2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
35 #include "qemu-timer.h"
37 #include "exec-memory.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
55 #else /* !CONFIG_USER_ONLY */
56 #include "xen-mapcache.h"
62 #define WANT_EXEC_OBSOLETE
63 #include "exec-obsolete.h"
65 //#define DEBUG_TB_INVALIDATE
67 //#define DEBUG_UNASSIGNED
69 /* make various TB consistency checks */
70 //#define DEBUG_TB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
96 #elif defined(_WIN32) && !defined(_WIN64)
97 #define code_gen_section \
98 __attribute__((aligned (16)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 static uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
113 static int in_migration;
115 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
117 static MemoryRegion *system_memory;
118 static MemoryRegion *system_io;
120 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
121 static MemoryRegion io_mem_subpage_ram;
125 CPUArchState *first_cpu;
126 /* current CPU in the current thread. It is only valid inside
128 DEFINE_TLS(CPUArchState *,cpu_single_env);
129 /* 0 = Do not count executed instructions.
130 1 = Precise instruction counting.
131 2 = Adaptive rate instruction counting. */
134 typedef struct PageDesc {
135 /* list of TBs intersecting this ram page */
136 TranslationBlock *first_tb;
137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141 #if defined(CONFIG_USER_ONLY)
146 /* In system mode we want L1_MAP to be based on ram offsets,
147 while in user mode we want it to be based on virtual addresses. */
148 #if !defined(CONFIG_USER_ONLY)
149 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
155 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
158 /* Size of the L2 (and L3, etc) page tables. */
160 #define L2_SIZE (1 << L2_BITS)
162 #define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165 /* The bits remaining after N lower levels of page tables. */
166 #define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169 #if V_L1_BITS_REM < 4
170 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172 #define V_L1_BITS V_L1_BITS_REM
175 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179 uintptr_t qemu_real_host_page_size;
180 uintptr_t qemu_host_page_size;
181 uintptr_t qemu_host_page_mask;
183 /* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185 static void *l1_map[V_L1_SIZE];
187 #if !defined(CONFIG_USER_ONLY)
188 typedef struct PhysPageEntry PhysPageEntry;
190 static MemoryRegionSection *phys_sections;
191 static unsigned phys_sections_nb, phys_sections_nb_alloc;
192 static uint16_t phys_section_unassigned;
193 static uint16_t phys_section_notdirty;
194 static uint16_t phys_section_rom;
195 static uint16_t phys_section_watch;
197 struct PhysPageEntry {
198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
203 /* Simple allocator for PhysPageEntry nodes */
204 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
207 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
209 /* This is a multi-level map on the physical address space.
210 The bottom level has pointers to MemoryRegionSections. */
211 static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
213 static void io_mem_init(void);
214 static void memory_map_init(void);
216 static MemoryRegion io_mem_watch;
221 static const char *logfilename = "qemu.log";
223 static const char *logfilename = "/tmp/qemu.log";
227 static int log_append = 0;
230 static int tb_flush_count;
231 static int tb_phys_invalidate_count;
234 static void map_exec(void *addr, long size)
237 VirtualProtect(addr, size,
238 PAGE_EXECUTE_READWRITE, &old_protect);
242 static void map_exec(void *addr, long size)
244 unsigned long start, end, page_size;
246 page_size = getpagesize();
247 start = (unsigned long)addr;
248 start &= ~(page_size - 1);
250 end = (unsigned long)addr + size;
251 end += page_size - 1;
252 end &= ~(page_size - 1);
254 mprotect((void *)start, end - start,
255 PROT_READ | PROT_WRITE | PROT_EXEC);
259 static void page_init(void)
261 /* NOTE: we can always suppose that qemu_host_page_size >=
265 SYSTEM_INFO system_info;
267 GetSystemInfo(&system_info);
268 qemu_real_host_page_size = system_info.dwPageSize;
271 qemu_real_host_page_size = getpagesize();
273 if (qemu_host_page_size == 0)
274 qemu_host_page_size = qemu_real_host_page_size;
275 if (qemu_host_page_size < TARGET_PAGE_SIZE)
276 qemu_host_page_size = TARGET_PAGE_SIZE;
277 qemu_host_page_mask = ~(qemu_host_page_size - 1);
279 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
281 #ifdef HAVE_KINFO_GETVMMAP
282 struct kinfo_vmentry *freep;
285 freep = kinfo_getvmmap(getpid(), &cnt);
288 for (i = 0; i < cnt; i++) {
289 unsigned long startaddr, endaddr;
291 startaddr = freep[i].kve_start;
292 endaddr = freep[i].kve_end;
293 if (h2g_valid(startaddr)) {
294 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
296 if (h2g_valid(endaddr)) {
297 endaddr = h2g(endaddr);
298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
300 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
313 last_brk = (unsigned long)sbrk(0);
315 f = fopen("/compat/linux/proc/self/maps", "r");
320 unsigned long startaddr, endaddr;
323 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
325 if (n == 2 && h2g_valid(startaddr)) {
326 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
328 if (h2g_valid(endaddr)) {
329 endaddr = h2g(endaddr);
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
345 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
351 #if defined(CONFIG_USER_ONLY)
352 /* We can't use g_malloc because it may recurse into a locked mutex. */
353 # define ALLOC(P, SIZE) \
355 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
356 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
359 # define ALLOC(P, SIZE) \
360 do { P = g_malloc0(SIZE); } while (0)
363 /* Level 1. Always allocated. */
364 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
367 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
374 ALLOC(p, sizeof(void *) * L2_SIZE);
378 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
386 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
392 return pd + (index & (L2_SIZE - 1));
395 static inline PageDesc *page_find(tb_page_addr_t index)
397 return page_find_alloc(index, 0);
400 #if !defined(CONFIG_USER_ONLY)
402 static void phys_map_node_reserve(unsigned nodes)
404 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
405 typedef PhysPageEntry Node[L2_SIZE];
406 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
407 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
408 phys_map_nodes_nb + nodes);
409 phys_map_nodes = g_renew(Node, phys_map_nodes,
410 phys_map_nodes_nb_alloc);
414 static uint16_t phys_map_node_alloc(void)
419 ret = phys_map_nodes_nb++;
420 assert(ret != PHYS_MAP_NODE_NIL);
421 assert(ret != phys_map_nodes_nb_alloc);
422 for (i = 0; i < L2_SIZE; ++i) {
423 phys_map_nodes[ret][i].is_leaf = 0;
424 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
429 static void phys_map_nodes_reset(void)
431 phys_map_nodes_nb = 0;
435 static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
436 target_phys_addr_t *nb, uint16_t leaf,
441 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
443 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
444 lp->ptr = phys_map_node_alloc();
445 p = phys_map_nodes[lp->ptr];
447 for (i = 0; i < L2_SIZE; i++) {
449 p[i].ptr = phys_section_unassigned;
453 p = phys_map_nodes[lp->ptr];
455 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
457 while (*nb && lp < &p[L2_SIZE]) {
458 if ((*index & (step - 1)) == 0 && *nb >= step) {
464 phys_page_set_level(lp, index, nb, leaf, level - 1);
470 static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
473 /* Wildly overreserve - it doesn't matter much. */
474 phys_map_node_reserve(3 * P_L2_LEVELS);
476 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
479 MemoryRegionSection *phys_page_find(target_phys_addr_t index)
481 PhysPageEntry lp = phys_map;
484 uint16_t s_index = phys_section_unassigned;
486 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
487 if (lp.ptr == PHYS_MAP_NODE_NIL) {
490 p = phys_map_nodes[lp.ptr];
491 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
496 return &phys_sections[s_index];
499 bool memory_region_is_unassigned(MemoryRegion *mr)
501 return mr != &io_mem_ram && mr != &io_mem_rom
502 && mr != &io_mem_notdirty && !mr->rom_device
503 && mr != &io_mem_watch;
506 #define mmap_lock() do { } while(0)
507 #define mmap_unlock() do { } while(0)
510 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
512 #if defined(CONFIG_USER_ONLY)
513 /* Currently it is not recommended to allocate big chunks of data in
514 user mode. It will change when a dedicated libc will be used */
515 #define USE_STATIC_CODE_GEN_BUFFER
518 #ifdef USE_STATIC_CODE_GEN_BUFFER
519 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
520 __attribute__((aligned (CODE_GEN_ALIGN)));
523 static void code_gen_alloc(unsigned long tb_size)
525 #ifdef USE_STATIC_CODE_GEN_BUFFER
526 code_gen_buffer = static_code_gen_buffer;
527 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
528 map_exec(code_gen_buffer, code_gen_buffer_size);
530 code_gen_buffer_size = tb_size;
531 if (code_gen_buffer_size == 0) {
532 #if defined(CONFIG_USER_ONLY)
533 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
535 /* XXX: needs adjustments */
536 code_gen_buffer_size = (unsigned long)(ram_size / 4);
539 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
540 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
541 /* The code gen buffer location may have constraints depending on
542 the host cpu and OS */
543 #if defined(__linux__)
548 flags = MAP_PRIVATE | MAP_ANONYMOUS;
549 #if defined(__x86_64__)
551 /* Cannot map more than that */
552 if (code_gen_buffer_size > (800 * 1024 * 1024))
553 code_gen_buffer_size = (800 * 1024 * 1024);
554 #elif defined(__sparc_v9__)
555 // Map the buffer below 2G, so we can use direct calls and branches
557 start = (void *) 0x60000000UL;
558 if (code_gen_buffer_size > (512 * 1024 * 1024))
559 code_gen_buffer_size = (512 * 1024 * 1024);
560 #elif defined(__arm__)
561 /* Keep the buffer no bigger than 16MB to branch between blocks */
562 if (code_gen_buffer_size > 16 * 1024 * 1024)
563 code_gen_buffer_size = 16 * 1024 * 1024;
564 #elif defined(__s390x__)
565 /* Map the buffer so that we can use direct calls and branches. */
566 /* We have a +- 4GB range on the branches; leave some slop. */
567 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
568 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
570 start = (void *)0x90000000UL;
572 code_gen_buffer = mmap(start, code_gen_buffer_size,
573 PROT_WRITE | PROT_READ | PROT_EXEC,
575 if (code_gen_buffer == MAP_FAILED) {
576 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
580 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
581 || defined(__DragonFly__) || defined(__OpenBSD__) \
582 || defined(__NetBSD__)
586 flags = MAP_PRIVATE | MAP_ANONYMOUS;
587 #if defined(__x86_64__)
588 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
589 * 0x40000000 is free */
591 addr = (void *)0x40000000;
592 /* Cannot map more than that */
593 if (code_gen_buffer_size > (800 * 1024 * 1024))
594 code_gen_buffer_size = (800 * 1024 * 1024);
595 #elif defined(__sparc_v9__)
596 // Map the buffer below 2G, so we can use direct calls and branches
598 addr = (void *) 0x60000000UL;
599 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
600 code_gen_buffer_size = (512 * 1024 * 1024);
603 code_gen_buffer = mmap(addr, code_gen_buffer_size,
604 PROT_WRITE | PROT_READ | PROT_EXEC,
606 if (code_gen_buffer == MAP_FAILED) {
607 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
612 code_gen_buffer = g_malloc(code_gen_buffer_size);
613 map_exec(code_gen_buffer, code_gen_buffer_size);
615 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
616 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
617 code_gen_buffer_max_size = code_gen_buffer_size -
618 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
619 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
620 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
623 /* Must be called before using the QEMU cpus. 'tb_size' is the size
624 (in bytes) allocated to the translation buffer. Zero means default
626 void tcg_exec_init(unsigned long tb_size)
629 code_gen_alloc(tb_size);
630 code_gen_ptr = code_gen_buffer;
631 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
633 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
634 /* There's no guest base to take into account, so go ahead and
635 initialize the prologue now. */
636 tcg_prologue_init(&tcg_ctx);
640 bool tcg_enabled(void)
642 return code_gen_buffer != NULL;
645 void cpu_exec_init_all(void)
647 #if !defined(CONFIG_USER_ONLY)
653 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
655 static int cpu_common_post_load(void *opaque, int version_id)
657 CPUArchState *env = opaque;
659 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
660 version_id is increased. */
661 env->interrupt_request &= ~0x01;
667 static const VMStateDescription vmstate_cpu_common = {
668 .name = "cpu_common",
670 .minimum_version_id = 1,
671 .minimum_version_id_old = 1,
672 .post_load = cpu_common_post_load,
673 .fields = (VMStateField []) {
674 VMSTATE_UINT32(halted, CPUArchState),
675 VMSTATE_UINT32(interrupt_request, CPUArchState),
676 VMSTATE_END_OF_LIST()
681 CPUArchState *qemu_get_cpu(int cpu)
683 CPUArchState *env = first_cpu;
686 if (env->cpu_index == cpu)
694 void cpu_exec_init(CPUArchState *env)
699 #if defined(CONFIG_USER_ONLY)
702 env->next_cpu = NULL;
705 while (*penv != NULL) {
706 penv = &(*penv)->next_cpu;
709 env->cpu_index = cpu_index;
711 QTAILQ_INIT(&env->breakpoints);
712 QTAILQ_INIT(&env->watchpoints);
713 #ifndef CONFIG_USER_ONLY
714 env->thread_id = qemu_get_thread_id();
717 #if defined(CONFIG_USER_ONLY)
720 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
721 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
722 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
723 cpu_save, cpu_load, env);
727 /* Allocate a new translation block. Flush the translation buffer if
728 too many translation blocks or too much generated code. */
729 static TranslationBlock *tb_alloc(target_ulong pc)
731 TranslationBlock *tb;
733 if (nb_tbs >= code_gen_max_blocks ||
734 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
742 void tb_free(TranslationBlock *tb)
744 /* In practice this is mostly used for single use temporary TB
745 Ignore the hard cases and just back up if this TB happens to
746 be the last one generated. */
747 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
748 code_gen_ptr = tb->tc_ptr;
753 static inline void invalidate_page_bitmap(PageDesc *p)
755 if (p->code_bitmap) {
756 g_free(p->code_bitmap);
757 p->code_bitmap = NULL;
759 p->code_write_count = 0;
762 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
764 static void page_flush_tb_1 (int level, void **lp)
773 for (i = 0; i < L2_SIZE; ++i) {
774 pd[i].first_tb = NULL;
775 invalidate_page_bitmap(pd + i);
779 for (i = 0; i < L2_SIZE; ++i) {
780 page_flush_tb_1 (level - 1, pp + i);
785 static void page_flush_tb(void)
788 for (i = 0; i < V_L1_SIZE; i++) {
789 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
793 /* flush all the translation blocks */
794 /* XXX: tb_flush is currently not thread safe */
795 void tb_flush(CPUArchState *env1)
798 #if defined(DEBUG_FLUSH)
799 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
800 (unsigned long)(code_gen_ptr - code_gen_buffer),
802 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
804 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
805 cpu_abort(env1, "Internal error: code buffer overflow\n");
809 for(env = first_cpu; env != NULL; env = env->next_cpu) {
810 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
813 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
816 code_gen_ptr = code_gen_buffer;
817 /* XXX: flush processor icache at this point if cache flush is
822 #ifdef DEBUG_TB_CHECK
824 static void tb_invalidate_check(target_ulong address)
826 TranslationBlock *tb;
828 address &= TARGET_PAGE_MASK;
829 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
830 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
831 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
832 address >= tb->pc + tb->size)) {
833 printf("ERROR invalidate: address=" TARGET_FMT_lx
834 " PC=%08lx size=%04x\n",
835 address, (long)tb->pc, tb->size);
841 /* verify that all the pages have correct rights for code */
842 static void tb_page_check(void)
844 TranslationBlock *tb;
845 int i, flags1, flags2;
847 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
848 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
849 flags1 = page_get_flags(tb->pc);
850 flags2 = page_get_flags(tb->pc + tb->size - 1);
851 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
852 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
853 (long)tb->pc, tb->size, flags1, flags2);
861 /* invalidate one TB */
862 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
865 TranslationBlock *tb1;
869 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
872 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
876 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
878 TranslationBlock *tb1;
883 n1 = (uintptr_t)tb1 & 3;
884 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
886 *ptb = tb1->page_next[n1];
889 ptb = &tb1->page_next[n1];
893 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
895 TranslationBlock *tb1, **ptb;
898 ptb = &tb->jmp_next[n];
901 /* find tb(n) in circular list */
904 n1 = (uintptr_t)tb1 & 3;
905 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
906 if (n1 == n && tb1 == tb)
909 ptb = &tb1->jmp_first;
911 ptb = &tb1->jmp_next[n1];
914 /* now we can suppress tb(n) from the list */
915 *ptb = tb->jmp_next[n];
917 tb->jmp_next[n] = NULL;
921 /* reset the jump entry 'n' of a TB so that it is not chained to
923 static inline void tb_reset_jump(TranslationBlock *tb, int n)
925 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
928 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
933 tb_page_addr_t phys_pc;
934 TranslationBlock *tb1, *tb2;
936 /* remove the TB from the hash list */
937 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
938 h = tb_phys_hash_func(phys_pc);
939 tb_remove(&tb_phys_hash[h], tb,
940 offsetof(TranslationBlock, phys_hash_next));
942 /* remove the TB from the page list */
943 if (tb->page_addr[0] != page_addr) {
944 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
945 tb_page_remove(&p->first_tb, tb);
946 invalidate_page_bitmap(p);
948 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
949 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
950 tb_page_remove(&p->first_tb, tb);
951 invalidate_page_bitmap(p);
954 tb_invalidated_flag = 1;
956 /* remove the TB from the hash list */
957 h = tb_jmp_cache_hash_func(tb->pc);
958 for(env = first_cpu; env != NULL; env = env->next_cpu) {
959 if (env->tb_jmp_cache[h] == tb)
960 env->tb_jmp_cache[h] = NULL;
963 /* suppress this TB from the two jump lists */
964 tb_jmp_remove(tb, 0);
965 tb_jmp_remove(tb, 1);
967 /* suppress any remaining jumps to this TB */
970 n1 = (uintptr_t)tb1 & 3;
973 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
974 tb2 = tb1->jmp_next[n1];
975 tb_reset_jump(tb1, n1);
976 tb1->jmp_next[n1] = NULL;
979 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
981 tb_phys_invalidate_count++;
984 static inline void set_bits(uint8_t *tab, int start, int len)
990 mask = 0xff << (start & 7);
991 if ((start & ~7) == (end & ~7)) {
993 mask &= ~(0xff << (end & 7));
998 start = (start + 8) & ~7;
1000 while (start < end1) {
1005 mask = ~(0xff << (end & 7));
1011 static void build_page_bitmap(PageDesc *p)
1013 int n, tb_start, tb_end;
1014 TranslationBlock *tb;
1016 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
1019 while (tb != NULL) {
1020 n = (uintptr_t)tb & 3;
1021 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1022 /* NOTE: this is subtle as a TB may span two physical pages */
1024 /* NOTE: tb_end may be after the end of the page, but
1025 it is not a problem */
1026 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1027 tb_end = tb_start + tb->size;
1028 if (tb_end > TARGET_PAGE_SIZE)
1029 tb_end = TARGET_PAGE_SIZE;
1032 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1034 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1035 tb = tb->page_next[n];
1039 TranslationBlock *tb_gen_code(CPUArchState *env,
1040 target_ulong pc, target_ulong cs_base,
1041 int flags, int cflags)
1043 TranslationBlock *tb;
1045 tb_page_addr_t phys_pc, phys_page2;
1046 target_ulong virt_page2;
1049 phys_pc = get_page_addr_code(env, pc);
1052 /* flush must be done */
1054 /* cannot fail at this point */
1056 /* Don't forget to invalidate previous TB info. */
1057 tb_invalidated_flag = 1;
1059 tc_ptr = code_gen_ptr;
1060 tb->tc_ptr = tc_ptr;
1061 tb->cs_base = cs_base;
1063 tb->cflags = cflags;
1064 cpu_gen_code(env, tb, &code_gen_size);
1065 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1066 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1068 /* check next page if needed */
1069 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1071 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1072 phys_page2 = get_page_addr_code(env, virt_page2);
1074 tb_link_page(tb, phys_pc, phys_page2);
1079 * invalidate all TBs which intersect with the target physical pages
1080 * starting in range [start;end[. NOTE: start and end may refer to
1081 * different physical pages. 'is_cpu_write_access' should be true if called
1082 * from a real cpu write access: the virtual CPU will exit the current
1083 * TB if code is modified inside this TB.
1085 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1086 int is_cpu_write_access)
1088 while (start < end) {
1089 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1090 start &= TARGET_PAGE_MASK;
1091 start += TARGET_PAGE_SIZE;
1095 /* invalidate all TBs which intersect with the target physical page
1096 starting in range [start;end[. NOTE: start and end must refer to
1097 the same physical page. 'is_cpu_write_access' should be true if called
1098 from a real cpu write access: the virtual CPU will exit the current
1099 TB if code is modified inside this TB. */
1100 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1101 int is_cpu_write_access)
1103 TranslationBlock *tb, *tb_next, *saved_tb;
1104 CPUArchState *env = cpu_single_env;
1105 tb_page_addr_t tb_start, tb_end;
1108 #ifdef TARGET_HAS_PRECISE_SMC
1109 int current_tb_not_found = is_cpu_write_access;
1110 TranslationBlock *current_tb = NULL;
1111 int current_tb_modified = 0;
1112 target_ulong current_pc = 0;
1113 target_ulong current_cs_base = 0;
1114 int current_flags = 0;
1115 #endif /* TARGET_HAS_PRECISE_SMC */
1117 p = page_find(start >> TARGET_PAGE_BITS);
1120 if (!p->code_bitmap &&
1121 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1122 is_cpu_write_access) {
1123 /* build code bitmap */
1124 build_page_bitmap(p);
1127 /* we remove all the TBs in the range [start, end[ */
1128 /* XXX: see if in some cases it could be faster to invalidate all the code */
1130 while (tb != NULL) {
1131 n = (uintptr_t)tb & 3;
1132 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1133 tb_next = tb->page_next[n];
1134 /* NOTE: this is subtle as a TB may span two physical pages */
1136 /* NOTE: tb_end may be after the end of the page, but
1137 it is not a problem */
1138 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1139 tb_end = tb_start + tb->size;
1141 tb_start = tb->page_addr[1];
1142 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1144 if (!(tb_end <= start || tb_start >= end)) {
1145 #ifdef TARGET_HAS_PRECISE_SMC
1146 if (current_tb_not_found) {
1147 current_tb_not_found = 0;
1149 if (env->mem_io_pc) {
1150 /* now we have a real cpu fault */
1151 current_tb = tb_find_pc(env->mem_io_pc);
1154 if (current_tb == tb &&
1155 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1156 /* If we are modifying the current TB, we must stop
1157 its execution. We could be more precise by checking
1158 that the modification is after the current PC, but it
1159 would require a specialized function to partially
1160 restore the CPU state */
1162 current_tb_modified = 1;
1163 cpu_restore_state(current_tb, env, env->mem_io_pc);
1164 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1167 #endif /* TARGET_HAS_PRECISE_SMC */
1168 /* we need to do that to handle the case where a signal
1169 occurs while doing tb_phys_invalidate() */
1172 saved_tb = env->current_tb;
1173 env->current_tb = NULL;
1175 tb_phys_invalidate(tb, -1);
1177 env->current_tb = saved_tb;
1178 if (env->interrupt_request && env->current_tb)
1179 cpu_interrupt(env, env->interrupt_request);
1184 #if !defined(CONFIG_USER_ONLY)
1185 /* if no code remaining, no need to continue to use slow writes */
1187 invalidate_page_bitmap(p);
1188 if (is_cpu_write_access) {
1189 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1193 #ifdef TARGET_HAS_PRECISE_SMC
1194 if (current_tb_modified) {
1195 /* we generate a block containing just the instruction
1196 modifying the memory. It will ensure that it cannot modify
1198 env->current_tb = NULL;
1199 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1200 cpu_resume_from_signal(env, NULL);
1205 /* len must be <= 8 and start must be a multiple of len */
1206 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1212 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1213 cpu_single_env->mem_io_vaddr, len,
1214 cpu_single_env->eip,
1215 cpu_single_env->eip +
1216 (intptr_t)cpu_single_env->segs[R_CS].base);
1219 p = page_find(start >> TARGET_PAGE_BITS);
1222 if (p->code_bitmap) {
1223 offset = start & ~TARGET_PAGE_MASK;
1224 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1225 if (b & ((1 << len) - 1))
1229 tb_invalidate_phys_page_range(start, start + len, 1);
1233 #if !defined(CONFIG_SOFTMMU)
1234 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1235 uintptr_t pc, void *puc)
1237 TranslationBlock *tb;
1240 #ifdef TARGET_HAS_PRECISE_SMC
1241 TranslationBlock *current_tb = NULL;
1242 CPUArchState *env = cpu_single_env;
1243 int current_tb_modified = 0;
1244 target_ulong current_pc = 0;
1245 target_ulong current_cs_base = 0;
1246 int current_flags = 0;
1249 addr &= TARGET_PAGE_MASK;
1250 p = page_find(addr >> TARGET_PAGE_BITS);
1254 #ifdef TARGET_HAS_PRECISE_SMC
1255 if (tb && pc != 0) {
1256 current_tb = tb_find_pc(pc);
1259 while (tb != NULL) {
1260 n = (uintptr_t)tb & 3;
1261 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1262 #ifdef TARGET_HAS_PRECISE_SMC
1263 if (current_tb == tb &&
1264 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1265 /* If we are modifying the current TB, we must stop
1266 its execution. We could be more precise by checking
1267 that the modification is after the current PC, but it
1268 would require a specialized function to partially
1269 restore the CPU state */
1271 current_tb_modified = 1;
1272 cpu_restore_state(current_tb, env, pc);
1273 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1276 #endif /* TARGET_HAS_PRECISE_SMC */
1277 tb_phys_invalidate(tb, addr);
1278 tb = tb->page_next[n];
1281 #ifdef TARGET_HAS_PRECISE_SMC
1282 if (current_tb_modified) {
1283 /* we generate a block containing just the instruction
1284 modifying the memory. It will ensure that it cannot modify
1286 env->current_tb = NULL;
1287 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1288 cpu_resume_from_signal(env, puc);
1294 /* add the tb in the target page and protect it if necessary */
1295 static inline void tb_alloc_page(TranslationBlock *tb,
1296 unsigned int n, tb_page_addr_t page_addr)
1299 #ifndef CONFIG_USER_ONLY
1300 bool page_already_protected;
1303 tb->page_addr[n] = page_addr;
1304 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1305 tb->page_next[n] = p->first_tb;
1306 #ifndef CONFIG_USER_ONLY
1307 page_already_protected = p->first_tb != NULL;
1309 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1310 invalidate_page_bitmap(p);
1312 #if defined(TARGET_HAS_SMC) || 1
1314 #if defined(CONFIG_USER_ONLY)
1315 if (p->flags & PAGE_WRITE) {
1320 /* force the host page as non writable (writes will have a
1321 page fault + mprotect overhead) */
1322 page_addr &= qemu_host_page_mask;
1324 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1325 addr += TARGET_PAGE_SIZE) {
1327 p2 = page_find (addr >> TARGET_PAGE_BITS);
1331 p2->flags &= ~PAGE_WRITE;
1333 mprotect(g2h(page_addr), qemu_host_page_size,
1334 (prot & PAGE_BITS) & ~PAGE_WRITE);
1335 #ifdef DEBUG_TB_INVALIDATE
1336 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1341 /* if some code is already present, then the pages are already
1342 protected. So we handle the case where only the first TB is
1343 allocated in a physical page */
1344 if (!page_already_protected) {
1345 tlb_protect_code(page_addr);
1349 #endif /* TARGET_HAS_SMC */
1352 /* add a new TB and link it to the physical page tables. phys_page2 is
1353 (-1) to indicate that only one page contains the TB. */
1354 void tb_link_page(TranslationBlock *tb,
1355 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1358 TranslationBlock **ptb;
1360 /* Grab the mmap lock to stop another thread invalidating this TB
1361 before we are done. */
1363 /* add in the physical hash table */
1364 h = tb_phys_hash_func(phys_pc);
1365 ptb = &tb_phys_hash[h];
1366 tb->phys_hash_next = *ptb;
1369 /* add in the page list */
1370 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1371 if (phys_page2 != -1)
1372 tb_alloc_page(tb, 1, phys_page2);
1374 tb->page_addr[1] = -1;
1376 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1377 tb->jmp_next[0] = NULL;
1378 tb->jmp_next[1] = NULL;
1380 /* init original jump addresses */
1381 if (tb->tb_next_offset[0] != 0xffff)
1382 tb_reset_jump(tb, 0);
1383 if (tb->tb_next_offset[1] != 0xffff)
1384 tb_reset_jump(tb, 1);
1386 #ifdef DEBUG_TB_CHECK
1392 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1393 tb[1].tc_ptr. Return NULL if not found */
1394 TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1396 int m_min, m_max, m;
1398 TranslationBlock *tb;
1402 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1403 tc_ptr >= (uintptr_t)code_gen_ptr) {
1406 /* binary search (cf Knuth) */
1409 while (m_min <= m_max) {
1410 m = (m_min + m_max) >> 1;
1412 v = (uintptr_t)tb->tc_ptr;
1415 else if (tc_ptr < v) {
1424 static void tb_reset_jump_recursive(TranslationBlock *tb);
1426 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1428 TranslationBlock *tb1, *tb_next, **ptb;
1431 tb1 = tb->jmp_next[n];
1433 /* find head of list */
1435 n1 = (uintptr_t)tb1 & 3;
1436 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1439 tb1 = tb1->jmp_next[n1];
1441 /* we are now sure now that tb jumps to tb1 */
1444 /* remove tb from the jmp_first list */
1445 ptb = &tb_next->jmp_first;
1448 n1 = (uintptr_t)tb1 & 3;
1449 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1450 if (n1 == n && tb1 == tb)
1452 ptb = &tb1->jmp_next[n1];
1454 *ptb = tb->jmp_next[n];
1455 tb->jmp_next[n] = NULL;
1457 /* suppress the jump to next tb in generated code */
1458 tb_reset_jump(tb, n);
1460 /* suppress jumps in the tb on which we could have jumped */
1461 tb_reset_jump_recursive(tb_next);
1465 static void tb_reset_jump_recursive(TranslationBlock *tb)
1467 tb_reset_jump_recursive2(tb, 0);
1468 tb_reset_jump_recursive2(tb, 1);
1471 #if defined(TARGET_HAS_ICE)
1472 #if defined(CONFIG_USER_ONLY)
1473 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1475 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1478 void tb_invalidate_phys_addr(target_phys_addr_t addr)
1480 ram_addr_t ram_addr;
1481 MemoryRegionSection *section;
1483 section = phys_page_find(addr >> TARGET_PAGE_BITS);
1484 if (!(memory_region_is_ram(section->mr)
1485 || (section->mr->rom_device && section->mr->readable))) {
1488 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1489 + memory_region_section_addr(section, addr);
1490 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1493 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1495 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc));
1498 #endif /* TARGET_HAS_ICE */
1500 #if defined(CONFIG_USER_ONLY)
1501 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1506 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1507 int flags, CPUWatchpoint **watchpoint)
1512 /* Add a watchpoint. */
1513 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1514 int flags, CPUWatchpoint **watchpoint)
1516 target_ulong len_mask = ~(len - 1);
1519 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1520 if ((len & (len - 1)) || (addr & ~len_mask) ||
1521 len == 0 || len > TARGET_PAGE_SIZE) {
1522 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1523 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1526 wp = g_malloc(sizeof(*wp));
1529 wp->len_mask = len_mask;
1532 /* keep all GDB-injected watchpoints in front */
1534 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1536 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1538 tlb_flush_page(env, addr);
1545 /* Remove a specific watchpoint. */
1546 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
1549 target_ulong len_mask = ~(len - 1);
1552 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1553 if (addr == wp->vaddr && len_mask == wp->len_mask
1554 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1555 cpu_watchpoint_remove_by_ref(env, wp);
1562 /* Remove a specific watchpoint by reference. */
1563 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
1565 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1567 tlb_flush_page(env, watchpoint->vaddr);
1572 /* Remove all matching watchpoints. */
1573 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1575 CPUWatchpoint *wp, *next;
1577 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1578 if (wp->flags & mask)
1579 cpu_watchpoint_remove_by_ref(env, wp);
1584 /* Add a breakpoint. */
1585 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
1586 CPUBreakpoint **breakpoint)
1588 #if defined(TARGET_HAS_ICE)
1591 bp = g_malloc(sizeof(*bp));
1596 /* keep all GDB-injected breakpoints in front */
1598 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1600 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1602 breakpoint_invalidate(env, pc);
1612 /* Remove a specific breakpoint. */
1613 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
1615 #if defined(TARGET_HAS_ICE)
1618 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1619 if (bp->pc == pc && bp->flags == flags) {
1620 cpu_breakpoint_remove_by_ref(env, bp);
1630 /* Remove a specific breakpoint by reference. */
1631 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
1633 #if defined(TARGET_HAS_ICE)
1634 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1636 breakpoint_invalidate(env, breakpoint->pc);
1642 /* Remove all matching breakpoints. */
1643 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
1645 #if defined(TARGET_HAS_ICE)
1646 CPUBreakpoint *bp, *next;
1648 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1649 if (bp->flags & mask)
1650 cpu_breakpoint_remove_by_ref(env, bp);
1655 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1656 CPU loop after each instruction */
1657 void cpu_single_step(CPUArchState *env, int enabled)
1659 #if defined(TARGET_HAS_ICE)
1660 if (env->singlestep_enabled != enabled) {
1661 env->singlestep_enabled = enabled;
1663 kvm_update_guest_debug(env, 0);
1665 /* must flush all the translated code to avoid inconsistencies */
1666 /* XXX: only flush what is necessary */
1673 /* enable or disable low levels log */
1674 void cpu_set_log(int log_flags)
1676 loglevel = log_flags;
1677 if (loglevel && !logfile) {
1678 logfile = fopen(logfilename, log_append ? "a" : "w");
1680 perror(logfilename);
1683 #if !defined(CONFIG_SOFTMMU)
1684 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1686 static char logfile_buf[4096];
1687 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1689 #elif defined(_WIN32)
1690 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1691 setvbuf(logfile, NULL, _IONBF, 0);
1693 setvbuf(logfile, NULL, _IOLBF, 0);
1697 if (!loglevel && logfile) {
1703 void cpu_set_log_filename(const char *filename)
1705 logfilename = strdup(filename);
1710 cpu_set_log(loglevel);
1713 static void cpu_unlink_tb(CPUArchState *env)
1715 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1716 problem and hope the cpu will stop of its own accord. For userspace
1717 emulation this often isn't actually as bad as it sounds. Often
1718 signals are used primarily to interrupt blocking syscalls. */
1719 TranslationBlock *tb;
1720 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1722 spin_lock(&interrupt_lock);
1723 tb = env->current_tb;
1724 /* if the cpu is currently executing code, we must unlink it and
1725 all the potentially executing TB */
1727 env->current_tb = NULL;
1728 tb_reset_jump_recursive(tb);
1730 spin_unlock(&interrupt_lock);
1733 #ifndef CONFIG_USER_ONLY
1734 /* mask must never be zero, except for A20 change call */
1735 static void tcg_handle_interrupt(CPUArchState *env, int mask)
1739 old_mask = env->interrupt_request;
1740 env->interrupt_request |= mask;
1743 * If called from iothread context, wake the target cpu in
1746 if (!qemu_cpu_is_self(env)) {
1752 env->icount_decr.u16.high = 0xffff;
1754 && (mask & ~old_mask) != 0) {
1755 cpu_abort(env, "Raised interrupt while not in I/O function");
1762 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1764 #else /* CONFIG_USER_ONLY */
1766 void cpu_interrupt(CPUArchState *env, int mask)
1768 env->interrupt_request |= mask;
1771 #endif /* CONFIG_USER_ONLY */
1773 void cpu_reset_interrupt(CPUArchState *env, int mask)
1775 env->interrupt_request &= ~mask;
1778 void cpu_exit(CPUArchState *env)
1780 env->exit_request = 1;
1784 const CPULogItem cpu_log_items[] = {
1785 { CPU_LOG_TB_OUT_ASM, "out_asm",
1786 "show generated host assembly code for each compiled TB" },
1787 { CPU_LOG_TB_IN_ASM, "in_asm",
1788 "show target assembly code for each compiled TB" },
1789 { CPU_LOG_TB_OP, "op",
1790 "show micro ops for each compiled TB" },
1791 { CPU_LOG_TB_OP_OPT, "op_opt",
1794 "before eflags optimization and "
1796 "after liveness analysis" },
1797 { CPU_LOG_INT, "int",
1798 "show interrupts/exceptions in short format" },
1799 { CPU_LOG_EXEC, "exec",
1800 "show trace before each executed TB (lots of logs)" },
1801 { CPU_LOG_TB_CPU, "cpu",
1802 "show CPU state before block translation" },
1804 { CPU_LOG_PCALL, "pcall",
1805 "show protected mode far calls/returns/exceptions" },
1806 { CPU_LOG_RESET, "cpu_reset",
1807 "show CPU state before CPU resets" },
1810 { CPU_LOG_IOPORT, "ioport",
1811 "show all i/o ports accesses" },
1816 static int cmp1(const char *s1, int n, const char *s2)
1818 if (strlen(s2) != n)
1820 return memcmp(s1, s2, n) == 0;
1823 /* takes a comma separated list of log masks. Return 0 if error. */
1824 int cpu_str_to_log_mask(const char *str)
1826 const CPULogItem *item;
1833 p1 = strchr(p, ',');
1836 if(cmp1(p,p1-p,"all")) {
1837 for(item = cpu_log_items; item->mask != 0; item++) {
1841 for(item = cpu_log_items; item->mask != 0; item++) {
1842 if (cmp1(p, p1 - p, item->name))
1856 void cpu_abort(CPUArchState *env, const char *fmt, ...)
1863 fprintf(stderr, "qemu: fatal: ");
1864 vfprintf(stderr, fmt, ap);
1865 fprintf(stderr, "\n");
1867 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1869 cpu_dump_state(env, stderr, fprintf, 0);
1871 if (qemu_log_enabled()) {
1872 qemu_log("qemu: fatal: ");
1873 qemu_log_vprintf(fmt, ap2);
1876 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1878 log_cpu_state(env, 0);
1885 #if defined(CONFIG_USER_ONLY)
1887 struct sigaction act;
1888 sigfillset(&act.sa_mask);
1889 act.sa_handler = SIG_DFL;
1890 sigaction(SIGABRT, &act, NULL);
1896 CPUArchState *cpu_copy(CPUArchState *env)
1898 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1899 CPUArchState *next_cpu = new_env->next_cpu;
1900 int cpu_index = new_env->cpu_index;
1901 #if defined(TARGET_HAS_ICE)
1906 memcpy(new_env, env, sizeof(CPUArchState));
1908 /* Preserve chaining and index. */
1909 new_env->next_cpu = next_cpu;
1910 new_env->cpu_index = cpu_index;
1912 /* Clone all break/watchpoints.
1913 Note: Once we support ptrace with hw-debug register access, make sure
1914 BP_CPU break/watchpoints are handled correctly on clone. */
1915 QTAILQ_INIT(&env->breakpoints);
1916 QTAILQ_INIT(&env->watchpoints);
1917 #if defined(TARGET_HAS_ICE)
1918 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1919 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1921 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1922 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1930 #if !defined(CONFIG_USER_ONLY)
1931 void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1935 /* Discard jump cache entries for any tb which might potentially
1936 overlap the flushed page. */
1937 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1938 memset (&env->tb_jmp_cache[i], 0,
1939 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1941 i = tb_jmp_cache_hash_page(addr);
1942 memset (&env->tb_jmp_cache[i], 0,
1943 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1946 /* Note: start and end must be within the same ram block. */
1947 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1950 uintptr_t length, start1;
1952 start &= TARGET_PAGE_MASK;
1953 end = TARGET_PAGE_ALIGN(end);
1955 length = end - start;
1958 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
1960 /* we modify the TLB cache so that the dirty bit will be set again
1961 when accessing the range */
1962 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1963 /* Check that we don't span multiple blocks - this breaks the
1964 address comparisons below. */
1965 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1966 != (end - 1) - start) {
1969 cpu_tlb_reset_dirty_all(start1, length);
1972 int cpu_physical_memory_set_dirty_tracking(int enable)
1975 in_migration = enable;
1979 target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1980 MemoryRegionSection *section,
1982 target_phys_addr_t paddr,
1984 target_ulong *address)
1986 target_phys_addr_t iotlb;
1989 if (memory_region_is_ram(section->mr)) {
1991 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1992 + memory_region_section_addr(section, paddr);
1993 if (!section->readonly) {
1994 iotlb |= phys_section_notdirty;
1996 iotlb |= phys_section_rom;
1999 /* IO handlers are currently passed a physical address.
2000 It would be nice to pass an offset from the base address
2001 of that region. This would avoid having to special case RAM,
2002 and avoid full address decoding in every device.
2003 We can't use the high bits of pd for this because
2004 IO_MEM_ROMD uses these as a ram address. */
2005 iotlb = section - phys_sections;
2006 iotlb += memory_region_section_addr(section, paddr);
2009 /* Make accesses to pages with watchpoints go via the
2010 watchpoint trap routines. */
2011 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2012 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2013 /* Avoid trapping reads of pages with a write breakpoint. */
2014 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2015 iotlb = phys_section_watch + paddr;
2016 *address |= TLB_MMIO;
2027 * Walks guest process memory "regions" one by one
2028 * and calls callback function 'fn' for each region.
2031 struct walk_memory_regions_data
2033 walk_memory_regions_fn fn;
2039 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2040 abi_ulong end, int new_prot)
2042 if (data->start != -1ul) {
2043 int rc = data->fn(data->priv, data->start, end, data->prot);
2049 data->start = (new_prot ? end : -1ul);
2050 data->prot = new_prot;
2055 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2056 abi_ulong base, int level, void **lp)
2062 return walk_memory_regions_end(data, base, 0);
2067 for (i = 0; i < L2_SIZE; ++i) {
2068 int prot = pd[i].flags;
2070 pa = base | (i << TARGET_PAGE_BITS);
2071 if (prot != data->prot) {
2072 rc = walk_memory_regions_end(data, pa, prot);
2080 for (i = 0; i < L2_SIZE; ++i) {
2081 pa = base | ((abi_ulong)i <<
2082 (TARGET_PAGE_BITS + L2_BITS * level));
2083 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2093 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2095 struct walk_memory_regions_data data;
2103 for (i = 0; i < V_L1_SIZE; i++) {
2104 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2105 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2111 return walk_memory_regions_end(&data, 0, 0);
2114 static int dump_region(void *priv, abi_ulong start,
2115 abi_ulong end, unsigned long prot)
2117 FILE *f = (FILE *)priv;
2119 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2120 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2121 start, end, end - start,
2122 ((prot & PAGE_READ) ? 'r' : '-'),
2123 ((prot & PAGE_WRITE) ? 'w' : '-'),
2124 ((prot & PAGE_EXEC) ? 'x' : '-'));
2129 /* dump memory mappings */
2130 void page_dump(FILE *f)
2132 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2133 "start", "end", "size", "prot");
2134 walk_memory_regions(f, dump_region);
2137 int page_get_flags(target_ulong address)
2141 p = page_find(address >> TARGET_PAGE_BITS);
2147 /* Modify the flags of a page and invalidate the code if necessary.
2148 The flag PAGE_WRITE_ORG is positioned automatically depending
2149 on PAGE_WRITE. The mmap_lock should already be held. */
2150 void page_set_flags(target_ulong start, target_ulong end, int flags)
2152 target_ulong addr, len;
2154 /* This function should never be called with addresses outside the
2155 guest address space. If this assert fires, it probably indicates
2156 a missing call to h2g_valid. */
2157 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2158 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2160 assert(start < end);
2162 start = start & TARGET_PAGE_MASK;
2163 end = TARGET_PAGE_ALIGN(end);
2165 if (flags & PAGE_WRITE) {
2166 flags |= PAGE_WRITE_ORG;
2169 for (addr = start, len = end - start;
2171 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2172 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2174 /* If the write protection bit is set, then we invalidate
2176 if (!(p->flags & PAGE_WRITE) &&
2177 (flags & PAGE_WRITE) &&
2179 tb_invalidate_phys_page(addr, 0, NULL);
2185 int page_check_range(target_ulong start, target_ulong len, int flags)
2191 /* This function should never be called with addresses outside the
2192 guest address space. If this assert fires, it probably indicates
2193 a missing call to h2g_valid. */
2194 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2195 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2201 if (start + len - 1 < start) {
2202 /* We've wrapped around. */
2206 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2207 start = start & TARGET_PAGE_MASK;
2209 for (addr = start, len = end - start;
2211 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2212 p = page_find(addr >> TARGET_PAGE_BITS);
2215 if( !(p->flags & PAGE_VALID) )
2218 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2220 if (flags & PAGE_WRITE) {
2221 if (!(p->flags & PAGE_WRITE_ORG))
2223 /* unprotect the page if it was put read-only because it
2224 contains translated code */
2225 if (!(p->flags & PAGE_WRITE)) {
2226 if (!page_unprotect(addr, 0, NULL))
2235 /* called from signal handler: invalidate the code and unprotect the
2236 page. Return TRUE if the fault was successfully handled. */
2237 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
2241 target_ulong host_start, host_end, addr;
2243 /* Technically this isn't safe inside a signal handler. However we
2244 know this only ever happens in a synchronous SEGV handler, so in
2245 practice it seems to be ok. */
2248 p = page_find(address >> TARGET_PAGE_BITS);
2254 /* if the page was really writable, then we change its
2255 protection back to writable */
2256 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2257 host_start = address & qemu_host_page_mask;
2258 host_end = host_start + qemu_host_page_size;
2261 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2262 p = page_find(addr >> TARGET_PAGE_BITS);
2263 p->flags |= PAGE_WRITE;
2266 /* and since the content will be modified, we must invalidate
2267 the corresponding translated code. */
2268 tb_invalidate_phys_page(addr, pc, puc);
2269 #ifdef DEBUG_TB_CHECK
2270 tb_invalidate_check(addr);
2273 mprotect((void *)g2h(host_start), qemu_host_page_size,
2282 #endif /* defined(CONFIG_USER_ONLY) */
2284 #if !defined(CONFIG_USER_ONLY)
2286 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2287 typedef struct subpage_t {
2289 target_phys_addr_t base;
2290 uint16_t sub_section[TARGET_PAGE_SIZE];
2293 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2295 static subpage_t *subpage_init(target_phys_addr_t base);
2296 static void destroy_page_desc(uint16_t section_index)
2298 MemoryRegionSection *section = &phys_sections[section_index];
2299 MemoryRegion *mr = section->mr;
2302 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2303 memory_region_destroy(&subpage->iomem);
2308 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
2313 if (lp->ptr == PHYS_MAP_NODE_NIL) {
2317 p = phys_map_nodes[lp->ptr];
2318 for (i = 0; i < L2_SIZE; ++i) {
2319 if (!p[i].is_leaf) {
2320 destroy_l2_mapping(&p[i], level - 1);
2322 destroy_page_desc(p[i].ptr);
2326 lp->ptr = PHYS_MAP_NODE_NIL;
2329 static void destroy_all_mappings(void)
2331 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
2332 phys_map_nodes_reset();
2335 static uint16_t phys_section_add(MemoryRegionSection *section)
2337 if (phys_sections_nb == phys_sections_nb_alloc) {
2338 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2339 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2340 phys_sections_nb_alloc);
2342 phys_sections[phys_sections_nb] = *section;
2343 return phys_sections_nb++;
2346 static void phys_sections_clear(void)
2348 phys_sections_nb = 0;
2351 /* register physical memory.
2352 For RAM, 'size' must be a multiple of the target page size.
2353 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2354 io memory page. The address used when calling the IO function is
2355 the offset from the start of the region, plus region_offset. Both
2356 start_addr and region_offset are rounded down to a page boundary
2357 before calculating this offset. This should not be a problem unless
2358 the low bits of start_addr and region_offset differ. */
2359 static void register_subpage(MemoryRegionSection *section)
2362 target_phys_addr_t base = section->offset_within_address_space
2364 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
2365 MemoryRegionSection subsection = {
2366 .offset_within_address_space = base,
2367 .size = TARGET_PAGE_SIZE,
2369 target_phys_addr_t start, end;
2371 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
2373 if (!(existing->mr->subpage)) {
2374 subpage = subpage_init(base);
2375 subsection.mr = &subpage->iomem;
2376 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2377 phys_section_add(&subsection));
2379 subpage = container_of(existing->mr, subpage_t, iomem);
2381 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2382 end = start + section->size;
2383 subpage_register(subpage, start, end, phys_section_add(section));
2387 static void register_multipage(MemoryRegionSection *section)
2389 target_phys_addr_t start_addr = section->offset_within_address_space;
2390 ram_addr_t size = section->size;
2391 target_phys_addr_t addr;
2392 uint16_t section_index = phys_section_add(section);
2397 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2401 void cpu_register_physical_memory_log(MemoryRegionSection *section,
2404 MemoryRegionSection now = *section, remain = *section;
2406 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2407 || (now.size < TARGET_PAGE_SIZE)) {
2408 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2409 - now.offset_within_address_space,
2411 register_subpage(&now);
2412 remain.size -= now.size;
2413 remain.offset_within_address_space += now.size;
2414 remain.offset_within_region += now.size;
2417 now.size &= TARGET_PAGE_MASK;
2419 register_multipage(&now);
2420 remain.size -= now.size;
2421 remain.offset_within_address_space += now.size;
2422 remain.offset_within_region += now.size;
2426 register_subpage(&now);
2431 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2434 kvm_coalesce_mmio_region(addr, size);
2437 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2440 kvm_uncoalesce_mmio_region(addr, size);
2443 void qemu_flush_coalesced_mmio_buffer(void)
2446 kvm_flush_coalesced_mmio_buffer();
2449 #if defined(__linux__) && !defined(TARGET_S390X)
2451 #include <sys/vfs.h>
2453 #define HUGETLBFS_MAGIC 0x958458f6
2455 static long gethugepagesize(const char *path)
2461 ret = statfs(path, &fs);
2462 } while (ret != 0 && errno == EINTR);
2469 if (fs.f_type != HUGETLBFS_MAGIC)
2470 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2475 static void *file_ram_alloc(RAMBlock *block,
2485 unsigned long hpagesize;
2487 hpagesize = gethugepagesize(path);
2492 if (memory < hpagesize) {
2496 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2497 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2501 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2505 fd = mkstemp(filename);
2507 perror("unable to create backing store for hugepages");
2514 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2517 * ftruncate is not supported by hugetlbfs in older
2518 * hosts, so don't bother bailing out on errors.
2519 * If anything goes wrong with it under other filesystems,
2522 if (ftruncate(fd, memory))
2523 perror("ftruncate");
2526 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2527 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2528 * to sidestep this quirk.
2530 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2531 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2533 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2535 if (area == MAP_FAILED) {
2536 perror("file_ram_alloc: can't mmap RAM pages");
2545 static ram_addr_t find_ram_offset(ram_addr_t size)
2547 RAMBlock *block, *next_block;
2548 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2550 if (QLIST_EMPTY(&ram_list.blocks))
2553 QLIST_FOREACH(block, &ram_list.blocks, next) {
2554 ram_addr_t end, next = RAM_ADDR_MAX;
2556 end = block->offset + block->length;
2558 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2559 if (next_block->offset >= end) {
2560 next = MIN(next, next_block->offset);
2563 if (next - end >= size && next - end < mingap) {
2565 mingap = next - end;
2569 if (offset == RAM_ADDR_MAX) {
2570 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2578 static ram_addr_t last_ram_offset(void)
2581 ram_addr_t last = 0;
2583 QLIST_FOREACH(block, &ram_list.blocks, next)
2584 last = MAX(last, block->offset + block->length);
2589 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
2591 RAMBlock *new_block, *block;
2594 QLIST_FOREACH(block, &ram_list.blocks, next) {
2595 if (block->offset == addr) {
2601 assert(!new_block->idstr[0]);
2603 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2604 char *id = dev->parent_bus->info->get_dev_path(dev);
2606 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2610 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2612 QLIST_FOREACH(block, &ram_list.blocks, next) {
2613 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
2614 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2621 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2624 RAMBlock *new_block;
2626 size = TARGET_PAGE_ALIGN(size);
2627 new_block = g_malloc0(sizeof(*new_block));
2630 new_block->offset = find_ram_offset(size);
2632 new_block->host = host;
2633 new_block->flags |= RAM_PREALLOC_MASK;
2636 #if defined (__linux__) && !defined(TARGET_S390X)
2637 new_block->host = file_ram_alloc(new_block, size, mem_path);
2638 if (!new_block->host) {
2639 new_block->host = qemu_vmalloc(size);
2640 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2643 fprintf(stderr, "-mem-path option unsupported\n");
2647 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2648 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2649 an system defined value, which is at least 256GB. Larger systems
2650 have larger values. We put the guest between the end of data
2651 segment (system break) and this value. We use 32GB as a base to
2652 have enough room for the system break to grow. */
2653 new_block->host = mmap((void*)0x800000000, size,
2654 PROT_EXEC|PROT_READ|PROT_WRITE,
2655 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
2656 if (new_block->host == MAP_FAILED) {
2657 fprintf(stderr, "Allocating RAM failed\n");
2661 if (xen_enabled()) {
2662 xen_ram_alloc(new_block->offset, size, mr);
2664 new_block->host = qemu_vmalloc(size);
2667 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2670 new_block->length = size;
2672 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2674 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2675 last_ram_offset() >> TARGET_PAGE_BITS);
2676 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2677 0xff, size >> TARGET_PAGE_BITS);
2680 kvm_setup_guest_memory(new_block->host, size);
2682 return new_block->offset;
2685 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
2687 return qemu_ram_alloc_from_ptr(size, NULL, mr);
2690 void qemu_ram_free_from_ptr(ram_addr_t addr)
2694 QLIST_FOREACH(block, &ram_list.blocks, next) {
2695 if (addr == block->offset) {
2696 QLIST_REMOVE(block, next);
2703 void qemu_ram_free(ram_addr_t addr)
2707 QLIST_FOREACH(block, &ram_list.blocks, next) {
2708 if (addr == block->offset) {
2709 QLIST_REMOVE(block, next);
2710 if (block->flags & RAM_PREALLOC_MASK) {
2712 } else if (mem_path) {
2713 #if defined (__linux__) && !defined(TARGET_S390X)
2715 munmap(block->host, block->length);
2718 qemu_vfree(block->host);
2724 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2725 munmap(block->host, block->length);
2727 if (xen_enabled()) {
2728 xen_invalidate_map_cache_entry(block->host);
2730 qemu_vfree(block->host);
2742 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2749 QLIST_FOREACH(block, &ram_list.blocks, next) {
2750 offset = addr - block->offset;
2751 if (offset < block->length) {
2752 vaddr = block->host + offset;
2753 if (block->flags & RAM_PREALLOC_MASK) {
2757 munmap(vaddr, length);
2759 #if defined(__linux__) && !defined(TARGET_S390X)
2762 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2765 flags |= MAP_PRIVATE;
2767 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2768 flags, block->fd, offset);
2770 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2771 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2778 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2779 flags |= MAP_SHARED | MAP_ANONYMOUS;
2780 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2783 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2784 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2788 if (area != vaddr) {
2789 fprintf(stderr, "Could not remap addr: "
2790 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
2794 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
2800 #endif /* !_WIN32 */
2802 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2803 With the exception of the softmmu code in this file, this should
2804 only be used for local memory (e.g. video ram) that the device owns,
2805 and knows it isn't going to access beyond the end of the block.
2807 It should not be used for general purpose DMA.
2808 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2810 void *qemu_get_ram_ptr(ram_addr_t addr)
2814 QLIST_FOREACH(block, &ram_list.blocks, next) {
2815 if (addr - block->offset < block->length) {
2816 /* Move this entry to to start of the list. */
2817 if (block != QLIST_FIRST(&ram_list.blocks)) {
2818 QLIST_REMOVE(block, next);
2819 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2821 if (xen_enabled()) {
2822 /* We need to check if the requested address is in the RAM
2823 * because we don't want to map the entire memory in QEMU.
2824 * In that case just map until the end of the page.
2826 if (block->offset == 0) {
2827 return xen_map_cache(addr, 0, 0);
2828 } else if (block->host == NULL) {
2830 xen_map_cache(block->offset, block->length, 1);
2833 return block->host + (addr - block->offset);
2837 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2843 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2844 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2846 void *qemu_safe_ram_ptr(ram_addr_t addr)
2850 QLIST_FOREACH(block, &ram_list.blocks, next) {
2851 if (addr - block->offset < block->length) {
2852 if (xen_enabled()) {
2853 /* We need to check if the requested address is in the RAM
2854 * because we don't want to map the entire memory in QEMU.
2855 * In that case just map until the end of the page.
2857 if (block->offset == 0) {
2858 return xen_map_cache(addr, 0, 0);
2859 } else if (block->host == NULL) {
2861 xen_map_cache(block->offset, block->length, 1);
2864 return block->host + (addr - block->offset);
2868 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2874 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2875 * but takes a size argument */
2876 void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
2881 if (xen_enabled()) {
2882 return xen_map_cache(addr, *size, 1);
2886 QLIST_FOREACH(block, &ram_list.blocks, next) {
2887 if (addr - block->offset < block->length) {
2888 if (addr - block->offset + *size > block->length)
2889 *size = block->length - addr + block->offset;
2890 return block->host + (addr - block->offset);
2894 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2899 void qemu_put_ram_ptr(void *addr)
2901 trace_qemu_put_ram_ptr(addr);
2904 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2907 uint8_t *host = ptr;
2909 if (xen_enabled()) {
2910 *ram_addr = xen_ram_addr_from_mapcache(ptr);
2914 QLIST_FOREACH(block, &ram_list.blocks, next) {
2915 /* This case append when the block is not mapped. */
2916 if (block->host == NULL) {
2919 if (host - block->host < block->length) {
2920 *ram_addr = block->offset + (host - block->host);
2928 /* Some of the softmmu routines need to translate from a host pointer
2929 (typically a TLB entry) back to a ram offset. */
2930 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2932 ram_addr_t ram_addr;
2934 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2935 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2941 static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2944 #ifdef DEBUG_UNASSIGNED
2945 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2947 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2948 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
2953 static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2954 uint64_t val, unsigned size)
2956 #ifdef DEBUG_UNASSIGNED
2957 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
2959 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2960 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
2964 static const MemoryRegionOps unassigned_mem_ops = {
2965 .read = unassigned_mem_read,
2966 .write = unassigned_mem_write,
2967 .endianness = DEVICE_NATIVE_ENDIAN,
2970 static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2976 static void error_mem_write(void *opaque, target_phys_addr_t addr,
2977 uint64_t value, unsigned size)
2982 static const MemoryRegionOps error_mem_ops = {
2983 .read = error_mem_read,
2984 .write = error_mem_write,
2985 .endianness = DEVICE_NATIVE_ENDIAN,
2988 static const MemoryRegionOps rom_mem_ops = {
2989 .read = error_mem_read,
2990 .write = unassigned_mem_write,
2991 .endianness = DEVICE_NATIVE_ENDIAN,
2994 static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2995 uint64_t val, unsigned size)
2998 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
2999 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3000 #if !defined(CONFIG_USER_ONLY)
3001 tb_invalidate_phys_page_fast(ram_addr, size);
3002 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3007 stb_p(qemu_get_ram_ptr(ram_addr), val);
3010 stw_p(qemu_get_ram_ptr(ram_addr), val);
3013 stl_p(qemu_get_ram_ptr(ram_addr), val);
3018 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3019 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3020 /* we remove the notdirty callback only if the code has been
3022 if (dirty_flags == 0xff)
3023 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3026 static const MemoryRegionOps notdirty_mem_ops = {
3027 .read = error_mem_read,
3028 .write = notdirty_mem_write,
3029 .endianness = DEVICE_NATIVE_ENDIAN,
3032 /* Generate a debug exception if a watchpoint has been hit. */
3033 static void check_watchpoint(int offset, int len_mask, int flags)
3035 CPUArchState *env = cpu_single_env;
3036 target_ulong pc, cs_base;
3037 TranslationBlock *tb;
3042 if (env->watchpoint_hit) {
3043 /* We re-entered the check after replacing the TB. Now raise
3044 * the debug interrupt so that is will trigger after the
3045 * current instruction. */
3046 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3049 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3050 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3051 if ((vaddr == (wp->vaddr & len_mask) ||
3052 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3053 wp->flags |= BP_WATCHPOINT_HIT;
3054 if (!env->watchpoint_hit) {
3055 env->watchpoint_hit = wp;
3056 tb = tb_find_pc(env->mem_io_pc);
3058 cpu_abort(env, "check_watchpoint: could not find TB for "
3059 "pc=%p", (void *)env->mem_io_pc);
3061 cpu_restore_state(tb, env, env->mem_io_pc);
3062 tb_phys_invalidate(tb, -1);
3063 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3064 env->exception_index = EXCP_DEBUG;
3067 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3068 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3069 cpu_resume_from_signal(env, NULL);
3073 wp->flags &= ~BP_WATCHPOINT_HIT;
3078 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3079 so these check for a hit then pass through to the normal out-of-line
3081 static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3084 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3086 case 1: return ldub_phys(addr);
3087 case 2: return lduw_phys(addr);
3088 case 4: return ldl_phys(addr);
3093 static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3094 uint64_t val, unsigned size)
3096 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3099 stb_phys(addr, val);
3102 stw_phys(addr, val);
3105 stl_phys(addr, val);
3111 static const MemoryRegionOps watch_mem_ops = {
3112 .read = watch_mem_read,
3113 .write = watch_mem_write,
3114 .endianness = DEVICE_NATIVE_ENDIAN,
3117 static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3120 subpage_t *mmio = opaque;
3121 unsigned int idx = SUBPAGE_IDX(addr);
3122 MemoryRegionSection *section;
3123 #if defined(DEBUG_SUBPAGE)
3124 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3125 mmio, len, addr, idx);
3128 section = &phys_sections[mmio->sub_section[idx]];
3130 addr -= section->offset_within_address_space;
3131 addr += section->offset_within_region;
3132 return io_mem_read(section->mr, addr, len);
3135 static void subpage_write(void *opaque, target_phys_addr_t addr,
3136 uint64_t value, unsigned len)
3138 subpage_t *mmio = opaque;
3139 unsigned int idx = SUBPAGE_IDX(addr);
3140 MemoryRegionSection *section;
3141 #if defined(DEBUG_SUBPAGE)
3142 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3143 " idx %d value %"PRIx64"\n",
3144 __func__, mmio, len, addr, idx, value);
3147 section = &phys_sections[mmio->sub_section[idx]];
3149 addr -= section->offset_within_address_space;
3150 addr += section->offset_within_region;
3151 io_mem_write(section->mr, addr, value, len);
3154 static const MemoryRegionOps subpage_ops = {
3155 .read = subpage_read,
3156 .write = subpage_write,
3157 .endianness = DEVICE_NATIVE_ENDIAN,
3160 static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3163 ram_addr_t raddr = addr;
3164 void *ptr = qemu_get_ram_ptr(raddr);
3166 case 1: return ldub_p(ptr);
3167 case 2: return lduw_p(ptr);
3168 case 4: return ldl_p(ptr);
3173 static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3174 uint64_t value, unsigned size)
3176 ram_addr_t raddr = addr;
3177 void *ptr = qemu_get_ram_ptr(raddr);
3179 case 1: return stb_p(ptr, value);
3180 case 2: return stw_p(ptr, value);
3181 case 4: return stl_p(ptr, value);
3186 static const MemoryRegionOps subpage_ram_ops = {
3187 .read = subpage_ram_read,
3188 .write = subpage_ram_write,
3189 .endianness = DEVICE_NATIVE_ENDIAN,
3192 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3197 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3199 idx = SUBPAGE_IDX(start);
3200 eidx = SUBPAGE_IDX(end);
3201 #if defined(DEBUG_SUBPAGE)
3202 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3203 mmio, start, end, idx, eidx, memory);
3205 if (memory_region_is_ram(phys_sections[section].mr)) {
3206 MemoryRegionSection new_section = phys_sections[section];
3207 new_section.mr = &io_mem_subpage_ram;
3208 section = phys_section_add(&new_section);
3210 for (; idx <= eidx; idx++) {
3211 mmio->sub_section[idx] = section;
3217 static subpage_t *subpage_init(target_phys_addr_t base)
3221 mmio = g_malloc0(sizeof(subpage_t));
3224 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3225 "subpage", TARGET_PAGE_SIZE);
3226 mmio->iomem.subpage = true;
3227 #if defined(DEBUG_SUBPAGE)
3228 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3229 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3231 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
3236 static uint16_t dummy_section(MemoryRegion *mr)
3238 MemoryRegionSection section = {
3240 .offset_within_address_space = 0,
3241 .offset_within_region = 0,
3245 return phys_section_add(§ion);
3248 MemoryRegion *iotlb_to_region(target_phys_addr_t index)
3250 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
3253 static void io_mem_init(void)
3255 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3256 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3257 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3258 "unassigned", UINT64_MAX);
3259 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
3260 "notdirty", UINT64_MAX);
3261 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3262 "subpage-ram", UINT64_MAX);
3263 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3264 "watch", UINT64_MAX);
3267 static void core_begin(MemoryListener *listener)
3269 destroy_all_mappings();
3270 phys_sections_clear();
3271 phys_map.ptr = PHYS_MAP_NODE_NIL;
3272 phys_section_unassigned = dummy_section(&io_mem_unassigned);
3273 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3274 phys_section_rom = dummy_section(&io_mem_rom);
3275 phys_section_watch = dummy_section(&io_mem_watch);
3278 static void core_commit(MemoryListener *listener)
3282 /* since each CPU stores ram addresses in its TLB cache, we must
3283 reset the modified entries */
3285 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3290 static void core_region_add(MemoryListener *listener,
3291 MemoryRegionSection *section)
3293 cpu_register_physical_memory_log(section, section->readonly);
3296 static void core_region_del(MemoryListener *listener,
3297 MemoryRegionSection *section)
3301 static void core_region_nop(MemoryListener *listener,
3302 MemoryRegionSection *section)
3304 cpu_register_physical_memory_log(section, section->readonly);
3307 static void core_log_start(MemoryListener *listener,
3308 MemoryRegionSection *section)
3312 static void core_log_stop(MemoryListener *listener,
3313 MemoryRegionSection *section)
3317 static void core_log_sync(MemoryListener *listener,
3318 MemoryRegionSection *section)
3322 static void core_log_global_start(MemoryListener *listener)
3324 cpu_physical_memory_set_dirty_tracking(1);
3327 static void core_log_global_stop(MemoryListener *listener)
3329 cpu_physical_memory_set_dirty_tracking(0);
3332 static void core_eventfd_add(MemoryListener *listener,
3333 MemoryRegionSection *section,
3334 bool match_data, uint64_t data, int fd)
3338 static void core_eventfd_del(MemoryListener *listener,
3339 MemoryRegionSection *section,
3340 bool match_data, uint64_t data, int fd)
3344 static void io_begin(MemoryListener *listener)
3348 static void io_commit(MemoryListener *listener)
3352 static void io_region_add(MemoryListener *listener,
3353 MemoryRegionSection *section)
3355 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3357 mrio->mr = section->mr;
3358 mrio->offset = section->offset_within_region;
3359 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
3360 section->offset_within_address_space, section->size);
3361 ioport_register(&mrio->iorange);
3364 static void io_region_del(MemoryListener *listener,
3365 MemoryRegionSection *section)
3367 isa_unassign_ioport(section->offset_within_address_space, section->size);
3370 static void io_region_nop(MemoryListener *listener,
3371 MemoryRegionSection *section)
3375 static void io_log_start(MemoryListener *listener,
3376 MemoryRegionSection *section)
3380 static void io_log_stop(MemoryListener *listener,
3381 MemoryRegionSection *section)
3385 static void io_log_sync(MemoryListener *listener,
3386 MemoryRegionSection *section)
3390 static void io_log_global_start(MemoryListener *listener)
3394 static void io_log_global_stop(MemoryListener *listener)
3398 static void io_eventfd_add(MemoryListener *listener,
3399 MemoryRegionSection *section,
3400 bool match_data, uint64_t data, int fd)
3404 static void io_eventfd_del(MemoryListener *listener,
3405 MemoryRegionSection *section,
3406 bool match_data, uint64_t data, int fd)
3410 static MemoryListener core_memory_listener = {
3411 .begin = core_begin,
3412 .commit = core_commit,
3413 .region_add = core_region_add,
3414 .region_del = core_region_del,
3415 .region_nop = core_region_nop,
3416 .log_start = core_log_start,
3417 .log_stop = core_log_stop,
3418 .log_sync = core_log_sync,
3419 .log_global_start = core_log_global_start,
3420 .log_global_stop = core_log_global_stop,
3421 .eventfd_add = core_eventfd_add,
3422 .eventfd_del = core_eventfd_del,
3426 static MemoryListener io_memory_listener = {
3428 .commit = io_commit,
3429 .region_add = io_region_add,
3430 .region_del = io_region_del,
3431 .region_nop = io_region_nop,
3432 .log_start = io_log_start,
3433 .log_stop = io_log_stop,
3434 .log_sync = io_log_sync,
3435 .log_global_start = io_log_global_start,
3436 .log_global_stop = io_log_global_stop,
3437 .eventfd_add = io_eventfd_add,
3438 .eventfd_del = io_eventfd_del,
3442 static void memory_map_init(void)
3444 system_memory = g_malloc(sizeof(*system_memory));
3445 memory_region_init(system_memory, "system", INT64_MAX);
3446 set_system_memory_map(system_memory);
3448 system_io = g_malloc(sizeof(*system_io));
3449 memory_region_init(system_io, "io", 65536);
3450 set_system_io_map(system_io);
3452 memory_listener_register(&core_memory_listener, system_memory);
3453 memory_listener_register(&io_memory_listener, system_io);
3456 MemoryRegion *get_system_memory(void)
3458 return system_memory;
3461 MemoryRegion *get_system_io(void)
3466 #endif /* !defined(CONFIG_USER_ONLY) */
3468 /* physical memory access (slow version, mainly for debug) */
3469 #if defined(CONFIG_USER_ONLY)
3470 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
3471 uint8_t *buf, int len, int is_write)
3478 page = addr & TARGET_PAGE_MASK;
3479 l = (page + TARGET_PAGE_SIZE) - addr;
3482 flags = page_get_flags(page);
3483 if (!(flags & PAGE_VALID))
3486 if (!(flags & PAGE_WRITE))
3488 /* XXX: this code should not depend on lock_user */
3489 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3492 unlock_user(p, addr, l);
3494 if (!(flags & PAGE_READ))
3496 /* XXX: this code should not depend on lock_user */
3497 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3500 unlock_user(p, addr, 0);
3510 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3511 int len, int is_write)
3516 target_phys_addr_t page;
3517 MemoryRegionSection *section;
3520 page = addr & TARGET_PAGE_MASK;
3521 l = (page + TARGET_PAGE_SIZE) - addr;
3524 section = phys_page_find(page >> TARGET_PAGE_BITS);
3527 if (!memory_region_is_ram(section->mr)) {
3528 target_phys_addr_t addr1;
3529 addr1 = memory_region_section_addr(section, addr);
3530 /* XXX: could force cpu_single_env to NULL to avoid
3532 if (l >= 4 && ((addr1 & 3) == 0)) {
3533 /* 32 bit write access */
3535 io_mem_write(section->mr, addr1, val, 4);
3537 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3538 /* 16 bit write access */
3540 io_mem_write(section->mr, addr1, val, 2);
3543 /* 8 bit write access */
3545 io_mem_write(section->mr, addr1, val, 1);
3548 } else if (!section->readonly) {
3550 addr1 = memory_region_get_ram_addr(section->mr)
3551 + memory_region_section_addr(section, addr);
3553 ptr = qemu_get_ram_ptr(addr1);
3554 memcpy(ptr, buf, l);
3555 if (!cpu_physical_memory_is_dirty(addr1)) {
3556 /* invalidate code */
3557 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3559 cpu_physical_memory_set_dirty_flags(
3560 addr1, (0xff & ~CODE_DIRTY_FLAG));
3562 qemu_put_ram_ptr(ptr);
3565 if (!(memory_region_is_ram(section->mr) ||
3566 memory_region_is_romd(section->mr))) {
3567 target_phys_addr_t addr1;
3569 addr1 = memory_region_section_addr(section, addr);
3570 if (l >= 4 && ((addr1 & 3) == 0)) {
3571 /* 32 bit read access */
3572 val = io_mem_read(section->mr, addr1, 4);
3575 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3576 /* 16 bit read access */
3577 val = io_mem_read(section->mr, addr1, 2);
3581 /* 8 bit read access */
3582 val = io_mem_read(section->mr, addr1, 1);
3588 ptr = qemu_get_ram_ptr(section->mr->ram_addr
3589 + memory_region_section_addr(section,
3591 memcpy(buf, ptr, l);
3592 qemu_put_ram_ptr(ptr);
3601 /* used for ROM loading : can write in RAM and ROM */
3602 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3603 const uint8_t *buf, int len)
3607 target_phys_addr_t page;
3608 MemoryRegionSection *section;
3611 page = addr & TARGET_PAGE_MASK;
3612 l = (page + TARGET_PAGE_SIZE) - addr;
3615 section = phys_page_find(page >> TARGET_PAGE_BITS);
3617 if (!(memory_region_is_ram(section->mr) ||
3618 memory_region_is_romd(section->mr))) {
3621 unsigned long addr1;
3622 addr1 = memory_region_get_ram_addr(section->mr)
3623 + memory_region_section_addr(section, addr);
3625 ptr = qemu_get_ram_ptr(addr1);
3626 memcpy(ptr, buf, l);
3627 qemu_put_ram_ptr(ptr);
3637 target_phys_addr_t addr;
3638 target_phys_addr_t len;
3641 static BounceBuffer bounce;
3643 typedef struct MapClient {
3645 void (*callback)(void *opaque);
3646 QLIST_ENTRY(MapClient) link;
3649 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3650 = QLIST_HEAD_INITIALIZER(map_client_list);
3652 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3654 MapClient *client = g_malloc(sizeof(*client));
3656 client->opaque = opaque;
3657 client->callback = callback;
3658 QLIST_INSERT_HEAD(&map_client_list, client, link);
3662 void cpu_unregister_map_client(void *_client)
3664 MapClient *client = (MapClient *)_client;
3666 QLIST_REMOVE(client, link);
3670 static void cpu_notify_map_clients(void)
3674 while (!QLIST_EMPTY(&map_client_list)) {
3675 client = QLIST_FIRST(&map_client_list);
3676 client->callback(client->opaque);
3677 cpu_unregister_map_client(client);
3681 /* Map a physical memory region into a host virtual address.
3682 * May map a subset of the requested range, given by and returned in *plen.
3683 * May return NULL if resources needed to perform the mapping are exhausted.
3684 * Use only for reads OR writes - not for read-modify-write operations.
3685 * Use cpu_register_map_client() to know when retrying the map operation is
3686 * likely to succeed.
3688 void *cpu_physical_memory_map(target_phys_addr_t addr,
3689 target_phys_addr_t *plen,
3692 target_phys_addr_t len = *plen;
3693 target_phys_addr_t todo = 0;
3695 target_phys_addr_t page;
3696 MemoryRegionSection *section;
3697 ram_addr_t raddr = RAM_ADDR_MAX;
3702 page = addr & TARGET_PAGE_MASK;
3703 l = (page + TARGET_PAGE_SIZE) - addr;
3706 section = phys_page_find(page >> TARGET_PAGE_BITS);
3708 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
3709 if (todo || bounce.buffer) {
3712 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3716 cpu_physical_memory_read(addr, bounce.buffer, l);
3720 return bounce.buffer;
3723 raddr = memory_region_get_ram_addr(section->mr)
3724 + memory_region_section_addr(section, addr);
3732 ret = qemu_ram_ptr_length(raddr, &rlen);
3737 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3738 * Will also mark the memory as dirty if is_write == 1. access_len gives
3739 * the amount of memory that was actually read or written by the caller.
3741 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3742 int is_write, target_phys_addr_t access_len)
3744 if (buffer != bounce.buffer) {
3746 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
3747 while (access_len) {
3749 l = TARGET_PAGE_SIZE;
3752 if (!cpu_physical_memory_is_dirty(addr1)) {
3753 /* invalidate code */
3754 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3756 cpu_physical_memory_set_dirty_flags(
3757 addr1, (0xff & ~CODE_DIRTY_FLAG));
3763 if (xen_enabled()) {
3764 xen_invalidate_map_cache_entry(buffer);
3769 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3771 qemu_vfree(bounce.buffer);
3772 bounce.buffer = NULL;
3773 cpu_notify_map_clients();
3776 /* warning: addr must be aligned */
3777 static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3778 enum device_endian endian)
3782 MemoryRegionSection *section;
3784 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3786 if (!(memory_region_is_ram(section->mr) ||
3787 memory_region_is_romd(section->mr))) {
3789 addr = memory_region_section_addr(section, addr);
3790 val = io_mem_read(section->mr, addr, 4);
3791 #if defined(TARGET_WORDS_BIGENDIAN)
3792 if (endian == DEVICE_LITTLE_ENDIAN) {
3796 if (endian == DEVICE_BIG_ENDIAN) {
3802 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3804 + memory_region_section_addr(section, addr));
3806 case DEVICE_LITTLE_ENDIAN:
3807 val = ldl_le_p(ptr);
3809 case DEVICE_BIG_ENDIAN:
3810 val = ldl_be_p(ptr);
3820 uint32_t ldl_phys(target_phys_addr_t addr)
3822 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3825 uint32_t ldl_le_phys(target_phys_addr_t addr)
3827 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3830 uint32_t ldl_be_phys(target_phys_addr_t addr)
3832 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3835 /* warning: addr must be aligned */
3836 static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3837 enum device_endian endian)
3841 MemoryRegionSection *section;
3843 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3845 if (!(memory_region_is_ram(section->mr) ||
3846 memory_region_is_romd(section->mr))) {
3848 addr = memory_region_section_addr(section, addr);
3850 /* XXX This is broken when device endian != cpu endian.
3851 Fix and add "endian" variable check */
3852 #ifdef TARGET_WORDS_BIGENDIAN
3853 val = io_mem_read(section->mr, addr, 4) << 32;
3854 val |= io_mem_read(section->mr, addr + 4, 4);
3856 val = io_mem_read(section->mr, addr, 4);
3857 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
3861 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3863 + memory_region_section_addr(section, addr));
3865 case DEVICE_LITTLE_ENDIAN:
3866 val = ldq_le_p(ptr);
3868 case DEVICE_BIG_ENDIAN:
3869 val = ldq_be_p(ptr);
3879 uint64_t ldq_phys(target_phys_addr_t addr)
3881 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3884 uint64_t ldq_le_phys(target_phys_addr_t addr)
3886 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3889 uint64_t ldq_be_phys(target_phys_addr_t addr)
3891 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3895 uint32_t ldub_phys(target_phys_addr_t addr)
3898 cpu_physical_memory_read(addr, &val, 1);
3902 /* warning: addr must be aligned */
3903 static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3904 enum device_endian endian)
3908 MemoryRegionSection *section;
3910 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3912 if (!(memory_region_is_ram(section->mr) ||
3913 memory_region_is_romd(section->mr))) {
3915 addr = memory_region_section_addr(section, addr);
3916 val = io_mem_read(section->mr, addr, 2);
3917 #if defined(TARGET_WORDS_BIGENDIAN)
3918 if (endian == DEVICE_LITTLE_ENDIAN) {
3922 if (endian == DEVICE_BIG_ENDIAN) {
3928 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3930 + memory_region_section_addr(section, addr));
3932 case DEVICE_LITTLE_ENDIAN:
3933 val = lduw_le_p(ptr);
3935 case DEVICE_BIG_ENDIAN:
3936 val = lduw_be_p(ptr);
3946 uint32_t lduw_phys(target_phys_addr_t addr)
3948 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3951 uint32_t lduw_le_phys(target_phys_addr_t addr)
3953 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3956 uint32_t lduw_be_phys(target_phys_addr_t addr)
3958 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3961 /* warning: addr must be aligned. The ram page is not masked as dirty
3962 and the code inside is not invalidated. It is useful if the dirty
3963 bits are used to track modified PTEs */
3964 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3967 MemoryRegionSection *section;
3969 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3971 if (!memory_region_is_ram(section->mr) || section->readonly) {
3972 addr = memory_region_section_addr(section, addr);
3973 if (memory_region_is_ram(section->mr)) {
3974 section = &phys_sections[phys_section_rom];
3976 io_mem_write(section->mr, addr, val, 4);
3978 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
3980 + memory_region_section_addr(section, addr);
3981 ptr = qemu_get_ram_ptr(addr1);
3984 if (unlikely(in_migration)) {
3985 if (!cpu_physical_memory_is_dirty(addr1)) {
3986 /* invalidate code */
3987 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3989 cpu_physical_memory_set_dirty_flags(
3990 addr1, (0xff & ~CODE_DIRTY_FLAG));
3996 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3999 MemoryRegionSection *section;
4001 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4003 if (!memory_region_is_ram(section->mr) || section->readonly) {
4004 addr = memory_region_section_addr(section, addr);
4005 if (memory_region_is_ram(section->mr)) {
4006 section = &phys_sections[phys_section_rom];
4008 #ifdef TARGET_WORDS_BIGENDIAN
4009 io_mem_write(section->mr, addr, val >> 32, 4);
4010 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
4012 io_mem_write(section->mr, addr, (uint32_t)val, 4);
4013 io_mem_write(section->mr, addr + 4, val >> 32, 4);
4016 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4018 + memory_region_section_addr(section, addr));
4023 /* warning: addr must be aligned */
4024 static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4025 enum device_endian endian)
4028 MemoryRegionSection *section;
4030 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4032 if (!memory_region_is_ram(section->mr) || section->readonly) {
4033 addr = memory_region_section_addr(section, addr);
4034 if (memory_region_is_ram(section->mr)) {
4035 section = &phys_sections[phys_section_rom];
4037 #if defined(TARGET_WORDS_BIGENDIAN)
4038 if (endian == DEVICE_LITTLE_ENDIAN) {
4042 if (endian == DEVICE_BIG_ENDIAN) {
4046 io_mem_write(section->mr, addr, val, 4);
4048 unsigned long addr1;
4049 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4050 + memory_region_section_addr(section, addr);
4052 ptr = qemu_get_ram_ptr(addr1);
4054 case DEVICE_LITTLE_ENDIAN:
4057 case DEVICE_BIG_ENDIAN:
4064 if (!cpu_physical_memory_is_dirty(addr1)) {
4065 /* invalidate code */
4066 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4068 cpu_physical_memory_set_dirty_flags(addr1,
4069 (0xff & ~CODE_DIRTY_FLAG));
4074 void stl_phys(target_phys_addr_t addr, uint32_t val)
4076 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4079 void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4081 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4084 void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4086 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4090 void stb_phys(target_phys_addr_t addr, uint32_t val)
4093 cpu_physical_memory_write(addr, &v, 1);
4096 /* warning: addr must be aligned */
4097 static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4098 enum device_endian endian)
4101 MemoryRegionSection *section;
4103 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4105 if (!memory_region_is_ram(section->mr) || section->readonly) {
4106 addr = memory_region_section_addr(section, addr);
4107 if (memory_region_is_ram(section->mr)) {
4108 section = &phys_sections[phys_section_rom];
4110 #if defined(TARGET_WORDS_BIGENDIAN)
4111 if (endian == DEVICE_LITTLE_ENDIAN) {
4115 if (endian == DEVICE_BIG_ENDIAN) {
4119 io_mem_write(section->mr, addr, val, 2);
4121 unsigned long addr1;
4122 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4123 + memory_region_section_addr(section, addr);
4125 ptr = qemu_get_ram_ptr(addr1);
4127 case DEVICE_LITTLE_ENDIAN:
4130 case DEVICE_BIG_ENDIAN:
4137 if (!cpu_physical_memory_is_dirty(addr1)) {
4138 /* invalidate code */
4139 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4141 cpu_physical_memory_set_dirty_flags(addr1,
4142 (0xff & ~CODE_DIRTY_FLAG));
4147 void stw_phys(target_phys_addr_t addr, uint32_t val)
4149 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4152 void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4154 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4157 void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4159 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4163 void stq_phys(target_phys_addr_t addr, uint64_t val)
4166 cpu_physical_memory_write(addr, &val, 8);
4169 void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4171 val = cpu_to_le64(val);
4172 cpu_physical_memory_write(addr, &val, 8);
4175 void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4177 val = cpu_to_be64(val);
4178 cpu_physical_memory_write(addr, &val, 8);
4181 /* virtual memory access for debug (includes writing to ROM) */
4182 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
4183 uint8_t *buf, int len, int is_write)
4186 target_phys_addr_t phys_addr;
4190 page = addr & TARGET_PAGE_MASK;
4191 phys_addr = cpu_get_phys_page_debug(env, page);
4192 /* if no physical page mapped, return an error */
4193 if (phys_addr == -1)
4195 l = (page + TARGET_PAGE_SIZE) - addr;
4198 phys_addr += (addr & ~TARGET_PAGE_MASK);
4200 cpu_physical_memory_write_rom(phys_addr, buf, l);
4202 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4211 /* in deterministic execution mode, instructions doing device I/Os
4212 must be at the end of the TB */
4213 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
4215 TranslationBlock *tb;
4217 target_ulong pc, cs_base;
4220 tb = tb_find_pc(retaddr);
4222 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4225 n = env->icount_decr.u16.low + tb->icount;
4226 cpu_restore_state(tb, env, retaddr);
4227 /* Calculate how many instructions had been executed before the fault
4229 n = n - env->icount_decr.u16.low;
4230 /* Generate a new TB ending on the I/O insn. */
4232 /* On MIPS and SH, delay slot instructions can only be restarted if
4233 they were already the first instruction in the TB. If this is not
4234 the first instruction in a TB then re-execute the preceding
4236 #if defined(TARGET_MIPS)
4237 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4238 env->active_tc.PC -= 4;
4239 env->icount_decr.u16.low++;
4240 env->hflags &= ~MIPS_HFLAG_BMASK;
4242 #elif defined(TARGET_SH4)
4243 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4246 env->icount_decr.u16.low++;
4247 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4250 /* This should never happen. */
4251 if (n > CF_COUNT_MASK)
4252 cpu_abort(env, "TB too big during recompile");
4254 cflags = n | CF_LAST_IO;
4256 cs_base = tb->cs_base;
4258 tb_phys_invalidate(tb, -1);
4259 /* FIXME: In theory this could raise an exception. In practice
4260 we have already translated the block once so it's probably ok. */
4261 tb_gen_code(env, pc, cs_base, flags, cflags);
4262 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4263 the first in the TB) then we end up generating a whole new TB and
4264 repeating the fault, which is horribly inefficient.
4265 Better would be to execute just this insn uncached, or generate a
4267 cpu_resume_from_signal(env, NULL);
4270 #if !defined(CONFIG_USER_ONLY)
4272 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4274 int i, target_code_size, max_target_code_size;
4275 int direct_jmp_count, direct_jmp2_count, cross_page;
4276 TranslationBlock *tb;
4278 target_code_size = 0;
4279 max_target_code_size = 0;
4281 direct_jmp_count = 0;
4282 direct_jmp2_count = 0;
4283 for(i = 0; i < nb_tbs; i++) {
4285 target_code_size += tb->size;
4286 if (tb->size > max_target_code_size)
4287 max_target_code_size = tb->size;
4288 if (tb->page_addr[1] != -1)
4290 if (tb->tb_next_offset[0] != 0xffff) {
4292 if (tb->tb_next_offset[1] != 0xffff) {
4293 direct_jmp2_count++;
4297 /* XXX: avoid using doubles ? */
4298 cpu_fprintf(f, "Translation buffer state:\n");
4299 cpu_fprintf(f, "gen code size %td/%ld\n",
4300 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4301 cpu_fprintf(f, "TB count %d/%d\n",
4302 nb_tbs, code_gen_max_blocks);
4303 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4304 nb_tbs ? target_code_size / nb_tbs : 0,
4305 max_target_code_size);
4306 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4307 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4308 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4309 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4311 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4312 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4314 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4316 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4317 cpu_fprintf(f, "\nStatistics:\n");
4318 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4319 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4320 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4321 tcg_dump_info(f, cpu_fprintf);
4325 * A helper function for the _utterly broken_ virtio device model to find out if
4326 * it's running on a big endian machine. Don't do this at home kids!
4328 bool virtio_is_big_endian(void);
4329 bool virtio_is_big_endian(void)
4331 #if defined(TARGET_WORDS_BIGENDIAN)
4340 #ifndef CONFIG_USER_ONLY
4341 bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4343 MemoryRegionSection *section;
4345 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4347 return !(memory_region_is_ram(section->mr) ||
4348 memory_region_is_romd(section->mr));
projects / qemu.git / blob