4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_UNASSIGNED
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
58 static int in_migration;
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
67 DMAContext dma_context_memory;
69 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
70 static MemoryRegion io_mem_subpage_ram;
74 CPUArchState *first_cpu;
75 /* current CPU in the current thread. It is only valid inside
77 DEFINE_TLS(CPUArchState *,cpu_single_env);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
83 #if !defined(CONFIG_USER_ONLY)
85 static MemoryRegionSection *phys_sections;
86 static unsigned phys_sections_nb, phys_sections_nb_alloc;
87 static uint16_t phys_section_unassigned;
88 static uint16_t phys_section_notdirty;
89 static uint16_t phys_section_rom;
90 static uint16_t phys_section_watch;
92 /* Simple allocator for PhysPageEntry nodes */
93 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
94 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
96 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
98 static void io_mem_init(void);
99 static void memory_map_init(void);
100 static void *qemu_safe_ram_ptr(ram_addr_t addr);
102 static MemoryRegion io_mem_watch;
105 #if !defined(CONFIG_USER_ONLY)
107 static void phys_map_node_reserve(unsigned nodes)
109 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
110 typedef PhysPageEntry Node[L2_SIZE];
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
112 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
113 phys_map_nodes_nb + nodes);
114 phys_map_nodes = g_renew(Node, phys_map_nodes,
115 phys_map_nodes_nb_alloc);
119 static uint16_t phys_map_node_alloc(void)
124 ret = phys_map_nodes_nb++;
125 assert(ret != PHYS_MAP_NODE_NIL);
126 assert(ret != phys_map_nodes_nb_alloc);
127 for (i = 0; i < L2_SIZE; ++i) {
128 phys_map_nodes[ret][i].is_leaf = 0;
129 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
134 static void phys_map_nodes_reset(void)
136 phys_map_nodes_nb = 0;
140 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
141 hwaddr *nb, uint16_t leaf,
146 hwaddr step = (hwaddr)1 << (level * L2_BITS);
148 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
149 lp->ptr = phys_map_node_alloc();
150 p = phys_map_nodes[lp->ptr];
152 for (i = 0; i < L2_SIZE; i++) {
154 p[i].ptr = phys_section_unassigned;
158 p = phys_map_nodes[lp->ptr];
160 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
162 while (*nb && lp < &p[L2_SIZE]) {
163 if ((*index & (step - 1)) == 0 && *nb >= step) {
169 phys_page_set_level(lp, index, nb, leaf, level - 1);
175 static void phys_page_set(AddressSpaceDispatch *d,
176 hwaddr index, hwaddr nb,
179 /* Wildly overreserve - it doesn't matter much. */
180 phys_map_node_reserve(3 * P_L2_LEVELS);
182 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
185 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
187 PhysPageEntry lp = d->phys_map;
190 uint16_t s_index = phys_section_unassigned;
192 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
193 if (lp.ptr == PHYS_MAP_NODE_NIL) {
196 p = phys_map_nodes[lp.ptr];
197 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
202 return &phys_sections[s_index];
205 bool memory_region_is_unassigned(MemoryRegion *mr)
207 return mr != &io_mem_ram && mr != &io_mem_rom
208 && mr != &io_mem_notdirty && !mr->rom_device
209 && mr != &io_mem_watch;
213 void cpu_exec_init_all(void)
215 #if !defined(CONFIG_USER_ONLY)
216 qemu_mutex_init(&ram_list.mutex);
222 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
224 static int cpu_common_post_load(void *opaque, int version_id)
226 CPUArchState *env = opaque;
228 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
229 version_id is increased. */
230 env->interrupt_request &= ~0x01;
236 static const VMStateDescription vmstate_cpu_common = {
237 .name = "cpu_common",
239 .minimum_version_id = 1,
240 .minimum_version_id_old = 1,
241 .post_load = cpu_common_post_load,
242 .fields = (VMStateField []) {
243 VMSTATE_UINT32(halted, CPUArchState),
244 VMSTATE_UINT32(interrupt_request, CPUArchState),
245 VMSTATE_END_OF_LIST()
250 CPUState *qemu_get_cpu(int index)
252 CPUArchState *env = first_cpu;
253 CPUState *cpu = NULL;
256 cpu = ENV_GET_CPU(env);
257 if (cpu->cpu_index == index) {
266 void cpu_exec_init(CPUArchState *env)
268 CPUState *cpu = ENV_GET_CPU(env);
272 #if defined(CONFIG_USER_ONLY)
275 env->next_cpu = NULL;
278 while (*penv != NULL) {
279 penv = &(*penv)->next_cpu;
282 cpu->cpu_index = cpu_index;
284 QTAILQ_INIT(&env->breakpoints);
285 QTAILQ_INIT(&env->watchpoints);
286 #ifndef CONFIG_USER_ONLY
287 cpu->thread_id = qemu_get_thread_id();
290 #if defined(CONFIG_USER_ONLY)
293 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
294 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
295 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
296 cpu_save, cpu_load, env);
300 #if defined(TARGET_HAS_ICE)
301 #if defined(CONFIG_USER_ONLY)
302 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
304 tb_invalidate_phys_page_range(pc, pc + 1, 0);
307 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
309 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
310 (pc & ~TARGET_PAGE_MASK));
313 #endif /* TARGET_HAS_ICE */
315 #if defined(CONFIG_USER_ONLY)
316 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
321 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
322 int flags, CPUWatchpoint **watchpoint)
327 /* Add a watchpoint. */
328 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
329 int flags, CPUWatchpoint **watchpoint)
331 target_ulong len_mask = ~(len - 1);
334 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
335 if ((len & (len - 1)) || (addr & ~len_mask) ||
336 len == 0 || len > TARGET_PAGE_SIZE) {
337 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
338 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
341 wp = g_malloc(sizeof(*wp));
344 wp->len_mask = len_mask;
347 /* keep all GDB-injected watchpoints in front */
349 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
351 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
353 tlb_flush_page(env, addr);
360 /* Remove a specific watchpoint. */
361 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
364 target_ulong len_mask = ~(len - 1);
367 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
368 if (addr == wp->vaddr && len_mask == wp->len_mask
369 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
370 cpu_watchpoint_remove_by_ref(env, wp);
377 /* Remove a specific watchpoint by reference. */
378 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
380 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
382 tlb_flush_page(env, watchpoint->vaddr);
387 /* Remove all matching watchpoints. */
388 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
390 CPUWatchpoint *wp, *next;
392 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
393 if (wp->flags & mask)
394 cpu_watchpoint_remove_by_ref(env, wp);
399 /* Add a breakpoint. */
400 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
401 CPUBreakpoint **breakpoint)
403 #if defined(TARGET_HAS_ICE)
406 bp = g_malloc(sizeof(*bp));
411 /* keep all GDB-injected breakpoints in front */
413 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
415 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
417 breakpoint_invalidate(env, pc);
427 /* Remove a specific breakpoint. */
428 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
430 #if defined(TARGET_HAS_ICE)
433 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
434 if (bp->pc == pc && bp->flags == flags) {
435 cpu_breakpoint_remove_by_ref(env, bp);
445 /* Remove a specific breakpoint by reference. */
446 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
448 #if defined(TARGET_HAS_ICE)
449 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
451 breakpoint_invalidate(env, breakpoint->pc);
457 /* Remove all matching breakpoints. */
458 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
460 #if defined(TARGET_HAS_ICE)
461 CPUBreakpoint *bp, *next;
463 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
464 if (bp->flags & mask)
465 cpu_breakpoint_remove_by_ref(env, bp);
470 /* enable or disable single step mode. EXCP_DEBUG is returned by the
471 CPU loop after each instruction */
472 void cpu_single_step(CPUArchState *env, int enabled)
474 #if defined(TARGET_HAS_ICE)
475 if (env->singlestep_enabled != enabled) {
476 env->singlestep_enabled = enabled;
478 kvm_update_guest_debug(env, 0);
480 /* must flush all the translated code to avoid inconsistencies */
481 /* XXX: only flush what is necessary */
488 void cpu_reset_interrupt(CPUArchState *env, int mask)
490 env->interrupt_request &= ~mask;
493 void cpu_exit(CPUArchState *env)
495 CPUState *cpu = ENV_GET_CPU(env);
497 cpu->exit_request = 1;
498 cpu->tcg_exit_req = 1;
501 void cpu_abort(CPUArchState *env, const char *fmt, ...)
508 fprintf(stderr, "qemu: fatal: ");
509 vfprintf(stderr, fmt, ap);
510 fprintf(stderr, "\n");
511 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
512 if (qemu_log_enabled()) {
513 qemu_log("qemu: fatal: ");
514 qemu_log_vprintf(fmt, ap2);
516 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
522 #if defined(CONFIG_USER_ONLY)
524 struct sigaction act;
525 sigfillset(&act.sa_mask);
526 act.sa_handler = SIG_DFL;
527 sigaction(SIGABRT, &act, NULL);
533 CPUArchState *cpu_copy(CPUArchState *env)
535 CPUArchState *new_env = cpu_init(env->cpu_model_str);
536 CPUArchState *next_cpu = new_env->next_cpu;
537 #if defined(TARGET_HAS_ICE)
542 memcpy(new_env, env, sizeof(CPUArchState));
544 /* Preserve chaining. */
545 new_env->next_cpu = next_cpu;
547 /* Clone all break/watchpoints.
548 Note: Once we support ptrace with hw-debug register access, make sure
549 BP_CPU break/watchpoints are handled correctly on clone. */
550 QTAILQ_INIT(&env->breakpoints);
551 QTAILQ_INIT(&env->watchpoints);
552 #if defined(TARGET_HAS_ICE)
553 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
554 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
556 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
557 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
565 #if !defined(CONFIG_USER_ONLY)
566 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
571 /* we modify the TLB cache so that the dirty bit will be set again
572 when accessing the range */
573 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
574 /* Check that we don't span multiple blocks - this breaks the
575 address comparisons below. */
576 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
577 != (end - 1) - start) {
580 cpu_tlb_reset_dirty_all(start1, length);
584 /* Note: start and end must be within the same ram block. */
585 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
590 start &= TARGET_PAGE_MASK;
591 end = TARGET_PAGE_ALIGN(end);
593 length = end - start;
596 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
599 tlb_reset_dirty_range_all(start, end, length);
603 static int cpu_physical_memory_set_dirty_tracking(int enable)
606 in_migration = enable;
610 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
611 MemoryRegionSection *section,
615 target_ulong *address)
620 if (memory_region_is_ram(section->mr)) {
622 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
623 + memory_region_section_addr(section, paddr);
624 if (!section->readonly) {
625 iotlb |= phys_section_notdirty;
627 iotlb |= phys_section_rom;
630 /* IO handlers are currently passed a physical address.
631 It would be nice to pass an offset from the base address
632 of that region. This would avoid having to special case RAM,
633 and avoid full address decoding in every device.
634 We can't use the high bits of pd for this because
635 IO_MEM_ROMD uses these as a ram address. */
636 iotlb = section - phys_sections;
637 iotlb += memory_region_section_addr(section, paddr);
640 /* Make accesses to pages with watchpoints go via the
641 watchpoint trap routines. */
642 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
643 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
644 /* Avoid trapping reads of pages with a write breakpoint. */
645 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
646 iotlb = phys_section_watch + paddr;
647 *address |= TLB_MMIO;
655 #endif /* defined(CONFIG_USER_ONLY) */
657 #if !defined(CONFIG_USER_ONLY)
659 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
660 typedef struct subpage_t {
663 uint16_t sub_section[TARGET_PAGE_SIZE];
666 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
668 static subpage_t *subpage_init(hwaddr base);
669 static void destroy_page_desc(uint16_t section_index)
671 MemoryRegionSection *section = &phys_sections[section_index];
672 MemoryRegion *mr = section->mr;
675 subpage_t *subpage = container_of(mr, subpage_t, iomem);
676 memory_region_destroy(&subpage->iomem);
681 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
686 if (lp->ptr == PHYS_MAP_NODE_NIL) {
690 p = phys_map_nodes[lp->ptr];
691 for (i = 0; i < L2_SIZE; ++i) {
693 destroy_l2_mapping(&p[i], level - 1);
695 destroy_page_desc(p[i].ptr);
699 lp->ptr = PHYS_MAP_NODE_NIL;
702 static void destroy_all_mappings(AddressSpaceDispatch *d)
704 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
705 phys_map_nodes_reset();
708 static uint16_t phys_section_add(MemoryRegionSection *section)
710 if (phys_sections_nb == phys_sections_nb_alloc) {
711 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
712 phys_sections = g_renew(MemoryRegionSection, phys_sections,
713 phys_sections_nb_alloc);
715 phys_sections[phys_sections_nb] = *section;
716 return phys_sections_nb++;
719 static void phys_sections_clear(void)
721 phys_sections_nb = 0;
724 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
727 hwaddr base = section->offset_within_address_space
729 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
730 MemoryRegionSection subsection = {
731 .offset_within_address_space = base,
732 .size = TARGET_PAGE_SIZE,
736 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
738 if (!(existing->mr->subpage)) {
739 subpage = subpage_init(base);
740 subsection.mr = &subpage->iomem;
741 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
742 phys_section_add(&subsection));
744 subpage = container_of(existing->mr, subpage_t, iomem);
746 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
747 end = start + section->size - 1;
748 subpage_register(subpage, start, end, phys_section_add(section));
752 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
754 hwaddr start_addr = section->offset_within_address_space;
755 ram_addr_t size = section->size;
757 uint16_t section_index = phys_section_add(section);
762 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
766 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
768 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
769 MemoryRegionSection now = *section, remain = *section;
771 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
772 || (now.size < TARGET_PAGE_SIZE)) {
773 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
774 - now.offset_within_address_space,
776 register_subpage(d, &now);
777 remain.size -= now.size;
778 remain.offset_within_address_space += now.size;
779 remain.offset_within_region += now.size;
781 while (remain.size >= TARGET_PAGE_SIZE) {
783 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
784 now.size = TARGET_PAGE_SIZE;
785 register_subpage(d, &now);
787 now.size &= TARGET_PAGE_MASK;
788 register_multipage(d, &now);
790 remain.size -= now.size;
791 remain.offset_within_address_space += now.size;
792 remain.offset_within_region += now.size;
796 register_subpage(d, &now);
800 void qemu_flush_coalesced_mmio_buffer(void)
803 kvm_flush_coalesced_mmio_buffer();
806 void qemu_mutex_lock_ramlist(void)
808 qemu_mutex_lock(&ram_list.mutex);
811 void qemu_mutex_unlock_ramlist(void)
813 qemu_mutex_unlock(&ram_list.mutex);
816 #if defined(__linux__) && !defined(TARGET_S390X)
820 #define HUGETLBFS_MAGIC 0x958458f6
822 static long gethugepagesize(const char *path)
828 ret = statfs(path, &fs);
829 } while (ret != 0 && errno == EINTR);
836 if (fs.f_type != HUGETLBFS_MAGIC)
837 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
842 static void *file_ram_alloc(RAMBlock *block,
847 char *sanitized_name;
854 unsigned long hpagesize;
856 hpagesize = gethugepagesize(path);
861 if (memory < hpagesize) {
865 if (kvm_enabled() && !kvm_has_sync_mmu()) {
866 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
870 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
871 sanitized_name = g_strdup(block->mr->name);
872 for (c = sanitized_name; *c != '\0'; c++) {
877 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
879 g_free(sanitized_name);
881 fd = mkstemp(filename);
883 perror("unable to create backing store for hugepages");
890 memory = (memory+hpagesize-1) & ~(hpagesize-1);
893 * ftruncate is not supported by hugetlbfs in older
894 * hosts, so don't bother bailing out on errors.
895 * If anything goes wrong with it under other filesystems,
898 if (ftruncate(fd, memory))
902 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
903 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
904 * to sidestep this quirk.
906 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
907 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
909 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
911 if (area == MAP_FAILED) {
912 perror("file_ram_alloc: can't mmap RAM pages");
921 static ram_addr_t find_ram_offset(ram_addr_t size)
923 RAMBlock *block, *next_block;
924 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
926 if (QTAILQ_EMPTY(&ram_list.blocks))
929 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
930 ram_addr_t end, next = RAM_ADDR_MAX;
932 end = block->offset + block->length;
934 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
935 if (next_block->offset >= end) {
936 next = MIN(next, next_block->offset);
939 if (next - end >= size && next - end < mingap) {
945 if (offset == RAM_ADDR_MAX) {
946 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
954 ram_addr_t last_ram_offset(void)
959 QTAILQ_FOREACH(block, &ram_list.blocks, next)
960 last = MAX(last, block->offset + block->length);
965 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
968 QemuOpts *machine_opts;
970 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
971 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
973 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
974 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
976 perror("qemu_madvise");
977 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
978 "but dump_guest_core=off specified\n");
983 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
985 RAMBlock *new_block, *block;
988 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
989 if (block->offset == addr) {
995 assert(!new_block->idstr[0]);
998 char *id = qdev_get_dev_path(dev);
1000 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1004 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1006 /* This assumes the iothread lock is taken here too. */
1007 qemu_mutex_lock_ramlist();
1008 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1009 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1010 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1015 qemu_mutex_unlock_ramlist();
1018 static int memory_try_enable_merging(void *addr, size_t len)
1022 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1023 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1024 /* disabled by the user */
1028 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1031 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1034 RAMBlock *block, *new_block;
1036 size = TARGET_PAGE_ALIGN(size);
1037 new_block = g_malloc0(sizeof(*new_block));
1039 /* This assumes the iothread lock is taken here too. */
1040 qemu_mutex_lock_ramlist();
1042 new_block->offset = find_ram_offset(size);
1044 new_block->host = host;
1045 new_block->flags |= RAM_PREALLOC_MASK;
1048 #if defined (__linux__) && !defined(TARGET_S390X)
1049 new_block->host = file_ram_alloc(new_block, size, mem_path);
1050 if (!new_block->host) {
1051 new_block->host = qemu_vmalloc(size);
1052 memory_try_enable_merging(new_block->host, size);
1055 fprintf(stderr, "-mem-path option unsupported\n");
1059 if (xen_enabled()) {
1060 xen_ram_alloc(new_block->offset, size, mr);
1061 } else if (kvm_enabled()) {
1062 /* some s390/kvm configurations have special constraints */
1063 new_block->host = kvm_vmalloc(size);
1065 new_block->host = qemu_vmalloc(size);
1067 memory_try_enable_merging(new_block->host, size);
1070 new_block->length = size;
1072 /* Keep the list sorted from biggest to smallest block. */
1073 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1074 if (block->length < new_block->length) {
1079 QTAILQ_INSERT_BEFORE(block, new_block, next);
1081 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1083 ram_list.mru_block = NULL;
1086 qemu_mutex_unlock_ramlist();
1088 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1089 last_ram_offset() >> TARGET_PAGE_BITS);
1090 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1091 0, size >> TARGET_PAGE_BITS);
1092 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1094 qemu_ram_setup_dump(new_block->host, size);
1095 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1098 kvm_setup_guest_memory(new_block->host, size);
1100 return new_block->offset;
1103 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1105 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1108 void qemu_ram_free_from_ptr(ram_addr_t addr)
1112 /* This assumes the iothread lock is taken here too. */
1113 qemu_mutex_lock_ramlist();
1114 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1115 if (addr == block->offset) {
1116 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1117 ram_list.mru_block = NULL;
1123 qemu_mutex_unlock_ramlist();
1126 void qemu_ram_free(ram_addr_t addr)
1130 /* This assumes the iothread lock is taken here too. */
1131 qemu_mutex_lock_ramlist();
1132 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1133 if (addr == block->offset) {
1134 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1135 ram_list.mru_block = NULL;
1137 if (block->flags & RAM_PREALLOC_MASK) {
1139 } else if (mem_path) {
1140 #if defined (__linux__) && !defined(TARGET_S390X)
1142 munmap(block->host, block->length);
1145 qemu_vfree(block->host);
1151 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1152 munmap(block->host, block->length);
1154 if (xen_enabled()) {
1155 xen_invalidate_map_cache_entry(block->host);
1157 qemu_vfree(block->host);
1165 qemu_mutex_unlock_ramlist();
1170 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1177 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1178 offset = addr - block->offset;
1179 if (offset < block->length) {
1180 vaddr = block->host + offset;
1181 if (block->flags & RAM_PREALLOC_MASK) {
1185 munmap(vaddr, length);
1187 #if defined(__linux__) && !defined(TARGET_S390X)
1190 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1193 flags |= MAP_PRIVATE;
1195 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1196 flags, block->fd, offset);
1198 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1199 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1206 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1207 flags |= MAP_SHARED | MAP_ANONYMOUS;
1208 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1211 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1212 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1216 if (area != vaddr) {
1217 fprintf(stderr, "Could not remap addr: "
1218 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1222 memory_try_enable_merging(vaddr, length);
1223 qemu_ram_setup_dump(vaddr, length);
1229 #endif /* !_WIN32 */
1231 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1232 With the exception of the softmmu code in this file, this should
1233 only be used for local memory (e.g. video ram) that the device owns,
1234 and knows it isn't going to access beyond the end of the block.
1236 It should not be used for general purpose DMA.
1237 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1239 void *qemu_get_ram_ptr(ram_addr_t addr)
1243 /* The list is protected by the iothread lock here. */
1244 block = ram_list.mru_block;
1245 if (block && addr - block->offset < block->length) {
1248 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1249 if (addr - block->offset < block->length) {
1254 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1258 ram_list.mru_block = block;
1259 if (xen_enabled()) {
1260 /* We need to check if the requested address is in the RAM
1261 * because we don't want to map the entire memory in QEMU.
1262 * In that case just map until the end of the page.
1264 if (block->offset == 0) {
1265 return xen_map_cache(addr, 0, 0);
1266 } else if (block->host == NULL) {
1268 xen_map_cache(block->offset, block->length, 1);
1271 return block->host + (addr - block->offset);
1274 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1275 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1277 * ??? Is this still necessary?
1279 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1283 /* The list is protected by the iothread lock here. */
1284 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1285 if (addr - block->offset < block->length) {
1286 if (xen_enabled()) {
1287 /* We need to check if the requested address is in the RAM
1288 * because we don't want to map the entire memory in QEMU.
1289 * In that case just map until the end of the page.
1291 if (block->offset == 0) {
1292 return xen_map_cache(addr, 0, 0);
1293 } else if (block->host == NULL) {
1295 xen_map_cache(block->offset, block->length, 1);
1298 return block->host + (addr - block->offset);
1302 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1308 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1309 * but takes a size argument */
1310 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1315 if (xen_enabled()) {
1316 return xen_map_cache(addr, *size, 1);
1320 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1321 if (addr - block->offset < block->length) {
1322 if (addr - block->offset + *size > block->length)
1323 *size = block->length - addr + block->offset;
1324 return block->host + (addr - block->offset);
1328 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1333 void qemu_put_ram_ptr(void *addr)
1335 trace_qemu_put_ram_ptr(addr);
1338 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1341 uint8_t *host = ptr;
1343 if (xen_enabled()) {
1344 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1348 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1349 /* This case append when the block is not mapped. */
1350 if (block->host == NULL) {
1353 if (host - block->host < block->length) {
1354 *ram_addr = block->offset + (host - block->host);
1362 /* Some of the softmmu routines need to translate from a host pointer
1363 (typically a TLB entry) back to a ram offset. */
1364 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1366 ram_addr_t ram_addr;
1368 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1369 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1375 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1378 #ifdef DEBUG_UNASSIGNED
1379 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1381 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1382 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1387 static void unassigned_mem_write(void *opaque, hwaddr addr,
1388 uint64_t val, unsigned size)
1390 #ifdef DEBUG_UNASSIGNED
1391 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1393 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1394 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1398 static const MemoryRegionOps unassigned_mem_ops = {
1399 .read = unassigned_mem_read,
1400 .write = unassigned_mem_write,
1401 .endianness = DEVICE_NATIVE_ENDIAN,
1404 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1410 static void error_mem_write(void *opaque, hwaddr addr,
1411 uint64_t value, unsigned size)
1416 static const MemoryRegionOps error_mem_ops = {
1417 .read = error_mem_read,
1418 .write = error_mem_write,
1419 .endianness = DEVICE_NATIVE_ENDIAN,
1422 static const MemoryRegionOps rom_mem_ops = {
1423 .read = error_mem_read,
1424 .write = unassigned_mem_write,
1425 .endianness = DEVICE_NATIVE_ENDIAN,
1428 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1429 uint64_t val, unsigned size)
1432 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1433 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1434 #if !defined(CONFIG_USER_ONLY)
1435 tb_invalidate_phys_page_fast(ram_addr, size);
1436 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1441 stb_p(qemu_get_ram_ptr(ram_addr), val);
1444 stw_p(qemu_get_ram_ptr(ram_addr), val);
1447 stl_p(qemu_get_ram_ptr(ram_addr), val);
1452 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1453 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1454 /* we remove the notdirty callback only if the code has been
1456 if (dirty_flags == 0xff)
1457 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1460 static const MemoryRegionOps notdirty_mem_ops = {
1461 .read = error_mem_read,
1462 .write = notdirty_mem_write,
1463 .endianness = DEVICE_NATIVE_ENDIAN,
1466 /* Generate a debug exception if a watchpoint has been hit. */
1467 static void check_watchpoint(int offset, int len_mask, int flags)
1469 CPUArchState *env = cpu_single_env;
1470 target_ulong pc, cs_base;
1475 if (env->watchpoint_hit) {
1476 /* We re-entered the check after replacing the TB. Now raise
1477 * the debug interrupt so that is will trigger after the
1478 * current instruction. */
1479 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
1482 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1483 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1484 if ((vaddr == (wp->vaddr & len_mask) ||
1485 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1486 wp->flags |= BP_WATCHPOINT_HIT;
1487 if (!env->watchpoint_hit) {
1488 env->watchpoint_hit = wp;
1489 tb_check_watchpoint(env);
1490 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1491 env->exception_index = EXCP_DEBUG;
1494 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1495 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1496 cpu_resume_from_signal(env, NULL);
1500 wp->flags &= ~BP_WATCHPOINT_HIT;
1505 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1506 so these check for a hit then pass through to the normal out-of-line
1508 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1511 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1513 case 1: return ldub_phys(addr);
1514 case 2: return lduw_phys(addr);
1515 case 4: return ldl_phys(addr);
1520 static void watch_mem_write(void *opaque, hwaddr addr,
1521 uint64_t val, unsigned size)
1523 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1526 stb_phys(addr, val);
1529 stw_phys(addr, val);
1532 stl_phys(addr, val);
1538 static const MemoryRegionOps watch_mem_ops = {
1539 .read = watch_mem_read,
1540 .write = watch_mem_write,
1541 .endianness = DEVICE_NATIVE_ENDIAN,
1544 static uint64_t subpage_read(void *opaque, hwaddr addr,
1547 subpage_t *mmio = opaque;
1548 unsigned int idx = SUBPAGE_IDX(addr);
1549 MemoryRegionSection *section;
1550 #if defined(DEBUG_SUBPAGE)
1551 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1552 mmio, len, addr, idx);
1555 section = &phys_sections[mmio->sub_section[idx]];
1557 addr -= section->offset_within_address_space;
1558 addr += section->offset_within_region;
1559 return io_mem_read(section->mr, addr, len);
1562 static void subpage_write(void *opaque, hwaddr addr,
1563 uint64_t value, unsigned len)
1565 subpage_t *mmio = opaque;
1566 unsigned int idx = SUBPAGE_IDX(addr);
1567 MemoryRegionSection *section;
1568 #if defined(DEBUG_SUBPAGE)
1569 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1570 " idx %d value %"PRIx64"\n",
1571 __func__, mmio, len, addr, idx, value);
1574 section = &phys_sections[mmio->sub_section[idx]];
1576 addr -= section->offset_within_address_space;
1577 addr += section->offset_within_region;
1578 io_mem_write(section->mr, addr, value, len);
1581 static const MemoryRegionOps subpage_ops = {
1582 .read = subpage_read,
1583 .write = subpage_write,
1584 .endianness = DEVICE_NATIVE_ENDIAN,
1587 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1590 ram_addr_t raddr = addr;
1591 void *ptr = qemu_get_ram_ptr(raddr);
1593 case 1: return ldub_p(ptr);
1594 case 2: return lduw_p(ptr);
1595 case 4: return ldl_p(ptr);
1600 static void subpage_ram_write(void *opaque, hwaddr addr,
1601 uint64_t value, unsigned size)
1603 ram_addr_t raddr = addr;
1604 void *ptr = qemu_get_ram_ptr(raddr);
1606 case 1: return stb_p(ptr, value);
1607 case 2: return stw_p(ptr, value);
1608 case 4: return stl_p(ptr, value);
1613 static const MemoryRegionOps subpage_ram_ops = {
1614 .read = subpage_ram_read,
1615 .write = subpage_ram_write,
1616 .endianness = DEVICE_NATIVE_ENDIAN,
1619 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1624 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1626 idx = SUBPAGE_IDX(start);
1627 eidx = SUBPAGE_IDX(end);
1628 #if defined(DEBUG_SUBPAGE)
1629 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1630 mmio, start, end, idx, eidx, memory);
1632 if (memory_region_is_ram(phys_sections[section].mr)) {
1633 MemoryRegionSection new_section = phys_sections[section];
1634 new_section.mr = &io_mem_subpage_ram;
1635 section = phys_section_add(&new_section);
1637 for (; idx <= eidx; idx++) {
1638 mmio->sub_section[idx] = section;
1644 static subpage_t *subpage_init(hwaddr base)
1648 mmio = g_malloc0(sizeof(subpage_t));
1651 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1652 "subpage", TARGET_PAGE_SIZE);
1653 mmio->iomem.subpage = true;
1654 #if defined(DEBUG_SUBPAGE)
1655 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1656 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1658 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1663 static uint16_t dummy_section(MemoryRegion *mr)
1665 MemoryRegionSection section = {
1667 .offset_within_address_space = 0,
1668 .offset_within_region = 0,
1672 return phys_section_add(§ion);
1675 MemoryRegion *iotlb_to_region(hwaddr index)
1677 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1680 static void io_mem_init(void)
1682 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
1683 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1684 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1685 "unassigned", UINT64_MAX);
1686 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1687 "notdirty", UINT64_MAX);
1688 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1689 "subpage-ram", UINT64_MAX);
1690 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1691 "watch", UINT64_MAX);
1694 static void mem_begin(MemoryListener *listener)
1696 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1698 destroy_all_mappings(d);
1699 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1702 static void core_begin(MemoryListener *listener)
1704 phys_sections_clear();
1705 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1706 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1707 phys_section_rom = dummy_section(&io_mem_rom);
1708 phys_section_watch = dummy_section(&io_mem_watch);
1711 static void tcg_commit(MemoryListener *listener)
1715 /* since each CPU stores ram addresses in its TLB cache, we must
1716 reset the modified entries */
1718 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1723 static void core_log_global_start(MemoryListener *listener)
1725 cpu_physical_memory_set_dirty_tracking(1);
1728 static void core_log_global_stop(MemoryListener *listener)
1730 cpu_physical_memory_set_dirty_tracking(0);
1733 static void io_region_add(MemoryListener *listener,
1734 MemoryRegionSection *section)
1736 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1738 mrio->mr = section->mr;
1739 mrio->offset = section->offset_within_region;
1740 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1741 section->offset_within_address_space, section->size);
1742 ioport_register(&mrio->iorange);
1745 static void io_region_del(MemoryListener *listener,
1746 MemoryRegionSection *section)
1748 isa_unassign_ioport(section->offset_within_address_space, section->size);
1751 static MemoryListener core_memory_listener = {
1752 .begin = core_begin,
1753 .log_global_start = core_log_global_start,
1754 .log_global_stop = core_log_global_stop,
1758 static MemoryListener io_memory_listener = {
1759 .region_add = io_region_add,
1760 .region_del = io_region_del,
1764 static MemoryListener tcg_memory_listener = {
1765 .commit = tcg_commit,
1768 void address_space_init_dispatch(AddressSpace *as)
1770 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1772 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1773 d->listener = (MemoryListener) {
1775 .region_add = mem_add,
1776 .region_nop = mem_add,
1780 memory_listener_register(&d->listener, as);
1783 void address_space_destroy_dispatch(AddressSpace *as)
1785 AddressSpaceDispatch *d = as->dispatch;
1787 memory_listener_unregister(&d->listener);
1788 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1790 as->dispatch = NULL;
1793 static void memory_map_init(void)
1795 system_memory = g_malloc(sizeof(*system_memory));
1796 memory_region_init(system_memory, "system", INT64_MAX);
1797 address_space_init(&address_space_memory, system_memory);
1798 address_space_memory.name = "memory";
1800 system_io = g_malloc(sizeof(*system_io));
1801 memory_region_init(system_io, "io", 65536);
1802 address_space_init(&address_space_io, system_io);
1803 address_space_io.name = "I/O";
1805 memory_listener_register(&core_memory_listener, &address_space_memory);
1806 memory_listener_register(&io_memory_listener, &address_space_io);
1807 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1809 dma_context_init(&dma_context_memory, &address_space_memory,
1813 MemoryRegion *get_system_memory(void)
1815 return system_memory;
1818 MemoryRegion *get_system_io(void)
1823 #endif /* !defined(CONFIG_USER_ONLY) */
1825 /* physical memory access (slow version, mainly for debug) */
1826 #if defined(CONFIG_USER_ONLY)
1827 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1828 uint8_t *buf, int len, int is_write)
1835 page = addr & TARGET_PAGE_MASK;
1836 l = (page + TARGET_PAGE_SIZE) - addr;
1839 flags = page_get_flags(page);
1840 if (!(flags & PAGE_VALID))
1843 if (!(flags & PAGE_WRITE))
1845 /* XXX: this code should not depend on lock_user */
1846 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1849 unlock_user(p, addr, l);
1851 if (!(flags & PAGE_READ))
1853 /* XXX: this code should not depend on lock_user */
1854 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1857 unlock_user(p, addr, 0);
1868 static void invalidate_and_set_dirty(hwaddr addr,
1871 if (!cpu_physical_memory_is_dirty(addr)) {
1872 /* invalidate code */
1873 tb_invalidate_phys_page_range(addr, addr + length, 0);
1875 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1877 xen_modified_memory(addr, length);
1880 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1881 int len, bool is_write)
1883 AddressSpaceDispatch *d = as->dispatch;
1888 MemoryRegionSection *section;
1891 page = addr & TARGET_PAGE_MASK;
1892 l = (page + TARGET_PAGE_SIZE) - addr;
1895 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1898 if (!memory_region_is_ram(section->mr)) {
1900 addr1 = memory_region_section_addr(section, addr);
1901 /* XXX: could force cpu_single_env to NULL to avoid
1903 if (l >= 4 && ((addr1 & 3) == 0)) {
1904 /* 32 bit write access */
1906 io_mem_write(section->mr, addr1, val, 4);
1908 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1909 /* 16 bit write access */
1911 io_mem_write(section->mr, addr1, val, 2);
1914 /* 8 bit write access */
1916 io_mem_write(section->mr, addr1, val, 1);
1919 } else if (!section->readonly) {
1921 addr1 = memory_region_get_ram_addr(section->mr)
1922 + memory_region_section_addr(section, addr);
1924 ptr = qemu_get_ram_ptr(addr1);
1925 memcpy(ptr, buf, l);
1926 invalidate_and_set_dirty(addr1, l);
1927 qemu_put_ram_ptr(ptr);
1930 if (!(memory_region_is_ram(section->mr) ||
1931 memory_region_is_romd(section->mr))) {
1934 addr1 = memory_region_section_addr(section, addr);
1935 if (l >= 4 && ((addr1 & 3) == 0)) {
1936 /* 32 bit read access */
1937 val = io_mem_read(section->mr, addr1, 4);
1940 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1941 /* 16 bit read access */
1942 val = io_mem_read(section->mr, addr1, 2);
1946 /* 8 bit read access */
1947 val = io_mem_read(section->mr, addr1, 1);
1953 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1954 + memory_region_section_addr(section,
1956 memcpy(buf, ptr, l);
1957 qemu_put_ram_ptr(ptr);
1966 void address_space_write(AddressSpace *as, hwaddr addr,
1967 const uint8_t *buf, int len)
1969 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1973 * address_space_read: read from an address space.
1975 * @as: #AddressSpace to be accessed
1976 * @addr: address within that address space
1977 * @buf: buffer with the data transferred
1979 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1981 address_space_rw(as, addr, buf, len, false);
1985 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1986 int len, int is_write)
1988 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1991 /* used for ROM loading : can write in RAM and ROM */
1992 void cpu_physical_memory_write_rom(hwaddr addr,
1993 const uint8_t *buf, int len)
1995 AddressSpaceDispatch *d = address_space_memory.dispatch;
1999 MemoryRegionSection *section;
2002 page = addr & TARGET_PAGE_MASK;
2003 l = (page + TARGET_PAGE_SIZE) - addr;
2006 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2008 if (!(memory_region_is_ram(section->mr) ||
2009 memory_region_is_romd(section->mr))) {
2012 unsigned long addr1;
2013 addr1 = memory_region_get_ram_addr(section->mr)
2014 + memory_region_section_addr(section, addr);
2016 ptr = qemu_get_ram_ptr(addr1);
2017 memcpy(ptr, buf, l);
2018 invalidate_and_set_dirty(addr1, l);
2019 qemu_put_ram_ptr(ptr);
2033 static BounceBuffer bounce;
2035 typedef struct MapClient {
2037 void (*callback)(void *opaque);
2038 QLIST_ENTRY(MapClient) link;
2041 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2042 = QLIST_HEAD_INITIALIZER(map_client_list);
2044 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2046 MapClient *client = g_malloc(sizeof(*client));
2048 client->opaque = opaque;
2049 client->callback = callback;
2050 QLIST_INSERT_HEAD(&map_client_list, client, link);
2054 static void cpu_unregister_map_client(void *_client)
2056 MapClient *client = (MapClient *)_client;
2058 QLIST_REMOVE(client, link);
2062 static void cpu_notify_map_clients(void)
2066 while (!QLIST_EMPTY(&map_client_list)) {
2067 client = QLIST_FIRST(&map_client_list);
2068 client->callback(client->opaque);
2069 cpu_unregister_map_client(client);
2073 /* Map a physical memory region into a host virtual address.
2074 * May map a subset of the requested range, given by and returned in *plen.
2075 * May return NULL if resources needed to perform the mapping are exhausted.
2076 * Use only for reads OR writes - not for read-modify-write operations.
2077 * Use cpu_register_map_client() to know when retrying the map operation is
2078 * likely to succeed.
2080 void *address_space_map(AddressSpace *as,
2085 AddressSpaceDispatch *d = as->dispatch;
2090 MemoryRegionSection *section;
2091 ram_addr_t raddr = RAM_ADDR_MAX;
2096 page = addr & TARGET_PAGE_MASK;
2097 l = (page + TARGET_PAGE_SIZE) - addr;
2100 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2102 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2103 if (todo || bounce.buffer) {
2106 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2110 address_space_read(as, addr, bounce.buffer, l);
2114 return bounce.buffer;
2117 raddr = memory_region_get_ram_addr(section->mr)
2118 + memory_region_section_addr(section, addr);
2126 ret = qemu_ram_ptr_length(raddr, &rlen);
2131 /* Unmaps a memory region previously mapped by address_space_map().
2132 * Will also mark the memory as dirty if is_write == 1. access_len gives
2133 * the amount of memory that was actually read or written by the caller.
2135 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2136 int is_write, hwaddr access_len)
2138 if (buffer != bounce.buffer) {
2140 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2141 while (access_len) {
2143 l = TARGET_PAGE_SIZE;
2146 invalidate_and_set_dirty(addr1, l);
2151 if (xen_enabled()) {
2152 xen_invalidate_map_cache_entry(buffer);
2157 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2159 qemu_vfree(bounce.buffer);
2160 bounce.buffer = NULL;
2161 cpu_notify_map_clients();
2164 void *cpu_physical_memory_map(hwaddr addr,
2168 return address_space_map(&address_space_memory, addr, plen, is_write);
2171 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2172 int is_write, hwaddr access_len)
2174 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2177 /* warning: addr must be aligned */
2178 static inline uint32_t ldl_phys_internal(hwaddr addr,
2179 enum device_endian endian)
2183 MemoryRegionSection *section;
2185 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2187 if (!(memory_region_is_ram(section->mr) ||
2188 memory_region_is_romd(section->mr))) {
2190 addr = memory_region_section_addr(section, addr);
2191 val = io_mem_read(section->mr, addr, 4);
2192 #if defined(TARGET_WORDS_BIGENDIAN)
2193 if (endian == DEVICE_LITTLE_ENDIAN) {
2197 if (endian == DEVICE_BIG_ENDIAN) {
2203 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2205 + memory_region_section_addr(section, addr));
2207 case DEVICE_LITTLE_ENDIAN:
2208 val = ldl_le_p(ptr);
2210 case DEVICE_BIG_ENDIAN:
2211 val = ldl_be_p(ptr);
2221 uint32_t ldl_phys(hwaddr addr)
2223 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2226 uint32_t ldl_le_phys(hwaddr addr)
2228 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2231 uint32_t ldl_be_phys(hwaddr addr)
2233 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2236 /* warning: addr must be aligned */
2237 static inline uint64_t ldq_phys_internal(hwaddr addr,
2238 enum device_endian endian)
2242 MemoryRegionSection *section;
2244 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2246 if (!(memory_region_is_ram(section->mr) ||
2247 memory_region_is_romd(section->mr))) {
2249 addr = memory_region_section_addr(section, addr);
2251 /* XXX This is broken when device endian != cpu endian.
2252 Fix and add "endian" variable check */
2253 #ifdef TARGET_WORDS_BIGENDIAN
2254 val = io_mem_read(section->mr, addr, 4) << 32;
2255 val |= io_mem_read(section->mr, addr + 4, 4);
2257 val = io_mem_read(section->mr, addr, 4);
2258 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2262 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2264 + memory_region_section_addr(section, addr));
2266 case DEVICE_LITTLE_ENDIAN:
2267 val = ldq_le_p(ptr);
2269 case DEVICE_BIG_ENDIAN:
2270 val = ldq_be_p(ptr);
2280 uint64_t ldq_phys(hwaddr addr)
2282 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2285 uint64_t ldq_le_phys(hwaddr addr)
2287 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2290 uint64_t ldq_be_phys(hwaddr addr)
2292 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2296 uint32_t ldub_phys(hwaddr addr)
2299 cpu_physical_memory_read(addr, &val, 1);
2303 /* warning: addr must be aligned */
2304 static inline uint32_t lduw_phys_internal(hwaddr addr,
2305 enum device_endian endian)
2309 MemoryRegionSection *section;
2311 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2313 if (!(memory_region_is_ram(section->mr) ||
2314 memory_region_is_romd(section->mr))) {
2316 addr = memory_region_section_addr(section, addr);
2317 val = io_mem_read(section->mr, addr, 2);
2318 #if defined(TARGET_WORDS_BIGENDIAN)
2319 if (endian == DEVICE_LITTLE_ENDIAN) {
2323 if (endian == DEVICE_BIG_ENDIAN) {
2329 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2331 + memory_region_section_addr(section, addr));
2333 case DEVICE_LITTLE_ENDIAN:
2334 val = lduw_le_p(ptr);
2336 case DEVICE_BIG_ENDIAN:
2337 val = lduw_be_p(ptr);
2347 uint32_t lduw_phys(hwaddr addr)
2349 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2352 uint32_t lduw_le_phys(hwaddr addr)
2354 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2357 uint32_t lduw_be_phys(hwaddr addr)
2359 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2362 /* warning: addr must be aligned. The ram page is not masked as dirty
2363 and the code inside is not invalidated. It is useful if the dirty
2364 bits are used to track modified PTEs */
2365 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2368 MemoryRegionSection *section;
2370 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2372 if (!memory_region_is_ram(section->mr) || section->readonly) {
2373 addr = memory_region_section_addr(section, addr);
2374 if (memory_region_is_ram(section->mr)) {
2375 section = &phys_sections[phys_section_rom];
2377 io_mem_write(section->mr, addr, val, 4);
2379 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2381 + memory_region_section_addr(section, addr);
2382 ptr = qemu_get_ram_ptr(addr1);
2385 if (unlikely(in_migration)) {
2386 if (!cpu_physical_memory_is_dirty(addr1)) {
2387 /* invalidate code */
2388 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2390 cpu_physical_memory_set_dirty_flags(
2391 addr1, (0xff & ~CODE_DIRTY_FLAG));
2397 void stq_phys_notdirty(hwaddr addr, uint64_t val)
2400 MemoryRegionSection *section;
2402 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2404 if (!memory_region_is_ram(section->mr) || section->readonly) {
2405 addr = memory_region_section_addr(section, addr);
2406 if (memory_region_is_ram(section->mr)) {
2407 section = &phys_sections[phys_section_rom];
2409 #ifdef TARGET_WORDS_BIGENDIAN
2410 io_mem_write(section->mr, addr, val >> 32, 4);
2411 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
2413 io_mem_write(section->mr, addr, (uint32_t)val, 4);
2414 io_mem_write(section->mr, addr + 4, val >> 32, 4);
2417 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2419 + memory_region_section_addr(section, addr));
2424 /* warning: addr must be aligned */
2425 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2426 enum device_endian endian)
2429 MemoryRegionSection *section;
2431 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2433 if (!memory_region_is_ram(section->mr) || section->readonly) {
2434 addr = memory_region_section_addr(section, addr);
2435 if (memory_region_is_ram(section->mr)) {
2436 section = &phys_sections[phys_section_rom];
2438 #if defined(TARGET_WORDS_BIGENDIAN)
2439 if (endian == DEVICE_LITTLE_ENDIAN) {
2443 if (endian == DEVICE_BIG_ENDIAN) {
2447 io_mem_write(section->mr, addr, val, 4);
2449 unsigned long addr1;
2450 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2451 + memory_region_section_addr(section, addr);
2453 ptr = qemu_get_ram_ptr(addr1);
2455 case DEVICE_LITTLE_ENDIAN:
2458 case DEVICE_BIG_ENDIAN:
2465 invalidate_and_set_dirty(addr1, 4);
2469 void stl_phys(hwaddr addr, uint32_t val)
2471 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2474 void stl_le_phys(hwaddr addr, uint32_t val)
2476 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2479 void stl_be_phys(hwaddr addr, uint32_t val)
2481 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2485 void stb_phys(hwaddr addr, uint32_t val)
2488 cpu_physical_memory_write(addr, &v, 1);
2491 /* warning: addr must be aligned */
2492 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2493 enum device_endian endian)
2496 MemoryRegionSection *section;
2498 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2500 if (!memory_region_is_ram(section->mr) || section->readonly) {
2501 addr = memory_region_section_addr(section, addr);
2502 if (memory_region_is_ram(section->mr)) {
2503 section = &phys_sections[phys_section_rom];
2505 #if defined(TARGET_WORDS_BIGENDIAN)
2506 if (endian == DEVICE_LITTLE_ENDIAN) {
2510 if (endian == DEVICE_BIG_ENDIAN) {
2514 io_mem_write(section->mr, addr, val, 2);
2516 unsigned long addr1;
2517 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2518 + memory_region_section_addr(section, addr);
2520 ptr = qemu_get_ram_ptr(addr1);
2522 case DEVICE_LITTLE_ENDIAN:
2525 case DEVICE_BIG_ENDIAN:
2532 invalidate_and_set_dirty(addr1, 2);
2536 void stw_phys(hwaddr addr, uint32_t val)
2538 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2541 void stw_le_phys(hwaddr addr, uint32_t val)
2543 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2546 void stw_be_phys(hwaddr addr, uint32_t val)
2548 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2552 void stq_phys(hwaddr addr, uint64_t val)
2555 cpu_physical_memory_write(addr, &val, 8);
2558 void stq_le_phys(hwaddr addr, uint64_t val)
2560 val = cpu_to_le64(val);
2561 cpu_physical_memory_write(addr, &val, 8);
2564 void stq_be_phys(hwaddr addr, uint64_t val)
2566 val = cpu_to_be64(val);
2567 cpu_physical_memory_write(addr, &val, 8);
2570 /* virtual memory access for debug (includes writing to ROM) */
2571 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2572 uint8_t *buf, int len, int is_write)
2579 page = addr & TARGET_PAGE_MASK;
2580 phys_addr = cpu_get_phys_page_debug(env, page);
2581 /* if no physical page mapped, return an error */
2582 if (phys_addr == -1)
2584 l = (page + TARGET_PAGE_SIZE) - addr;
2587 phys_addr += (addr & ~TARGET_PAGE_MASK);
2589 cpu_physical_memory_write_rom(phys_addr, buf, l);
2591 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2600 #if !defined(CONFIG_USER_ONLY)
2603 * A helper function for the _utterly broken_ virtio device model to find out if
2604 * it's running on a big endian machine. Don't do this at home kids!
2606 bool virtio_is_big_endian(void);
2607 bool virtio_is_big_endian(void)
2609 #if defined(TARGET_WORDS_BIGENDIAN)
2618 #ifndef CONFIG_USER_ONLY
2619 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2621 MemoryRegionSection *section;
2623 section = phys_page_find(address_space_memory.dispatch,
2624 phys_addr >> TARGET_PAGE_BITS);
2626 return !(memory_region_is_ram(section->mr) ||
2627 memory_region_is_romd(section->mr));
projects / qemu.git / blob