2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
35 #include "qemu-timer.h"
37 #include "exec-memory.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
55 #else /* !CONFIG_USER_ONLY */
56 #include "xen-mapcache.h"
62 #define WANT_EXEC_OBSOLETE
63 #include "exec-obsolete.h"
65 //#define DEBUG_TB_INVALIDATE
67 //#define DEBUG_UNASSIGNED
69 /* make various TB consistency checks */
70 //#define DEBUG_TB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
96 #elif defined(_WIN32) && !defined(_WIN64)
97 #define code_gen_section \
98 __attribute__((aligned (16)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 static uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
113 static int in_migration;
115 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
117 static MemoryRegion *system_memory;
118 static MemoryRegion *system_io;
120 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
121 static MemoryRegion io_mem_subpage_ram;
125 CPUArchState *first_cpu;
126 /* current CPU in the current thread. It is only valid inside
128 DEFINE_TLS(CPUArchState *,cpu_single_env);
129 /* 0 = Do not count executed instructions.
130 1 = Precise instruction counting.
131 2 = Adaptive rate instruction counting. */
134 typedef struct PageDesc {
135 /* list of TBs intersecting this ram page */
136 TranslationBlock *first_tb;
137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141 #if defined(CONFIG_USER_ONLY)
146 /* In system mode we want L1_MAP to be based on ram offsets,
147 while in user mode we want it to be based on virtual addresses. */
148 #if !defined(CONFIG_USER_ONLY)
149 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
155 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
158 /* Size of the L2 (and L3, etc) page tables. */
160 #define L2_SIZE (1 << L2_BITS)
162 #define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165 /* The bits remaining after N lower levels of page tables. */
166 #define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169 #if V_L1_BITS_REM < 4
170 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172 #define V_L1_BITS V_L1_BITS_REM
175 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179 uintptr_t qemu_real_host_page_size;
180 uintptr_t qemu_host_page_size;
181 uintptr_t qemu_host_page_mask;
183 /* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185 static void *l1_map[V_L1_SIZE];
187 #if !defined(CONFIG_USER_ONLY)
188 typedef struct PhysPageEntry PhysPageEntry;
190 static MemoryRegionSection *phys_sections;
191 static unsigned phys_sections_nb, phys_sections_nb_alloc;
192 static uint16_t phys_section_unassigned;
193 static uint16_t phys_section_notdirty;
194 static uint16_t phys_section_rom;
195 static uint16_t phys_section_watch;
197 struct PhysPageEntry {
198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
203 /* Simple allocator for PhysPageEntry nodes */
204 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
207 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
209 /* This is a multi-level map on the physical address space.
210 The bottom level has pointers to MemoryRegionSections. */
211 static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
213 static void io_mem_init(void);
214 static void memory_map_init(void);
216 static MemoryRegion io_mem_watch;
221 static const char *logfilename = "qemu.log";
223 static const char *logfilename = "/tmp/qemu.log";
227 static int log_append = 0;
230 static int tb_flush_count;
231 static int tb_phys_invalidate_count;
234 static void map_exec(void *addr, long size)
237 VirtualProtect(addr, size,
238 PAGE_EXECUTE_READWRITE, &old_protect);
242 static void map_exec(void *addr, long size)
244 unsigned long start, end, page_size;
246 page_size = getpagesize();
247 start = (unsigned long)addr;
248 start &= ~(page_size - 1);
250 end = (unsigned long)addr + size;
251 end += page_size - 1;
252 end &= ~(page_size - 1);
254 mprotect((void *)start, end - start,
255 PROT_READ | PROT_WRITE | PROT_EXEC);
259 static void page_init(void)
261 /* NOTE: we can always suppose that qemu_host_page_size >=
265 SYSTEM_INFO system_info;
267 GetSystemInfo(&system_info);
268 qemu_real_host_page_size = system_info.dwPageSize;
271 qemu_real_host_page_size = getpagesize();
273 if (qemu_host_page_size == 0)
274 qemu_host_page_size = qemu_real_host_page_size;
275 if (qemu_host_page_size < TARGET_PAGE_SIZE)
276 qemu_host_page_size = TARGET_PAGE_SIZE;
277 qemu_host_page_mask = ~(qemu_host_page_size - 1);
279 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
281 #ifdef HAVE_KINFO_GETVMMAP
282 struct kinfo_vmentry *freep;
285 freep = kinfo_getvmmap(getpid(), &cnt);
288 for (i = 0; i < cnt; i++) {
289 unsigned long startaddr, endaddr;
291 startaddr = freep[i].kve_start;
292 endaddr = freep[i].kve_end;
293 if (h2g_valid(startaddr)) {
294 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
296 if (h2g_valid(endaddr)) {
297 endaddr = h2g(endaddr);
298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
300 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
313 last_brk = (unsigned long)sbrk(0);
315 f = fopen("/compat/linux/proc/self/maps", "r");
320 unsigned long startaddr, endaddr;
323 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
325 if (n == 2 && h2g_valid(startaddr)) {
326 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
328 if (h2g_valid(endaddr)) {
329 endaddr = h2g(endaddr);
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
345 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
351 #if defined(CONFIG_USER_ONLY)
352 /* We can't use g_malloc because it may recurse into a locked mutex. */
353 # define ALLOC(P, SIZE) \
355 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
356 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
359 # define ALLOC(P, SIZE) \
360 do { P = g_malloc0(SIZE); } while (0)
363 /* Level 1. Always allocated. */
364 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
367 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
374 ALLOC(p, sizeof(void *) * L2_SIZE);
378 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
386 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
392 return pd + (index & (L2_SIZE - 1));
395 static inline PageDesc *page_find(tb_page_addr_t index)
397 return page_find_alloc(index, 0);
400 #if !defined(CONFIG_USER_ONLY)
402 static void phys_map_node_reserve(unsigned nodes)
404 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
405 typedef PhysPageEntry Node[L2_SIZE];
406 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
407 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
408 phys_map_nodes_nb + nodes);
409 phys_map_nodes = g_renew(Node, phys_map_nodes,
410 phys_map_nodes_nb_alloc);
414 static uint16_t phys_map_node_alloc(void)
419 ret = phys_map_nodes_nb++;
420 assert(ret != PHYS_MAP_NODE_NIL);
421 assert(ret != phys_map_nodes_nb_alloc);
422 for (i = 0; i < L2_SIZE; ++i) {
423 phys_map_nodes[ret][i].is_leaf = 0;
424 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
429 static void phys_map_nodes_reset(void)
431 phys_map_nodes_nb = 0;
435 static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
436 target_phys_addr_t *nb, uint16_t leaf,
441 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
443 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
444 lp->ptr = phys_map_node_alloc();
445 p = phys_map_nodes[lp->ptr];
447 for (i = 0; i < L2_SIZE; i++) {
449 p[i].ptr = phys_section_unassigned;
453 p = phys_map_nodes[lp->ptr];
455 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
457 while (*nb && lp < &p[L2_SIZE]) {
458 if ((*index & (step - 1)) == 0 && *nb >= step) {
464 phys_page_set_level(lp, index, nb, leaf, level - 1);
470 static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
473 /* Wildly overreserve - it doesn't matter much. */
474 phys_map_node_reserve(3 * P_L2_LEVELS);
476 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
479 MemoryRegionSection *phys_page_find(target_phys_addr_t index)
481 PhysPageEntry lp = phys_map;
484 uint16_t s_index = phys_section_unassigned;
486 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
487 if (lp.ptr == PHYS_MAP_NODE_NIL) {
490 p = phys_map_nodes[lp.ptr];
491 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
496 return &phys_sections[s_index];
499 bool memory_region_is_unassigned(MemoryRegion *mr)
501 return mr != &io_mem_ram && mr != &io_mem_rom
502 && mr != &io_mem_notdirty && !mr->rom_device
503 && mr != &io_mem_watch;
506 #define mmap_lock() do { } while(0)
507 #define mmap_unlock() do { } while(0)
510 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
512 #if defined(CONFIG_USER_ONLY)
513 /* Currently it is not recommended to allocate big chunks of data in
514 user mode. It will change when a dedicated libc will be used */
515 #define USE_STATIC_CODE_GEN_BUFFER
518 #ifdef USE_STATIC_CODE_GEN_BUFFER
519 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
520 __attribute__((aligned (CODE_GEN_ALIGN)));
523 static void code_gen_alloc(unsigned long tb_size)
525 #ifdef USE_STATIC_CODE_GEN_BUFFER
526 code_gen_buffer = static_code_gen_buffer;
527 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
528 map_exec(code_gen_buffer, code_gen_buffer_size);
530 code_gen_buffer_size = tb_size;
531 if (code_gen_buffer_size == 0) {
532 #if defined(CONFIG_USER_ONLY)
533 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
535 /* XXX: needs adjustments */
536 code_gen_buffer_size = (unsigned long)(ram_size / 4);
539 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
540 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
541 /* The code gen buffer location may have constraints depending on
542 the host cpu and OS */
543 #if defined(__linux__)
548 flags = MAP_PRIVATE | MAP_ANONYMOUS;
549 #if defined(__x86_64__)
551 /* Cannot map more than that */
552 if (code_gen_buffer_size > (800 * 1024 * 1024))
553 code_gen_buffer_size = (800 * 1024 * 1024);
554 #elif defined(__sparc_v9__)
555 // Map the buffer below 2G, so we can use direct calls and branches
557 start = (void *) 0x60000000UL;
558 if (code_gen_buffer_size > (512 * 1024 * 1024))
559 code_gen_buffer_size = (512 * 1024 * 1024);
560 #elif defined(__arm__)
561 /* Keep the buffer no bigger than 16MB to branch between blocks */
562 if (code_gen_buffer_size > 16 * 1024 * 1024)
563 code_gen_buffer_size = 16 * 1024 * 1024;
564 #elif defined(__s390x__)
565 /* Map the buffer so that we can use direct calls and branches. */
566 /* We have a +- 4GB range on the branches; leave some slop. */
567 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
568 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
570 start = (void *)0x90000000UL;
572 code_gen_buffer = mmap(start, code_gen_buffer_size,
573 PROT_WRITE | PROT_READ | PROT_EXEC,
575 if (code_gen_buffer == MAP_FAILED) {
576 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
580 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
581 || defined(__DragonFly__) || defined(__OpenBSD__) \
582 || defined(__NetBSD__)
586 flags = MAP_PRIVATE | MAP_ANONYMOUS;
587 #if defined(__x86_64__)
588 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
589 * 0x40000000 is free */
591 addr = (void *)0x40000000;
592 /* Cannot map more than that */
593 if (code_gen_buffer_size > (800 * 1024 * 1024))
594 code_gen_buffer_size = (800 * 1024 * 1024);
595 #elif defined(__sparc_v9__)
596 // Map the buffer below 2G, so we can use direct calls and branches
598 addr = (void *) 0x60000000UL;
599 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
600 code_gen_buffer_size = (512 * 1024 * 1024);
603 code_gen_buffer = mmap(addr, code_gen_buffer_size,
604 PROT_WRITE | PROT_READ | PROT_EXEC,
606 if (code_gen_buffer == MAP_FAILED) {
607 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
612 code_gen_buffer = g_malloc(code_gen_buffer_size);
613 map_exec(code_gen_buffer, code_gen_buffer_size);
615 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
616 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
617 code_gen_buffer_max_size = code_gen_buffer_size -
618 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
619 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
620 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
623 /* Must be called before using the QEMU cpus. 'tb_size' is the size
624 (in bytes) allocated to the translation buffer. Zero means default
626 void tcg_exec_init(unsigned long tb_size)
629 code_gen_alloc(tb_size);
630 code_gen_ptr = code_gen_buffer;
631 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
633 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
634 /* There's no guest base to take into account, so go ahead and
635 initialize the prologue now. */
636 tcg_prologue_init(&tcg_ctx);
640 bool tcg_enabled(void)
642 return code_gen_buffer != NULL;
645 void cpu_exec_init_all(void)
647 #if !defined(CONFIG_USER_ONLY)
653 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
655 static int cpu_common_post_load(void *opaque, int version_id)
657 CPUArchState *env = opaque;
659 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
660 version_id is increased. */
661 env->interrupt_request &= ~0x01;
667 static const VMStateDescription vmstate_cpu_common = {
668 .name = "cpu_common",
670 .minimum_version_id = 1,
671 .minimum_version_id_old = 1,
672 .post_load = cpu_common_post_load,
673 .fields = (VMStateField []) {
674 VMSTATE_UINT32(halted, CPUArchState),
675 VMSTATE_UINT32(interrupt_request, CPUArchState),
676 VMSTATE_END_OF_LIST()
681 CPUArchState *qemu_get_cpu(int cpu)
683 CPUArchState *env = first_cpu;
686 if (env->cpu_index == cpu)
694 void cpu_exec_init(CPUArchState *env)
699 #if defined(CONFIG_USER_ONLY)
702 env->next_cpu = NULL;
705 while (*penv != NULL) {
706 penv = &(*penv)->next_cpu;
709 env->cpu_index = cpu_index;
711 QTAILQ_INIT(&env->breakpoints);
712 QTAILQ_INIT(&env->watchpoints);
713 #ifndef CONFIG_USER_ONLY
714 env->thread_id = qemu_get_thread_id();
717 #if defined(CONFIG_USER_ONLY)
720 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
721 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
722 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
723 cpu_save, cpu_load, env);
727 /* Allocate a new translation block. Flush the translation buffer if
728 too many translation blocks or too much generated code. */
729 static TranslationBlock *tb_alloc(target_ulong pc)
731 TranslationBlock *tb;
733 if (nb_tbs >= code_gen_max_blocks ||
734 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
742 void tb_free(TranslationBlock *tb)
744 /* In practice this is mostly used for single use temporary TB
745 Ignore the hard cases and just back up if this TB happens to
746 be the last one generated. */
747 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
748 code_gen_ptr = tb->tc_ptr;
753 static inline void invalidate_page_bitmap(PageDesc *p)
755 if (p->code_bitmap) {
756 g_free(p->code_bitmap);
757 p->code_bitmap = NULL;
759 p->code_write_count = 0;
762 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
764 static void page_flush_tb_1 (int level, void **lp)
773 for (i = 0; i < L2_SIZE; ++i) {
774 pd[i].first_tb = NULL;
775 invalidate_page_bitmap(pd + i);
779 for (i = 0; i < L2_SIZE; ++i) {
780 page_flush_tb_1 (level - 1, pp + i);
785 static void page_flush_tb(void)
788 for (i = 0; i < V_L1_SIZE; i++) {
789 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
793 /* flush all the translation blocks */
794 /* XXX: tb_flush is currently not thread safe */
795 void tb_flush(CPUArchState *env1)
798 #if defined(DEBUG_FLUSH)
799 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
800 (unsigned long)(code_gen_ptr - code_gen_buffer),
802 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
804 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
805 cpu_abort(env1, "Internal error: code buffer overflow\n");
809 for(env = first_cpu; env != NULL; env = env->next_cpu) {
810 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
813 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
816 code_gen_ptr = code_gen_buffer;
817 /* XXX: flush processor icache at this point if cache flush is
822 #ifdef DEBUG_TB_CHECK
824 static void tb_invalidate_check(target_ulong address)
826 TranslationBlock *tb;
828 address &= TARGET_PAGE_MASK;
829 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
830 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
831 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
832 address >= tb->pc + tb->size)) {
833 printf("ERROR invalidate: address=" TARGET_FMT_lx
834 " PC=%08lx size=%04x\n",
835 address, (long)tb->pc, tb->size);
841 /* verify that all the pages have correct rights for code */
842 static void tb_page_check(void)
844 TranslationBlock *tb;
845 int i, flags1, flags2;
847 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
848 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
849 flags1 = page_get_flags(tb->pc);
850 flags2 = page_get_flags(tb->pc + tb->size - 1);
851 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
852 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
853 (long)tb->pc, tb->size, flags1, flags2);
861 /* invalidate one TB */
862 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
865 TranslationBlock *tb1;
869 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
872 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
876 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
878 TranslationBlock *tb1;
883 n1 = (uintptr_t)tb1 & 3;
884 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
886 *ptb = tb1->page_next[n1];
889 ptb = &tb1->page_next[n1];
893 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
895 TranslationBlock *tb1, **ptb;
898 ptb = &tb->jmp_next[n];
901 /* find tb(n) in circular list */
904 n1 = (uintptr_t)tb1 & 3;
905 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
906 if (n1 == n && tb1 == tb)
909 ptb = &tb1->jmp_first;
911 ptb = &tb1->jmp_next[n1];
914 /* now we can suppress tb(n) from the list */
915 *ptb = tb->jmp_next[n];
917 tb->jmp_next[n] = NULL;
921 /* reset the jump entry 'n' of a TB so that it is not chained to
923 static inline void tb_reset_jump(TranslationBlock *tb, int n)
925 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
928 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
933 tb_page_addr_t phys_pc;
934 TranslationBlock *tb1, *tb2;
936 /* remove the TB from the hash list */
937 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
938 h = tb_phys_hash_func(phys_pc);
939 tb_remove(&tb_phys_hash[h], tb,
940 offsetof(TranslationBlock, phys_hash_next));
942 /* remove the TB from the page list */
943 if (tb->page_addr[0] != page_addr) {
944 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
945 tb_page_remove(&p->first_tb, tb);
946 invalidate_page_bitmap(p);
948 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
949 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
950 tb_page_remove(&p->first_tb, tb);
951 invalidate_page_bitmap(p);
954 tb_invalidated_flag = 1;
956 /* remove the TB from the hash list */
957 h = tb_jmp_cache_hash_func(tb->pc);
958 for(env = first_cpu; env != NULL; env = env->next_cpu) {
959 if (env->tb_jmp_cache[h] == tb)
960 env->tb_jmp_cache[h] = NULL;
963 /* suppress this TB from the two jump lists */
964 tb_jmp_remove(tb, 0);
965 tb_jmp_remove(tb, 1);
967 /* suppress any remaining jumps to this TB */
970 n1 = (uintptr_t)tb1 & 3;
973 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
974 tb2 = tb1->jmp_next[n1];
975 tb_reset_jump(tb1, n1);
976 tb1->jmp_next[n1] = NULL;
979 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
981 tb_phys_invalidate_count++;
984 static inline void set_bits(uint8_t *tab, int start, int len)
990 mask = 0xff << (start & 7);
991 if ((start & ~7) == (end & ~7)) {
993 mask &= ~(0xff << (end & 7));
998 start = (start + 8) & ~7;
1000 while (start < end1) {
1005 mask = ~(0xff << (end & 7));
1011 static void build_page_bitmap(PageDesc *p)
1013 int n, tb_start, tb_end;
1014 TranslationBlock *tb;
1016 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
1019 while (tb != NULL) {
1020 n = (uintptr_t)tb & 3;
1021 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1022 /* NOTE: this is subtle as a TB may span two physical pages */
1024 /* NOTE: tb_end may be after the end of the page, but
1025 it is not a problem */
1026 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1027 tb_end = tb_start + tb->size;
1028 if (tb_end > TARGET_PAGE_SIZE)
1029 tb_end = TARGET_PAGE_SIZE;
1032 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1034 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1035 tb = tb->page_next[n];
1039 TranslationBlock *tb_gen_code(CPUArchState *env,
1040 target_ulong pc, target_ulong cs_base,
1041 int flags, int cflags)
1043 TranslationBlock *tb;
1045 tb_page_addr_t phys_pc, phys_page2;
1046 target_ulong virt_page2;
1049 phys_pc = get_page_addr_code(env, pc);
1052 /* flush must be done */
1054 /* cannot fail at this point */
1056 /* Don't forget to invalidate previous TB info. */
1057 tb_invalidated_flag = 1;
1059 tc_ptr = code_gen_ptr;
1060 tb->tc_ptr = tc_ptr;
1061 tb->cs_base = cs_base;
1063 tb->cflags = cflags;
1064 cpu_gen_code(env, tb, &code_gen_size);
1065 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1066 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1068 /* check next page if needed */
1069 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1071 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1072 phys_page2 = get_page_addr_code(env, virt_page2);
1074 tb_link_page(tb, phys_pc, phys_page2);
1079 * Invalidate all TBs which intersect with the target physical address range
1080 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1081 * 'is_cpu_write_access' should be true if called from a real cpu write
1082 * access: the virtual CPU will exit the current TB if code is modified inside
1085 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1086 int is_cpu_write_access)
1088 while (start < end) {
1089 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1090 start &= TARGET_PAGE_MASK;
1091 start += TARGET_PAGE_SIZE;
1096 * Invalidate all TBs which intersect with the target physical address range
1097 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1098 * 'is_cpu_write_access' should be true if called from a real cpu write
1099 * access: the virtual CPU will exit the current TB if code is modified inside
1102 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1103 int is_cpu_write_access)
1105 TranslationBlock *tb, *tb_next, *saved_tb;
1106 CPUArchState *env = cpu_single_env;
1107 tb_page_addr_t tb_start, tb_end;
1110 #ifdef TARGET_HAS_PRECISE_SMC
1111 int current_tb_not_found = is_cpu_write_access;
1112 TranslationBlock *current_tb = NULL;
1113 int current_tb_modified = 0;
1114 target_ulong current_pc = 0;
1115 target_ulong current_cs_base = 0;
1116 int current_flags = 0;
1117 #endif /* TARGET_HAS_PRECISE_SMC */
1119 p = page_find(start >> TARGET_PAGE_BITS);
1122 if (!p->code_bitmap &&
1123 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1124 is_cpu_write_access) {
1125 /* build code bitmap */
1126 build_page_bitmap(p);
1129 /* we remove all the TBs in the range [start, end[ */
1130 /* XXX: see if in some cases it could be faster to invalidate all the code */
1132 while (tb != NULL) {
1133 n = (uintptr_t)tb & 3;
1134 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1135 tb_next = tb->page_next[n];
1136 /* NOTE: this is subtle as a TB may span two physical pages */
1138 /* NOTE: tb_end may be after the end of the page, but
1139 it is not a problem */
1140 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1141 tb_end = tb_start + tb->size;
1143 tb_start = tb->page_addr[1];
1144 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1146 if (!(tb_end <= start || tb_start >= end)) {
1147 #ifdef TARGET_HAS_PRECISE_SMC
1148 if (current_tb_not_found) {
1149 current_tb_not_found = 0;
1151 if (env->mem_io_pc) {
1152 /* now we have a real cpu fault */
1153 current_tb = tb_find_pc(env->mem_io_pc);
1156 if (current_tb == tb &&
1157 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1158 /* If we are modifying the current TB, we must stop
1159 its execution. We could be more precise by checking
1160 that the modification is after the current PC, but it
1161 would require a specialized function to partially
1162 restore the CPU state */
1164 current_tb_modified = 1;
1165 cpu_restore_state(current_tb, env, env->mem_io_pc);
1166 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1169 #endif /* TARGET_HAS_PRECISE_SMC */
1170 /* we need to do that to handle the case where a signal
1171 occurs while doing tb_phys_invalidate() */
1174 saved_tb = env->current_tb;
1175 env->current_tb = NULL;
1177 tb_phys_invalidate(tb, -1);
1179 env->current_tb = saved_tb;
1180 if (env->interrupt_request && env->current_tb)
1181 cpu_interrupt(env, env->interrupt_request);
1186 #if !defined(CONFIG_USER_ONLY)
1187 /* if no code remaining, no need to continue to use slow writes */
1189 invalidate_page_bitmap(p);
1190 if (is_cpu_write_access) {
1191 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1195 #ifdef TARGET_HAS_PRECISE_SMC
1196 if (current_tb_modified) {
1197 /* we generate a block containing just the instruction
1198 modifying the memory. It will ensure that it cannot modify
1200 env->current_tb = NULL;
1201 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1202 cpu_resume_from_signal(env, NULL);
1207 /* len must be <= 8 and start must be a multiple of len */
1208 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1214 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1215 cpu_single_env->mem_io_vaddr, len,
1216 cpu_single_env->eip,
1217 cpu_single_env->eip +
1218 (intptr_t)cpu_single_env->segs[R_CS].base);
1221 p = page_find(start >> TARGET_PAGE_BITS);
1224 if (p->code_bitmap) {
1225 offset = start & ~TARGET_PAGE_MASK;
1226 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1227 if (b & ((1 << len) - 1))
1231 tb_invalidate_phys_page_range(start, start + len, 1);
1235 #if !defined(CONFIG_SOFTMMU)
1236 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1237 uintptr_t pc, void *puc)
1239 TranslationBlock *tb;
1242 #ifdef TARGET_HAS_PRECISE_SMC
1243 TranslationBlock *current_tb = NULL;
1244 CPUArchState *env = cpu_single_env;
1245 int current_tb_modified = 0;
1246 target_ulong current_pc = 0;
1247 target_ulong current_cs_base = 0;
1248 int current_flags = 0;
1251 addr &= TARGET_PAGE_MASK;
1252 p = page_find(addr >> TARGET_PAGE_BITS);
1256 #ifdef TARGET_HAS_PRECISE_SMC
1257 if (tb && pc != 0) {
1258 current_tb = tb_find_pc(pc);
1261 while (tb != NULL) {
1262 n = (uintptr_t)tb & 3;
1263 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1264 #ifdef TARGET_HAS_PRECISE_SMC
1265 if (current_tb == tb &&
1266 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1267 /* If we are modifying the current TB, we must stop
1268 its execution. We could be more precise by checking
1269 that the modification is after the current PC, but it
1270 would require a specialized function to partially
1271 restore the CPU state */
1273 current_tb_modified = 1;
1274 cpu_restore_state(current_tb, env, pc);
1275 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1278 #endif /* TARGET_HAS_PRECISE_SMC */
1279 tb_phys_invalidate(tb, addr);
1280 tb = tb->page_next[n];
1283 #ifdef TARGET_HAS_PRECISE_SMC
1284 if (current_tb_modified) {
1285 /* we generate a block containing just the instruction
1286 modifying the memory. It will ensure that it cannot modify
1288 env->current_tb = NULL;
1289 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1290 cpu_resume_from_signal(env, puc);
1296 /* add the tb in the target page and protect it if necessary */
1297 static inline void tb_alloc_page(TranslationBlock *tb,
1298 unsigned int n, tb_page_addr_t page_addr)
1301 #ifndef CONFIG_USER_ONLY
1302 bool page_already_protected;
1305 tb->page_addr[n] = page_addr;
1306 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1307 tb->page_next[n] = p->first_tb;
1308 #ifndef CONFIG_USER_ONLY
1309 page_already_protected = p->first_tb != NULL;
1311 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1312 invalidate_page_bitmap(p);
1314 #if defined(TARGET_HAS_SMC) || 1
1316 #if defined(CONFIG_USER_ONLY)
1317 if (p->flags & PAGE_WRITE) {
1322 /* force the host page as non writable (writes will have a
1323 page fault + mprotect overhead) */
1324 page_addr &= qemu_host_page_mask;
1326 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1327 addr += TARGET_PAGE_SIZE) {
1329 p2 = page_find (addr >> TARGET_PAGE_BITS);
1333 p2->flags &= ~PAGE_WRITE;
1335 mprotect(g2h(page_addr), qemu_host_page_size,
1336 (prot & PAGE_BITS) & ~PAGE_WRITE);
1337 #ifdef DEBUG_TB_INVALIDATE
1338 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1343 /* if some code is already present, then the pages are already
1344 protected. So we handle the case where only the first TB is
1345 allocated in a physical page */
1346 if (!page_already_protected) {
1347 tlb_protect_code(page_addr);
1351 #endif /* TARGET_HAS_SMC */
1354 /* add a new TB and link it to the physical page tables. phys_page2 is
1355 (-1) to indicate that only one page contains the TB. */
1356 void tb_link_page(TranslationBlock *tb,
1357 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1360 TranslationBlock **ptb;
1362 /* Grab the mmap lock to stop another thread invalidating this TB
1363 before we are done. */
1365 /* add in the physical hash table */
1366 h = tb_phys_hash_func(phys_pc);
1367 ptb = &tb_phys_hash[h];
1368 tb->phys_hash_next = *ptb;
1371 /* add in the page list */
1372 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1373 if (phys_page2 != -1)
1374 tb_alloc_page(tb, 1, phys_page2);
1376 tb->page_addr[1] = -1;
1378 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1379 tb->jmp_next[0] = NULL;
1380 tb->jmp_next[1] = NULL;
1382 /* init original jump addresses */
1383 if (tb->tb_next_offset[0] != 0xffff)
1384 tb_reset_jump(tb, 0);
1385 if (tb->tb_next_offset[1] != 0xffff)
1386 tb_reset_jump(tb, 1);
1388 #ifdef DEBUG_TB_CHECK
1394 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1395 tb[1].tc_ptr. Return NULL if not found */
1396 TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1398 int m_min, m_max, m;
1400 TranslationBlock *tb;
1404 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1405 tc_ptr >= (uintptr_t)code_gen_ptr) {
1408 /* binary search (cf Knuth) */
1411 while (m_min <= m_max) {
1412 m = (m_min + m_max) >> 1;
1414 v = (uintptr_t)tb->tc_ptr;
1417 else if (tc_ptr < v) {
1426 static void tb_reset_jump_recursive(TranslationBlock *tb);
1428 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1430 TranslationBlock *tb1, *tb_next, **ptb;
1433 tb1 = tb->jmp_next[n];
1435 /* find head of list */
1437 n1 = (uintptr_t)tb1 & 3;
1438 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1441 tb1 = tb1->jmp_next[n1];
1443 /* we are now sure now that tb jumps to tb1 */
1446 /* remove tb from the jmp_first list */
1447 ptb = &tb_next->jmp_first;
1450 n1 = (uintptr_t)tb1 & 3;
1451 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1452 if (n1 == n && tb1 == tb)
1454 ptb = &tb1->jmp_next[n1];
1456 *ptb = tb->jmp_next[n];
1457 tb->jmp_next[n] = NULL;
1459 /* suppress the jump to next tb in generated code */
1460 tb_reset_jump(tb, n);
1462 /* suppress jumps in the tb on which we could have jumped */
1463 tb_reset_jump_recursive(tb_next);
1467 static void tb_reset_jump_recursive(TranslationBlock *tb)
1469 tb_reset_jump_recursive2(tb, 0);
1470 tb_reset_jump_recursive2(tb, 1);
1473 #if defined(TARGET_HAS_ICE)
1474 #if defined(CONFIG_USER_ONLY)
1475 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1477 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1480 void tb_invalidate_phys_addr(target_phys_addr_t addr)
1482 ram_addr_t ram_addr;
1483 MemoryRegionSection *section;
1485 section = phys_page_find(addr >> TARGET_PAGE_BITS);
1486 if (!(memory_region_is_ram(section->mr)
1487 || (section->mr->rom_device && section->mr->readable))) {
1490 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1491 + memory_region_section_addr(section, addr);
1492 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1495 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1497 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1498 (pc & ~TARGET_PAGE_MASK));
1501 #endif /* TARGET_HAS_ICE */
1503 #if defined(CONFIG_USER_ONLY)
1504 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1509 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1510 int flags, CPUWatchpoint **watchpoint)
1515 /* Add a watchpoint. */
1516 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1517 int flags, CPUWatchpoint **watchpoint)
1519 target_ulong len_mask = ~(len - 1);
1522 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1523 if ((len & (len - 1)) || (addr & ~len_mask) ||
1524 len == 0 || len > TARGET_PAGE_SIZE) {
1525 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1526 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1529 wp = g_malloc(sizeof(*wp));
1532 wp->len_mask = len_mask;
1535 /* keep all GDB-injected watchpoints in front */
1537 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1539 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1541 tlb_flush_page(env, addr);
1548 /* Remove a specific watchpoint. */
1549 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
1552 target_ulong len_mask = ~(len - 1);
1555 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1556 if (addr == wp->vaddr && len_mask == wp->len_mask
1557 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1558 cpu_watchpoint_remove_by_ref(env, wp);
1565 /* Remove a specific watchpoint by reference. */
1566 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
1568 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1570 tlb_flush_page(env, watchpoint->vaddr);
1575 /* Remove all matching watchpoints. */
1576 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1578 CPUWatchpoint *wp, *next;
1580 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1581 if (wp->flags & mask)
1582 cpu_watchpoint_remove_by_ref(env, wp);
1587 /* Add a breakpoint. */
1588 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
1589 CPUBreakpoint **breakpoint)
1591 #if defined(TARGET_HAS_ICE)
1594 bp = g_malloc(sizeof(*bp));
1599 /* keep all GDB-injected breakpoints in front */
1601 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1603 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1605 breakpoint_invalidate(env, pc);
1615 /* Remove a specific breakpoint. */
1616 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
1618 #if defined(TARGET_HAS_ICE)
1621 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1622 if (bp->pc == pc && bp->flags == flags) {
1623 cpu_breakpoint_remove_by_ref(env, bp);
1633 /* Remove a specific breakpoint by reference. */
1634 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
1636 #if defined(TARGET_HAS_ICE)
1637 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1639 breakpoint_invalidate(env, breakpoint->pc);
1645 /* Remove all matching breakpoints. */
1646 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
1648 #if defined(TARGET_HAS_ICE)
1649 CPUBreakpoint *bp, *next;
1651 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1652 if (bp->flags & mask)
1653 cpu_breakpoint_remove_by_ref(env, bp);
1658 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1659 CPU loop after each instruction */
1660 void cpu_single_step(CPUArchState *env, int enabled)
1662 #if defined(TARGET_HAS_ICE)
1663 if (env->singlestep_enabled != enabled) {
1664 env->singlestep_enabled = enabled;
1666 kvm_update_guest_debug(env, 0);
1668 /* must flush all the translated code to avoid inconsistencies */
1669 /* XXX: only flush what is necessary */
1676 /* enable or disable low levels log */
1677 void cpu_set_log(int log_flags)
1679 loglevel = log_flags;
1680 if (loglevel && !logfile) {
1681 logfile = fopen(logfilename, log_append ? "a" : "w");
1683 perror(logfilename);
1686 #if !defined(CONFIG_SOFTMMU)
1687 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1689 static char logfile_buf[4096];
1690 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1692 #elif defined(_WIN32)
1693 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1694 setvbuf(logfile, NULL, _IONBF, 0);
1696 setvbuf(logfile, NULL, _IOLBF, 0);
1700 if (!loglevel && logfile) {
1706 void cpu_set_log_filename(const char *filename)
1708 logfilename = strdup(filename);
1713 cpu_set_log(loglevel);
1716 static void cpu_unlink_tb(CPUArchState *env)
1718 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1719 problem and hope the cpu will stop of its own accord. For userspace
1720 emulation this often isn't actually as bad as it sounds. Often
1721 signals are used primarily to interrupt blocking syscalls. */
1722 TranslationBlock *tb;
1723 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1725 spin_lock(&interrupt_lock);
1726 tb = env->current_tb;
1727 /* if the cpu is currently executing code, we must unlink it and
1728 all the potentially executing TB */
1730 env->current_tb = NULL;
1731 tb_reset_jump_recursive(tb);
1733 spin_unlock(&interrupt_lock);
1736 #ifndef CONFIG_USER_ONLY
1737 /* mask must never be zero, except for A20 change call */
1738 static void tcg_handle_interrupt(CPUArchState *env, int mask)
1742 old_mask = env->interrupt_request;
1743 env->interrupt_request |= mask;
1746 * If called from iothread context, wake the target cpu in
1749 if (!qemu_cpu_is_self(env)) {
1755 env->icount_decr.u16.high = 0xffff;
1757 && (mask & ~old_mask) != 0) {
1758 cpu_abort(env, "Raised interrupt while not in I/O function");
1765 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1767 #else /* CONFIG_USER_ONLY */
1769 void cpu_interrupt(CPUArchState *env, int mask)
1771 env->interrupt_request |= mask;
1774 #endif /* CONFIG_USER_ONLY */
1776 void cpu_reset_interrupt(CPUArchState *env, int mask)
1778 env->interrupt_request &= ~mask;
1781 void cpu_exit(CPUArchState *env)
1783 env->exit_request = 1;
1787 const CPULogItem cpu_log_items[] = {
1788 { CPU_LOG_TB_OUT_ASM, "out_asm",
1789 "show generated host assembly code for each compiled TB" },
1790 { CPU_LOG_TB_IN_ASM, "in_asm",
1791 "show target assembly code for each compiled TB" },
1792 { CPU_LOG_TB_OP, "op",
1793 "show micro ops for each compiled TB" },
1794 { CPU_LOG_TB_OP_OPT, "op_opt",
1797 "before eflags optimization and "
1799 "after liveness analysis" },
1800 { CPU_LOG_INT, "int",
1801 "show interrupts/exceptions in short format" },
1802 { CPU_LOG_EXEC, "exec",
1803 "show trace before each executed TB (lots of logs)" },
1804 { CPU_LOG_TB_CPU, "cpu",
1805 "show CPU state before block translation" },
1807 { CPU_LOG_PCALL, "pcall",
1808 "show protected mode far calls/returns/exceptions" },
1809 { CPU_LOG_RESET, "cpu_reset",
1810 "show CPU state before CPU resets" },
1813 { CPU_LOG_IOPORT, "ioport",
1814 "show all i/o ports accesses" },
1819 static int cmp1(const char *s1, int n, const char *s2)
1821 if (strlen(s2) != n)
1823 return memcmp(s1, s2, n) == 0;
1826 /* takes a comma separated list of log masks. Return 0 if error. */
1827 int cpu_str_to_log_mask(const char *str)
1829 const CPULogItem *item;
1836 p1 = strchr(p, ',');
1839 if(cmp1(p,p1-p,"all")) {
1840 for(item = cpu_log_items; item->mask != 0; item++) {
1844 for(item = cpu_log_items; item->mask != 0; item++) {
1845 if (cmp1(p, p1 - p, item->name))
1859 void cpu_abort(CPUArchState *env, const char *fmt, ...)
1866 fprintf(stderr, "qemu: fatal: ");
1867 vfprintf(stderr, fmt, ap);
1868 fprintf(stderr, "\n");
1870 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1872 cpu_dump_state(env, stderr, fprintf, 0);
1874 if (qemu_log_enabled()) {
1875 qemu_log("qemu: fatal: ");
1876 qemu_log_vprintf(fmt, ap2);
1879 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1881 log_cpu_state(env, 0);
1888 #if defined(CONFIG_USER_ONLY)
1890 struct sigaction act;
1891 sigfillset(&act.sa_mask);
1892 act.sa_handler = SIG_DFL;
1893 sigaction(SIGABRT, &act, NULL);
1899 CPUArchState *cpu_copy(CPUArchState *env)
1901 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1902 CPUArchState *next_cpu = new_env->next_cpu;
1903 int cpu_index = new_env->cpu_index;
1904 #if defined(TARGET_HAS_ICE)
1909 memcpy(new_env, env, sizeof(CPUArchState));
1911 /* Preserve chaining and index. */
1912 new_env->next_cpu = next_cpu;
1913 new_env->cpu_index = cpu_index;
1915 /* Clone all break/watchpoints.
1916 Note: Once we support ptrace with hw-debug register access, make sure
1917 BP_CPU break/watchpoints are handled correctly on clone. */
1918 QTAILQ_INIT(&env->breakpoints);
1919 QTAILQ_INIT(&env->watchpoints);
1920 #if defined(TARGET_HAS_ICE)
1921 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1922 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1924 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1925 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1933 #if !defined(CONFIG_USER_ONLY)
1934 void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1938 /* Discard jump cache entries for any tb which might potentially
1939 overlap the flushed page. */
1940 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1941 memset (&env->tb_jmp_cache[i], 0,
1942 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1944 i = tb_jmp_cache_hash_page(addr);
1945 memset (&env->tb_jmp_cache[i], 0,
1946 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1949 /* Note: start and end must be within the same ram block. */
1950 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1953 uintptr_t length, start1;
1955 start &= TARGET_PAGE_MASK;
1956 end = TARGET_PAGE_ALIGN(end);
1958 length = end - start;
1961 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
1963 /* we modify the TLB cache so that the dirty bit will be set again
1964 when accessing the range */
1965 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1966 /* Check that we don't span multiple blocks - this breaks the
1967 address comparisons below. */
1968 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1969 != (end - 1) - start) {
1972 cpu_tlb_reset_dirty_all(start1, length);
1975 int cpu_physical_memory_set_dirty_tracking(int enable)
1978 in_migration = enable;
1982 target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1983 MemoryRegionSection *section,
1985 target_phys_addr_t paddr,
1987 target_ulong *address)
1989 target_phys_addr_t iotlb;
1992 if (memory_region_is_ram(section->mr)) {
1994 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1995 + memory_region_section_addr(section, paddr);
1996 if (!section->readonly) {
1997 iotlb |= phys_section_notdirty;
1999 iotlb |= phys_section_rom;
2002 /* IO handlers are currently passed a physical address.
2003 It would be nice to pass an offset from the base address
2004 of that region. This would avoid having to special case RAM,
2005 and avoid full address decoding in every device.
2006 We can't use the high bits of pd for this because
2007 IO_MEM_ROMD uses these as a ram address. */
2008 iotlb = section - phys_sections;
2009 iotlb += memory_region_section_addr(section, paddr);
2012 /* Make accesses to pages with watchpoints go via the
2013 watchpoint trap routines. */
2014 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2015 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2016 /* Avoid trapping reads of pages with a write breakpoint. */
2017 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2018 iotlb = phys_section_watch + paddr;
2019 *address |= TLB_MMIO;
2030 * Walks guest process memory "regions" one by one
2031 * and calls callback function 'fn' for each region.
2034 struct walk_memory_regions_data
2036 walk_memory_regions_fn fn;
2042 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2043 abi_ulong end, int new_prot)
2045 if (data->start != -1ul) {
2046 int rc = data->fn(data->priv, data->start, end, data->prot);
2052 data->start = (new_prot ? end : -1ul);
2053 data->prot = new_prot;
2058 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2059 abi_ulong base, int level, void **lp)
2065 return walk_memory_regions_end(data, base, 0);
2070 for (i = 0; i < L2_SIZE; ++i) {
2071 int prot = pd[i].flags;
2073 pa = base | (i << TARGET_PAGE_BITS);
2074 if (prot != data->prot) {
2075 rc = walk_memory_regions_end(data, pa, prot);
2083 for (i = 0; i < L2_SIZE; ++i) {
2084 pa = base | ((abi_ulong)i <<
2085 (TARGET_PAGE_BITS + L2_BITS * level));
2086 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2096 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2098 struct walk_memory_regions_data data;
2106 for (i = 0; i < V_L1_SIZE; i++) {
2107 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2108 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2114 return walk_memory_regions_end(&data, 0, 0);
2117 static int dump_region(void *priv, abi_ulong start,
2118 abi_ulong end, unsigned long prot)
2120 FILE *f = (FILE *)priv;
2122 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2123 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2124 start, end, end - start,
2125 ((prot & PAGE_READ) ? 'r' : '-'),
2126 ((prot & PAGE_WRITE) ? 'w' : '-'),
2127 ((prot & PAGE_EXEC) ? 'x' : '-'));
2132 /* dump memory mappings */
2133 void page_dump(FILE *f)
2135 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2136 "start", "end", "size", "prot");
2137 walk_memory_regions(f, dump_region);
2140 int page_get_flags(target_ulong address)
2144 p = page_find(address >> TARGET_PAGE_BITS);
2150 /* Modify the flags of a page and invalidate the code if necessary.
2151 The flag PAGE_WRITE_ORG is positioned automatically depending
2152 on PAGE_WRITE. The mmap_lock should already be held. */
2153 void page_set_flags(target_ulong start, target_ulong end, int flags)
2155 target_ulong addr, len;
2157 /* This function should never be called with addresses outside the
2158 guest address space. If this assert fires, it probably indicates
2159 a missing call to h2g_valid. */
2160 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2161 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2163 assert(start < end);
2165 start = start & TARGET_PAGE_MASK;
2166 end = TARGET_PAGE_ALIGN(end);
2168 if (flags & PAGE_WRITE) {
2169 flags |= PAGE_WRITE_ORG;
2172 for (addr = start, len = end - start;
2174 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2175 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2177 /* If the write protection bit is set, then we invalidate
2179 if (!(p->flags & PAGE_WRITE) &&
2180 (flags & PAGE_WRITE) &&
2182 tb_invalidate_phys_page(addr, 0, NULL);
2188 int page_check_range(target_ulong start, target_ulong len, int flags)
2194 /* This function should never be called with addresses outside the
2195 guest address space. If this assert fires, it probably indicates
2196 a missing call to h2g_valid. */
2197 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2198 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2204 if (start + len - 1 < start) {
2205 /* We've wrapped around. */
2209 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2210 start = start & TARGET_PAGE_MASK;
2212 for (addr = start, len = end - start;
2214 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2215 p = page_find(addr >> TARGET_PAGE_BITS);
2218 if( !(p->flags & PAGE_VALID) )
2221 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2223 if (flags & PAGE_WRITE) {
2224 if (!(p->flags & PAGE_WRITE_ORG))
2226 /* unprotect the page if it was put read-only because it
2227 contains translated code */
2228 if (!(p->flags & PAGE_WRITE)) {
2229 if (!page_unprotect(addr, 0, NULL))
2238 /* called from signal handler: invalidate the code and unprotect the
2239 page. Return TRUE if the fault was successfully handled. */
2240 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
2244 target_ulong host_start, host_end, addr;
2246 /* Technically this isn't safe inside a signal handler. However we
2247 know this only ever happens in a synchronous SEGV handler, so in
2248 practice it seems to be ok. */
2251 p = page_find(address >> TARGET_PAGE_BITS);
2257 /* if the page was really writable, then we change its
2258 protection back to writable */
2259 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2260 host_start = address & qemu_host_page_mask;
2261 host_end = host_start + qemu_host_page_size;
2264 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2265 p = page_find(addr >> TARGET_PAGE_BITS);
2266 p->flags |= PAGE_WRITE;
2269 /* and since the content will be modified, we must invalidate
2270 the corresponding translated code. */
2271 tb_invalidate_phys_page(addr, pc, puc);
2272 #ifdef DEBUG_TB_CHECK
2273 tb_invalidate_check(addr);
2276 mprotect((void *)g2h(host_start), qemu_host_page_size,
2285 #endif /* defined(CONFIG_USER_ONLY) */
2287 #if !defined(CONFIG_USER_ONLY)
2289 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2290 typedef struct subpage_t {
2292 target_phys_addr_t base;
2293 uint16_t sub_section[TARGET_PAGE_SIZE];
2296 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2298 static subpage_t *subpage_init(target_phys_addr_t base);
2299 static void destroy_page_desc(uint16_t section_index)
2301 MemoryRegionSection *section = &phys_sections[section_index];
2302 MemoryRegion *mr = section->mr;
2305 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2306 memory_region_destroy(&subpage->iomem);
2311 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
2316 if (lp->ptr == PHYS_MAP_NODE_NIL) {
2320 p = phys_map_nodes[lp->ptr];
2321 for (i = 0; i < L2_SIZE; ++i) {
2322 if (!p[i].is_leaf) {
2323 destroy_l2_mapping(&p[i], level - 1);
2325 destroy_page_desc(p[i].ptr);
2329 lp->ptr = PHYS_MAP_NODE_NIL;
2332 static void destroy_all_mappings(void)
2334 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
2335 phys_map_nodes_reset();
2338 static uint16_t phys_section_add(MemoryRegionSection *section)
2340 if (phys_sections_nb == phys_sections_nb_alloc) {
2341 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2342 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2343 phys_sections_nb_alloc);
2345 phys_sections[phys_sections_nb] = *section;
2346 return phys_sections_nb++;
2349 static void phys_sections_clear(void)
2351 phys_sections_nb = 0;
2354 /* register physical memory.
2355 For RAM, 'size' must be a multiple of the target page size.
2356 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2357 io memory page. The address used when calling the IO function is
2358 the offset from the start of the region, plus region_offset. Both
2359 start_addr and region_offset are rounded down to a page boundary
2360 before calculating this offset. This should not be a problem unless
2361 the low bits of start_addr and region_offset differ. */
2362 static void register_subpage(MemoryRegionSection *section)
2365 target_phys_addr_t base = section->offset_within_address_space
2367 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
2368 MemoryRegionSection subsection = {
2369 .offset_within_address_space = base,
2370 .size = TARGET_PAGE_SIZE,
2372 target_phys_addr_t start, end;
2374 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
2376 if (!(existing->mr->subpage)) {
2377 subpage = subpage_init(base);
2378 subsection.mr = &subpage->iomem;
2379 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2380 phys_section_add(&subsection));
2382 subpage = container_of(existing->mr, subpage_t, iomem);
2384 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2385 end = start + section->size;
2386 subpage_register(subpage, start, end, phys_section_add(section));
2390 static void register_multipage(MemoryRegionSection *section)
2392 target_phys_addr_t start_addr = section->offset_within_address_space;
2393 ram_addr_t size = section->size;
2394 target_phys_addr_t addr;
2395 uint16_t section_index = phys_section_add(section);
2400 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2404 void cpu_register_physical_memory_log(MemoryRegionSection *section,
2407 MemoryRegionSection now = *section, remain = *section;
2409 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2410 || (now.size < TARGET_PAGE_SIZE)) {
2411 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2412 - now.offset_within_address_space,
2414 register_subpage(&now);
2415 remain.size -= now.size;
2416 remain.offset_within_address_space += now.size;
2417 remain.offset_within_region += now.size;
2420 now.size &= TARGET_PAGE_MASK;
2422 register_multipage(&now);
2423 remain.size -= now.size;
2424 remain.offset_within_address_space += now.size;
2425 remain.offset_within_region += now.size;
2429 register_subpage(&now);
2434 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2437 kvm_coalesce_mmio_region(addr, size);
2440 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2443 kvm_uncoalesce_mmio_region(addr, size);
2446 void qemu_flush_coalesced_mmio_buffer(void)
2449 kvm_flush_coalesced_mmio_buffer();
2452 #if defined(__linux__) && !defined(TARGET_S390X)
2454 #include <sys/vfs.h>
2456 #define HUGETLBFS_MAGIC 0x958458f6
2458 static long gethugepagesize(const char *path)
2464 ret = statfs(path, &fs);
2465 } while (ret != 0 && errno == EINTR);
2472 if (fs.f_type != HUGETLBFS_MAGIC)
2473 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2478 static void *file_ram_alloc(RAMBlock *block,
2488 unsigned long hpagesize;
2490 hpagesize = gethugepagesize(path);
2495 if (memory < hpagesize) {
2499 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2500 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2504 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2508 fd = mkstemp(filename);
2510 perror("unable to create backing store for hugepages");
2517 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2520 * ftruncate is not supported by hugetlbfs in older
2521 * hosts, so don't bother bailing out on errors.
2522 * If anything goes wrong with it under other filesystems,
2525 if (ftruncate(fd, memory))
2526 perror("ftruncate");
2529 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2530 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2531 * to sidestep this quirk.
2533 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2534 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2536 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2538 if (area == MAP_FAILED) {
2539 perror("file_ram_alloc: can't mmap RAM pages");
2548 static ram_addr_t find_ram_offset(ram_addr_t size)
2550 RAMBlock *block, *next_block;
2551 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2553 if (QLIST_EMPTY(&ram_list.blocks))
2556 QLIST_FOREACH(block, &ram_list.blocks, next) {
2557 ram_addr_t end, next = RAM_ADDR_MAX;
2559 end = block->offset + block->length;
2561 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2562 if (next_block->offset >= end) {
2563 next = MIN(next, next_block->offset);
2566 if (next - end >= size && next - end < mingap) {
2568 mingap = next - end;
2572 if (offset == RAM_ADDR_MAX) {
2573 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2581 static ram_addr_t last_ram_offset(void)
2584 ram_addr_t last = 0;
2586 QLIST_FOREACH(block, &ram_list.blocks, next)
2587 last = MAX(last, block->offset + block->length);
2592 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
2594 RAMBlock *new_block, *block;
2597 QLIST_FOREACH(block, &ram_list.blocks, next) {
2598 if (block->offset == addr) {
2604 assert(!new_block->idstr[0]);
2607 char *id = qdev_get_dev_path(dev);
2609 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2613 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2615 QLIST_FOREACH(block, &ram_list.blocks, next) {
2616 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
2617 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2624 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2627 RAMBlock *new_block;
2629 size = TARGET_PAGE_ALIGN(size);
2630 new_block = g_malloc0(sizeof(*new_block));
2633 new_block->offset = find_ram_offset(size);
2635 new_block->host = host;
2636 new_block->flags |= RAM_PREALLOC_MASK;
2639 #if defined (__linux__) && !defined(TARGET_S390X)
2640 new_block->host = file_ram_alloc(new_block, size, mem_path);
2641 if (!new_block->host) {
2642 new_block->host = qemu_vmalloc(size);
2643 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2646 fprintf(stderr, "-mem-path option unsupported\n");
2650 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2651 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2652 an system defined value, which is at least 256GB. Larger systems
2653 have larger values. We put the guest between the end of data
2654 segment (system break) and this value. We use 32GB as a base to
2655 have enough room for the system break to grow. */
2656 new_block->host = mmap((void*)0x800000000, size,
2657 PROT_EXEC|PROT_READ|PROT_WRITE,
2658 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
2659 if (new_block->host == MAP_FAILED) {
2660 fprintf(stderr, "Allocating RAM failed\n");
2664 if (xen_enabled()) {
2665 xen_ram_alloc(new_block->offset, size, mr);
2667 new_block->host = qemu_vmalloc(size);
2670 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2673 new_block->length = size;
2675 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2677 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2678 last_ram_offset() >> TARGET_PAGE_BITS);
2679 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2680 0xff, size >> TARGET_PAGE_BITS);
2683 kvm_setup_guest_memory(new_block->host, size);
2685 return new_block->offset;
2688 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
2690 return qemu_ram_alloc_from_ptr(size, NULL, mr);
2693 void qemu_ram_free_from_ptr(ram_addr_t addr)
2697 QLIST_FOREACH(block, &ram_list.blocks, next) {
2698 if (addr == block->offset) {
2699 QLIST_REMOVE(block, next);
2706 void qemu_ram_free(ram_addr_t addr)
2710 QLIST_FOREACH(block, &ram_list.blocks, next) {
2711 if (addr == block->offset) {
2712 QLIST_REMOVE(block, next);
2713 if (block->flags & RAM_PREALLOC_MASK) {
2715 } else if (mem_path) {
2716 #if defined (__linux__) && !defined(TARGET_S390X)
2718 munmap(block->host, block->length);
2721 qemu_vfree(block->host);
2727 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2728 munmap(block->host, block->length);
2730 if (xen_enabled()) {
2731 xen_invalidate_map_cache_entry(block->host);
2733 qemu_vfree(block->host);
2745 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2752 QLIST_FOREACH(block, &ram_list.blocks, next) {
2753 offset = addr - block->offset;
2754 if (offset < block->length) {
2755 vaddr = block->host + offset;
2756 if (block->flags & RAM_PREALLOC_MASK) {
2760 munmap(vaddr, length);
2762 #if defined(__linux__) && !defined(TARGET_S390X)
2765 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2768 flags |= MAP_PRIVATE;
2770 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2771 flags, block->fd, offset);
2773 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2774 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2781 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2782 flags |= MAP_SHARED | MAP_ANONYMOUS;
2783 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2786 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2787 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2791 if (area != vaddr) {
2792 fprintf(stderr, "Could not remap addr: "
2793 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
2797 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
2803 #endif /* !_WIN32 */
2805 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2806 With the exception of the softmmu code in this file, this should
2807 only be used for local memory (e.g. video ram) that the device owns,
2808 and knows it isn't going to access beyond the end of the block.
2810 It should not be used for general purpose DMA.
2811 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2813 void *qemu_get_ram_ptr(ram_addr_t addr)
2817 QLIST_FOREACH(block, &ram_list.blocks, next) {
2818 if (addr - block->offset < block->length) {
2819 /* Move this entry to to start of the list. */
2820 if (block != QLIST_FIRST(&ram_list.blocks)) {
2821 QLIST_REMOVE(block, next);
2822 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2824 if (xen_enabled()) {
2825 /* We need to check if the requested address is in the RAM
2826 * because we don't want to map the entire memory in QEMU.
2827 * In that case just map until the end of the page.
2829 if (block->offset == 0) {
2830 return xen_map_cache(addr, 0, 0);
2831 } else if (block->host == NULL) {
2833 xen_map_cache(block->offset, block->length, 1);
2836 return block->host + (addr - block->offset);
2840 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2846 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2847 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2849 void *qemu_safe_ram_ptr(ram_addr_t addr)
2853 QLIST_FOREACH(block, &ram_list.blocks, next) {
2854 if (addr - block->offset < block->length) {
2855 if (xen_enabled()) {
2856 /* We need to check if the requested address is in the RAM
2857 * because we don't want to map the entire memory in QEMU.
2858 * In that case just map until the end of the page.
2860 if (block->offset == 0) {
2861 return xen_map_cache(addr, 0, 0);
2862 } else if (block->host == NULL) {
2864 xen_map_cache(block->offset, block->length, 1);
2867 return block->host + (addr - block->offset);
2871 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2877 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2878 * but takes a size argument */
2879 void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
2884 if (xen_enabled()) {
2885 return xen_map_cache(addr, *size, 1);
2889 QLIST_FOREACH(block, &ram_list.blocks, next) {
2890 if (addr - block->offset < block->length) {
2891 if (addr - block->offset + *size > block->length)
2892 *size = block->length - addr + block->offset;
2893 return block->host + (addr - block->offset);
2897 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2902 void qemu_put_ram_ptr(void *addr)
2904 trace_qemu_put_ram_ptr(addr);
2907 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2910 uint8_t *host = ptr;
2912 if (xen_enabled()) {
2913 *ram_addr = xen_ram_addr_from_mapcache(ptr);
2917 QLIST_FOREACH(block, &ram_list.blocks, next) {
2918 /* This case append when the block is not mapped. */
2919 if (block->host == NULL) {
2922 if (host - block->host < block->length) {
2923 *ram_addr = block->offset + (host - block->host);
2931 /* Some of the softmmu routines need to translate from a host pointer
2932 (typically a TLB entry) back to a ram offset. */
2933 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2935 ram_addr_t ram_addr;
2937 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2938 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2944 static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2947 #ifdef DEBUG_UNASSIGNED
2948 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2950 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2951 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
2956 static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2957 uint64_t val, unsigned size)
2959 #ifdef DEBUG_UNASSIGNED
2960 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
2962 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2963 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
2967 static const MemoryRegionOps unassigned_mem_ops = {
2968 .read = unassigned_mem_read,
2969 .write = unassigned_mem_write,
2970 .endianness = DEVICE_NATIVE_ENDIAN,
2973 static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2979 static void error_mem_write(void *opaque, target_phys_addr_t addr,
2980 uint64_t value, unsigned size)
2985 static const MemoryRegionOps error_mem_ops = {
2986 .read = error_mem_read,
2987 .write = error_mem_write,
2988 .endianness = DEVICE_NATIVE_ENDIAN,
2991 static const MemoryRegionOps rom_mem_ops = {
2992 .read = error_mem_read,
2993 .write = unassigned_mem_write,
2994 .endianness = DEVICE_NATIVE_ENDIAN,
2997 static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2998 uint64_t val, unsigned size)
3001 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3002 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3003 #if !defined(CONFIG_USER_ONLY)
3004 tb_invalidate_phys_page_fast(ram_addr, size);
3005 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3010 stb_p(qemu_get_ram_ptr(ram_addr), val);
3013 stw_p(qemu_get_ram_ptr(ram_addr), val);
3016 stl_p(qemu_get_ram_ptr(ram_addr), val);
3021 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3022 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3023 /* we remove the notdirty callback only if the code has been
3025 if (dirty_flags == 0xff)
3026 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3029 static const MemoryRegionOps notdirty_mem_ops = {
3030 .read = error_mem_read,
3031 .write = notdirty_mem_write,
3032 .endianness = DEVICE_NATIVE_ENDIAN,
3035 /* Generate a debug exception if a watchpoint has been hit. */
3036 static void check_watchpoint(int offset, int len_mask, int flags)
3038 CPUArchState *env = cpu_single_env;
3039 target_ulong pc, cs_base;
3040 TranslationBlock *tb;
3045 if (env->watchpoint_hit) {
3046 /* We re-entered the check after replacing the TB. Now raise
3047 * the debug interrupt so that is will trigger after the
3048 * current instruction. */
3049 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3052 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3053 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3054 if ((vaddr == (wp->vaddr & len_mask) ||
3055 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3056 wp->flags |= BP_WATCHPOINT_HIT;
3057 if (!env->watchpoint_hit) {
3058 env->watchpoint_hit = wp;
3059 tb = tb_find_pc(env->mem_io_pc);
3061 cpu_abort(env, "check_watchpoint: could not find TB for "
3062 "pc=%p", (void *)env->mem_io_pc);
3064 cpu_restore_state(tb, env, env->mem_io_pc);
3065 tb_phys_invalidate(tb, -1);
3066 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3067 env->exception_index = EXCP_DEBUG;
3070 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3071 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3072 cpu_resume_from_signal(env, NULL);
3076 wp->flags &= ~BP_WATCHPOINT_HIT;
3081 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3082 so these check for a hit then pass through to the normal out-of-line
3084 static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3087 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3089 case 1: return ldub_phys(addr);
3090 case 2: return lduw_phys(addr);
3091 case 4: return ldl_phys(addr);
3096 static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3097 uint64_t val, unsigned size)
3099 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3102 stb_phys(addr, val);
3105 stw_phys(addr, val);
3108 stl_phys(addr, val);
3114 static const MemoryRegionOps watch_mem_ops = {
3115 .read = watch_mem_read,
3116 .write = watch_mem_write,
3117 .endianness = DEVICE_NATIVE_ENDIAN,
3120 static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3123 subpage_t *mmio = opaque;
3124 unsigned int idx = SUBPAGE_IDX(addr);
3125 MemoryRegionSection *section;
3126 #if defined(DEBUG_SUBPAGE)
3127 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3128 mmio, len, addr, idx);
3131 section = &phys_sections[mmio->sub_section[idx]];
3133 addr -= section->offset_within_address_space;
3134 addr += section->offset_within_region;
3135 return io_mem_read(section->mr, addr, len);
3138 static void subpage_write(void *opaque, target_phys_addr_t addr,
3139 uint64_t value, unsigned len)
3141 subpage_t *mmio = opaque;
3142 unsigned int idx = SUBPAGE_IDX(addr);
3143 MemoryRegionSection *section;
3144 #if defined(DEBUG_SUBPAGE)
3145 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3146 " idx %d value %"PRIx64"\n",
3147 __func__, mmio, len, addr, idx, value);
3150 section = &phys_sections[mmio->sub_section[idx]];
3152 addr -= section->offset_within_address_space;
3153 addr += section->offset_within_region;
3154 io_mem_write(section->mr, addr, value, len);
3157 static const MemoryRegionOps subpage_ops = {
3158 .read = subpage_read,
3159 .write = subpage_write,
3160 .endianness = DEVICE_NATIVE_ENDIAN,
3163 static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3166 ram_addr_t raddr = addr;
3167 void *ptr = qemu_get_ram_ptr(raddr);
3169 case 1: return ldub_p(ptr);
3170 case 2: return lduw_p(ptr);
3171 case 4: return ldl_p(ptr);
3176 static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3177 uint64_t value, unsigned size)
3179 ram_addr_t raddr = addr;
3180 void *ptr = qemu_get_ram_ptr(raddr);
3182 case 1: return stb_p(ptr, value);
3183 case 2: return stw_p(ptr, value);
3184 case 4: return stl_p(ptr, value);
3189 static const MemoryRegionOps subpage_ram_ops = {
3190 .read = subpage_ram_read,
3191 .write = subpage_ram_write,
3192 .endianness = DEVICE_NATIVE_ENDIAN,
3195 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3200 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3202 idx = SUBPAGE_IDX(start);
3203 eidx = SUBPAGE_IDX(end);
3204 #if defined(DEBUG_SUBPAGE)
3205 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3206 mmio, start, end, idx, eidx, memory);
3208 if (memory_region_is_ram(phys_sections[section].mr)) {
3209 MemoryRegionSection new_section = phys_sections[section];
3210 new_section.mr = &io_mem_subpage_ram;
3211 section = phys_section_add(&new_section);
3213 for (; idx <= eidx; idx++) {
3214 mmio->sub_section[idx] = section;
3220 static subpage_t *subpage_init(target_phys_addr_t base)
3224 mmio = g_malloc0(sizeof(subpage_t));
3227 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3228 "subpage", TARGET_PAGE_SIZE);
3229 mmio->iomem.subpage = true;
3230 #if defined(DEBUG_SUBPAGE)
3231 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3232 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3234 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
3239 static uint16_t dummy_section(MemoryRegion *mr)
3241 MemoryRegionSection section = {
3243 .offset_within_address_space = 0,
3244 .offset_within_region = 0,
3248 return phys_section_add(§ion);
3251 MemoryRegion *iotlb_to_region(target_phys_addr_t index)
3253 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
3256 static void io_mem_init(void)
3258 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3259 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3260 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3261 "unassigned", UINT64_MAX);
3262 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
3263 "notdirty", UINT64_MAX);
3264 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3265 "subpage-ram", UINT64_MAX);
3266 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3267 "watch", UINT64_MAX);
3270 static void core_begin(MemoryListener *listener)
3272 destroy_all_mappings();
3273 phys_sections_clear();
3274 phys_map.ptr = PHYS_MAP_NODE_NIL;
3275 phys_section_unassigned = dummy_section(&io_mem_unassigned);
3276 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3277 phys_section_rom = dummy_section(&io_mem_rom);
3278 phys_section_watch = dummy_section(&io_mem_watch);
3281 static void core_commit(MemoryListener *listener)
3285 /* since each CPU stores ram addresses in its TLB cache, we must
3286 reset the modified entries */
3288 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3293 static void core_region_add(MemoryListener *listener,
3294 MemoryRegionSection *section)
3296 cpu_register_physical_memory_log(section, section->readonly);
3299 static void core_region_del(MemoryListener *listener,
3300 MemoryRegionSection *section)
3304 static void core_region_nop(MemoryListener *listener,
3305 MemoryRegionSection *section)
3307 cpu_register_physical_memory_log(section, section->readonly);
3310 static void core_log_start(MemoryListener *listener,
3311 MemoryRegionSection *section)
3315 static void core_log_stop(MemoryListener *listener,
3316 MemoryRegionSection *section)
3320 static void core_log_sync(MemoryListener *listener,
3321 MemoryRegionSection *section)
3325 static void core_log_global_start(MemoryListener *listener)
3327 cpu_physical_memory_set_dirty_tracking(1);
3330 static void core_log_global_stop(MemoryListener *listener)
3332 cpu_physical_memory_set_dirty_tracking(0);
3335 static void core_eventfd_add(MemoryListener *listener,
3336 MemoryRegionSection *section,
3337 bool match_data, uint64_t data, int fd)
3341 static void core_eventfd_del(MemoryListener *listener,
3342 MemoryRegionSection *section,
3343 bool match_data, uint64_t data, int fd)
3347 static void io_begin(MemoryListener *listener)
3351 static void io_commit(MemoryListener *listener)
3355 static void io_region_add(MemoryListener *listener,
3356 MemoryRegionSection *section)
3358 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3360 mrio->mr = section->mr;
3361 mrio->offset = section->offset_within_region;
3362 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
3363 section->offset_within_address_space, section->size);
3364 ioport_register(&mrio->iorange);
3367 static void io_region_del(MemoryListener *listener,
3368 MemoryRegionSection *section)
3370 isa_unassign_ioport(section->offset_within_address_space, section->size);
3373 static void io_region_nop(MemoryListener *listener,
3374 MemoryRegionSection *section)
3378 static void io_log_start(MemoryListener *listener,
3379 MemoryRegionSection *section)
3383 static void io_log_stop(MemoryListener *listener,
3384 MemoryRegionSection *section)
3388 static void io_log_sync(MemoryListener *listener,
3389 MemoryRegionSection *section)
3393 static void io_log_global_start(MemoryListener *listener)
3397 static void io_log_global_stop(MemoryListener *listener)
3401 static void io_eventfd_add(MemoryListener *listener,
3402 MemoryRegionSection *section,
3403 bool match_data, uint64_t data, int fd)
3407 static void io_eventfd_del(MemoryListener *listener,
3408 MemoryRegionSection *section,
3409 bool match_data, uint64_t data, int fd)
3413 static MemoryListener core_memory_listener = {
3414 .begin = core_begin,
3415 .commit = core_commit,
3416 .region_add = core_region_add,
3417 .region_del = core_region_del,
3418 .region_nop = core_region_nop,
3419 .log_start = core_log_start,
3420 .log_stop = core_log_stop,
3421 .log_sync = core_log_sync,
3422 .log_global_start = core_log_global_start,
3423 .log_global_stop = core_log_global_stop,
3424 .eventfd_add = core_eventfd_add,
3425 .eventfd_del = core_eventfd_del,
3429 static MemoryListener io_memory_listener = {
3431 .commit = io_commit,
3432 .region_add = io_region_add,
3433 .region_del = io_region_del,
3434 .region_nop = io_region_nop,
3435 .log_start = io_log_start,
3436 .log_stop = io_log_stop,
3437 .log_sync = io_log_sync,
3438 .log_global_start = io_log_global_start,
3439 .log_global_stop = io_log_global_stop,
3440 .eventfd_add = io_eventfd_add,
3441 .eventfd_del = io_eventfd_del,
3445 static void memory_map_init(void)
3447 system_memory = g_malloc(sizeof(*system_memory));
3448 memory_region_init(system_memory, "system", INT64_MAX);
3449 set_system_memory_map(system_memory);
3451 system_io = g_malloc(sizeof(*system_io));
3452 memory_region_init(system_io, "io", 65536);
3453 set_system_io_map(system_io);
3455 memory_listener_register(&core_memory_listener, system_memory);
3456 memory_listener_register(&io_memory_listener, system_io);
3459 MemoryRegion *get_system_memory(void)
3461 return system_memory;
3464 MemoryRegion *get_system_io(void)
3469 #endif /* !defined(CONFIG_USER_ONLY) */
3471 /* physical memory access (slow version, mainly for debug) */
3472 #if defined(CONFIG_USER_ONLY)
3473 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
3474 uint8_t *buf, int len, int is_write)
3481 page = addr & TARGET_PAGE_MASK;
3482 l = (page + TARGET_PAGE_SIZE) - addr;
3485 flags = page_get_flags(page);
3486 if (!(flags & PAGE_VALID))
3489 if (!(flags & PAGE_WRITE))
3491 /* XXX: this code should not depend on lock_user */
3492 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3495 unlock_user(p, addr, l);
3497 if (!(flags & PAGE_READ))
3499 /* XXX: this code should not depend on lock_user */
3500 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3503 unlock_user(p, addr, 0);
3513 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3514 int len, int is_write)
3519 target_phys_addr_t page;
3520 MemoryRegionSection *section;
3523 page = addr & TARGET_PAGE_MASK;
3524 l = (page + TARGET_PAGE_SIZE) - addr;
3527 section = phys_page_find(page >> TARGET_PAGE_BITS);
3530 if (!memory_region_is_ram(section->mr)) {
3531 target_phys_addr_t addr1;
3532 addr1 = memory_region_section_addr(section, addr);
3533 /* XXX: could force cpu_single_env to NULL to avoid
3535 if (l >= 4 && ((addr1 & 3) == 0)) {
3536 /* 32 bit write access */
3538 io_mem_write(section->mr, addr1, val, 4);
3540 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3541 /* 16 bit write access */
3543 io_mem_write(section->mr, addr1, val, 2);
3546 /* 8 bit write access */
3548 io_mem_write(section->mr, addr1, val, 1);
3551 } else if (!section->readonly) {
3553 addr1 = memory_region_get_ram_addr(section->mr)
3554 + memory_region_section_addr(section, addr);
3556 ptr = qemu_get_ram_ptr(addr1);
3557 memcpy(ptr, buf, l);
3558 if (!cpu_physical_memory_is_dirty(addr1)) {
3559 /* invalidate code */
3560 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3562 cpu_physical_memory_set_dirty_flags(
3563 addr1, (0xff & ~CODE_DIRTY_FLAG));
3565 qemu_put_ram_ptr(ptr);
3568 if (!(memory_region_is_ram(section->mr) ||
3569 memory_region_is_romd(section->mr))) {
3570 target_phys_addr_t addr1;
3572 addr1 = memory_region_section_addr(section, addr);
3573 if (l >= 4 && ((addr1 & 3) == 0)) {
3574 /* 32 bit read access */
3575 val = io_mem_read(section->mr, addr1, 4);
3578 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3579 /* 16 bit read access */
3580 val = io_mem_read(section->mr, addr1, 2);
3584 /* 8 bit read access */
3585 val = io_mem_read(section->mr, addr1, 1);
3591 ptr = qemu_get_ram_ptr(section->mr->ram_addr
3592 + memory_region_section_addr(section,
3594 memcpy(buf, ptr, l);
3595 qemu_put_ram_ptr(ptr);
3604 /* used for ROM loading : can write in RAM and ROM */
3605 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3606 const uint8_t *buf, int len)
3610 target_phys_addr_t page;
3611 MemoryRegionSection *section;
3614 page = addr & TARGET_PAGE_MASK;
3615 l = (page + TARGET_PAGE_SIZE) - addr;
3618 section = phys_page_find(page >> TARGET_PAGE_BITS);
3620 if (!(memory_region_is_ram(section->mr) ||
3621 memory_region_is_romd(section->mr))) {
3624 unsigned long addr1;
3625 addr1 = memory_region_get_ram_addr(section->mr)
3626 + memory_region_section_addr(section, addr);
3628 ptr = qemu_get_ram_ptr(addr1);
3629 memcpy(ptr, buf, l);
3630 qemu_put_ram_ptr(ptr);
3640 target_phys_addr_t addr;
3641 target_phys_addr_t len;
3644 static BounceBuffer bounce;
3646 typedef struct MapClient {
3648 void (*callback)(void *opaque);
3649 QLIST_ENTRY(MapClient) link;
3652 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3653 = QLIST_HEAD_INITIALIZER(map_client_list);
3655 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3657 MapClient *client = g_malloc(sizeof(*client));
3659 client->opaque = opaque;
3660 client->callback = callback;
3661 QLIST_INSERT_HEAD(&map_client_list, client, link);
3665 void cpu_unregister_map_client(void *_client)
3667 MapClient *client = (MapClient *)_client;
3669 QLIST_REMOVE(client, link);
3673 static void cpu_notify_map_clients(void)
3677 while (!QLIST_EMPTY(&map_client_list)) {
3678 client = QLIST_FIRST(&map_client_list);
3679 client->callback(client->opaque);
3680 cpu_unregister_map_client(client);
3684 /* Map a physical memory region into a host virtual address.
3685 * May map a subset of the requested range, given by and returned in *plen.
3686 * May return NULL if resources needed to perform the mapping are exhausted.
3687 * Use only for reads OR writes - not for read-modify-write operations.
3688 * Use cpu_register_map_client() to know when retrying the map operation is
3689 * likely to succeed.
3691 void *cpu_physical_memory_map(target_phys_addr_t addr,
3692 target_phys_addr_t *plen,
3695 target_phys_addr_t len = *plen;
3696 target_phys_addr_t todo = 0;
3698 target_phys_addr_t page;
3699 MemoryRegionSection *section;
3700 ram_addr_t raddr = RAM_ADDR_MAX;
3705 page = addr & TARGET_PAGE_MASK;
3706 l = (page + TARGET_PAGE_SIZE) - addr;
3709 section = phys_page_find(page >> TARGET_PAGE_BITS);
3711 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
3712 if (todo || bounce.buffer) {
3715 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3719 cpu_physical_memory_read(addr, bounce.buffer, l);
3723 return bounce.buffer;
3726 raddr = memory_region_get_ram_addr(section->mr)
3727 + memory_region_section_addr(section, addr);
3735 ret = qemu_ram_ptr_length(raddr, &rlen);
3740 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3741 * Will also mark the memory as dirty if is_write == 1. access_len gives
3742 * the amount of memory that was actually read or written by the caller.
3744 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3745 int is_write, target_phys_addr_t access_len)
3747 if (buffer != bounce.buffer) {
3749 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
3750 while (access_len) {
3752 l = TARGET_PAGE_SIZE;
3755 if (!cpu_physical_memory_is_dirty(addr1)) {
3756 /* invalidate code */
3757 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3759 cpu_physical_memory_set_dirty_flags(
3760 addr1, (0xff & ~CODE_DIRTY_FLAG));
3766 if (xen_enabled()) {
3767 xen_invalidate_map_cache_entry(buffer);
3772 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3774 qemu_vfree(bounce.buffer);
3775 bounce.buffer = NULL;
3776 cpu_notify_map_clients();
3779 /* warning: addr must be aligned */
3780 static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3781 enum device_endian endian)
3785 MemoryRegionSection *section;
3787 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3789 if (!(memory_region_is_ram(section->mr) ||
3790 memory_region_is_romd(section->mr))) {
3792 addr = memory_region_section_addr(section, addr);
3793 val = io_mem_read(section->mr, addr, 4);
3794 #if defined(TARGET_WORDS_BIGENDIAN)
3795 if (endian == DEVICE_LITTLE_ENDIAN) {
3799 if (endian == DEVICE_BIG_ENDIAN) {
3805 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3807 + memory_region_section_addr(section, addr));
3809 case DEVICE_LITTLE_ENDIAN:
3810 val = ldl_le_p(ptr);
3812 case DEVICE_BIG_ENDIAN:
3813 val = ldl_be_p(ptr);
3823 uint32_t ldl_phys(target_phys_addr_t addr)
3825 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3828 uint32_t ldl_le_phys(target_phys_addr_t addr)
3830 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3833 uint32_t ldl_be_phys(target_phys_addr_t addr)
3835 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3838 /* warning: addr must be aligned */
3839 static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3840 enum device_endian endian)
3844 MemoryRegionSection *section;
3846 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3848 if (!(memory_region_is_ram(section->mr) ||
3849 memory_region_is_romd(section->mr))) {
3851 addr = memory_region_section_addr(section, addr);
3853 /* XXX This is broken when device endian != cpu endian.
3854 Fix and add "endian" variable check */
3855 #ifdef TARGET_WORDS_BIGENDIAN
3856 val = io_mem_read(section->mr, addr, 4) << 32;
3857 val |= io_mem_read(section->mr, addr + 4, 4);
3859 val = io_mem_read(section->mr, addr, 4);
3860 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
3864 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3866 + memory_region_section_addr(section, addr));
3868 case DEVICE_LITTLE_ENDIAN:
3869 val = ldq_le_p(ptr);
3871 case DEVICE_BIG_ENDIAN:
3872 val = ldq_be_p(ptr);
3882 uint64_t ldq_phys(target_phys_addr_t addr)
3884 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3887 uint64_t ldq_le_phys(target_phys_addr_t addr)
3889 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3892 uint64_t ldq_be_phys(target_phys_addr_t addr)
3894 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3898 uint32_t ldub_phys(target_phys_addr_t addr)
3901 cpu_physical_memory_read(addr, &val, 1);
3905 /* warning: addr must be aligned */
3906 static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3907 enum device_endian endian)
3911 MemoryRegionSection *section;
3913 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3915 if (!(memory_region_is_ram(section->mr) ||
3916 memory_region_is_romd(section->mr))) {
3918 addr = memory_region_section_addr(section, addr);
3919 val = io_mem_read(section->mr, addr, 2);
3920 #if defined(TARGET_WORDS_BIGENDIAN)
3921 if (endian == DEVICE_LITTLE_ENDIAN) {
3925 if (endian == DEVICE_BIG_ENDIAN) {
3931 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3933 + memory_region_section_addr(section, addr));
3935 case DEVICE_LITTLE_ENDIAN:
3936 val = lduw_le_p(ptr);
3938 case DEVICE_BIG_ENDIAN:
3939 val = lduw_be_p(ptr);
3949 uint32_t lduw_phys(target_phys_addr_t addr)
3951 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3954 uint32_t lduw_le_phys(target_phys_addr_t addr)
3956 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3959 uint32_t lduw_be_phys(target_phys_addr_t addr)
3961 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3964 /* warning: addr must be aligned. The ram page is not masked as dirty
3965 and the code inside is not invalidated. It is useful if the dirty
3966 bits are used to track modified PTEs */
3967 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3970 MemoryRegionSection *section;
3972 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3974 if (!memory_region_is_ram(section->mr) || section->readonly) {
3975 addr = memory_region_section_addr(section, addr);
3976 if (memory_region_is_ram(section->mr)) {
3977 section = &phys_sections[phys_section_rom];
3979 io_mem_write(section->mr, addr, val, 4);
3981 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
3983 + memory_region_section_addr(section, addr);
3984 ptr = qemu_get_ram_ptr(addr1);
3987 if (unlikely(in_migration)) {
3988 if (!cpu_physical_memory_is_dirty(addr1)) {
3989 /* invalidate code */
3990 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3992 cpu_physical_memory_set_dirty_flags(
3993 addr1, (0xff & ~CODE_DIRTY_FLAG));
3999 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
4002 MemoryRegionSection *section;
4004 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4006 if (!memory_region_is_ram(section->mr) || section->readonly) {
4007 addr = memory_region_section_addr(section, addr);
4008 if (memory_region_is_ram(section->mr)) {
4009 section = &phys_sections[phys_section_rom];
4011 #ifdef TARGET_WORDS_BIGENDIAN
4012 io_mem_write(section->mr, addr, val >> 32, 4);
4013 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
4015 io_mem_write(section->mr, addr, (uint32_t)val, 4);
4016 io_mem_write(section->mr, addr + 4, val >> 32, 4);
4019 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4021 + memory_region_section_addr(section, addr));
4026 /* warning: addr must be aligned */
4027 static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4028 enum device_endian endian)
4031 MemoryRegionSection *section;
4033 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4035 if (!memory_region_is_ram(section->mr) || section->readonly) {
4036 addr = memory_region_section_addr(section, addr);
4037 if (memory_region_is_ram(section->mr)) {
4038 section = &phys_sections[phys_section_rom];
4040 #if defined(TARGET_WORDS_BIGENDIAN)
4041 if (endian == DEVICE_LITTLE_ENDIAN) {
4045 if (endian == DEVICE_BIG_ENDIAN) {
4049 io_mem_write(section->mr, addr, val, 4);
4051 unsigned long addr1;
4052 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4053 + memory_region_section_addr(section, addr);
4055 ptr = qemu_get_ram_ptr(addr1);
4057 case DEVICE_LITTLE_ENDIAN:
4060 case DEVICE_BIG_ENDIAN:
4067 if (!cpu_physical_memory_is_dirty(addr1)) {
4068 /* invalidate code */
4069 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4071 cpu_physical_memory_set_dirty_flags(addr1,
4072 (0xff & ~CODE_DIRTY_FLAG));
4077 void stl_phys(target_phys_addr_t addr, uint32_t val)
4079 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4082 void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4084 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4087 void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4089 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4093 void stb_phys(target_phys_addr_t addr, uint32_t val)
4096 cpu_physical_memory_write(addr, &v, 1);
4099 /* warning: addr must be aligned */
4100 static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4101 enum device_endian endian)
4104 MemoryRegionSection *section;
4106 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4108 if (!memory_region_is_ram(section->mr) || section->readonly) {
4109 addr = memory_region_section_addr(section, addr);
4110 if (memory_region_is_ram(section->mr)) {
4111 section = &phys_sections[phys_section_rom];
4113 #if defined(TARGET_WORDS_BIGENDIAN)
4114 if (endian == DEVICE_LITTLE_ENDIAN) {
4118 if (endian == DEVICE_BIG_ENDIAN) {
4122 io_mem_write(section->mr, addr, val, 2);
4124 unsigned long addr1;
4125 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4126 + memory_region_section_addr(section, addr);
4128 ptr = qemu_get_ram_ptr(addr1);
4130 case DEVICE_LITTLE_ENDIAN:
4133 case DEVICE_BIG_ENDIAN:
4140 if (!cpu_physical_memory_is_dirty(addr1)) {
4141 /* invalidate code */
4142 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4144 cpu_physical_memory_set_dirty_flags(addr1,
4145 (0xff & ~CODE_DIRTY_FLAG));
4150 void stw_phys(target_phys_addr_t addr, uint32_t val)
4152 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4155 void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4157 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4160 void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4162 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4166 void stq_phys(target_phys_addr_t addr, uint64_t val)
4169 cpu_physical_memory_write(addr, &val, 8);
4172 void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4174 val = cpu_to_le64(val);
4175 cpu_physical_memory_write(addr, &val, 8);
4178 void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4180 val = cpu_to_be64(val);
4181 cpu_physical_memory_write(addr, &val, 8);
4184 /* virtual memory access for debug (includes writing to ROM) */
4185 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
4186 uint8_t *buf, int len, int is_write)
4189 target_phys_addr_t phys_addr;
4193 page = addr & TARGET_PAGE_MASK;
4194 phys_addr = cpu_get_phys_page_debug(env, page);
4195 /* if no physical page mapped, return an error */
4196 if (phys_addr == -1)
4198 l = (page + TARGET_PAGE_SIZE) - addr;
4201 phys_addr += (addr & ~TARGET_PAGE_MASK);
4203 cpu_physical_memory_write_rom(phys_addr, buf, l);
4205 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4214 /* in deterministic execution mode, instructions doing device I/Os
4215 must be at the end of the TB */
4216 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
4218 TranslationBlock *tb;
4220 target_ulong pc, cs_base;
4223 tb = tb_find_pc(retaddr);
4225 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4228 n = env->icount_decr.u16.low + tb->icount;
4229 cpu_restore_state(tb, env, retaddr);
4230 /* Calculate how many instructions had been executed before the fault
4232 n = n - env->icount_decr.u16.low;
4233 /* Generate a new TB ending on the I/O insn. */
4235 /* On MIPS and SH, delay slot instructions can only be restarted if
4236 they were already the first instruction in the TB. If this is not
4237 the first instruction in a TB then re-execute the preceding
4239 #if defined(TARGET_MIPS)
4240 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4241 env->active_tc.PC -= 4;
4242 env->icount_decr.u16.low++;
4243 env->hflags &= ~MIPS_HFLAG_BMASK;
4245 #elif defined(TARGET_SH4)
4246 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4249 env->icount_decr.u16.low++;
4250 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4253 /* This should never happen. */
4254 if (n > CF_COUNT_MASK)
4255 cpu_abort(env, "TB too big during recompile");
4257 cflags = n | CF_LAST_IO;
4259 cs_base = tb->cs_base;
4261 tb_phys_invalidate(tb, -1);
4262 /* FIXME: In theory this could raise an exception. In practice
4263 we have already translated the block once so it's probably ok. */
4264 tb_gen_code(env, pc, cs_base, flags, cflags);
4265 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4266 the first in the TB) then we end up generating a whole new TB and
4267 repeating the fault, which is horribly inefficient.
4268 Better would be to execute just this insn uncached, or generate a
4270 cpu_resume_from_signal(env, NULL);
4273 #if !defined(CONFIG_USER_ONLY)
4275 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4277 int i, target_code_size, max_target_code_size;
4278 int direct_jmp_count, direct_jmp2_count, cross_page;
4279 TranslationBlock *tb;
4281 target_code_size = 0;
4282 max_target_code_size = 0;
4284 direct_jmp_count = 0;
4285 direct_jmp2_count = 0;
4286 for(i = 0; i < nb_tbs; i++) {
4288 target_code_size += tb->size;
4289 if (tb->size > max_target_code_size)
4290 max_target_code_size = tb->size;
4291 if (tb->page_addr[1] != -1)
4293 if (tb->tb_next_offset[0] != 0xffff) {
4295 if (tb->tb_next_offset[1] != 0xffff) {
4296 direct_jmp2_count++;
4300 /* XXX: avoid using doubles ? */
4301 cpu_fprintf(f, "Translation buffer state:\n");
4302 cpu_fprintf(f, "gen code size %td/%ld\n",
4303 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4304 cpu_fprintf(f, "TB count %d/%d\n",
4305 nb_tbs, code_gen_max_blocks);
4306 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4307 nb_tbs ? target_code_size / nb_tbs : 0,
4308 max_target_code_size);
4309 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4310 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4311 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4312 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4314 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4315 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4317 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4319 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4320 cpu_fprintf(f, "\nStatistics:\n");
4321 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4322 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4323 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4324 tcg_dump_info(f, cpu_fprintf);
4328 * A helper function for the _utterly broken_ virtio device model to find out if
4329 * it's running on a big endian machine. Don't do this at home kids!
4331 bool virtio_is_big_endian(void);
4332 bool virtio_is_big_endian(void)
4334 #if defined(TARGET_WORDS_BIGENDIAN)
4343 #ifndef CONFIG_USER_ONLY
4344 bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4346 MemoryRegionSection *section;
4348 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4350 return !(memory_region_is_ram(section->mr) ||
4351 memory_region_is_romd(section->mr));
projects / qemu.git / blob