4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
85 #define RAM_RESIZEABLE (1 << 2)
87 /* An extra page is mapped on top of this RAM.
89 #define RAM_EXTRA (1 << 3)
92 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
93 /* current CPU in the current thread. It is only valid inside
95 __thread CPUState *current_cpu;
96 /* 0 = Do not count executed instructions.
97 1 = Precise instruction counting.
98 2 = Adaptive rate instruction counting. */
101 #if !defined(CONFIG_USER_ONLY)
103 typedef struct PhysPageEntry PhysPageEntry;
105 struct PhysPageEntry {
106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
112 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114 /* Size of the L2 (and L3, etc) page tables. */
115 #define ADDR_SPACE_BITS 64
118 #define P_L2_SIZE (1 << P_L2_BITS)
120 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122 typedef PhysPageEntry Node[P_L2_SIZE];
124 typedef struct PhysPageMap {
127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
130 unsigned nodes_nb_alloc;
132 MemoryRegionSection *sections;
135 struct AddressSpaceDispatch {
138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
141 PhysPageEntry phys_map;
146 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147 typedef struct subpage_t {
151 uint16_t sub_section[TARGET_PAGE_SIZE];
154 #define PHYS_SECTION_UNASSIGNED 0
155 #define PHYS_SECTION_NOTDIRTY 1
156 #define PHYS_SECTION_ROM 2
157 #define PHYS_SECTION_WATCH 3
159 static void io_mem_init(void);
160 static void memory_map_init(void);
161 static void tcg_commit(MemoryListener *listener);
163 static MemoryRegion io_mem_watch;
166 #if !defined(CONFIG_USER_ONLY)
168 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
170 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
171 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
172 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
173 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
177 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
184 ret = map->nodes_nb++;
186 assert(ret != PHYS_MAP_NODE_NIL);
187 assert(ret != map->nodes_nb_alloc);
189 e.skip = leaf ? 0 : 1;
190 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
191 for (i = 0; i < P_L2_SIZE; ++i) {
192 memcpy(&p[i], &e, sizeof(e));
197 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
198 hwaddr *index, hwaddr *nb, uint16_t leaf,
202 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
204 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
205 lp->ptr = phys_map_node_alloc(map, level == 0);
207 p = map->nodes[lp->ptr];
208 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
210 while (*nb && lp < &p[P_L2_SIZE]) {
211 if ((*index & (step - 1)) == 0 && *nb >= step) {
217 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
223 static void phys_page_set(AddressSpaceDispatch *d,
224 hwaddr index, hwaddr nb,
227 /* Wildly overreserve - it doesn't matter much. */
228 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
230 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
233 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
234 * and update our entry so we can skip it and go directly to the destination.
236 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
238 unsigned valid_ptr = P_L2_SIZE;
243 if (lp->ptr == PHYS_MAP_NODE_NIL) {
248 for (i = 0; i < P_L2_SIZE; i++) {
249 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
256 phys_page_compact(&p[i], nodes, compacted);
260 /* We can only compress if there's only one child. */
265 assert(valid_ptr < P_L2_SIZE);
267 /* Don't compress if it won't fit in the # of bits we have. */
268 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
272 lp->ptr = p[valid_ptr].ptr;
273 if (!p[valid_ptr].skip) {
274 /* If our only child is a leaf, make this a leaf. */
275 /* By design, we should have made this node a leaf to begin with so we
276 * should never reach here.
277 * But since it's so simple to handle this, let's do it just in case we
282 lp->skip += p[valid_ptr].skip;
286 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
288 DECLARE_BITMAP(compacted, nodes_nb);
290 if (d->phys_map.skip) {
291 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
295 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
296 Node *nodes, MemoryRegionSection *sections)
299 hwaddr index = addr >> TARGET_PAGE_BITS;
302 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
303 if (lp.ptr == PHYS_MAP_NODE_NIL) {
304 return §ions[PHYS_SECTION_UNASSIGNED];
307 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
310 if (sections[lp.ptr].size.hi ||
311 range_covers_byte(sections[lp.ptr].offset_within_address_space,
312 sections[lp.ptr].size.lo, addr)) {
313 return §ions[lp.ptr];
315 return §ions[PHYS_SECTION_UNASSIGNED];
319 bool memory_region_is_unassigned(MemoryRegion *mr)
321 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
322 && mr != &io_mem_watch;
325 /* Called from RCU critical section */
326 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
328 bool resolve_subpage)
330 MemoryRegionSection *section;
333 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
334 if (resolve_subpage && section->mr->subpage) {
335 subpage = container_of(section->mr, subpage_t, iomem);
336 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
341 /* Called from RCU critical section */
342 static MemoryRegionSection *
343 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
344 hwaddr *plen, bool resolve_subpage)
346 MemoryRegionSection *section;
350 section = address_space_lookup_region(d, addr, resolve_subpage);
351 /* Compute offset within MemoryRegionSection */
352 addr -= section->offset_within_address_space;
354 /* Compute offset within MemoryRegion */
355 *xlat = addr + section->offset_within_region;
359 /* MMIO registers can be expected to perform full-width accesses based only
360 * on their address, without considering adjacent registers that could
361 * decode to completely different MemoryRegions. When such registers
362 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
363 * regions overlap wildly. For this reason we cannot clamp the accesses
366 * If the length is small (as is the case for address_space_ldl/stl),
367 * everything works fine. If the incoming length is large, however,
368 * the caller really has to do the clamping through memory_access_size.
370 if (memory_region_is_ram(mr)) {
371 diff = int128_sub(section->size, int128_make64(addr));
372 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
377 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
379 if (memory_region_is_ram(mr)) {
380 return !(is_write && mr->readonly);
382 if (memory_region_is_romd(mr)) {
389 /* Called from RCU critical section */
390 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
391 hwaddr *xlat, hwaddr *plen,
395 MemoryRegionSection *section;
399 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
400 section = address_space_translate_internal(d, addr, &addr, plen, true);
403 if (!mr->iommu_ops) {
407 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
408 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
409 | (addr & iotlb.addr_mask));
410 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
411 if (!(iotlb.perm & (1 << is_write))) {
412 mr = &io_mem_unassigned;
416 as = iotlb.target_as;
419 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
420 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
421 *plen = MIN(page, *plen);
428 /* Called from RCU critical section */
429 MemoryRegionSection *
430 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
431 hwaddr *xlat, hwaddr *plen)
433 MemoryRegionSection *section;
434 section = address_space_translate_internal(cpu->memory_dispatch,
435 addr, xlat, plen, false);
437 assert(!section->mr->iommu_ops);
442 #if !defined(CONFIG_USER_ONLY)
444 static int cpu_common_post_load(void *opaque, int version_id)
446 CPUState *cpu = opaque;
448 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
449 version_id is increased. */
450 cpu->interrupt_request &= ~0x01;
456 static int cpu_common_pre_load(void *opaque)
458 CPUState *cpu = opaque;
460 cpu->exception_index = -1;
465 static bool cpu_common_exception_index_needed(void *opaque)
467 CPUState *cpu = opaque;
469 return tcg_enabled() && cpu->exception_index != -1;
472 static const VMStateDescription vmstate_cpu_common_exception_index = {
473 .name = "cpu_common/exception_index",
475 .minimum_version_id = 1,
476 .needed = cpu_common_exception_index_needed,
477 .fields = (VMStateField[]) {
478 VMSTATE_INT32(exception_index, CPUState),
479 VMSTATE_END_OF_LIST()
483 static bool cpu_common_crash_occurred_needed(void *opaque)
485 CPUState *cpu = opaque;
487 return cpu->crash_occurred;
490 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
491 .name = "cpu_common/crash_occurred",
493 .minimum_version_id = 1,
494 .needed = cpu_common_crash_occurred_needed,
495 .fields = (VMStateField[]) {
496 VMSTATE_BOOL(crash_occurred, CPUState),
497 VMSTATE_END_OF_LIST()
501 const VMStateDescription vmstate_cpu_common = {
502 .name = "cpu_common",
504 .minimum_version_id = 1,
505 .pre_load = cpu_common_pre_load,
506 .post_load = cpu_common_post_load,
507 .fields = (VMStateField[]) {
508 VMSTATE_UINT32(halted, CPUState),
509 VMSTATE_UINT32(interrupt_request, CPUState),
510 VMSTATE_END_OF_LIST()
512 .subsections = (const VMStateDescription*[]) {
513 &vmstate_cpu_common_exception_index,
514 &vmstate_cpu_common_crash_occurred,
521 CPUState *qemu_get_cpu(int index)
526 if (cpu->cpu_index == index) {
534 #if !defined(CONFIG_USER_ONLY)
535 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
537 /* We only support one address space per cpu at the moment. */
538 assert(cpu->as == as);
540 if (cpu->tcg_as_listener) {
541 memory_listener_unregister(cpu->tcg_as_listener);
543 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
545 cpu->tcg_as_listener->commit = tcg_commit;
546 memory_listener_register(cpu->tcg_as_listener, as);
550 #ifndef CONFIG_USER_ONLY
551 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
553 static int cpu_get_free_index(Error **errp)
555 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
557 if (cpu >= MAX_CPUMASK_BITS) {
558 error_setg(errp, "Trying to use more CPUs than max of %d",
563 bitmap_set(cpu_index_map, cpu, 1);
567 void cpu_exec_exit(CPUState *cpu)
569 if (cpu->cpu_index == -1) {
570 /* cpu_index was never allocated by this @cpu or was already freed. */
574 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
579 static int cpu_get_free_index(Error **errp)
584 CPU_FOREACH(some_cpu) {
590 void cpu_exec_exit(CPUState *cpu)
595 void cpu_exec_init(CPUState *cpu, Error **errp)
597 CPUClass *cc = CPU_GET_CLASS(cpu);
599 Error *local_err = NULL;
601 #ifndef CONFIG_USER_ONLY
602 cpu->as = &address_space_memory;
603 cpu->thread_id = qemu_get_thread_id();
604 cpu_reload_memory_map(cpu);
607 #if defined(CONFIG_USER_ONLY)
610 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
612 error_propagate(errp, local_err);
613 #if defined(CONFIG_USER_ONLY)
618 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
619 #if defined(CONFIG_USER_ONLY)
622 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
623 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
625 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
626 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
627 cpu_save, cpu_load, cpu->env_ptr);
628 assert(cc->vmsd == NULL);
629 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
631 if (cc->vmsd != NULL) {
632 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
636 #if defined(CONFIG_USER_ONLY)
637 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
639 tb_invalidate_phys_page_range(pc, pc + 1, 0);
642 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
644 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
646 tb_invalidate_phys_addr(cpu->as,
647 phys | (pc & ~TARGET_PAGE_MASK));
652 #if defined(CONFIG_USER_ONLY)
653 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
658 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
664 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
668 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
669 int flags, CPUWatchpoint **watchpoint)
674 /* Add a watchpoint. */
675 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
676 int flags, CPUWatchpoint **watchpoint)
680 /* forbid ranges which are empty or run off the end of the address space */
681 if (len == 0 || (addr + len - 1) < addr) {
682 error_report("tried to set invalid watchpoint at %"
683 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
686 wp = g_malloc(sizeof(*wp));
692 /* keep all GDB-injected watchpoints in front */
693 if (flags & BP_GDB) {
694 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
696 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
699 tlb_flush_page(cpu, addr);
706 /* Remove a specific watchpoint. */
707 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
712 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
713 if (addr == wp->vaddr && len == wp->len
714 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
715 cpu_watchpoint_remove_by_ref(cpu, wp);
722 /* Remove a specific watchpoint by reference. */
723 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
727 tlb_flush_page(cpu, watchpoint->vaddr);
732 /* Remove all matching watchpoints. */
733 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
735 CPUWatchpoint *wp, *next;
737 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
738 if (wp->flags & mask) {
739 cpu_watchpoint_remove_by_ref(cpu, wp);
744 /* Return true if this watchpoint address matches the specified
745 * access (ie the address range covered by the watchpoint overlaps
746 * partially or completely with the address range covered by the
749 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
753 /* We know the lengths are non-zero, but a little caution is
754 * required to avoid errors in the case where the range ends
755 * exactly at the top of the address space and so addr + len
756 * wraps round to zero.
758 vaddr wpend = wp->vaddr + wp->len - 1;
759 vaddr addrend = addr + len - 1;
761 return !(addr > wpend || wp->vaddr > addrend);
766 /* Add a breakpoint. */
767 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
768 CPUBreakpoint **breakpoint)
772 bp = g_malloc(sizeof(*bp));
777 /* keep all GDB-injected breakpoints in front */
778 if (flags & BP_GDB) {
779 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
781 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
784 breakpoint_invalidate(cpu, pc);
792 /* Remove a specific breakpoint. */
793 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
797 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
798 if (bp->pc == pc && bp->flags == flags) {
799 cpu_breakpoint_remove_by_ref(cpu, bp);
806 /* Remove a specific breakpoint by reference. */
807 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
809 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
811 breakpoint_invalidate(cpu, breakpoint->pc);
816 /* Remove all matching breakpoints. */
817 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
819 CPUBreakpoint *bp, *next;
821 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
822 if (bp->flags & mask) {
823 cpu_breakpoint_remove_by_ref(cpu, bp);
828 /* enable or disable single step mode. EXCP_DEBUG is returned by the
829 CPU loop after each instruction */
830 void cpu_single_step(CPUState *cpu, int enabled)
832 if (cpu->singlestep_enabled != enabled) {
833 cpu->singlestep_enabled = enabled;
835 kvm_update_guest_debug(cpu, 0);
837 /* must flush all the translated code to avoid inconsistencies */
838 /* XXX: only flush what is necessary */
844 void cpu_abort(CPUState *cpu, const char *fmt, ...)
851 fprintf(stderr, "qemu: fatal: ");
852 vfprintf(stderr, fmt, ap);
853 fprintf(stderr, "\n");
854 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
855 if (qemu_log_enabled()) {
856 qemu_log("qemu: fatal: ");
857 qemu_log_vprintf(fmt, ap2);
859 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
865 #if defined(CONFIG_USER_ONLY)
867 struct sigaction act;
868 sigfillset(&act.sa_mask);
869 act.sa_handler = SIG_DFL;
870 sigaction(SIGABRT, &act, NULL);
876 #if !defined(CONFIG_USER_ONLY)
877 /* Called from RCU critical section */
878 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
882 block = atomic_rcu_read(&ram_list.mru_block);
883 if (block && addr - block->offset < block->max_length) {
886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
887 if (addr - block->offset < block->max_length) {
892 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
896 /* It is safe to write mru_block outside the iothread lock. This
901 * xxx removed from list
905 * call_rcu(reclaim_ramblock, xxx);
908 * atomic_rcu_set is not needed here. The block was already published
909 * when it was placed into the list. Here we're just making an extra
910 * copy of the pointer.
912 ram_list.mru_block = block;
916 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
923 end = TARGET_PAGE_ALIGN(start + length);
924 start &= TARGET_PAGE_MASK;
927 block = qemu_get_ram_block(start);
928 assert(block == qemu_get_ram_block(end - 1));
929 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
931 tlb_reset_dirty(cpu, start1, length);
936 /* Note: start and end must be within the same ram block. */
937 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
941 unsigned long end, page;
948 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
949 page = start >> TARGET_PAGE_BITS;
950 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
953 if (dirty && tcg_enabled()) {
954 tlb_reset_dirty_range_all(start, length);
960 /* Called from RCU critical section */
961 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
962 MemoryRegionSection *section,
964 hwaddr paddr, hwaddr xlat,
966 target_ulong *address)
971 if (memory_region_is_ram(section->mr)) {
973 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
975 if (!section->readonly) {
976 iotlb |= PHYS_SECTION_NOTDIRTY;
978 iotlb |= PHYS_SECTION_ROM;
981 AddressSpaceDispatch *d;
983 d = atomic_rcu_read(§ion->address_space->dispatch);
984 iotlb = section - d->map.sections;
988 /* Make accesses to pages with watchpoints go via the
989 watchpoint trap routines. */
990 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
991 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
992 /* Avoid trapping reads of pages with a write breakpoint. */
993 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
994 iotlb = PHYS_SECTION_WATCH + paddr;
995 *address |= TLB_MMIO;
1003 #endif /* defined(CONFIG_USER_ONLY) */
1005 #if !defined(CONFIG_USER_ONLY)
1007 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1009 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1011 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1012 qemu_anon_ram_alloc;
1015 * Set a custom physical guest memory alloator.
1016 * Accelerators with unusual needs may need this. Hopefully, we can
1017 * get rid of it eventually.
1019 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1021 phys_mem_alloc = alloc;
1024 static uint16_t phys_section_add(PhysPageMap *map,
1025 MemoryRegionSection *section)
1027 /* The physical section number is ORed with a page-aligned
1028 * pointer to produce the iotlb entries. Thus it should
1029 * never overflow into the page-aligned value.
1031 assert(map->sections_nb < TARGET_PAGE_SIZE);
1033 if (map->sections_nb == map->sections_nb_alloc) {
1034 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1035 map->sections = g_renew(MemoryRegionSection, map->sections,
1036 map->sections_nb_alloc);
1038 map->sections[map->sections_nb] = *section;
1039 memory_region_ref(section->mr);
1040 return map->sections_nb++;
1043 static void phys_section_destroy(MemoryRegion *mr)
1045 memory_region_unref(mr);
1048 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1049 object_unref(OBJECT(&subpage->iomem));
1054 static void phys_sections_free(PhysPageMap *map)
1056 while (map->sections_nb > 0) {
1057 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1058 phys_section_destroy(section->mr);
1060 g_free(map->sections);
1064 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1067 hwaddr base = section->offset_within_address_space
1069 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1070 d->map.nodes, d->map.sections);
1071 MemoryRegionSection subsection = {
1072 .offset_within_address_space = base,
1073 .size = int128_make64(TARGET_PAGE_SIZE),
1077 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1079 if (!(existing->mr->subpage)) {
1080 subpage = subpage_init(d->as, base);
1081 subsection.address_space = d->as;
1082 subsection.mr = &subpage->iomem;
1083 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1084 phys_section_add(&d->map, &subsection));
1086 subpage = container_of(existing->mr, subpage_t, iomem);
1088 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1089 end = start + int128_get64(section->size) - 1;
1090 subpage_register(subpage, start, end,
1091 phys_section_add(&d->map, section));
1095 static void register_multipage(AddressSpaceDispatch *d,
1096 MemoryRegionSection *section)
1098 hwaddr start_addr = section->offset_within_address_space;
1099 uint16_t section_index = phys_section_add(&d->map, section);
1100 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1104 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1107 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1109 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1110 AddressSpaceDispatch *d = as->next_dispatch;
1111 MemoryRegionSection now = *section, remain = *section;
1112 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1114 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1115 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1116 - now.offset_within_address_space;
1118 now.size = int128_min(int128_make64(left), now.size);
1119 register_subpage(d, &now);
1121 now.size = int128_zero();
1123 while (int128_ne(remain.size, now.size)) {
1124 remain.size = int128_sub(remain.size, now.size);
1125 remain.offset_within_address_space += int128_get64(now.size);
1126 remain.offset_within_region += int128_get64(now.size);
1128 if (int128_lt(remain.size, page_size)) {
1129 register_subpage(d, &now);
1130 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1131 now.size = page_size;
1132 register_subpage(d, &now);
1134 now.size = int128_and(now.size, int128_neg(page_size));
1135 register_multipage(d, &now);
1140 void qemu_flush_coalesced_mmio_buffer(void)
1143 kvm_flush_coalesced_mmio_buffer();
1146 void qemu_mutex_lock_ramlist(void)
1148 qemu_mutex_lock(&ram_list.mutex);
1151 void qemu_mutex_unlock_ramlist(void)
1153 qemu_mutex_unlock(&ram_list.mutex);
1158 #include <sys/vfs.h>
1160 #define HUGETLBFS_MAGIC 0x958458f6
1162 static long gethugepagesize(const char *path, Error **errp)
1168 ret = statfs(path, &fs);
1169 } while (ret != 0 && errno == EINTR);
1172 error_setg_errno(errp, errno, "failed to get page size of file %s",
1177 if (fs.f_type != HUGETLBFS_MAGIC)
1178 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1183 static void *file_ram_alloc(RAMBlock *block,
1189 char *sanitized_name;
1196 Error *local_err = NULL;
1199 hpagesize = gethugepagesize(path, &local_err);
1201 error_propagate(errp, local_err);
1204 block->mr->align = hpagesize;
1206 if (memory < hpagesize) {
1207 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1208 "or larger than huge page size 0x%" PRIx64,
1213 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1215 "host lacks kvm mmu notifiers, -mem-path unsupported");
1219 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1220 sanitized_name = g_strdup(memory_region_name(block->mr));
1221 for (c = sanitized_name; *c != '\0'; c++) {
1226 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1228 g_free(sanitized_name);
1230 fd = mkstemp(filename);
1232 error_setg_errno(errp, errno,
1233 "unable to create backing store for hugepages");
1240 memory = ROUND_UP(memory, hpagesize);
1241 total = memory + hpagesize;
1244 * ftruncate is not supported by hugetlbfs in older
1245 * hosts, so don't bother bailing out on errors.
1246 * If anything goes wrong with it under other filesystems,
1249 if (ftruncate(fd, memory)) {
1250 perror("ftruncate");
1253 ptr = mmap(0, total, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS,
1255 if (ptr == MAP_FAILED) {
1256 error_setg_errno(errp, errno,
1257 "unable to allocate memory range for hugepages");
1262 offset = QEMU_ALIGN_UP((uintptr_t)ptr, hpagesize) - (uintptr_t)ptr;
1264 area = mmap(ptr + offset, memory, PROT_READ | PROT_WRITE,
1265 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE) |
1268 if (area == MAP_FAILED) {
1269 error_setg_errno(errp, errno,
1270 "unable to map backing store for hugepages");
1277 munmap(ptr, offset);
1282 if (total > memory + getpagesize()) {
1283 munmap(ptr + memory + getpagesize(),
1284 total - memory - getpagesize());
1288 os_mem_prealloc(fd, area, memory);
1296 error_report("%s", error_get_pretty(*errp));
1303 /* Called with the ramlist lock held. */
1304 static ram_addr_t find_ram_offset(ram_addr_t size)
1306 RAMBlock *block, *next_block;
1307 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1309 assert(size != 0); /* it would hand out same offset multiple times */
1311 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1315 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1316 ram_addr_t end, next = RAM_ADDR_MAX;
1318 end = block->offset + block->max_length;
1320 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1321 if (next_block->offset >= end) {
1322 next = MIN(next, next_block->offset);
1325 if (next - end >= size && next - end < mingap) {
1327 mingap = next - end;
1331 if (offset == RAM_ADDR_MAX) {
1332 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1340 ram_addr_t last_ram_offset(void)
1343 ram_addr_t last = 0;
1346 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1347 last = MAX(last, block->offset + block->max_length);
1353 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1357 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1358 if (!machine_dump_guest_core(current_machine)) {
1359 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1361 perror("qemu_madvise");
1362 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1363 "but dump_guest_core=off specified\n");
1368 /* Called within an RCU critical section, or while the ramlist lock
1371 static RAMBlock *find_ram_block(ram_addr_t addr)
1375 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1376 if (block->offset == addr) {
1384 /* Called with iothread lock held. */
1385 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1387 RAMBlock *new_block, *block;
1390 new_block = find_ram_block(addr);
1392 assert(!new_block->idstr[0]);
1395 char *id = qdev_get_dev_path(dev);
1397 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1401 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1403 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1404 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1405 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1413 /* Called with iothread lock held. */
1414 void qemu_ram_unset_idstr(ram_addr_t addr)
1418 /* FIXME: arch_init.c assumes that this is not called throughout
1419 * migration. Ignore the problem since hot-unplug during migration
1420 * does not work anyway.
1424 block = find_ram_block(addr);
1426 memset(block->idstr, 0, sizeof(block->idstr));
1431 static int memory_try_enable_merging(void *addr, size_t len)
1433 if (!machine_mem_merge(current_machine)) {
1434 /* disabled by the user */
1438 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1441 /* Only legal before guest might have detected the memory size: e.g. on
1442 * incoming migration, or right after reset.
1444 * As memory core doesn't know how is memory accessed, it is up to
1445 * resize callback to update device state and/or add assertions to detect
1446 * misuse, if necessary.
1448 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1450 RAMBlock *block = find_ram_block(base);
1454 newsize = TARGET_PAGE_ALIGN(newsize);
1456 if (block->used_length == newsize) {
1460 if (!(block->flags & RAM_RESIZEABLE)) {
1461 error_setg_errno(errp, EINVAL,
1462 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1463 " in != 0x" RAM_ADDR_FMT, block->idstr,
1464 newsize, block->used_length);
1468 if (block->max_length < newsize) {
1469 error_setg_errno(errp, EINVAL,
1470 "Length too large: %s: 0x" RAM_ADDR_FMT
1471 " > 0x" RAM_ADDR_FMT, block->idstr,
1472 newsize, block->max_length);
1476 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1477 block->used_length = newsize;
1478 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1480 memory_region_set_size(block->mr, newsize);
1481 if (block->resized) {
1482 block->resized(block->idstr, newsize, block->host);
1487 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1490 RAMBlock *last_block = NULL;
1491 ram_addr_t old_ram_size, new_ram_size;
1493 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1495 qemu_mutex_lock_ramlist();
1496 new_block->offset = find_ram_offset(new_block->max_length);
1498 if (!new_block->host) {
1499 if (xen_enabled()) {
1500 xen_ram_alloc(new_block->offset, new_block->max_length,
1503 new_block->host = phys_mem_alloc(new_block->max_length,
1504 &new_block->mr->align);
1505 if (!new_block->host) {
1506 error_setg_errno(errp, errno,
1507 "cannot set up guest memory '%s'",
1508 memory_region_name(new_block->mr));
1509 qemu_mutex_unlock_ramlist();
1512 memory_try_enable_merging(new_block->host, new_block->max_length);
1516 new_ram_size = MAX(old_ram_size,
1517 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1518 if (new_ram_size > old_ram_size) {
1519 migration_bitmap_extend(old_ram_size, new_ram_size);
1521 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1522 * QLIST (which has an RCU-friendly variant) does not have insertion at
1523 * tail, so save the last element in last_block.
1525 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1527 if (block->max_length < new_block->max_length) {
1532 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1533 } else if (last_block) {
1534 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1535 } else { /* list is empty */
1536 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1538 ram_list.mru_block = NULL;
1540 /* Write list before version */
1543 qemu_mutex_unlock_ramlist();
1545 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1547 if (new_ram_size > old_ram_size) {
1550 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1551 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1552 ram_list.dirty_memory[i] =
1553 bitmap_zero_extend(ram_list.dirty_memory[i],
1554 old_ram_size, new_ram_size);
1557 cpu_physical_memory_set_dirty_range(new_block->offset,
1558 new_block->used_length,
1561 if (new_block->host) {
1562 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1563 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1564 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1565 if (kvm_enabled()) {
1566 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1570 return new_block->offset;
1574 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1575 bool share, const char *mem_path,
1578 RAMBlock *new_block;
1580 Error *local_err = NULL;
1582 if (xen_enabled()) {
1583 error_setg(errp, "-mem-path not supported with Xen");
1587 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1589 * file_ram_alloc() needs to allocate just like
1590 * phys_mem_alloc, but we haven't bothered to provide
1594 "-mem-path not supported with this accelerator");
1598 size = TARGET_PAGE_ALIGN(size);
1599 new_block = g_malloc0(sizeof(*new_block));
1601 new_block->used_length = size;
1602 new_block->max_length = size;
1603 new_block->flags = share ? RAM_SHARED : 0;
1604 new_block->flags |= RAM_EXTRA;
1605 new_block->host = file_ram_alloc(new_block, size,
1607 if (!new_block->host) {
1612 addr = ram_block_add(new_block, &local_err);
1615 error_propagate(errp, local_err);
1623 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1624 void (*resized)(const char*,
1627 void *host, bool resizeable,
1628 MemoryRegion *mr, Error **errp)
1630 RAMBlock *new_block;
1632 Error *local_err = NULL;
1634 size = TARGET_PAGE_ALIGN(size);
1635 max_size = TARGET_PAGE_ALIGN(max_size);
1636 new_block = g_malloc0(sizeof(*new_block));
1638 new_block->resized = resized;
1639 new_block->used_length = size;
1640 new_block->max_length = max_size;
1641 assert(max_size >= size);
1643 new_block->host = host;
1645 new_block->flags |= RAM_PREALLOC;
1648 new_block->flags |= RAM_RESIZEABLE;
1650 addr = ram_block_add(new_block, &local_err);
1653 error_propagate(errp, local_err);
1659 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1660 MemoryRegion *mr, Error **errp)
1662 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1665 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1667 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1670 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1671 void (*resized)(const char*,
1674 MemoryRegion *mr, Error **errp)
1676 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1679 void qemu_ram_free_from_ptr(ram_addr_t addr)
1683 qemu_mutex_lock_ramlist();
1684 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1685 if (addr == block->offset) {
1686 QLIST_REMOVE_RCU(block, next);
1687 ram_list.mru_block = NULL;
1688 /* Write list before version */
1691 g_free_rcu(block, rcu);
1695 qemu_mutex_unlock_ramlist();
1698 static void reclaim_ramblock(RAMBlock *block)
1700 if (block->flags & RAM_PREALLOC) {
1702 } else if (xen_enabled()) {
1703 xen_invalidate_map_cache_entry(block->host);
1705 } else if (block->fd >= 0) {
1706 if (block->flags & RAM_EXTRA) {
1707 munmap(block->host, block->max_length + getpagesize());
1709 munmap(block->host, block->max_length);
1714 qemu_anon_ram_free(block->host, block->max_length);
1719 void qemu_ram_free(ram_addr_t addr)
1723 qemu_mutex_lock_ramlist();
1724 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1725 if (addr == block->offset) {
1726 QLIST_REMOVE_RCU(block, next);
1727 ram_list.mru_block = NULL;
1728 /* Write list before version */
1731 call_rcu(block, reclaim_ramblock, rcu);
1735 qemu_mutex_unlock_ramlist();
1739 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1746 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1747 offset = addr - block->offset;
1748 if (offset < block->max_length) {
1749 vaddr = ramblock_ptr(block, offset);
1750 if (block->flags & RAM_PREALLOC) {
1752 } else if (xen_enabled()) {
1756 if (block->fd >= 0) {
1757 flags |= (block->flags & RAM_SHARED ?
1758 MAP_SHARED : MAP_PRIVATE);
1759 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1760 flags, block->fd, offset);
1763 * Remap needs to match alloc. Accelerators that
1764 * set phys_mem_alloc never remap. If they did,
1765 * we'd need a remap hook here.
1767 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1769 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1770 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1773 if (area != vaddr) {
1774 fprintf(stderr, "Could not remap addr: "
1775 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1779 memory_try_enable_merging(vaddr, length);
1780 qemu_ram_setup_dump(vaddr, length);
1785 #endif /* !_WIN32 */
1787 int qemu_get_ram_fd(ram_addr_t addr)
1793 block = qemu_get_ram_block(addr);
1799 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1805 block = qemu_get_ram_block(addr);
1806 ptr = ramblock_ptr(block, 0);
1811 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1812 * This should not be used for general purpose DMA. Use address_space_map
1813 * or address_space_rw instead. For local memory (e.g. video ram) that the
1814 * device owns, use memory_region_get_ram_ptr.
1816 * By the time this function returns, the returned pointer is not protected
1817 * by RCU anymore. If the caller is not within an RCU critical section and
1818 * does not hold the iothread lock, it must have other means of protecting the
1819 * pointer, such as a reference to the region that includes the incoming
1822 void *qemu_get_ram_ptr(ram_addr_t addr)
1828 block = qemu_get_ram_block(addr);
1830 if (xen_enabled() && block->host == NULL) {
1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map until the end of the page.
1835 if (block->offset == 0) {
1836 ptr = xen_map_cache(addr, 0, 0);
1840 block->host = xen_map_cache(block->offset, block->max_length, 1);
1842 ptr = ramblock_ptr(block, addr - block->offset);
1849 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1850 * but takes a size argument.
1852 * By the time this function returns, the returned pointer is not protected
1853 * by RCU anymore. If the caller is not within an RCU critical section and
1854 * does not hold the iothread lock, it must have other means of protecting the
1855 * pointer, such as a reference to the region that includes the incoming
1858 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1864 if (xen_enabled()) {
1865 return xen_map_cache(addr, *size, 1);
1869 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1870 if (addr - block->offset < block->max_length) {
1871 if (addr - block->offset + *size > block->max_length)
1872 *size = block->max_length - addr + block->offset;
1873 ptr = ramblock_ptr(block, addr - block->offset);
1879 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1884 /* Some of the softmmu routines need to translate from a host pointer
1885 * (typically a TLB entry) back to a ram offset.
1887 * By the time this function returns, the returned pointer is not protected
1888 * by RCU anymore. If the caller is not within an RCU critical section and
1889 * does not hold the iothread lock, it must have other means of protecting the
1890 * pointer, such as a reference to the region that includes the incoming
1893 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1896 uint8_t *host = ptr;
1899 if (xen_enabled()) {
1901 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1902 mr = qemu_get_ram_block(*ram_addr)->mr;
1908 block = atomic_rcu_read(&ram_list.mru_block);
1909 if (block && block->host && host - block->host < block->max_length) {
1913 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1914 /* This case append when the block is not mapped. */
1915 if (block->host == NULL) {
1918 if (host - block->host < block->max_length) {
1927 *ram_addr = block->offset + (host - block->host);
1933 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1934 uint64_t val, unsigned size)
1936 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1937 tb_invalidate_phys_page_fast(ram_addr, size);
1941 stb_p(qemu_get_ram_ptr(ram_addr), val);
1944 stw_p(qemu_get_ram_ptr(ram_addr), val);
1947 stl_p(qemu_get_ram_ptr(ram_addr), val);
1952 /* Set both VGA and migration bits for simplicity and to remove
1953 * the notdirty callback faster.
1955 cpu_physical_memory_set_dirty_range(ram_addr, size,
1956 DIRTY_CLIENTS_NOCODE);
1957 /* we remove the notdirty callback only if the code has been
1959 if (!cpu_physical_memory_is_clean(ram_addr)) {
1960 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1964 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1965 unsigned size, bool is_write)
1970 static const MemoryRegionOps notdirty_mem_ops = {
1971 .write = notdirty_mem_write,
1972 .valid.accepts = notdirty_mem_accepts,
1973 .endianness = DEVICE_NATIVE_ENDIAN,
1976 /* Generate a debug exception if a watchpoint has been hit. */
1977 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1979 CPUState *cpu = current_cpu;
1980 CPUArchState *env = cpu->env_ptr;
1981 target_ulong pc, cs_base;
1986 if (cpu->watchpoint_hit) {
1987 /* We re-entered the check after replacing the TB. Now raise
1988 * the debug interrupt so that is will trigger after the
1989 * current instruction. */
1990 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1993 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1994 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1995 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1996 && (wp->flags & flags)) {
1997 if (flags == BP_MEM_READ) {
1998 wp->flags |= BP_WATCHPOINT_HIT_READ;
2000 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2002 wp->hitaddr = vaddr;
2003 wp->hitattrs = attrs;
2004 if (!cpu->watchpoint_hit) {
2005 cpu->watchpoint_hit = wp;
2006 tb_check_watchpoint(cpu);
2007 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2008 cpu->exception_index = EXCP_DEBUG;
2011 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2012 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2013 cpu_resume_from_signal(cpu, NULL);
2017 wp->flags &= ~BP_WATCHPOINT_HIT;
2022 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2023 so these check for a hit then pass through to the normal out-of-line
2025 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2026 unsigned size, MemTxAttrs attrs)
2031 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2034 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2037 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2040 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2048 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2049 uint64_t val, unsigned size,
2054 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2057 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2060 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2063 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2070 static const MemoryRegionOps watch_mem_ops = {
2071 .read_with_attrs = watch_mem_read,
2072 .write_with_attrs = watch_mem_write,
2073 .endianness = DEVICE_NATIVE_ENDIAN,
2076 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2077 unsigned len, MemTxAttrs attrs)
2079 subpage_t *subpage = opaque;
2083 #if defined(DEBUG_SUBPAGE)
2084 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2085 subpage, len, addr);
2087 res = address_space_read(subpage->as, addr + subpage->base,
2094 *data = ldub_p(buf);
2097 *data = lduw_p(buf);
2110 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2111 uint64_t value, unsigned len, MemTxAttrs attrs)
2113 subpage_t *subpage = opaque;
2116 #if defined(DEBUG_SUBPAGE)
2117 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2118 " value %"PRIx64"\n",
2119 __func__, subpage, len, addr, value);
2137 return address_space_write(subpage->as, addr + subpage->base,
2141 static bool subpage_accepts(void *opaque, hwaddr addr,
2142 unsigned len, bool is_write)
2144 subpage_t *subpage = opaque;
2145 #if defined(DEBUG_SUBPAGE)
2146 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2147 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2150 return address_space_access_valid(subpage->as, addr + subpage->base,
2154 static const MemoryRegionOps subpage_ops = {
2155 .read_with_attrs = subpage_read,
2156 .write_with_attrs = subpage_write,
2157 .impl.min_access_size = 1,
2158 .impl.max_access_size = 8,
2159 .valid.min_access_size = 1,
2160 .valid.max_access_size = 8,
2161 .valid.accepts = subpage_accepts,
2162 .endianness = DEVICE_NATIVE_ENDIAN,
2165 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2170 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2172 idx = SUBPAGE_IDX(start);
2173 eidx = SUBPAGE_IDX(end);
2174 #if defined(DEBUG_SUBPAGE)
2175 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2176 __func__, mmio, start, end, idx, eidx, section);
2178 for (; idx <= eidx; idx++) {
2179 mmio->sub_section[idx] = section;
2185 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2189 mmio = g_malloc0(sizeof(subpage_t));
2193 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2194 NULL, TARGET_PAGE_SIZE);
2195 mmio->iomem.subpage = true;
2196 #if defined(DEBUG_SUBPAGE)
2197 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2198 mmio, base, TARGET_PAGE_SIZE);
2200 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2205 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2209 MemoryRegionSection section = {
2210 .address_space = as,
2212 .offset_within_address_space = 0,
2213 .offset_within_region = 0,
2214 .size = int128_2_64(),
2217 return phys_section_add(map, §ion);
2220 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2222 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2223 MemoryRegionSection *sections = d->map.sections;
2225 return sections[index & ~TARGET_PAGE_MASK].mr;
2228 static void io_mem_init(void)
2230 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2231 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2233 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2235 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2239 static void mem_begin(MemoryListener *listener)
2241 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2242 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2245 n = dummy_section(&d->map, as, &io_mem_unassigned);
2246 assert(n == PHYS_SECTION_UNASSIGNED);
2247 n = dummy_section(&d->map, as, &io_mem_notdirty);
2248 assert(n == PHYS_SECTION_NOTDIRTY);
2249 n = dummy_section(&d->map, as, &io_mem_rom);
2250 assert(n == PHYS_SECTION_ROM);
2251 n = dummy_section(&d->map, as, &io_mem_watch);
2252 assert(n == PHYS_SECTION_WATCH);
2254 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2256 as->next_dispatch = d;
2259 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2261 phys_sections_free(&d->map);
2265 static void mem_commit(MemoryListener *listener)
2267 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2268 AddressSpaceDispatch *cur = as->dispatch;
2269 AddressSpaceDispatch *next = as->next_dispatch;
2271 phys_page_compact_all(next, next->map.nodes_nb);
2273 atomic_rcu_set(&as->dispatch, next);
2275 call_rcu(cur, address_space_dispatch_free, rcu);
2279 static void tcg_commit(MemoryListener *listener)
2283 /* since each CPU stores ram addresses in its TLB cache, we must
2284 reset the modified entries */
2287 /* FIXME: Disentangle the cpu.h circular files deps so we can
2288 directly get the right CPU from listener. */
2289 if (cpu->tcg_as_listener != listener) {
2292 cpu_reload_memory_map(cpu);
2296 void address_space_init_dispatch(AddressSpace *as)
2298 as->dispatch = NULL;
2299 as->dispatch_listener = (MemoryListener) {
2301 .commit = mem_commit,
2302 .region_add = mem_add,
2303 .region_nop = mem_add,
2306 memory_listener_register(&as->dispatch_listener, as);
2309 void address_space_unregister(AddressSpace *as)
2311 memory_listener_unregister(&as->dispatch_listener);
2314 void address_space_destroy_dispatch(AddressSpace *as)
2316 AddressSpaceDispatch *d = as->dispatch;
2318 atomic_rcu_set(&as->dispatch, NULL);
2320 call_rcu(d, address_space_dispatch_free, rcu);
2324 static void memory_map_init(void)
2326 system_memory = g_malloc(sizeof(*system_memory));
2328 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2329 address_space_init(&address_space_memory, system_memory, "memory");
2331 system_io = g_malloc(sizeof(*system_io));
2332 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2334 address_space_init(&address_space_io, system_io, "I/O");
2337 MemoryRegion *get_system_memory(void)
2339 return system_memory;
2342 MemoryRegion *get_system_io(void)
2347 #endif /* !defined(CONFIG_USER_ONLY) */
2349 /* physical memory access (slow version, mainly for debug) */
2350 #if defined(CONFIG_USER_ONLY)
2351 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2352 uint8_t *buf, int len, int is_write)
2359 page = addr & TARGET_PAGE_MASK;
2360 l = (page + TARGET_PAGE_SIZE) - addr;
2363 flags = page_get_flags(page);
2364 if (!(flags & PAGE_VALID))
2367 if (!(flags & PAGE_WRITE))
2369 /* XXX: this code should not depend on lock_user */
2370 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2373 unlock_user(p, addr, l);
2375 if (!(flags & PAGE_READ))
2377 /* XXX: this code should not depend on lock_user */
2378 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2381 unlock_user(p, addr, 0);
2392 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2395 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2396 /* No early return if dirty_log_mask is or becomes 0, because
2397 * cpu_physical_memory_set_dirty_range will still call
2398 * xen_modified_memory.
2400 if (dirty_log_mask) {
2402 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2404 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2405 tb_invalidate_phys_range(addr, addr + length);
2406 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2408 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2411 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2413 unsigned access_size_max = mr->ops->valid.max_access_size;
2415 /* Regions are assumed to support 1-4 byte accesses unless
2416 otherwise specified. */
2417 if (access_size_max == 0) {
2418 access_size_max = 4;
2421 /* Bound the maximum access by the alignment of the address. */
2422 if (!mr->ops->impl.unaligned) {
2423 unsigned align_size_max = addr & -addr;
2424 if (align_size_max != 0 && align_size_max < access_size_max) {
2425 access_size_max = align_size_max;
2429 /* Don't attempt accesses larger than the maximum. */
2430 if (l > access_size_max) {
2431 l = access_size_max;
2438 static bool prepare_mmio_access(MemoryRegion *mr)
2440 bool unlocked = !qemu_mutex_iothread_locked();
2441 bool release_lock = false;
2443 if (unlocked && mr->global_locking) {
2444 qemu_mutex_lock_iothread();
2446 release_lock = true;
2448 if (mr->flush_coalesced_mmio) {
2450 qemu_mutex_lock_iothread();
2452 qemu_flush_coalesced_mmio_buffer();
2454 qemu_mutex_unlock_iothread();
2458 return release_lock;
2461 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2462 uint8_t *buf, int len, bool is_write)
2469 MemTxResult result = MEMTX_OK;
2470 bool release_lock = false;
2475 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2478 if (!memory_access_is_direct(mr, is_write)) {
2479 release_lock |= prepare_mmio_access(mr);
2480 l = memory_access_size(mr, l, addr1);
2481 /* XXX: could force current_cpu to NULL to avoid
2485 /* 64 bit write access */
2487 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2491 /* 32 bit write access */
2493 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2497 /* 16 bit write access */
2499 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2503 /* 8 bit write access */
2505 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2512 addr1 += memory_region_get_ram_addr(mr);
2514 ptr = qemu_get_ram_ptr(addr1);
2515 memcpy(ptr, buf, l);
2516 invalidate_and_set_dirty(mr, addr1, l);
2519 if (!memory_access_is_direct(mr, is_write)) {
2521 release_lock |= prepare_mmio_access(mr);
2522 l = memory_access_size(mr, l, addr1);
2525 /* 64 bit read access */
2526 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2531 /* 32 bit read access */
2532 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2537 /* 16 bit read access */
2538 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2543 /* 8 bit read access */
2544 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2553 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2554 memcpy(buf, ptr, l);
2559 qemu_mutex_unlock_iothread();
2560 release_lock = false;
2572 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2573 const uint8_t *buf, int len)
2575 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2578 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2579 uint8_t *buf, int len)
2581 return address_space_rw(as, addr, attrs, buf, len, false);
2585 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2586 int len, int is_write)
2588 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2589 buf, len, is_write);
2592 enum write_rom_type {
2597 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2598 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2608 mr = address_space_translate(as, addr, &addr1, &l, true);
2610 if (!(memory_region_is_ram(mr) ||
2611 memory_region_is_romd(mr))) {
2612 l = memory_access_size(mr, l, addr1);
2614 addr1 += memory_region_get_ram_addr(mr);
2616 ptr = qemu_get_ram_ptr(addr1);
2619 memcpy(ptr, buf, l);
2620 invalidate_and_set_dirty(mr, addr1, l);
2623 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2634 /* used for ROM loading : can write in RAM and ROM */
2635 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2636 const uint8_t *buf, int len)
2638 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2641 void cpu_flush_icache_range(hwaddr start, int len)
2644 * This function should do the same thing as an icache flush that was
2645 * triggered from within the guest. For TCG we are always cache coherent,
2646 * so there is no need to flush anything. For KVM / Xen we need to flush
2647 * the host's instruction cache at least.
2649 if (tcg_enabled()) {
2653 cpu_physical_memory_write_rom_internal(&address_space_memory,
2654 start, NULL, len, FLUSH_CACHE);
2665 static BounceBuffer bounce;
2667 typedef struct MapClient {
2669 QLIST_ENTRY(MapClient) link;
2672 QemuMutex map_client_list_lock;
2673 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2674 = QLIST_HEAD_INITIALIZER(map_client_list);
2676 static void cpu_unregister_map_client_do(MapClient *client)
2678 QLIST_REMOVE(client, link);
2682 static void cpu_notify_map_clients_locked(void)
2686 while (!QLIST_EMPTY(&map_client_list)) {
2687 client = QLIST_FIRST(&map_client_list);
2688 qemu_bh_schedule(client->bh);
2689 cpu_unregister_map_client_do(client);
2693 void cpu_register_map_client(QEMUBH *bh)
2695 MapClient *client = g_malloc(sizeof(*client));
2697 qemu_mutex_lock(&map_client_list_lock);
2699 QLIST_INSERT_HEAD(&map_client_list, client, link);
2700 if (!atomic_read(&bounce.in_use)) {
2701 cpu_notify_map_clients_locked();
2703 qemu_mutex_unlock(&map_client_list_lock);
2706 void cpu_exec_init_all(void)
2708 qemu_mutex_init(&ram_list.mutex);
2711 qemu_mutex_init(&map_client_list_lock);
2714 void cpu_unregister_map_client(QEMUBH *bh)
2718 qemu_mutex_lock(&map_client_list_lock);
2719 QLIST_FOREACH(client, &map_client_list, link) {
2720 if (client->bh == bh) {
2721 cpu_unregister_map_client_do(client);
2725 qemu_mutex_unlock(&map_client_list_lock);
2728 static void cpu_notify_map_clients(void)
2730 qemu_mutex_lock(&map_client_list_lock);
2731 cpu_notify_map_clients_locked();
2732 qemu_mutex_unlock(&map_client_list_lock);
2735 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2743 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2744 if (!memory_access_is_direct(mr, is_write)) {
2745 l = memory_access_size(mr, l, addr);
2746 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2758 /* Map a physical memory region into a host virtual address.
2759 * May map a subset of the requested range, given by and returned in *plen.
2760 * May return NULL if resources needed to perform the mapping are exhausted.
2761 * Use only for reads OR writes - not for read-modify-write operations.
2762 * Use cpu_register_map_client() to know when retrying the map operation is
2763 * likely to succeed.
2765 void *address_space_map(AddressSpace *as,
2772 hwaddr l, xlat, base;
2773 MemoryRegion *mr, *this_mr;
2782 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2784 if (!memory_access_is_direct(mr, is_write)) {
2785 if (atomic_xchg(&bounce.in_use, true)) {
2789 /* Avoid unbounded allocations */
2790 l = MIN(l, TARGET_PAGE_SIZE);
2791 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2795 memory_region_ref(mr);
2798 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2804 return bounce.buffer;
2808 raddr = memory_region_get_ram_addr(mr);
2819 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2820 if (this_mr != mr || xlat != base + done) {
2825 memory_region_ref(mr);
2828 return qemu_ram_ptr_length(raddr + base, plen);
2831 /* Unmaps a memory region previously mapped by address_space_map().
2832 * Will also mark the memory as dirty if is_write == 1. access_len gives
2833 * the amount of memory that was actually read or written by the caller.
2835 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2836 int is_write, hwaddr access_len)
2838 if (buffer != bounce.buffer) {
2842 mr = qemu_ram_addr_from_host(buffer, &addr1);
2845 invalidate_and_set_dirty(mr, addr1, access_len);
2847 if (xen_enabled()) {
2848 xen_invalidate_map_cache_entry(buffer);
2850 memory_region_unref(mr);
2854 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2855 bounce.buffer, access_len);
2857 qemu_vfree(bounce.buffer);
2858 bounce.buffer = NULL;
2859 memory_region_unref(bounce.mr);
2860 atomic_mb_set(&bounce.in_use, false);
2861 cpu_notify_map_clients();
2864 void *cpu_physical_memory_map(hwaddr addr,
2868 return address_space_map(&address_space_memory, addr, plen, is_write);
2871 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2872 int is_write, hwaddr access_len)
2874 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2877 /* warning: addr must be aligned */
2878 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2880 MemTxResult *result,
2881 enum device_endian endian)
2889 bool release_lock = false;
2892 mr = address_space_translate(as, addr, &addr1, &l, false);
2893 if (l < 4 || !memory_access_is_direct(mr, false)) {
2894 release_lock |= prepare_mmio_access(mr);
2897 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2898 #if defined(TARGET_WORDS_BIGENDIAN)
2899 if (endian == DEVICE_LITTLE_ENDIAN) {
2903 if (endian == DEVICE_BIG_ENDIAN) {
2909 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2913 case DEVICE_LITTLE_ENDIAN:
2914 val = ldl_le_p(ptr);
2916 case DEVICE_BIG_ENDIAN:
2917 val = ldl_be_p(ptr);
2929 qemu_mutex_unlock_iothread();
2935 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2936 MemTxAttrs attrs, MemTxResult *result)
2938 return address_space_ldl_internal(as, addr, attrs, result,
2939 DEVICE_NATIVE_ENDIAN);
2942 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2943 MemTxAttrs attrs, MemTxResult *result)
2945 return address_space_ldl_internal(as, addr, attrs, result,
2946 DEVICE_LITTLE_ENDIAN);
2949 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2950 MemTxAttrs attrs, MemTxResult *result)
2952 return address_space_ldl_internal(as, addr, attrs, result,
2956 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2958 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2961 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2963 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2966 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2968 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2971 /* warning: addr must be aligned */
2972 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2974 MemTxResult *result,
2975 enum device_endian endian)
2983 bool release_lock = false;
2986 mr = address_space_translate(as, addr, &addr1, &l,
2988 if (l < 8 || !memory_access_is_direct(mr, false)) {
2989 release_lock |= prepare_mmio_access(mr);
2992 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2993 #if defined(TARGET_WORDS_BIGENDIAN)
2994 if (endian == DEVICE_LITTLE_ENDIAN) {
2998 if (endian == DEVICE_BIG_ENDIAN) {
3004 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3008 case DEVICE_LITTLE_ENDIAN:
3009 val = ldq_le_p(ptr);
3011 case DEVICE_BIG_ENDIAN:
3012 val = ldq_be_p(ptr);
3024 qemu_mutex_unlock_iothread();
3030 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs, MemTxResult *result)
3033 return address_space_ldq_internal(as, addr, attrs, result,
3034 DEVICE_NATIVE_ENDIAN);
3037 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3038 MemTxAttrs attrs, MemTxResult *result)
3040 return address_space_ldq_internal(as, addr, attrs, result,
3041 DEVICE_LITTLE_ENDIAN);
3044 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3045 MemTxAttrs attrs, MemTxResult *result)
3047 return address_space_ldq_internal(as, addr, attrs, result,
3051 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3053 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3056 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3058 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3061 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3063 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3067 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3068 MemTxAttrs attrs, MemTxResult *result)
3073 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3080 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3082 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3085 /* warning: addr must be aligned */
3086 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3089 MemTxResult *result,
3090 enum device_endian endian)
3098 bool release_lock = false;
3101 mr = address_space_translate(as, addr, &addr1, &l,
3103 if (l < 2 || !memory_access_is_direct(mr, false)) {
3104 release_lock |= prepare_mmio_access(mr);
3107 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3108 #if defined(TARGET_WORDS_BIGENDIAN)
3109 if (endian == DEVICE_LITTLE_ENDIAN) {
3113 if (endian == DEVICE_BIG_ENDIAN) {
3119 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3123 case DEVICE_LITTLE_ENDIAN:
3124 val = lduw_le_p(ptr);
3126 case DEVICE_BIG_ENDIAN:
3127 val = lduw_be_p(ptr);
3139 qemu_mutex_unlock_iothread();
3145 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs, MemTxResult *result)
3148 return address_space_lduw_internal(as, addr, attrs, result,
3149 DEVICE_NATIVE_ENDIAN);
3152 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3153 MemTxAttrs attrs, MemTxResult *result)
3155 return address_space_lduw_internal(as, addr, attrs, result,
3156 DEVICE_LITTLE_ENDIAN);
3159 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3160 MemTxAttrs attrs, MemTxResult *result)
3162 return address_space_lduw_internal(as, addr, attrs, result,
3166 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3168 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3171 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3173 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3176 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3178 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3181 /* warning: addr must be aligned. The ram page is not masked as dirty
3182 and the code inside is not invalidated. It is useful if the dirty
3183 bits are used to track modified PTEs */
3184 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3185 MemTxAttrs attrs, MemTxResult *result)
3192 uint8_t dirty_log_mask;
3193 bool release_lock = false;
3196 mr = address_space_translate(as, addr, &addr1, &l,
3198 if (l < 4 || !memory_access_is_direct(mr, true)) {
3199 release_lock |= prepare_mmio_access(mr);
3201 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3203 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3204 ptr = qemu_get_ram_ptr(addr1);
3207 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3208 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3209 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3216 qemu_mutex_unlock_iothread();
3221 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3223 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3226 /* warning: addr must be aligned */
3227 static inline void address_space_stl_internal(AddressSpace *as,
3228 hwaddr addr, uint32_t val,
3230 MemTxResult *result,
3231 enum device_endian endian)
3238 bool release_lock = false;
3241 mr = address_space_translate(as, addr, &addr1, &l,
3243 if (l < 4 || !memory_access_is_direct(mr, true)) {
3244 release_lock |= prepare_mmio_access(mr);
3246 #if defined(TARGET_WORDS_BIGENDIAN)
3247 if (endian == DEVICE_LITTLE_ENDIAN) {
3251 if (endian == DEVICE_BIG_ENDIAN) {
3255 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3258 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3259 ptr = qemu_get_ram_ptr(addr1);
3261 case DEVICE_LITTLE_ENDIAN:
3264 case DEVICE_BIG_ENDIAN:
3271 invalidate_and_set_dirty(mr, addr1, 4);
3278 qemu_mutex_unlock_iothread();
3283 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3284 MemTxAttrs attrs, MemTxResult *result)
3286 address_space_stl_internal(as, addr, val, attrs, result,
3287 DEVICE_NATIVE_ENDIAN);
3290 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3291 MemTxAttrs attrs, MemTxResult *result)
3293 address_space_stl_internal(as, addr, val, attrs, result,
3294 DEVICE_LITTLE_ENDIAN);
3297 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3298 MemTxAttrs attrs, MemTxResult *result)
3300 address_space_stl_internal(as, addr, val, attrs, result,
3304 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3306 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3309 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3311 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3314 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3316 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3320 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3321 MemTxAttrs attrs, MemTxResult *result)
3326 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3332 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3334 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3337 /* warning: addr must be aligned */
3338 static inline void address_space_stw_internal(AddressSpace *as,
3339 hwaddr addr, uint32_t val,
3341 MemTxResult *result,
3342 enum device_endian endian)
3349 bool release_lock = false;
3352 mr = address_space_translate(as, addr, &addr1, &l, true);
3353 if (l < 2 || !memory_access_is_direct(mr, true)) {
3354 release_lock |= prepare_mmio_access(mr);
3356 #if defined(TARGET_WORDS_BIGENDIAN)
3357 if (endian == DEVICE_LITTLE_ENDIAN) {
3361 if (endian == DEVICE_BIG_ENDIAN) {
3365 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3368 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3369 ptr = qemu_get_ram_ptr(addr1);
3371 case DEVICE_LITTLE_ENDIAN:
3374 case DEVICE_BIG_ENDIAN:
3381 invalidate_and_set_dirty(mr, addr1, 2);
3388 qemu_mutex_unlock_iothread();
3393 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3396 address_space_stw_internal(as, addr, val, attrs, result,
3397 DEVICE_NATIVE_ENDIAN);
3400 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3401 MemTxAttrs attrs, MemTxResult *result)
3403 address_space_stw_internal(as, addr, val, attrs, result,
3404 DEVICE_LITTLE_ENDIAN);
3407 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs, MemTxResult *result)
3410 address_space_stw_internal(as, addr, val, attrs, result,
3414 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3416 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3419 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3421 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3424 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3426 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3430 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3431 MemTxAttrs attrs, MemTxResult *result)
3435 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3441 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3442 MemTxAttrs attrs, MemTxResult *result)
3445 val = cpu_to_le64(val);
3446 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3451 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3452 MemTxAttrs attrs, MemTxResult *result)
3455 val = cpu_to_be64(val);
3456 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3462 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3464 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3467 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3469 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3472 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3474 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3477 /* virtual memory access for debug (includes writing to ROM) */
3478 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3479 uint8_t *buf, int len, int is_write)
3486 page = addr & TARGET_PAGE_MASK;
3487 phys_addr = cpu_get_phys_page_debug(cpu, page);
3488 /* if no physical page mapped, return an error */
3489 if (phys_addr == -1)
3491 l = (page + TARGET_PAGE_SIZE) - addr;
3494 phys_addr += (addr & ~TARGET_PAGE_MASK);
3496 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3498 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3510 * A helper function for the _utterly broken_ virtio device model to find out if
3511 * it's running on a big endian machine. Don't do this at home kids!
3513 bool target_words_bigendian(void);
3514 bool target_words_bigendian(void)
3516 #if defined(TARGET_WORDS_BIGENDIAN)
3523 #ifndef CONFIG_USER_ONLY
3524 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3531 mr = address_space_translate(&address_space_memory,
3532 phys_addr, &phys_addr, &l, false);
3534 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3539 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3545 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3546 ret = func(block->idstr, block->host, block->offset,
3547 block->used_length, opaque);
projects / qemu.git / blob