2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
35 #include "qemu-timer.h"
37 #include "exec-memory.h"
38 #if defined(CONFIG_USER_ONLY)
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
47 #include <machine/profile.h>
55 #else /* !CONFIG_USER_ONLY */
56 #include "xen-mapcache.h"
60 #define WANT_EXEC_OBSOLETE
61 #include "exec-obsolete.h"
63 //#define DEBUG_TB_INVALIDATE
66 //#define DEBUG_UNASSIGNED
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
96 #elif defined(_WIN32) && !defined(_WIN64)
97 #define code_gen_section \
98 __attribute__((aligned (16)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 static uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
113 static int in_migration;
115 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
117 static MemoryRegion *system_memory;
118 static MemoryRegion *system_io;
120 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
121 static MemoryRegion io_mem_subpage_ram;
125 CPUArchState *first_cpu;
126 /* current CPU in the current thread. It is only valid inside
128 DEFINE_TLS(CPUArchState *,cpu_single_env);
129 /* 0 = Do not count executed instructions.
130 1 = Precise instruction counting.
131 2 = Adaptive rate instruction counting. */
134 typedef struct PageDesc {
135 /* list of TBs intersecting this ram page */
136 TranslationBlock *first_tb;
137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141 #if defined(CONFIG_USER_ONLY)
146 /* In system mode we want L1_MAP to be based on ram offsets,
147 while in user mode we want it to be based on virtual addresses. */
148 #if !defined(CONFIG_USER_ONLY)
149 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
155 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
158 /* Size of the L2 (and L3, etc) page tables. */
160 #define L2_SIZE (1 << L2_BITS)
162 #define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165 /* The bits remaining after N lower levels of page tables. */
166 #define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169 #if V_L1_BITS_REM < 4
170 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172 #define V_L1_BITS V_L1_BITS_REM
175 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179 uintptr_t qemu_real_host_page_size;
180 uintptr_t qemu_host_page_size;
181 uintptr_t qemu_host_page_mask;
183 /* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185 static void *l1_map[V_L1_SIZE];
187 #if !defined(CONFIG_USER_ONLY)
188 typedef struct PhysPageEntry PhysPageEntry;
190 static MemoryRegionSection *phys_sections;
191 static unsigned phys_sections_nb, phys_sections_nb_alloc;
192 static uint16_t phys_section_unassigned;
193 static uint16_t phys_section_notdirty;
194 static uint16_t phys_section_rom;
195 static uint16_t phys_section_watch;
197 struct PhysPageEntry {
198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
203 /* Simple allocator for PhysPageEntry nodes */
204 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
207 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
209 /* This is a multi-level map on the physical address space.
210 The bottom level has pointers to MemoryRegionSections. */
211 static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
213 static void io_mem_init(void);
214 static void memory_map_init(void);
216 static MemoryRegion io_mem_watch;
221 static const char *logfilename = "qemu.log";
223 static const char *logfilename = "/tmp/qemu.log";
227 static int log_append = 0;
230 #if !defined(CONFIG_USER_ONLY)
231 static int tlb_flush_count;
233 static int tb_flush_count;
234 static int tb_phys_invalidate_count;
237 static void map_exec(void *addr, long size)
240 VirtualProtect(addr, size,
241 PAGE_EXECUTE_READWRITE, &old_protect);
245 static void map_exec(void *addr, long size)
247 unsigned long start, end, page_size;
249 page_size = getpagesize();
250 start = (unsigned long)addr;
251 start &= ~(page_size - 1);
253 end = (unsigned long)addr + size;
254 end += page_size - 1;
255 end &= ~(page_size - 1);
257 mprotect((void *)start, end - start,
258 PROT_READ | PROT_WRITE | PROT_EXEC);
262 static void page_init(void)
264 /* NOTE: we can always suppose that qemu_host_page_size >=
268 SYSTEM_INFO system_info;
270 GetSystemInfo(&system_info);
271 qemu_real_host_page_size = system_info.dwPageSize;
274 qemu_real_host_page_size = getpagesize();
276 if (qemu_host_page_size == 0)
277 qemu_host_page_size = qemu_real_host_page_size;
278 if (qemu_host_page_size < TARGET_PAGE_SIZE)
279 qemu_host_page_size = TARGET_PAGE_SIZE;
280 qemu_host_page_mask = ~(qemu_host_page_size - 1);
282 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
284 #ifdef HAVE_KINFO_GETVMMAP
285 struct kinfo_vmentry *freep;
288 freep = kinfo_getvmmap(getpid(), &cnt);
291 for (i = 0; i < cnt; i++) {
292 unsigned long startaddr, endaddr;
294 startaddr = freep[i].kve_start;
295 endaddr = freep[i].kve_end;
296 if (h2g_valid(startaddr)) {
297 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
299 if (h2g_valid(endaddr)) {
300 endaddr = h2g(endaddr);
301 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
303 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
305 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
316 last_brk = (unsigned long)sbrk(0);
318 f = fopen("/compat/linux/proc/self/maps", "r");
323 unsigned long startaddr, endaddr;
326 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
328 if (n == 2 && h2g_valid(startaddr)) {
329 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
331 if (h2g_valid(endaddr)) {
332 endaddr = h2g(endaddr);
336 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
348 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
354 #if defined(CONFIG_USER_ONLY)
355 /* We can't use g_malloc because it may recurse into a locked mutex. */
356 # define ALLOC(P, SIZE) \
358 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
359 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
362 # define ALLOC(P, SIZE) \
363 do { P = g_malloc0(SIZE); } while (0)
366 /* Level 1. Always allocated. */
367 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
370 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
377 ALLOC(p, sizeof(void *) * L2_SIZE);
381 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
389 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
395 return pd + (index & (L2_SIZE - 1));
398 static inline PageDesc *page_find(tb_page_addr_t index)
400 return page_find_alloc(index, 0);
403 #if !defined(CONFIG_USER_ONLY)
405 static void phys_map_node_reserve(unsigned nodes)
407 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
408 typedef PhysPageEntry Node[L2_SIZE];
409 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
410 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
411 phys_map_nodes_nb + nodes);
412 phys_map_nodes = g_renew(Node, phys_map_nodes,
413 phys_map_nodes_nb_alloc);
417 static uint16_t phys_map_node_alloc(void)
422 ret = phys_map_nodes_nb++;
423 assert(ret != PHYS_MAP_NODE_NIL);
424 assert(ret != phys_map_nodes_nb_alloc);
425 for (i = 0; i < L2_SIZE; ++i) {
426 phys_map_nodes[ret][i].is_leaf = 0;
427 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
432 static void phys_map_nodes_reset(void)
434 phys_map_nodes_nb = 0;
438 static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
439 target_phys_addr_t *nb, uint16_t leaf,
444 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
446 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
447 lp->ptr = phys_map_node_alloc();
448 p = phys_map_nodes[lp->ptr];
450 for (i = 0; i < L2_SIZE; i++) {
452 p[i].ptr = phys_section_unassigned;
456 p = phys_map_nodes[lp->ptr];
458 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
460 while (*nb && lp < &p[L2_SIZE]) {
461 if ((*index & (step - 1)) == 0 && *nb >= step) {
467 phys_page_set_level(lp, index, nb, leaf, level - 1);
473 static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
476 /* Wildly overreserve - it doesn't matter much. */
477 phys_map_node_reserve(3 * P_L2_LEVELS);
479 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
482 static MemoryRegionSection *phys_page_find(target_phys_addr_t index)
484 PhysPageEntry lp = phys_map;
487 uint16_t s_index = phys_section_unassigned;
489 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
490 if (lp.ptr == PHYS_MAP_NODE_NIL) {
493 p = phys_map_nodes[lp.ptr];
494 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
499 return &phys_sections[s_index];
502 static target_phys_addr_t section_addr(MemoryRegionSection *section,
503 target_phys_addr_t addr)
505 addr -= section->offset_within_address_space;
506 addr += section->offset_within_region;
510 static void tlb_protect_code(ram_addr_t ram_addr);
511 static void tlb_unprotect_code_phys(CPUArchState *env, ram_addr_t ram_addr,
513 #define mmap_lock() do { } while(0)
514 #define mmap_unlock() do { } while(0)
517 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
519 #if defined(CONFIG_USER_ONLY)
520 /* Currently it is not recommended to allocate big chunks of data in
521 user mode. It will change when a dedicated libc will be used */
522 #define USE_STATIC_CODE_GEN_BUFFER
525 #ifdef USE_STATIC_CODE_GEN_BUFFER
526 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
527 __attribute__((aligned (CODE_GEN_ALIGN)));
530 static void code_gen_alloc(unsigned long tb_size)
532 #ifdef USE_STATIC_CODE_GEN_BUFFER
533 code_gen_buffer = static_code_gen_buffer;
534 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
535 map_exec(code_gen_buffer, code_gen_buffer_size);
537 code_gen_buffer_size = tb_size;
538 if (code_gen_buffer_size == 0) {
539 #if defined(CONFIG_USER_ONLY)
540 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
542 /* XXX: needs adjustments */
543 code_gen_buffer_size = (unsigned long)(ram_size / 4);
546 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
547 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
548 /* The code gen buffer location may have constraints depending on
549 the host cpu and OS */
550 #if defined(__linux__)
555 flags = MAP_PRIVATE | MAP_ANONYMOUS;
556 #if defined(__x86_64__)
558 /* Cannot map more than that */
559 if (code_gen_buffer_size > (800 * 1024 * 1024))
560 code_gen_buffer_size = (800 * 1024 * 1024);
561 #elif defined(__sparc_v9__)
562 // Map the buffer below 2G, so we can use direct calls and branches
564 start = (void *) 0x60000000UL;
565 if (code_gen_buffer_size > (512 * 1024 * 1024))
566 code_gen_buffer_size = (512 * 1024 * 1024);
567 #elif defined(__arm__)
568 /* Keep the buffer no bigger than 16MB to branch between blocks */
569 if (code_gen_buffer_size > 16 * 1024 * 1024)
570 code_gen_buffer_size = 16 * 1024 * 1024;
571 #elif defined(__s390x__)
572 /* Map the buffer so that we can use direct calls and branches. */
573 /* We have a +- 4GB range on the branches; leave some slop. */
574 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
575 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
577 start = (void *)0x90000000UL;
579 code_gen_buffer = mmap(start, code_gen_buffer_size,
580 PROT_WRITE | PROT_READ | PROT_EXEC,
582 if (code_gen_buffer == MAP_FAILED) {
583 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
587 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
588 || defined(__DragonFly__) || defined(__OpenBSD__) \
589 || defined(__NetBSD__)
593 flags = MAP_PRIVATE | MAP_ANONYMOUS;
594 #if defined(__x86_64__)
595 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
596 * 0x40000000 is free */
598 addr = (void *)0x40000000;
599 /* Cannot map more than that */
600 if (code_gen_buffer_size > (800 * 1024 * 1024))
601 code_gen_buffer_size = (800 * 1024 * 1024);
602 #elif defined(__sparc_v9__)
603 // Map the buffer below 2G, so we can use direct calls and branches
605 addr = (void *) 0x60000000UL;
606 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
607 code_gen_buffer_size = (512 * 1024 * 1024);
610 code_gen_buffer = mmap(addr, code_gen_buffer_size,
611 PROT_WRITE | PROT_READ | PROT_EXEC,
613 if (code_gen_buffer == MAP_FAILED) {
614 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
619 code_gen_buffer = g_malloc(code_gen_buffer_size);
620 map_exec(code_gen_buffer, code_gen_buffer_size);
622 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
623 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
624 code_gen_buffer_max_size = code_gen_buffer_size -
625 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
626 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
627 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
630 /* Must be called before using the QEMU cpus. 'tb_size' is the size
631 (in bytes) allocated to the translation buffer. Zero means default
633 void tcg_exec_init(unsigned long tb_size)
636 code_gen_alloc(tb_size);
637 code_gen_ptr = code_gen_buffer;
638 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
640 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
641 /* There's no guest base to take into account, so go ahead and
642 initialize the prologue now. */
643 tcg_prologue_init(&tcg_ctx);
647 bool tcg_enabled(void)
649 return code_gen_buffer != NULL;
652 void cpu_exec_init_all(void)
654 #if !defined(CONFIG_USER_ONLY)
660 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
662 static int cpu_common_post_load(void *opaque, int version_id)
664 CPUArchState *env = opaque;
666 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
667 version_id is increased. */
668 env->interrupt_request &= ~0x01;
674 static const VMStateDescription vmstate_cpu_common = {
675 .name = "cpu_common",
677 .minimum_version_id = 1,
678 .minimum_version_id_old = 1,
679 .post_load = cpu_common_post_load,
680 .fields = (VMStateField []) {
681 VMSTATE_UINT32(halted, CPUArchState),
682 VMSTATE_UINT32(interrupt_request, CPUArchState),
683 VMSTATE_END_OF_LIST()
688 CPUArchState *qemu_get_cpu(int cpu)
690 CPUArchState *env = first_cpu;
693 if (env->cpu_index == cpu)
701 void cpu_exec_init(CPUArchState *env)
706 #if defined(CONFIG_USER_ONLY)
709 env->next_cpu = NULL;
712 while (*penv != NULL) {
713 penv = &(*penv)->next_cpu;
716 env->cpu_index = cpu_index;
718 QTAILQ_INIT(&env->breakpoints);
719 QTAILQ_INIT(&env->watchpoints);
720 #ifndef CONFIG_USER_ONLY
721 env->thread_id = qemu_get_thread_id();
724 #if defined(CONFIG_USER_ONLY)
727 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
728 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
729 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
730 cpu_save, cpu_load, env);
734 /* Allocate a new translation block. Flush the translation buffer if
735 too many translation blocks or too much generated code. */
736 static TranslationBlock *tb_alloc(target_ulong pc)
738 TranslationBlock *tb;
740 if (nb_tbs >= code_gen_max_blocks ||
741 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
749 void tb_free(TranslationBlock *tb)
751 /* In practice this is mostly used for single use temporary TB
752 Ignore the hard cases and just back up if this TB happens to
753 be the last one generated. */
754 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
755 code_gen_ptr = tb->tc_ptr;
760 static inline void invalidate_page_bitmap(PageDesc *p)
762 if (p->code_bitmap) {
763 g_free(p->code_bitmap);
764 p->code_bitmap = NULL;
766 p->code_write_count = 0;
769 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
771 static void page_flush_tb_1 (int level, void **lp)
780 for (i = 0; i < L2_SIZE; ++i) {
781 pd[i].first_tb = NULL;
782 invalidate_page_bitmap(pd + i);
786 for (i = 0; i < L2_SIZE; ++i) {
787 page_flush_tb_1 (level - 1, pp + i);
792 static void page_flush_tb(void)
795 for (i = 0; i < V_L1_SIZE; i++) {
796 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
800 /* flush all the translation blocks */
801 /* XXX: tb_flush is currently not thread safe */
802 void tb_flush(CPUArchState *env1)
805 #if defined(DEBUG_FLUSH)
806 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
807 (unsigned long)(code_gen_ptr - code_gen_buffer),
809 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
811 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
812 cpu_abort(env1, "Internal error: code buffer overflow\n");
816 for(env = first_cpu; env != NULL; env = env->next_cpu) {
817 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
820 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
823 code_gen_ptr = code_gen_buffer;
824 /* XXX: flush processor icache at this point if cache flush is
829 #ifdef DEBUG_TB_CHECK
831 static void tb_invalidate_check(target_ulong address)
833 TranslationBlock *tb;
835 address &= TARGET_PAGE_MASK;
836 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
837 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
838 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
839 address >= tb->pc + tb->size)) {
840 printf("ERROR invalidate: address=" TARGET_FMT_lx
841 " PC=%08lx size=%04x\n",
842 address, (long)tb->pc, tb->size);
848 /* verify that all the pages have correct rights for code */
849 static void tb_page_check(void)
851 TranslationBlock *tb;
852 int i, flags1, flags2;
854 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
855 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
856 flags1 = page_get_flags(tb->pc);
857 flags2 = page_get_flags(tb->pc + tb->size - 1);
858 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
859 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
860 (long)tb->pc, tb->size, flags1, flags2);
868 /* invalidate one TB */
869 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
872 TranslationBlock *tb1;
876 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
879 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
883 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
885 TranslationBlock *tb1;
890 n1 = (uintptr_t)tb1 & 3;
891 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
893 *ptb = tb1->page_next[n1];
896 ptb = &tb1->page_next[n1];
900 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
902 TranslationBlock *tb1, **ptb;
905 ptb = &tb->jmp_next[n];
908 /* find tb(n) in circular list */
911 n1 = (uintptr_t)tb1 & 3;
912 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
913 if (n1 == n && tb1 == tb)
916 ptb = &tb1->jmp_first;
918 ptb = &tb1->jmp_next[n1];
921 /* now we can suppress tb(n) from the list */
922 *ptb = tb->jmp_next[n];
924 tb->jmp_next[n] = NULL;
928 /* reset the jump entry 'n' of a TB so that it is not chained to
930 static inline void tb_reset_jump(TranslationBlock *tb, int n)
932 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
935 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
940 tb_page_addr_t phys_pc;
941 TranslationBlock *tb1, *tb2;
943 /* remove the TB from the hash list */
944 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
945 h = tb_phys_hash_func(phys_pc);
946 tb_remove(&tb_phys_hash[h], tb,
947 offsetof(TranslationBlock, phys_hash_next));
949 /* remove the TB from the page list */
950 if (tb->page_addr[0] != page_addr) {
951 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
952 tb_page_remove(&p->first_tb, tb);
953 invalidate_page_bitmap(p);
955 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
956 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
957 tb_page_remove(&p->first_tb, tb);
958 invalidate_page_bitmap(p);
961 tb_invalidated_flag = 1;
963 /* remove the TB from the hash list */
964 h = tb_jmp_cache_hash_func(tb->pc);
965 for(env = first_cpu; env != NULL; env = env->next_cpu) {
966 if (env->tb_jmp_cache[h] == tb)
967 env->tb_jmp_cache[h] = NULL;
970 /* suppress this TB from the two jump lists */
971 tb_jmp_remove(tb, 0);
972 tb_jmp_remove(tb, 1);
974 /* suppress any remaining jumps to this TB */
977 n1 = (uintptr_t)tb1 & 3;
980 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
981 tb2 = tb1->jmp_next[n1];
982 tb_reset_jump(tb1, n1);
983 tb1->jmp_next[n1] = NULL;
986 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
988 tb_phys_invalidate_count++;
991 static inline void set_bits(uint8_t *tab, int start, int len)
997 mask = 0xff << (start & 7);
998 if ((start & ~7) == (end & ~7)) {
1000 mask &= ~(0xff << (end & 7));
1005 start = (start + 8) & ~7;
1007 while (start < end1) {
1012 mask = ~(0xff << (end & 7));
1018 static void build_page_bitmap(PageDesc *p)
1020 int n, tb_start, tb_end;
1021 TranslationBlock *tb;
1023 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
1026 while (tb != NULL) {
1027 n = (uintptr_t)tb & 3;
1028 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1029 /* NOTE: this is subtle as a TB may span two physical pages */
1031 /* NOTE: tb_end may be after the end of the page, but
1032 it is not a problem */
1033 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1034 tb_end = tb_start + tb->size;
1035 if (tb_end > TARGET_PAGE_SIZE)
1036 tb_end = TARGET_PAGE_SIZE;
1039 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1041 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1042 tb = tb->page_next[n];
1046 TranslationBlock *tb_gen_code(CPUArchState *env,
1047 target_ulong pc, target_ulong cs_base,
1048 int flags, int cflags)
1050 TranslationBlock *tb;
1052 tb_page_addr_t phys_pc, phys_page2;
1053 target_ulong virt_page2;
1056 phys_pc = get_page_addr_code(env, pc);
1059 /* flush must be done */
1061 /* cannot fail at this point */
1063 /* Don't forget to invalidate previous TB info. */
1064 tb_invalidated_flag = 1;
1066 tc_ptr = code_gen_ptr;
1067 tb->tc_ptr = tc_ptr;
1068 tb->cs_base = cs_base;
1070 tb->cflags = cflags;
1071 cpu_gen_code(env, tb, &code_gen_size);
1072 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1073 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1075 /* check next page if needed */
1076 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1078 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1079 phys_page2 = get_page_addr_code(env, virt_page2);
1081 tb_link_page(tb, phys_pc, phys_page2);
1085 /* invalidate all TBs which intersect with the target physical page
1086 starting in range [start;end[. NOTE: start and end must refer to
1087 the same physical page. 'is_cpu_write_access' should be true if called
1088 from a real cpu write access: the virtual CPU will exit the current
1089 TB if code is modified inside this TB. */
1090 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1091 int is_cpu_write_access)
1093 TranslationBlock *tb, *tb_next, *saved_tb;
1094 CPUArchState *env = cpu_single_env;
1095 tb_page_addr_t tb_start, tb_end;
1098 #ifdef TARGET_HAS_PRECISE_SMC
1099 int current_tb_not_found = is_cpu_write_access;
1100 TranslationBlock *current_tb = NULL;
1101 int current_tb_modified = 0;
1102 target_ulong current_pc = 0;
1103 target_ulong current_cs_base = 0;
1104 int current_flags = 0;
1105 #endif /* TARGET_HAS_PRECISE_SMC */
1107 p = page_find(start >> TARGET_PAGE_BITS);
1110 if (!p->code_bitmap &&
1111 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1112 is_cpu_write_access) {
1113 /* build code bitmap */
1114 build_page_bitmap(p);
1117 /* we remove all the TBs in the range [start, end[ */
1118 /* XXX: see if in some cases it could be faster to invalidate all the code */
1120 while (tb != NULL) {
1121 n = (uintptr_t)tb & 3;
1122 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1123 tb_next = tb->page_next[n];
1124 /* NOTE: this is subtle as a TB may span two physical pages */
1126 /* NOTE: tb_end may be after the end of the page, but
1127 it is not a problem */
1128 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1129 tb_end = tb_start + tb->size;
1131 tb_start = tb->page_addr[1];
1132 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1134 if (!(tb_end <= start || tb_start >= end)) {
1135 #ifdef TARGET_HAS_PRECISE_SMC
1136 if (current_tb_not_found) {
1137 current_tb_not_found = 0;
1139 if (env->mem_io_pc) {
1140 /* now we have a real cpu fault */
1141 current_tb = tb_find_pc(env->mem_io_pc);
1144 if (current_tb == tb &&
1145 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1146 /* If we are modifying the current TB, we must stop
1147 its execution. We could be more precise by checking
1148 that the modification is after the current PC, but it
1149 would require a specialized function to partially
1150 restore the CPU state */
1152 current_tb_modified = 1;
1153 cpu_restore_state(current_tb, env, env->mem_io_pc);
1154 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1157 #endif /* TARGET_HAS_PRECISE_SMC */
1158 /* we need to do that to handle the case where a signal
1159 occurs while doing tb_phys_invalidate() */
1162 saved_tb = env->current_tb;
1163 env->current_tb = NULL;
1165 tb_phys_invalidate(tb, -1);
1167 env->current_tb = saved_tb;
1168 if (env->interrupt_request && env->current_tb)
1169 cpu_interrupt(env, env->interrupt_request);
1174 #if !defined(CONFIG_USER_ONLY)
1175 /* if no code remaining, no need to continue to use slow writes */
1177 invalidate_page_bitmap(p);
1178 if (is_cpu_write_access) {
1179 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1183 #ifdef TARGET_HAS_PRECISE_SMC
1184 if (current_tb_modified) {
1185 /* we generate a block containing just the instruction
1186 modifying the memory. It will ensure that it cannot modify
1188 env->current_tb = NULL;
1189 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1190 cpu_resume_from_signal(env, NULL);
1195 /* len must be <= 8 and start must be a multiple of len */
1196 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1202 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1203 cpu_single_env->mem_io_vaddr, len,
1204 cpu_single_env->eip,
1205 cpu_single_env->eip +
1206 (intptr_t)cpu_single_env->segs[R_CS].base);
1209 p = page_find(start >> TARGET_PAGE_BITS);
1212 if (p->code_bitmap) {
1213 offset = start & ~TARGET_PAGE_MASK;
1214 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1215 if (b & ((1 << len) - 1))
1219 tb_invalidate_phys_page_range(start, start + len, 1);
1223 #if !defined(CONFIG_SOFTMMU)
1224 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1225 uintptr_t pc, void *puc)
1227 TranslationBlock *tb;
1230 #ifdef TARGET_HAS_PRECISE_SMC
1231 TranslationBlock *current_tb = NULL;
1232 CPUArchState *env = cpu_single_env;
1233 int current_tb_modified = 0;
1234 target_ulong current_pc = 0;
1235 target_ulong current_cs_base = 0;
1236 int current_flags = 0;
1239 addr &= TARGET_PAGE_MASK;
1240 p = page_find(addr >> TARGET_PAGE_BITS);
1244 #ifdef TARGET_HAS_PRECISE_SMC
1245 if (tb && pc != 0) {
1246 current_tb = tb_find_pc(pc);
1249 while (tb != NULL) {
1250 n = (uintptr_t)tb & 3;
1251 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1252 #ifdef TARGET_HAS_PRECISE_SMC
1253 if (current_tb == tb &&
1254 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1255 /* If we are modifying the current TB, we must stop
1256 its execution. We could be more precise by checking
1257 that the modification is after the current PC, but it
1258 would require a specialized function to partially
1259 restore the CPU state */
1261 current_tb_modified = 1;
1262 cpu_restore_state(current_tb, env, pc);
1263 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1266 #endif /* TARGET_HAS_PRECISE_SMC */
1267 tb_phys_invalidate(tb, addr);
1268 tb = tb->page_next[n];
1271 #ifdef TARGET_HAS_PRECISE_SMC
1272 if (current_tb_modified) {
1273 /* we generate a block containing just the instruction
1274 modifying the memory. It will ensure that it cannot modify
1276 env->current_tb = NULL;
1277 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1278 cpu_resume_from_signal(env, puc);
1284 /* add the tb in the target page and protect it if necessary */
1285 static inline void tb_alloc_page(TranslationBlock *tb,
1286 unsigned int n, tb_page_addr_t page_addr)
1289 #ifndef CONFIG_USER_ONLY
1290 bool page_already_protected;
1293 tb->page_addr[n] = page_addr;
1294 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1295 tb->page_next[n] = p->first_tb;
1296 #ifndef CONFIG_USER_ONLY
1297 page_already_protected = p->first_tb != NULL;
1299 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1300 invalidate_page_bitmap(p);
1302 #if defined(TARGET_HAS_SMC) || 1
1304 #if defined(CONFIG_USER_ONLY)
1305 if (p->flags & PAGE_WRITE) {
1310 /* force the host page as non writable (writes will have a
1311 page fault + mprotect overhead) */
1312 page_addr &= qemu_host_page_mask;
1314 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1315 addr += TARGET_PAGE_SIZE) {
1317 p2 = page_find (addr >> TARGET_PAGE_BITS);
1321 p2->flags &= ~PAGE_WRITE;
1323 mprotect(g2h(page_addr), qemu_host_page_size,
1324 (prot & PAGE_BITS) & ~PAGE_WRITE);
1325 #ifdef DEBUG_TB_INVALIDATE
1326 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1331 /* if some code is already present, then the pages are already
1332 protected. So we handle the case where only the first TB is
1333 allocated in a physical page */
1334 if (!page_already_protected) {
1335 tlb_protect_code(page_addr);
1339 #endif /* TARGET_HAS_SMC */
1342 /* add a new TB and link it to the physical page tables. phys_page2 is
1343 (-1) to indicate that only one page contains the TB. */
1344 void tb_link_page(TranslationBlock *tb,
1345 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1348 TranslationBlock **ptb;
1350 /* Grab the mmap lock to stop another thread invalidating this TB
1351 before we are done. */
1353 /* add in the physical hash table */
1354 h = tb_phys_hash_func(phys_pc);
1355 ptb = &tb_phys_hash[h];
1356 tb->phys_hash_next = *ptb;
1359 /* add in the page list */
1360 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1361 if (phys_page2 != -1)
1362 tb_alloc_page(tb, 1, phys_page2);
1364 tb->page_addr[1] = -1;
1366 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1367 tb->jmp_next[0] = NULL;
1368 tb->jmp_next[1] = NULL;
1370 /* init original jump addresses */
1371 if (tb->tb_next_offset[0] != 0xffff)
1372 tb_reset_jump(tb, 0);
1373 if (tb->tb_next_offset[1] != 0xffff)
1374 tb_reset_jump(tb, 1);
1376 #ifdef DEBUG_TB_CHECK
1382 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1383 tb[1].tc_ptr. Return NULL if not found */
1384 TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1386 int m_min, m_max, m;
1388 TranslationBlock *tb;
1392 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1393 tc_ptr >= (uintptr_t)code_gen_ptr) {
1396 /* binary search (cf Knuth) */
1399 while (m_min <= m_max) {
1400 m = (m_min + m_max) >> 1;
1402 v = (uintptr_t)tb->tc_ptr;
1405 else if (tc_ptr < v) {
1414 static void tb_reset_jump_recursive(TranslationBlock *tb);
1416 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1418 TranslationBlock *tb1, *tb_next, **ptb;
1421 tb1 = tb->jmp_next[n];
1423 /* find head of list */
1425 n1 = (uintptr_t)tb1 & 3;
1426 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1429 tb1 = tb1->jmp_next[n1];
1431 /* we are now sure now that tb jumps to tb1 */
1434 /* remove tb from the jmp_first list */
1435 ptb = &tb_next->jmp_first;
1438 n1 = (uintptr_t)tb1 & 3;
1439 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1440 if (n1 == n && tb1 == tb)
1442 ptb = &tb1->jmp_next[n1];
1444 *ptb = tb->jmp_next[n];
1445 tb->jmp_next[n] = NULL;
1447 /* suppress the jump to next tb in generated code */
1448 tb_reset_jump(tb, n);
1450 /* suppress jumps in the tb on which we could have jumped */
1451 tb_reset_jump_recursive(tb_next);
1455 static void tb_reset_jump_recursive(TranslationBlock *tb)
1457 tb_reset_jump_recursive2(tb, 0);
1458 tb_reset_jump_recursive2(tb, 1);
1461 #if defined(TARGET_HAS_ICE)
1462 #if defined(CONFIG_USER_ONLY)
1463 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1465 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1468 void tb_invalidate_phys_addr(target_phys_addr_t addr)
1470 ram_addr_t ram_addr;
1471 MemoryRegionSection *section;
1473 section = phys_page_find(addr >> TARGET_PAGE_BITS);
1474 if (!(memory_region_is_ram(section->mr)
1475 || (section->mr->rom_device && section->mr->readable))) {
1478 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1479 + section_addr(section, addr);
1480 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1483 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1485 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc));
1488 #endif /* TARGET_HAS_ICE */
1490 #if defined(CONFIG_USER_ONLY)
1491 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1496 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1497 int flags, CPUWatchpoint **watchpoint)
1502 /* Add a watchpoint. */
1503 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1504 int flags, CPUWatchpoint **watchpoint)
1506 target_ulong len_mask = ~(len - 1);
1509 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1510 if ((len & (len - 1)) || (addr & ~len_mask) ||
1511 len == 0 || len > TARGET_PAGE_SIZE) {
1512 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1513 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1516 wp = g_malloc(sizeof(*wp));
1519 wp->len_mask = len_mask;
1522 /* keep all GDB-injected watchpoints in front */
1524 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1526 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1528 tlb_flush_page(env, addr);
1535 /* Remove a specific watchpoint. */
1536 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
1539 target_ulong len_mask = ~(len - 1);
1542 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1543 if (addr == wp->vaddr && len_mask == wp->len_mask
1544 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1545 cpu_watchpoint_remove_by_ref(env, wp);
1552 /* Remove a specific watchpoint by reference. */
1553 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
1555 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1557 tlb_flush_page(env, watchpoint->vaddr);
1562 /* Remove all matching watchpoints. */
1563 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1565 CPUWatchpoint *wp, *next;
1567 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1568 if (wp->flags & mask)
1569 cpu_watchpoint_remove_by_ref(env, wp);
1574 /* Add a breakpoint. */
1575 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
1576 CPUBreakpoint **breakpoint)
1578 #if defined(TARGET_HAS_ICE)
1581 bp = g_malloc(sizeof(*bp));
1586 /* keep all GDB-injected breakpoints in front */
1588 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1590 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1592 breakpoint_invalidate(env, pc);
1602 /* Remove a specific breakpoint. */
1603 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
1605 #if defined(TARGET_HAS_ICE)
1608 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1609 if (bp->pc == pc && bp->flags == flags) {
1610 cpu_breakpoint_remove_by_ref(env, bp);
1620 /* Remove a specific breakpoint by reference. */
1621 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
1623 #if defined(TARGET_HAS_ICE)
1624 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1626 breakpoint_invalidate(env, breakpoint->pc);
1632 /* Remove all matching breakpoints. */
1633 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
1635 #if defined(TARGET_HAS_ICE)
1636 CPUBreakpoint *bp, *next;
1638 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1639 if (bp->flags & mask)
1640 cpu_breakpoint_remove_by_ref(env, bp);
1645 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1646 CPU loop after each instruction */
1647 void cpu_single_step(CPUArchState *env, int enabled)
1649 #if defined(TARGET_HAS_ICE)
1650 if (env->singlestep_enabled != enabled) {
1651 env->singlestep_enabled = enabled;
1653 kvm_update_guest_debug(env, 0);
1655 /* must flush all the translated code to avoid inconsistencies */
1656 /* XXX: only flush what is necessary */
1663 /* enable or disable low levels log */
1664 void cpu_set_log(int log_flags)
1666 loglevel = log_flags;
1667 if (loglevel && !logfile) {
1668 logfile = fopen(logfilename, log_append ? "a" : "w");
1670 perror(logfilename);
1673 #if !defined(CONFIG_SOFTMMU)
1674 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1676 static char logfile_buf[4096];
1677 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1679 #elif defined(_WIN32)
1680 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1681 setvbuf(logfile, NULL, _IONBF, 0);
1683 setvbuf(logfile, NULL, _IOLBF, 0);
1687 if (!loglevel && logfile) {
1693 void cpu_set_log_filename(const char *filename)
1695 logfilename = strdup(filename);
1700 cpu_set_log(loglevel);
1703 static void cpu_unlink_tb(CPUArchState *env)
1705 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1706 problem and hope the cpu will stop of its own accord. For userspace
1707 emulation this often isn't actually as bad as it sounds. Often
1708 signals are used primarily to interrupt blocking syscalls. */
1709 TranslationBlock *tb;
1710 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1712 spin_lock(&interrupt_lock);
1713 tb = env->current_tb;
1714 /* if the cpu is currently executing code, we must unlink it and
1715 all the potentially executing TB */
1717 env->current_tb = NULL;
1718 tb_reset_jump_recursive(tb);
1720 spin_unlock(&interrupt_lock);
1723 #ifndef CONFIG_USER_ONLY
1724 /* mask must never be zero, except for A20 change call */
1725 static void tcg_handle_interrupt(CPUArchState *env, int mask)
1729 old_mask = env->interrupt_request;
1730 env->interrupt_request |= mask;
1733 * If called from iothread context, wake the target cpu in
1736 if (!qemu_cpu_is_self(env)) {
1742 env->icount_decr.u16.high = 0xffff;
1744 && (mask & ~old_mask) != 0) {
1745 cpu_abort(env, "Raised interrupt while not in I/O function");
1752 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1754 #else /* CONFIG_USER_ONLY */
1756 void cpu_interrupt(CPUArchState *env, int mask)
1758 env->interrupt_request |= mask;
1761 #endif /* CONFIG_USER_ONLY */
1763 void cpu_reset_interrupt(CPUArchState *env, int mask)
1765 env->interrupt_request &= ~mask;
1768 void cpu_exit(CPUArchState *env)
1770 env->exit_request = 1;
1774 const CPULogItem cpu_log_items[] = {
1775 { CPU_LOG_TB_OUT_ASM, "out_asm",
1776 "show generated host assembly code for each compiled TB" },
1777 { CPU_LOG_TB_IN_ASM, "in_asm",
1778 "show target assembly code for each compiled TB" },
1779 { CPU_LOG_TB_OP, "op",
1780 "show micro ops for each compiled TB" },
1781 { CPU_LOG_TB_OP_OPT, "op_opt",
1784 "before eflags optimization and "
1786 "after liveness analysis" },
1787 { CPU_LOG_INT, "int",
1788 "show interrupts/exceptions in short format" },
1789 { CPU_LOG_EXEC, "exec",
1790 "show trace before each executed TB (lots of logs)" },
1791 { CPU_LOG_TB_CPU, "cpu",
1792 "show CPU state before block translation" },
1794 { CPU_LOG_PCALL, "pcall",
1795 "show protected mode far calls/returns/exceptions" },
1796 { CPU_LOG_RESET, "cpu_reset",
1797 "show CPU state before CPU resets" },
1800 { CPU_LOG_IOPORT, "ioport",
1801 "show all i/o ports accesses" },
1806 static int cmp1(const char *s1, int n, const char *s2)
1808 if (strlen(s2) != n)
1810 return memcmp(s1, s2, n) == 0;
1813 /* takes a comma separated list of log masks. Return 0 if error. */
1814 int cpu_str_to_log_mask(const char *str)
1816 const CPULogItem *item;
1823 p1 = strchr(p, ',');
1826 if(cmp1(p,p1-p,"all")) {
1827 for(item = cpu_log_items; item->mask != 0; item++) {
1831 for(item = cpu_log_items; item->mask != 0; item++) {
1832 if (cmp1(p, p1 - p, item->name))
1846 void cpu_abort(CPUArchState *env, const char *fmt, ...)
1853 fprintf(stderr, "qemu: fatal: ");
1854 vfprintf(stderr, fmt, ap);
1855 fprintf(stderr, "\n");
1857 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1859 cpu_dump_state(env, stderr, fprintf, 0);
1861 if (qemu_log_enabled()) {
1862 qemu_log("qemu: fatal: ");
1863 qemu_log_vprintf(fmt, ap2);
1866 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1868 log_cpu_state(env, 0);
1875 #if defined(CONFIG_USER_ONLY)
1877 struct sigaction act;
1878 sigfillset(&act.sa_mask);
1879 act.sa_handler = SIG_DFL;
1880 sigaction(SIGABRT, &act, NULL);
1886 CPUArchState *cpu_copy(CPUArchState *env)
1888 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1889 CPUArchState *next_cpu = new_env->next_cpu;
1890 int cpu_index = new_env->cpu_index;
1891 #if defined(TARGET_HAS_ICE)
1896 memcpy(new_env, env, sizeof(CPUArchState));
1898 /* Preserve chaining and index. */
1899 new_env->next_cpu = next_cpu;
1900 new_env->cpu_index = cpu_index;
1902 /* Clone all break/watchpoints.
1903 Note: Once we support ptrace with hw-debug register access, make sure
1904 BP_CPU break/watchpoints are handled correctly on clone. */
1905 QTAILQ_INIT(&env->breakpoints);
1906 QTAILQ_INIT(&env->watchpoints);
1907 #if defined(TARGET_HAS_ICE)
1908 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1909 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1911 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1912 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1920 #if !defined(CONFIG_USER_ONLY)
1922 static inline void tlb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1926 /* Discard jump cache entries for any tb which might potentially
1927 overlap the flushed page. */
1928 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1929 memset (&env->tb_jmp_cache[i], 0,
1930 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1932 i = tb_jmp_cache_hash_page(addr);
1933 memset (&env->tb_jmp_cache[i], 0,
1934 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1937 static CPUTLBEntry s_cputlb_empty_entry = {
1945 * If flush_global is true (the usual case), flush all tlb entries.
1946 * If flush_global is false, flush (at least) all tlb entries not
1949 * Since QEMU doesn't currently implement a global/not-global flag
1950 * for tlb entries, at the moment tlb_flush() will also flush all
1951 * tlb entries in the flush_global == false case. This is OK because
1952 * CPU architectures generally permit an implementation to drop
1953 * entries from the TLB at any time, so flushing more entries than
1954 * required is only an efficiency issue, not a correctness issue.
1956 void tlb_flush(CPUArchState *env, int flush_global)
1960 #if defined(DEBUG_TLB)
1961 printf("tlb_flush:\n");
1963 /* must reset current TB so that interrupts cannot modify the
1964 links while we are modifying them */
1965 env->current_tb = NULL;
1967 for(i = 0; i < CPU_TLB_SIZE; i++) {
1969 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1970 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1974 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1976 env->tlb_flush_addr = -1;
1977 env->tlb_flush_mask = 0;
1981 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1983 if (addr == (tlb_entry->addr_read &
1984 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1985 addr == (tlb_entry->addr_write &
1986 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1987 addr == (tlb_entry->addr_code &
1988 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1989 *tlb_entry = s_cputlb_empty_entry;
1993 void tlb_flush_page(CPUArchState *env, target_ulong addr)
1998 #if defined(DEBUG_TLB)
1999 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
2001 /* Check if we need to flush due to large pages. */
2002 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
2003 #if defined(DEBUG_TLB)
2004 printf("tlb_flush_page: forced full flush ("
2005 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2006 env->tlb_flush_addr, env->tlb_flush_mask);
2011 /* must reset current TB so that interrupts cannot modify the
2012 links while we are modifying them */
2013 env->current_tb = NULL;
2015 addr &= TARGET_PAGE_MASK;
2016 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2017 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2018 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
2020 tlb_flush_jmp_cache(env, addr);
2023 /* update the TLBs so that writes to code in the virtual page 'addr'
2025 static void tlb_protect_code(ram_addr_t ram_addr)
2027 cpu_physical_memory_reset_dirty(ram_addr,
2028 ram_addr + TARGET_PAGE_SIZE,
2032 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2033 tested for self modifying code */
2034 static void tlb_unprotect_code_phys(CPUArchState *env, ram_addr_t ram_addr,
2037 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2040 static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe)
2042 return (tlbe->addr_write & (TLB_INVALID_MASK|TLB_MMIO|TLB_NOTDIRTY)) == 0;
2045 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2046 uintptr_t start, uintptr_t length)
2049 if (tlb_is_dirty_ram(tlb_entry)) {
2050 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2051 if ((addr - start) < length) {
2052 tlb_entry->addr_write |= TLB_NOTDIRTY;
2057 /* Note: start and end must be within the same ram block. */
2058 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2062 uintptr_t length, start1;
2065 start &= TARGET_PAGE_MASK;
2066 end = TARGET_PAGE_ALIGN(end);
2068 length = end - start;
2071 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2073 /* we modify the TLB cache so that the dirty bit will be set again
2074 when accessing the range */
2075 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
2076 /* Check that we don't span multiple blocks - this breaks the
2077 address comparisons below. */
2078 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
2079 != (end - 1) - start) {
2083 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2085 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2086 for(i = 0; i < CPU_TLB_SIZE; i++)
2087 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2093 int cpu_physical_memory_set_dirty_tracking(int enable)
2096 in_migration = enable;
2100 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2102 ram_addr_t ram_addr;
2105 if (tlb_is_dirty_ram(tlb_entry)) {
2106 p = (void *)(uintptr_t)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2107 + tlb_entry->addend);
2108 ram_addr = qemu_ram_addr_from_host_nofail(p);
2109 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2110 tlb_entry->addr_write |= TLB_NOTDIRTY;
2115 /* update the TLB according to the current state of the dirty bits */
2116 void cpu_tlb_update_dirty(CPUArchState *env)
2120 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2121 for(i = 0; i < CPU_TLB_SIZE; i++)
2122 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2126 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2128 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2129 tlb_entry->addr_write = vaddr;
2132 /* update the TLB corresponding to virtual page vaddr
2133 so that it is no longer dirty */
2134 static inline void tlb_set_dirty(CPUArchState *env, target_ulong vaddr)
2139 vaddr &= TARGET_PAGE_MASK;
2140 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2141 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2142 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2145 /* Our TLB does not support large pages, so remember the area covered by
2146 large pages and trigger a full TLB flush if these are invalidated. */
2147 static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr,
2150 target_ulong mask = ~(size - 1);
2152 if (env->tlb_flush_addr == (target_ulong)-1) {
2153 env->tlb_flush_addr = vaddr & mask;
2154 env->tlb_flush_mask = mask;
2157 /* Extend the existing region to include the new page.
2158 This is a compromise between unnecessary flushes and the cost
2159 of maintaining a full variable size TLB. */
2160 mask &= env->tlb_flush_mask;
2161 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2164 env->tlb_flush_addr &= mask;
2165 env->tlb_flush_mask = mask;
2168 static bool is_ram_rom(MemoryRegionSection *s)
2170 return memory_region_is_ram(s->mr);
2173 static bool is_romd(MemoryRegionSection *s)
2175 MemoryRegion *mr = s->mr;
2177 return mr->rom_device && mr->readable;
2180 static bool is_ram_rom_romd(MemoryRegionSection *s)
2182 return is_ram_rom(s) || is_romd(s);
2185 /* Add a new TLB entry. At most one entry for a given virtual address
2186 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2187 supplied size is only used by tlb_flush_page. */
2188 void tlb_set_page(CPUArchState *env, target_ulong vaddr,
2189 target_phys_addr_t paddr, int prot,
2190 int mmu_idx, target_ulong size)
2192 MemoryRegionSection *section;
2194 target_ulong address;
2195 target_ulong code_address;
2199 target_phys_addr_t iotlb;
2201 assert(size >= TARGET_PAGE_SIZE);
2202 if (size != TARGET_PAGE_SIZE) {
2203 tlb_add_large_page(env, vaddr, size);
2205 section = phys_page_find(paddr >> TARGET_PAGE_BITS);
2206 #if defined(DEBUG_TLB)
2207 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2208 " prot=%x idx=%d pd=0x%08lx\n",
2209 vaddr, paddr, prot, mmu_idx, pd);
2213 if (!is_ram_rom_romd(section)) {
2214 /* IO memory case (romd handled later) */
2215 address |= TLB_MMIO;
2217 if (is_ram_rom_romd(section)) {
2218 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr)
2219 + section_addr(section, paddr);
2223 if (is_ram_rom(section)) {
2225 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2226 + section_addr(section, paddr);
2227 if (!section->readonly)
2228 iotlb |= phys_section_notdirty;
2230 iotlb |= phys_section_rom;
2232 /* IO handlers are currently passed a physical address.
2233 It would be nice to pass an offset from the base address
2234 of that region. This would avoid having to special case RAM,
2235 and avoid full address decoding in every device.
2236 We can't use the high bits of pd for this because
2237 IO_MEM_ROMD uses these as a ram address. */
2238 iotlb = section - phys_sections;
2239 iotlb += section_addr(section, paddr);
2242 code_address = address;
2243 /* Make accesses to pages with watchpoints go via the
2244 watchpoint trap routines. */
2245 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2246 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2247 /* Avoid trapping reads of pages with a write breakpoint. */
2248 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2249 iotlb = phys_section_watch + paddr;
2250 address |= TLB_MMIO;
2256 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2257 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2258 te = &env->tlb_table[mmu_idx][index];
2259 te->addend = addend - vaddr;
2260 if (prot & PAGE_READ) {
2261 te->addr_read = address;
2266 if (prot & PAGE_EXEC) {
2267 te->addr_code = code_address;
2271 if (prot & PAGE_WRITE) {
2272 if ((memory_region_is_ram(section->mr) && section->readonly)
2273 || is_romd(section)) {
2274 /* Write access calls the I/O callback. */
2275 te->addr_write = address | TLB_MMIO;
2276 } else if (memory_region_is_ram(section->mr)
2277 && !cpu_physical_memory_is_dirty(
2278 section->mr->ram_addr
2279 + section_addr(section, paddr))) {
2280 te->addr_write = address | TLB_NOTDIRTY;
2282 te->addr_write = address;
2285 te->addr_write = -1;
2291 void tlb_flush(CPUArchState *env, int flush_global)
2295 void tlb_flush_page(CPUArchState *env, target_ulong addr)
2300 * Walks guest process memory "regions" one by one
2301 * and calls callback function 'fn' for each region.
2304 struct walk_memory_regions_data
2306 walk_memory_regions_fn fn;
2312 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2313 abi_ulong end, int new_prot)
2315 if (data->start != -1ul) {
2316 int rc = data->fn(data->priv, data->start, end, data->prot);
2322 data->start = (new_prot ? end : -1ul);
2323 data->prot = new_prot;
2328 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2329 abi_ulong base, int level, void **lp)
2335 return walk_memory_regions_end(data, base, 0);
2340 for (i = 0; i < L2_SIZE; ++i) {
2341 int prot = pd[i].flags;
2343 pa = base | (i << TARGET_PAGE_BITS);
2344 if (prot != data->prot) {
2345 rc = walk_memory_regions_end(data, pa, prot);
2353 for (i = 0; i < L2_SIZE; ++i) {
2354 pa = base | ((abi_ulong)i <<
2355 (TARGET_PAGE_BITS + L2_BITS * level));
2356 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2366 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2368 struct walk_memory_regions_data data;
2376 for (i = 0; i < V_L1_SIZE; i++) {
2377 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2378 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2384 return walk_memory_regions_end(&data, 0, 0);
2387 static int dump_region(void *priv, abi_ulong start,
2388 abi_ulong end, unsigned long prot)
2390 FILE *f = (FILE *)priv;
2392 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2393 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2394 start, end, end - start,
2395 ((prot & PAGE_READ) ? 'r' : '-'),
2396 ((prot & PAGE_WRITE) ? 'w' : '-'),
2397 ((prot & PAGE_EXEC) ? 'x' : '-'));
2402 /* dump memory mappings */
2403 void page_dump(FILE *f)
2405 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2406 "start", "end", "size", "prot");
2407 walk_memory_regions(f, dump_region);
2410 int page_get_flags(target_ulong address)
2414 p = page_find(address >> TARGET_PAGE_BITS);
2420 /* Modify the flags of a page and invalidate the code if necessary.
2421 The flag PAGE_WRITE_ORG is positioned automatically depending
2422 on PAGE_WRITE. The mmap_lock should already be held. */
2423 void page_set_flags(target_ulong start, target_ulong end, int flags)
2425 target_ulong addr, len;
2427 /* This function should never be called with addresses outside the
2428 guest address space. If this assert fires, it probably indicates
2429 a missing call to h2g_valid. */
2430 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2431 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2433 assert(start < end);
2435 start = start & TARGET_PAGE_MASK;
2436 end = TARGET_PAGE_ALIGN(end);
2438 if (flags & PAGE_WRITE) {
2439 flags |= PAGE_WRITE_ORG;
2442 for (addr = start, len = end - start;
2444 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2445 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2447 /* If the write protection bit is set, then we invalidate
2449 if (!(p->flags & PAGE_WRITE) &&
2450 (flags & PAGE_WRITE) &&
2452 tb_invalidate_phys_page(addr, 0, NULL);
2458 int page_check_range(target_ulong start, target_ulong len, int flags)
2464 /* This function should never be called with addresses outside the
2465 guest address space. If this assert fires, it probably indicates
2466 a missing call to h2g_valid. */
2467 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2468 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2474 if (start + len - 1 < start) {
2475 /* We've wrapped around. */
2479 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2480 start = start & TARGET_PAGE_MASK;
2482 for (addr = start, len = end - start;
2484 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2485 p = page_find(addr >> TARGET_PAGE_BITS);
2488 if( !(p->flags & PAGE_VALID) )
2491 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2493 if (flags & PAGE_WRITE) {
2494 if (!(p->flags & PAGE_WRITE_ORG))
2496 /* unprotect the page if it was put read-only because it
2497 contains translated code */
2498 if (!(p->flags & PAGE_WRITE)) {
2499 if (!page_unprotect(addr, 0, NULL))
2508 /* called from signal handler: invalidate the code and unprotect the
2509 page. Return TRUE if the fault was successfully handled. */
2510 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
2514 target_ulong host_start, host_end, addr;
2516 /* Technically this isn't safe inside a signal handler. However we
2517 know this only ever happens in a synchronous SEGV handler, so in
2518 practice it seems to be ok. */
2521 p = page_find(address >> TARGET_PAGE_BITS);
2527 /* if the page was really writable, then we change its
2528 protection back to writable */
2529 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2530 host_start = address & qemu_host_page_mask;
2531 host_end = host_start + qemu_host_page_size;
2534 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2535 p = page_find(addr >> TARGET_PAGE_BITS);
2536 p->flags |= PAGE_WRITE;
2539 /* and since the content will be modified, we must invalidate
2540 the corresponding translated code. */
2541 tb_invalidate_phys_page(addr, pc, puc);
2542 #ifdef DEBUG_TB_CHECK
2543 tb_invalidate_check(addr);
2546 mprotect((void *)g2h(host_start), qemu_host_page_size,
2556 static inline void tlb_set_dirty(CPUArchState *env,
2557 uintptr_t addr, target_ulong vaddr)
2560 #endif /* defined(CONFIG_USER_ONLY) */
2562 #if !defined(CONFIG_USER_ONLY)
2564 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2565 typedef struct subpage_t {
2567 target_phys_addr_t base;
2568 uint16_t sub_section[TARGET_PAGE_SIZE];
2571 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2573 static subpage_t *subpage_init(target_phys_addr_t base);
2574 static void destroy_page_desc(uint16_t section_index)
2576 MemoryRegionSection *section = &phys_sections[section_index];
2577 MemoryRegion *mr = section->mr;
2580 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2581 memory_region_destroy(&subpage->iomem);
2586 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
2591 if (lp->ptr == PHYS_MAP_NODE_NIL) {
2595 p = phys_map_nodes[lp->ptr];
2596 for (i = 0; i < L2_SIZE; ++i) {
2597 if (!p[i].is_leaf) {
2598 destroy_l2_mapping(&p[i], level - 1);
2600 destroy_page_desc(p[i].ptr);
2604 lp->ptr = PHYS_MAP_NODE_NIL;
2607 static void destroy_all_mappings(void)
2609 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
2610 phys_map_nodes_reset();
2613 static uint16_t phys_section_add(MemoryRegionSection *section)
2615 if (phys_sections_nb == phys_sections_nb_alloc) {
2616 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2617 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2618 phys_sections_nb_alloc);
2620 phys_sections[phys_sections_nb] = *section;
2621 return phys_sections_nb++;
2624 static void phys_sections_clear(void)
2626 phys_sections_nb = 0;
2629 /* register physical memory.
2630 For RAM, 'size' must be a multiple of the target page size.
2631 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2632 io memory page. The address used when calling the IO function is
2633 the offset from the start of the region, plus region_offset. Both
2634 start_addr and region_offset are rounded down to a page boundary
2635 before calculating this offset. This should not be a problem unless
2636 the low bits of start_addr and region_offset differ. */
2637 static void register_subpage(MemoryRegionSection *section)
2640 target_phys_addr_t base = section->offset_within_address_space
2642 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
2643 MemoryRegionSection subsection = {
2644 .offset_within_address_space = base,
2645 .size = TARGET_PAGE_SIZE,
2647 target_phys_addr_t start, end;
2649 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
2651 if (!(existing->mr->subpage)) {
2652 subpage = subpage_init(base);
2653 subsection.mr = &subpage->iomem;
2654 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2655 phys_section_add(&subsection));
2657 subpage = container_of(existing->mr, subpage_t, iomem);
2659 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2660 end = start + section->size;
2661 subpage_register(subpage, start, end, phys_section_add(section));
2665 static void register_multipage(MemoryRegionSection *section)
2667 target_phys_addr_t start_addr = section->offset_within_address_space;
2668 ram_addr_t size = section->size;
2669 target_phys_addr_t addr;
2670 uint16_t section_index = phys_section_add(section);
2675 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2679 void cpu_register_physical_memory_log(MemoryRegionSection *section,
2682 MemoryRegionSection now = *section, remain = *section;
2684 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2685 || (now.size < TARGET_PAGE_SIZE)) {
2686 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2687 - now.offset_within_address_space,
2689 register_subpage(&now);
2690 remain.size -= now.size;
2691 remain.offset_within_address_space += now.size;
2692 remain.offset_within_region += now.size;
2695 now.size &= TARGET_PAGE_MASK;
2697 register_multipage(&now);
2698 remain.size -= now.size;
2699 remain.offset_within_address_space += now.size;
2700 remain.offset_within_region += now.size;
2704 register_subpage(&now);
2709 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2712 kvm_coalesce_mmio_region(addr, size);
2715 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2718 kvm_uncoalesce_mmio_region(addr, size);
2721 void qemu_flush_coalesced_mmio_buffer(void)
2724 kvm_flush_coalesced_mmio_buffer();
2727 #if defined(__linux__) && !defined(TARGET_S390X)
2729 #include <sys/vfs.h>
2731 #define HUGETLBFS_MAGIC 0x958458f6
2733 static long gethugepagesize(const char *path)
2739 ret = statfs(path, &fs);
2740 } while (ret != 0 && errno == EINTR);
2747 if (fs.f_type != HUGETLBFS_MAGIC)
2748 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2753 static void *file_ram_alloc(RAMBlock *block,
2763 unsigned long hpagesize;
2765 hpagesize = gethugepagesize(path);
2770 if (memory < hpagesize) {
2774 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2775 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2779 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2783 fd = mkstemp(filename);
2785 perror("unable to create backing store for hugepages");
2792 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2795 * ftruncate is not supported by hugetlbfs in older
2796 * hosts, so don't bother bailing out on errors.
2797 * If anything goes wrong with it under other filesystems,
2800 if (ftruncate(fd, memory))
2801 perror("ftruncate");
2804 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2805 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2806 * to sidestep this quirk.
2808 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2809 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2811 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2813 if (area == MAP_FAILED) {
2814 perror("file_ram_alloc: can't mmap RAM pages");
2823 static ram_addr_t find_ram_offset(ram_addr_t size)
2825 RAMBlock *block, *next_block;
2826 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2828 if (QLIST_EMPTY(&ram_list.blocks))
2831 QLIST_FOREACH(block, &ram_list.blocks, next) {
2832 ram_addr_t end, next = RAM_ADDR_MAX;
2834 end = block->offset + block->length;
2836 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2837 if (next_block->offset >= end) {
2838 next = MIN(next, next_block->offset);
2841 if (next - end >= size && next - end < mingap) {
2843 mingap = next - end;
2847 if (offset == RAM_ADDR_MAX) {
2848 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2856 static ram_addr_t last_ram_offset(void)
2859 ram_addr_t last = 0;
2861 QLIST_FOREACH(block, &ram_list.blocks, next)
2862 last = MAX(last, block->offset + block->length);
2867 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
2869 RAMBlock *new_block, *block;
2872 QLIST_FOREACH(block, &ram_list.blocks, next) {
2873 if (block->offset == addr) {
2879 assert(!new_block->idstr[0]);
2881 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2882 char *id = dev->parent_bus->info->get_dev_path(dev);
2884 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2888 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2890 QLIST_FOREACH(block, &ram_list.blocks, next) {
2891 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
2892 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2899 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2902 RAMBlock *new_block;
2904 size = TARGET_PAGE_ALIGN(size);
2905 new_block = g_malloc0(sizeof(*new_block));
2908 new_block->offset = find_ram_offset(size);
2910 new_block->host = host;
2911 new_block->flags |= RAM_PREALLOC_MASK;
2914 #if defined (__linux__) && !defined(TARGET_S390X)
2915 new_block->host = file_ram_alloc(new_block, size, mem_path);
2916 if (!new_block->host) {
2917 new_block->host = qemu_vmalloc(size);
2918 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2921 fprintf(stderr, "-mem-path option unsupported\n");
2925 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2926 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2927 an system defined value, which is at least 256GB. Larger systems
2928 have larger values. We put the guest between the end of data
2929 segment (system break) and this value. We use 32GB as a base to
2930 have enough room for the system break to grow. */
2931 new_block->host = mmap((void*)0x800000000, size,
2932 PROT_EXEC|PROT_READ|PROT_WRITE,
2933 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
2934 if (new_block->host == MAP_FAILED) {
2935 fprintf(stderr, "Allocating RAM failed\n");
2939 if (xen_enabled()) {
2940 xen_ram_alloc(new_block->offset, size, mr);
2942 new_block->host = qemu_vmalloc(size);
2945 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2948 new_block->length = size;
2950 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2952 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2953 last_ram_offset() >> TARGET_PAGE_BITS);
2954 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2955 0xff, size >> TARGET_PAGE_BITS);
2958 kvm_setup_guest_memory(new_block->host, size);
2960 return new_block->offset;
2963 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
2965 return qemu_ram_alloc_from_ptr(size, NULL, mr);
2968 void qemu_ram_free_from_ptr(ram_addr_t addr)
2972 QLIST_FOREACH(block, &ram_list.blocks, next) {
2973 if (addr == block->offset) {
2974 QLIST_REMOVE(block, next);
2981 void qemu_ram_free(ram_addr_t addr)
2985 QLIST_FOREACH(block, &ram_list.blocks, next) {
2986 if (addr == block->offset) {
2987 QLIST_REMOVE(block, next);
2988 if (block->flags & RAM_PREALLOC_MASK) {
2990 } else if (mem_path) {
2991 #if defined (__linux__) && !defined(TARGET_S390X)
2993 munmap(block->host, block->length);
2996 qemu_vfree(block->host);
3002 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
3003 munmap(block->host, block->length);
3005 if (xen_enabled()) {
3006 xen_invalidate_map_cache_entry(block->host);
3008 qemu_vfree(block->host);
3020 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3027 QLIST_FOREACH(block, &ram_list.blocks, next) {
3028 offset = addr - block->offset;
3029 if (offset < block->length) {
3030 vaddr = block->host + offset;
3031 if (block->flags & RAM_PREALLOC_MASK) {
3035 munmap(vaddr, length);
3037 #if defined(__linux__) && !defined(TARGET_S390X)
3040 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3043 flags |= MAP_PRIVATE;
3045 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3046 flags, block->fd, offset);
3048 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3049 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3056 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
3057 flags |= MAP_SHARED | MAP_ANONYMOUS;
3058 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3061 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3062 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3066 if (area != vaddr) {
3067 fprintf(stderr, "Could not remap addr: "
3068 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
3072 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3078 #endif /* !_WIN32 */
3080 /* Return a host pointer to ram allocated with qemu_ram_alloc.
3081 With the exception of the softmmu code in this file, this should
3082 only be used for local memory (e.g. video ram) that the device owns,
3083 and knows it isn't going to access beyond the end of the block.
3085 It should not be used for general purpose DMA.
3086 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3088 void *qemu_get_ram_ptr(ram_addr_t addr)
3092 QLIST_FOREACH(block, &ram_list.blocks, next) {
3093 if (addr - block->offset < block->length) {
3094 /* Move this entry to to start of the list. */
3095 if (block != QLIST_FIRST(&ram_list.blocks)) {
3096 QLIST_REMOVE(block, next);
3097 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3099 if (xen_enabled()) {
3100 /* We need to check if the requested address is in the RAM
3101 * because we don't want to map the entire memory in QEMU.
3102 * In that case just map until the end of the page.
3104 if (block->offset == 0) {
3105 return xen_map_cache(addr, 0, 0);
3106 } else if (block->host == NULL) {
3108 xen_map_cache(block->offset, block->length, 1);
3111 return block->host + (addr - block->offset);
3115 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3121 /* Return a host pointer to ram allocated with qemu_ram_alloc.
3122 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3124 void *qemu_safe_ram_ptr(ram_addr_t addr)
3128 QLIST_FOREACH(block, &ram_list.blocks, next) {
3129 if (addr - block->offset < block->length) {
3130 if (xen_enabled()) {
3131 /* We need to check if the requested address is in the RAM
3132 * because we don't want to map the entire memory in QEMU.
3133 * In that case just map until the end of the page.
3135 if (block->offset == 0) {
3136 return xen_map_cache(addr, 0, 0);
3137 } else if (block->host == NULL) {
3139 xen_map_cache(block->offset, block->length, 1);
3142 return block->host + (addr - block->offset);
3146 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3152 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3153 * but takes a size argument */
3154 void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
3159 if (xen_enabled()) {
3160 return xen_map_cache(addr, *size, 1);
3164 QLIST_FOREACH(block, &ram_list.blocks, next) {
3165 if (addr - block->offset < block->length) {
3166 if (addr - block->offset + *size > block->length)
3167 *size = block->length - addr + block->offset;
3168 return block->host + (addr - block->offset);
3172 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3177 void qemu_put_ram_ptr(void *addr)
3179 trace_qemu_put_ram_ptr(addr);
3182 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
3185 uint8_t *host = ptr;
3187 if (xen_enabled()) {
3188 *ram_addr = xen_ram_addr_from_mapcache(ptr);
3192 QLIST_FOREACH(block, &ram_list.blocks, next) {
3193 /* This case append when the block is not mapped. */
3194 if (block->host == NULL) {
3197 if (host - block->host < block->length) {
3198 *ram_addr = block->offset + (host - block->host);
3206 /* Some of the softmmu routines need to translate from a host pointer
3207 (typically a TLB entry) back to a ram offset. */
3208 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3210 ram_addr_t ram_addr;
3212 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3213 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3219 static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3222 #ifdef DEBUG_UNASSIGNED
3223 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3225 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3226 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
3231 static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3232 uint64_t val, unsigned size)
3234 #ifdef DEBUG_UNASSIGNED
3235 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
3237 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3238 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
3242 static const MemoryRegionOps unassigned_mem_ops = {
3243 .read = unassigned_mem_read,
3244 .write = unassigned_mem_write,
3245 .endianness = DEVICE_NATIVE_ENDIAN,
3248 static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3254 static void error_mem_write(void *opaque, target_phys_addr_t addr,
3255 uint64_t value, unsigned size)
3260 static const MemoryRegionOps error_mem_ops = {
3261 .read = error_mem_read,
3262 .write = error_mem_write,
3263 .endianness = DEVICE_NATIVE_ENDIAN,
3266 static const MemoryRegionOps rom_mem_ops = {
3267 .read = error_mem_read,
3268 .write = unassigned_mem_write,
3269 .endianness = DEVICE_NATIVE_ENDIAN,
3272 static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3273 uint64_t val, unsigned size)
3276 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3277 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3278 #if !defined(CONFIG_USER_ONLY)
3279 tb_invalidate_phys_page_fast(ram_addr, size);
3280 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3285 stb_p(qemu_get_ram_ptr(ram_addr), val);
3288 stw_p(qemu_get_ram_ptr(ram_addr), val);
3291 stl_p(qemu_get_ram_ptr(ram_addr), val);
3296 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3297 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3298 /* we remove the notdirty callback only if the code has been
3300 if (dirty_flags == 0xff)
3301 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3304 static const MemoryRegionOps notdirty_mem_ops = {
3305 .read = error_mem_read,
3306 .write = notdirty_mem_write,
3307 .endianness = DEVICE_NATIVE_ENDIAN,
3310 /* Generate a debug exception if a watchpoint has been hit. */
3311 static void check_watchpoint(int offset, int len_mask, int flags)
3313 CPUArchState *env = cpu_single_env;
3314 target_ulong pc, cs_base;
3315 TranslationBlock *tb;
3320 if (env->watchpoint_hit) {
3321 /* We re-entered the check after replacing the TB. Now raise
3322 * the debug interrupt so that is will trigger after the
3323 * current instruction. */
3324 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3327 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3328 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3329 if ((vaddr == (wp->vaddr & len_mask) ||
3330 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3331 wp->flags |= BP_WATCHPOINT_HIT;
3332 if (!env->watchpoint_hit) {
3333 env->watchpoint_hit = wp;
3334 tb = tb_find_pc(env->mem_io_pc);
3336 cpu_abort(env, "check_watchpoint: could not find TB for "
3337 "pc=%p", (void *)env->mem_io_pc);
3339 cpu_restore_state(tb, env, env->mem_io_pc);
3340 tb_phys_invalidate(tb, -1);
3341 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3342 env->exception_index = EXCP_DEBUG;
3345 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3346 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3347 cpu_resume_from_signal(env, NULL);
3351 wp->flags &= ~BP_WATCHPOINT_HIT;
3356 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3357 so these check for a hit then pass through to the normal out-of-line
3359 static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3362 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3364 case 1: return ldub_phys(addr);
3365 case 2: return lduw_phys(addr);
3366 case 4: return ldl_phys(addr);
3371 static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3372 uint64_t val, unsigned size)
3374 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3377 stb_phys(addr, val);
3380 stw_phys(addr, val);
3383 stl_phys(addr, val);
3389 static const MemoryRegionOps watch_mem_ops = {
3390 .read = watch_mem_read,
3391 .write = watch_mem_write,
3392 .endianness = DEVICE_NATIVE_ENDIAN,
3395 static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3398 subpage_t *mmio = opaque;
3399 unsigned int idx = SUBPAGE_IDX(addr);
3400 MemoryRegionSection *section;
3401 #if defined(DEBUG_SUBPAGE)
3402 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3403 mmio, len, addr, idx);
3406 section = &phys_sections[mmio->sub_section[idx]];
3408 addr -= section->offset_within_address_space;
3409 addr += section->offset_within_region;
3410 return io_mem_read(section->mr, addr, len);
3413 static void subpage_write(void *opaque, target_phys_addr_t addr,
3414 uint64_t value, unsigned len)
3416 subpage_t *mmio = opaque;
3417 unsigned int idx = SUBPAGE_IDX(addr);
3418 MemoryRegionSection *section;
3419 #if defined(DEBUG_SUBPAGE)
3420 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3421 " idx %d value %"PRIx64"\n",
3422 __func__, mmio, len, addr, idx, value);
3425 section = &phys_sections[mmio->sub_section[idx]];
3427 addr -= section->offset_within_address_space;
3428 addr += section->offset_within_region;
3429 io_mem_write(section->mr, addr, value, len);
3432 static const MemoryRegionOps subpage_ops = {
3433 .read = subpage_read,
3434 .write = subpage_write,
3435 .endianness = DEVICE_NATIVE_ENDIAN,
3438 static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3441 ram_addr_t raddr = addr;
3442 void *ptr = qemu_get_ram_ptr(raddr);
3444 case 1: return ldub_p(ptr);
3445 case 2: return lduw_p(ptr);
3446 case 4: return ldl_p(ptr);
3451 static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3452 uint64_t value, unsigned size)
3454 ram_addr_t raddr = addr;
3455 void *ptr = qemu_get_ram_ptr(raddr);
3457 case 1: return stb_p(ptr, value);
3458 case 2: return stw_p(ptr, value);
3459 case 4: return stl_p(ptr, value);
3464 static const MemoryRegionOps subpage_ram_ops = {
3465 .read = subpage_ram_read,
3466 .write = subpage_ram_write,
3467 .endianness = DEVICE_NATIVE_ENDIAN,
3470 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3475 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3477 idx = SUBPAGE_IDX(start);
3478 eidx = SUBPAGE_IDX(end);
3479 #if defined(DEBUG_SUBPAGE)
3480 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3481 mmio, start, end, idx, eidx, memory);
3483 if (memory_region_is_ram(phys_sections[section].mr)) {
3484 MemoryRegionSection new_section = phys_sections[section];
3485 new_section.mr = &io_mem_subpage_ram;
3486 section = phys_section_add(&new_section);
3488 for (; idx <= eidx; idx++) {
3489 mmio->sub_section[idx] = section;
3495 static subpage_t *subpage_init(target_phys_addr_t base)
3499 mmio = g_malloc0(sizeof(subpage_t));
3502 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3503 "subpage", TARGET_PAGE_SIZE);
3504 mmio->iomem.subpage = true;
3505 #if defined(DEBUG_SUBPAGE)
3506 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3507 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3509 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
3514 static uint16_t dummy_section(MemoryRegion *mr)
3516 MemoryRegionSection section = {
3518 .offset_within_address_space = 0,
3519 .offset_within_region = 0,
3523 return phys_section_add(§ion);
3526 MemoryRegion *iotlb_to_region(target_phys_addr_t index)
3528 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
3531 static void io_mem_init(void)
3533 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3534 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3535 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3536 "unassigned", UINT64_MAX);
3537 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
3538 "notdirty", UINT64_MAX);
3539 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3540 "subpage-ram", UINT64_MAX);
3541 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3542 "watch", UINT64_MAX);
3545 static void core_begin(MemoryListener *listener)
3547 destroy_all_mappings();
3548 phys_sections_clear();
3549 phys_map.ptr = PHYS_MAP_NODE_NIL;
3550 phys_section_unassigned = dummy_section(&io_mem_unassigned);
3551 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3552 phys_section_rom = dummy_section(&io_mem_rom);
3553 phys_section_watch = dummy_section(&io_mem_watch);
3556 static void core_commit(MemoryListener *listener)
3560 /* since each CPU stores ram addresses in its TLB cache, we must
3561 reset the modified entries */
3563 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3568 static void core_region_add(MemoryListener *listener,
3569 MemoryRegionSection *section)
3571 cpu_register_physical_memory_log(section, section->readonly);
3574 static void core_region_del(MemoryListener *listener,
3575 MemoryRegionSection *section)
3579 static void core_region_nop(MemoryListener *listener,
3580 MemoryRegionSection *section)
3582 cpu_register_physical_memory_log(section, section->readonly);
3585 static void core_log_start(MemoryListener *listener,
3586 MemoryRegionSection *section)
3590 static void core_log_stop(MemoryListener *listener,
3591 MemoryRegionSection *section)
3595 static void core_log_sync(MemoryListener *listener,
3596 MemoryRegionSection *section)
3600 static void core_log_global_start(MemoryListener *listener)
3602 cpu_physical_memory_set_dirty_tracking(1);
3605 static void core_log_global_stop(MemoryListener *listener)
3607 cpu_physical_memory_set_dirty_tracking(0);
3610 static void core_eventfd_add(MemoryListener *listener,
3611 MemoryRegionSection *section,
3612 bool match_data, uint64_t data, int fd)
3616 static void core_eventfd_del(MemoryListener *listener,
3617 MemoryRegionSection *section,
3618 bool match_data, uint64_t data, int fd)
3622 static void io_begin(MemoryListener *listener)
3626 static void io_commit(MemoryListener *listener)
3630 static void io_region_add(MemoryListener *listener,
3631 MemoryRegionSection *section)
3633 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3635 mrio->mr = section->mr;
3636 mrio->offset = section->offset_within_region;
3637 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
3638 section->offset_within_address_space, section->size);
3639 ioport_register(&mrio->iorange);
3642 static void io_region_del(MemoryListener *listener,
3643 MemoryRegionSection *section)
3645 isa_unassign_ioport(section->offset_within_address_space, section->size);
3648 static void io_region_nop(MemoryListener *listener,
3649 MemoryRegionSection *section)
3653 static void io_log_start(MemoryListener *listener,
3654 MemoryRegionSection *section)
3658 static void io_log_stop(MemoryListener *listener,
3659 MemoryRegionSection *section)
3663 static void io_log_sync(MemoryListener *listener,
3664 MemoryRegionSection *section)
3668 static void io_log_global_start(MemoryListener *listener)
3672 static void io_log_global_stop(MemoryListener *listener)
3676 static void io_eventfd_add(MemoryListener *listener,
3677 MemoryRegionSection *section,
3678 bool match_data, uint64_t data, int fd)
3682 static void io_eventfd_del(MemoryListener *listener,
3683 MemoryRegionSection *section,
3684 bool match_data, uint64_t data, int fd)
3688 static MemoryListener core_memory_listener = {
3689 .begin = core_begin,
3690 .commit = core_commit,
3691 .region_add = core_region_add,
3692 .region_del = core_region_del,
3693 .region_nop = core_region_nop,
3694 .log_start = core_log_start,
3695 .log_stop = core_log_stop,
3696 .log_sync = core_log_sync,
3697 .log_global_start = core_log_global_start,
3698 .log_global_stop = core_log_global_stop,
3699 .eventfd_add = core_eventfd_add,
3700 .eventfd_del = core_eventfd_del,
3704 static MemoryListener io_memory_listener = {
3706 .commit = io_commit,
3707 .region_add = io_region_add,
3708 .region_del = io_region_del,
3709 .region_nop = io_region_nop,
3710 .log_start = io_log_start,
3711 .log_stop = io_log_stop,
3712 .log_sync = io_log_sync,
3713 .log_global_start = io_log_global_start,
3714 .log_global_stop = io_log_global_stop,
3715 .eventfd_add = io_eventfd_add,
3716 .eventfd_del = io_eventfd_del,
3720 static void memory_map_init(void)
3722 system_memory = g_malloc(sizeof(*system_memory));
3723 memory_region_init(system_memory, "system", INT64_MAX);
3724 set_system_memory_map(system_memory);
3726 system_io = g_malloc(sizeof(*system_io));
3727 memory_region_init(system_io, "io", 65536);
3728 set_system_io_map(system_io);
3730 memory_listener_register(&core_memory_listener, system_memory);
3731 memory_listener_register(&io_memory_listener, system_io);
3734 MemoryRegion *get_system_memory(void)
3736 return system_memory;
3739 MemoryRegion *get_system_io(void)
3744 #endif /* !defined(CONFIG_USER_ONLY) */
3746 /* physical memory access (slow version, mainly for debug) */
3747 #if defined(CONFIG_USER_ONLY)
3748 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
3749 uint8_t *buf, int len, int is_write)
3756 page = addr & TARGET_PAGE_MASK;
3757 l = (page + TARGET_PAGE_SIZE) - addr;
3760 flags = page_get_flags(page);
3761 if (!(flags & PAGE_VALID))
3764 if (!(flags & PAGE_WRITE))
3766 /* XXX: this code should not depend on lock_user */
3767 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3770 unlock_user(p, addr, l);
3772 if (!(flags & PAGE_READ))
3774 /* XXX: this code should not depend on lock_user */
3775 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3778 unlock_user(p, addr, 0);
3788 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3789 int len, int is_write)
3794 target_phys_addr_t page;
3795 MemoryRegionSection *section;
3798 page = addr & TARGET_PAGE_MASK;
3799 l = (page + TARGET_PAGE_SIZE) - addr;
3802 section = phys_page_find(page >> TARGET_PAGE_BITS);
3805 if (!memory_region_is_ram(section->mr)) {
3806 target_phys_addr_t addr1;
3807 addr1 = section_addr(section, addr);
3808 /* XXX: could force cpu_single_env to NULL to avoid
3810 if (l >= 4 && ((addr1 & 3) == 0)) {
3811 /* 32 bit write access */
3813 io_mem_write(section->mr, addr1, val, 4);
3815 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3816 /* 16 bit write access */
3818 io_mem_write(section->mr, addr1, val, 2);
3821 /* 8 bit write access */
3823 io_mem_write(section->mr, addr1, val, 1);
3826 } else if (!section->readonly) {
3828 addr1 = memory_region_get_ram_addr(section->mr)
3829 + section_addr(section, addr);
3831 ptr = qemu_get_ram_ptr(addr1);
3832 memcpy(ptr, buf, l);
3833 if (!cpu_physical_memory_is_dirty(addr1)) {
3834 /* invalidate code */
3835 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3837 cpu_physical_memory_set_dirty_flags(
3838 addr1, (0xff & ~CODE_DIRTY_FLAG));
3840 qemu_put_ram_ptr(ptr);
3843 if (!is_ram_rom_romd(section)) {
3844 target_phys_addr_t addr1;
3846 addr1 = section_addr(section, addr);
3847 if (l >= 4 && ((addr1 & 3) == 0)) {
3848 /* 32 bit read access */
3849 val = io_mem_read(section->mr, addr1, 4);
3852 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3853 /* 16 bit read access */
3854 val = io_mem_read(section->mr, addr1, 2);
3858 /* 8 bit read access */
3859 val = io_mem_read(section->mr, addr1, 1);
3865 ptr = qemu_get_ram_ptr(section->mr->ram_addr
3866 + section_addr(section, addr));
3867 memcpy(buf, ptr, l);
3868 qemu_put_ram_ptr(ptr);
3877 /* used for ROM loading : can write in RAM and ROM */
3878 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3879 const uint8_t *buf, int len)
3883 target_phys_addr_t page;
3884 MemoryRegionSection *section;
3887 page = addr & TARGET_PAGE_MASK;
3888 l = (page + TARGET_PAGE_SIZE) - addr;
3891 section = phys_page_find(page >> TARGET_PAGE_BITS);
3893 if (!is_ram_rom_romd(section)) {
3896 unsigned long addr1;
3897 addr1 = memory_region_get_ram_addr(section->mr)
3898 + section_addr(section, addr);
3900 ptr = qemu_get_ram_ptr(addr1);
3901 memcpy(ptr, buf, l);
3902 qemu_put_ram_ptr(ptr);
3912 target_phys_addr_t addr;
3913 target_phys_addr_t len;
3916 static BounceBuffer bounce;
3918 typedef struct MapClient {
3920 void (*callback)(void *opaque);
3921 QLIST_ENTRY(MapClient) link;
3924 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3925 = QLIST_HEAD_INITIALIZER(map_client_list);
3927 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3929 MapClient *client = g_malloc(sizeof(*client));
3931 client->opaque = opaque;
3932 client->callback = callback;
3933 QLIST_INSERT_HEAD(&map_client_list, client, link);
3937 void cpu_unregister_map_client(void *_client)
3939 MapClient *client = (MapClient *)_client;
3941 QLIST_REMOVE(client, link);
3945 static void cpu_notify_map_clients(void)
3949 while (!QLIST_EMPTY(&map_client_list)) {
3950 client = QLIST_FIRST(&map_client_list);
3951 client->callback(client->opaque);
3952 cpu_unregister_map_client(client);
3956 /* Map a physical memory region into a host virtual address.
3957 * May map a subset of the requested range, given by and returned in *plen.
3958 * May return NULL if resources needed to perform the mapping are exhausted.
3959 * Use only for reads OR writes - not for read-modify-write operations.
3960 * Use cpu_register_map_client() to know when retrying the map operation is
3961 * likely to succeed.
3963 void *cpu_physical_memory_map(target_phys_addr_t addr,
3964 target_phys_addr_t *plen,
3967 target_phys_addr_t len = *plen;
3968 target_phys_addr_t todo = 0;
3970 target_phys_addr_t page;
3971 MemoryRegionSection *section;
3972 ram_addr_t raddr = RAM_ADDR_MAX;
3977 page = addr & TARGET_PAGE_MASK;
3978 l = (page + TARGET_PAGE_SIZE) - addr;
3981 section = phys_page_find(page >> TARGET_PAGE_BITS);
3983 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
3984 if (todo || bounce.buffer) {
3987 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3991 cpu_physical_memory_read(addr, bounce.buffer, l);
3995 return bounce.buffer;
3998 raddr = memory_region_get_ram_addr(section->mr)
3999 + section_addr(section, addr);
4007 ret = qemu_ram_ptr_length(raddr, &rlen);
4012 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4013 * Will also mark the memory as dirty if is_write == 1. access_len gives
4014 * the amount of memory that was actually read or written by the caller.
4016 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4017 int is_write, target_phys_addr_t access_len)
4019 if (buffer != bounce.buffer) {
4021 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
4022 while (access_len) {
4024 l = TARGET_PAGE_SIZE;
4027 if (!cpu_physical_memory_is_dirty(addr1)) {
4028 /* invalidate code */
4029 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4031 cpu_physical_memory_set_dirty_flags(
4032 addr1, (0xff & ~CODE_DIRTY_FLAG));
4038 if (xen_enabled()) {
4039 xen_invalidate_map_cache_entry(buffer);
4044 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4046 qemu_vfree(bounce.buffer);
4047 bounce.buffer = NULL;
4048 cpu_notify_map_clients();
4051 /* warning: addr must be aligned */
4052 static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4053 enum device_endian endian)
4057 MemoryRegionSection *section;
4059 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4061 if (!is_ram_rom_romd(section)) {
4063 addr = section_addr(section, addr);
4064 val = io_mem_read(section->mr, addr, 4);
4065 #if defined(TARGET_WORDS_BIGENDIAN)
4066 if (endian == DEVICE_LITTLE_ENDIAN) {
4070 if (endian == DEVICE_BIG_ENDIAN) {
4076 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4078 + section_addr(section, addr));
4080 case DEVICE_LITTLE_ENDIAN:
4081 val = ldl_le_p(ptr);
4083 case DEVICE_BIG_ENDIAN:
4084 val = ldl_be_p(ptr);
4094 uint32_t ldl_phys(target_phys_addr_t addr)
4096 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4099 uint32_t ldl_le_phys(target_phys_addr_t addr)
4101 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4104 uint32_t ldl_be_phys(target_phys_addr_t addr)
4106 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4109 /* warning: addr must be aligned */
4110 static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4111 enum device_endian endian)
4115 MemoryRegionSection *section;
4117 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4119 if (!is_ram_rom_romd(section)) {
4121 addr = section_addr(section, addr);
4123 /* XXX This is broken when device endian != cpu endian.
4124 Fix and add "endian" variable check */
4125 #ifdef TARGET_WORDS_BIGENDIAN
4126 val = io_mem_read(section->mr, addr, 4) << 32;
4127 val |= io_mem_read(section->mr, addr + 4, 4);
4129 val = io_mem_read(section->mr, addr, 4);
4130 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
4134 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4136 + section_addr(section, addr));
4138 case DEVICE_LITTLE_ENDIAN:
4139 val = ldq_le_p(ptr);
4141 case DEVICE_BIG_ENDIAN:
4142 val = ldq_be_p(ptr);
4152 uint64_t ldq_phys(target_phys_addr_t addr)
4154 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4157 uint64_t ldq_le_phys(target_phys_addr_t addr)
4159 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4162 uint64_t ldq_be_phys(target_phys_addr_t addr)
4164 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4168 uint32_t ldub_phys(target_phys_addr_t addr)
4171 cpu_physical_memory_read(addr, &val, 1);
4175 /* warning: addr must be aligned */
4176 static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4177 enum device_endian endian)
4181 MemoryRegionSection *section;
4183 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4185 if (!is_ram_rom_romd(section)) {
4187 addr = section_addr(section, addr);
4188 val = io_mem_read(section->mr, addr, 2);
4189 #if defined(TARGET_WORDS_BIGENDIAN)
4190 if (endian == DEVICE_LITTLE_ENDIAN) {
4194 if (endian == DEVICE_BIG_ENDIAN) {
4200 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4202 + section_addr(section, addr));
4204 case DEVICE_LITTLE_ENDIAN:
4205 val = lduw_le_p(ptr);
4207 case DEVICE_BIG_ENDIAN:
4208 val = lduw_be_p(ptr);
4218 uint32_t lduw_phys(target_phys_addr_t addr)
4220 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4223 uint32_t lduw_le_phys(target_phys_addr_t addr)
4225 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4228 uint32_t lduw_be_phys(target_phys_addr_t addr)
4230 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4233 /* warning: addr must be aligned. The ram page is not masked as dirty
4234 and the code inside is not invalidated. It is useful if the dirty
4235 bits are used to track modified PTEs */
4236 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
4239 MemoryRegionSection *section;
4241 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4243 if (!memory_region_is_ram(section->mr) || section->readonly) {
4244 addr = section_addr(section, addr);
4245 if (memory_region_is_ram(section->mr)) {
4246 section = &phys_sections[phys_section_rom];
4248 io_mem_write(section->mr, addr, val, 4);
4250 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
4252 + section_addr(section, addr);
4253 ptr = qemu_get_ram_ptr(addr1);
4256 if (unlikely(in_migration)) {
4257 if (!cpu_physical_memory_is_dirty(addr1)) {
4258 /* invalidate code */
4259 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4261 cpu_physical_memory_set_dirty_flags(
4262 addr1, (0xff & ~CODE_DIRTY_FLAG));
4268 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
4271 MemoryRegionSection *section;
4273 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4275 if (!memory_region_is_ram(section->mr) || section->readonly) {
4276 addr = section_addr(section, addr);
4277 if (memory_region_is_ram(section->mr)) {
4278 section = &phys_sections[phys_section_rom];
4280 #ifdef TARGET_WORDS_BIGENDIAN
4281 io_mem_write(section->mr, addr, val >> 32, 4);
4282 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
4284 io_mem_write(section->mr, addr, (uint32_t)val, 4);
4285 io_mem_write(section->mr, addr + 4, val >> 32, 4);
4288 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
4290 + section_addr(section, addr));
4295 /* warning: addr must be aligned */
4296 static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4297 enum device_endian endian)
4300 MemoryRegionSection *section;
4302 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4304 if (!memory_region_is_ram(section->mr) || section->readonly) {
4305 addr = section_addr(section, addr);
4306 if (memory_region_is_ram(section->mr)) {
4307 section = &phys_sections[phys_section_rom];
4309 #if defined(TARGET_WORDS_BIGENDIAN)
4310 if (endian == DEVICE_LITTLE_ENDIAN) {
4314 if (endian == DEVICE_BIG_ENDIAN) {
4318 io_mem_write(section->mr, addr, val, 4);
4320 unsigned long addr1;
4321 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4322 + section_addr(section, addr);
4324 ptr = qemu_get_ram_ptr(addr1);
4326 case DEVICE_LITTLE_ENDIAN:
4329 case DEVICE_BIG_ENDIAN:
4336 if (!cpu_physical_memory_is_dirty(addr1)) {
4337 /* invalidate code */
4338 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4340 cpu_physical_memory_set_dirty_flags(addr1,
4341 (0xff & ~CODE_DIRTY_FLAG));
4346 void stl_phys(target_phys_addr_t addr, uint32_t val)
4348 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4351 void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4353 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4356 void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4358 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4362 void stb_phys(target_phys_addr_t addr, uint32_t val)
4365 cpu_physical_memory_write(addr, &v, 1);
4368 /* warning: addr must be aligned */
4369 static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4370 enum device_endian endian)
4373 MemoryRegionSection *section;
4375 section = phys_page_find(addr >> TARGET_PAGE_BITS);
4377 if (!memory_region_is_ram(section->mr) || section->readonly) {
4378 addr = section_addr(section, addr);
4379 if (memory_region_is_ram(section->mr)) {
4380 section = &phys_sections[phys_section_rom];
4382 #if defined(TARGET_WORDS_BIGENDIAN)
4383 if (endian == DEVICE_LITTLE_ENDIAN) {
4387 if (endian == DEVICE_BIG_ENDIAN) {
4391 io_mem_write(section->mr, addr, val, 2);
4393 unsigned long addr1;
4394 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4395 + section_addr(section, addr);
4397 ptr = qemu_get_ram_ptr(addr1);
4399 case DEVICE_LITTLE_ENDIAN:
4402 case DEVICE_BIG_ENDIAN:
4409 if (!cpu_physical_memory_is_dirty(addr1)) {
4410 /* invalidate code */
4411 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4413 cpu_physical_memory_set_dirty_flags(addr1,
4414 (0xff & ~CODE_DIRTY_FLAG));
4419 void stw_phys(target_phys_addr_t addr, uint32_t val)
4421 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4424 void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4426 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4429 void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4431 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4435 void stq_phys(target_phys_addr_t addr, uint64_t val)
4438 cpu_physical_memory_write(addr, &val, 8);
4441 void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4443 val = cpu_to_le64(val);
4444 cpu_physical_memory_write(addr, &val, 8);
4447 void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4449 val = cpu_to_be64(val);
4450 cpu_physical_memory_write(addr, &val, 8);
4453 /* virtual memory access for debug (includes writing to ROM) */
4454 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
4455 uint8_t *buf, int len, int is_write)
4458 target_phys_addr_t phys_addr;
4462 page = addr & TARGET_PAGE_MASK;
4463 phys_addr = cpu_get_phys_page_debug(env, page);
4464 /* if no physical page mapped, return an error */
4465 if (phys_addr == -1)
4467 l = (page + TARGET_PAGE_SIZE) - addr;
4470 phys_addr += (addr & ~TARGET_PAGE_MASK);
4472 cpu_physical_memory_write_rom(phys_addr, buf, l);
4474 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4483 /* in deterministic execution mode, instructions doing device I/Os
4484 must be at the end of the TB */
4485 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
4487 TranslationBlock *tb;
4489 target_ulong pc, cs_base;
4492 tb = tb_find_pc(retaddr);
4494 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4497 n = env->icount_decr.u16.low + tb->icount;
4498 cpu_restore_state(tb, env, retaddr);
4499 /* Calculate how many instructions had been executed before the fault
4501 n = n - env->icount_decr.u16.low;
4502 /* Generate a new TB ending on the I/O insn. */
4504 /* On MIPS and SH, delay slot instructions can only be restarted if
4505 they were already the first instruction in the TB. If this is not
4506 the first instruction in a TB then re-execute the preceding
4508 #if defined(TARGET_MIPS)
4509 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4510 env->active_tc.PC -= 4;
4511 env->icount_decr.u16.low++;
4512 env->hflags &= ~MIPS_HFLAG_BMASK;
4514 #elif defined(TARGET_SH4)
4515 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4518 env->icount_decr.u16.low++;
4519 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4522 /* This should never happen. */
4523 if (n > CF_COUNT_MASK)
4524 cpu_abort(env, "TB too big during recompile");
4526 cflags = n | CF_LAST_IO;
4528 cs_base = tb->cs_base;
4530 tb_phys_invalidate(tb, -1);
4531 /* FIXME: In theory this could raise an exception. In practice
4532 we have already translated the block once so it's probably ok. */
4533 tb_gen_code(env, pc, cs_base, flags, cflags);
4534 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4535 the first in the TB) then we end up generating a whole new TB and
4536 repeating the fault, which is horribly inefficient.
4537 Better would be to execute just this insn uncached, or generate a
4539 cpu_resume_from_signal(env, NULL);
4542 #if !defined(CONFIG_USER_ONLY)
4544 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4546 int i, target_code_size, max_target_code_size;
4547 int direct_jmp_count, direct_jmp2_count, cross_page;
4548 TranslationBlock *tb;
4550 target_code_size = 0;
4551 max_target_code_size = 0;
4553 direct_jmp_count = 0;
4554 direct_jmp2_count = 0;
4555 for(i = 0; i < nb_tbs; i++) {
4557 target_code_size += tb->size;
4558 if (tb->size > max_target_code_size)
4559 max_target_code_size = tb->size;
4560 if (tb->page_addr[1] != -1)
4562 if (tb->tb_next_offset[0] != 0xffff) {
4564 if (tb->tb_next_offset[1] != 0xffff) {
4565 direct_jmp2_count++;
4569 /* XXX: avoid using doubles ? */
4570 cpu_fprintf(f, "Translation buffer state:\n");
4571 cpu_fprintf(f, "gen code size %td/%ld\n",
4572 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4573 cpu_fprintf(f, "TB count %d/%d\n",
4574 nb_tbs, code_gen_max_blocks);
4575 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4576 nb_tbs ? target_code_size / nb_tbs : 0,
4577 max_target_code_size);
4578 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4579 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4580 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4581 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4583 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4584 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4586 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4588 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4589 cpu_fprintf(f, "\nStatistics:\n");
4590 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4591 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4592 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4593 tcg_dump_info(f, cpu_fprintf);
4596 /* NOTE: this function can trigger an exception */
4597 /* NOTE2: the returned address is not exactly the physical address: it
4598 is the offset relative to phys_ram_base */
4599 tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
4601 int mmu_idx, page_index, pd;
4605 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4606 mmu_idx = cpu_mmu_index(env1);
4607 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4608 (addr & TARGET_PAGE_MASK))) {
4609 #ifdef CONFIG_TCG_PASS_AREG0
4610 cpu_ldub_code(env1, addr);
4615 pd = env1->iotlb[mmu_idx][page_index] & ~TARGET_PAGE_MASK;
4616 mr = iotlb_to_region(pd);
4617 if (mr != &io_mem_ram && mr != &io_mem_rom
4618 && mr != &io_mem_notdirty && !mr->rom_device
4619 && mr != &io_mem_watch) {
4620 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4621 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4623 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4626 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4627 return qemu_ram_addr_from_host_nofail(p);
4631 * A helper function for the _utterly broken_ virtio device model to find out if
4632 * it's running on a big endian machine. Don't do this at home kids!
4634 bool virtio_is_big_endian(void);
4635 bool virtio_is_big_endian(void)
4637 #if defined(TARGET_WORDS_BIGENDIAN)
4644 #define MMUSUFFIX _cmmu
4646 #define GETPC() ((uintptr_t)0)
4647 #define env cpu_single_env
4648 #define SOFTMMU_CODE_ACCESS
4651 #include "softmmu_template.h"
4654 #include "softmmu_template.h"
4657 #include "softmmu_template.h"
4660 #include "softmmu_template.h"
projects / qemu.git / blob