2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
36 #include "qemu-common.h"
41 #if defined(CONFIG_USER_ONLY)
45 //#define DEBUG_TB_INVALIDATE
48 //#define DEBUG_UNASSIGNED
50 /* make various TB consistency checks */
51 //#define DEBUG_TB_CHECK
52 //#define DEBUG_TLB_CHECK
54 //#define DEBUG_IOPORT
55 //#define DEBUG_SUBPAGE
57 #if !defined(CONFIG_USER_ONLY)
58 /* TB consistency checks only implemented for usermode emulation. */
62 #define SMC_BITMAP_USE_THRESHOLD 10
64 #if defined(TARGET_SPARC64)
65 #define TARGET_PHYS_ADDR_SPACE_BITS 41
66 #elif defined(TARGET_SPARC)
67 #define TARGET_PHYS_ADDR_SPACE_BITS 36
68 #elif defined(TARGET_ALPHA)
69 #define TARGET_PHYS_ADDR_SPACE_BITS 42
70 #define TARGET_VIRT_ADDR_SPACE_BITS 42
71 #elif defined(TARGET_PPC64)
72 #define TARGET_PHYS_ADDR_SPACE_BITS 42
73 #elif defined(TARGET_X86_64)
74 #define TARGET_PHYS_ADDR_SPACE_BITS 42
75 #elif defined(TARGET_I386)
76 #define TARGET_PHYS_ADDR_SPACE_BITS 36
78 #define TARGET_PHYS_ADDR_SPACE_BITS 32
81 static TranslationBlock *tbs;
82 int code_gen_max_blocks;
83 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
85 /* any access to the tbs or the page table must use this lock */
86 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
88 #if defined(__arm__) || defined(__sparc_v9__)
89 /* The prologue must be reachable with a direct jump. ARM and Sparc64
90 have limited branch ranges (possibly also PPC) so place it in a
91 section close to code segment. */
92 #define code_gen_section \
93 __attribute__((__section__(".gen_code"))) \
94 __attribute__((aligned (32)))
96 /* Maximum alignment for Win32 is 16. */
97 #define code_gen_section \
98 __attribute__((aligned (16)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
113 uint8_t *phys_ram_dirty;
114 static int in_migration;
116 typedef struct RAMBlock {
120 struct RAMBlock *next;
123 static RAMBlock *ram_blocks;
124 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
125 then we can no longer assume contiguous ram offsets, and external uses
126 of this variable will break. */
127 ram_addr_t last_ram_offset;
131 /* current CPU in the current thread. It is only valid inside
133 CPUState *cpu_single_env;
134 /* 0 = Do not count executed instructions.
135 1 = Precise instruction counting.
136 2 = Adaptive rate instruction counting. */
138 /* Current instruction counter. While executing translated code this may
139 include some instructions that have not yet been executed. */
142 typedef struct PageDesc {
143 /* list of TBs intersecting this ram page */
144 TranslationBlock *first_tb;
145 /* in order to optimize self modifying code, we count the number
146 of lookups we do to a given page to use a bitmap */
147 unsigned int code_write_count;
148 uint8_t *code_bitmap;
149 #if defined(CONFIG_USER_ONLY)
154 typedef struct PhysPageDesc {
155 /* offset in host memory of the page + io_index in the low bits */
156 ram_addr_t phys_offset;
157 ram_addr_t region_offset;
161 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
162 /* XXX: this is a temporary hack for alpha target.
163 * In the future, this is to be replaced by a multi-level table
164 * to actually be able to handle the complete 64 bits address space.
166 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
168 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
171 #define L1_SIZE (1 << L1_BITS)
172 #define L2_SIZE (1 << L2_BITS)
174 unsigned long qemu_real_host_page_size;
175 unsigned long qemu_host_page_bits;
176 unsigned long qemu_host_page_size;
177 unsigned long qemu_host_page_mask;
179 /* XXX: for system emulation, it could just be an array */
180 static PageDesc *l1_map[L1_SIZE];
181 static PhysPageDesc **l1_phys_map;
183 #if !defined(CONFIG_USER_ONLY)
184 static void io_mem_init(void);
186 /* io memory support */
187 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
188 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
189 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
190 static char io_mem_used[IO_MEM_NB_ENTRIES];
191 static int io_mem_watch;
195 static const char *logfilename = "/tmp/qemu.log";
198 static int log_append = 0;
201 static int tlb_flush_count;
202 static int tb_flush_count;
203 static int tb_phys_invalidate_count;
205 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
206 typedef struct subpage_t {
207 target_phys_addr_t base;
208 CPUReadMemoryFunc * const *mem_read[TARGET_PAGE_SIZE][4];
209 CPUWriteMemoryFunc * const *mem_write[TARGET_PAGE_SIZE][4];
210 void *opaque[TARGET_PAGE_SIZE][2][4];
211 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
215 static void map_exec(void *addr, long size)
218 VirtualProtect(addr, size,
219 PAGE_EXECUTE_READWRITE, &old_protect);
223 static void map_exec(void *addr, long size)
225 unsigned long start, end, page_size;
227 page_size = getpagesize();
228 start = (unsigned long)addr;
229 start &= ~(page_size - 1);
231 end = (unsigned long)addr + size;
232 end += page_size - 1;
233 end &= ~(page_size - 1);
235 mprotect((void *)start, end - start,
236 PROT_READ | PROT_WRITE | PROT_EXEC);
240 static void page_init(void)
242 /* NOTE: we can always suppose that qemu_host_page_size >=
246 SYSTEM_INFO system_info;
248 GetSystemInfo(&system_info);
249 qemu_real_host_page_size = system_info.dwPageSize;
252 qemu_real_host_page_size = getpagesize();
254 if (qemu_host_page_size == 0)
255 qemu_host_page_size = qemu_real_host_page_size;
256 if (qemu_host_page_size < TARGET_PAGE_SIZE)
257 qemu_host_page_size = TARGET_PAGE_SIZE;
258 qemu_host_page_bits = 0;
259 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
260 qemu_host_page_bits++;
261 qemu_host_page_mask = ~(qemu_host_page_size - 1);
262 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
263 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
265 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
267 long long startaddr, endaddr;
272 last_brk = (unsigned long)sbrk(0);
273 f = fopen("/proc/self/maps", "r");
276 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
278 startaddr = MIN(startaddr,
279 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
280 endaddr = MIN(endaddr,
281 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
282 page_set_flags(startaddr & TARGET_PAGE_MASK,
283 TARGET_PAGE_ALIGN(endaddr),
294 static inline PageDesc **page_l1_map(target_ulong index)
296 #if TARGET_LONG_BITS > 32
297 /* Host memory outside guest VM. For 32-bit targets we have already
298 excluded high addresses. */
299 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
302 return &l1_map[index >> L2_BITS];
305 static inline PageDesc *page_find_alloc(target_ulong index)
308 lp = page_l1_map(index);
314 /* allocate if not found */
315 #if defined(CONFIG_USER_ONLY)
316 size_t len = sizeof(PageDesc) * L2_SIZE;
317 /* Don't use qemu_malloc because it may recurse. */
318 p = mmap(NULL, len, PROT_READ | PROT_WRITE,
319 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
322 unsigned long addr = h2g(p);
323 page_set_flags(addr & TARGET_PAGE_MASK,
324 TARGET_PAGE_ALIGN(addr + len),
328 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
332 return p + (index & (L2_SIZE - 1));
335 static inline PageDesc *page_find(target_ulong index)
338 lp = page_l1_map(index);
346 return p + (index & (L2_SIZE - 1));
349 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
354 p = (void **)l1_phys_map;
355 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
357 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
358 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
360 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
363 /* allocate if not found */
366 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
367 memset(p, 0, sizeof(void *) * L1_SIZE);
371 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
375 /* allocate if not found */
378 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
380 for (i = 0; i < L2_SIZE; i++) {
381 pd[i].phys_offset = IO_MEM_UNASSIGNED;
382 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
385 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
388 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
390 return phys_page_find_alloc(index, 0);
393 #if !defined(CONFIG_USER_ONLY)
394 static void tlb_protect_code(ram_addr_t ram_addr);
395 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
397 #define mmap_lock() do { } while(0)
398 #define mmap_unlock() do { } while(0)
401 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
403 #if defined(CONFIG_USER_ONLY)
404 /* Currently it is not recommended to allocate big chunks of data in
405 user mode. It will change when a dedicated libc will be used */
406 #define USE_STATIC_CODE_GEN_BUFFER
409 #ifdef USE_STATIC_CODE_GEN_BUFFER
410 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
413 static void code_gen_alloc(unsigned long tb_size)
415 #ifdef USE_STATIC_CODE_GEN_BUFFER
416 code_gen_buffer = static_code_gen_buffer;
417 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
418 map_exec(code_gen_buffer, code_gen_buffer_size);
420 code_gen_buffer_size = tb_size;
421 if (code_gen_buffer_size == 0) {
422 #if defined(CONFIG_USER_ONLY)
423 /* in user mode, phys_ram_size is not meaningful */
424 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
426 /* XXX: needs adjustments */
427 code_gen_buffer_size = (unsigned long)(ram_size / 4);
430 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
431 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
432 /* The code gen buffer location may have constraints depending on
433 the host cpu and OS */
434 #if defined(__linux__)
439 flags = MAP_PRIVATE | MAP_ANONYMOUS;
440 #if defined(__x86_64__)
442 /* Cannot map more than that */
443 if (code_gen_buffer_size > (800 * 1024 * 1024))
444 code_gen_buffer_size = (800 * 1024 * 1024);
445 #elif defined(__sparc_v9__)
446 // Map the buffer below 2G, so we can use direct calls and branches
448 start = (void *) 0x60000000UL;
449 if (code_gen_buffer_size > (512 * 1024 * 1024))
450 code_gen_buffer_size = (512 * 1024 * 1024);
451 #elif defined(__arm__)
452 /* Map the buffer below 32M, so we can use direct calls and branches */
454 start = (void *) 0x01000000UL;
455 if (code_gen_buffer_size > 16 * 1024 * 1024)
456 code_gen_buffer_size = 16 * 1024 * 1024;
458 code_gen_buffer = mmap(start, code_gen_buffer_size,
459 PROT_WRITE | PROT_READ | PROT_EXEC,
461 if (code_gen_buffer == MAP_FAILED) {
462 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
466 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
470 flags = MAP_PRIVATE | MAP_ANONYMOUS;
471 #if defined(__x86_64__)
472 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
473 * 0x40000000 is free */
475 addr = (void *)0x40000000;
476 /* Cannot map more than that */
477 if (code_gen_buffer_size > (800 * 1024 * 1024))
478 code_gen_buffer_size = (800 * 1024 * 1024);
480 code_gen_buffer = mmap(addr, code_gen_buffer_size,
481 PROT_WRITE | PROT_READ | PROT_EXEC,
483 if (code_gen_buffer == MAP_FAILED) {
484 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
489 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
490 map_exec(code_gen_buffer, code_gen_buffer_size);
492 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
493 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
494 code_gen_buffer_max_size = code_gen_buffer_size -
495 code_gen_max_block_size();
496 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
497 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
500 /* Must be called before using the QEMU cpus. 'tb_size' is the size
501 (in bytes) allocated to the translation buffer. Zero means default
503 void cpu_exec_init_all(unsigned long tb_size)
506 code_gen_alloc(tb_size);
507 code_gen_ptr = code_gen_buffer;
509 #if !defined(CONFIG_USER_ONLY)
514 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
516 static void cpu_common_pre_save(void *opaque)
518 CPUState *env = opaque;
520 cpu_synchronize_state(env);
523 static int cpu_common_pre_load(void *opaque)
525 CPUState *env = opaque;
527 cpu_synchronize_state(env);
531 static int cpu_common_post_load(void *opaque, int version_id)
533 CPUState *env = opaque;
535 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
536 version_id is increased. */
537 env->interrupt_request &= ~0x01;
543 static const VMStateDescription vmstate_cpu_common = {
544 .name = "cpu_common",
546 .minimum_version_id = 1,
547 .minimum_version_id_old = 1,
548 .pre_save = cpu_common_pre_save,
549 .pre_load = cpu_common_pre_load,
550 .post_load = cpu_common_post_load,
551 .fields = (VMStateField []) {
552 VMSTATE_UINT32(halted, CPUState),
553 VMSTATE_UINT32(interrupt_request, CPUState),
554 VMSTATE_END_OF_LIST()
559 CPUState *qemu_get_cpu(int cpu)
561 CPUState *env = first_cpu;
564 if (env->cpu_index == cpu)
572 void cpu_exec_init(CPUState *env)
577 #if defined(CONFIG_USER_ONLY)
580 env->next_cpu = NULL;
583 while (*penv != NULL) {
584 penv = &(*penv)->next_cpu;
587 env->cpu_index = cpu_index;
589 QTAILQ_INIT(&env->breakpoints);
590 QTAILQ_INIT(&env->watchpoints);
592 #if defined(CONFIG_USER_ONLY)
595 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
596 vmstate_register(cpu_index, &vmstate_cpu_common, env);
597 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
598 cpu_save, cpu_load, env);
602 static inline void invalidate_page_bitmap(PageDesc *p)
604 if (p->code_bitmap) {
605 qemu_free(p->code_bitmap);
606 p->code_bitmap = NULL;
608 p->code_write_count = 0;
611 /* set to NULL all the 'first_tb' fields in all PageDescs */
612 static void page_flush_tb(void)
617 for(i = 0; i < L1_SIZE; i++) {
620 for(j = 0; j < L2_SIZE; j++) {
622 invalidate_page_bitmap(p);
629 /* flush all the translation blocks */
630 /* XXX: tb_flush is currently not thread safe */
631 void tb_flush(CPUState *env1)
634 #if defined(DEBUG_FLUSH)
635 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
636 (unsigned long)(code_gen_ptr - code_gen_buffer),
638 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
640 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
641 cpu_abort(env1, "Internal error: code buffer overflow\n");
645 for(env = first_cpu; env != NULL; env = env->next_cpu) {
646 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
649 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
652 code_gen_ptr = code_gen_buffer;
653 /* XXX: flush processor icache at this point if cache flush is
658 #ifdef DEBUG_TB_CHECK
660 static void tb_invalidate_check(target_ulong address)
662 TranslationBlock *tb;
664 address &= TARGET_PAGE_MASK;
665 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
666 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
667 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
668 address >= tb->pc + tb->size)) {
669 printf("ERROR invalidate: address=" TARGET_FMT_lx
670 " PC=%08lx size=%04x\n",
671 address, (long)tb->pc, tb->size);
677 /* verify that all the pages have correct rights for code */
678 static void tb_page_check(void)
680 TranslationBlock *tb;
681 int i, flags1, flags2;
683 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
684 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
685 flags1 = page_get_flags(tb->pc);
686 flags2 = page_get_flags(tb->pc + tb->size - 1);
687 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
688 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
689 (long)tb->pc, tb->size, flags1, flags2);
697 /* invalidate one TB */
698 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
701 TranslationBlock *tb1;
705 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
708 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
712 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
714 TranslationBlock *tb1;
720 tb1 = (TranslationBlock *)((long)tb1 & ~3);
722 *ptb = tb1->page_next[n1];
725 ptb = &tb1->page_next[n1];
729 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
731 TranslationBlock *tb1, **ptb;
734 ptb = &tb->jmp_next[n];
737 /* find tb(n) in circular list */
741 tb1 = (TranslationBlock *)((long)tb1 & ~3);
742 if (n1 == n && tb1 == tb)
745 ptb = &tb1->jmp_first;
747 ptb = &tb1->jmp_next[n1];
750 /* now we can suppress tb(n) from the list */
751 *ptb = tb->jmp_next[n];
753 tb->jmp_next[n] = NULL;
757 /* reset the jump entry 'n' of a TB so that it is not chained to
759 static inline void tb_reset_jump(TranslationBlock *tb, int n)
761 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
764 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
769 target_phys_addr_t phys_pc;
770 TranslationBlock *tb1, *tb2;
772 /* remove the TB from the hash list */
773 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
774 h = tb_phys_hash_func(phys_pc);
775 tb_remove(&tb_phys_hash[h], tb,
776 offsetof(TranslationBlock, phys_hash_next));
778 /* remove the TB from the page list */
779 if (tb->page_addr[0] != page_addr) {
780 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
781 tb_page_remove(&p->first_tb, tb);
782 invalidate_page_bitmap(p);
784 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
785 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
786 tb_page_remove(&p->first_tb, tb);
787 invalidate_page_bitmap(p);
790 tb_invalidated_flag = 1;
792 /* remove the TB from the hash list */
793 h = tb_jmp_cache_hash_func(tb->pc);
794 for(env = first_cpu; env != NULL; env = env->next_cpu) {
795 if (env->tb_jmp_cache[h] == tb)
796 env->tb_jmp_cache[h] = NULL;
799 /* suppress this TB from the two jump lists */
800 tb_jmp_remove(tb, 0);
801 tb_jmp_remove(tb, 1);
803 /* suppress any remaining jumps to this TB */
809 tb1 = (TranslationBlock *)((long)tb1 & ~3);
810 tb2 = tb1->jmp_next[n1];
811 tb_reset_jump(tb1, n1);
812 tb1->jmp_next[n1] = NULL;
815 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
817 tb_phys_invalidate_count++;
820 static inline void set_bits(uint8_t *tab, int start, int len)
826 mask = 0xff << (start & 7);
827 if ((start & ~7) == (end & ~7)) {
829 mask &= ~(0xff << (end & 7));
834 start = (start + 8) & ~7;
836 while (start < end1) {
841 mask = ~(0xff << (end & 7));
847 static void build_page_bitmap(PageDesc *p)
849 int n, tb_start, tb_end;
850 TranslationBlock *tb;
852 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
857 tb = (TranslationBlock *)((long)tb & ~3);
858 /* NOTE: this is subtle as a TB may span two physical pages */
860 /* NOTE: tb_end may be after the end of the page, but
861 it is not a problem */
862 tb_start = tb->pc & ~TARGET_PAGE_MASK;
863 tb_end = tb_start + tb->size;
864 if (tb_end > TARGET_PAGE_SIZE)
865 tb_end = TARGET_PAGE_SIZE;
868 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
870 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
871 tb = tb->page_next[n];
875 TranslationBlock *tb_gen_code(CPUState *env,
876 target_ulong pc, target_ulong cs_base,
877 int flags, int cflags)
879 TranslationBlock *tb;
881 target_ulong phys_pc, phys_page2, virt_page2;
884 phys_pc = get_phys_addr_code(env, pc);
887 /* flush must be done */
889 /* cannot fail at this point */
891 /* Don't forget to invalidate previous TB info. */
892 tb_invalidated_flag = 1;
894 tc_ptr = code_gen_ptr;
896 tb->cs_base = cs_base;
899 cpu_gen_code(env, tb, &code_gen_size);
900 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
902 /* check next page if needed */
903 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
905 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
906 phys_page2 = get_phys_addr_code(env, virt_page2);
908 tb_link_phys(tb, phys_pc, phys_page2);
912 /* invalidate all TBs which intersect with the target physical page
913 starting in range [start;end[. NOTE: start and end must refer to
914 the same physical page. 'is_cpu_write_access' should be true if called
915 from a real cpu write access: the virtual CPU will exit the current
916 TB if code is modified inside this TB. */
917 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
918 int is_cpu_write_access)
920 TranslationBlock *tb, *tb_next, *saved_tb;
921 CPUState *env = cpu_single_env;
922 target_ulong tb_start, tb_end;
925 #ifdef TARGET_HAS_PRECISE_SMC
926 int current_tb_not_found = is_cpu_write_access;
927 TranslationBlock *current_tb = NULL;
928 int current_tb_modified = 0;
929 target_ulong current_pc = 0;
930 target_ulong current_cs_base = 0;
931 int current_flags = 0;
932 #endif /* TARGET_HAS_PRECISE_SMC */
934 p = page_find(start >> TARGET_PAGE_BITS);
937 if (!p->code_bitmap &&
938 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
939 is_cpu_write_access) {
940 /* build code bitmap */
941 build_page_bitmap(p);
944 /* we remove all the TBs in the range [start, end[ */
945 /* XXX: see if in some cases it could be faster to invalidate all the code */
949 tb = (TranslationBlock *)((long)tb & ~3);
950 tb_next = tb->page_next[n];
951 /* NOTE: this is subtle as a TB may span two physical pages */
953 /* NOTE: tb_end may be after the end of the page, but
954 it is not a problem */
955 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
956 tb_end = tb_start + tb->size;
958 tb_start = tb->page_addr[1];
959 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
961 if (!(tb_end <= start || tb_start >= end)) {
962 #ifdef TARGET_HAS_PRECISE_SMC
963 if (current_tb_not_found) {
964 current_tb_not_found = 0;
966 if (env->mem_io_pc) {
967 /* now we have a real cpu fault */
968 current_tb = tb_find_pc(env->mem_io_pc);
971 if (current_tb == tb &&
972 (current_tb->cflags & CF_COUNT_MASK) != 1) {
973 /* If we are modifying the current TB, we must stop
974 its execution. We could be more precise by checking
975 that the modification is after the current PC, but it
976 would require a specialized function to partially
977 restore the CPU state */
979 current_tb_modified = 1;
980 cpu_restore_state(current_tb, env,
981 env->mem_io_pc, NULL);
982 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
985 #endif /* TARGET_HAS_PRECISE_SMC */
986 /* we need to do that to handle the case where a signal
987 occurs while doing tb_phys_invalidate() */
990 saved_tb = env->current_tb;
991 env->current_tb = NULL;
993 tb_phys_invalidate(tb, -1);
995 env->current_tb = saved_tb;
996 if (env->interrupt_request && env->current_tb)
997 cpu_interrupt(env, env->interrupt_request);
1002 #if !defined(CONFIG_USER_ONLY)
1003 /* if no code remaining, no need to continue to use slow writes */
1005 invalidate_page_bitmap(p);
1006 if (is_cpu_write_access) {
1007 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1011 #ifdef TARGET_HAS_PRECISE_SMC
1012 if (current_tb_modified) {
1013 /* we generate a block containing just the instruction
1014 modifying the memory. It will ensure that it cannot modify
1016 env->current_tb = NULL;
1017 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1018 cpu_resume_from_signal(env, NULL);
1023 /* len must be <= 8 and start must be a multiple of len */
1024 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1030 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1031 cpu_single_env->mem_io_vaddr, len,
1032 cpu_single_env->eip,
1033 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1036 p = page_find(start >> TARGET_PAGE_BITS);
1039 if (p->code_bitmap) {
1040 offset = start & ~TARGET_PAGE_MASK;
1041 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1042 if (b & ((1 << len) - 1))
1046 tb_invalidate_phys_page_range(start, start + len, 1);
1050 #if !defined(CONFIG_SOFTMMU)
1051 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1052 unsigned long pc, void *puc)
1054 TranslationBlock *tb;
1057 #ifdef TARGET_HAS_PRECISE_SMC
1058 TranslationBlock *current_tb = NULL;
1059 CPUState *env = cpu_single_env;
1060 int current_tb_modified = 0;
1061 target_ulong current_pc = 0;
1062 target_ulong current_cs_base = 0;
1063 int current_flags = 0;
1066 addr &= TARGET_PAGE_MASK;
1067 p = page_find(addr >> TARGET_PAGE_BITS);
1071 #ifdef TARGET_HAS_PRECISE_SMC
1072 if (tb && pc != 0) {
1073 current_tb = tb_find_pc(pc);
1076 while (tb != NULL) {
1078 tb = (TranslationBlock *)((long)tb & ~3);
1079 #ifdef TARGET_HAS_PRECISE_SMC
1080 if (current_tb == tb &&
1081 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1082 /* If we are modifying the current TB, we must stop
1083 its execution. We could be more precise by checking
1084 that the modification is after the current PC, but it
1085 would require a specialized function to partially
1086 restore the CPU state */
1088 current_tb_modified = 1;
1089 cpu_restore_state(current_tb, env, pc, puc);
1090 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1093 #endif /* TARGET_HAS_PRECISE_SMC */
1094 tb_phys_invalidate(tb, addr);
1095 tb = tb->page_next[n];
1098 #ifdef TARGET_HAS_PRECISE_SMC
1099 if (current_tb_modified) {
1100 /* we generate a block containing just the instruction
1101 modifying the memory. It will ensure that it cannot modify
1103 env->current_tb = NULL;
1104 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1105 cpu_resume_from_signal(env, puc);
1111 /* add the tb in the target page and protect it if necessary */
1112 static inline void tb_alloc_page(TranslationBlock *tb,
1113 unsigned int n, target_ulong page_addr)
1116 TranslationBlock *last_first_tb;
1118 tb->page_addr[n] = page_addr;
1119 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1120 tb->page_next[n] = p->first_tb;
1121 last_first_tb = p->first_tb;
1122 p->first_tb = (TranslationBlock *)((long)tb | n);
1123 invalidate_page_bitmap(p);
1125 #if defined(TARGET_HAS_SMC) || 1
1127 #if defined(CONFIG_USER_ONLY)
1128 if (p->flags & PAGE_WRITE) {
1133 /* force the host page as non writable (writes will have a
1134 page fault + mprotect overhead) */
1135 page_addr &= qemu_host_page_mask;
1137 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1138 addr += TARGET_PAGE_SIZE) {
1140 p2 = page_find (addr >> TARGET_PAGE_BITS);
1144 p2->flags &= ~PAGE_WRITE;
1145 page_get_flags(addr);
1147 mprotect(g2h(page_addr), qemu_host_page_size,
1148 (prot & PAGE_BITS) & ~PAGE_WRITE);
1149 #ifdef DEBUG_TB_INVALIDATE
1150 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1155 /* if some code is already present, then the pages are already
1156 protected. So we handle the case where only the first TB is
1157 allocated in a physical page */
1158 if (!last_first_tb) {
1159 tlb_protect_code(page_addr);
1163 #endif /* TARGET_HAS_SMC */
1166 /* Allocate a new translation block. Flush the translation buffer if
1167 too many translation blocks or too much generated code. */
1168 TranslationBlock *tb_alloc(target_ulong pc)
1170 TranslationBlock *tb;
1172 if (nb_tbs >= code_gen_max_blocks ||
1173 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1175 tb = &tbs[nb_tbs++];
1181 void tb_free(TranslationBlock *tb)
1183 /* In practice this is mostly used for single use temporary TB
1184 Ignore the hard cases and just back up if this TB happens to
1185 be the last one generated. */
1186 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1187 code_gen_ptr = tb->tc_ptr;
1192 /* add a new TB and link it to the physical page tables. phys_page2 is
1193 (-1) to indicate that only one page contains the TB. */
1194 void tb_link_phys(TranslationBlock *tb,
1195 target_ulong phys_pc, target_ulong phys_page2)
1198 TranslationBlock **ptb;
1200 /* Grab the mmap lock to stop another thread invalidating this TB
1201 before we are done. */
1203 /* add in the physical hash table */
1204 h = tb_phys_hash_func(phys_pc);
1205 ptb = &tb_phys_hash[h];
1206 tb->phys_hash_next = *ptb;
1209 /* add in the page list */
1210 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1211 if (phys_page2 != -1)
1212 tb_alloc_page(tb, 1, phys_page2);
1214 tb->page_addr[1] = -1;
1216 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1217 tb->jmp_next[0] = NULL;
1218 tb->jmp_next[1] = NULL;
1220 /* init original jump addresses */
1221 if (tb->tb_next_offset[0] != 0xffff)
1222 tb_reset_jump(tb, 0);
1223 if (tb->tb_next_offset[1] != 0xffff)
1224 tb_reset_jump(tb, 1);
1226 #ifdef DEBUG_TB_CHECK
1232 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1233 tb[1].tc_ptr. Return NULL if not found */
1234 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1236 int m_min, m_max, m;
1238 TranslationBlock *tb;
1242 if (tc_ptr < (unsigned long)code_gen_buffer ||
1243 tc_ptr >= (unsigned long)code_gen_ptr)
1245 /* binary search (cf Knuth) */
1248 while (m_min <= m_max) {
1249 m = (m_min + m_max) >> 1;
1251 v = (unsigned long)tb->tc_ptr;
1254 else if (tc_ptr < v) {
1263 static void tb_reset_jump_recursive(TranslationBlock *tb);
1265 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1267 TranslationBlock *tb1, *tb_next, **ptb;
1270 tb1 = tb->jmp_next[n];
1272 /* find head of list */
1275 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1278 tb1 = tb1->jmp_next[n1];
1280 /* we are now sure now that tb jumps to tb1 */
1283 /* remove tb from the jmp_first list */
1284 ptb = &tb_next->jmp_first;
1288 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1289 if (n1 == n && tb1 == tb)
1291 ptb = &tb1->jmp_next[n1];
1293 *ptb = tb->jmp_next[n];
1294 tb->jmp_next[n] = NULL;
1296 /* suppress the jump to next tb in generated code */
1297 tb_reset_jump(tb, n);
1299 /* suppress jumps in the tb on which we could have jumped */
1300 tb_reset_jump_recursive(tb_next);
1304 static void tb_reset_jump_recursive(TranslationBlock *tb)
1306 tb_reset_jump_recursive2(tb, 0);
1307 tb_reset_jump_recursive2(tb, 1);
1310 #if defined(TARGET_HAS_ICE)
1311 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1313 target_phys_addr_t addr;
1315 ram_addr_t ram_addr;
1318 addr = cpu_get_phys_page_debug(env, pc);
1319 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1321 pd = IO_MEM_UNASSIGNED;
1323 pd = p->phys_offset;
1325 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1326 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1330 /* Add a watchpoint. */
1331 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1332 int flags, CPUWatchpoint **watchpoint)
1334 target_ulong len_mask = ~(len - 1);
1337 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1338 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1339 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1340 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1343 wp = qemu_malloc(sizeof(*wp));
1346 wp->len_mask = len_mask;
1349 /* keep all GDB-injected watchpoints in front */
1351 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1353 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1355 tlb_flush_page(env, addr);
1362 /* Remove a specific watchpoint. */
1363 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1366 target_ulong len_mask = ~(len - 1);
1369 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1370 if (addr == wp->vaddr && len_mask == wp->len_mask
1371 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1372 cpu_watchpoint_remove_by_ref(env, wp);
1379 /* Remove a specific watchpoint by reference. */
1380 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1382 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1384 tlb_flush_page(env, watchpoint->vaddr);
1386 qemu_free(watchpoint);
1389 /* Remove all matching watchpoints. */
1390 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1392 CPUWatchpoint *wp, *next;
1394 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1395 if (wp->flags & mask)
1396 cpu_watchpoint_remove_by_ref(env, wp);
1400 /* Add a breakpoint. */
1401 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1402 CPUBreakpoint **breakpoint)
1404 #if defined(TARGET_HAS_ICE)
1407 bp = qemu_malloc(sizeof(*bp));
1412 /* keep all GDB-injected breakpoints in front */
1414 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1416 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1418 breakpoint_invalidate(env, pc);
1428 /* Remove a specific breakpoint. */
1429 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1431 #if defined(TARGET_HAS_ICE)
1434 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1435 if (bp->pc == pc && bp->flags == flags) {
1436 cpu_breakpoint_remove_by_ref(env, bp);
1446 /* Remove a specific breakpoint by reference. */
1447 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1449 #if defined(TARGET_HAS_ICE)
1450 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1452 breakpoint_invalidate(env, breakpoint->pc);
1454 qemu_free(breakpoint);
1458 /* Remove all matching breakpoints. */
1459 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1461 #if defined(TARGET_HAS_ICE)
1462 CPUBreakpoint *bp, *next;
1464 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1465 if (bp->flags & mask)
1466 cpu_breakpoint_remove_by_ref(env, bp);
1471 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1472 CPU loop after each instruction */
1473 void cpu_single_step(CPUState *env, int enabled)
1475 #if defined(TARGET_HAS_ICE)
1476 if (env->singlestep_enabled != enabled) {
1477 env->singlestep_enabled = enabled;
1479 kvm_update_guest_debug(env, 0);
1481 /* must flush all the translated code to avoid inconsistencies */
1482 /* XXX: only flush what is necessary */
1489 /* enable or disable low levels log */
1490 void cpu_set_log(int log_flags)
1492 loglevel = log_flags;
1493 if (loglevel && !logfile) {
1494 logfile = fopen(logfilename, log_append ? "a" : "w");
1496 perror(logfilename);
1499 #if !defined(CONFIG_SOFTMMU)
1500 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1502 static char logfile_buf[4096];
1503 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1505 #elif !defined(_WIN32)
1506 /* Win32 doesn't support line-buffering and requires size >= 2 */
1507 setvbuf(logfile, NULL, _IOLBF, 0);
1511 if (!loglevel && logfile) {
1517 void cpu_set_log_filename(const char *filename)
1519 logfilename = strdup(filename);
1524 cpu_set_log(loglevel);
1527 static void cpu_unlink_tb(CPUState *env)
1529 #if defined(CONFIG_USE_NPTL)
1530 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1531 problem and hope the cpu will stop of its own accord. For userspace
1532 emulation this often isn't actually as bad as it sounds. Often
1533 signals are used primarily to interrupt blocking syscalls. */
1535 TranslationBlock *tb;
1536 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1538 tb = env->current_tb;
1539 /* if the cpu is currently executing code, we must unlink it and
1540 all the potentially executing TB */
1541 if (tb && !testandset(&interrupt_lock)) {
1542 env->current_tb = NULL;
1543 tb_reset_jump_recursive(tb);
1544 resetlock(&interrupt_lock);
1549 /* mask must never be zero, except for A20 change call */
1550 void cpu_interrupt(CPUState *env, int mask)
1554 old_mask = env->interrupt_request;
1555 env->interrupt_request |= mask;
1557 #ifndef CONFIG_USER_ONLY
1559 * If called from iothread context, wake the target cpu in
1562 if (!qemu_cpu_self(env)) {
1569 env->icount_decr.u16.high = 0xffff;
1570 #ifndef CONFIG_USER_ONLY
1572 && (mask & ~old_mask) != 0) {
1573 cpu_abort(env, "Raised interrupt while not in I/O function");
1581 void cpu_reset_interrupt(CPUState *env, int mask)
1583 env->interrupt_request &= ~mask;
1586 void cpu_exit(CPUState *env)
1588 env->exit_request = 1;
1592 const CPULogItem cpu_log_items[] = {
1593 { CPU_LOG_TB_OUT_ASM, "out_asm",
1594 "show generated host assembly code for each compiled TB" },
1595 { CPU_LOG_TB_IN_ASM, "in_asm",
1596 "show target assembly code for each compiled TB" },
1597 { CPU_LOG_TB_OP, "op",
1598 "show micro ops for each compiled TB" },
1599 { CPU_LOG_TB_OP_OPT, "op_opt",
1602 "before eflags optimization and "
1604 "after liveness analysis" },
1605 { CPU_LOG_INT, "int",
1606 "show interrupts/exceptions in short format" },
1607 { CPU_LOG_EXEC, "exec",
1608 "show trace before each executed TB (lots of logs)" },
1609 { CPU_LOG_TB_CPU, "cpu",
1610 "show CPU state before block translation" },
1612 { CPU_LOG_PCALL, "pcall",
1613 "show protected mode far calls/returns/exceptions" },
1614 { CPU_LOG_RESET, "cpu_reset",
1615 "show CPU state before CPU resets" },
1618 { CPU_LOG_IOPORT, "ioport",
1619 "show all i/o ports accesses" },
1624 static int cmp1(const char *s1, int n, const char *s2)
1626 if (strlen(s2) != n)
1628 return memcmp(s1, s2, n) == 0;
1631 /* takes a comma separated list of log masks. Return 0 if error. */
1632 int cpu_str_to_log_mask(const char *str)
1634 const CPULogItem *item;
1641 p1 = strchr(p, ',');
1644 if(cmp1(p,p1-p,"all")) {
1645 for(item = cpu_log_items; item->mask != 0; item++) {
1649 for(item = cpu_log_items; item->mask != 0; item++) {
1650 if (cmp1(p, p1 - p, item->name))
1664 void cpu_abort(CPUState *env, const char *fmt, ...)
1671 fprintf(stderr, "qemu: fatal: ");
1672 vfprintf(stderr, fmt, ap);
1673 fprintf(stderr, "\n");
1675 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1677 cpu_dump_state(env, stderr, fprintf, 0);
1679 if (qemu_log_enabled()) {
1680 qemu_log("qemu: fatal: ");
1681 qemu_log_vprintf(fmt, ap2);
1684 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1686 log_cpu_state(env, 0);
1696 CPUState *cpu_copy(CPUState *env)
1698 CPUState *new_env = cpu_init(env->cpu_model_str);
1699 CPUState *next_cpu = new_env->next_cpu;
1700 int cpu_index = new_env->cpu_index;
1701 #if defined(TARGET_HAS_ICE)
1706 memcpy(new_env, env, sizeof(CPUState));
1708 /* Preserve chaining and index. */
1709 new_env->next_cpu = next_cpu;
1710 new_env->cpu_index = cpu_index;
1712 /* Clone all break/watchpoints.
1713 Note: Once we support ptrace with hw-debug register access, make sure
1714 BP_CPU break/watchpoints are handled correctly on clone. */
1715 QTAILQ_INIT(&env->breakpoints);
1716 QTAILQ_INIT(&env->watchpoints);
1717 #if defined(TARGET_HAS_ICE)
1718 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1719 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1721 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1722 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1730 #if !defined(CONFIG_USER_ONLY)
1732 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1736 /* Discard jump cache entries for any tb which might potentially
1737 overlap the flushed page. */
1738 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1739 memset (&env->tb_jmp_cache[i], 0,
1740 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1742 i = tb_jmp_cache_hash_page(addr);
1743 memset (&env->tb_jmp_cache[i], 0,
1744 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1747 static CPUTLBEntry s_cputlb_empty_entry = {
1754 /* NOTE: if flush_global is true, also flush global entries (not
1756 void tlb_flush(CPUState *env, int flush_global)
1760 #if defined(DEBUG_TLB)
1761 printf("tlb_flush:\n");
1763 /* must reset current TB so that interrupts cannot modify the
1764 links while we are modifying them */
1765 env->current_tb = NULL;
1767 for(i = 0; i < CPU_TLB_SIZE; i++) {
1769 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1770 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1774 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1779 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1781 if (addr == (tlb_entry->addr_read &
1782 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1783 addr == (tlb_entry->addr_write &
1784 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1785 addr == (tlb_entry->addr_code &
1786 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1787 *tlb_entry = s_cputlb_empty_entry;
1791 void tlb_flush_page(CPUState *env, target_ulong addr)
1796 #if defined(DEBUG_TLB)
1797 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1799 /* must reset current TB so that interrupts cannot modify the
1800 links while we are modifying them */
1801 env->current_tb = NULL;
1803 addr &= TARGET_PAGE_MASK;
1804 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1805 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1806 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1808 tlb_flush_jmp_cache(env, addr);
1811 /* update the TLBs so that writes to code in the virtual page 'addr'
1813 static void tlb_protect_code(ram_addr_t ram_addr)
1815 cpu_physical_memory_reset_dirty(ram_addr,
1816 ram_addr + TARGET_PAGE_SIZE,
1820 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1821 tested for self modifying code */
1822 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1825 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1828 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1829 unsigned long start, unsigned long length)
1832 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1833 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1834 if ((addr - start) < length) {
1835 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1840 /* Note: start and end must be within the same ram block. */
1841 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1845 unsigned long length, start1;
1849 start &= TARGET_PAGE_MASK;
1850 end = TARGET_PAGE_ALIGN(end);
1852 length = end - start;
1855 len = length >> TARGET_PAGE_BITS;
1856 mask = ~dirty_flags;
1857 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1858 for(i = 0; i < len; i++)
1861 /* we modify the TLB cache so that the dirty bit will be set again
1862 when accessing the range */
1863 start1 = (unsigned long)qemu_get_ram_ptr(start);
1864 /* Chek that we don't span multiple blocks - this breaks the
1865 address comparisons below. */
1866 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
1867 != (end - 1) - start) {
1871 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1873 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1874 for(i = 0; i < CPU_TLB_SIZE; i++)
1875 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
1881 int cpu_physical_memory_set_dirty_tracking(int enable)
1883 in_migration = enable;
1884 if (kvm_enabled()) {
1885 return kvm_set_migration_log(enable);
1890 int cpu_physical_memory_get_dirty_tracking(void)
1892 return in_migration;
1895 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
1896 target_phys_addr_t end_addr)
1901 ret = kvm_physical_sync_dirty_bitmap(start_addr, end_addr);
1905 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1907 ram_addr_t ram_addr;
1910 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1911 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
1912 + tlb_entry->addend);
1913 ram_addr = qemu_ram_addr_from_host(p);
1914 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1915 tlb_entry->addr_write |= TLB_NOTDIRTY;
1920 /* update the TLB according to the current state of the dirty bits */
1921 void cpu_tlb_update_dirty(CPUState *env)
1925 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1926 for(i = 0; i < CPU_TLB_SIZE; i++)
1927 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
1931 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1933 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1934 tlb_entry->addr_write = vaddr;
1937 /* update the TLB corresponding to virtual page vaddr
1938 so that it is no longer dirty */
1939 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1944 vaddr &= TARGET_PAGE_MASK;
1945 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1946 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1947 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
1950 /* add a new TLB entry. At most one entry for a given virtual address
1951 is permitted. Return 0 if OK or 2 if the page could not be mapped
1952 (can only happen in non SOFTMMU mode for I/O pages or pages
1953 conflicting with the host address space). */
1954 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1955 target_phys_addr_t paddr, int prot,
1956 int mmu_idx, int is_softmmu)
1961 target_ulong address;
1962 target_ulong code_address;
1963 target_phys_addr_t addend;
1967 target_phys_addr_t iotlb;
1969 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1971 pd = IO_MEM_UNASSIGNED;
1973 pd = p->phys_offset;
1975 #if defined(DEBUG_TLB)
1976 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1977 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1982 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1983 /* IO memory case (romd handled later) */
1984 address |= TLB_MMIO;
1986 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
1987 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
1989 iotlb = pd & TARGET_PAGE_MASK;
1990 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
1991 iotlb |= IO_MEM_NOTDIRTY;
1993 iotlb |= IO_MEM_ROM;
1995 /* IO handlers are currently passed a physical address.
1996 It would be nice to pass an offset from the base address
1997 of that region. This would avoid having to special case RAM,
1998 and avoid full address decoding in every device.
1999 We can't use the high bits of pd for this because
2000 IO_MEM_ROMD uses these as a ram address. */
2001 iotlb = (pd & ~TARGET_PAGE_MASK);
2003 iotlb += p->region_offset;
2009 code_address = address;
2010 /* Make accesses to pages with watchpoints go via the
2011 watchpoint trap routines. */
2012 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2013 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2014 iotlb = io_mem_watch + paddr;
2015 /* TODO: The memory case can be optimized by not trapping
2016 reads of pages with a write breakpoint. */
2017 address |= TLB_MMIO;
2021 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2022 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2023 te = &env->tlb_table[mmu_idx][index];
2024 te->addend = addend - vaddr;
2025 if (prot & PAGE_READ) {
2026 te->addr_read = address;
2031 if (prot & PAGE_EXEC) {
2032 te->addr_code = code_address;
2036 if (prot & PAGE_WRITE) {
2037 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2038 (pd & IO_MEM_ROMD)) {
2039 /* Write access calls the I/O callback. */
2040 te->addr_write = address | TLB_MMIO;
2041 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2042 !cpu_physical_memory_is_dirty(pd)) {
2043 te->addr_write = address | TLB_NOTDIRTY;
2045 te->addr_write = address;
2048 te->addr_write = -1;
2055 void tlb_flush(CPUState *env, int flush_global)
2059 void tlb_flush_page(CPUState *env, target_ulong addr)
2063 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2064 target_phys_addr_t paddr, int prot,
2065 int mmu_idx, int is_softmmu)
2071 * Walks guest process memory "regions" one by one
2072 * and calls callback function 'fn' for each region.
2074 int walk_memory_regions(void *priv,
2075 int (*fn)(void *, unsigned long, unsigned long, unsigned long))
2077 unsigned long start, end;
2079 int i, j, prot, prot1;
2085 for (i = 0; i <= L1_SIZE; i++) {
2086 p = (i < L1_SIZE) ? l1_map[i] : NULL;
2087 for (j = 0; j < L2_SIZE; j++) {
2088 prot1 = (p == NULL) ? 0 : p[j].flags;
2090 * "region" is one continuous chunk of memory
2091 * that has same protection flags set.
2093 if (prot1 != prot) {
2094 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2096 rc = (*fn)(priv, start, end, prot);
2097 /* callback can stop iteration by returning != 0 */
2114 static int dump_region(void *priv, unsigned long start,
2115 unsigned long end, unsigned long prot)
2117 FILE *f = (FILE *)priv;
2119 (void) fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2120 start, end, end - start,
2121 ((prot & PAGE_READ) ? 'r' : '-'),
2122 ((prot & PAGE_WRITE) ? 'w' : '-'),
2123 ((prot & PAGE_EXEC) ? 'x' : '-'));
2128 /* dump memory mappings */
2129 void page_dump(FILE *f)
2131 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2132 "start", "end", "size", "prot");
2133 walk_memory_regions(f, dump_region);
2136 int page_get_flags(target_ulong address)
2140 p = page_find(address >> TARGET_PAGE_BITS);
2146 /* modify the flags of a page and invalidate the code if
2147 necessary. The flag PAGE_WRITE_ORG is positioned automatically
2148 depending on PAGE_WRITE */
2149 void page_set_flags(target_ulong start, target_ulong end, int flags)
2154 /* mmap_lock should already be held. */
2155 start = start & TARGET_PAGE_MASK;
2156 end = TARGET_PAGE_ALIGN(end);
2157 if (flags & PAGE_WRITE)
2158 flags |= PAGE_WRITE_ORG;
2159 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2160 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2161 /* We may be called for host regions that are outside guest
2165 /* if the write protection is set, then we invalidate the code
2167 if (!(p->flags & PAGE_WRITE) &&
2168 (flags & PAGE_WRITE) &&
2170 tb_invalidate_phys_page(addr, 0, NULL);
2176 int page_check_range(target_ulong start, target_ulong len, int flags)
2182 if (start + len < start)
2183 /* we've wrapped around */
2186 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2187 start = start & TARGET_PAGE_MASK;
2189 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2190 p = page_find(addr >> TARGET_PAGE_BITS);
2193 if( !(p->flags & PAGE_VALID) )
2196 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2198 if (flags & PAGE_WRITE) {
2199 if (!(p->flags & PAGE_WRITE_ORG))
2201 /* unprotect the page if it was put read-only because it
2202 contains translated code */
2203 if (!(p->flags & PAGE_WRITE)) {
2204 if (!page_unprotect(addr, 0, NULL))
2213 /* called from signal handler: invalidate the code and unprotect the
2214 page. Return TRUE if the fault was successfully handled. */
2215 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2217 unsigned int page_index, prot, pindex;
2219 target_ulong host_start, host_end, addr;
2221 /* Technically this isn't safe inside a signal handler. However we
2222 know this only ever happens in a synchronous SEGV handler, so in
2223 practice it seems to be ok. */
2226 host_start = address & qemu_host_page_mask;
2227 page_index = host_start >> TARGET_PAGE_BITS;
2228 p1 = page_find(page_index);
2233 host_end = host_start + qemu_host_page_size;
2236 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2240 /* if the page was really writable, then we change its
2241 protection back to writable */
2242 if (prot & PAGE_WRITE_ORG) {
2243 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2244 if (!(p1[pindex].flags & PAGE_WRITE)) {
2245 mprotect((void *)g2h(host_start), qemu_host_page_size,
2246 (prot & PAGE_BITS) | PAGE_WRITE);
2247 p1[pindex].flags |= PAGE_WRITE;
2248 /* and since the content will be modified, we must invalidate
2249 the corresponding translated code. */
2250 tb_invalidate_phys_page(address, pc, puc);
2251 #ifdef DEBUG_TB_CHECK
2252 tb_invalidate_check(address);
2262 static inline void tlb_set_dirty(CPUState *env,
2263 unsigned long addr, target_ulong vaddr)
2266 #endif /* defined(CONFIG_USER_ONLY) */
2268 #if !defined(CONFIG_USER_ONLY)
2270 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2271 ram_addr_t memory, ram_addr_t region_offset);
2272 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2273 ram_addr_t orig_memory, ram_addr_t region_offset);
2274 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2277 if (addr > start_addr) \
2280 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2281 if (start_addr2 > 0) \
2285 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2286 end_addr2 = TARGET_PAGE_SIZE - 1; \
2288 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2289 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2294 /* register physical memory.
2295 For RAM, 'size' must be a multiple of the target page size.
2296 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2297 io memory page. The address used when calling the IO function is
2298 the offset from the start of the region, plus region_offset. Both
2299 start_addr and region_offset are rounded down to a page boundary
2300 before calculating this offset. This should not be a problem unless
2301 the low bits of start_addr and region_offset differ. */
2302 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2304 ram_addr_t phys_offset,
2305 ram_addr_t region_offset)
2307 target_phys_addr_t addr, end_addr;
2310 ram_addr_t orig_size = size;
2314 kvm_set_phys_mem(start_addr, size, phys_offset);
2316 if (phys_offset == IO_MEM_UNASSIGNED) {
2317 region_offset = start_addr;
2319 region_offset &= TARGET_PAGE_MASK;
2320 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2321 end_addr = start_addr + (target_phys_addr_t)size;
2322 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2323 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2324 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2325 ram_addr_t orig_memory = p->phys_offset;
2326 target_phys_addr_t start_addr2, end_addr2;
2327 int need_subpage = 0;
2329 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2331 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2332 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2333 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2334 &p->phys_offset, orig_memory,
2337 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2340 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2342 p->region_offset = 0;
2344 p->phys_offset = phys_offset;
2345 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2346 (phys_offset & IO_MEM_ROMD))
2347 phys_offset += TARGET_PAGE_SIZE;
2350 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2351 p->phys_offset = phys_offset;
2352 p->region_offset = region_offset;
2353 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2354 (phys_offset & IO_MEM_ROMD)) {
2355 phys_offset += TARGET_PAGE_SIZE;
2357 target_phys_addr_t start_addr2, end_addr2;
2358 int need_subpage = 0;
2360 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2361 end_addr2, need_subpage);
2363 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2364 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2365 &p->phys_offset, IO_MEM_UNASSIGNED,
2366 addr & TARGET_PAGE_MASK);
2367 subpage_register(subpage, start_addr2, end_addr2,
2368 phys_offset, region_offset);
2369 p->region_offset = 0;
2373 region_offset += TARGET_PAGE_SIZE;
2376 /* since each CPU stores ram addresses in its TLB cache, we must
2377 reset the modified entries */
2379 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2384 /* XXX: temporary until new memory mapping API */
2385 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2389 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2391 return IO_MEM_UNASSIGNED;
2392 return p->phys_offset;
2395 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2398 kvm_coalesce_mmio_region(addr, size);
2401 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2404 kvm_uncoalesce_mmio_region(addr, size);
2407 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2409 RAMBlock *new_block;
2411 size = TARGET_PAGE_ALIGN(size);
2412 new_block = qemu_malloc(sizeof(*new_block));
2414 new_block->host = qemu_vmalloc(size);
2415 #ifdef MADV_MERGEABLE
2416 madvise(new_block->host, size, MADV_MERGEABLE);
2418 new_block->offset = last_ram_offset;
2419 new_block->length = size;
2421 new_block->next = ram_blocks;
2422 ram_blocks = new_block;
2424 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2425 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2426 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2427 0xff, size >> TARGET_PAGE_BITS);
2429 last_ram_offset += size;
2432 kvm_setup_guest_memory(new_block->host, size);
2434 return new_block->offset;
2437 void qemu_ram_free(ram_addr_t addr)
2439 /* TODO: implement this. */
2442 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2443 With the exception of the softmmu code in this file, this should
2444 only be used for local memory (e.g. video ram) that the device owns,
2445 and knows it isn't going to access beyond the end of the block.
2447 It should not be used for general purpose DMA.
2448 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2450 void *qemu_get_ram_ptr(ram_addr_t addr)
2457 prevp = &ram_blocks;
2459 while (block && (block->offset > addr
2460 || block->offset + block->length <= addr)) {
2462 prevp = &prev->next;
2464 block = block->next;
2467 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2470 /* Move this entry to to start of the list. */
2472 prev->next = block->next;
2473 block->next = *prevp;
2476 return block->host + (addr - block->offset);
2479 /* Some of the softmmu routines need to translate from a host pointer
2480 (typically a TLB entry) back to a ram offset. */
2481 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2486 uint8_t *host = ptr;
2489 prevp = &ram_blocks;
2491 while (block && (block->host > host
2492 || block->host + block->length <= host)) {
2494 prevp = &prev->next;
2496 block = block->next;
2499 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2502 return block->offset + (host - block->host);
2505 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2507 #ifdef DEBUG_UNASSIGNED
2508 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2510 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2511 do_unassigned_access(addr, 0, 0, 0, 1);
2516 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2518 #ifdef DEBUG_UNASSIGNED
2519 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2521 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2522 do_unassigned_access(addr, 0, 0, 0, 2);
2527 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2529 #ifdef DEBUG_UNASSIGNED
2530 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2532 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2533 do_unassigned_access(addr, 0, 0, 0, 4);
2538 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2540 #ifdef DEBUG_UNASSIGNED
2541 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2543 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2544 do_unassigned_access(addr, 1, 0, 0, 1);
2548 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2550 #ifdef DEBUG_UNASSIGNED
2551 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2553 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2554 do_unassigned_access(addr, 1, 0, 0, 2);
2558 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2560 #ifdef DEBUG_UNASSIGNED
2561 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2563 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2564 do_unassigned_access(addr, 1, 0, 0, 4);
2568 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
2569 unassigned_mem_readb,
2570 unassigned_mem_readw,
2571 unassigned_mem_readl,
2574 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
2575 unassigned_mem_writeb,
2576 unassigned_mem_writew,
2577 unassigned_mem_writel,
2580 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2584 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2585 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2586 #if !defined(CONFIG_USER_ONLY)
2587 tb_invalidate_phys_page_fast(ram_addr, 1);
2588 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2591 stb_p(qemu_get_ram_ptr(ram_addr), val);
2592 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2593 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2594 /* we remove the notdirty callback only if the code has been
2596 if (dirty_flags == 0xff)
2597 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2600 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2604 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2605 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2606 #if !defined(CONFIG_USER_ONLY)
2607 tb_invalidate_phys_page_fast(ram_addr, 2);
2608 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2611 stw_p(qemu_get_ram_ptr(ram_addr), val);
2612 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2613 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2614 /* we remove the notdirty callback only if the code has been
2616 if (dirty_flags == 0xff)
2617 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2620 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2624 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2625 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2626 #if !defined(CONFIG_USER_ONLY)
2627 tb_invalidate_phys_page_fast(ram_addr, 4);
2628 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2631 stl_p(qemu_get_ram_ptr(ram_addr), val);
2632 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2633 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2634 /* we remove the notdirty callback only if the code has been
2636 if (dirty_flags == 0xff)
2637 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2640 static CPUReadMemoryFunc * const error_mem_read[3] = {
2641 NULL, /* never used */
2642 NULL, /* never used */
2643 NULL, /* never used */
2646 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
2647 notdirty_mem_writeb,
2648 notdirty_mem_writew,
2649 notdirty_mem_writel,
2652 /* Generate a debug exception if a watchpoint has been hit. */
2653 static void check_watchpoint(int offset, int len_mask, int flags)
2655 CPUState *env = cpu_single_env;
2656 target_ulong pc, cs_base;
2657 TranslationBlock *tb;
2662 if (env->watchpoint_hit) {
2663 /* We re-entered the check after replacing the TB. Now raise
2664 * the debug interrupt so that is will trigger after the
2665 * current instruction. */
2666 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2669 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2670 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2671 if ((vaddr == (wp->vaddr & len_mask) ||
2672 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2673 wp->flags |= BP_WATCHPOINT_HIT;
2674 if (!env->watchpoint_hit) {
2675 env->watchpoint_hit = wp;
2676 tb = tb_find_pc(env->mem_io_pc);
2678 cpu_abort(env, "check_watchpoint: could not find TB for "
2679 "pc=%p", (void *)env->mem_io_pc);
2681 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2682 tb_phys_invalidate(tb, -1);
2683 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2684 env->exception_index = EXCP_DEBUG;
2686 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2687 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2689 cpu_resume_from_signal(env, NULL);
2692 wp->flags &= ~BP_WATCHPOINT_HIT;
2697 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2698 so these check for a hit then pass through to the normal out-of-line
2700 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2702 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2703 return ldub_phys(addr);
2706 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2708 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2709 return lduw_phys(addr);
2712 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2714 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2715 return ldl_phys(addr);
2718 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2721 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2722 stb_phys(addr, val);
2725 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2728 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2729 stw_phys(addr, val);
2732 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2735 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2736 stl_phys(addr, val);
2739 static CPUReadMemoryFunc * const watch_mem_read[3] = {
2745 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
2751 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2757 idx = SUBPAGE_IDX(addr);
2758 #if defined(DEBUG_SUBPAGE)
2759 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2760 mmio, len, addr, idx);
2762 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2763 addr + mmio->region_offset[idx][0][len]);
2768 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2769 uint32_t value, unsigned int len)
2773 idx = SUBPAGE_IDX(addr);
2774 #if defined(DEBUG_SUBPAGE)
2775 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2776 mmio, len, addr, idx, value);
2778 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2779 addr + mmio->region_offset[idx][1][len],
2783 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2785 #if defined(DEBUG_SUBPAGE)
2786 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2789 return subpage_readlen(opaque, addr, 0);
2792 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2795 #if defined(DEBUG_SUBPAGE)
2796 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2798 subpage_writelen(opaque, addr, value, 0);
2801 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2803 #if defined(DEBUG_SUBPAGE)
2804 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2807 return subpage_readlen(opaque, addr, 1);
2810 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2813 #if defined(DEBUG_SUBPAGE)
2814 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2816 subpage_writelen(opaque, addr, value, 1);
2819 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2821 #if defined(DEBUG_SUBPAGE)
2822 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2825 return subpage_readlen(opaque, addr, 2);
2828 static void subpage_writel (void *opaque,
2829 target_phys_addr_t addr, uint32_t value)
2831 #if defined(DEBUG_SUBPAGE)
2832 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2834 subpage_writelen(opaque, addr, value, 2);
2837 static CPUReadMemoryFunc * const subpage_read[] = {
2843 static CPUWriteMemoryFunc * const subpage_write[] = {
2849 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2850 ram_addr_t memory, ram_addr_t region_offset)
2855 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2857 idx = SUBPAGE_IDX(start);
2858 eidx = SUBPAGE_IDX(end);
2859 #if defined(DEBUG_SUBPAGE)
2860 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
2861 mmio, start, end, idx, eidx, memory);
2863 memory >>= IO_MEM_SHIFT;
2864 for (; idx <= eidx; idx++) {
2865 for (i = 0; i < 4; i++) {
2866 if (io_mem_read[memory][i]) {
2867 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2868 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2869 mmio->region_offset[idx][0][i] = region_offset;
2871 if (io_mem_write[memory][i]) {
2872 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2873 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2874 mmio->region_offset[idx][1][i] = region_offset;
2882 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2883 ram_addr_t orig_memory, ram_addr_t region_offset)
2888 mmio = qemu_mallocz(sizeof(subpage_t));
2891 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
2892 #if defined(DEBUG_SUBPAGE)
2893 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2894 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2896 *phys = subpage_memory | IO_MEM_SUBPAGE;
2897 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
2903 static int get_free_io_mem_idx(void)
2907 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
2908 if (!io_mem_used[i]) {
2916 /* mem_read and mem_write are arrays of functions containing the
2917 function to access byte (index 0), word (index 1) and dword (index
2918 2). Functions can be omitted with a NULL function pointer.
2919 If io_index is non zero, the corresponding io zone is
2920 modified. If it is zero, a new io zone is allocated. The return
2921 value can be used with cpu_register_physical_memory(). (-1) is
2922 returned if error. */
2923 static int cpu_register_io_memory_fixed(int io_index,
2924 CPUReadMemoryFunc * const *mem_read,
2925 CPUWriteMemoryFunc * const *mem_write,
2928 int i, subwidth = 0;
2930 if (io_index <= 0) {
2931 io_index = get_free_io_mem_idx();
2935 io_index >>= IO_MEM_SHIFT;
2936 if (io_index >= IO_MEM_NB_ENTRIES)
2940 for(i = 0;i < 3; i++) {
2941 if (!mem_read[i] || !mem_write[i])
2942 subwidth = IO_MEM_SUBWIDTH;
2943 io_mem_read[io_index][i] = mem_read[i];
2944 io_mem_write[io_index][i] = mem_write[i];
2946 io_mem_opaque[io_index] = opaque;
2947 return (io_index << IO_MEM_SHIFT) | subwidth;
2950 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
2951 CPUWriteMemoryFunc * const *mem_write,
2954 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
2957 void cpu_unregister_io_memory(int io_table_address)
2960 int io_index = io_table_address >> IO_MEM_SHIFT;
2962 for (i=0;i < 3; i++) {
2963 io_mem_read[io_index][i] = unassigned_mem_read[i];
2964 io_mem_write[io_index][i] = unassigned_mem_write[i];
2966 io_mem_opaque[io_index] = NULL;
2967 io_mem_used[io_index] = 0;
2970 static void io_mem_init(void)
2974 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
2975 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
2976 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
2980 io_mem_watch = cpu_register_io_memory(watch_mem_read,
2981 watch_mem_write, NULL);
2984 #endif /* !defined(CONFIG_USER_ONLY) */
2986 /* physical memory access (slow version, mainly for debug) */
2987 #if defined(CONFIG_USER_ONLY)
2988 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2989 int len, int is_write)
2996 page = addr & TARGET_PAGE_MASK;
2997 l = (page + TARGET_PAGE_SIZE) - addr;
3000 flags = page_get_flags(page);
3001 if (!(flags & PAGE_VALID))
3004 if (!(flags & PAGE_WRITE))
3006 /* XXX: this code should not depend on lock_user */
3007 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3008 /* FIXME - should this return an error rather than just fail? */
3011 unlock_user(p, addr, l);
3013 if (!(flags & PAGE_READ))
3015 /* XXX: this code should not depend on lock_user */
3016 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3017 /* FIXME - should this return an error rather than just fail? */
3020 unlock_user(p, addr, 0);
3029 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3030 int len, int is_write)
3035 target_phys_addr_t page;
3040 page = addr & TARGET_PAGE_MASK;
3041 l = (page + TARGET_PAGE_SIZE) - addr;
3044 p = phys_page_find(page >> TARGET_PAGE_BITS);
3046 pd = IO_MEM_UNASSIGNED;
3048 pd = p->phys_offset;
3052 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3053 target_phys_addr_t addr1 = addr;
3054 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3056 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3057 /* XXX: could force cpu_single_env to NULL to avoid
3059 if (l >= 4 && ((addr1 & 3) == 0)) {
3060 /* 32 bit write access */
3062 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3064 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3065 /* 16 bit write access */
3067 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3070 /* 8 bit write access */
3072 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3076 unsigned long addr1;
3077 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3079 ptr = qemu_get_ram_ptr(addr1);
3080 memcpy(ptr, buf, l);
3081 if (!cpu_physical_memory_is_dirty(addr1)) {
3082 /* invalidate code */
3083 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3085 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3086 (0xff & ~CODE_DIRTY_FLAG);
3090 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3091 !(pd & IO_MEM_ROMD)) {
3092 target_phys_addr_t addr1 = addr;
3094 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3096 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3097 if (l >= 4 && ((addr1 & 3) == 0)) {
3098 /* 32 bit read access */
3099 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3102 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3103 /* 16 bit read access */
3104 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3108 /* 8 bit read access */
3109 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3115 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3116 (addr & ~TARGET_PAGE_MASK);
3117 memcpy(buf, ptr, l);
3126 /* used for ROM loading : can write in RAM and ROM */
3127 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3128 const uint8_t *buf, int len)
3132 target_phys_addr_t page;
3137 page = addr & TARGET_PAGE_MASK;
3138 l = (page + TARGET_PAGE_SIZE) - addr;
3141 p = phys_page_find(page >> TARGET_PAGE_BITS);
3143 pd = IO_MEM_UNASSIGNED;
3145 pd = p->phys_offset;
3148 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3149 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3150 !(pd & IO_MEM_ROMD)) {
3153 unsigned long addr1;
3154 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3156 ptr = qemu_get_ram_ptr(addr1);
3157 memcpy(ptr, buf, l);
3167 target_phys_addr_t addr;
3168 target_phys_addr_t len;
3171 static BounceBuffer bounce;
3173 typedef struct MapClient {
3175 void (*callback)(void *opaque);
3176 QLIST_ENTRY(MapClient) link;
3179 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3180 = QLIST_HEAD_INITIALIZER(map_client_list);
3182 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3184 MapClient *client = qemu_malloc(sizeof(*client));
3186 client->opaque = opaque;
3187 client->callback = callback;
3188 QLIST_INSERT_HEAD(&map_client_list, client, link);
3192 void cpu_unregister_map_client(void *_client)
3194 MapClient *client = (MapClient *)_client;
3196 QLIST_REMOVE(client, link);
3200 static void cpu_notify_map_clients(void)
3204 while (!QLIST_EMPTY(&map_client_list)) {
3205 client = QLIST_FIRST(&map_client_list);
3206 client->callback(client->opaque);
3207 cpu_unregister_map_client(client);
3211 /* Map a physical memory region into a host virtual address.
3212 * May map a subset of the requested range, given by and returned in *plen.
3213 * May return NULL if resources needed to perform the mapping are exhausted.
3214 * Use only for reads OR writes - not for read-modify-write operations.
3215 * Use cpu_register_map_client() to know when retrying the map operation is
3216 * likely to succeed.
3218 void *cpu_physical_memory_map(target_phys_addr_t addr,
3219 target_phys_addr_t *plen,
3222 target_phys_addr_t len = *plen;
3223 target_phys_addr_t done = 0;
3225 uint8_t *ret = NULL;
3227 target_phys_addr_t page;
3230 unsigned long addr1;
3233 page = addr & TARGET_PAGE_MASK;
3234 l = (page + TARGET_PAGE_SIZE) - addr;
3237 p = phys_page_find(page >> TARGET_PAGE_BITS);
3239 pd = IO_MEM_UNASSIGNED;
3241 pd = p->phys_offset;
3244 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3245 if (done || bounce.buffer) {
3248 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3252 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3254 ptr = bounce.buffer;
3256 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3257 ptr = qemu_get_ram_ptr(addr1);
3261 } else if (ret + done != ptr) {
3273 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3274 * Will also mark the memory as dirty if is_write == 1. access_len gives
3275 * the amount of memory that was actually read or written by the caller.
3277 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3278 int is_write, target_phys_addr_t access_len)
3280 if (buffer != bounce.buffer) {
3282 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3283 while (access_len) {
3285 l = TARGET_PAGE_SIZE;
3288 if (!cpu_physical_memory_is_dirty(addr1)) {
3289 /* invalidate code */
3290 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3292 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3293 (0xff & ~CODE_DIRTY_FLAG);
3302 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3304 qemu_free(bounce.buffer);
3305 bounce.buffer = NULL;
3306 cpu_notify_map_clients();
3309 /* warning: addr must be aligned */
3310 uint32_t ldl_phys(target_phys_addr_t addr)
3318 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3320 pd = IO_MEM_UNASSIGNED;
3322 pd = p->phys_offset;
3325 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3326 !(pd & IO_MEM_ROMD)) {
3328 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3330 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3331 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3334 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3335 (addr & ~TARGET_PAGE_MASK);
3341 /* warning: addr must be aligned */
3342 uint64_t ldq_phys(target_phys_addr_t addr)
3350 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3352 pd = IO_MEM_UNASSIGNED;
3354 pd = p->phys_offset;
3357 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3358 !(pd & IO_MEM_ROMD)) {
3360 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3362 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3363 #ifdef TARGET_WORDS_BIGENDIAN
3364 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3365 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3367 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3368 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3372 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3373 (addr & ~TARGET_PAGE_MASK);
3380 uint32_t ldub_phys(target_phys_addr_t addr)
3383 cpu_physical_memory_read(addr, &val, 1);
3388 uint32_t lduw_phys(target_phys_addr_t addr)
3391 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3392 return tswap16(val);
3395 /* warning: addr must be aligned. The ram page is not masked as dirty
3396 and the code inside is not invalidated. It is useful if the dirty
3397 bits are used to track modified PTEs */
3398 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3405 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3407 pd = IO_MEM_UNASSIGNED;
3409 pd = p->phys_offset;
3412 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3413 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3415 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3416 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3418 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3419 ptr = qemu_get_ram_ptr(addr1);
3422 if (unlikely(in_migration)) {
3423 if (!cpu_physical_memory_is_dirty(addr1)) {
3424 /* invalidate code */
3425 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3427 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3428 (0xff & ~CODE_DIRTY_FLAG);
3434 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3441 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3443 pd = IO_MEM_UNASSIGNED;
3445 pd = p->phys_offset;
3448 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3449 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3451 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3452 #ifdef TARGET_WORDS_BIGENDIAN
3453 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3454 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3456 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3457 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3460 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3461 (addr & ~TARGET_PAGE_MASK);
3466 /* warning: addr must be aligned */
3467 void stl_phys(target_phys_addr_t addr, uint32_t val)
3474 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3476 pd = IO_MEM_UNASSIGNED;
3478 pd = p->phys_offset;
3481 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3482 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3484 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3485 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3487 unsigned long addr1;
3488 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3490 ptr = qemu_get_ram_ptr(addr1);
3492 if (!cpu_physical_memory_is_dirty(addr1)) {
3493 /* invalidate code */
3494 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3496 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3497 (0xff & ~CODE_DIRTY_FLAG);
3503 void stb_phys(target_phys_addr_t addr, uint32_t val)
3506 cpu_physical_memory_write(addr, &v, 1);
3510 void stw_phys(target_phys_addr_t addr, uint32_t val)
3512 uint16_t v = tswap16(val);
3513 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3517 void stq_phys(target_phys_addr_t addr, uint64_t val)
3520 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3525 /* virtual memory access for debug (includes writing to ROM) */
3526 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3527 uint8_t *buf, int len, int is_write)
3530 target_phys_addr_t phys_addr;
3534 page = addr & TARGET_PAGE_MASK;
3535 phys_addr = cpu_get_phys_page_debug(env, page);
3536 /* if no physical page mapped, return an error */
3537 if (phys_addr == -1)
3539 l = (page + TARGET_PAGE_SIZE) - addr;
3542 phys_addr += (addr & ~TARGET_PAGE_MASK);
3543 #if !defined(CONFIG_USER_ONLY)
3545 cpu_physical_memory_write_rom(phys_addr, buf, l);
3548 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3556 /* in deterministic execution mode, instructions doing device I/Os
3557 must be at the end of the TB */
3558 void cpu_io_recompile(CPUState *env, void *retaddr)
3560 TranslationBlock *tb;
3562 target_ulong pc, cs_base;
3565 tb = tb_find_pc((unsigned long)retaddr);
3567 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3570 n = env->icount_decr.u16.low + tb->icount;
3571 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3572 /* Calculate how many instructions had been executed before the fault
3574 n = n - env->icount_decr.u16.low;
3575 /* Generate a new TB ending on the I/O insn. */
3577 /* On MIPS and SH, delay slot instructions can only be restarted if
3578 they were already the first instruction in the TB. If this is not
3579 the first instruction in a TB then re-execute the preceding
3581 #if defined(TARGET_MIPS)
3582 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3583 env->active_tc.PC -= 4;
3584 env->icount_decr.u16.low++;
3585 env->hflags &= ~MIPS_HFLAG_BMASK;
3587 #elif defined(TARGET_SH4)
3588 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3591 env->icount_decr.u16.low++;
3592 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3595 /* This should never happen. */
3596 if (n > CF_COUNT_MASK)
3597 cpu_abort(env, "TB too big during recompile");
3599 cflags = n | CF_LAST_IO;
3601 cs_base = tb->cs_base;
3603 tb_phys_invalidate(tb, -1);
3604 /* FIXME: In theory this could raise an exception. In practice
3605 we have already translated the block once so it's probably ok. */
3606 tb_gen_code(env, pc, cs_base, flags, cflags);
3607 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3608 the first in the TB) then we end up generating a whole new TB and
3609 repeating the fault, which is horribly inefficient.
3610 Better would be to execute just this insn uncached, or generate a
3612 cpu_resume_from_signal(env, NULL);
3615 void dump_exec_info(FILE *f,
3616 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3618 int i, target_code_size, max_target_code_size;
3619 int direct_jmp_count, direct_jmp2_count, cross_page;
3620 TranslationBlock *tb;
3622 target_code_size = 0;
3623 max_target_code_size = 0;
3625 direct_jmp_count = 0;
3626 direct_jmp2_count = 0;
3627 for(i = 0; i < nb_tbs; i++) {
3629 target_code_size += tb->size;
3630 if (tb->size > max_target_code_size)
3631 max_target_code_size = tb->size;
3632 if (tb->page_addr[1] != -1)
3634 if (tb->tb_next_offset[0] != 0xffff) {
3636 if (tb->tb_next_offset[1] != 0xffff) {
3637 direct_jmp2_count++;
3641 /* XXX: avoid using doubles ? */
3642 cpu_fprintf(f, "Translation buffer state:\n");
3643 cpu_fprintf(f, "gen code size %ld/%ld\n",
3644 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3645 cpu_fprintf(f, "TB count %d/%d\n",
3646 nb_tbs, code_gen_max_blocks);
3647 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3648 nb_tbs ? target_code_size / nb_tbs : 0,
3649 max_target_code_size);
3650 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3651 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3652 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3653 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3655 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3656 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3658 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3660 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3661 cpu_fprintf(f, "\nStatistics:\n");
3662 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3663 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3664 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3665 tcg_dump_info(f, cpu_fprintf);
3668 #if !defined(CONFIG_USER_ONLY)
3670 #define MMUSUFFIX _cmmu
3671 #define GETPC() NULL
3672 #define env cpu_single_env
3673 #define SOFTMMU_CODE_ACCESS
3676 #include "softmmu_template.h"
3679 #include "softmmu_template.h"
3682 #include "softmmu_template.h"
3685 #include "softmmu_template.h"
projects / qemu.git / blob