4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
53 #include "qemu/cache-utils.h"
55 #include "qemu/range.h"
57 //#define DEBUG_SUBPAGE
59 #if !defined(CONFIG_USER_ONLY)
60 static int in_migration;
62 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
64 static MemoryRegion *system_memory;
65 static MemoryRegion *system_io;
67 AddressSpace address_space_io;
68 AddressSpace address_space_memory;
70 MemoryRegion io_mem_rom, io_mem_notdirty;
71 static MemoryRegion io_mem_unassigned;
75 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
76 /* current CPU in the current thread. It is only valid inside
78 DEFINE_TLS(CPUState *, current_cpu);
79 /* 0 = Do not count executed instructions.
80 1 = Precise instruction counting.
81 2 = Adaptive rate instruction counting. */
84 #if !defined(CONFIG_USER_ONLY)
86 typedef struct PhysPageEntry PhysPageEntry;
88 struct PhysPageEntry {
89 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
91 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
95 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
97 /* Size of the L2 (and L3, etc) page tables. */
98 #define ADDR_SPACE_BITS 64
101 #define P_L2_SIZE (1 << P_L2_BITS)
103 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
105 typedef PhysPageEntry Node[P_L2_SIZE];
107 typedef struct PhysPageMap {
108 unsigned sections_nb;
109 unsigned sections_nb_alloc;
111 unsigned nodes_nb_alloc;
113 MemoryRegionSection *sections;
116 struct AddressSpaceDispatch {
117 /* This is a multi-level map on the physical address space.
118 * The bottom level has pointers to MemoryRegionSections.
120 PhysPageEntry phys_map;
125 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
126 typedef struct subpage_t {
130 uint16_t sub_section[TARGET_PAGE_SIZE];
133 #define PHYS_SECTION_UNASSIGNED 0
134 #define PHYS_SECTION_NOTDIRTY 1
135 #define PHYS_SECTION_ROM 2
136 #define PHYS_SECTION_WATCH 3
138 static void io_mem_init(void);
139 static void memory_map_init(void);
141 static MemoryRegion io_mem_watch;
144 #if !defined(CONFIG_USER_ONLY)
146 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
148 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
149 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
151 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
155 static uint32_t phys_map_node_alloc(PhysPageMap *map)
160 ret = map->nodes_nb++;
161 assert(ret != PHYS_MAP_NODE_NIL);
162 assert(ret != map->nodes_nb_alloc);
163 for (i = 0; i < P_L2_SIZE; ++i) {
164 map->nodes[ret][i].skip = 1;
165 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
170 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
171 hwaddr *index, hwaddr *nb, uint16_t leaf,
176 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
178 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
179 lp->ptr = phys_map_node_alloc(map);
180 p = map->nodes[lp->ptr];
182 for (i = 0; i < P_L2_SIZE; i++) {
184 p[i].ptr = PHYS_SECTION_UNASSIGNED;
188 p = map->nodes[lp->ptr];
190 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
192 while (*nb && lp < &p[P_L2_SIZE]) {
193 if ((*index & (step - 1)) == 0 && *nb >= step) {
199 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
205 static void phys_page_set(AddressSpaceDispatch *d,
206 hwaddr index, hwaddr nb,
209 /* Wildly overreserve - it doesn't matter much. */
210 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
212 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
215 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
216 * and update our entry so we can skip it and go directly to the destination.
218 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220 unsigned valid_ptr = P_L2_SIZE;
225 if (lp->ptr == PHYS_MAP_NODE_NIL) {
230 for (i = 0; i < P_L2_SIZE; i++) {
231 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
238 phys_page_compact(&p[i], nodes, compacted);
242 /* We can only compress if there's only one child. */
247 assert(valid_ptr < P_L2_SIZE);
249 /* Don't compress if it won't fit in the # of bits we have. */
250 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
254 lp->ptr = p[valid_ptr].ptr;
255 if (!p[valid_ptr].skip) {
256 /* If our only child is a leaf, make this a leaf. */
257 /* By design, we should have made this node a leaf to begin with so we
258 * should never reach here.
259 * But since it's so simple to handle this, let's do it just in case we
264 lp->skip += p[valid_ptr].skip;
268 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270 DECLARE_BITMAP(compacted, nodes_nb);
272 if (d->phys_map.skip) {
273 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
277 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
278 Node *nodes, MemoryRegionSection *sections)
281 hwaddr index = addr >> TARGET_PAGE_BITS;
284 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
285 if (lp.ptr == PHYS_MAP_NODE_NIL) {
286 return §ions[PHYS_SECTION_UNASSIGNED];
289 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
292 if (sections[lp.ptr].size.hi ||
293 range_covers_byte(sections[lp.ptr].offset_within_address_space,
294 sections[lp.ptr].size.lo, addr)) {
295 return §ions[lp.ptr];
297 return §ions[PHYS_SECTION_UNASSIGNED];
301 bool memory_region_is_unassigned(MemoryRegion *mr)
303 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
304 && mr != &io_mem_watch;
307 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
309 bool resolve_subpage)
311 MemoryRegionSection *section;
314 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
315 if (resolve_subpage && section->mr->subpage) {
316 subpage = container_of(section->mr, subpage_t, iomem);
317 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
322 static MemoryRegionSection *
323 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
324 hwaddr *plen, bool resolve_subpage)
326 MemoryRegionSection *section;
329 section = address_space_lookup_region(d, addr, resolve_subpage);
330 /* Compute offset within MemoryRegionSection */
331 addr -= section->offset_within_address_space;
333 /* Compute offset within MemoryRegion */
334 *xlat = addr + section->offset_within_region;
336 diff = int128_sub(section->mr->size, int128_make64(addr));
337 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
341 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
342 hwaddr *xlat, hwaddr *plen,
346 MemoryRegionSection *section;
351 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
354 if (!mr->iommu_ops) {
358 iotlb = mr->iommu_ops->translate(mr, addr);
359 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
360 | (addr & iotlb.addr_mask));
361 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
362 if (!(iotlb.perm & (1 << is_write))) {
363 mr = &io_mem_unassigned;
367 as = iotlb.target_as;
375 MemoryRegionSection *
376 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
379 MemoryRegionSection *section;
380 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
382 assert(!section->mr->iommu_ops);
387 void cpu_exec_init_all(void)
389 #if !defined(CONFIG_USER_ONLY)
390 qemu_mutex_init(&ram_list.mutex);
396 #if !defined(CONFIG_USER_ONLY)
398 static int cpu_common_post_load(void *opaque, int version_id)
400 CPUState *cpu = opaque;
402 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
403 version_id is increased. */
404 cpu->interrupt_request &= ~0x01;
405 tlb_flush(cpu->env_ptr, 1);
410 const VMStateDescription vmstate_cpu_common = {
411 .name = "cpu_common",
413 .minimum_version_id = 1,
414 .minimum_version_id_old = 1,
415 .post_load = cpu_common_post_load,
416 .fields = (VMStateField []) {
417 VMSTATE_UINT32(halted, CPUState),
418 VMSTATE_UINT32(interrupt_request, CPUState),
419 VMSTATE_END_OF_LIST()
425 CPUState *qemu_get_cpu(int index)
430 if (cpu->cpu_index == index) {
438 void cpu_exec_init(CPUArchState *env)
440 CPUState *cpu = ENV_GET_CPU(env);
441 CPUClass *cc = CPU_GET_CLASS(cpu);
445 #if defined(CONFIG_USER_ONLY)
449 CPU_FOREACH(some_cpu) {
452 cpu->cpu_index = cpu_index;
454 QTAILQ_INIT(&env->breakpoints);
455 QTAILQ_INIT(&env->watchpoints);
456 #ifndef CONFIG_USER_ONLY
457 cpu->thread_id = qemu_get_thread_id();
459 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
460 #if defined(CONFIG_USER_ONLY)
463 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
464 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
466 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
467 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
468 cpu_save, cpu_load, env);
469 assert(cc->vmsd == NULL);
470 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
472 if (cc->vmsd != NULL) {
473 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
477 #if defined(TARGET_HAS_ICE)
478 #if defined(CONFIG_USER_ONLY)
479 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
481 tb_invalidate_phys_page_range(pc, pc + 1, 0);
484 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
486 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
488 tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
492 #endif /* TARGET_HAS_ICE */
494 #if defined(CONFIG_USER_ONLY)
495 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
500 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
501 int flags, CPUWatchpoint **watchpoint)
506 /* Add a watchpoint. */
507 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
508 int flags, CPUWatchpoint **watchpoint)
510 target_ulong len_mask = ~(len - 1);
513 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
514 if ((len & (len - 1)) || (addr & ~len_mask) ||
515 len == 0 || len > TARGET_PAGE_SIZE) {
516 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
517 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
520 wp = g_malloc(sizeof(*wp));
523 wp->len_mask = len_mask;
526 /* keep all GDB-injected watchpoints in front */
528 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
530 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
532 tlb_flush_page(env, addr);
539 /* Remove a specific watchpoint. */
540 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
543 target_ulong len_mask = ~(len - 1);
546 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
547 if (addr == wp->vaddr && len_mask == wp->len_mask
548 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
549 cpu_watchpoint_remove_by_ref(env, wp);
556 /* Remove a specific watchpoint by reference. */
557 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
559 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
561 tlb_flush_page(env, watchpoint->vaddr);
566 /* Remove all matching watchpoints. */
567 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
569 CPUWatchpoint *wp, *next;
571 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
572 if (wp->flags & mask)
573 cpu_watchpoint_remove_by_ref(env, wp);
578 /* Add a breakpoint. */
579 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
580 CPUBreakpoint **breakpoint)
582 #if defined(TARGET_HAS_ICE)
585 bp = g_malloc(sizeof(*bp));
590 /* keep all GDB-injected breakpoints in front */
591 if (flags & BP_GDB) {
592 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
594 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
597 breakpoint_invalidate(ENV_GET_CPU(env), pc);
608 /* Remove a specific breakpoint. */
609 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
611 #if defined(TARGET_HAS_ICE)
614 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
615 if (bp->pc == pc && bp->flags == flags) {
616 cpu_breakpoint_remove_by_ref(env, bp);
626 /* Remove a specific breakpoint by reference. */
627 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
629 #if defined(TARGET_HAS_ICE)
630 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
632 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
638 /* Remove all matching breakpoints. */
639 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
641 #if defined(TARGET_HAS_ICE)
642 CPUBreakpoint *bp, *next;
644 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
645 if (bp->flags & mask)
646 cpu_breakpoint_remove_by_ref(env, bp);
651 /* enable or disable single step mode. EXCP_DEBUG is returned by the
652 CPU loop after each instruction */
653 void cpu_single_step(CPUState *cpu, int enabled)
655 #if defined(TARGET_HAS_ICE)
656 if (cpu->singlestep_enabled != enabled) {
657 cpu->singlestep_enabled = enabled;
659 kvm_update_guest_debug(cpu, 0);
661 /* must flush all the translated code to avoid inconsistencies */
662 /* XXX: only flush what is necessary */
663 CPUArchState *env = cpu->env_ptr;
670 void cpu_abort(CPUArchState *env, const char *fmt, ...)
672 CPUState *cpu = ENV_GET_CPU(env);
678 fprintf(stderr, "qemu: fatal: ");
679 vfprintf(stderr, fmt, ap);
680 fprintf(stderr, "\n");
681 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
682 if (qemu_log_enabled()) {
683 qemu_log("qemu: fatal: ");
684 qemu_log_vprintf(fmt, ap2);
686 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
692 #if defined(CONFIG_USER_ONLY)
694 struct sigaction act;
695 sigfillset(&act.sa_mask);
696 act.sa_handler = SIG_DFL;
697 sigaction(SIGABRT, &act, NULL);
703 #if !defined(CONFIG_USER_ONLY)
704 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
708 /* The list is protected by the iothread lock here. */
709 block = ram_list.mru_block;
710 if (block && addr - block->offset < block->length) {
713 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
714 if (addr - block->offset < block->length) {
719 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
723 ram_list.mru_block = block;
727 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
733 block = qemu_get_ram_block(start);
734 assert(block == qemu_get_ram_block(end - 1));
735 start1 = (uintptr_t)block->host + (start - block->offset);
736 cpu_tlb_reset_dirty_all(start1, length);
739 /* Note: start and end must be within the same ram block. */
740 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
745 start &= TARGET_PAGE_MASK;
746 end = TARGET_PAGE_ALIGN(end);
748 length = end - start;
751 cpu_physical_memory_mask_dirty_range(start, length, client);
754 tlb_reset_dirty_range_all(start, end, length);
758 static int cpu_physical_memory_set_dirty_tracking(int enable)
761 in_migration = enable;
765 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
766 MemoryRegionSection *section,
768 hwaddr paddr, hwaddr xlat,
770 target_ulong *address)
775 if (memory_region_is_ram(section->mr)) {
777 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
779 if (!section->readonly) {
780 iotlb |= PHYS_SECTION_NOTDIRTY;
782 iotlb |= PHYS_SECTION_ROM;
785 iotlb = section - address_space_memory.dispatch->map.sections;
789 /* Make accesses to pages with watchpoints go via the
790 watchpoint trap routines. */
791 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
792 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
793 /* Avoid trapping reads of pages with a write breakpoint. */
794 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
795 iotlb = PHYS_SECTION_WATCH + paddr;
796 *address |= TLB_MMIO;
804 #endif /* defined(CONFIG_USER_ONLY) */
806 #if !defined(CONFIG_USER_ONLY)
808 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
810 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
812 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
815 * Set a custom physical guest memory alloator.
816 * Accelerators with unusual needs may need this. Hopefully, we can
817 * get rid of it eventually.
819 void phys_mem_set_alloc(void *(*alloc)(size_t))
821 phys_mem_alloc = alloc;
824 static uint16_t phys_section_add(PhysPageMap *map,
825 MemoryRegionSection *section)
827 /* The physical section number is ORed with a page-aligned
828 * pointer to produce the iotlb entries. Thus it should
829 * never overflow into the page-aligned value.
831 assert(map->sections_nb < TARGET_PAGE_SIZE);
833 if (map->sections_nb == map->sections_nb_alloc) {
834 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
835 map->sections = g_renew(MemoryRegionSection, map->sections,
836 map->sections_nb_alloc);
838 map->sections[map->sections_nb] = *section;
839 memory_region_ref(section->mr);
840 return map->sections_nb++;
843 static void phys_section_destroy(MemoryRegion *mr)
845 memory_region_unref(mr);
848 subpage_t *subpage = container_of(mr, subpage_t, iomem);
849 memory_region_destroy(&subpage->iomem);
854 static void phys_sections_free(PhysPageMap *map)
856 while (map->sections_nb > 0) {
857 MemoryRegionSection *section = &map->sections[--map->sections_nb];
858 phys_section_destroy(section->mr);
860 g_free(map->sections);
864 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
867 hwaddr base = section->offset_within_address_space
869 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
870 d->map.nodes, d->map.sections);
871 MemoryRegionSection subsection = {
872 .offset_within_address_space = base,
873 .size = int128_make64(TARGET_PAGE_SIZE),
877 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
879 if (!(existing->mr->subpage)) {
880 subpage = subpage_init(d->as, base);
881 subsection.mr = &subpage->iomem;
882 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
883 phys_section_add(&d->map, &subsection));
885 subpage = container_of(existing->mr, subpage_t, iomem);
887 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
888 end = start + int128_get64(section->size) - 1;
889 subpage_register(subpage, start, end,
890 phys_section_add(&d->map, section));
894 static void register_multipage(AddressSpaceDispatch *d,
895 MemoryRegionSection *section)
897 hwaddr start_addr = section->offset_within_address_space;
898 uint16_t section_index = phys_section_add(&d->map, section);
899 uint64_t num_pages = int128_get64(int128_rshift(section->size,
903 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
906 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
908 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
909 AddressSpaceDispatch *d = as->next_dispatch;
910 MemoryRegionSection now = *section, remain = *section;
911 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
913 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
914 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
915 - now.offset_within_address_space;
917 now.size = int128_min(int128_make64(left), now.size);
918 register_subpage(d, &now);
920 now.size = int128_zero();
922 while (int128_ne(remain.size, now.size)) {
923 remain.size = int128_sub(remain.size, now.size);
924 remain.offset_within_address_space += int128_get64(now.size);
925 remain.offset_within_region += int128_get64(now.size);
927 if (int128_lt(remain.size, page_size)) {
928 register_subpage(d, &now);
929 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
930 now.size = page_size;
931 register_subpage(d, &now);
933 now.size = int128_and(now.size, int128_neg(page_size));
934 register_multipage(d, &now);
939 void qemu_flush_coalesced_mmio_buffer(void)
942 kvm_flush_coalesced_mmio_buffer();
945 void qemu_mutex_lock_ramlist(void)
947 qemu_mutex_lock(&ram_list.mutex);
950 void qemu_mutex_unlock_ramlist(void)
952 qemu_mutex_unlock(&ram_list.mutex);
959 #define HUGETLBFS_MAGIC 0x958458f6
961 static long gethugepagesize(const char *path)
967 ret = statfs(path, &fs);
968 } while (ret != 0 && errno == EINTR);
975 if (fs.f_type != HUGETLBFS_MAGIC)
976 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
981 static sigjmp_buf sigjump;
983 static void sigbus_handler(int signal)
985 siglongjmp(sigjump, 1);
988 static void *file_ram_alloc(RAMBlock *block,
993 char *sanitized_name;
997 unsigned long hpagesize;
999 hpagesize = gethugepagesize(path);
1004 if (memory < hpagesize) {
1008 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1009 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1013 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1014 sanitized_name = g_strdup(block->mr->name);
1015 for (c = sanitized_name; *c != '\0'; c++) {
1020 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1022 g_free(sanitized_name);
1024 fd = mkstemp(filename);
1026 perror("unable to create backing store for hugepages");
1033 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1036 * ftruncate is not supported by hugetlbfs in older
1037 * hosts, so don't bother bailing out on errors.
1038 * If anything goes wrong with it under other filesystems,
1041 if (ftruncate(fd, memory))
1042 perror("ftruncate");
1044 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1045 if (area == MAP_FAILED) {
1046 perror("file_ram_alloc: can't mmap RAM pages");
1053 struct sigaction act, oldact;
1054 sigset_t set, oldset;
1056 memset(&act, 0, sizeof(act));
1057 act.sa_handler = &sigbus_handler;
1060 ret = sigaction(SIGBUS, &act, &oldact);
1062 perror("file_ram_alloc: failed to install signal handler");
1066 /* unblock SIGBUS */
1068 sigaddset(&set, SIGBUS);
1069 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
1071 if (sigsetjmp(sigjump, 1)) {
1072 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
1076 /* MAP_POPULATE silently ignores failures */
1077 for (i = 0; i < (memory/hpagesize)-1; i++) {
1078 memset(area + (hpagesize*i), 0, 1);
1081 ret = sigaction(SIGBUS, &oldact, NULL);
1083 perror("file_ram_alloc: failed to reinstall signal handler");
1087 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
1094 static void *file_ram_alloc(RAMBlock *block,
1098 fprintf(stderr, "-mem-path not supported on this host\n");
1103 static ram_addr_t find_ram_offset(ram_addr_t size)
1105 RAMBlock *block, *next_block;
1106 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1108 assert(size != 0); /* it would hand out same offset multiple times */
1110 if (QTAILQ_EMPTY(&ram_list.blocks))
1113 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1114 ram_addr_t end, next = RAM_ADDR_MAX;
1116 end = block->offset + block->length;
1118 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1119 if (next_block->offset >= end) {
1120 next = MIN(next, next_block->offset);
1123 if (next - end >= size && next - end < mingap) {
1125 mingap = next - end;
1129 if (offset == RAM_ADDR_MAX) {
1130 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1138 ram_addr_t last_ram_offset(void)
1141 ram_addr_t last = 0;
1143 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1144 last = MAX(last, block->offset + block->length);
1149 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1153 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1154 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1155 "dump-guest-core", true)) {
1156 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1158 perror("qemu_madvise");
1159 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1160 "but dump_guest_core=off specified\n");
1165 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1167 RAMBlock *new_block, *block;
1170 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1171 if (block->offset == addr) {
1177 assert(!new_block->idstr[0]);
1180 char *id = qdev_get_dev_path(dev);
1182 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1186 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1188 /* This assumes the iothread lock is taken here too. */
1189 qemu_mutex_lock_ramlist();
1190 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1191 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1192 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1197 qemu_mutex_unlock_ramlist();
1200 static int memory_try_enable_merging(void *addr, size_t len)
1202 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1203 /* disabled by the user */
1207 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1210 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1213 RAMBlock *block, *new_block;
1215 size = TARGET_PAGE_ALIGN(size);
1216 new_block = g_malloc0(sizeof(*new_block));
1219 /* This assumes the iothread lock is taken here too. */
1220 qemu_mutex_lock_ramlist();
1222 new_block->offset = find_ram_offset(size);
1224 new_block->host = host;
1225 new_block->flags |= RAM_PREALLOC_MASK;
1226 } else if (xen_enabled()) {
1228 fprintf(stderr, "-mem-path not supported with Xen\n");
1231 xen_ram_alloc(new_block->offset, size, mr);
1234 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1236 * file_ram_alloc() needs to allocate just like
1237 * phys_mem_alloc, but we haven't bothered to provide
1241 "-mem-path not supported with this accelerator\n");
1244 new_block->host = file_ram_alloc(new_block, size, mem_path);
1246 if (!new_block->host) {
1247 new_block->host = phys_mem_alloc(size);
1248 if (!new_block->host) {
1249 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1250 new_block->mr->name, strerror(errno));
1253 memory_try_enable_merging(new_block->host, size);
1256 new_block->length = size;
1258 /* Keep the list sorted from biggest to smallest block. */
1259 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1260 if (block->length < new_block->length) {
1265 QTAILQ_INSERT_BEFORE(block, new_block, next);
1267 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1269 ram_list.mru_block = NULL;
1272 qemu_mutex_unlock_ramlist();
1274 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1275 last_ram_offset() >> TARGET_PAGE_BITS);
1276 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1277 0, size >> TARGET_PAGE_BITS);
1278 cpu_physical_memory_set_dirty_range(new_block->offset, size);
1280 qemu_ram_setup_dump(new_block->host, size);
1281 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1282 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1285 kvm_setup_guest_memory(new_block->host, size);
1287 return new_block->offset;
1290 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1292 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1295 void qemu_ram_free_from_ptr(ram_addr_t addr)
1299 /* This assumes the iothread lock is taken here too. */
1300 qemu_mutex_lock_ramlist();
1301 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1302 if (addr == block->offset) {
1303 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1304 ram_list.mru_block = NULL;
1310 qemu_mutex_unlock_ramlist();
1313 void qemu_ram_free(ram_addr_t addr)
1317 /* This assumes the iothread lock is taken here too. */
1318 qemu_mutex_lock_ramlist();
1319 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1320 if (addr == block->offset) {
1321 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1322 ram_list.mru_block = NULL;
1324 if (block->flags & RAM_PREALLOC_MASK) {
1326 } else if (xen_enabled()) {
1327 xen_invalidate_map_cache_entry(block->host);
1329 } else if (block->fd >= 0) {
1330 munmap(block->host, block->length);
1334 qemu_anon_ram_free(block->host, block->length);
1340 qemu_mutex_unlock_ramlist();
1345 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1352 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1353 offset = addr - block->offset;
1354 if (offset < block->length) {
1355 vaddr = block->host + offset;
1356 if (block->flags & RAM_PREALLOC_MASK) {
1358 } else if (xen_enabled()) {
1362 munmap(vaddr, length);
1363 if (block->fd >= 0) {
1365 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1368 flags |= MAP_PRIVATE;
1370 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1371 flags, block->fd, offset);
1374 * Remap needs to match alloc. Accelerators that
1375 * set phys_mem_alloc never remap. If they did,
1376 * we'd need a remap hook here.
1378 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1380 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1381 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1384 if (area != vaddr) {
1385 fprintf(stderr, "Could not remap addr: "
1386 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1390 memory_try_enable_merging(vaddr, length);
1391 qemu_ram_setup_dump(vaddr, length);
1397 #endif /* !_WIN32 */
1399 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1400 With the exception of the softmmu code in this file, this should
1401 only be used for local memory (e.g. video ram) that the device owns,
1402 and knows it isn't going to access beyond the end of the block.
1404 It should not be used for general purpose DMA.
1405 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1407 void *qemu_get_ram_ptr(ram_addr_t addr)
1409 RAMBlock *block = qemu_get_ram_block(addr);
1411 if (xen_enabled()) {
1412 /* We need to check if the requested address is in the RAM
1413 * because we don't want to map the entire memory in QEMU.
1414 * In that case just map until the end of the page.
1416 if (block->offset == 0) {
1417 return xen_map_cache(addr, 0, 0);
1418 } else if (block->host == NULL) {
1420 xen_map_cache(block->offset, block->length, 1);
1423 return block->host + (addr - block->offset);
1426 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1427 * but takes a size argument */
1428 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1433 if (xen_enabled()) {
1434 return xen_map_cache(addr, *size, 1);
1438 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1439 if (addr - block->offset < block->length) {
1440 if (addr - block->offset + *size > block->length)
1441 *size = block->length - addr + block->offset;
1442 return block->host + (addr - block->offset);
1446 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1451 /* Some of the softmmu routines need to translate from a host pointer
1452 (typically a TLB entry) back to a ram offset. */
1453 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1456 uint8_t *host = ptr;
1458 if (xen_enabled()) {
1459 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1460 return qemu_get_ram_block(*ram_addr)->mr;
1463 block = ram_list.mru_block;
1464 if (block && block->host && host - block->host < block->length) {
1468 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1469 /* This case append when the block is not mapped. */
1470 if (block->host == NULL) {
1473 if (host - block->host < block->length) {
1481 *ram_addr = block->offset + (host - block->host);
1485 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1486 uint64_t val, unsigned size)
1488 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1489 tb_invalidate_phys_page_fast(ram_addr, size);
1493 stb_p(qemu_get_ram_ptr(ram_addr), val);
1496 stw_p(qemu_get_ram_ptr(ram_addr), val);
1499 stl_p(qemu_get_ram_ptr(ram_addr), val);
1504 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1505 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1506 /* we remove the notdirty callback only if the code has been
1508 if (cpu_physical_memory_is_dirty(ram_addr)) {
1509 CPUArchState *env = current_cpu->env_ptr;
1510 tlb_set_dirty(env, env->mem_io_vaddr);
1514 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1515 unsigned size, bool is_write)
1520 static const MemoryRegionOps notdirty_mem_ops = {
1521 .write = notdirty_mem_write,
1522 .valid.accepts = notdirty_mem_accepts,
1523 .endianness = DEVICE_NATIVE_ENDIAN,
1526 /* Generate a debug exception if a watchpoint has been hit. */
1527 static void check_watchpoint(int offset, int len_mask, int flags)
1529 CPUArchState *env = current_cpu->env_ptr;
1530 target_ulong pc, cs_base;
1535 if (env->watchpoint_hit) {
1536 /* We re-entered the check after replacing the TB. Now raise
1537 * the debug interrupt so that is will trigger after the
1538 * current instruction. */
1539 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1542 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1543 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1544 if ((vaddr == (wp->vaddr & len_mask) ||
1545 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1546 wp->flags |= BP_WATCHPOINT_HIT;
1547 if (!env->watchpoint_hit) {
1548 env->watchpoint_hit = wp;
1549 tb_check_watchpoint(env);
1550 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1551 env->exception_index = EXCP_DEBUG;
1554 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1555 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1556 cpu_resume_from_signal(env, NULL);
1560 wp->flags &= ~BP_WATCHPOINT_HIT;
1565 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1566 so these check for a hit then pass through to the normal out-of-line
1568 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1571 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1573 case 1: return ldub_phys(addr);
1574 case 2: return lduw_phys(addr);
1575 case 4: return ldl_phys(addr);
1580 static void watch_mem_write(void *opaque, hwaddr addr,
1581 uint64_t val, unsigned size)
1583 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1586 stb_phys(addr, val);
1589 stw_phys(addr, val);
1592 stl_phys(addr, val);
1598 static const MemoryRegionOps watch_mem_ops = {
1599 .read = watch_mem_read,
1600 .write = watch_mem_write,
1601 .endianness = DEVICE_NATIVE_ENDIAN,
1604 static uint64_t subpage_read(void *opaque, hwaddr addr,
1607 subpage_t *subpage = opaque;
1610 #if defined(DEBUG_SUBPAGE)
1611 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1612 subpage, len, addr);
1614 address_space_read(subpage->as, addr + subpage->base, buf, len);
1627 static void subpage_write(void *opaque, hwaddr addr,
1628 uint64_t value, unsigned len)
1630 subpage_t *subpage = opaque;
1633 #if defined(DEBUG_SUBPAGE)
1634 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1635 " value %"PRIx64"\n",
1636 __func__, subpage, len, addr, value);
1651 address_space_write(subpage->as, addr + subpage->base, buf, len);
1654 static bool subpage_accepts(void *opaque, hwaddr addr,
1655 unsigned len, bool is_write)
1657 subpage_t *subpage = opaque;
1658 #if defined(DEBUG_SUBPAGE)
1659 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1660 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1663 return address_space_access_valid(subpage->as, addr + subpage->base,
1667 static const MemoryRegionOps subpage_ops = {
1668 .read = subpage_read,
1669 .write = subpage_write,
1670 .valid.accepts = subpage_accepts,
1671 .endianness = DEVICE_NATIVE_ENDIAN,
1674 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1679 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1681 idx = SUBPAGE_IDX(start);
1682 eidx = SUBPAGE_IDX(end);
1683 #if defined(DEBUG_SUBPAGE)
1684 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1685 __func__, mmio, start, end, idx, eidx, section);
1687 for (; idx <= eidx; idx++) {
1688 mmio->sub_section[idx] = section;
1694 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1698 mmio = g_malloc0(sizeof(subpage_t));
1702 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1703 "subpage", TARGET_PAGE_SIZE);
1704 mmio->iomem.subpage = true;
1705 #if defined(DEBUG_SUBPAGE)
1706 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1707 mmio, base, TARGET_PAGE_SIZE);
1709 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1714 static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr)
1716 MemoryRegionSection section = {
1718 .offset_within_address_space = 0,
1719 .offset_within_region = 0,
1720 .size = int128_2_64(),
1723 return phys_section_add(map, §ion);
1726 MemoryRegion *iotlb_to_region(hwaddr index)
1728 return address_space_memory.dispatch->map.sections[
1729 index & ~TARGET_PAGE_MASK].mr;
1732 static void io_mem_init(void)
1734 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1735 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1736 "unassigned", UINT64_MAX);
1737 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1738 "notdirty", UINT64_MAX);
1739 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1740 "watch", UINT64_MAX);
1743 static void mem_begin(MemoryListener *listener)
1745 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1746 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1749 n = dummy_section(&d->map, &io_mem_unassigned);
1750 assert(n == PHYS_SECTION_UNASSIGNED);
1751 n = dummy_section(&d->map, &io_mem_notdirty);
1752 assert(n == PHYS_SECTION_NOTDIRTY);
1753 n = dummy_section(&d->map, &io_mem_rom);
1754 assert(n == PHYS_SECTION_ROM);
1755 n = dummy_section(&d->map, &io_mem_watch);
1756 assert(n == PHYS_SECTION_WATCH);
1758 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1760 as->next_dispatch = d;
1763 static void mem_commit(MemoryListener *listener)
1765 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1766 AddressSpaceDispatch *cur = as->dispatch;
1767 AddressSpaceDispatch *next = as->next_dispatch;
1769 phys_page_compact_all(next, next->map.nodes_nb);
1771 as->dispatch = next;
1774 phys_sections_free(&cur->map);
1779 static void tcg_commit(MemoryListener *listener)
1783 /* since each CPU stores ram addresses in its TLB cache, we must
1784 reset the modified entries */
1787 CPUArchState *env = cpu->env_ptr;
1793 static void core_log_global_start(MemoryListener *listener)
1795 cpu_physical_memory_set_dirty_tracking(1);
1798 static void core_log_global_stop(MemoryListener *listener)
1800 cpu_physical_memory_set_dirty_tracking(0);
1803 static MemoryListener core_memory_listener = {
1804 .log_global_start = core_log_global_start,
1805 .log_global_stop = core_log_global_stop,
1809 static MemoryListener tcg_memory_listener = {
1810 .commit = tcg_commit,
1813 void address_space_init_dispatch(AddressSpace *as)
1815 as->dispatch = NULL;
1816 as->dispatch_listener = (MemoryListener) {
1818 .commit = mem_commit,
1819 .region_add = mem_add,
1820 .region_nop = mem_add,
1823 memory_listener_register(&as->dispatch_listener, as);
1826 void address_space_destroy_dispatch(AddressSpace *as)
1828 AddressSpaceDispatch *d = as->dispatch;
1830 memory_listener_unregister(&as->dispatch_listener);
1832 as->dispatch = NULL;
1835 static void memory_map_init(void)
1837 system_memory = g_malloc(sizeof(*system_memory));
1839 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1840 address_space_init(&address_space_memory, system_memory, "memory");
1842 system_io = g_malloc(sizeof(*system_io));
1843 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1845 address_space_init(&address_space_io, system_io, "I/O");
1847 memory_listener_register(&core_memory_listener, &address_space_memory);
1848 if (tcg_enabled()) {
1849 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1853 MemoryRegion *get_system_memory(void)
1855 return system_memory;
1858 MemoryRegion *get_system_io(void)
1863 #endif /* !defined(CONFIG_USER_ONLY) */
1865 /* physical memory access (slow version, mainly for debug) */
1866 #if defined(CONFIG_USER_ONLY)
1867 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1868 uint8_t *buf, int len, int is_write)
1875 page = addr & TARGET_PAGE_MASK;
1876 l = (page + TARGET_PAGE_SIZE) - addr;
1879 flags = page_get_flags(page);
1880 if (!(flags & PAGE_VALID))
1883 if (!(flags & PAGE_WRITE))
1885 /* XXX: this code should not depend on lock_user */
1886 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1889 unlock_user(p, addr, l);
1891 if (!(flags & PAGE_READ))
1893 /* XXX: this code should not depend on lock_user */
1894 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1897 unlock_user(p, addr, 0);
1908 static void invalidate_and_set_dirty(hwaddr addr,
1911 if (!cpu_physical_memory_is_dirty(addr)) {
1912 /* invalidate code */
1913 tb_invalidate_phys_page_range(addr, addr + length, 0);
1915 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1916 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1918 xen_modified_memory(addr, length);
1921 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1923 if (memory_region_is_ram(mr)) {
1924 return !(is_write && mr->readonly);
1926 if (memory_region_is_romd(mr)) {
1933 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1935 unsigned access_size_max = mr->ops->valid.max_access_size;
1937 /* Regions are assumed to support 1-4 byte accesses unless
1938 otherwise specified. */
1939 if (access_size_max == 0) {
1940 access_size_max = 4;
1943 /* Bound the maximum access by the alignment of the address. */
1944 if (!mr->ops->impl.unaligned) {
1945 unsigned align_size_max = addr & -addr;
1946 if (align_size_max != 0 && align_size_max < access_size_max) {
1947 access_size_max = align_size_max;
1951 /* Don't attempt accesses larger than the maximum. */
1952 if (l > access_size_max) {
1953 l = access_size_max;
1956 l = 1 << (qemu_fls(l) - 1);
1962 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1963 int len, bool is_write)
1974 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1977 if (!memory_access_is_direct(mr, is_write)) {
1978 l = memory_access_size(mr, l, addr1);
1979 /* XXX: could force current_cpu to NULL to avoid
1983 /* 64 bit write access */
1985 error |= io_mem_write(mr, addr1, val, 8);
1988 /* 32 bit write access */
1990 error |= io_mem_write(mr, addr1, val, 4);
1993 /* 16 bit write access */
1995 error |= io_mem_write(mr, addr1, val, 2);
1998 /* 8 bit write access */
2000 error |= io_mem_write(mr, addr1, val, 1);
2006 addr1 += memory_region_get_ram_addr(mr);
2008 ptr = qemu_get_ram_ptr(addr1);
2009 memcpy(ptr, buf, l);
2010 invalidate_and_set_dirty(addr1, l);
2013 if (!memory_access_is_direct(mr, is_write)) {
2015 l = memory_access_size(mr, l, addr1);
2018 /* 64 bit read access */
2019 error |= io_mem_read(mr, addr1, &val, 8);
2023 /* 32 bit read access */
2024 error |= io_mem_read(mr, addr1, &val, 4);
2028 /* 16 bit read access */
2029 error |= io_mem_read(mr, addr1, &val, 2);
2033 /* 8 bit read access */
2034 error |= io_mem_read(mr, addr1, &val, 1);
2042 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2043 memcpy(buf, ptr, l);
2054 bool address_space_write(AddressSpace *as, hwaddr addr,
2055 const uint8_t *buf, int len)
2057 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2060 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2062 return address_space_rw(as, addr, buf, len, false);
2066 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2067 int len, int is_write)
2069 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2072 enum write_rom_type {
2077 static inline void cpu_physical_memory_write_rom_internal(
2078 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2087 mr = address_space_translate(&address_space_memory,
2088 addr, &addr1, &l, true);
2090 if (!(memory_region_is_ram(mr) ||
2091 memory_region_is_romd(mr))) {
2094 addr1 += memory_region_get_ram_addr(mr);
2096 ptr = qemu_get_ram_ptr(addr1);
2099 memcpy(ptr, buf, l);
2100 invalidate_and_set_dirty(addr1, l);
2103 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2113 /* used for ROM loading : can write in RAM and ROM */
2114 void cpu_physical_memory_write_rom(hwaddr addr,
2115 const uint8_t *buf, int len)
2117 cpu_physical_memory_write_rom_internal(addr, buf, len, WRITE_DATA);
2120 void cpu_flush_icache_range(hwaddr start, int len)
2123 * This function should do the same thing as an icache flush that was
2124 * triggered from within the guest. For TCG we are always cache coherent,
2125 * so there is no need to flush anything. For KVM / Xen we need to flush
2126 * the host's instruction cache at least.
2128 if (tcg_enabled()) {
2132 cpu_physical_memory_write_rom_internal(start, NULL, len, FLUSH_CACHE);
2142 static BounceBuffer bounce;
2144 typedef struct MapClient {
2146 void (*callback)(void *opaque);
2147 QLIST_ENTRY(MapClient) link;
2150 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2151 = QLIST_HEAD_INITIALIZER(map_client_list);
2153 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2155 MapClient *client = g_malloc(sizeof(*client));
2157 client->opaque = opaque;
2158 client->callback = callback;
2159 QLIST_INSERT_HEAD(&map_client_list, client, link);
2163 static void cpu_unregister_map_client(void *_client)
2165 MapClient *client = (MapClient *)_client;
2167 QLIST_REMOVE(client, link);
2171 static void cpu_notify_map_clients(void)
2175 while (!QLIST_EMPTY(&map_client_list)) {
2176 client = QLIST_FIRST(&map_client_list);
2177 client->callback(client->opaque);
2178 cpu_unregister_map_client(client);
2182 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2189 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2190 if (!memory_access_is_direct(mr, is_write)) {
2191 l = memory_access_size(mr, l, addr);
2192 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2203 /* Map a physical memory region into a host virtual address.
2204 * May map a subset of the requested range, given by and returned in *plen.
2205 * May return NULL if resources needed to perform the mapping are exhausted.
2206 * Use only for reads OR writes - not for read-modify-write operations.
2207 * Use cpu_register_map_client() to know when retrying the map operation is
2208 * likely to succeed.
2210 void *address_space_map(AddressSpace *as,
2217 hwaddr l, xlat, base;
2218 MemoryRegion *mr, *this_mr;
2226 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2227 if (!memory_access_is_direct(mr, is_write)) {
2228 if (bounce.buffer) {
2231 /* Avoid unbounded allocations */
2232 l = MIN(l, TARGET_PAGE_SIZE);
2233 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2237 memory_region_ref(mr);
2240 address_space_read(as, addr, bounce.buffer, l);
2244 return bounce.buffer;
2248 raddr = memory_region_get_ram_addr(mr);
2259 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2260 if (this_mr != mr || xlat != base + done) {
2265 memory_region_ref(mr);
2267 return qemu_ram_ptr_length(raddr + base, plen);
2270 /* Unmaps a memory region previously mapped by address_space_map().
2271 * Will also mark the memory as dirty if is_write == 1. access_len gives
2272 * the amount of memory that was actually read or written by the caller.
2274 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2275 int is_write, hwaddr access_len)
2277 if (buffer != bounce.buffer) {
2281 mr = qemu_ram_addr_from_host(buffer, &addr1);
2284 while (access_len) {
2286 l = TARGET_PAGE_SIZE;
2289 invalidate_and_set_dirty(addr1, l);
2294 if (xen_enabled()) {
2295 xen_invalidate_map_cache_entry(buffer);
2297 memory_region_unref(mr);
2301 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2303 qemu_vfree(bounce.buffer);
2304 bounce.buffer = NULL;
2305 memory_region_unref(bounce.mr);
2306 cpu_notify_map_clients();
2309 void *cpu_physical_memory_map(hwaddr addr,
2313 return address_space_map(&address_space_memory, addr, plen, is_write);
2316 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2317 int is_write, hwaddr access_len)
2319 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2322 /* warning: addr must be aligned */
2323 static inline uint32_t ldl_phys_internal(hwaddr addr,
2324 enum device_endian endian)
2332 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2334 if (l < 4 || !memory_access_is_direct(mr, false)) {
2336 io_mem_read(mr, addr1, &val, 4);
2337 #if defined(TARGET_WORDS_BIGENDIAN)
2338 if (endian == DEVICE_LITTLE_ENDIAN) {
2342 if (endian == DEVICE_BIG_ENDIAN) {
2348 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2352 case DEVICE_LITTLE_ENDIAN:
2353 val = ldl_le_p(ptr);
2355 case DEVICE_BIG_ENDIAN:
2356 val = ldl_be_p(ptr);
2366 uint32_t ldl_phys(hwaddr addr)
2368 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2371 uint32_t ldl_le_phys(hwaddr addr)
2373 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2376 uint32_t ldl_be_phys(hwaddr addr)
2378 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2381 /* warning: addr must be aligned */
2382 static inline uint64_t ldq_phys_internal(hwaddr addr,
2383 enum device_endian endian)
2391 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2393 if (l < 8 || !memory_access_is_direct(mr, false)) {
2395 io_mem_read(mr, addr1, &val, 8);
2396 #if defined(TARGET_WORDS_BIGENDIAN)
2397 if (endian == DEVICE_LITTLE_ENDIAN) {
2401 if (endian == DEVICE_BIG_ENDIAN) {
2407 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2411 case DEVICE_LITTLE_ENDIAN:
2412 val = ldq_le_p(ptr);
2414 case DEVICE_BIG_ENDIAN:
2415 val = ldq_be_p(ptr);
2425 uint64_t ldq_phys(hwaddr addr)
2427 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2430 uint64_t ldq_le_phys(hwaddr addr)
2432 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2435 uint64_t ldq_be_phys(hwaddr addr)
2437 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2441 uint32_t ldub_phys(hwaddr addr)
2444 cpu_physical_memory_read(addr, &val, 1);
2448 /* warning: addr must be aligned */
2449 static inline uint32_t lduw_phys_internal(hwaddr addr,
2450 enum device_endian endian)
2458 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2460 if (l < 2 || !memory_access_is_direct(mr, false)) {
2462 io_mem_read(mr, addr1, &val, 2);
2463 #if defined(TARGET_WORDS_BIGENDIAN)
2464 if (endian == DEVICE_LITTLE_ENDIAN) {
2468 if (endian == DEVICE_BIG_ENDIAN) {
2474 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2478 case DEVICE_LITTLE_ENDIAN:
2479 val = lduw_le_p(ptr);
2481 case DEVICE_BIG_ENDIAN:
2482 val = lduw_be_p(ptr);
2492 uint32_t lduw_phys(hwaddr addr)
2494 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2497 uint32_t lduw_le_phys(hwaddr addr)
2499 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2502 uint32_t lduw_be_phys(hwaddr addr)
2504 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2507 /* warning: addr must be aligned. The ram page is not masked as dirty
2508 and the code inside is not invalidated. It is useful if the dirty
2509 bits are used to track modified PTEs */
2510 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2517 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2519 if (l < 4 || !memory_access_is_direct(mr, true)) {
2520 io_mem_write(mr, addr1, val, 4);
2522 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2523 ptr = qemu_get_ram_ptr(addr1);
2526 if (unlikely(in_migration)) {
2527 if (!cpu_physical_memory_is_dirty(addr1)) {
2528 /* invalidate code */
2529 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2531 cpu_physical_memory_set_dirty_flag(addr1,
2532 DIRTY_MEMORY_MIGRATION);
2533 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2539 /* warning: addr must be aligned */
2540 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2541 enum device_endian endian)
2548 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2550 if (l < 4 || !memory_access_is_direct(mr, true)) {
2551 #if defined(TARGET_WORDS_BIGENDIAN)
2552 if (endian == DEVICE_LITTLE_ENDIAN) {
2556 if (endian == DEVICE_BIG_ENDIAN) {
2560 io_mem_write(mr, addr1, val, 4);
2563 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2564 ptr = qemu_get_ram_ptr(addr1);
2566 case DEVICE_LITTLE_ENDIAN:
2569 case DEVICE_BIG_ENDIAN:
2576 invalidate_and_set_dirty(addr1, 4);
2580 void stl_phys(hwaddr addr, uint32_t val)
2582 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2585 void stl_le_phys(hwaddr addr, uint32_t val)
2587 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2590 void stl_be_phys(hwaddr addr, uint32_t val)
2592 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2596 void stb_phys(hwaddr addr, uint32_t val)
2599 cpu_physical_memory_write(addr, &v, 1);
2602 /* warning: addr must be aligned */
2603 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2604 enum device_endian endian)
2611 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2613 if (l < 2 || !memory_access_is_direct(mr, true)) {
2614 #if defined(TARGET_WORDS_BIGENDIAN)
2615 if (endian == DEVICE_LITTLE_ENDIAN) {
2619 if (endian == DEVICE_BIG_ENDIAN) {
2623 io_mem_write(mr, addr1, val, 2);
2626 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2627 ptr = qemu_get_ram_ptr(addr1);
2629 case DEVICE_LITTLE_ENDIAN:
2632 case DEVICE_BIG_ENDIAN:
2639 invalidate_and_set_dirty(addr1, 2);
2643 void stw_phys(hwaddr addr, uint32_t val)
2645 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2648 void stw_le_phys(hwaddr addr, uint32_t val)
2650 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2653 void stw_be_phys(hwaddr addr, uint32_t val)
2655 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2659 void stq_phys(hwaddr addr, uint64_t val)
2662 cpu_physical_memory_write(addr, &val, 8);
2665 void stq_le_phys(hwaddr addr, uint64_t val)
2667 val = cpu_to_le64(val);
2668 cpu_physical_memory_write(addr, &val, 8);
2671 void stq_be_phys(hwaddr addr, uint64_t val)
2673 val = cpu_to_be64(val);
2674 cpu_physical_memory_write(addr, &val, 8);
2677 /* virtual memory access for debug (includes writing to ROM) */
2678 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2679 uint8_t *buf, int len, int is_write)
2686 page = addr & TARGET_PAGE_MASK;
2687 phys_addr = cpu_get_phys_page_debug(cpu, page);
2688 /* if no physical page mapped, return an error */
2689 if (phys_addr == -1)
2691 l = (page + TARGET_PAGE_SIZE) - addr;
2694 phys_addr += (addr & ~TARGET_PAGE_MASK);
2696 cpu_physical_memory_write_rom(phys_addr, buf, l);
2698 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2707 #if !defined(CONFIG_USER_ONLY)
2710 * A helper function for the _utterly broken_ virtio device model to find out if
2711 * it's running on a big endian machine. Don't do this at home kids!
2713 bool virtio_is_big_endian(void);
2714 bool virtio_is_big_endian(void)
2716 #if defined(TARGET_WORDS_BIGENDIAN)
2725 #ifndef CONFIG_USER_ONLY
2726 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2731 mr = address_space_translate(&address_space_memory,
2732 phys_addr, &phys_addr, &l, false);
2734 return !(memory_region_is_ram(mr) ||
2735 memory_region_is_romd(mr));
2738 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2742 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2743 func(block->host, block->offset, block->length, opaque);
projects / qemu.git / blob