4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
22 #include "qemu/cutils.h"
24 #include "exec/exec-all.h"
25 #include "exec/target_page.h"
27 #include "hw/qdev-core.h"
28 #include "hw/qdev-properties.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
40 #else /* !CONFIG_USER_ONLY */
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "sysemu/numa.h"
46 #include "sysemu/hw_accel.h"
47 #include "exec/address-spaces.h"
48 #include "sysemu/xen-mapcache.h"
49 #include "trace-root.h"
51 #ifdef CONFIG_FALLOCATE_PUNCH_HOLE
52 #include <linux/falloc.h>
56 #include "qemu/rcu_queue.h"
57 #include "qemu/main-loop.h"
58 #include "translate-all.h"
59 #include "sysemu/replay.h"
61 #include "exec/memory-internal.h"
62 #include "exec/ram_addr.h"
65 #include "migration/vmstate.h"
67 #include "qemu/range.h"
69 #include "qemu/mmap-alloc.h"
72 #include "monitor/monitor.h"
74 //#define DEBUG_SUBPAGE
76 #if !defined(CONFIG_USER_ONLY)
77 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
78 * are protected by the ramlist lock.
80 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
82 static MemoryRegion *system_memory;
83 static MemoryRegion *system_io;
85 AddressSpace address_space_io;
86 AddressSpace address_space_memory;
88 MemoryRegion io_mem_rom, io_mem_notdirty;
89 static MemoryRegion io_mem_unassigned;
91 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
92 #define RAM_PREALLOC (1 << 0)
94 /* RAM is mmap-ed with MAP_SHARED */
95 #define RAM_SHARED (1 << 1)
97 /* Only a portion of RAM (used_length) is actually used, and migrated.
98 * This used_length size can change across reboots.
100 #define RAM_RESIZEABLE (1 << 2)
102 /* UFFDIO_ZEROPAGE is available on this RAMBlock to atomically
103 * zero the page and wake waiting processes.
104 * (Set during postcopy)
106 #define RAM_UF_ZEROPAGE (1 << 3)
109 #ifdef TARGET_PAGE_BITS_VARY
110 int target_page_bits;
111 bool target_page_bits_decided;
114 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
115 /* current CPU in the current thread. It is only valid inside
117 __thread CPUState *current_cpu;
118 /* 0 = Do not count executed instructions.
119 1 = Precise instruction counting.
120 2 = Adaptive rate instruction counting. */
123 uintptr_t qemu_host_page_size;
124 intptr_t qemu_host_page_mask;
126 bool set_preferred_target_page_bits(int bits)
128 /* The target page size is the lowest common denominator for all
129 * the CPUs in the system, so we can only make it smaller, never
130 * larger. And we can't make it smaller once we've committed to
133 #ifdef TARGET_PAGE_BITS_VARY
134 assert(bits >= TARGET_PAGE_BITS_MIN);
135 if (target_page_bits == 0 || target_page_bits > bits) {
136 if (target_page_bits_decided) {
139 target_page_bits = bits;
145 #if !defined(CONFIG_USER_ONLY)
147 static void finalize_target_page_bits(void)
149 #ifdef TARGET_PAGE_BITS_VARY
150 if (target_page_bits == 0) {
151 target_page_bits = TARGET_PAGE_BITS_MIN;
153 target_page_bits_decided = true;
157 typedef struct PhysPageEntry PhysPageEntry;
159 struct PhysPageEntry {
160 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
162 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
166 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
168 /* Size of the L2 (and L3, etc) page tables. */
169 #define ADDR_SPACE_BITS 64
172 #define P_L2_SIZE (1 << P_L2_BITS)
174 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
176 typedef PhysPageEntry Node[P_L2_SIZE];
178 typedef struct PhysPageMap {
181 unsigned sections_nb;
182 unsigned sections_nb_alloc;
184 unsigned nodes_nb_alloc;
186 MemoryRegionSection *sections;
189 struct AddressSpaceDispatch {
190 MemoryRegionSection *mru_section;
191 /* This is a multi-level map on the physical address space.
192 * The bottom level has pointers to MemoryRegionSections.
194 PhysPageEntry phys_map;
198 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
199 typedef struct subpage_t {
203 uint16_t sub_section[];
206 #define PHYS_SECTION_UNASSIGNED 0
207 #define PHYS_SECTION_NOTDIRTY 1
208 #define PHYS_SECTION_ROM 2
209 #define PHYS_SECTION_WATCH 3
211 static void io_mem_init(void);
212 static void memory_map_init(void);
213 static void tcg_commit(MemoryListener *listener);
215 static MemoryRegion io_mem_watch;
218 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
219 * @cpu: the CPU whose AddressSpace this is
220 * @as: the AddressSpace itself
221 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
222 * @tcg_as_listener: listener for tracking changes to the AddressSpace
224 struct CPUAddressSpace {
227 struct AddressSpaceDispatch *memory_dispatch;
228 MemoryListener tcg_as_listener;
231 struct DirtyBitmapSnapshot {
234 unsigned long dirty[];
239 #if !defined(CONFIG_USER_ONLY)
241 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
243 static unsigned alloc_hint = 16;
244 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
245 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
246 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
247 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
248 alloc_hint = map->nodes_nb_alloc;
252 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
259 ret = map->nodes_nb++;
261 assert(ret != PHYS_MAP_NODE_NIL);
262 assert(ret != map->nodes_nb_alloc);
264 e.skip = leaf ? 0 : 1;
265 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
266 for (i = 0; i < P_L2_SIZE; ++i) {
267 memcpy(&p[i], &e, sizeof(e));
272 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
273 hwaddr *index, hwaddr *nb, uint16_t leaf,
277 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
279 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
280 lp->ptr = phys_map_node_alloc(map, level == 0);
282 p = map->nodes[lp->ptr];
283 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
285 while (*nb && lp < &p[P_L2_SIZE]) {
286 if ((*index & (step - 1)) == 0 && *nb >= step) {
292 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
298 static void phys_page_set(AddressSpaceDispatch *d,
299 hwaddr index, hwaddr nb,
302 /* Wildly overreserve - it doesn't matter much. */
303 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
305 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
308 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
309 * and update our entry so we can skip it and go directly to the destination.
311 static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
313 unsigned valid_ptr = P_L2_SIZE;
318 if (lp->ptr == PHYS_MAP_NODE_NIL) {
323 for (i = 0; i < P_L2_SIZE; i++) {
324 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
331 phys_page_compact(&p[i], nodes);
335 /* We can only compress if there's only one child. */
340 assert(valid_ptr < P_L2_SIZE);
342 /* Don't compress if it won't fit in the # of bits we have. */
343 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
347 lp->ptr = p[valid_ptr].ptr;
348 if (!p[valid_ptr].skip) {
349 /* If our only child is a leaf, make this a leaf. */
350 /* By design, we should have made this node a leaf to begin with so we
351 * should never reach here.
352 * But since it's so simple to handle this, let's do it just in case we
357 lp->skip += p[valid_ptr].skip;
361 void address_space_dispatch_compact(AddressSpaceDispatch *d)
363 if (d->phys_map.skip) {
364 phys_page_compact(&d->phys_map, d->map.nodes);
368 static inline bool section_covers_addr(const MemoryRegionSection *section,
371 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
372 * the section must cover the entire address space.
374 return int128_gethi(section->size) ||
375 range_covers_byte(section->offset_within_address_space,
376 int128_getlo(section->size), addr);
379 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr addr)
381 PhysPageEntry lp = d->phys_map, *p;
382 Node *nodes = d->map.nodes;
383 MemoryRegionSection *sections = d->map.sections;
384 hwaddr index = addr >> TARGET_PAGE_BITS;
387 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
388 if (lp.ptr == PHYS_MAP_NODE_NIL) {
389 return §ions[PHYS_SECTION_UNASSIGNED];
392 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
395 if (section_covers_addr(§ions[lp.ptr], addr)) {
396 return §ions[lp.ptr];
398 return §ions[PHYS_SECTION_UNASSIGNED];
402 bool memory_region_is_unassigned(MemoryRegion *mr)
404 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
405 && mr != &io_mem_watch;
408 /* Called from RCU critical section */
409 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
411 bool resolve_subpage)
413 MemoryRegionSection *section = atomic_read(&d->mru_section);
416 if (!section || section == &d->map.sections[PHYS_SECTION_UNASSIGNED] ||
417 !section_covers_addr(section, addr)) {
418 section = phys_page_find(d, addr);
419 atomic_set(&d->mru_section, section);
421 if (resolve_subpage && section->mr->subpage) {
422 subpage = container_of(section->mr, subpage_t, iomem);
423 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
428 /* Called from RCU critical section */
429 static MemoryRegionSection *
430 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
431 hwaddr *plen, bool resolve_subpage)
433 MemoryRegionSection *section;
437 section = address_space_lookup_region(d, addr, resolve_subpage);
438 /* Compute offset within MemoryRegionSection */
439 addr -= section->offset_within_address_space;
441 /* Compute offset within MemoryRegion */
442 *xlat = addr + section->offset_within_region;
446 /* MMIO registers can be expected to perform full-width accesses based only
447 * on their address, without considering adjacent registers that could
448 * decode to completely different MemoryRegions. When such registers
449 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
450 * regions overlap wildly. For this reason we cannot clamp the accesses
453 * If the length is small (as is the case for address_space_ldl/stl),
454 * everything works fine. If the incoming length is large, however,
455 * the caller really has to do the clamping through memory_access_size.
457 if (memory_region_is_ram(mr)) {
458 diff = int128_sub(section->size, int128_make64(addr));
459 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
465 * address_space_translate_iommu - translate an address through an IOMMU
466 * memory region and then through the target address space.
468 * @iommu_mr: the IOMMU memory region that we start the translation from
469 * @addr: the address to be translated through the MMU
470 * @xlat: the translated address offset within the destination memory region.
471 * It cannot be %NULL.
472 * @plen_out: valid read/write length of the translated address. It
474 * @page_mask_out: page mask for the translated address. This
475 * should only be meaningful for IOMMU translated
476 * addresses, since there may be huge pages that this bit
477 * would tell. It can be %NULL if we don't care about it.
478 * @is_write: whether the translation operation is for write
479 * @is_mmio: whether this can be MMIO, set true if it can
480 * @target_as: the address space targeted by the IOMMU
482 * This function is called from RCU critical section. It is the common
483 * part of flatview_do_translate and address_space_translate_cached.
485 static MemoryRegionSection address_space_translate_iommu(IOMMUMemoryRegion *iommu_mr,
488 hwaddr *page_mask_out,
491 AddressSpace **target_as)
493 MemoryRegionSection *section;
494 hwaddr page_mask = (hwaddr)-1;
498 IOMMUMemoryRegionClass *imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
499 IOMMUTLBEntry iotlb = imrc->translate(iommu_mr, addr, is_write ?
500 IOMMU_WO : IOMMU_RO);
502 if (!(iotlb.perm & (1 << is_write))) {
506 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
507 | (addr & iotlb.addr_mask));
508 page_mask &= iotlb.addr_mask;
509 *plen_out = MIN(*plen_out, (addr | iotlb.addr_mask) - addr + 1);
510 *target_as = iotlb.target_as;
512 section = address_space_translate_internal(
513 address_space_to_dispatch(iotlb.target_as), addr, xlat,
516 iommu_mr = memory_region_get_iommu(section->mr);
517 } while (unlikely(iommu_mr));
520 *page_mask_out = page_mask;
525 return (MemoryRegionSection) { .mr = &io_mem_unassigned };
529 * flatview_do_translate - translate an address in FlatView
531 * @fv: the flat view that we want to translate on
532 * @addr: the address to be translated in above address space
533 * @xlat: the translated address offset within memory region. It
535 * @plen_out: valid read/write length of the translated address. It
536 * can be @NULL when we don't care about it.
537 * @page_mask_out: page mask for the translated address. This
538 * should only be meaningful for IOMMU translated
539 * addresses, since there may be huge pages that this bit
540 * would tell. It can be @NULL if we don't care about it.
541 * @is_write: whether the translation operation is for write
542 * @is_mmio: whether this can be MMIO, set true if it can
543 * @target_as: the address space targeted by the IOMMU
545 * This function is called from RCU critical section
547 static MemoryRegionSection flatview_do_translate(FlatView *fv,
551 hwaddr *page_mask_out,
554 AddressSpace **target_as)
556 MemoryRegionSection *section;
557 IOMMUMemoryRegion *iommu_mr;
558 hwaddr plen = (hwaddr)(-1);
564 section = address_space_translate_internal(
565 flatview_to_dispatch(fv), addr, xlat,
568 iommu_mr = memory_region_get_iommu(section->mr);
569 if (unlikely(iommu_mr)) {
570 return address_space_translate_iommu(iommu_mr, xlat,
571 plen_out, page_mask_out,
576 /* Not behind an IOMMU, use default page size. */
577 *page_mask_out = ~TARGET_PAGE_MASK;
583 /* Called from RCU critical section */
584 IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace *as, hwaddr addr,
587 MemoryRegionSection section;
588 hwaddr xlat, page_mask;
591 * This can never be MMIO, and we don't really care about plen,
594 section = flatview_do_translate(address_space_to_flatview(as), addr, &xlat,
595 NULL, &page_mask, is_write, false, &as);
597 /* Illegal translation */
598 if (section.mr == &io_mem_unassigned) {
602 /* Convert memory region offset into address space offset */
603 xlat += section.offset_within_address_space -
604 section.offset_within_region;
606 return (IOMMUTLBEntry) {
608 .iova = addr & ~page_mask,
609 .translated_addr = xlat & ~page_mask,
610 .addr_mask = page_mask,
611 /* IOTLBs are for DMAs, and DMA only allows on RAMs. */
616 return (IOMMUTLBEntry) {0};
619 /* Called from RCU critical section */
620 MemoryRegion *flatview_translate(FlatView *fv, hwaddr addr, hwaddr *xlat,
621 hwaddr *plen, bool is_write)
624 MemoryRegionSection section;
625 AddressSpace *as = NULL;
627 /* This can be MMIO, so setup MMIO bit. */
628 section = flatview_do_translate(fv, addr, xlat, plen, NULL,
629 is_write, true, &as);
632 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
633 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
634 *plen = MIN(page, *plen);
640 /* Called from RCU critical section */
641 MemoryRegionSection *
642 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
643 hwaddr *xlat, hwaddr *plen)
645 MemoryRegionSection *section;
646 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
648 section = address_space_translate_internal(d, addr, xlat, plen, false);
650 assert(!memory_region_is_iommu(section->mr));
655 #if !defined(CONFIG_USER_ONLY)
657 static int cpu_common_post_load(void *opaque, int version_id)
659 CPUState *cpu = opaque;
661 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
662 version_id is increased. */
663 cpu->interrupt_request &= ~0x01;
666 /* loadvm has just updated the content of RAM, bypassing the
667 * usual mechanisms that ensure we flush TBs for writes to
668 * memory we've translated code from. So we must flush all TBs,
669 * which will now be stale.
676 static int cpu_common_pre_load(void *opaque)
678 CPUState *cpu = opaque;
680 cpu->exception_index = -1;
685 static bool cpu_common_exception_index_needed(void *opaque)
687 CPUState *cpu = opaque;
689 return tcg_enabled() && cpu->exception_index != -1;
692 static const VMStateDescription vmstate_cpu_common_exception_index = {
693 .name = "cpu_common/exception_index",
695 .minimum_version_id = 1,
696 .needed = cpu_common_exception_index_needed,
697 .fields = (VMStateField[]) {
698 VMSTATE_INT32(exception_index, CPUState),
699 VMSTATE_END_OF_LIST()
703 static bool cpu_common_crash_occurred_needed(void *opaque)
705 CPUState *cpu = opaque;
707 return cpu->crash_occurred;
710 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
711 .name = "cpu_common/crash_occurred",
713 .minimum_version_id = 1,
714 .needed = cpu_common_crash_occurred_needed,
715 .fields = (VMStateField[]) {
716 VMSTATE_BOOL(crash_occurred, CPUState),
717 VMSTATE_END_OF_LIST()
721 const VMStateDescription vmstate_cpu_common = {
722 .name = "cpu_common",
724 .minimum_version_id = 1,
725 .pre_load = cpu_common_pre_load,
726 .post_load = cpu_common_post_load,
727 .fields = (VMStateField[]) {
728 VMSTATE_UINT32(halted, CPUState),
729 VMSTATE_UINT32(interrupt_request, CPUState),
730 VMSTATE_END_OF_LIST()
732 .subsections = (const VMStateDescription*[]) {
733 &vmstate_cpu_common_exception_index,
734 &vmstate_cpu_common_crash_occurred,
741 CPUState *qemu_get_cpu(int index)
746 if (cpu->cpu_index == index) {
754 #if !defined(CONFIG_USER_ONLY)
755 void cpu_address_space_init(CPUState *cpu, int asidx,
756 const char *prefix, MemoryRegion *mr)
758 CPUAddressSpace *newas;
759 AddressSpace *as = g_new0(AddressSpace, 1);
763 as_name = g_strdup_printf("%s-%d", prefix, cpu->cpu_index);
764 address_space_init(as, mr, as_name);
767 /* Target code should have set num_ases before calling us */
768 assert(asidx < cpu->num_ases);
771 /* address space 0 gets the convenience alias */
775 /* KVM cannot currently support multiple address spaces. */
776 assert(asidx == 0 || !kvm_enabled());
778 if (!cpu->cpu_ases) {
779 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
782 newas = &cpu->cpu_ases[asidx];
786 newas->tcg_as_listener.commit = tcg_commit;
787 memory_listener_register(&newas->tcg_as_listener, as);
791 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
793 /* Return the AddressSpace corresponding to the specified index */
794 return cpu->cpu_ases[asidx].as;
798 void cpu_exec_unrealizefn(CPUState *cpu)
800 CPUClass *cc = CPU_GET_CLASS(cpu);
802 cpu_list_remove(cpu);
804 if (cc->vmsd != NULL) {
805 vmstate_unregister(NULL, cc->vmsd, cpu);
807 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
808 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
812 Property cpu_common_props[] = {
813 #ifndef CONFIG_USER_ONLY
814 /* Create a memory property for softmmu CPU object,
815 * so users can wire up its memory. (This can't go in qom/cpu.c
816 * because that file is compiled only once for both user-mode
817 * and system builds.) The default if no link is set up is to use
818 * the system address space.
820 DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
823 DEFINE_PROP_END_OF_LIST(),
826 void cpu_exec_initfn(CPUState *cpu)
831 #ifndef CONFIG_USER_ONLY
832 cpu->thread_id = qemu_get_thread_id();
833 cpu->memory = system_memory;
834 object_ref(OBJECT(cpu->memory));
838 void cpu_exec_realizefn(CPUState *cpu, Error **errp)
840 CPUClass *cc = CPU_GET_CLASS(cpu);
841 static bool tcg_target_initialized;
845 if (tcg_enabled() && !tcg_target_initialized) {
846 tcg_target_initialized = true;
847 cc->tcg_initialize();
850 #ifndef CONFIG_USER_ONLY
851 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
852 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
854 if (cc->vmsd != NULL) {
855 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
860 const char *parse_cpu_model(const char *cpu_model)
864 gchar **model_pieces;
865 const char *cpu_type;
867 model_pieces = g_strsplit(cpu_model, ",", 2);
869 oc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
871 error_report("unable to find CPU model '%s'", model_pieces[0]);
872 g_strfreev(model_pieces);
876 cpu_type = object_class_get_name(oc);
878 cc->parse_features(cpu_type, model_pieces[1], &error_fatal);
879 g_strfreev(model_pieces);
883 #if defined(CONFIG_USER_ONLY)
884 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
888 tb_invalidate_phys_page_range(pc, pc + 1, 0);
893 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
896 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
897 int asidx = cpu_asidx_from_attrs(cpu, attrs);
899 /* Locks grabbed by tb_invalidate_phys_addr */
900 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
901 phys | (pc & ~TARGET_PAGE_MASK));
906 #if defined(CONFIG_USER_ONLY)
907 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
912 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
918 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
922 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
923 int flags, CPUWatchpoint **watchpoint)
928 /* Add a watchpoint. */
929 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
930 int flags, CPUWatchpoint **watchpoint)
934 /* forbid ranges which are empty or run off the end of the address space */
935 if (len == 0 || (addr + len - 1) < addr) {
936 error_report("tried to set invalid watchpoint at %"
937 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
940 wp = g_malloc(sizeof(*wp));
946 /* keep all GDB-injected watchpoints in front */
947 if (flags & BP_GDB) {
948 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
950 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
953 tlb_flush_page(cpu, addr);
960 /* Remove a specific watchpoint. */
961 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
966 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
967 if (addr == wp->vaddr && len == wp->len
968 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
969 cpu_watchpoint_remove_by_ref(cpu, wp);
976 /* Remove a specific watchpoint by reference. */
977 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
979 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
981 tlb_flush_page(cpu, watchpoint->vaddr);
986 /* Remove all matching watchpoints. */
987 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
989 CPUWatchpoint *wp, *next;
991 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
992 if (wp->flags & mask) {
993 cpu_watchpoint_remove_by_ref(cpu, wp);
998 /* Return true if this watchpoint address matches the specified
999 * access (ie the address range covered by the watchpoint overlaps
1000 * partially or completely with the address range covered by the
1003 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
1007 /* We know the lengths are non-zero, but a little caution is
1008 * required to avoid errors in the case where the range ends
1009 * exactly at the top of the address space and so addr + len
1010 * wraps round to zero.
1012 vaddr wpend = wp->vaddr + wp->len - 1;
1013 vaddr addrend = addr + len - 1;
1015 return !(addr > wpend || wp->vaddr > addrend);
1020 /* Add a breakpoint. */
1021 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
1022 CPUBreakpoint **breakpoint)
1026 bp = g_malloc(sizeof(*bp));
1031 /* keep all GDB-injected breakpoints in front */
1032 if (flags & BP_GDB) {
1033 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
1035 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
1038 breakpoint_invalidate(cpu, pc);
1046 /* Remove a specific breakpoint. */
1047 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
1051 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
1052 if (bp->pc == pc && bp->flags == flags) {
1053 cpu_breakpoint_remove_by_ref(cpu, bp);
1060 /* Remove a specific breakpoint by reference. */
1061 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
1063 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
1065 breakpoint_invalidate(cpu, breakpoint->pc);
1070 /* Remove all matching breakpoints. */
1071 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
1073 CPUBreakpoint *bp, *next;
1075 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
1076 if (bp->flags & mask) {
1077 cpu_breakpoint_remove_by_ref(cpu, bp);
1082 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1083 CPU loop after each instruction */
1084 void cpu_single_step(CPUState *cpu, int enabled)
1086 if (cpu->singlestep_enabled != enabled) {
1087 cpu->singlestep_enabled = enabled;
1088 if (kvm_enabled()) {
1089 kvm_update_guest_debug(cpu, 0);
1091 /* must flush all the translated code to avoid inconsistencies */
1092 /* XXX: only flush what is necessary */
1098 void cpu_abort(CPUState *cpu, const char *fmt, ...)
1105 fprintf(stderr, "qemu: fatal: ");
1106 vfprintf(stderr, fmt, ap);
1107 fprintf(stderr, "\n");
1108 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
1109 if (qemu_log_separate()) {
1111 qemu_log("qemu: fatal: ");
1112 qemu_log_vprintf(fmt, ap2);
1114 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
1122 #if defined(CONFIG_USER_ONLY)
1124 struct sigaction act;
1125 sigfillset(&act.sa_mask);
1126 act.sa_handler = SIG_DFL;
1127 sigaction(SIGABRT, &act, NULL);
1133 #if !defined(CONFIG_USER_ONLY)
1134 /* Called from RCU critical section */
1135 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1139 block = atomic_rcu_read(&ram_list.mru_block);
1140 if (block && addr - block->offset < block->max_length) {
1143 RAMBLOCK_FOREACH(block) {
1144 if (addr - block->offset < block->max_length) {
1149 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1153 /* It is safe to write mru_block outside the iothread lock. This
1158 * xxx removed from list
1162 * call_rcu(reclaim_ramblock, xxx);
1165 * atomic_rcu_set is not needed here. The block was already published
1166 * when it was placed into the list. Here we're just making an extra
1167 * copy of the pointer.
1169 ram_list.mru_block = block;
1173 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
1180 end = TARGET_PAGE_ALIGN(start + length);
1181 start &= TARGET_PAGE_MASK;
1184 block = qemu_get_ram_block(start);
1185 assert(block == qemu_get_ram_block(end - 1));
1186 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
1188 tlb_reset_dirty(cpu, start1, length);
1193 /* Note: start and end must be within the same ram block. */
1194 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
1198 DirtyMemoryBlocks *blocks;
1199 unsigned long end, page;
1206 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1207 page = start >> TARGET_PAGE_BITS;
1211 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1213 while (page < end) {
1214 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1215 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1216 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1218 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1225 if (dirty && tcg_enabled()) {
1226 tlb_reset_dirty_range_all(start, length);
1232 DirtyBitmapSnapshot *cpu_physical_memory_snapshot_and_clear_dirty
1233 (ram_addr_t start, ram_addr_t length, unsigned client)
1235 DirtyMemoryBlocks *blocks;
1236 unsigned long align = 1UL << (TARGET_PAGE_BITS + BITS_PER_LEVEL);
1237 ram_addr_t first = QEMU_ALIGN_DOWN(start, align);
1238 ram_addr_t last = QEMU_ALIGN_UP(start + length, align);
1239 DirtyBitmapSnapshot *snap;
1240 unsigned long page, end, dest;
1242 snap = g_malloc0(sizeof(*snap) +
1243 ((last - first) >> (TARGET_PAGE_BITS + 3)));
1244 snap->start = first;
1247 page = first >> TARGET_PAGE_BITS;
1248 end = last >> TARGET_PAGE_BITS;
1253 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1255 while (page < end) {
1256 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1257 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1258 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1260 assert(QEMU_IS_ALIGNED(offset, (1 << BITS_PER_LEVEL)));
1261 assert(QEMU_IS_ALIGNED(num, (1 << BITS_PER_LEVEL)));
1262 offset >>= BITS_PER_LEVEL;
1264 bitmap_copy_and_clear_atomic(snap->dirty + dest,
1265 blocks->blocks[idx] + offset,
1268 dest += num >> BITS_PER_LEVEL;
1273 if (tcg_enabled()) {
1274 tlb_reset_dirty_range_all(start, length);
1280 bool cpu_physical_memory_snapshot_get_dirty(DirtyBitmapSnapshot *snap,
1284 unsigned long page, end;
1286 assert(start >= snap->start);
1287 assert(start + length <= snap->end);
1289 end = TARGET_PAGE_ALIGN(start + length - snap->start) >> TARGET_PAGE_BITS;
1290 page = (start - snap->start) >> TARGET_PAGE_BITS;
1292 while (page < end) {
1293 if (test_bit(page, snap->dirty)) {
1301 /* Called from RCU critical section */
1302 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1303 MemoryRegionSection *section,
1305 hwaddr paddr, hwaddr xlat,
1307 target_ulong *address)
1312 if (memory_region_is_ram(section->mr)) {
1314 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1315 if (!section->readonly) {
1316 iotlb |= PHYS_SECTION_NOTDIRTY;
1318 iotlb |= PHYS_SECTION_ROM;
1321 AddressSpaceDispatch *d;
1323 d = flatview_to_dispatch(section->fv);
1324 iotlb = section - d->map.sections;
1328 /* Make accesses to pages with watchpoints go via the
1329 watchpoint trap routines. */
1330 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1331 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1332 /* Avoid trapping reads of pages with a write breakpoint. */
1333 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1334 iotlb = PHYS_SECTION_WATCH + paddr;
1335 *address |= TLB_MMIO;
1343 #endif /* defined(CONFIG_USER_ONLY) */
1345 #if !defined(CONFIG_USER_ONLY)
1347 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1349 static subpage_t *subpage_init(FlatView *fv, hwaddr base);
1351 static void *(*phys_mem_alloc)(size_t size, uint64_t *align, bool shared) =
1352 qemu_anon_ram_alloc;
1355 * Set a custom physical guest memory alloator.
1356 * Accelerators with unusual needs may need this. Hopefully, we can
1357 * get rid of it eventually.
1359 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align, bool shared))
1361 phys_mem_alloc = alloc;
1364 static uint16_t phys_section_add(PhysPageMap *map,
1365 MemoryRegionSection *section)
1367 /* The physical section number is ORed with a page-aligned
1368 * pointer to produce the iotlb entries. Thus it should
1369 * never overflow into the page-aligned value.
1371 assert(map->sections_nb < TARGET_PAGE_SIZE);
1373 if (map->sections_nb == map->sections_nb_alloc) {
1374 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1375 map->sections = g_renew(MemoryRegionSection, map->sections,
1376 map->sections_nb_alloc);
1378 map->sections[map->sections_nb] = *section;
1379 memory_region_ref(section->mr);
1380 return map->sections_nb++;
1383 static void phys_section_destroy(MemoryRegion *mr)
1385 bool have_sub_page = mr->subpage;
1387 memory_region_unref(mr);
1389 if (have_sub_page) {
1390 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1391 object_unref(OBJECT(&subpage->iomem));
1396 static void phys_sections_free(PhysPageMap *map)
1398 while (map->sections_nb > 0) {
1399 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1400 phys_section_destroy(section->mr);
1402 g_free(map->sections);
1406 static void register_subpage(FlatView *fv, MemoryRegionSection *section)
1408 AddressSpaceDispatch *d = flatview_to_dispatch(fv);
1410 hwaddr base = section->offset_within_address_space
1412 MemoryRegionSection *existing = phys_page_find(d, base);
1413 MemoryRegionSection subsection = {
1414 .offset_within_address_space = base,
1415 .size = int128_make64(TARGET_PAGE_SIZE),
1419 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1421 if (!(existing->mr->subpage)) {
1422 subpage = subpage_init(fv, base);
1424 subsection.mr = &subpage->iomem;
1425 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1426 phys_section_add(&d->map, &subsection));
1428 subpage = container_of(existing->mr, subpage_t, iomem);
1430 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1431 end = start + int128_get64(section->size) - 1;
1432 subpage_register(subpage, start, end,
1433 phys_section_add(&d->map, section));
1437 static void register_multipage(FlatView *fv,
1438 MemoryRegionSection *section)
1440 AddressSpaceDispatch *d = flatview_to_dispatch(fv);
1441 hwaddr start_addr = section->offset_within_address_space;
1442 uint16_t section_index = phys_section_add(&d->map, section);
1443 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1447 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1450 void flatview_add_to_dispatch(FlatView *fv, MemoryRegionSection *section)
1452 MemoryRegionSection now = *section, remain = *section;
1453 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1455 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1456 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1457 - now.offset_within_address_space;
1459 now.size = int128_min(int128_make64(left), now.size);
1460 register_subpage(fv, &now);
1462 now.size = int128_zero();
1464 while (int128_ne(remain.size, now.size)) {
1465 remain.size = int128_sub(remain.size, now.size);
1466 remain.offset_within_address_space += int128_get64(now.size);
1467 remain.offset_within_region += int128_get64(now.size);
1469 if (int128_lt(remain.size, page_size)) {
1470 register_subpage(fv, &now);
1471 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1472 now.size = page_size;
1473 register_subpage(fv, &now);
1475 now.size = int128_and(now.size, int128_neg(page_size));
1476 register_multipage(fv, &now);
1481 void qemu_flush_coalesced_mmio_buffer(void)
1484 kvm_flush_coalesced_mmio_buffer();
1487 void qemu_mutex_lock_ramlist(void)
1489 qemu_mutex_lock(&ram_list.mutex);
1492 void qemu_mutex_unlock_ramlist(void)
1494 qemu_mutex_unlock(&ram_list.mutex);
1497 void ram_block_dump(Monitor *mon)
1503 monitor_printf(mon, "%24s %8s %18s %18s %18s\n",
1504 "Block Name", "PSize", "Offset", "Used", "Total");
1505 RAMBLOCK_FOREACH(block) {
1506 psize = size_to_str(block->page_size);
1507 monitor_printf(mon, "%24s %8s 0x%016" PRIx64 " 0x%016" PRIx64
1508 " 0x%016" PRIx64 "\n", block->idstr, psize,
1509 (uint64_t)block->offset,
1510 (uint64_t)block->used_length,
1511 (uint64_t)block->max_length);
1519 * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
1520 * may or may not name the same files / on the same filesystem now as
1521 * when we actually open and map them. Iterate over the file
1522 * descriptors instead, and use qemu_fd_getpagesize().
1524 static int find_max_supported_pagesize(Object *obj, void *opaque)
1526 long *hpsize_min = opaque;
1528 if (object_dynamic_cast(obj, TYPE_MEMORY_BACKEND)) {
1529 long hpsize = host_memory_backend_pagesize(MEMORY_BACKEND(obj));
1531 if (hpsize < *hpsize_min) {
1532 *hpsize_min = hpsize;
1539 long qemu_getrampagesize(void)
1541 long hpsize = LONG_MAX;
1542 long mainrampagesize;
1543 Object *memdev_root;
1545 mainrampagesize = qemu_mempath_getpagesize(mem_path);
1547 /* it's possible we have memory-backend objects with
1548 * hugepage-backed RAM. these may get mapped into system
1549 * address space via -numa parameters or memory hotplug
1550 * hooks. we want to take these into account, but we
1551 * also want to make sure these supported hugepage
1552 * sizes are applicable across the entire range of memory
1553 * we may boot from, so we take the min across all
1554 * backends, and assume normal pages in cases where a
1555 * backend isn't backed by hugepages.
1557 memdev_root = object_resolve_path("/objects", NULL);
1559 object_child_foreach(memdev_root, find_max_supported_pagesize, &hpsize);
1561 if (hpsize == LONG_MAX) {
1562 /* No additional memory regions found ==> Report main RAM page size */
1563 return mainrampagesize;
1566 /* If NUMA is disabled or the NUMA nodes are not backed with a
1567 * memory-backend, then there is at least one node using "normal" RAM,
1568 * so if its page size is smaller we have got to report that size instead.
1570 if (hpsize > mainrampagesize &&
1571 (nb_numa_nodes == 0 || numa_info[0].node_memdev == NULL)) {
1574 error_report("Huge page support disabled (n/a for main memory).");
1577 return mainrampagesize;
1583 long qemu_getrampagesize(void)
1585 return getpagesize();
1590 static int64_t get_file_size(int fd)
1592 int64_t size = lseek(fd, 0, SEEK_END);
1599 static int file_ram_open(const char *path,
1600 const char *region_name,
1605 char *sanitized_name;
1611 fd = open(path, O_RDWR);
1613 /* @path names an existing file, use it */
1616 if (errno == ENOENT) {
1617 /* @path names a file that doesn't exist, create it */
1618 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1623 } else if (errno == EISDIR) {
1624 /* @path names a directory, create a file there */
1625 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1626 sanitized_name = g_strdup(region_name);
1627 for (c = sanitized_name; *c != '\0'; c++) {
1633 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1635 g_free(sanitized_name);
1637 fd = mkstemp(filename);
1645 if (errno != EEXIST && errno != EINTR) {
1646 error_setg_errno(errp, errno,
1647 "can't open backing store %s for guest RAM",
1652 * Try again on EINTR and EEXIST. The latter happens when
1653 * something else creates the file between our two open().
1660 static void *file_ram_alloc(RAMBlock *block,
1668 block->page_size = qemu_fd_getpagesize(fd);
1669 if (block->mr->align % block->page_size) {
1670 error_setg(errp, "alignment 0x%" PRIx64
1671 " must be multiples of page size 0x%zx",
1672 block->mr->align, block->page_size);
1675 block->mr->align = MAX(block->page_size, block->mr->align);
1676 #if defined(__s390x__)
1677 if (kvm_enabled()) {
1678 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1682 if (memory < block->page_size) {
1683 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1684 "or larger than page size 0x%zx",
1685 memory, block->page_size);
1689 memory = ROUND_UP(memory, block->page_size);
1692 * ftruncate is not supported by hugetlbfs in older
1693 * hosts, so don't bother bailing out on errors.
1694 * If anything goes wrong with it under other filesystems,
1697 * Do not truncate the non-empty backend file to avoid corrupting
1698 * the existing data in the file. Disabling shrinking is not
1699 * enough. For example, the current vNVDIMM implementation stores
1700 * the guest NVDIMM labels at the end of the backend file. If the
1701 * backend file is later extended, QEMU will not be able to find
1702 * those labels. Therefore, extending the non-empty backend file
1703 * is disabled as well.
1705 if (truncate && ftruncate(fd, memory)) {
1706 perror("ftruncate");
1709 area = qemu_ram_mmap(fd, memory, block->mr->align,
1710 block->flags & RAM_SHARED);
1711 if (area == MAP_FAILED) {
1712 error_setg_errno(errp, errno,
1713 "unable to map backing store for guest RAM");
1718 os_mem_prealloc(fd, area, memory, smp_cpus, errp);
1719 if (errp && *errp) {
1720 qemu_ram_munmap(area, memory);
1730 /* Allocate space within the ram_addr_t space that governs the
1732 * Called with the ramlist lock held.
1734 static ram_addr_t find_ram_offset(ram_addr_t size)
1736 RAMBlock *block, *next_block;
1737 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1739 assert(size != 0); /* it would hand out same offset multiple times */
1741 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1745 RAMBLOCK_FOREACH(block) {
1746 ram_addr_t candidate, next = RAM_ADDR_MAX;
1748 /* Align blocks to start on a 'long' in the bitmap
1749 * which makes the bitmap sync'ing take the fast path.
1751 candidate = block->offset + block->max_length;
1752 candidate = ROUND_UP(candidate, BITS_PER_LONG << TARGET_PAGE_BITS);
1754 /* Search for the closest following block
1757 RAMBLOCK_FOREACH(next_block) {
1758 if (next_block->offset >= candidate) {
1759 next = MIN(next, next_block->offset);
1763 /* If it fits remember our place and remember the size
1764 * of gap, but keep going so that we might find a smaller
1765 * gap to fill so avoiding fragmentation.
1767 if (next - candidate >= size && next - candidate < mingap) {
1769 mingap = next - candidate;
1772 trace_find_ram_offset_loop(size, candidate, offset, next, mingap);
1775 if (offset == RAM_ADDR_MAX) {
1776 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1781 trace_find_ram_offset(size, offset);
1786 unsigned long last_ram_page(void)
1789 ram_addr_t last = 0;
1792 RAMBLOCK_FOREACH(block) {
1793 last = MAX(last, block->offset + block->max_length);
1796 return last >> TARGET_PAGE_BITS;
1799 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1803 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1804 if (!machine_dump_guest_core(current_machine)) {
1805 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1807 perror("qemu_madvise");
1808 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1809 "but dump_guest_core=off specified\n");
1814 const char *qemu_ram_get_idstr(RAMBlock *rb)
1819 bool qemu_ram_is_shared(RAMBlock *rb)
1821 return rb->flags & RAM_SHARED;
1824 /* Note: Only set at the start of postcopy */
1825 bool qemu_ram_is_uf_zeroable(RAMBlock *rb)
1827 return rb->flags & RAM_UF_ZEROPAGE;
1830 void qemu_ram_set_uf_zeroable(RAMBlock *rb)
1832 rb->flags |= RAM_UF_ZEROPAGE;
1835 /* Called with iothread lock held. */
1836 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1841 assert(!new_block->idstr[0]);
1844 char *id = qdev_get_dev_path(dev);
1846 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1850 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1853 RAMBLOCK_FOREACH(block) {
1854 if (block != new_block &&
1855 !strcmp(block->idstr, new_block->idstr)) {
1856 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1864 /* Called with iothread lock held. */
1865 void qemu_ram_unset_idstr(RAMBlock *block)
1867 /* FIXME: arch_init.c assumes that this is not called throughout
1868 * migration. Ignore the problem since hot-unplug during migration
1869 * does not work anyway.
1872 memset(block->idstr, 0, sizeof(block->idstr));
1876 size_t qemu_ram_pagesize(RAMBlock *rb)
1878 return rb->page_size;
1881 /* Returns the largest size of page in use */
1882 size_t qemu_ram_pagesize_largest(void)
1887 RAMBLOCK_FOREACH(block) {
1888 largest = MAX(largest, qemu_ram_pagesize(block));
1894 static int memory_try_enable_merging(void *addr, size_t len)
1896 if (!machine_mem_merge(current_machine)) {
1897 /* disabled by the user */
1901 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1904 /* Only legal before guest might have detected the memory size: e.g. on
1905 * incoming migration, or right after reset.
1907 * As memory core doesn't know how is memory accessed, it is up to
1908 * resize callback to update device state and/or add assertions to detect
1909 * misuse, if necessary.
1911 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1915 newsize = HOST_PAGE_ALIGN(newsize);
1917 if (block->used_length == newsize) {
1921 if (!(block->flags & RAM_RESIZEABLE)) {
1922 error_setg_errno(errp, EINVAL,
1923 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1924 " in != 0x" RAM_ADDR_FMT, block->idstr,
1925 newsize, block->used_length);
1929 if (block->max_length < newsize) {
1930 error_setg_errno(errp, EINVAL,
1931 "Length too large: %s: 0x" RAM_ADDR_FMT
1932 " > 0x" RAM_ADDR_FMT, block->idstr,
1933 newsize, block->max_length);
1937 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1938 block->used_length = newsize;
1939 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1941 memory_region_set_size(block->mr, newsize);
1942 if (block->resized) {
1943 block->resized(block->idstr, newsize, block->host);
1948 /* Called with ram_list.mutex held */
1949 static void dirty_memory_extend(ram_addr_t old_ram_size,
1950 ram_addr_t new_ram_size)
1952 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1953 DIRTY_MEMORY_BLOCK_SIZE);
1954 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1955 DIRTY_MEMORY_BLOCK_SIZE);
1958 /* Only need to extend if block count increased */
1959 if (new_num_blocks <= old_num_blocks) {
1963 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1964 DirtyMemoryBlocks *old_blocks;
1965 DirtyMemoryBlocks *new_blocks;
1968 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1969 new_blocks = g_malloc(sizeof(*new_blocks) +
1970 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1972 if (old_num_blocks) {
1973 memcpy(new_blocks->blocks, old_blocks->blocks,
1974 old_num_blocks * sizeof(old_blocks->blocks[0]));
1977 for (j = old_num_blocks; j < new_num_blocks; j++) {
1978 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1981 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1984 g_free_rcu(old_blocks, rcu);
1989 static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared)
1992 RAMBlock *last_block = NULL;
1993 ram_addr_t old_ram_size, new_ram_size;
1996 old_ram_size = last_ram_page();
1998 qemu_mutex_lock_ramlist();
1999 new_block->offset = find_ram_offset(new_block->max_length);
2001 if (!new_block->host) {
2002 if (xen_enabled()) {
2003 xen_ram_alloc(new_block->offset, new_block->max_length,
2004 new_block->mr, &err);
2006 error_propagate(errp, err);
2007 qemu_mutex_unlock_ramlist();
2011 new_block->host = phys_mem_alloc(new_block->max_length,
2012 &new_block->mr->align, shared);
2013 if (!new_block->host) {
2014 error_setg_errno(errp, errno,
2015 "cannot set up guest memory '%s'",
2016 memory_region_name(new_block->mr));
2017 qemu_mutex_unlock_ramlist();
2020 memory_try_enable_merging(new_block->host, new_block->max_length);
2024 new_ram_size = MAX(old_ram_size,
2025 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
2026 if (new_ram_size > old_ram_size) {
2027 dirty_memory_extend(old_ram_size, new_ram_size);
2029 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
2030 * QLIST (which has an RCU-friendly variant) does not have insertion at
2031 * tail, so save the last element in last_block.
2033 RAMBLOCK_FOREACH(block) {
2035 if (block->max_length < new_block->max_length) {
2040 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
2041 } else if (last_block) {
2042 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
2043 } else { /* list is empty */
2044 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
2046 ram_list.mru_block = NULL;
2048 /* Write list before version */
2051 qemu_mutex_unlock_ramlist();
2053 cpu_physical_memory_set_dirty_range(new_block->offset,
2054 new_block->used_length,
2057 if (new_block->host) {
2058 qemu_ram_setup_dump(new_block->host, new_block->max_length);
2059 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
2060 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
2061 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
2062 ram_block_notify_add(new_block->host, new_block->max_length);
2067 RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
2071 RAMBlock *new_block;
2072 Error *local_err = NULL;
2075 if (xen_enabled()) {
2076 error_setg(errp, "-mem-path not supported with Xen");
2080 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2082 "host lacks kvm mmu notifiers, -mem-path unsupported");
2086 if (phys_mem_alloc != qemu_anon_ram_alloc) {
2088 * file_ram_alloc() needs to allocate just like
2089 * phys_mem_alloc, but we haven't bothered to provide
2093 "-mem-path not supported with this accelerator");
2097 size = HOST_PAGE_ALIGN(size);
2098 file_size = get_file_size(fd);
2099 if (file_size > 0 && file_size < size) {
2100 error_setg(errp, "backing store %s size 0x%" PRIx64
2101 " does not match 'size' option 0x" RAM_ADDR_FMT,
2102 mem_path, file_size, size);
2106 new_block = g_malloc0(sizeof(*new_block));
2108 new_block->used_length = size;
2109 new_block->max_length = size;
2110 new_block->flags = share ? RAM_SHARED : 0;
2111 new_block->host = file_ram_alloc(new_block, size, fd, !file_size, errp);
2112 if (!new_block->host) {
2117 ram_block_add(new_block, &local_err, share);
2120 error_propagate(errp, local_err);
2128 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
2129 bool share, const char *mem_path,
2136 fd = file_ram_open(mem_path, memory_region_name(mr), &created, errp);
2141 block = qemu_ram_alloc_from_fd(size, mr, share, fd, errp);
2155 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
2156 void (*resized)(const char*,
2159 void *host, bool resizeable, bool share,
2160 MemoryRegion *mr, Error **errp)
2162 RAMBlock *new_block;
2163 Error *local_err = NULL;
2165 size = HOST_PAGE_ALIGN(size);
2166 max_size = HOST_PAGE_ALIGN(max_size);
2167 new_block = g_malloc0(sizeof(*new_block));
2169 new_block->resized = resized;
2170 new_block->used_length = size;
2171 new_block->max_length = max_size;
2172 assert(max_size >= size);
2174 new_block->page_size = getpagesize();
2175 new_block->host = host;
2177 new_block->flags |= RAM_PREALLOC;
2180 new_block->flags |= RAM_RESIZEABLE;
2182 ram_block_add(new_block, &local_err, share);
2185 error_propagate(errp, local_err);
2191 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2192 MemoryRegion *mr, Error **errp)
2194 return qemu_ram_alloc_internal(size, size, NULL, host, false,
2198 RAMBlock *qemu_ram_alloc(ram_addr_t size, bool share,
2199 MemoryRegion *mr, Error **errp)
2201 return qemu_ram_alloc_internal(size, size, NULL, NULL, false,
2205 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
2206 void (*resized)(const char*,
2209 MemoryRegion *mr, Error **errp)
2211 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true,
2215 static void reclaim_ramblock(RAMBlock *block)
2217 if (block->flags & RAM_PREALLOC) {
2219 } else if (xen_enabled()) {
2220 xen_invalidate_map_cache_entry(block->host);
2222 } else if (block->fd >= 0) {
2223 qemu_ram_munmap(block->host, block->max_length);
2227 qemu_anon_ram_free(block->host, block->max_length);
2232 void qemu_ram_free(RAMBlock *block)
2239 ram_block_notify_remove(block->host, block->max_length);
2242 qemu_mutex_lock_ramlist();
2243 QLIST_REMOVE_RCU(block, next);
2244 ram_list.mru_block = NULL;
2245 /* Write list before version */
2248 call_rcu(block, reclaim_ramblock, rcu);
2249 qemu_mutex_unlock_ramlist();
2253 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2260 RAMBLOCK_FOREACH(block) {
2261 offset = addr - block->offset;
2262 if (offset < block->max_length) {
2263 vaddr = ramblock_ptr(block, offset);
2264 if (block->flags & RAM_PREALLOC) {
2266 } else if (xen_enabled()) {
2270 if (block->fd >= 0) {
2271 flags |= (block->flags & RAM_SHARED ?
2272 MAP_SHARED : MAP_PRIVATE);
2273 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2274 flags, block->fd, offset);
2277 * Remap needs to match alloc. Accelerators that
2278 * set phys_mem_alloc never remap. If they did,
2279 * we'd need a remap hook here.
2281 assert(phys_mem_alloc == qemu_anon_ram_alloc);
2283 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2284 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2287 if (area != vaddr) {
2288 error_report("Could not remap addr: "
2289 RAM_ADDR_FMT "@" RAM_ADDR_FMT "",
2293 memory_try_enable_merging(vaddr, length);
2294 qemu_ram_setup_dump(vaddr, length);
2299 #endif /* !_WIN32 */
2301 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2302 * This should not be used for general purpose DMA. Use address_space_map
2303 * or address_space_rw instead. For local memory (e.g. video ram) that the
2304 * device owns, use memory_region_get_ram_ptr.
2306 * Called within RCU critical section.
2308 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
2310 RAMBlock *block = ram_block;
2312 if (block == NULL) {
2313 block = qemu_get_ram_block(addr);
2314 addr -= block->offset;
2317 if (xen_enabled() && block->host == NULL) {
2318 /* We need to check if the requested address is in the RAM
2319 * because we don't want to map the entire memory in QEMU.
2320 * In that case just map until the end of the page.
2322 if (block->offset == 0) {
2323 return xen_map_cache(addr, 0, 0, false);
2326 block->host = xen_map_cache(block->offset, block->max_length, 1, false);
2328 return ramblock_ptr(block, addr);
2331 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
2332 * but takes a size argument.
2334 * Called within RCU critical section.
2336 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
2337 hwaddr *size, bool lock)
2339 RAMBlock *block = ram_block;
2344 if (block == NULL) {
2345 block = qemu_get_ram_block(addr);
2346 addr -= block->offset;
2348 *size = MIN(*size, block->max_length - addr);
2350 if (xen_enabled() && block->host == NULL) {
2351 /* We need to check if the requested address is in the RAM
2352 * because we don't want to map the entire memory in QEMU.
2353 * In that case just map the requested area.
2355 if (block->offset == 0) {
2356 return xen_map_cache(addr, *size, lock, lock);
2359 block->host = xen_map_cache(block->offset, block->max_length, 1, lock);
2362 return ramblock_ptr(block, addr);
2365 /* Return the offset of a hostpointer within a ramblock */
2366 ram_addr_t qemu_ram_block_host_offset(RAMBlock *rb, void *host)
2368 ram_addr_t res = (uint8_t *)host - (uint8_t *)rb->host;
2369 assert((uintptr_t)host >= (uintptr_t)rb->host);
2370 assert(res < rb->max_length);
2376 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
2379 * ptr: Host pointer to look up
2380 * round_offset: If true round the result offset down to a page boundary
2381 * *ram_addr: set to result ram_addr
2382 * *offset: set to result offset within the RAMBlock
2384 * Returns: RAMBlock (or NULL if not found)
2386 * By the time this function returns, the returned pointer is not protected
2387 * by RCU anymore. If the caller is not within an RCU critical section and
2388 * does not hold the iothread lock, it must have other means of protecting the
2389 * pointer, such as a reference to the region that includes the incoming
2392 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
2396 uint8_t *host = ptr;
2398 if (xen_enabled()) {
2399 ram_addr_t ram_addr;
2401 ram_addr = xen_ram_addr_from_mapcache(ptr);
2402 block = qemu_get_ram_block(ram_addr);
2404 *offset = ram_addr - block->offset;
2411 block = atomic_rcu_read(&ram_list.mru_block);
2412 if (block && block->host && host - block->host < block->max_length) {
2416 RAMBLOCK_FOREACH(block) {
2417 /* This case append when the block is not mapped. */
2418 if (block->host == NULL) {
2421 if (host - block->host < block->max_length) {
2430 *offset = (host - block->host);
2432 *offset &= TARGET_PAGE_MASK;
2439 * Finds the named RAMBlock
2441 * name: The name of RAMBlock to find
2443 * Returns: RAMBlock (or NULL if not found)
2445 RAMBlock *qemu_ram_block_by_name(const char *name)
2449 RAMBLOCK_FOREACH(block) {
2450 if (!strcmp(name, block->idstr)) {
2458 /* Some of the softmmu routines need to translate from a host pointer
2459 (typically a TLB entry) back to a ram offset. */
2460 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2465 block = qemu_ram_block_from_host(ptr, false, &offset);
2467 return RAM_ADDR_INVALID;
2470 return block->offset + offset;
2473 /* Called within RCU critical section. */
2474 void memory_notdirty_write_prepare(NotDirtyInfo *ndi,
2477 ram_addr_t ram_addr,
2481 ndi->ram_addr = ram_addr;
2482 ndi->mem_vaddr = mem_vaddr;
2484 ndi->locked = false;
2486 assert(tcg_enabled());
2487 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
2490 tb_invalidate_phys_page_fast(ram_addr, size);
2494 /* Called within RCU critical section. */
2495 void memory_notdirty_write_complete(NotDirtyInfo *ndi)
2501 /* Set both VGA and migration bits for simplicity and to remove
2502 * the notdirty callback faster.
2504 cpu_physical_memory_set_dirty_range(ndi->ram_addr, ndi->size,
2505 DIRTY_CLIENTS_NOCODE);
2506 /* we remove the notdirty callback only if the code has been
2508 if (!cpu_physical_memory_is_clean(ndi->ram_addr)) {
2509 tlb_set_dirty(ndi->cpu, ndi->mem_vaddr);
2513 /* Called within RCU critical section. */
2514 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
2515 uint64_t val, unsigned size)
2519 memory_notdirty_write_prepare(&ndi, current_cpu, current_cpu->mem_io_vaddr,
2524 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
2527 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
2530 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
2533 stq_p(qemu_map_ram_ptr(NULL, ram_addr), val);
2538 memory_notdirty_write_complete(&ndi);
2541 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2542 unsigned size, bool is_write)
2547 static const MemoryRegionOps notdirty_mem_ops = {
2548 .write = notdirty_mem_write,
2549 .valid.accepts = notdirty_mem_accepts,
2550 .endianness = DEVICE_NATIVE_ENDIAN,
2552 .min_access_size = 1,
2553 .max_access_size = 8,
2557 .min_access_size = 1,
2558 .max_access_size = 8,
2563 /* Generate a debug exception if a watchpoint has been hit. */
2564 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2566 CPUState *cpu = current_cpu;
2567 CPUClass *cc = CPU_GET_CLASS(cpu);
2571 assert(tcg_enabled());
2572 if (cpu->watchpoint_hit) {
2573 /* We re-entered the check after replacing the TB. Now raise
2574 * the debug interrupt so that is will trigger after the
2575 * current instruction. */
2576 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2579 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2580 vaddr = cc->adjust_watchpoint_address(cpu, vaddr, len);
2581 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2582 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2583 && (wp->flags & flags)) {
2584 if (flags == BP_MEM_READ) {
2585 wp->flags |= BP_WATCHPOINT_HIT_READ;
2587 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2589 wp->hitaddr = vaddr;
2590 wp->hitattrs = attrs;
2591 if (!cpu->watchpoint_hit) {
2592 if (wp->flags & BP_CPU &&
2593 !cc->debug_check_watchpoint(cpu, wp)) {
2594 wp->flags &= ~BP_WATCHPOINT_HIT;
2597 cpu->watchpoint_hit = wp;
2599 /* Both tb_lock and iothread_mutex will be reset when
2600 * cpu_loop_exit or cpu_loop_exit_noexc longjmp
2601 * back into the cpu_exec main loop.
2604 tb_check_watchpoint(cpu);
2605 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2606 cpu->exception_index = EXCP_DEBUG;
2609 /* Force execution of one insn next time. */
2610 cpu->cflags_next_tb = 1 | curr_cflags();
2611 cpu_loop_exit_noexc(cpu);
2615 wp->flags &= ~BP_WATCHPOINT_HIT;
2620 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2621 so these check for a hit then pass through to the normal out-of-line
2623 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2624 unsigned size, MemTxAttrs attrs)
2628 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2629 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2631 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2634 data = address_space_ldub(as, addr, attrs, &res);
2637 data = address_space_lduw(as, addr, attrs, &res);
2640 data = address_space_ldl(as, addr, attrs, &res);
2643 data = address_space_ldq(as, addr, attrs, &res);
2651 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2652 uint64_t val, unsigned size,
2656 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2657 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2659 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2662 address_space_stb(as, addr, val, attrs, &res);
2665 address_space_stw(as, addr, val, attrs, &res);
2668 address_space_stl(as, addr, val, attrs, &res);
2671 address_space_stq(as, addr, val, attrs, &res);
2678 static const MemoryRegionOps watch_mem_ops = {
2679 .read_with_attrs = watch_mem_read,
2680 .write_with_attrs = watch_mem_write,
2681 .endianness = DEVICE_NATIVE_ENDIAN,
2683 .min_access_size = 1,
2684 .max_access_size = 8,
2688 .min_access_size = 1,
2689 .max_access_size = 8,
2694 static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
2695 MemTxAttrs attrs, uint8_t *buf, int len);
2696 static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
2697 const uint8_t *buf, int len);
2698 static bool flatview_access_valid(FlatView *fv, hwaddr addr, int len,
2701 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2702 unsigned len, MemTxAttrs attrs)
2704 subpage_t *subpage = opaque;
2708 #if defined(DEBUG_SUBPAGE)
2709 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2710 subpage, len, addr);
2712 res = flatview_read(subpage->fv, addr + subpage->base, attrs, buf, len);
2718 *data = ldub_p(buf);
2721 *data = lduw_p(buf);
2734 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2735 uint64_t value, unsigned len, MemTxAttrs attrs)
2737 subpage_t *subpage = opaque;
2740 #if defined(DEBUG_SUBPAGE)
2741 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2742 " value %"PRIx64"\n",
2743 __func__, subpage, len, addr, value);
2761 return flatview_write(subpage->fv, addr + subpage->base, attrs, buf, len);
2764 static bool subpage_accepts(void *opaque, hwaddr addr,
2765 unsigned len, bool is_write)
2767 subpage_t *subpage = opaque;
2768 #if defined(DEBUG_SUBPAGE)
2769 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2770 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2773 return flatview_access_valid(subpage->fv, addr + subpage->base,
2777 static const MemoryRegionOps subpage_ops = {
2778 .read_with_attrs = subpage_read,
2779 .write_with_attrs = subpage_write,
2780 .impl.min_access_size = 1,
2781 .impl.max_access_size = 8,
2782 .valid.min_access_size = 1,
2783 .valid.max_access_size = 8,
2784 .valid.accepts = subpage_accepts,
2785 .endianness = DEVICE_NATIVE_ENDIAN,
2788 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2793 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2795 idx = SUBPAGE_IDX(start);
2796 eidx = SUBPAGE_IDX(end);
2797 #if defined(DEBUG_SUBPAGE)
2798 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2799 __func__, mmio, start, end, idx, eidx, section);
2801 for (; idx <= eidx; idx++) {
2802 mmio->sub_section[idx] = section;
2808 static subpage_t *subpage_init(FlatView *fv, hwaddr base)
2812 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
2815 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2816 NULL, TARGET_PAGE_SIZE);
2817 mmio->iomem.subpage = true;
2818 #if defined(DEBUG_SUBPAGE)
2819 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2820 mmio, base, TARGET_PAGE_SIZE);
2822 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2827 static uint16_t dummy_section(PhysPageMap *map, FlatView *fv, MemoryRegion *mr)
2830 MemoryRegionSection section = {
2833 .offset_within_address_space = 0,
2834 .offset_within_region = 0,
2835 .size = int128_2_64(),
2838 return phys_section_add(map, §ion);
2841 static void readonly_mem_write(void *opaque, hwaddr addr,
2842 uint64_t val, unsigned size)
2844 /* Ignore any write to ROM. */
2847 static bool readonly_mem_accepts(void *opaque, hwaddr addr,
2848 unsigned size, bool is_write)
2853 /* This will only be used for writes, because reads are special cased
2854 * to directly access the underlying host ram.
2856 static const MemoryRegionOps readonly_mem_ops = {
2857 .write = readonly_mem_write,
2858 .valid.accepts = readonly_mem_accepts,
2859 .endianness = DEVICE_NATIVE_ENDIAN,
2861 .min_access_size = 1,
2862 .max_access_size = 8,
2866 .min_access_size = 1,
2867 .max_access_size = 8,
2872 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2874 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2875 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2876 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2877 MemoryRegionSection *sections = d->map.sections;
2879 return sections[index & ~TARGET_PAGE_MASK].mr;
2882 static void io_mem_init(void)
2884 memory_region_init_io(&io_mem_rom, NULL, &readonly_mem_ops,
2885 NULL, NULL, UINT64_MAX);
2886 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2889 /* io_mem_notdirty calls tb_invalidate_phys_page_fast,
2890 * which can be called without the iothread mutex.
2892 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2894 memory_region_clear_global_locking(&io_mem_notdirty);
2896 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2900 AddressSpaceDispatch *address_space_dispatch_new(FlatView *fv)
2902 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2905 n = dummy_section(&d->map, fv, &io_mem_unassigned);
2906 assert(n == PHYS_SECTION_UNASSIGNED);
2907 n = dummy_section(&d->map, fv, &io_mem_notdirty);
2908 assert(n == PHYS_SECTION_NOTDIRTY);
2909 n = dummy_section(&d->map, fv, &io_mem_rom);
2910 assert(n == PHYS_SECTION_ROM);
2911 n = dummy_section(&d->map, fv, &io_mem_watch);
2912 assert(n == PHYS_SECTION_WATCH);
2914 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2919 void address_space_dispatch_free(AddressSpaceDispatch *d)
2921 phys_sections_free(&d->map);
2925 static void tcg_commit(MemoryListener *listener)
2927 CPUAddressSpace *cpuas;
2928 AddressSpaceDispatch *d;
2930 /* since each CPU stores ram addresses in its TLB cache, we must
2931 reset the modified entries */
2932 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2933 cpu_reloading_memory_map();
2934 /* The CPU and TLB are protected by the iothread lock.
2935 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2936 * may have split the RCU critical section.
2938 d = address_space_to_dispatch(cpuas->as);
2939 atomic_rcu_set(&cpuas->memory_dispatch, d);
2940 tlb_flush(cpuas->cpu);
2943 static void memory_map_init(void)
2945 system_memory = g_malloc(sizeof(*system_memory));
2947 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2948 address_space_init(&address_space_memory, system_memory, "memory");
2950 system_io = g_malloc(sizeof(*system_io));
2951 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2953 address_space_init(&address_space_io, system_io, "I/O");
2956 MemoryRegion *get_system_memory(void)
2958 return system_memory;
2961 MemoryRegion *get_system_io(void)
2966 #endif /* !defined(CONFIG_USER_ONLY) */
2968 /* physical memory access (slow version, mainly for debug) */
2969 #if defined(CONFIG_USER_ONLY)
2970 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2971 uint8_t *buf, int len, int is_write)
2978 page = addr & TARGET_PAGE_MASK;
2979 l = (page + TARGET_PAGE_SIZE) - addr;
2982 flags = page_get_flags(page);
2983 if (!(flags & PAGE_VALID))
2986 if (!(flags & PAGE_WRITE))
2988 /* XXX: this code should not depend on lock_user */
2989 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2992 unlock_user(p, addr, l);
2994 if (!(flags & PAGE_READ))
2996 /* XXX: this code should not depend on lock_user */
2997 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3000 unlock_user(p, addr, 0);
3011 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
3014 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3015 addr += memory_region_get_ram_addr(mr);
3017 /* No early return if dirty_log_mask is or becomes 0, because
3018 * cpu_physical_memory_set_dirty_range will still call
3019 * xen_modified_memory.
3021 if (dirty_log_mask) {
3023 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
3025 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
3026 assert(tcg_enabled());
3028 tb_invalidate_phys_range(addr, addr + length);
3030 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3032 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
3035 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
3037 unsigned access_size_max = mr->ops->valid.max_access_size;
3039 /* Regions are assumed to support 1-4 byte accesses unless
3040 otherwise specified. */
3041 if (access_size_max == 0) {
3042 access_size_max = 4;
3045 /* Bound the maximum access by the alignment of the address. */
3046 if (!mr->ops->impl.unaligned) {
3047 unsigned align_size_max = addr & -addr;
3048 if (align_size_max != 0 && align_size_max < access_size_max) {
3049 access_size_max = align_size_max;
3053 /* Don't attempt accesses larger than the maximum. */
3054 if (l > access_size_max) {
3055 l = access_size_max;
3062 static bool prepare_mmio_access(MemoryRegion *mr)
3064 bool unlocked = !qemu_mutex_iothread_locked();
3065 bool release_lock = false;
3067 if (unlocked && mr->global_locking) {
3068 qemu_mutex_lock_iothread();
3070 release_lock = true;
3072 if (mr->flush_coalesced_mmio) {
3074 qemu_mutex_lock_iothread();
3076 qemu_flush_coalesced_mmio_buffer();
3078 qemu_mutex_unlock_iothread();
3082 return release_lock;
3085 /* Called within RCU critical section. */
3086 static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
3089 int len, hwaddr addr1,
3090 hwaddr l, MemoryRegion *mr)
3094 MemTxResult result = MEMTX_OK;
3095 bool release_lock = false;
3098 if (!memory_access_is_direct(mr, true)) {
3099 release_lock |= prepare_mmio_access(mr);
3100 l = memory_access_size(mr, l, addr1);
3101 /* XXX: could force current_cpu to NULL to avoid
3105 /* 64 bit write access */
3107 result |= memory_region_dispatch_write(mr, addr1, val, 8,
3111 /* 32 bit write access */
3112 val = (uint32_t)ldl_p(buf);
3113 result |= memory_region_dispatch_write(mr, addr1, val, 4,
3117 /* 16 bit write access */
3119 result |= memory_region_dispatch_write(mr, addr1, val, 2,
3123 /* 8 bit write access */
3125 result |= memory_region_dispatch_write(mr, addr1, val, 1,
3133 ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
3134 memcpy(ptr, buf, l);
3135 invalidate_and_set_dirty(mr, addr1, l);
3139 qemu_mutex_unlock_iothread();
3140 release_lock = false;
3152 mr = flatview_translate(fv, addr, &addr1, &l, true);
3158 /* Called from RCU critical section. */
3159 static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
3160 const uint8_t *buf, int len)
3165 MemTxResult result = MEMTX_OK;
3168 mr = flatview_translate(fv, addr, &addr1, &l, true);
3169 result = flatview_write_continue(fv, addr, attrs, buf, len,
3175 /* Called within RCU critical section. */
3176 MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
3177 MemTxAttrs attrs, uint8_t *buf,
3178 int len, hwaddr addr1, hwaddr l,
3183 MemTxResult result = MEMTX_OK;
3184 bool release_lock = false;
3187 if (!memory_access_is_direct(mr, false)) {
3189 release_lock |= prepare_mmio_access(mr);
3190 l = memory_access_size(mr, l, addr1);
3193 /* 64 bit read access */
3194 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
3199 /* 32 bit read access */
3200 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
3205 /* 16 bit read access */
3206 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
3211 /* 8 bit read access */
3212 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
3221 ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
3222 memcpy(buf, ptr, l);
3226 qemu_mutex_unlock_iothread();
3227 release_lock = false;
3239 mr = flatview_translate(fv, addr, &addr1, &l, false);
3245 /* Called from RCU critical section. */
3246 static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
3247 MemTxAttrs attrs, uint8_t *buf, int len)
3254 mr = flatview_translate(fv, addr, &addr1, &l, false);
3255 return flatview_read_continue(fv, addr, attrs, buf, len,
3259 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
3260 MemTxAttrs attrs, uint8_t *buf, int len)
3262 MemTxResult result = MEMTX_OK;
3267 fv = address_space_to_flatview(as);
3268 result = flatview_read(fv, addr, attrs, buf, len);
3275 MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
3277 const uint8_t *buf, int len)
3279 MemTxResult result = MEMTX_OK;
3284 fv = address_space_to_flatview(as);
3285 result = flatview_write(fv, addr, attrs, buf, len);
3292 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
3293 uint8_t *buf, int len, bool is_write)
3296 return address_space_write(as, addr, attrs, buf, len);
3298 return address_space_read_full(as, addr, attrs, buf, len);
3302 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
3303 int len, int is_write)
3305 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
3306 buf, len, is_write);
3309 enum write_rom_type {
3314 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
3315 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
3325 mr = address_space_translate(as, addr, &addr1, &l, true);
3327 if (!(memory_region_is_ram(mr) ||
3328 memory_region_is_romd(mr))) {
3329 l = memory_access_size(mr, l, addr1);
3332 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3335 memcpy(ptr, buf, l);
3336 invalidate_and_set_dirty(mr, addr1, l);
3339 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
3350 /* used for ROM loading : can write in RAM and ROM */
3351 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
3352 const uint8_t *buf, int len)
3354 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
3357 void cpu_flush_icache_range(hwaddr start, int len)
3360 * This function should do the same thing as an icache flush that was
3361 * triggered from within the guest. For TCG we are always cache coherent,
3362 * so there is no need to flush anything. For KVM / Xen we need to flush
3363 * the host's instruction cache at least.
3365 if (tcg_enabled()) {
3369 cpu_physical_memory_write_rom_internal(&address_space_memory,
3370 start, NULL, len, FLUSH_CACHE);
3381 static BounceBuffer bounce;
3383 typedef struct MapClient {
3385 QLIST_ENTRY(MapClient) link;
3388 QemuMutex map_client_list_lock;
3389 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3390 = QLIST_HEAD_INITIALIZER(map_client_list);
3392 static void cpu_unregister_map_client_do(MapClient *client)
3394 QLIST_REMOVE(client, link);
3398 static void cpu_notify_map_clients_locked(void)
3402 while (!QLIST_EMPTY(&map_client_list)) {
3403 client = QLIST_FIRST(&map_client_list);
3404 qemu_bh_schedule(client->bh);
3405 cpu_unregister_map_client_do(client);
3409 void cpu_register_map_client(QEMUBH *bh)
3411 MapClient *client = g_malloc(sizeof(*client));
3413 qemu_mutex_lock(&map_client_list_lock);
3415 QLIST_INSERT_HEAD(&map_client_list, client, link);
3416 if (!atomic_read(&bounce.in_use)) {
3417 cpu_notify_map_clients_locked();
3419 qemu_mutex_unlock(&map_client_list_lock);
3422 void cpu_exec_init_all(void)
3424 qemu_mutex_init(&ram_list.mutex);
3425 /* The data structures we set up here depend on knowing the page size,
3426 * so no more changes can be made after this point.
3427 * In an ideal world, nothing we did before we had finished the
3428 * machine setup would care about the target page size, and we could
3429 * do this much later, rather than requiring board models to state
3430 * up front what their requirements are.
3432 finalize_target_page_bits();
3435 qemu_mutex_init(&map_client_list_lock);
3438 void cpu_unregister_map_client(QEMUBH *bh)
3442 qemu_mutex_lock(&map_client_list_lock);
3443 QLIST_FOREACH(client, &map_client_list, link) {
3444 if (client->bh == bh) {
3445 cpu_unregister_map_client_do(client);
3449 qemu_mutex_unlock(&map_client_list_lock);
3452 static void cpu_notify_map_clients(void)
3454 qemu_mutex_lock(&map_client_list_lock);
3455 cpu_notify_map_clients_locked();
3456 qemu_mutex_unlock(&map_client_list_lock);
3459 static bool flatview_access_valid(FlatView *fv, hwaddr addr, int len,
3467 mr = flatview_translate(fv, addr, &xlat, &l, is_write);
3468 if (!memory_access_is_direct(mr, is_write)) {
3469 l = memory_access_size(mr, l, addr);
3470 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
3481 bool address_space_access_valid(AddressSpace *as, hwaddr addr,
3482 int len, bool is_write)
3488 fv = address_space_to_flatview(as);
3489 result = flatview_access_valid(fv, addr, len, is_write);
3495 flatview_extend_translation(FlatView *fv, hwaddr addr,
3497 MemoryRegion *mr, hwaddr base, hwaddr len,
3502 MemoryRegion *this_mr;
3508 if (target_len == 0) {
3513 this_mr = flatview_translate(fv, addr, &xlat,
3515 if (this_mr != mr || xlat != base + done) {
3521 /* Map a physical memory region into a host virtual address.
3522 * May map a subset of the requested range, given by and returned in *plen.
3523 * May return NULL if resources needed to perform the mapping are exhausted.
3524 * Use only for reads OR writes - not for read-modify-write operations.
3525 * Use cpu_register_map_client() to know when retrying the map operation is
3526 * likely to succeed.
3528 void *address_space_map(AddressSpace *as,
3545 fv = address_space_to_flatview(as);
3546 mr = flatview_translate(fv, addr, &xlat, &l, is_write);
3548 if (!memory_access_is_direct(mr, is_write)) {
3549 if (atomic_xchg(&bounce.in_use, true)) {
3553 /* Avoid unbounded allocations */
3554 l = MIN(l, TARGET_PAGE_SIZE);
3555 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
3559 memory_region_ref(mr);
3562 flatview_read(fv, addr, MEMTXATTRS_UNSPECIFIED,
3568 return bounce.buffer;
3572 memory_region_ref(mr);
3573 *plen = flatview_extend_translation(fv, addr, len, mr, xlat,
3575 ptr = qemu_ram_ptr_length(mr->ram_block, xlat, plen, true);
3581 /* Unmaps a memory region previously mapped by address_space_map().
3582 * Will also mark the memory as dirty if is_write == 1. access_len gives
3583 * the amount of memory that was actually read or written by the caller.
3585 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3586 int is_write, hwaddr access_len)
3588 if (buffer != bounce.buffer) {
3592 mr = memory_region_from_host(buffer, &addr1);
3595 invalidate_and_set_dirty(mr, addr1, access_len);
3597 if (xen_enabled()) {
3598 xen_invalidate_map_cache_entry(buffer);
3600 memory_region_unref(mr);
3604 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3605 bounce.buffer, access_len);
3607 qemu_vfree(bounce.buffer);
3608 bounce.buffer = NULL;
3609 memory_region_unref(bounce.mr);
3610 atomic_mb_set(&bounce.in_use, false);
3611 cpu_notify_map_clients();
3614 void *cpu_physical_memory_map(hwaddr addr,
3618 return address_space_map(&address_space_memory, addr, plen, is_write);
3621 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3622 int is_write, hwaddr access_len)
3624 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3627 #define ARG1_DECL AddressSpace *as
3630 #define TRANSLATE(...) address_space_translate(as, __VA_ARGS__)
3631 #define IS_DIRECT(mr, is_write) memory_access_is_direct(mr, is_write)
3632 #define MAP_RAM(mr, ofs) qemu_map_ram_ptr((mr)->ram_block, ofs)
3633 #define INVALIDATE(mr, ofs, len) invalidate_and_set_dirty(mr, ofs, len)
3634 #define RCU_READ_LOCK(...) rcu_read_lock()
3635 #define RCU_READ_UNLOCK(...) rcu_read_unlock()
3636 #include "memory_ldst.inc.c"
3638 int64_t address_space_cache_init(MemoryRegionCache *cache,
3644 AddressSpaceDispatch *d;
3651 cache->fv = address_space_get_flatview(as);
3652 d = flatview_to_dispatch(cache->fv);
3653 cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true);
3656 memory_region_ref(mr);
3657 if (memory_access_is_direct(mr, is_write)) {
3658 l = flatview_extend_translation(cache->fv, addr, len, mr,
3659 cache->xlat, l, is_write);
3660 cache->ptr = qemu_ram_ptr_length(mr->ram_block, cache->xlat, &l, true);
3666 cache->is_write = is_write;
3670 void address_space_cache_invalidate(MemoryRegionCache *cache,
3674 assert(cache->is_write);
3675 if (likely(cache->ptr)) {
3676 invalidate_and_set_dirty(cache->mrs.mr, addr + cache->xlat, access_len);
3680 void address_space_cache_destroy(MemoryRegionCache *cache)
3682 if (!cache->mrs.mr) {
3686 if (xen_enabled()) {
3687 xen_invalidate_map_cache_entry(cache->ptr);
3689 memory_region_unref(cache->mrs.mr);
3690 flatview_unref(cache->fv);
3691 cache->mrs.mr = NULL;
3695 /* Called from RCU critical section. This function has the same
3696 * semantics as address_space_translate, but it only works on a
3697 * predefined range of a MemoryRegion that was mapped with
3698 * address_space_cache_init.
3700 static inline MemoryRegion *address_space_translate_cached(
3701 MemoryRegionCache *cache, hwaddr addr, hwaddr *xlat,
3702 hwaddr *plen, bool is_write)
3704 MemoryRegionSection section;
3706 IOMMUMemoryRegion *iommu_mr;
3707 AddressSpace *target_as;
3709 assert(!cache->ptr);
3710 *xlat = addr + cache->xlat;
3713 iommu_mr = memory_region_get_iommu(mr);
3719 section = address_space_translate_iommu(iommu_mr, xlat, plen,
3720 NULL, is_write, true,
3725 /* Called from RCU critical section. address_space_read_cached uses this
3726 * out of line function when the target is an MMIO or IOMMU region.
3729 address_space_read_cached_slow(MemoryRegionCache *cache, hwaddr addr,
3736 mr = address_space_translate_cached(cache, addr, &addr1, &l, false);
3737 flatview_read_continue(cache->fv,
3738 addr, MEMTXATTRS_UNSPECIFIED, buf, len,
3742 /* Called from RCU critical section. address_space_write_cached uses this
3743 * out of line function when the target is an MMIO or IOMMU region.
3746 address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
3747 const void *buf, int len)
3753 mr = address_space_translate_cached(cache, addr, &addr1, &l, true);
3754 flatview_write_continue(cache->fv,
3755 addr, MEMTXATTRS_UNSPECIFIED, buf, len,
3759 #define ARG1_DECL MemoryRegionCache *cache
3761 #define SUFFIX _cached_slow
3762 #define TRANSLATE(...) address_space_translate_cached(cache, __VA_ARGS__)
3763 #define IS_DIRECT(mr, is_write) memory_access_is_direct(mr, is_write)
3764 #define MAP_RAM(mr, ofs) (cache->ptr + (ofs - cache->xlat))
3765 #define INVALIDATE(mr, ofs, len) invalidate_and_set_dirty(mr, ofs, len)
3766 #define RCU_READ_LOCK() ((void)0)
3767 #define RCU_READ_UNLOCK() ((void)0)
3768 #include "memory_ldst.inc.c"
3770 /* virtual memory access for debug (includes writing to ROM) */
3771 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3772 uint8_t *buf, int len, int is_write)
3778 cpu_synchronize_state(cpu);
3783 page = addr & TARGET_PAGE_MASK;
3784 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3785 asidx = cpu_asidx_from_attrs(cpu, attrs);
3786 /* if no physical page mapped, return an error */
3787 if (phys_addr == -1)
3789 l = (page + TARGET_PAGE_SIZE) - addr;
3792 phys_addr += (addr & ~TARGET_PAGE_MASK);
3794 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3797 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3798 MEMTXATTRS_UNSPECIFIED,
3809 * Allows code that needs to deal with migration bitmaps etc to still be built
3810 * target independent.
3812 size_t qemu_target_page_size(void)
3814 return TARGET_PAGE_SIZE;
3817 int qemu_target_page_bits(void)
3819 return TARGET_PAGE_BITS;
3822 int qemu_target_page_bits_min(void)
3824 return TARGET_PAGE_BITS_MIN;
3829 * A helper function for the _utterly broken_ virtio device model to find out if
3830 * it's running on a big endian machine. Don't do this at home kids!
3832 bool target_words_bigendian(void);
3833 bool target_words_bigendian(void)
3835 #if defined(TARGET_WORDS_BIGENDIAN)
3842 #ifndef CONFIG_USER_ONLY
3843 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3850 mr = address_space_translate(&address_space_memory,
3851 phys_addr, &phys_addr, &l, false);
3853 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3858 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3864 RAMBLOCK_FOREACH(block) {
3865 ret = func(block->idstr, block->host, block->offset,
3866 block->used_length, opaque);
3876 * Unmap pages of memory from start to start+length such that
3877 * they a) read as 0, b) Trigger whatever fault mechanism
3878 * the OS provides for postcopy.
3879 * The pages must be unmapped by the end of the function.
3880 * Returns: 0 on success, none-0 on failure
3883 int ram_block_discard_range(RAMBlock *rb, uint64_t start, size_t length)
3887 uint8_t *host_startaddr = rb->host + start;
3889 if ((uintptr_t)host_startaddr & (rb->page_size - 1)) {
3890 error_report("ram_block_discard_range: Unaligned start address: %p",
3895 if ((start + length) <= rb->used_length) {
3896 bool need_madvise, need_fallocate;
3897 uint8_t *host_endaddr = host_startaddr + length;
3898 if ((uintptr_t)host_endaddr & (rb->page_size - 1)) {
3899 error_report("ram_block_discard_range: Unaligned end address: %p",
3904 errno = ENOTSUP; /* If we are missing MADVISE etc */
3906 /* The logic here is messy;
3907 * madvise DONTNEED fails for hugepages
3908 * fallocate works on hugepages and shmem
3910 need_madvise = (rb->page_size == qemu_host_page_size);
3911 need_fallocate = rb->fd != -1;
3912 if (need_fallocate) {
3913 /* For a file, this causes the area of the file to be zero'd
3914 * if read, and for hugetlbfs also causes it to be unmapped
3915 * so a userfault will trigger.
3917 #ifdef CONFIG_FALLOCATE_PUNCH_HOLE
3918 ret = fallocate(rb->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
3922 error_report("ram_block_discard_range: Failed to fallocate "
3923 "%s:%" PRIx64 " +%zx (%d)",
3924 rb->idstr, start, length, ret);
3929 error_report("ram_block_discard_range: fallocate not available/file"
3930 "%s:%" PRIx64 " +%zx (%d)",
3931 rb->idstr, start, length, ret);
3936 /* For normal RAM this causes it to be unmapped,
3937 * for shared memory it causes the local mapping to disappear
3938 * and to fall back on the file contents (which we just
3939 * fallocate'd away).
3941 #if defined(CONFIG_MADVISE)
3942 ret = madvise(host_startaddr, length, MADV_DONTNEED);
3945 error_report("ram_block_discard_range: Failed to discard range "
3946 "%s:%" PRIx64 " +%zx (%d)",
3947 rb->idstr, start, length, ret);
3952 error_report("ram_block_discard_range: MADVISE not available"
3953 "%s:%" PRIx64 " +%zx (%d)",
3954 rb->idstr, start, length, ret);
3958 trace_ram_block_discard_range(rb->idstr, host_startaddr, length,
3959 need_madvise, need_fallocate, ret);
3961 error_report("ram_block_discard_range: Overrun block '%s' (%" PRIu64
3962 "/%zx/" RAM_ADDR_FMT")",
3963 rb->idstr, start, length, rb->used_length);
3972 void page_size_init(void)
3974 /* NOTE: we can always suppose that qemu_host_page_size >=
3976 if (qemu_host_page_size == 0) {
3977 qemu_host_page_size = qemu_real_host_page_size;
3979 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
3980 qemu_host_page_size = TARGET_PAGE_SIZE;
3982 qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
3985 #if !defined(CONFIG_USER_ONLY)
3987 static void mtree_print_phys_entries(fprintf_function mon, void *f,
3988 int start, int end, int skip, int ptr)
3990 if (start == end - 1) {
3991 mon(f, "\t%3d ", start);
3993 mon(f, "\t%3d..%-3d ", start, end - 1);
3995 mon(f, " skip=%d ", skip);
3996 if (ptr == PHYS_MAP_NODE_NIL) {
3999 mon(f, " ptr=#%d", ptr);
4001 mon(f, " ptr=[%d]", ptr);
4006 #define MR_SIZE(size) (int128_nz(size) ? (hwaddr)int128_get64( \
4007 int128_sub((size), int128_one())) : 0)
4009 void mtree_print_dispatch(fprintf_function mon, void *f,
4010 AddressSpaceDispatch *d, MemoryRegion *root)
4014 mon(f, " Dispatch\n");
4015 mon(f, " Physical sections\n");
4017 for (i = 0; i < d->map.sections_nb; ++i) {
4018 MemoryRegionSection *s = d->map.sections + i;
4019 const char *names[] = { " [unassigned]", " [not dirty]",
4020 " [ROM]", " [watch]" };
4022 mon(f, " #%d @" TARGET_FMT_plx ".." TARGET_FMT_plx " %s%s%s%s%s",
4024 s->offset_within_address_space,
4025 s->offset_within_address_space + MR_SIZE(s->mr->size),
4026 s->mr->name ? s->mr->name : "(noname)",
4027 i < ARRAY_SIZE(names) ? names[i] : "",
4028 s->mr == root ? " [ROOT]" : "",
4029 s == d->mru_section ? " [MRU]" : "",
4030 s->mr->is_iommu ? " [iommu]" : "");
4033 mon(f, " alias=%s", s->mr->alias->name ?
4034 s->mr->alias->name : "noname");
4039 mon(f, " Nodes (%d bits per level, %d levels) ptr=[%d] skip=%d\n",
4040 P_L2_BITS, P_L2_LEVELS, d->phys_map.ptr, d->phys_map.skip);
4041 for (i = 0; i < d->map.nodes_nb; ++i) {
4044 Node *n = d->map.nodes + i;
4046 mon(f, " [%d]\n", i);
4048 for (j = 0, jprev = 0, prev = *n[0]; j < ARRAY_SIZE(*n); ++j) {
4049 PhysPageEntry *pe = *n + j;
4051 if (pe->ptr == prev.ptr && pe->skip == prev.skip) {
4055 mtree_print_phys_entries(mon, f, jprev, j, prev.skip, prev.ptr);
4061 if (jprev != ARRAY_SIZE(*n)) {
4062 mtree_print_phys_entries(mon, f, jprev, j, prev.skip, prev.ptr);
projects / qemu.git / blob