff)
3290 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3293 static const MemoryRegionOps notdirty_mem_ops = {
3294 .read = error_mem_read,
3295 .write = notdirty_mem_write,
3296 .endianness = DEVICE_NATIVE_ENDIAN,
3299 /* Generate a debug exception if a watchpoint has been hit. */
3300 static void check_watchpoint(int offset, int len_mask, int flags)
3302 CPUArchState *env = cpu_single_env;
3303 target_ulong pc, cs_base;
3304 TranslationBlock *tb;
3309 if (env->watchpoint_hit) {
3310 /* We re-entered the check after replacing the TB. Now raise
3311 * the debug interrupt so that is will trigger after the
3312 * current instruction. */
3313 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3316 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3317 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3318 if ((vaddr == (wp->vaddr & len_mask) ||
3319 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3320 wp->flags |= BP_WATCHPOINT_HIT;
3321 if (!env->watchpoint_hit) {
3322 env->watchpoint_hit = wp;
3323 tb = tb_find_pc(env->mem_io_pc);
3325 cpu_abort(env, "check_watchpoint: could not find TB for "
3326 "pc=%p", (void *)env->mem_io_pc);
3328 cpu_restore_state(tb, env, env->mem_io_pc);
3329 tb_phys_invalidate(tb, -1);
3330 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3331 env->exception_index = EXCP_DEBUG;
3334 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3335 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3336 cpu_resume_from_signal(env, NULL);
3340 wp->flags &= ~BP_WATCHPOINT_HIT;
3345 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3346 so these check for a hit then pass through to the normal out-of-line
3348 static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3351 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3353 case 1: return ldub_phys(addr);
3354 case 2: return lduw_phys(addr);
3355 case 4: return ldl_phys(addr);
3360 static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3361 uint64_t val, unsigned size)
3363 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3366 stb_phys(addr, val);
3369 stw_phys(addr, val);
3372 stl_phys(addr, val);
3378 static const MemoryRegionOps watch_mem_ops = {
3379 .read = watch_mem_read,
3380 .write = watch_mem_write,
3381 .endianness = DEVICE_NATIVE_ENDIAN,
3384 static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3387 subpage_t *mmio = opaque;
3388 unsigned int idx = SUBPAGE_IDX(addr);
3389 MemoryRegionSection *section;
3390 #if defined(DEBUG_SUBPAGE)
3391 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3392 mmio, len, addr, idx);
3395 section = &phys_sections[mmio->sub_section[idx]];
3397 addr -= section->offset_within_address_space;
3398 addr += section->offset_within_region;
3399 return io_mem_read(section->mr, addr, len);
3402 static void subpage_write(void *opaque, target_phys_addr_t addr,
3403 uint64_t value, unsigned len)
3405 subpage_t *mmio = opaque;
3406 unsigned int idx = SUBPAGE_IDX(addr);
3407 MemoryRegionSection *section;
3408 #if defined(DEBUG_SUBPAGE)
3409 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3410 " idx %d value %"PRIx64"\n",
3411 __func__, mmio, len, addr, idx, value);
3414 section = &phys_sections[mmio->sub_section[idx]];
3416 addr -= section->offset_within_address_space;
3417 addr += section->offset_within_region;
3418 io_mem_write(section->mr, addr, value, len);
3421 static const MemoryRegionOps subpage_ops = {
3422 .read = subpage_read,
3423 .write = subpage_write,
3424 .endianness = DEVICE_NATIVE_ENDIAN,
3427 static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3430 ram_addr_t raddr = addr;
3431 void *ptr = qemu_get_ram_ptr(raddr);
3433 case 1: return ldub_p(ptr);
3434 case 2: return lduw_p(ptr);
3435 case 4: return ldl_p(ptr);
3440 static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3441 uint64_t value, unsigned size)
3443 ram_addr_t raddr = addr;
3444 void *ptr = qemu_get_ram_ptr(raddr);
3446 case 1: return stb_p(ptr, value);
3447 case 2: return stw_p(ptr, value);
3448 case 4: return stl_p(ptr, value);
3453 static const MemoryRegionOps subpage_ram_ops = {
3454 .read = subpage_ram_read,
3455 .write = subpage_ram_write,
3456 .endianness = DEVICE_NATIVE_ENDIAN,
3459 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3464 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3466 idx = SUBPAGE_IDX(start);
3467 eidx = SUBPAGE_IDX(end);
3468 #if defined(DEBUG_SUBPAGE)
3469 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3470 mmio, start, end, idx, eidx, memory);
3472 if (memory_region_is_ram(phys_sections[section].mr)) {
3473 MemoryRegionSection new_section = phys_sections[section];
3474 new_section.mr = &io_mem_subpage_ram;
3475 section = phys_section_add(&new_section);
3477 for (; idx <= eidx; idx++) {
3478 mmio->sub_section[idx] = section;
3484 static subpage_t *subpage_init(target_phys_addr_t base)
3488 mmio = g_malloc0(sizeof(subpage_t));
3491 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3492 "subpage", TARGET_PAGE_SIZE);
3493 mmio->iomem.subpage = true;
3494 #if defined(DEBUG_SUBPAGE)
3495 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3496 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3498 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
3503 static uint16_t dummy_section(MemoryRegion *mr)
3505 MemoryRegionSection section = {
3507 .offset_within_address_space = 0,
3508 .offset_within_region = 0,
3512 return phys_section_add(§ion);
3515 MemoryRegion *iotlb_to_region(target_phys_addr_t index)
3517 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
3520 static void io_mem_init(void)
3522 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3523 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3524 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3525 "unassigned", UINT64_MAX);
3526 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
3527 "notdirty", UINT64_MAX);
3528 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3529 "subpage-ram", UINT64_MAX);
3530 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3531 "watch", UINT64_MAX);
3534 static void core_begin(MemoryListener *listener)
3536 destroy_all_mappings();
3537 phys_sections_clear();
3538 phys_map.ptr = PHYS_MAP_NODE_NIL;
3539 phys_section_unassigned = dummy_section(&io_mem_unassigned);
3540 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3541 phys_section_rom = dummy_section(&io_mem_rom);
3542 phys_section_watch = dummy_section(&io_mem_watch);
3545 static void core_commit(MemoryListener *listener)
3549 /* since each CPU stores ram addresses in its TLB cache, we must
3550 reset the modified entries */
3552 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3557 static void core_region_add(MemoryListener *listener,
3558 MemoryRegionSection *section)
3560 cpu_register_physical_memory_log(section, section->readonly);
3563 static void core_region_del(MemoryListener *listener,
3564 MemoryRegionSection *section)
3568 static void core_region_nop(MemoryListener *listener,
3569 MemoryRegionSection *section)
3571 cpu_register_physical_memory_log(section, section->readonly);
3574 static void core_log_start(MemoryListener *listener,
3575 MemoryRegionSection *section)
3579 static void core_log_stop(MemoryListener *listener,
3580 MemoryRegionSection *section)
3584 static void core_log_sync(MemoryListener *listener,
3585 MemoryRegionSection *section)
3589 static void core_log_global_start(MemoryListener *listener)
3591 cpu_physical_memory_set_dirty_tracking(1);
3594 static void core_log_global_stop(MemoryListener *listener)
3596 cpu_physical_memory_set_dirty_tracking(0);
3599 static void core_eventfd_add(MemoryListener *listener,
3600 MemoryRegionSection *section,
3601 bool match_data, uint64_t data, int fd)
3605 static void core_eventfd_del(MemoryListener *listener,
3606 MemoryRegionSection *section,
3607 bool match_data, uint64_t data, int fd)
3611 static void io_begin(MemoryListener *listener)
3615 static void io_commit(MemoryListener *listener)
3619 static void io_region_add(MemoryListener *listener,
3620 MemoryRegionSection *section)
3622 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3624 mrio->mr = section->mr;
3625 mrio->offset = section->offset_within_region;
3626 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
3627 section->offset_within_address_space, section->size);
3628 ioport_register(&mrio->iorange);
3631 static void io_region_del(MemoryListener *listener,
3632 MemoryRegionSection *section)
3634 isa_unassign_ioport(section->offset_within_address_space, section->size);
3637 static void io_region_nop(MemoryListener *listener,
3638 MemoryRegionSection *section)
3642 static void io_log_start(MemoryListener *listener,
3643 MemoryRegionSection *section)
3647 static void io_log_stop(MemoryListener *listener,
3648 MemoryRegionSection *section)
3652 static void io_log_sync(MemoryListener *listener,
3653 MemoryRegionSection *section)
3657 static void io_log_global_start(MemoryListener *listener)
3661 static void io_log_global_stop(MemoryListener *listener)
3665 static void io_eventfd_add(MemoryListener *listener,
3666 MemoryRegionSection *section,
3667 bool match_data, uint64_t data, int fd)
3671 static void io_eventfd_del(MemoryListener *listener,
3672 MemoryRegionSection *section,
3673 bool match_data, uint64_t data, int fd)
3677 static MemoryListener core_memory_listener = {
3678 .begin = core_begin,
3679 .commit = core_commit,
3680 .region_add = core_region_add,
3681 .region_del = core_region_del,
3682 .region_nop = core_region_nop,
3683 .log_start = core_log_start,
3684 .log_stop = core_log_stop,
3685 .log_sync = core_log_sync,
3686 .log_global_start = core_log_global_start,
3687 .log_global_stop = core_log_global_stop,
3688 .eventfd_add = core_eventfd_add,
3689 .eventfd_del = core_eventfd_del,
3693 static MemoryListener io_memory_listener = {
3695 .commit = io_commit,
3696 .region_add = io_region_add,
3697 .region_del = io_region_del,
3698 .region_nop = io_region_nop,
3699 .log_start = io_log_start,
3700 .log_stop = io_log_stop,
3701 .log_sync = io_log_sync,
3702 .log_global_start = io_log_global_start,
3703 .log_global_stop = io_log_global_stop,
3704 .eventfd_add = io_eventfd_add,
3705 .eventfd_del = io_eventfd_del,
3709 static void memory_map_init(void)
3711 system_memory = g_malloc(sizeof(*system_memory));
3712 memory_region_init(system_memory, "system", INT64_MAX);
3713 set_system_memory_map(system_memory);
3715 system_io = g_malloc(sizeof(*system_io));
3716 memory_region_init(system_io, "io", 65536);
3717 set_system_io_map(system_io);
3719 memory_listener_register(&core_memory_listener, system_memory);
3720 memory_listener_register(&io_memory_listener, system_io);
3723 MemoryRegion *get_system_memory(void)
3725 return system_memory;
3728 MemoryRegion *get_system_io(void)
3733 #endif /* !defined(CONFIG_USER_ONLY) */
3735 /* physical memory access (slow version, mainly for debug) */
3736 #if defined(CONFIG_USER_ONLY)
3737 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
3738 uint8_t *buf, int len, int is_write)
3745 page = addr & TARGET_PAGE_MASK;
3746 l = (page + TARGET_PAGE_SIZE) - addr;
3749 flags = page_get_flags(page);
3750 if (!(flags & PAGE_VALID))
3753 if (!(flags & PAGE_WRITE))
3755 /* XXX: this code should not depend on lock_user */
3756 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3759 unlock_user(p, addr, l);
3761 if (!(flags & PAGE_READ))
3763 /* XXX: this code should not depend on lock_user */
3764 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3767 unlock_user(p, addr, 0);
3777 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3778 int len, int is_write)
3783 target_phys_addr_t page;
3784 MemoryRegionSection *section;
3787 page = addr & TARGET_PAGE_MASK;
3788 l = (page + TARGET_PAGE_SIZE) - addr;
3791 section = phys_page_find(page >> TARGET_PAGE_BITS);
3794 if (!memory_region_is_ram(section->mr)) {
3795 target_phys_addr_t addr1;
3796 addr1 = section_addr(section, addr);
3797 /* XXX: could force cpu_single_env to NULL to avoid
3799 if (l >= 4 && ((addr1 & 3) == 0)) {
3800 /* 32 bit write access */
3802 io_mem_write(section->mr, addr1, val, 4);
3804 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3805 /* 16 bit write access */
3807 io_mem_write(section->mr, addr1, val, 2);
3810 /* 8 bit write access */
3812 io_mem_write(section->mr, addr1, val, 1);
3815 } else if (!section->readonly) {
3817 addr1 = memory_region_get_ram_addr(section->mr)
3818 + section_addr(section, addr);
3820 ptr = qemu_get_ram_ptr(addr1);
3821 memcpy(ptr, buf, l);
3822 if (!cpu_physical_memory_is_dirty(addr1)) {
3823 /* invalidate code */
3824 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3826 cpu_physical_memory_set_dirty_flags(
3827 addr1, (0xff & ~CODE_DIRTY_FLAG));
3829 qemu_put_ram_ptr(ptr);
3832 if (!is_ram_rom_romd(section)) {
3833 target_phys_addr_t addr1;
3835 addr1 = section_addr(section, addr);
3836 if (l >= 4 && ((addr1 & 3) == 0)) {
3837 /* 32 bit read access */
3838 val = io_mem_read(section->mr, addr1, 4);
3841 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3842 /* 16 bit read access */
3843 val = io_mem_read(section->mr, addr1, 2);
3847 /* 8 bit read access */
3848 val = io_mem_read(section->mr, addr1, 1);
3854 ptr = qemu_get_ram_ptr(section->mr->ram_addr)
3855 + section_addr(section, addr);
3856 memcpy(buf, ptr, l);
3857 qemu_put_ram_ptr(ptr);
3866 /* used for ROM loading : can write in RAM and ROM */
3867 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3868 const uint8_t *buf, int len)
3872 target_phys_addr_t page;
3873 MemoryRegionSection *section;
3876 page = addr & TARGET_PAGE_MASK;
3877 l = (page + TARGET_PAGE_SIZE) - addr;
3880 section = phys_page_find(page >> TARGET_PAGE_BITS);
3882 if (!is_ram_rom_romd(section)) {
3885 unsigned long addr1;
3886 addr1 = memory_region_get_ram_addr(section->mr)
3887 + section_addr(section, addr);
3889 ptr = qemu_get_ram_ptr(addr1);
3890 memcpy(ptr, buf, l);
3891 qemu_put_ram_ptr(ptr);
3901 target_phys_addr_t addr;
3902 target_phys_addr_t len;
3905 static BounceBuffer bounce;
3907 typedef struct MapClient {
3909 void (*callback)(void *opaque);
3910 QLIST_ENTRY(MapClient) link;
3913 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3914 = QLIST_HEAD_INITIALIZER(map_client_list);
3916 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3918 MapClient *client = g_malloc(sizeof(*client));
3920 client->opaque = opaque;
3921 client->callback = callback;
3922 QLIST_INSERT_HEAD(&map_client_list, client, link);
3926 void cpu_unregister_map_client(void *_client)
3928 MapClient *client = (MapClient *)_client;
3930 QLIST_REMOVE(client, link);
3934 static void cpu_notify_map_clients(void)
3938 while (!QLIST_EMPTY(&map_client_list)) {
3939 client = QLIST_FIRST(&map_client_list);
3940 client->callback(client->opaque);
3941 cpu_unregister_map_client(client);
3945 /* Map a physical memory region into a host virtual address.
3946 * May map a subset of the requested range, given by and returned in *plen.
3947 * May return NULL if resources needed to perform the mapping are exhausted.
3948 * Use only for reads OR writes - not for read-modify-write operations.
3949 * Use cpu_register_map_client() to know when retrying the map operation is
3950 * likely to succeed.
3952 void *cpu_physical_memory_map(target_phys_addr_t addr,
3953 target_phys_addr_t *plen,
3956 target_phys_addr_t len = *plen;
3957 target_phys_addr_t todo = 0;
3959 target_phys_addr_t page;
3960 MemoryRegionSection *section;
3961 ram_addr_t raddr = RAM_ADDR_MAX;
3966 page = addr & TARGET_PAGE_MASK;
3967 l = (page + TARGET_PAGE_SIZE) - addr;
3970 section = phys_page_find(page >> TARGET_PAGE_BITS);
3972 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
3973 if (todo || bounce.buffer) {
3976 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3980 cpu_physical_memory_read(addr, bounce.buffer, l);
3984 return bounce.buffer;
3987 raddr = memory_region_get_ram_addr(section->mr)
3988 + section_addr(section, addr);
3996 ret = qemu_ram_ptr_length(raddr, &rlen);
4001 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4002 * Will also mark the memory as dirty if is_write == 1. access_len gives
4003 * the amount of memory that was actually read or written by the caller.
4005 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4006 int is_write, target_phys_addr_t access_len)
4008 if (buffer != bounce.buffer) {
4010 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
4011 while (access_len) {
4013 l = TARGET_PAGE_SIZE;
4016 if (!cpu_physical_memory_is_dirty(addr1)) {
4017 /* invalidate code */
4018 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4020 cpu_physical_memory_set_dirty_flags(
4021 addr1, (0xff & ~CODE_DIRTY_FLAG));
4027 if (xen_enabled()) {
4028 xen_invalidate_map_cache_entry(buffer);
4033 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4035 qemu_vfree(bounce.buffer);
4036 bounce.buffer = NULL;
4037 cpu_notify_map_clients();
4040 /* warning: addr must be aligned */
4041 static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4042 enum device_endian endian)
4046 MemoryRegionSection *section;
4048 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4050 if (!is_ram_rom_romd(section)) {
4052 addr = section_addr(section, addr);
4053 val = io_mem_read(section->mr, addr, 4);
4054 #if defined(TARGET_WORDS_BIGENDIAN)
4055 if (endian == DEVICE_LITTLE_ENDIAN) {
4059 if (endian == DEVICE_BIG_ENDIAN) {
4065 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4067 + section_addr(section, addr));
4069 case DEVICE_LITTLE_ENDIAN:
4070 val = ldl_le_p(ptr);
4072 case DEVICE_BIG_ENDIAN:
4073 val = ldl_be_p(ptr);
4083 uint32_t ldl_phys(target_phys_addr_t addr)
4085 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4088 uint32_t ldl_le_phys(target_phys_addr_t addr)
4090 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4093 uint32_t ldl_be_phys(target_phys_addr_t addr)
4095 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4098 /* warning: addr must be aligned */
4099 static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4100 enum device_endian endian)
4104 MemoryRegionSection *section;
4106 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4108 if (!is_ram_rom_romd(section)) {
4110 addr = section_addr(section, addr);
4112 /* XXX This is broken when device endian != cpu endian.
4113 Fix and add "endian" variable check */
4114 #ifdef TARGET_WORDS_BIGENDIAN
4115 val = io_mem_read(section->mr, addr, 4) << 32;
4116 val |= io_mem_read(section->mr, addr + 4, 4);
4118 val = io_mem_read(section->mr, addr, 4);
4119 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
4123 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4125 + section_addr(section, addr));
4127 case DEVICE_LITTLE_ENDIAN:
4128 val = ldq_le_p(ptr);
4130 case DEVICE_BIG_ENDIAN:
4131 val = ldq_be_p(ptr);
4141 uint64_t ldq_phys(target_phys_addr_t addr)
4143 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4146 uint64_t ldq_le_phys(target_phys_addr_t addr)
4148 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4151 uint64_t ldq_be_phys(target_phys_addr_t addr)
4153 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4157 uint32_t ldub_phys(target_phys_addr_t addr)
4160 cpu_physical_memory_read(addr, &val, 1);
4164 /* warning: addr must be aligned */
4165 static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4166 enum device_endian endian)
4170 MemoryRegionSection *section;
4172 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4174 if (!is_ram_rom_romd(section)) {
4176 addr = section_addr(section, addr);
4177 val = io_mem_read(section->mr, addr, 2);
4178 #if defined(TARGET_WORDS_BIGENDIAN)
4179 if (endian == DEVICE_LITTLE_ENDIAN) {
4183 if (endian == DEVICE_BIG_ENDIAN) {
4189 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4191 + section_addr(section, addr));
4193 case DEVICE_LITTLE_ENDIAN:
4194 val = lduw_le_p(ptr);
4196 case DEVICE_BIG_ENDIAN:
4197 val = lduw_be_p(ptr);
4207 uint32_t lduw_phys(target_phys_addr_t addr)
4209 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4212 uint32_t lduw_le_phys(target_phys_addr_t addr)
4214 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4217 uint32_t lduw_be_phys(target_phys_addr_t addr)
4219 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4222 /* warning: addr must be aligned. The ram page is not masked as dirty
4223 and the code inside is not invalidated. It is useful if the dirty
4224 bits are used to track modified PTEs */
4225 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
4228 MemoryRegionSection *section;
4230 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4232 if (!memory_region_is_ram(section->mr) || section->readonly) {
4233 addr = section_addr(section, addr);
4234 if (memory_region_is_ram(section->mr)) {
4235 section = &phys_sections[phys_section_rom];
4237 io_mem_write(section->mr, addr, val, 4);
4239 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
4241 + section_addr(section, addr);
4242 ptr = qemu_get_ram_ptr(addr1);
4245 if (unlikely(in_migration)) {
4246 if (!cpu_physical_memory_is_dirty(addr1)) {
4247 /* invalidate code */
4248 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4250 cpu_physical_memory_set_dirty_flags(
4251 addr1, (0xff & ~CODE_DIRTY_FLAG));
4257 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
4260 MemoryRegionSection *section;
4262 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4264 if (!memory_region_is_ram(section->mr) || section->readonly) {
4265 addr = section_addr(section, addr);
4266 if (memory_region_is_ram(section->mr)) {
4267 section = &phys_sections[phys_section_rom];
4269 #ifdef TARGET_WORDS_BIGENDIAN
4270 io_mem_write(section->mr, addr, val >> 32, 4);
4271 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
4273 io_mem_write(section->mr, addr, (uint32_t)val, 4);
4274 io_mem_write(section->mr, addr + 4, val >> 32, 4);
4277 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4279 + section_addr(section, addr));
4284 /* warning: addr must be aligned */
4285 static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4286 enum device_endian endian)
4289 MemoryRegionSection *section;
4291 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4293 if (!memory_region_is_ram(section->mr) || section->readonly) {
4294 addr = section_addr(section, addr);
4295 if (memory_region_is_ram(section->mr)) {
4296 section = &phys_sections[phys_section_rom];
4298 #if defined(TARGET_WORDS_BIGENDIAN)
4299 if (endian == DEVICE_LITTLE_ENDIAN) {
4303 if (endian == DEVICE_BIG_ENDIAN) {
4307 io_mem_write(section->mr, addr, val, 4);
4309 unsigned long addr1;
4310 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4311 + section_addr(section, addr);
4313 ptr = qemu_get_ram_ptr(addr1);
4315 case DEVICE_LITTLE_ENDIAN:
4318 case DEVICE_BIG_ENDIAN:
4325 if (!cpu_physical_memory_is_dirty(addr1)) {
4326 /* invalidate code */
4327 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4329 cpu_physical_memory_set_dirty_flags(addr1,
4330 (0xff & ~CODE_DIRTY_FLAG));
4335 void stl_phys(target_phys_addr_t addr, uint32_t val)
4337 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4340 void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4342 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4345 void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4347 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4351 void stb_phys(target_phys_addr_t addr, uint32_t val)
4354 cpu_physical_memory_write(addr, &v, 1);
4357 /* warning: addr must be aligned */
4358 static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4359 enum device_endian endian)
4362 MemoryRegionSection *section;
4364 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4366 if (!memory_region_is_ram(section->mr) || section->readonly) {
4367 addr = section_addr(section, addr);
4368 if (memory_region_is_ram(section->mr)) {
4369 section = &phys_sections[phys_section_rom];
4371 #if defined(TARGET_WORDS_BIGENDIAN)
4372 if (endian == DEVICE_LITTLE_ENDIAN) {
4376 if (endian == DEVICE_BIG_ENDIAN) {
4380 io_mem_write(section->mr, addr, val, 2);
4382 unsigned long addr1;
4383 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4384 + section_addr(section, addr);
4386 ptr = qemu_get_ram_ptr(addr1);
4388 case DEVICE_LITTLE_ENDIAN:
4391 case DEVICE_BIG_ENDIAN:
4398 if (!cpu_physical_memory_is_dirty(addr1)) {
4399 /* invalidate code */
4400 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4402 cpu_physical_memory_set_dirty_flags(addr1,
4403 (0xff & ~CODE_DIRTY_FLAG));
4408 void stw_phys(target_phys_addr_t addr, uint32_t val)
4410 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4413 void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4415 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4418 void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4420 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4424 void stq_phys(target_phys_addr_t addr, uint64_t val)
4427 cpu_physical_memory_write(addr, &val, 8);
4430 void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4432 val = cpu_to_le64(val);
4433 cpu_physical_memory_write(addr, &val, 8);
4436 void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4438 val = cpu_to_be64(val);
4439 cpu_physical_memory_write(addr, &val, 8);
4442 /* virtual memory access for debug (includes writing to ROM) */
4443 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
4444 uint8_t *buf, int len, int is_write)
4447 target_phys_addr_t phys_addr;
4451 page = addr & TARGET_PAGE_MASK;
4452 phys_addr = cpu_get_phys_page_debug(env, page);
4453 /* if no physical page mapped, return an error */
4454 if (phys_addr == -1)
4456 l = (page + TARGET_PAGE_SIZE) - addr;
4459 phys_addr += (addr & ~TARGET_PAGE_MASK);
4461 cpu_physical_memory_write_rom(phys_addr, buf, l);
4463 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4472 /* in deterministic execution mode, instructions doing device I/Os
4473 must be at the end of the TB */
4474 void cpu_io_recompile(CPUArchState *env, void *retaddr)
4476 TranslationBlock *tb;
4478 target_ulong pc, cs_base;
4481 tb = tb_find_pc((unsigned long)retaddr);
4483 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4486 n = env->icount_decr.u16.low + tb->icount;
4487 cpu_restore_state(tb, env, (unsigned long)retaddr);
4488 /* Calculate how many instructions had been executed before the fault
4490 n = n - env->icount_decr.u16.low;
4491 /* Generate a new TB ending on the I/O insn. */
4493 /* On MIPS and SH, delay slot instructions can only be restarted if
4494 they were already the first instruction in the TB. If this is not
4495 the first instruction in a TB then re-execute the preceding
4497 #if defined(TARGET_MIPS)
4498 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4499 env->active_tc.PC -= 4;
4500 env->icount_decr.u16.low++;
4501 env->hflags &= ~MIPS_HFLAG_BMASK;
4503 #elif defined(TARGET_SH4)
4504 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4507 env->icount_decr.u16.low++;
4508 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4511 /* This should never happen. */
4512 if (n > CF_COUNT_MASK)
4513 cpu_abort(env, "TB too big during recompile");
4515 cflags = n | CF_LAST_IO;
4517 cs_base = tb->cs_base;
4519 tb_phys_invalidate(tb, -1);
4520 /* FIXME: In theory this could raise an exception. In practice
4521 we have already translated the block once so it's probably ok. */
4522 tb_gen_code(env, pc, cs_base, flags, cflags);
4523 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4524 the first in the TB) then we end up generating a whole new TB and
4525 repeating the fault, which is horribly inefficient.
4526 Better would be to execute just this insn uncached, or generate a
4528 cpu_resume_from_signal(env, NULL);
4531 #if !defined(CONFIG_USER_ONLY)
4533 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4535 int i, target_code_size, max_target_code_size;
4536 int direct_jmp_count, direct_jmp2_count, cross_page;
4537 TranslationBlock *tb;
4539 target_code_size = 0;
4540 max_target_code_size = 0;
4542 direct_jmp_count = 0;
4543 direct_jmp2_count = 0;
4544 for(i = 0; i < nb_tbs; i++) {
4546 target_code_size += tb->size;
4547 if (tb->size > max_target_code_size)
4548 max_target_code_size = tb->size;
4549 if (tb->page_addr[1] != -1)
4551 if (tb->tb_next_offset[0] != 0xffff) {
4553 if (tb->tb_next_offset[1] != 0xffff) {
4554 direct_jmp2_count++;
4558 /* XXX: avoid using doubles ? */
4559 cpu_fprintf(f, "Translation buffer state:\n");
4560 cpu_fprintf(f, "gen code size %td/%ld\n",
4561 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4562 cpu_fprintf(f, "TB count %d/%d\n",
4563 nb_tbs, code_gen_max_blocks);
4564 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4565 nb_tbs ? target_code_size / nb_tbs : 0,
4566 max_target_code_size);
4567 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4568 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4569 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4570 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4572 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4573 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4575 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4577 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4578 cpu_fprintf(f, "\nStatistics:\n");
4579 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4580 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4581 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4582 tcg_dump_info(f, cpu_fprintf);
4585 /* NOTE: this function can trigger an exception */
4586 /* NOTE2: the returned address is not exactly the physical address: it
4587 is the offset relative to phys_ram_base */
4588 tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
4590 int mmu_idx, page_index, pd;
4594 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4595 mmu_idx = cpu_mmu_index(env1);
4596 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4597 (addr & TARGET_PAGE_MASK))) {
4600 pd = env1->iotlb[mmu_idx][page_index] & ~TARGET_PAGE_MASK;
4601 mr = iotlb_to_region(pd);
4602 if (mr != &io_mem_ram && mr != &io_mem_rom
4603 && mr != &io_mem_notdirty && !mr->rom_device) {
4604 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4605 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4607 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4610 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4611 return qemu_ram_addr_from_host_nofail(p);
4615 * A helper function for the _utterly broken_ virtio device model to find out if
4616 * it's running on a big endian machine. Don't do this at home kids!
4618 bool virtio_is_big_endian(void);
4619 bool virtio_is_big_endian(void)
4621 #if defined(TARGET_WORDS_BIGENDIAN)
4628 #define MMUSUFFIX _cmmu
4630 #define GETPC() NULL
4631 #define env cpu_single_env
4632 #define SOFTMMU_CODE_ACCESS
4635 #include "softmmu_template.h"
4638 #include "softmmu_template.h"
4641 #include "softmmu_template.h"
4644 #include "softmmu_template.h"
projects / qemu.git / blob