4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_UNASSIGNED
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
58 static int in_migration;
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
67 DMAContext dma_context_memory;
69 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
70 static MemoryRegion io_mem_subpage_ram;
74 CPUArchState *first_cpu;
75 /* current CPU in the current thread. It is only valid inside
77 DEFINE_TLS(CPUArchState *,cpu_single_env);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
83 #if !defined(CONFIG_USER_ONLY)
85 static MemoryRegionSection *phys_sections;
86 static unsigned phys_sections_nb, phys_sections_nb_alloc;
87 static uint16_t phys_section_unassigned;
88 static uint16_t phys_section_notdirty;
89 static uint16_t phys_section_rom;
90 static uint16_t phys_section_watch;
92 /* Simple allocator for PhysPageEntry nodes */
93 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
94 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
96 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
98 static void io_mem_init(void);
99 static void memory_map_init(void);
100 static void *qemu_safe_ram_ptr(ram_addr_t addr);
102 static MemoryRegion io_mem_watch;
105 #if !defined(CONFIG_USER_ONLY)
107 static void phys_map_node_reserve(unsigned nodes)
109 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
110 typedef PhysPageEntry Node[L2_SIZE];
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
112 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
113 phys_map_nodes_nb + nodes);
114 phys_map_nodes = g_renew(Node, phys_map_nodes,
115 phys_map_nodes_nb_alloc);
119 static uint16_t phys_map_node_alloc(void)
124 ret = phys_map_nodes_nb++;
125 assert(ret != PHYS_MAP_NODE_NIL);
126 assert(ret != phys_map_nodes_nb_alloc);
127 for (i = 0; i < L2_SIZE; ++i) {
128 phys_map_nodes[ret][i].is_leaf = 0;
129 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
134 static void phys_map_nodes_reset(void)
136 phys_map_nodes_nb = 0;
140 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
141 hwaddr *nb, uint16_t leaf,
146 hwaddr step = (hwaddr)1 << (level * L2_BITS);
148 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
149 lp->ptr = phys_map_node_alloc();
150 p = phys_map_nodes[lp->ptr];
152 for (i = 0; i < L2_SIZE; i++) {
154 p[i].ptr = phys_section_unassigned;
158 p = phys_map_nodes[lp->ptr];
160 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
162 while (*nb && lp < &p[L2_SIZE]) {
163 if ((*index & (step - 1)) == 0 && *nb >= step) {
169 phys_page_set_level(lp, index, nb, leaf, level - 1);
175 static void phys_page_set(AddressSpaceDispatch *d,
176 hwaddr index, hwaddr nb,
179 /* Wildly overreserve - it doesn't matter much. */
180 phys_map_node_reserve(3 * P_L2_LEVELS);
182 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
185 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
187 PhysPageEntry lp = d->phys_map;
190 uint16_t s_index = phys_section_unassigned;
192 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
193 if (lp.ptr == PHYS_MAP_NODE_NIL) {
196 p = phys_map_nodes[lp.ptr];
197 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
202 return &phys_sections[s_index];
205 bool memory_region_is_unassigned(MemoryRegion *mr)
207 return mr != &io_mem_ram && mr != &io_mem_rom
208 && mr != &io_mem_notdirty && !mr->rom_device
209 && mr != &io_mem_watch;
213 void cpu_exec_init_all(void)
215 #if !defined(CONFIG_USER_ONLY)
221 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
223 static int cpu_common_post_load(void *opaque, int version_id)
225 CPUArchState *env = opaque;
227 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
228 version_id is increased. */
229 env->interrupt_request &= ~0x01;
235 static const VMStateDescription vmstate_cpu_common = {
236 .name = "cpu_common",
238 .minimum_version_id = 1,
239 .minimum_version_id_old = 1,
240 .post_load = cpu_common_post_load,
241 .fields = (VMStateField []) {
242 VMSTATE_UINT32(halted, CPUArchState),
243 VMSTATE_UINT32(interrupt_request, CPUArchState),
244 VMSTATE_END_OF_LIST()
249 CPUArchState *qemu_get_cpu(int cpu)
251 CPUArchState *env = first_cpu;
254 if (env->cpu_index == cpu)
262 void cpu_exec_init(CPUArchState *env)
264 #ifndef CONFIG_USER_ONLY
265 CPUState *cpu = ENV_GET_CPU(env);
270 #if defined(CONFIG_USER_ONLY)
273 env->next_cpu = NULL;
276 while (*penv != NULL) {
277 penv = &(*penv)->next_cpu;
280 env->cpu_index = cpu_index;
282 QTAILQ_INIT(&env->breakpoints);
283 QTAILQ_INIT(&env->watchpoints);
284 #ifndef CONFIG_USER_ONLY
285 cpu->thread_id = qemu_get_thread_id();
288 #if defined(CONFIG_USER_ONLY)
291 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
292 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
293 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
294 cpu_save, cpu_load, env);
298 #if defined(TARGET_HAS_ICE)
299 #if defined(CONFIG_USER_ONLY)
300 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
302 tb_invalidate_phys_page_range(pc, pc + 1, 0);
305 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
307 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
308 (pc & ~TARGET_PAGE_MASK));
311 #endif /* TARGET_HAS_ICE */
313 #if defined(CONFIG_USER_ONLY)
314 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
319 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
320 int flags, CPUWatchpoint **watchpoint)
325 /* Add a watchpoint. */
326 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
327 int flags, CPUWatchpoint **watchpoint)
329 target_ulong len_mask = ~(len - 1);
332 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
333 if ((len & (len - 1)) || (addr & ~len_mask) ||
334 len == 0 || len > TARGET_PAGE_SIZE) {
335 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
336 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
339 wp = g_malloc(sizeof(*wp));
342 wp->len_mask = len_mask;
345 /* keep all GDB-injected watchpoints in front */
347 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
349 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
351 tlb_flush_page(env, addr);
358 /* Remove a specific watchpoint. */
359 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
362 target_ulong len_mask = ~(len - 1);
365 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
366 if (addr == wp->vaddr && len_mask == wp->len_mask
367 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
368 cpu_watchpoint_remove_by_ref(env, wp);
375 /* Remove a specific watchpoint by reference. */
376 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
378 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
380 tlb_flush_page(env, watchpoint->vaddr);
385 /* Remove all matching watchpoints. */
386 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
388 CPUWatchpoint *wp, *next;
390 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
391 if (wp->flags & mask)
392 cpu_watchpoint_remove_by_ref(env, wp);
397 /* Add a breakpoint. */
398 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
399 CPUBreakpoint **breakpoint)
401 #if defined(TARGET_HAS_ICE)
404 bp = g_malloc(sizeof(*bp));
409 /* keep all GDB-injected breakpoints in front */
411 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
413 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
415 breakpoint_invalidate(env, pc);
425 /* Remove a specific breakpoint. */
426 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
428 #if defined(TARGET_HAS_ICE)
431 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
432 if (bp->pc == pc && bp->flags == flags) {
433 cpu_breakpoint_remove_by_ref(env, bp);
443 /* Remove a specific breakpoint by reference. */
444 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
446 #if defined(TARGET_HAS_ICE)
447 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
449 breakpoint_invalidate(env, breakpoint->pc);
455 /* Remove all matching breakpoints. */
456 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
458 #if defined(TARGET_HAS_ICE)
459 CPUBreakpoint *bp, *next;
461 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
462 if (bp->flags & mask)
463 cpu_breakpoint_remove_by_ref(env, bp);
468 /* enable or disable single step mode. EXCP_DEBUG is returned by the
469 CPU loop after each instruction */
470 void cpu_single_step(CPUArchState *env, int enabled)
472 #if defined(TARGET_HAS_ICE)
473 if (env->singlestep_enabled != enabled) {
474 env->singlestep_enabled = enabled;
476 kvm_update_guest_debug(env, 0);
478 /* must flush all the translated code to avoid inconsistencies */
479 /* XXX: only flush what is necessary */
486 void cpu_reset_interrupt(CPUArchState *env, int mask)
488 env->interrupt_request &= ~mask;
491 void cpu_exit(CPUArchState *env)
493 env->exit_request = 1;
497 void cpu_abort(CPUArchState *env, const char *fmt, ...)
504 fprintf(stderr, "qemu: fatal: ");
505 vfprintf(stderr, fmt, ap);
506 fprintf(stderr, "\n");
507 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
508 if (qemu_log_enabled()) {
509 qemu_log("qemu: fatal: ");
510 qemu_log_vprintf(fmt, ap2);
512 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
518 #if defined(CONFIG_USER_ONLY)
520 struct sigaction act;
521 sigfillset(&act.sa_mask);
522 act.sa_handler = SIG_DFL;
523 sigaction(SIGABRT, &act, NULL);
529 CPUArchState *cpu_copy(CPUArchState *env)
531 CPUArchState *new_env = cpu_init(env->cpu_model_str);
532 CPUArchState *next_cpu = new_env->next_cpu;
533 int cpu_index = new_env->cpu_index;
534 #if defined(TARGET_HAS_ICE)
539 memcpy(new_env, env, sizeof(CPUArchState));
541 /* Preserve chaining and index. */
542 new_env->next_cpu = next_cpu;
543 new_env->cpu_index = cpu_index;
545 /* Clone all break/watchpoints.
546 Note: Once we support ptrace with hw-debug register access, make sure
547 BP_CPU break/watchpoints are handled correctly on clone. */
548 QTAILQ_INIT(&env->breakpoints);
549 QTAILQ_INIT(&env->watchpoints);
550 #if defined(TARGET_HAS_ICE)
551 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
552 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
554 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
555 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
563 #if !defined(CONFIG_USER_ONLY)
564 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
569 /* we modify the TLB cache so that the dirty bit will be set again
570 when accessing the range */
571 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
572 /* Check that we don't span multiple blocks - this breaks the
573 address comparisons below. */
574 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
575 != (end - 1) - start) {
578 cpu_tlb_reset_dirty_all(start1, length);
582 /* Note: start and end must be within the same ram block. */
583 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
588 start &= TARGET_PAGE_MASK;
589 end = TARGET_PAGE_ALIGN(end);
591 length = end - start;
594 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
597 tlb_reset_dirty_range_all(start, end, length);
601 static int cpu_physical_memory_set_dirty_tracking(int enable)
604 in_migration = enable;
608 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
609 MemoryRegionSection *section,
613 target_ulong *address)
618 if (memory_region_is_ram(section->mr)) {
620 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
621 + memory_region_section_addr(section, paddr);
622 if (!section->readonly) {
623 iotlb |= phys_section_notdirty;
625 iotlb |= phys_section_rom;
628 /* IO handlers are currently passed a physical address.
629 It would be nice to pass an offset from the base address
630 of that region. This would avoid having to special case RAM,
631 and avoid full address decoding in every device.
632 We can't use the high bits of pd for this because
633 IO_MEM_ROMD uses these as a ram address. */
634 iotlb = section - phys_sections;
635 iotlb += memory_region_section_addr(section, paddr);
638 /* Make accesses to pages with watchpoints go via the
639 watchpoint trap routines. */
640 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
641 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
642 /* Avoid trapping reads of pages with a write breakpoint. */
643 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
644 iotlb = phys_section_watch + paddr;
645 *address |= TLB_MMIO;
653 #endif /* defined(CONFIG_USER_ONLY) */
655 #if !defined(CONFIG_USER_ONLY)
657 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
658 typedef struct subpage_t {
661 uint16_t sub_section[TARGET_PAGE_SIZE];
664 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
666 static subpage_t *subpage_init(hwaddr base);
667 static void destroy_page_desc(uint16_t section_index)
669 MemoryRegionSection *section = &phys_sections[section_index];
670 MemoryRegion *mr = section->mr;
673 subpage_t *subpage = container_of(mr, subpage_t, iomem);
674 memory_region_destroy(&subpage->iomem);
679 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
684 if (lp->ptr == PHYS_MAP_NODE_NIL) {
688 p = phys_map_nodes[lp->ptr];
689 for (i = 0; i < L2_SIZE; ++i) {
691 destroy_l2_mapping(&p[i], level - 1);
693 destroy_page_desc(p[i].ptr);
697 lp->ptr = PHYS_MAP_NODE_NIL;
700 static void destroy_all_mappings(AddressSpaceDispatch *d)
702 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
703 phys_map_nodes_reset();
706 static uint16_t phys_section_add(MemoryRegionSection *section)
708 if (phys_sections_nb == phys_sections_nb_alloc) {
709 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
710 phys_sections = g_renew(MemoryRegionSection, phys_sections,
711 phys_sections_nb_alloc);
713 phys_sections[phys_sections_nb] = *section;
714 return phys_sections_nb++;
717 static void phys_sections_clear(void)
719 phys_sections_nb = 0;
722 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
725 hwaddr base = section->offset_within_address_space
727 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
728 MemoryRegionSection subsection = {
729 .offset_within_address_space = base,
730 .size = TARGET_PAGE_SIZE,
734 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
736 if (!(existing->mr->subpage)) {
737 subpage = subpage_init(base);
738 subsection.mr = &subpage->iomem;
739 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
740 phys_section_add(&subsection));
742 subpage = container_of(existing->mr, subpage_t, iomem);
744 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
745 end = start + section->size - 1;
746 subpage_register(subpage, start, end, phys_section_add(section));
750 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
752 hwaddr start_addr = section->offset_within_address_space;
753 ram_addr_t size = section->size;
755 uint16_t section_index = phys_section_add(section);
760 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
764 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
766 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
767 MemoryRegionSection now = *section, remain = *section;
769 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
770 || (now.size < TARGET_PAGE_SIZE)) {
771 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
772 - now.offset_within_address_space,
774 register_subpage(d, &now);
775 remain.size -= now.size;
776 remain.offset_within_address_space += now.size;
777 remain.offset_within_region += now.size;
779 while (remain.size >= TARGET_PAGE_SIZE) {
781 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
782 now.size = TARGET_PAGE_SIZE;
783 register_subpage(d, &now);
785 now.size &= TARGET_PAGE_MASK;
786 register_multipage(d, &now);
788 remain.size -= now.size;
789 remain.offset_within_address_space += now.size;
790 remain.offset_within_region += now.size;
794 register_subpage(d, &now);
798 void qemu_flush_coalesced_mmio_buffer(void)
801 kvm_flush_coalesced_mmio_buffer();
804 #if defined(__linux__) && !defined(TARGET_S390X)
808 #define HUGETLBFS_MAGIC 0x958458f6
810 static long gethugepagesize(const char *path)
816 ret = statfs(path, &fs);
817 } while (ret != 0 && errno == EINTR);
824 if (fs.f_type != HUGETLBFS_MAGIC)
825 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
830 static void *file_ram_alloc(RAMBlock *block,
840 unsigned long hpagesize;
842 hpagesize = gethugepagesize(path);
847 if (memory < hpagesize) {
851 if (kvm_enabled() && !kvm_has_sync_mmu()) {
852 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
856 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
860 fd = mkstemp(filename);
862 perror("unable to create backing store for hugepages");
869 memory = (memory+hpagesize-1) & ~(hpagesize-1);
872 * ftruncate is not supported by hugetlbfs in older
873 * hosts, so don't bother bailing out on errors.
874 * If anything goes wrong with it under other filesystems,
877 if (ftruncate(fd, memory))
881 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
882 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
883 * to sidestep this quirk.
885 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
886 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
888 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
890 if (area == MAP_FAILED) {
891 perror("file_ram_alloc: can't mmap RAM pages");
900 static ram_addr_t find_ram_offset(ram_addr_t size)
902 RAMBlock *block, *next_block;
903 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
905 if (QTAILQ_EMPTY(&ram_list.blocks))
908 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
909 ram_addr_t end, next = RAM_ADDR_MAX;
911 end = block->offset + block->length;
913 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
914 if (next_block->offset >= end) {
915 next = MIN(next, next_block->offset);
918 if (next - end >= size && next - end < mingap) {
924 if (offset == RAM_ADDR_MAX) {
925 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
933 ram_addr_t last_ram_offset(void)
938 QTAILQ_FOREACH(block, &ram_list.blocks, next)
939 last = MAX(last, block->offset + block->length);
944 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
947 QemuOpts *machine_opts;
949 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
950 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
952 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
953 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
955 perror("qemu_madvise");
956 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
957 "but dump_guest_core=off specified\n");
962 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
964 RAMBlock *new_block, *block;
967 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
968 if (block->offset == addr) {
974 assert(!new_block->idstr[0]);
977 char *id = qdev_get_dev_path(dev);
979 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
983 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
985 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
986 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
987 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
994 static int memory_try_enable_merging(void *addr, size_t len)
998 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
999 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1000 /* disabled by the user */
1004 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1007 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1010 RAMBlock *block, *new_block;
1012 size = TARGET_PAGE_ALIGN(size);
1013 new_block = g_malloc0(sizeof(*new_block));
1016 new_block->offset = find_ram_offset(size);
1018 new_block->host = host;
1019 new_block->flags |= RAM_PREALLOC_MASK;
1022 #if defined (__linux__) && !defined(TARGET_S390X)
1023 new_block->host = file_ram_alloc(new_block, size, mem_path);
1024 if (!new_block->host) {
1025 new_block->host = qemu_vmalloc(size);
1026 memory_try_enable_merging(new_block->host, size);
1029 fprintf(stderr, "-mem-path option unsupported\n");
1033 if (xen_enabled()) {
1034 xen_ram_alloc(new_block->offset, size, mr);
1035 } else if (kvm_enabled()) {
1036 /* some s390/kvm configurations have special constraints */
1037 new_block->host = kvm_vmalloc(size);
1039 new_block->host = qemu_vmalloc(size);
1041 memory_try_enable_merging(new_block->host, size);
1044 new_block->length = size;
1046 /* Keep the list sorted from biggest to smallest block. */
1047 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1048 if (block->length < new_block->length) {
1053 QTAILQ_INSERT_BEFORE(block, new_block, next);
1055 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1057 ram_list.mru_block = NULL;
1059 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1060 last_ram_offset() >> TARGET_PAGE_BITS);
1061 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1062 0, size >> TARGET_PAGE_BITS);
1063 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1065 qemu_ram_setup_dump(new_block->host, size);
1066 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1069 kvm_setup_guest_memory(new_block->host, size);
1071 return new_block->offset;
1074 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1076 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1079 void qemu_ram_free_from_ptr(ram_addr_t addr)
1083 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1084 if (addr == block->offset) {
1085 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1086 ram_list.mru_block = NULL;
1093 void qemu_ram_free(ram_addr_t addr)
1097 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1098 if (addr == block->offset) {
1099 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1100 ram_list.mru_block = NULL;
1101 if (block->flags & RAM_PREALLOC_MASK) {
1103 } else if (mem_path) {
1104 #if defined (__linux__) && !defined(TARGET_S390X)
1106 munmap(block->host, block->length);
1109 qemu_vfree(block->host);
1115 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1116 munmap(block->host, block->length);
1118 if (xen_enabled()) {
1119 xen_invalidate_map_cache_entry(block->host);
1121 qemu_vfree(block->host);
1133 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1140 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1141 offset = addr - block->offset;
1142 if (offset < block->length) {
1143 vaddr = block->host + offset;
1144 if (block->flags & RAM_PREALLOC_MASK) {
1148 munmap(vaddr, length);
1150 #if defined(__linux__) && !defined(TARGET_S390X)
1153 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1156 flags |= MAP_PRIVATE;
1158 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1159 flags, block->fd, offset);
1161 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1162 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1169 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1170 flags |= MAP_SHARED | MAP_ANONYMOUS;
1171 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1174 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1175 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1179 if (area != vaddr) {
1180 fprintf(stderr, "Could not remap addr: "
1181 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1185 memory_try_enable_merging(vaddr, length);
1186 qemu_ram_setup_dump(vaddr, length);
1192 #endif /* !_WIN32 */
1194 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1195 With the exception of the softmmu code in this file, this should
1196 only be used for local memory (e.g. video ram) that the device owns,
1197 and knows it isn't going to access beyond the end of the block.
1199 It should not be used for general purpose DMA.
1200 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1202 void *qemu_get_ram_ptr(ram_addr_t addr)
1206 block = ram_list.mru_block;
1207 if (block && addr - block->offset < block->length) {
1210 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1211 if (addr - block->offset < block->length) {
1216 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1220 ram_list.mru_block = block;
1221 if (xen_enabled()) {
1222 /* We need to check if the requested address is in the RAM
1223 * because we don't want to map the entire memory in QEMU.
1224 * In that case just map until the end of the page.
1226 if (block->offset == 0) {
1227 return xen_map_cache(addr, 0, 0);
1228 } else if (block->host == NULL) {
1230 xen_map_cache(block->offset, block->length, 1);
1233 return block->host + (addr - block->offset);
1236 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1237 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1239 * ??? Is this still necessary?
1241 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1245 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1246 if (addr - block->offset < block->length) {
1247 if (xen_enabled()) {
1248 /* We need to check if the requested address is in the RAM
1249 * because we don't want to map the entire memory in QEMU.
1250 * In that case just map until the end of the page.
1252 if (block->offset == 0) {
1253 return xen_map_cache(addr, 0, 0);
1254 } else if (block->host == NULL) {
1256 xen_map_cache(block->offset, block->length, 1);
1259 return block->host + (addr - block->offset);
1263 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1269 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1270 * but takes a size argument */
1271 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1276 if (xen_enabled()) {
1277 return xen_map_cache(addr, *size, 1);
1281 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1282 if (addr - block->offset < block->length) {
1283 if (addr - block->offset + *size > block->length)
1284 *size = block->length - addr + block->offset;
1285 return block->host + (addr - block->offset);
1289 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1294 void qemu_put_ram_ptr(void *addr)
1296 trace_qemu_put_ram_ptr(addr);
1299 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1302 uint8_t *host = ptr;
1304 if (xen_enabled()) {
1305 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1309 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1310 /* This case append when the block is not mapped. */
1311 if (block->host == NULL) {
1314 if (host - block->host < block->length) {
1315 *ram_addr = block->offset + (host - block->host);
1323 /* Some of the softmmu routines need to translate from a host pointer
1324 (typically a TLB entry) back to a ram offset. */
1325 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1327 ram_addr_t ram_addr;
1329 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1330 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1336 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1339 #ifdef DEBUG_UNASSIGNED
1340 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1342 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1343 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1348 static void unassigned_mem_write(void *opaque, hwaddr addr,
1349 uint64_t val, unsigned size)
1351 #ifdef DEBUG_UNASSIGNED
1352 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1354 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1355 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1359 static const MemoryRegionOps unassigned_mem_ops = {
1360 .read = unassigned_mem_read,
1361 .write = unassigned_mem_write,
1362 .endianness = DEVICE_NATIVE_ENDIAN,
1365 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1371 static void error_mem_write(void *opaque, hwaddr addr,
1372 uint64_t value, unsigned size)
1377 static const MemoryRegionOps error_mem_ops = {
1378 .read = error_mem_read,
1379 .write = error_mem_write,
1380 .endianness = DEVICE_NATIVE_ENDIAN,
1383 static const MemoryRegionOps rom_mem_ops = {
1384 .read = error_mem_read,
1385 .write = unassigned_mem_write,
1386 .endianness = DEVICE_NATIVE_ENDIAN,
1389 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1390 uint64_t val, unsigned size)
1393 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1394 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1395 #if !defined(CONFIG_USER_ONLY)
1396 tb_invalidate_phys_page_fast(ram_addr, size);
1397 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1402 stb_p(qemu_get_ram_ptr(ram_addr), val);
1405 stw_p(qemu_get_ram_ptr(ram_addr), val);
1408 stl_p(qemu_get_ram_ptr(ram_addr), val);
1413 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1414 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1415 /* we remove the notdirty callback only if the code has been
1417 if (dirty_flags == 0xff)
1418 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1421 static const MemoryRegionOps notdirty_mem_ops = {
1422 .read = error_mem_read,
1423 .write = notdirty_mem_write,
1424 .endianness = DEVICE_NATIVE_ENDIAN,
1427 /* Generate a debug exception if a watchpoint has been hit. */
1428 static void check_watchpoint(int offset, int len_mask, int flags)
1430 CPUArchState *env = cpu_single_env;
1431 target_ulong pc, cs_base;
1436 if (env->watchpoint_hit) {
1437 /* We re-entered the check after replacing the TB. Now raise
1438 * the debug interrupt so that is will trigger after the
1439 * current instruction. */
1440 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
1443 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1444 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1445 if ((vaddr == (wp->vaddr & len_mask) ||
1446 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1447 wp->flags |= BP_WATCHPOINT_HIT;
1448 if (!env->watchpoint_hit) {
1449 env->watchpoint_hit = wp;
1450 tb_check_watchpoint(env);
1451 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1452 env->exception_index = EXCP_DEBUG;
1455 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1456 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1457 cpu_resume_from_signal(env, NULL);
1461 wp->flags &= ~BP_WATCHPOINT_HIT;
1466 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1467 so these check for a hit then pass through to the normal out-of-line
1469 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1472 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1474 case 1: return ldub_phys(addr);
1475 case 2: return lduw_phys(addr);
1476 case 4: return ldl_phys(addr);
1481 static void watch_mem_write(void *opaque, hwaddr addr,
1482 uint64_t val, unsigned size)
1484 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1487 stb_phys(addr, val);
1490 stw_phys(addr, val);
1493 stl_phys(addr, val);
1499 static const MemoryRegionOps watch_mem_ops = {
1500 .read = watch_mem_read,
1501 .write = watch_mem_write,
1502 .endianness = DEVICE_NATIVE_ENDIAN,
1505 static uint64_t subpage_read(void *opaque, hwaddr addr,
1508 subpage_t *mmio = opaque;
1509 unsigned int idx = SUBPAGE_IDX(addr);
1510 MemoryRegionSection *section;
1511 #if defined(DEBUG_SUBPAGE)
1512 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1513 mmio, len, addr, idx);
1516 section = &phys_sections[mmio->sub_section[idx]];
1518 addr -= section->offset_within_address_space;
1519 addr += section->offset_within_region;
1520 return io_mem_read(section->mr, addr, len);
1523 static void subpage_write(void *opaque, hwaddr addr,
1524 uint64_t value, unsigned len)
1526 subpage_t *mmio = opaque;
1527 unsigned int idx = SUBPAGE_IDX(addr);
1528 MemoryRegionSection *section;
1529 #if defined(DEBUG_SUBPAGE)
1530 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1531 " idx %d value %"PRIx64"\n",
1532 __func__, mmio, len, addr, idx, value);
1535 section = &phys_sections[mmio->sub_section[idx]];
1537 addr -= section->offset_within_address_space;
1538 addr += section->offset_within_region;
1539 io_mem_write(section->mr, addr, value, len);
1542 static const MemoryRegionOps subpage_ops = {
1543 .read = subpage_read,
1544 .write = subpage_write,
1545 .endianness = DEVICE_NATIVE_ENDIAN,
1548 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1551 ram_addr_t raddr = addr;
1552 void *ptr = qemu_get_ram_ptr(raddr);
1554 case 1: return ldub_p(ptr);
1555 case 2: return lduw_p(ptr);
1556 case 4: return ldl_p(ptr);
1561 static void subpage_ram_write(void *opaque, hwaddr addr,
1562 uint64_t value, unsigned size)
1564 ram_addr_t raddr = addr;
1565 void *ptr = qemu_get_ram_ptr(raddr);
1567 case 1: return stb_p(ptr, value);
1568 case 2: return stw_p(ptr, value);
1569 case 4: return stl_p(ptr, value);
1574 static const MemoryRegionOps subpage_ram_ops = {
1575 .read = subpage_ram_read,
1576 .write = subpage_ram_write,
1577 .endianness = DEVICE_NATIVE_ENDIAN,
1580 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1585 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1587 idx = SUBPAGE_IDX(start);
1588 eidx = SUBPAGE_IDX(end);
1589 #if defined(DEBUG_SUBPAGE)
1590 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1591 mmio, start, end, idx, eidx, memory);
1593 if (memory_region_is_ram(phys_sections[section].mr)) {
1594 MemoryRegionSection new_section = phys_sections[section];
1595 new_section.mr = &io_mem_subpage_ram;
1596 section = phys_section_add(&new_section);
1598 for (; idx <= eidx; idx++) {
1599 mmio->sub_section[idx] = section;
1605 static subpage_t *subpage_init(hwaddr base)
1609 mmio = g_malloc0(sizeof(subpage_t));
1612 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1613 "subpage", TARGET_PAGE_SIZE);
1614 mmio->iomem.subpage = true;
1615 #if defined(DEBUG_SUBPAGE)
1616 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1617 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1619 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1624 static uint16_t dummy_section(MemoryRegion *mr)
1626 MemoryRegionSection section = {
1628 .offset_within_address_space = 0,
1629 .offset_within_region = 0,
1633 return phys_section_add(§ion);
1636 MemoryRegion *iotlb_to_region(hwaddr index)
1638 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1641 static void io_mem_init(void)
1643 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
1644 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1645 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1646 "unassigned", UINT64_MAX);
1647 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1648 "notdirty", UINT64_MAX);
1649 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1650 "subpage-ram", UINT64_MAX);
1651 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1652 "watch", UINT64_MAX);
1655 static void mem_begin(MemoryListener *listener)
1657 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1659 destroy_all_mappings(d);
1660 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1663 static void core_begin(MemoryListener *listener)
1665 phys_sections_clear();
1666 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1667 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1668 phys_section_rom = dummy_section(&io_mem_rom);
1669 phys_section_watch = dummy_section(&io_mem_watch);
1672 static void tcg_commit(MemoryListener *listener)
1676 /* since each CPU stores ram addresses in its TLB cache, we must
1677 reset the modified entries */
1679 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1684 static void core_log_global_start(MemoryListener *listener)
1686 cpu_physical_memory_set_dirty_tracking(1);
1689 static void core_log_global_stop(MemoryListener *listener)
1691 cpu_physical_memory_set_dirty_tracking(0);
1694 static void io_region_add(MemoryListener *listener,
1695 MemoryRegionSection *section)
1697 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1699 mrio->mr = section->mr;
1700 mrio->offset = section->offset_within_region;
1701 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1702 section->offset_within_address_space, section->size);
1703 ioport_register(&mrio->iorange);
1706 static void io_region_del(MemoryListener *listener,
1707 MemoryRegionSection *section)
1709 isa_unassign_ioport(section->offset_within_address_space, section->size);
1712 static MemoryListener core_memory_listener = {
1713 .begin = core_begin,
1714 .log_global_start = core_log_global_start,
1715 .log_global_stop = core_log_global_stop,
1719 static MemoryListener io_memory_listener = {
1720 .region_add = io_region_add,
1721 .region_del = io_region_del,
1725 static MemoryListener tcg_memory_listener = {
1726 .commit = tcg_commit,
1729 void address_space_init_dispatch(AddressSpace *as)
1731 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1733 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1734 d->listener = (MemoryListener) {
1736 .region_add = mem_add,
1737 .region_nop = mem_add,
1741 memory_listener_register(&d->listener, as);
1744 void address_space_destroy_dispatch(AddressSpace *as)
1746 AddressSpaceDispatch *d = as->dispatch;
1748 memory_listener_unregister(&d->listener);
1749 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1751 as->dispatch = NULL;
1754 static void memory_map_init(void)
1756 system_memory = g_malloc(sizeof(*system_memory));
1757 memory_region_init(system_memory, "system", INT64_MAX);
1758 address_space_init(&address_space_memory, system_memory);
1759 address_space_memory.name = "memory";
1761 system_io = g_malloc(sizeof(*system_io));
1762 memory_region_init(system_io, "io", 65536);
1763 address_space_init(&address_space_io, system_io);
1764 address_space_io.name = "I/O";
1766 memory_listener_register(&core_memory_listener, &address_space_memory);
1767 memory_listener_register(&io_memory_listener, &address_space_io);
1768 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1770 dma_context_init(&dma_context_memory, &address_space_memory,
1774 MemoryRegion *get_system_memory(void)
1776 return system_memory;
1779 MemoryRegion *get_system_io(void)
1784 #endif /* !defined(CONFIG_USER_ONLY) */
1786 /* physical memory access (slow version, mainly for debug) */
1787 #if defined(CONFIG_USER_ONLY)
1788 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1789 uint8_t *buf, int len, int is_write)
1796 page = addr & TARGET_PAGE_MASK;
1797 l = (page + TARGET_PAGE_SIZE) - addr;
1800 flags = page_get_flags(page);
1801 if (!(flags & PAGE_VALID))
1804 if (!(flags & PAGE_WRITE))
1806 /* XXX: this code should not depend on lock_user */
1807 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1810 unlock_user(p, addr, l);
1812 if (!(flags & PAGE_READ))
1814 /* XXX: this code should not depend on lock_user */
1815 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1818 unlock_user(p, addr, 0);
1829 static void invalidate_and_set_dirty(hwaddr addr,
1832 if (!cpu_physical_memory_is_dirty(addr)) {
1833 /* invalidate code */
1834 tb_invalidate_phys_page_range(addr, addr + length, 0);
1836 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1838 xen_modified_memory(addr, length);
1841 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1842 int len, bool is_write)
1844 AddressSpaceDispatch *d = as->dispatch;
1849 MemoryRegionSection *section;
1852 page = addr & TARGET_PAGE_MASK;
1853 l = (page + TARGET_PAGE_SIZE) - addr;
1856 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1859 if (!memory_region_is_ram(section->mr)) {
1861 addr1 = memory_region_section_addr(section, addr);
1862 /* XXX: could force cpu_single_env to NULL to avoid
1864 if (l >= 4 && ((addr1 & 3) == 0)) {
1865 /* 32 bit write access */
1867 io_mem_write(section->mr, addr1, val, 4);
1869 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1870 /* 16 bit write access */
1872 io_mem_write(section->mr, addr1, val, 2);
1875 /* 8 bit write access */
1877 io_mem_write(section->mr, addr1, val, 1);
1880 } else if (!section->readonly) {
1882 addr1 = memory_region_get_ram_addr(section->mr)
1883 + memory_region_section_addr(section, addr);
1885 ptr = qemu_get_ram_ptr(addr1);
1886 memcpy(ptr, buf, l);
1887 invalidate_and_set_dirty(addr1, l);
1888 qemu_put_ram_ptr(ptr);
1891 if (!(memory_region_is_ram(section->mr) ||
1892 memory_region_is_romd(section->mr))) {
1895 addr1 = memory_region_section_addr(section, addr);
1896 if (l >= 4 && ((addr1 & 3) == 0)) {
1897 /* 32 bit read access */
1898 val = io_mem_read(section->mr, addr1, 4);
1901 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1902 /* 16 bit read access */
1903 val = io_mem_read(section->mr, addr1, 2);
1907 /* 8 bit read access */
1908 val = io_mem_read(section->mr, addr1, 1);
1914 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1915 + memory_region_section_addr(section,
1917 memcpy(buf, ptr, l);
1918 qemu_put_ram_ptr(ptr);
1927 void address_space_write(AddressSpace *as, hwaddr addr,
1928 const uint8_t *buf, int len)
1930 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1934 * address_space_read: read from an address space.
1936 * @as: #AddressSpace to be accessed
1937 * @addr: address within that address space
1938 * @buf: buffer with the data transferred
1940 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1942 address_space_rw(as, addr, buf, len, false);
1946 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1947 int len, int is_write)
1949 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1952 /* used for ROM loading : can write in RAM and ROM */
1953 void cpu_physical_memory_write_rom(hwaddr addr,
1954 const uint8_t *buf, int len)
1956 AddressSpaceDispatch *d = address_space_memory.dispatch;
1960 MemoryRegionSection *section;
1963 page = addr & TARGET_PAGE_MASK;
1964 l = (page + TARGET_PAGE_SIZE) - addr;
1967 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1969 if (!(memory_region_is_ram(section->mr) ||
1970 memory_region_is_romd(section->mr))) {
1973 unsigned long addr1;
1974 addr1 = memory_region_get_ram_addr(section->mr)
1975 + memory_region_section_addr(section, addr);
1977 ptr = qemu_get_ram_ptr(addr1);
1978 memcpy(ptr, buf, l);
1979 invalidate_and_set_dirty(addr1, l);
1980 qemu_put_ram_ptr(ptr);
1994 static BounceBuffer bounce;
1996 typedef struct MapClient {
1998 void (*callback)(void *opaque);
1999 QLIST_ENTRY(MapClient) link;
2002 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2003 = QLIST_HEAD_INITIALIZER(map_client_list);
2005 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2007 MapClient *client = g_malloc(sizeof(*client));
2009 client->opaque = opaque;
2010 client->callback = callback;
2011 QLIST_INSERT_HEAD(&map_client_list, client, link);
2015 static void cpu_unregister_map_client(void *_client)
2017 MapClient *client = (MapClient *)_client;
2019 QLIST_REMOVE(client, link);
2023 static void cpu_notify_map_clients(void)
2027 while (!QLIST_EMPTY(&map_client_list)) {
2028 client = QLIST_FIRST(&map_client_list);
2029 client->callback(client->opaque);
2030 cpu_unregister_map_client(client);
2034 /* Map a physical memory region into a host virtual address.
2035 * May map a subset of the requested range, given by and returned in *plen.
2036 * May return NULL if resources needed to perform the mapping are exhausted.
2037 * Use only for reads OR writes - not for read-modify-write operations.
2038 * Use cpu_register_map_client() to know when retrying the map operation is
2039 * likely to succeed.
2041 void *address_space_map(AddressSpace *as,
2046 AddressSpaceDispatch *d = as->dispatch;
2051 MemoryRegionSection *section;
2052 ram_addr_t raddr = RAM_ADDR_MAX;
2057 page = addr & TARGET_PAGE_MASK;
2058 l = (page + TARGET_PAGE_SIZE) - addr;
2061 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2063 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2064 if (todo || bounce.buffer) {
2067 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2071 address_space_read(as, addr, bounce.buffer, l);
2075 return bounce.buffer;
2078 raddr = memory_region_get_ram_addr(section->mr)
2079 + memory_region_section_addr(section, addr);
2087 ret = qemu_ram_ptr_length(raddr, &rlen);
2092 /* Unmaps a memory region previously mapped by address_space_map().
2093 * Will also mark the memory as dirty if is_write == 1. access_len gives
2094 * the amount of memory that was actually read or written by the caller.
2096 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2097 int is_write, hwaddr access_len)
2099 if (buffer != bounce.buffer) {
2101 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2102 while (access_len) {
2104 l = TARGET_PAGE_SIZE;
2107 invalidate_and_set_dirty(addr1, l);
2112 if (xen_enabled()) {
2113 xen_invalidate_map_cache_entry(buffer);
2118 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2120 qemu_vfree(bounce.buffer);
2121 bounce.buffer = NULL;
2122 cpu_notify_map_clients();
2125 void *cpu_physical_memory_map(hwaddr addr,
2129 return address_space_map(&address_space_memory, addr, plen, is_write);
2132 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2133 int is_write, hwaddr access_len)
2135 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2138 /* warning: addr must be aligned */
2139 static inline uint32_t ldl_phys_internal(hwaddr addr,
2140 enum device_endian endian)
2144 MemoryRegionSection *section;
2146 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2148 if (!(memory_region_is_ram(section->mr) ||
2149 memory_region_is_romd(section->mr))) {
2151 addr = memory_region_section_addr(section, addr);
2152 val = io_mem_read(section->mr, addr, 4);
2153 #if defined(TARGET_WORDS_BIGENDIAN)
2154 if (endian == DEVICE_LITTLE_ENDIAN) {
2158 if (endian == DEVICE_BIG_ENDIAN) {
2164 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2166 + memory_region_section_addr(section, addr));
2168 case DEVICE_LITTLE_ENDIAN:
2169 val = ldl_le_p(ptr);
2171 case DEVICE_BIG_ENDIAN:
2172 val = ldl_be_p(ptr);
2182 uint32_t ldl_phys(hwaddr addr)
2184 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2187 uint32_t ldl_le_phys(hwaddr addr)
2189 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2192 uint32_t ldl_be_phys(hwaddr addr)
2194 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2197 /* warning: addr must be aligned */
2198 static inline uint64_t ldq_phys_internal(hwaddr addr,
2199 enum device_endian endian)
2203 MemoryRegionSection *section;
2205 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2207 if (!(memory_region_is_ram(section->mr) ||
2208 memory_region_is_romd(section->mr))) {
2210 addr = memory_region_section_addr(section, addr);
2212 /* XXX This is broken when device endian != cpu endian.
2213 Fix and add "endian" variable check */
2214 #ifdef TARGET_WORDS_BIGENDIAN
2215 val = io_mem_read(section->mr, addr, 4) << 32;
2216 val |= io_mem_read(section->mr, addr + 4, 4);
2218 val = io_mem_read(section->mr, addr, 4);
2219 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2223 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2225 + memory_region_section_addr(section, addr));
2227 case DEVICE_LITTLE_ENDIAN:
2228 val = ldq_le_p(ptr);
2230 case DEVICE_BIG_ENDIAN:
2231 val = ldq_be_p(ptr);
2241 uint64_t ldq_phys(hwaddr addr)
2243 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2246 uint64_t ldq_le_phys(hwaddr addr)
2248 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2251 uint64_t ldq_be_phys(hwaddr addr)
2253 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2257 uint32_t ldub_phys(hwaddr addr)
2260 cpu_physical_memory_read(addr, &val, 1);
2264 /* warning: addr must be aligned */
2265 static inline uint32_t lduw_phys_internal(hwaddr addr,
2266 enum device_endian endian)
2270 MemoryRegionSection *section;
2272 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2274 if (!(memory_region_is_ram(section->mr) ||
2275 memory_region_is_romd(section->mr))) {
2277 addr = memory_region_section_addr(section, addr);
2278 val = io_mem_read(section->mr, addr, 2);
2279 #if defined(TARGET_WORDS_BIGENDIAN)
2280 if (endian == DEVICE_LITTLE_ENDIAN) {
2284 if (endian == DEVICE_BIG_ENDIAN) {
2290 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2292 + memory_region_section_addr(section, addr));
2294 case DEVICE_LITTLE_ENDIAN:
2295 val = lduw_le_p(ptr);
2297 case DEVICE_BIG_ENDIAN:
2298 val = lduw_be_p(ptr);
2308 uint32_t lduw_phys(hwaddr addr)
2310 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2313 uint32_t lduw_le_phys(hwaddr addr)
2315 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2318 uint32_t lduw_be_phys(hwaddr addr)
2320 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2323 /* warning: addr must be aligned. The ram page is not masked as dirty
2324 and the code inside is not invalidated. It is useful if the dirty
2325 bits are used to track modified PTEs */
2326 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2329 MemoryRegionSection *section;
2331 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2333 if (!memory_region_is_ram(section->mr) || section->readonly) {
2334 addr = memory_region_section_addr(section, addr);
2335 if (memory_region_is_ram(section->mr)) {
2336 section = &phys_sections[phys_section_rom];
2338 io_mem_write(section->mr, addr, val, 4);
2340 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2342 + memory_region_section_addr(section, addr);
2343 ptr = qemu_get_ram_ptr(addr1);
2346 if (unlikely(in_migration)) {
2347 if (!cpu_physical_memory_is_dirty(addr1)) {
2348 /* invalidate code */
2349 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2351 cpu_physical_memory_set_dirty_flags(
2352 addr1, (0xff & ~CODE_DIRTY_FLAG));
2358 void stq_phys_notdirty(hwaddr addr, uint64_t val)
2361 MemoryRegionSection *section;
2363 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2365 if (!memory_region_is_ram(section->mr) || section->readonly) {
2366 addr = memory_region_section_addr(section, addr);
2367 if (memory_region_is_ram(section->mr)) {
2368 section = &phys_sections[phys_section_rom];
2370 #ifdef TARGET_WORDS_BIGENDIAN
2371 io_mem_write(section->mr, addr, val >> 32, 4);
2372 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
2374 io_mem_write(section->mr, addr, (uint32_t)val, 4);
2375 io_mem_write(section->mr, addr + 4, val >> 32, 4);
2378 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2380 + memory_region_section_addr(section, addr));
2385 /* warning: addr must be aligned */
2386 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2387 enum device_endian endian)
2390 MemoryRegionSection *section;
2392 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2394 if (!memory_region_is_ram(section->mr) || section->readonly) {
2395 addr = memory_region_section_addr(section, addr);
2396 if (memory_region_is_ram(section->mr)) {
2397 section = &phys_sections[phys_section_rom];
2399 #if defined(TARGET_WORDS_BIGENDIAN)
2400 if (endian == DEVICE_LITTLE_ENDIAN) {
2404 if (endian == DEVICE_BIG_ENDIAN) {
2408 io_mem_write(section->mr, addr, val, 4);
2410 unsigned long addr1;
2411 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2412 + memory_region_section_addr(section, addr);
2414 ptr = qemu_get_ram_ptr(addr1);
2416 case DEVICE_LITTLE_ENDIAN:
2419 case DEVICE_BIG_ENDIAN:
2426 invalidate_and_set_dirty(addr1, 4);
2430 void stl_phys(hwaddr addr, uint32_t val)
2432 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2435 void stl_le_phys(hwaddr addr, uint32_t val)
2437 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2440 void stl_be_phys(hwaddr addr, uint32_t val)
2442 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2446 void stb_phys(hwaddr addr, uint32_t val)
2449 cpu_physical_memory_write(addr, &v, 1);
2452 /* warning: addr must be aligned */
2453 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2454 enum device_endian endian)
2457 MemoryRegionSection *section;
2459 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2461 if (!memory_region_is_ram(section->mr) || section->readonly) {
2462 addr = memory_region_section_addr(section, addr);
2463 if (memory_region_is_ram(section->mr)) {
2464 section = &phys_sections[phys_section_rom];
2466 #if defined(TARGET_WORDS_BIGENDIAN)
2467 if (endian == DEVICE_LITTLE_ENDIAN) {
2471 if (endian == DEVICE_BIG_ENDIAN) {
2475 io_mem_write(section->mr, addr, val, 2);
2477 unsigned long addr1;
2478 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2479 + memory_region_section_addr(section, addr);
2481 ptr = qemu_get_ram_ptr(addr1);
2483 case DEVICE_LITTLE_ENDIAN:
2486 case DEVICE_BIG_ENDIAN:
2493 invalidate_and_set_dirty(addr1, 2);
2497 void stw_phys(hwaddr addr, uint32_t val)
2499 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2502 void stw_le_phys(hwaddr addr, uint32_t val)
2504 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2507 void stw_be_phys(hwaddr addr, uint32_t val)
2509 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2513 void stq_phys(hwaddr addr, uint64_t val)
2516 cpu_physical_memory_write(addr, &val, 8);
2519 void stq_le_phys(hwaddr addr, uint64_t val)
2521 val = cpu_to_le64(val);
2522 cpu_physical_memory_write(addr, &val, 8);
2525 void stq_be_phys(hwaddr addr, uint64_t val)
2527 val = cpu_to_be64(val);
2528 cpu_physical_memory_write(addr, &val, 8);
2531 /* virtual memory access for debug (includes writing to ROM) */
2532 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2533 uint8_t *buf, int len, int is_write)
2540 page = addr & TARGET_PAGE_MASK;
2541 phys_addr = cpu_get_phys_page_debug(env, page);
2542 /* if no physical page mapped, return an error */
2543 if (phys_addr == -1)
2545 l = (page + TARGET_PAGE_SIZE) - addr;
2548 phys_addr += (addr & ~TARGET_PAGE_MASK);
2550 cpu_physical_memory_write_rom(phys_addr, buf, l);
2552 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2561 #if !defined(CONFIG_USER_ONLY)
2564 * A helper function for the _utterly broken_ virtio device model to find out if
2565 * it's running on a big endian machine. Don't do this at home kids!
2567 bool virtio_is_big_endian(void);
2568 bool virtio_is_big_endian(void)
2570 #if defined(TARGET_WORDS_BIGENDIAN)
2579 #ifndef CONFIG_USER_ONLY
2580 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2582 MemoryRegionSection *section;
2584 section = phys_page_find(address_space_memory.dispatch,
2585 phys_addr >> TARGET_PAGE_BITS);
2587 return !(memory_region_is_ram(section->mr) ||
2588 memory_region_is_romd(section->mr));
projects / qemu.git / blob