2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
36 #include "qemu-common.h"
42 #include "qemu-timer.h"
43 #if defined(CONFIG_USER_ONLY)
46 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
47 #include <sys/param.h>
48 #if __FreeBSD_version >= 700104
49 #define HAVE_KINFO_GETVMMAP
50 #define sigqueue sigqueue_freebsd /* avoid redefinition */
53 #include <machine/profile.h>
63 //#define DEBUG_TB_INVALIDATE
66 //#define DEBUG_UNASSIGNED
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
101 #define code_gen_section \
102 __attribute__((aligned (32)))
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 static uint8_t *code_gen_ptr;
112 #if !defined(CONFIG_USER_ONLY)
114 static int in_migration;
116 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
120 /* current CPU in the current thread. It is only valid inside
122 CPUState *cpu_single_env;
123 /* 0 = Do not count executed instructions.
124 1 = Precise instruction counting.
125 2 = Adaptive rate instruction counting. */
127 /* Current instruction counter. While executing translated code this may
128 include some instructions that have not yet been executed. */
131 typedef struct PageDesc {
132 /* list of TBs intersecting this ram page */
133 TranslationBlock *first_tb;
134 /* in order to optimize self modifying code, we count the number
135 of lookups we do to a given page to use a bitmap */
136 unsigned int code_write_count;
137 uint8_t *code_bitmap;
138 #if defined(CONFIG_USER_ONLY)
143 /* In system mode we want L1_MAP to be based on ram offsets,
144 while in user mode we want it to be based on virtual addresses. */
145 #if !defined(CONFIG_USER_ONLY)
146 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
147 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
152 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
155 /* Size of the L2 (and L3, etc) page tables. */
157 #define L2_SIZE (1 << L2_BITS)
159 /* The bits remaining after N lower levels of page tables. */
160 #define P_L1_BITS_REM \
161 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
162 #define V_L1_BITS_REM \
163 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165 /* Size of the L1 page table. Avoid silly small sizes. */
166 #if P_L1_BITS_REM < 4
167 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169 #define P_L1_BITS P_L1_BITS_REM
172 #if V_L1_BITS_REM < 4
173 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175 #define V_L1_BITS V_L1_BITS_REM
178 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
179 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
182 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184 unsigned long qemu_real_host_page_size;
185 unsigned long qemu_host_page_bits;
186 unsigned long qemu_host_page_size;
187 unsigned long qemu_host_page_mask;
189 /* This is a multi-level map on the virtual address space.
190 The bottom level has pointers to PageDesc. */
191 static void *l1_map[V_L1_SIZE];
193 #if !defined(CONFIG_USER_ONLY)
194 typedef struct PhysPageDesc {
195 /* offset in host memory of the page + io_index in the low bits */
196 ram_addr_t phys_offset;
197 ram_addr_t region_offset;
200 /* This is a multi-level map on the physical address space.
201 The bottom level has pointers to PhysPageDesc. */
202 static void *l1_phys_map[P_L1_SIZE];
204 static void io_mem_init(void);
206 /* io memory support */
207 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
208 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
209 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
210 static char io_mem_used[IO_MEM_NB_ENTRIES];
211 static int io_mem_watch;
216 static const char *logfilename = "qemu.log";
218 static const char *logfilename = "/tmp/qemu.log";
222 static int log_append = 0;
225 #if !defined(CONFIG_USER_ONLY)
226 static int tlb_flush_count;
228 static int tb_flush_count;
229 static int tb_phys_invalidate_count;
232 static void map_exec(void *addr, long size)
235 VirtualProtect(addr, size,
236 PAGE_EXECUTE_READWRITE, &old_protect);
240 static void map_exec(void *addr, long size)
242 unsigned long start, end, page_size;
244 page_size = getpagesize();
245 start = (unsigned long)addr;
246 start &= ~(page_size - 1);
248 end = (unsigned long)addr + size;
249 end += page_size - 1;
250 end &= ~(page_size - 1);
252 mprotect((void *)start, end - start,
253 PROT_READ | PROT_WRITE | PROT_EXEC);
257 static void page_init(void)
259 /* NOTE: we can always suppose that qemu_host_page_size >=
263 SYSTEM_INFO system_info;
265 GetSystemInfo(&system_info);
266 qemu_real_host_page_size = system_info.dwPageSize;
269 qemu_real_host_page_size = getpagesize();
271 if (qemu_host_page_size == 0)
272 qemu_host_page_size = qemu_real_host_page_size;
273 if (qemu_host_page_size < TARGET_PAGE_SIZE)
274 qemu_host_page_size = TARGET_PAGE_SIZE;
275 qemu_host_page_bits = 0;
276 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
277 qemu_host_page_bits++;
278 qemu_host_page_mask = ~(qemu_host_page_size - 1);
280 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
282 #ifdef HAVE_KINFO_GETVMMAP
283 struct kinfo_vmentry *freep;
286 freep = kinfo_getvmmap(getpid(), &cnt);
289 for (i = 0; i < cnt; i++) {
290 unsigned long startaddr, endaddr;
292 startaddr = freep[i].kve_start;
293 endaddr = freep[i].kve_end;
294 if (h2g_valid(startaddr)) {
295 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
297 if (h2g_valid(endaddr)) {
298 endaddr = h2g(endaddr);
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
301 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
303 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
314 last_brk = (unsigned long)sbrk(0);
316 f = fopen("/compat/linux/proc/self/maps", "r");
321 unsigned long startaddr, endaddr;
324 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
326 if (n == 2 && h2g_valid(startaddr)) {
327 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
329 if (h2g_valid(endaddr)) {
330 endaddr = h2g(endaddr);
334 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
346 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
352 #if defined(CONFIG_USER_ONLY)
353 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
354 # define ALLOC(P, SIZE) \
356 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
357 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
360 # define ALLOC(P, SIZE) \
361 do { P = qemu_mallocz(SIZE); } while (0)
364 /* Level 1. Always allocated. */
365 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
368 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
375 ALLOC(p, sizeof(void *) * L2_SIZE);
379 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
387 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
393 return pd + (index & (L2_SIZE - 1));
396 static inline PageDesc *page_find(tb_page_addr_t index)
398 return page_find_alloc(index, 0);
401 #if !defined(CONFIG_USER_ONLY)
402 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
408 /* Level 1. Always allocated. */
409 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
412 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
418 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
420 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
431 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
433 for (i = 0; i < L2_SIZE; i++) {
434 pd[i].phys_offset = IO_MEM_UNASSIGNED;
435 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
439 return pd + (index & (L2_SIZE - 1));
442 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
444 return phys_page_find_alloc(index, 0);
447 static void tlb_protect_code(ram_addr_t ram_addr);
448 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
450 #define mmap_lock() do { } while(0)
451 #define mmap_unlock() do { } while(0)
454 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
456 #if defined(CONFIG_USER_ONLY)
457 /* Currently it is not recommended to allocate big chunks of data in
458 user mode. It will change when a dedicated libc will be used */
459 #define USE_STATIC_CODE_GEN_BUFFER
462 #ifdef USE_STATIC_CODE_GEN_BUFFER
463 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
464 __attribute__((aligned (CODE_GEN_ALIGN)));
467 static void code_gen_alloc(unsigned long tb_size)
469 #ifdef USE_STATIC_CODE_GEN_BUFFER
470 code_gen_buffer = static_code_gen_buffer;
471 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
472 map_exec(code_gen_buffer, code_gen_buffer_size);
474 code_gen_buffer_size = tb_size;
475 if (code_gen_buffer_size == 0) {
476 #if defined(CONFIG_USER_ONLY)
477 /* in user mode, phys_ram_size is not meaningful */
478 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
480 /* XXX: needs adjustments */
481 code_gen_buffer_size = (unsigned long)(ram_size / 4);
484 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
485 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
486 /* The code gen buffer location may have constraints depending on
487 the host cpu and OS */
488 #if defined(__linux__)
493 flags = MAP_PRIVATE | MAP_ANONYMOUS;
494 #if defined(__x86_64__)
496 /* Cannot map more than that */
497 if (code_gen_buffer_size > (800 * 1024 * 1024))
498 code_gen_buffer_size = (800 * 1024 * 1024);
499 #elif defined(__sparc_v9__)
500 // Map the buffer below 2G, so we can use direct calls and branches
502 start = (void *) 0x60000000UL;
503 if (code_gen_buffer_size > (512 * 1024 * 1024))
504 code_gen_buffer_size = (512 * 1024 * 1024);
505 #elif defined(__arm__)
506 /* Map the buffer below 32M, so we can use direct calls and branches */
508 start = (void *) 0x01000000UL;
509 if (code_gen_buffer_size > 16 * 1024 * 1024)
510 code_gen_buffer_size = 16 * 1024 * 1024;
511 #elif defined(__s390x__)
512 /* Map the buffer so that we can use direct calls and branches. */
513 /* We have a +- 4GB range on the branches; leave some slop. */
514 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
515 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
517 start = (void *)0x90000000UL;
519 code_gen_buffer = mmap(start, code_gen_buffer_size,
520 PROT_WRITE | PROT_READ | PROT_EXEC,
522 if (code_gen_buffer == MAP_FAILED) {
523 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
527 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
531 flags = MAP_PRIVATE | MAP_ANONYMOUS;
532 #if defined(__x86_64__)
533 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
534 * 0x40000000 is free */
536 addr = (void *)0x40000000;
537 /* Cannot map more than that */
538 if (code_gen_buffer_size > (800 * 1024 * 1024))
539 code_gen_buffer_size = (800 * 1024 * 1024);
541 code_gen_buffer = mmap(addr, code_gen_buffer_size,
542 PROT_WRITE | PROT_READ | PROT_EXEC,
544 if (code_gen_buffer == MAP_FAILED) {
545 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
550 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
551 map_exec(code_gen_buffer, code_gen_buffer_size);
553 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
554 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
555 code_gen_buffer_max_size = code_gen_buffer_size -
556 (TCG_MAX_OP_SIZE * OPC_MAX_SIZE);
557 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
558 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
561 /* Must be called before using the QEMU cpus. 'tb_size' is the size
562 (in bytes) allocated to the translation buffer. Zero means default
564 void cpu_exec_init_all(unsigned long tb_size)
567 code_gen_alloc(tb_size);
568 code_gen_ptr = code_gen_buffer;
570 #if !defined(CONFIG_USER_ONLY)
573 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
574 /* There's no guest base to take into account, so go ahead and
575 initialize the prologue now. */
576 tcg_prologue_init(&tcg_ctx);
580 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
582 static int cpu_common_post_load(void *opaque, int version_id)
584 CPUState *env = opaque;
586 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
587 version_id is increased. */
588 env->interrupt_request &= ~0x01;
594 static const VMStateDescription vmstate_cpu_common = {
595 .name = "cpu_common",
597 .minimum_version_id = 1,
598 .minimum_version_id_old = 1,
599 .post_load = cpu_common_post_load,
600 .fields = (VMStateField []) {
601 VMSTATE_UINT32(halted, CPUState),
602 VMSTATE_UINT32(interrupt_request, CPUState),
603 VMSTATE_END_OF_LIST()
608 CPUState *qemu_get_cpu(int cpu)
610 CPUState *env = first_cpu;
613 if (env->cpu_index == cpu)
621 void cpu_exec_init(CPUState *env)
626 #if defined(CONFIG_USER_ONLY)
629 env->next_cpu = NULL;
632 while (*penv != NULL) {
633 penv = &(*penv)->next_cpu;
636 env->cpu_index = cpu_index;
638 QTAILQ_INIT(&env->breakpoints);
639 QTAILQ_INIT(&env->watchpoints);
641 #if defined(CONFIG_USER_ONLY)
644 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
645 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
647 cpu_save, cpu_load, env);
651 static inline void invalidate_page_bitmap(PageDesc *p)
653 if (p->code_bitmap) {
654 qemu_free(p->code_bitmap);
655 p->code_bitmap = NULL;
657 p->code_write_count = 0;
660 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
662 static void page_flush_tb_1 (int level, void **lp)
671 for (i = 0; i < L2_SIZE; ++i) {
672 pd[i].first_tb = NULL;
673 invalidate_page_bitmap(pd + i);
677 for (i = 0; i < L2_SIZE; ++i) {
678 page_flush_tb_1 (level - 1, pp + i);
683 static void page_flush_tb(void)
686 for (i = 0; i < V_L1_SIZE; i++) {
687 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
691 /* flush all the translation blocks */
692 /* XXX: tb_flush is currently not thread safe */
693 void tb_flush(CPUState *env1)
696 #if defined(DEBUG_FLUSH)
697 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
698 (unsigned long)(code_gen_ptr - code_gen_buffer),
700 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
702 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
703 cpu_abort(env1, "Internal error: code buffer overflow\n");
707 for(env = first_cpu; env != NULL; env = env->next_cpu) {
708 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
711 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
714 code_gen_ptr = code_gen_buffer;
715 /* XXX: flush processor icache at this point if cache flush is
720 #ifdef DEBUG_TB_CHECK
722 static void tb_invalidate_check(target_ulong address)
724 TranslationBlock *tb;
726 address &= TARGET_PAGE_MASK;
727 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
728 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
729 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
730 address >= tb->pc + tb->size)) {
731 printf("ERROR invalidate: address=" TARGET_FMT_lx
732 " PC=%08lx size=%04x\n",
733 address, (long)tb->pc, tb->size);
739 /* verify that all the pages have correct rights for code */
740 static void tb_page_check(void)
742 TranslationBlock *tb;
743 int i, flags1, flags2;
745 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
746 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
747 flags1 = page_get_flags(tb->pc);
748 flags2 = page_get_flags(tb->pc + tb->size - 1);
749 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
750 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
751 (long)tb->pc, tb->size, flags1, flags2);
759 /* invalidate one TB */
760 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
763 TranslationBlock *tb1;
767 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
770 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
774 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
776 TranslationBlock *tb1;
782 tb1 = (TranslationBlock *)((long)tb1 & ~3);
784 *ptb = tb1->page_next[n1];
787 ptb = &tb1->page_next[n1];
791 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
793 TranslationBlock *tb1, **ptb;
796 ptb = &tb->jmp_next[n];
799 /* find tb(n) in circular list */
803 tb1 = (TranslationBlock *)((long)tb1 & ~3);
804 if (n1 == n && tb1 == tb)
807 ptb = &tb1->jmp_first;
809 ptb = &tb1->jmp_next[n1];
812 /* now we can suppress tb(n) from the list */
813 *ptb = tb->jmp_next[n];
815 tb->jmp_next[n] = NULL;
819 /* reset the jump entry 'n' of a TB so that it is not chained to
821 static inline void tb_reset_jump(TranslationBlock *tb, int n)
823 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
826 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
831 tb_page_addr_t phys_pc;
832 TranslationBlock *tb1, *tb2;
834 /* remove the TB from the hash list */
835 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
836 h = tb_phys_hash_func(phys_pc);
837 tb_remove(&tb_phys_hash[h], tb,
838 offsetof(TranslationBlock, phys_hash_next));
840 /* remove the TB from the page list */
841 if (tb->page_addr[0] != page_addr) {
842 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
843 tb_page_remove(&p->first_tb, tb);
844 invalidate_page_bitmap(p);
846 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
847 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
848 tb_page_remove(&p->first_tb, tb);
849 invalidate_page_bitmap(p);
852 tb_invalidated_flag = 1;
854 /* remove the TB from the hash list */
855 h = tb_jmp_cache_hash_func(tb->pc);
856 for(env = first_cpu; env != NULL; env = env->next_cpu) {
857 if (env->tb_jmp_cache[h] == tb)
858 env->tb_jmp_cache[h] = NULL;
861 /* suppress this TB from the two jump lists */
862 tb_jmp_remove(tb, 0);
863 tb_jmp_remove(tb, 1);
865 /* suppress any remaining jumps to this TB */
871 tb1 = (TranslationBlock *)((long)tb1 & ~3);
872 tb2 = tb1->jmp_next[n1];
873 tb_reset_jump(tb1, n1);
874 tb1->jmp_next[n1] = NULL;
877 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
879 tb_phys_invalidate_count++;
882 static inline void set_bits(uint8_t *tab, int start, int len)
888 mask = 0xff << (start & 7);
889 if ((start & ~7) == (end & ~7)) {
891 mask &= ~(0xff << (end & 7));
896 start = (start + 8) & ~7;
898 while (start < end1) {
903 mask = ~(0xff << (end & 7));
909 static void build_page_bitmap(PageDesc *p)
911 int n, tb_start, tb_end;
912 TranslationBlock *tb;
914 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
919 tb = (TranslationBlock *)((long)tb & ~3);
920 /* NOTE: this is subtle as a TB may span two physical pages */
922 /* NOTE: tb_end may be after the end of the page, but
923 it is not a problem */
924 tb_start = tb->pc & ~TARGET_PAGE_MASK;
925 tb_end = tb_start + tb->size;
926 if (tb_end > TARGET_PAGE_SIZE)
927 tb_end = TARGET_PAGE_SIZE;
930 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
932 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
933 tb = tb->page_next[n];
937 TranslationBlock *tb_gen_code(CPUState *env,
938 target_ulong pc, target_ulong cs_base,
939 int flags, int cflags)
941 TranslationBlock *tb;
943 tb_page_addr_t phys_pc, phys_page2;
944 target_ulong virt_page2;
947 phys_pc = get_page_addr_code(env, pc);
950 /* flush must be done */
952 /* cannot fail at this point */
954 /* Don't forget to invalidate previous TB info. */
955 tb_invalidated_flag = 1;
957 tc_ptr = code_gen_ptr;
959 tb->cs_base = cs_base;
962 cpu_gen_code(env, tb, &code_gen_size);
963 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
965 /* check next page if needed */
966 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
968 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
969 phys_page2 = get_page_addr_code(env, virt_page2);
971 tb_link_page(tb, phys_pc, phys_page2);
975 /* invalidate all TBs which intersect with the target physical page
976 starting in range [start;end[. NOTE: start and end must refer to
977 the same physical page. 'is_cpu_write_access' should be true if called
978 from a real cpu write access: the virtual CPU will exit the current
979 TB if code is modified inside this TB. */
980 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
981 int is_cpu_write_access)
983 TranslationBlock *tb, *tb_next, *saved_tb;
984 CPUState *env = cpu_single_env;
985 tb_page_addr_t tb_start, tb_end;
988 #ifdef TARGET_HAS_PRECISE_SMC
989 int current_tb_not_found = is_cpu_write_access;
990 TranslationBlock *current_tb = NULL;
991 int current_tb_modified = 0;
992 target_ulong current_pc = 0;
993 target_ulong current_cs_base = 0;
994 int current_flags = 0;
995 #endif /* TARGET_HAS_PRECISE_SMC */
997 p = page_find(start >> TARGET_PAGE_BITS);
1000 if (!p->code_bitmap &&
1001 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1002 is_cpu_write_access) {
1003 /* build code bitmap */
1004 build_page_bitmap(p);
1007 /* we remove all the TBs in the range [start, end[ */
1008 /* XXX: see if in some cases it could be faster to invalidate all the code */
1010 while (tb != NULL) {
1012 tb = (TranslationBlock *)((long)tb & ~3);
1013 tb_next = tb->page_next[n];
1014 /* NOTE: this is subtle as a TB may span two physical pages */
1016 /* NOTE: tb_end may be after the end of the page, but
1017 it is not a problem */
1018 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1019 tb_end = tb_start + tb->size;
1021 tb_start = tb->page_addr[1];
1022 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1024 if (!(tb_end <= start || tb_start >= end)) {
1025 #ifdef TARGET_HAS_PRECISE_SMC
1026 if (current_tb_not_found) {
1027 current_tb_not_found = 0;
1029 if (env->mem_io_pc) {
1030 /* now we have a real cpu fault */
1031 current_tb = tb_find_pc(env->mem_io_pc);
1034 if (current_tb == tb &&
1035 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1036 /* If we are modifying the current TB, we must stop
1037 its execution. We could be more precise by checking
1038 that the modification is after the current PC, but it
1039 would require a specialized function to partially
1040 restore the CPU state */
1042 current_tb_modified = 1;
1043 cpu_restore_state(current_tb, env,
1044 env->mem_io_pc, NULL);
1045 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1048 #endif /* TARGET_HAS_PRECISE_SMC */
1049 /* we need to do that to handle the case where a signal
1050 occurs while doing tb_phys_invalidate() */
1053 saved_tb = env->current_tb;
1054 env->current_tb = NULL;
1056 tb_phys_invalidate(tb, -1);
1058 env->current_tb = saved_tb;
1059 if (env->interrupt_request && env->current_tb)
1060 cpu_interrupt(env, env->interrupt_request);
1065 #if !defined(CONFIG_USER_ONLY)
1066 /* if no code remaining, no need to continue to use slow writes */
1068 invalidate_page_bitmap(p);
1069 if (is_cpu_write_access) {
1070 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1074 #ifdef TARGET_HAS_PRECISE_SMC
1075 if (current_tb_modified) {
1076 /* we generate a block containing just the instruction
1077 modifying the memory. It will ensure that it cannot modify
1079 env->current_tb = NULL;
1080 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1081 cpu_resume_from_signal(env, NULL);
1086 /* len must be <= 8 and start must be a multiple of len */
1087 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1093 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1094 cpu_single_env->mem_io_vaddr, len,
1095 cpu_single_env->eip,
1096 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1099 p = page_find(start >> TARGET_PAGE_BITS);
1102 if (p->code_bitmap) {
1103 offset = start & ~TARGET_PAGE_MASK;
1104 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1105 if (b & ((1 << len) - 1))
1109 tb_invalidate_phys_page_range(start, start + len, 1);
1113 #if !defined(CONFIG_SOFTMMU)
1114 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1115 unsigned long pc, void *puc)
1117 TranslationBlock *tb;
1120 #ifdef TARGET_HAS_PRECISE_SMC
1121 TranslationBlock *current_tb = NULL;
1122 CPUState *env = cpu_single_env;
1123 int current_tb_modified = 0;
1124 target_ulong current_pc = 0;
1125 target_ulong current_cs_base = 0;
1126 int current_flags = 0;
1129 addr &= TARGET_PAGE_MASK;
1130 p = page_find(addr >> TARGET_PAGE_BITS);
1134 #ifdef TARGET_HAS_PRECISE_SMC
1135 if (tb && pc != 0) {
1136 current_tb = tb_find_pc(pc);
1139 while (tb != NULL) {
1141 tb = (TranslationBlock *)((long)tb & ~3);
1142 #ifdef TARGET_HAS_PRECISE_SMC
1143 if (current_tb == tb &&
1144 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1145 /* If we are modifying the current TB, we must stop
1146 its execution. We could be more precise by checking
1147 that the modification is after the current PC, but it
1148 would require a specialized function to partially
1149 restore the CPU state */
1151 current_tb_modified = 1;
1152 cpu_restore_state(current_tb, env, pc, puc);
1153 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1156 #endif /* TARGET_HAS_PRECISE_SMC */
1157 tb_phys_invalidate(tb, addr);
1158 tb = tb->page_next[n];
1161 #ifdef TARGET_HAS_PRECISE_SMC
1162 if (current_tb_modified) {
1163 /* we generate a block containing just the instruction
1164 modifying the memory. It will ensure that it cannot modify
1166 env->current_tb = NULL;
1167 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1168 cpu_resume_from_signal(env, puc);
1174 /* add the tb in the target page and protect it if necessary */
1175 static inline void tb_alloc_page(TranslationBlock *tb,
1176 unsigned int n, tb_page_addr_t page_addr)
1179 TranslationBlock *last_first_tb;
1181 tb->page_addr[n] = page_addr;
1182 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1183 tb->page_next[n] = p->first_tb;
1184 last_first_tb = p->first_tb;
1185 p->first_tb = (TranslationBlock *)((long)tb | n);
1186 invalidate_page_bitmap(p);
1188 #if defined(TARGET_HAS_SMC) || 1
1190 #if defined(CONFIG_USER_ONLY)
1191 if (p->flags & PAGE_WRITE) {
1196 /* force the host page as non writable (writes will have a
1197 page fault + mprotect overhead) */
1198 page_addr &= qemu_host_page_mask;
1200 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1201 addr += TARGET_PAGE_SIZE) {
1203 p2 = page_find (addr >> TARGET_PAGE_BITS);
1207 p2->flags &= ~PAGE_WRITE;
1209 mprotect(g2h(page_addr), qemu_host_page_size,
1210 (prot & PAGE_BITS) & ~PAGE_WRITE);
1211 #ifdef DEBUG_TB_INVALIDATE
1212 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1217 /* if some code is already present, then the pages are already
1218 protected. So we handle the case where only the first TB is
1219 allocated in a physical page */
1220 if (!last_first_tb) {
1221 tlb_protect_code(page_addr);
1225 #endif /* TARGET_HAS_SMC */
1228 /* Allocate a new translation block. Flush the translation buffer if
1229 too many translation blocks or too much generated code. */
1230 TranslationBlock *tb_alloc(target_ulong pc)
1232 TranslationBlock *tb;
1234 if (nb_tbs >= code_gen_max_blocks ||
1235 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1237 tb = &tbs[nb_tbs++];
1243 void tb_free(TranslationBlock *tb)
1245 /* In practice this is mostly used for single use temporary TB
1246 Ignore the hard cases and just back up if this TB happens to
1247 be the last one generated. */
1248 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1249 code_gen_ptr = tb->tc_ptr;
1254 /* add a new TB and link it to the physical page tables. phys_page2 is
1255 (-1) to indicate that only one page contains the TB. */
1256 void tb_link_page(TranslationBlock *tb,
1257 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1260 TranslationBlock **ptb;
1262 /* Grab the mmap lock to stop another thread invalidating this TB
1263 before we are done. */
1265 /* add in the physical hash table */
1266 h = tb_phys_hash_func(phys_pc);
1267 ptb = &tb_phys_hash[h];
1268 tb->phys_hash_next = *ptb;
1271 /* add in the page list */
1272 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1273 if (phys_page2 != -1)
1274 tb_alloc_page(tb, 1, phys_page2);
1276 tb->page_addr[1] = -1;
1278 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1279 tb->jmp_next[0] = NULL;
1280 tb->jmp_next[1] = NULL;
1282 /* init original jump addresses */
1283 if (tb->tb_next_offset[0] != 0xffff)
1284 tb_reset_jump(tb, 0);
1285 if (tb->tb_next_offset[1] != 0xffff)
1286 tb_reset_jump(tb, 1);
1288 #ifdef DEBUG_TB_CHECK
1294 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1295 tb[1].tc_ptr. Return NULL if not found */
1296 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1298 int m_min, m_max, m;
1300 TranslationBlock *tb;
1304 if (tc_ptr < (unsigned long)code_gen_buffer ||
1305 tc_ptr >= (unsigned long)code_gen_ptr)
1307 /* binary search (cf Knuth) */
1310 while (m_min <= m_max) {
1311 m = (m_min + m_max) >> 1;
1313 v = (unsigned long)tb->tc_ptr;
1316 else if (tc_ptr < v) {
1325 static void tb_reset_jump_recursive(TranslationBlock *tb);
1327 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1329 TranslationBlock *tb1, *tb_next, **ptb;
1332 tb1 = tb->jmp_next[n];
1334 /* find head of list */
1337 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1340 tb1 = tb1->jmp_next[n1];
1342 /* we are now sure now that tb jumps to tb1 */
1345 /* remove tb from the jmp_first list */
1346 ptb = &tb_next->jmp_first;
1350 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1351 if (n1 == n && tb1 == tb)
1353 ptb = &tb1->jmp_next[n1];
1355 *ptb = tb->jmp_next[n];
1356 tb->jmp_next[n] = NULL;
1358 /* suppress the jump to next tb in generated code */
1359 tb_reset_jump(tb, n);
1361 /* suppress jumps in the tb on which we could have jumped */
1362 tb_reset_jump_recursive(tb_next);
1366 static void tb_reset_jump_recursive(TranslationBlock *tb)
1368 tb_reset_jump_recursive2(tb, 0);
1369 tb_reset_jump_recursive2(tb, 1);
1372 #if defined(TARGET_HAS_ICE)
1373 #if defined(CONFIG_USER_ONLY)
1374 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1376 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1379 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1381 target_phys_addr_t addr;
1383 ram_addr_t ram_addr;
1386 addr = cpu_get_phys_page_debug(env, pc);
1387 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1389 pd = IO_MEM_UNASSIGNED;
1391 pd = p->phys_offset;
1393 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1394 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1397 #endif /* TARGET_HAS_ICE */
1399 #if defined(CONFIG_USER_ONLY)
1400 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1405 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1406 int flags, CPUWatchpoint **watchpoint)
1411 /* Add a watchpoint. */
1412 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1413 int flags, CPUWatchpoint **watchpoint)
1415 target_ulong len_mask = ~(len - 1);
1418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1419 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1420 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1421 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1424 wp = qemu_malloc(sizeof(*wp));
1427 wp->len_mask = len_mask;
1430 /* keep all GDB-injected watchpoints in front */
1432 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1434 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1436 tlb_flush_page(env, addr);
1443 /* Remove a specific watchpoint. */
1444 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1447 target_ulong len_mask = ~(len - 1);
1450 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1451 if (addr == wp->vaddr && len_mask == wp->len_mask
1452 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1453 cpu_watchpoint_remove_by_ref(env, wp);
1460 /* Remove a specific watchpoint by reference. */
1461 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1463 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1465 tlb_flush_page(env, watchpoint->vaddr);
1467 qemu_free(watchpoint);
1470 /* Remove all matching watchpoints. */
1471 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1473 CPUWatchpoint *wp, *next;
1475 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1476 if (wp->flags & mask)
1477 cpu_watchpoint_remove_by_ref(env, wp);
1482 /* Add a breakpoint. */
1483 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1484 CPUBreakpoint **breakpoint)
1486 #if defined(TARGET_HAS_ICE)
1489 bp = qemu_malloc(sizeof(*bp));
1494 /* keep all GDB-injected breakpoints in front */
1496 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1498 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1500 breakpoint_invalidate(env, pc);
1510 /* Remove a specific breakpoint. */
1511 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1513 #if defined(TARGET_HAS_ICE)
1516 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1517 if (bp->pc == pc && bp->flags == flags) {
1518 cpu_breakpoint_remove_by_ref(env, bp);
1528 /* Remove a specific breakpoint by reference. */
1529 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1531 #if defined(TARGET_HAS_ICE)
1532 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1534 breakpoint_invalidate(env, breakpoint->pc);
1536 qemu_free(breakpoint);
1540 /* Remove all matching breakpoints. */
1541 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1543 #if defined(TARGET_HAS_ICE)
1544 CPUBreakpoint *bp, *next;
1546 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1547 if (bp->flags & mask)
1548 cpu_breakpoint_remove_by_ref(env, bp);
1553 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1554 CPU loop after each instruction */
1555 void cpu_single_step(CPUState *env, int enabled)
1557 #if defined(TARGET_HAS_ICE)
1558 if (env->singlestep_enabled != enabled) {
1559 env->singlestep_enabled = enabled;
1561 kvm_update_guest_debug(env, 0);
1563 /* must flush all the translated code to avoid inconsistencies */
1564 /* XXX: only flush what is necessary */
1571 /* enable or disable low levels log */
1572 void cpu_set_log(int log_flags)
1574 loglevel = log_flags;
1575 if (loglevel && !logfile) {
1576 logfile = fopen(logfilename, log_append ? "a" : "w");
1578 perror(logfilename);
1581 #if !defined(CONFIG_SOFTMMU)
1582 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1584 static char logfile_buf[4096];
1585 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1587 #elif !defined(_WIN32)
1588 /* Win32 doesn't support line-buffering and requires size >= 2 */
1589 setvbuf(logfile, NULL, _IOLBF, 0);
1593 if (!loglevel && logfile) {
1599 void cpu_set_log_filename(const char *filename)
1601 logfilename = strdup(filename);
1606 cpu_set_log(loglevel);
1609 static void cpu_unlink_tb(CPUState *env)
1611 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1612 problem and hope the cpu will stop of its own accord. For userspace
1613 emulation this often isn't actually as bad as it sounds. Often
1614 signals are used primarily to interrupt blocking syscalls. */
1615 TranslationBlock *tb;
1616 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1618 spin_lock(&interrupt_lock);
1619 tb = env->current_tb;
1620 /* if the cpu is currently executing code, we must unlink it and
1621 all the potentially executing TB */
1623 env->current_tb = NULL;
1624 tb_reset_jump_recursive(tb);
1626 spin_unlock(&interrupt_lock);
1629 /* mask must never be zero, except for A20 change call */
1630 void cpu_interrupt(CPUState *env, int mask)
1634 old_mask = env->interrupt_request;
1635 env->interrupt_request |= mask;
1637 #ifndef CONFIG_USER_ONLY
1639 * If called from iothread context, wake the target cpu in
1642 if (!qemu_cpu_self(env)) {
1649 env->icount_decr.u16.high = 0xffff;
1650 #ifndef CONFIG_USER_ONLY
1652 && (mask & ~old_mask) != 0) {
1653 cpu_abort(env, "Raised interrupt while not in I/O function");
1661 void cpu_reset_interrupt(CPUState *env, int mask)
1663 env->interrupt_request &= ~mask;
1666 void cpu_exit(CPUState *env)
1668 env->exit_request = 1;
1672 const CPULogItem cpu_log_items[] = {
1673 { CPU_LOG_TB_OUT_ASM, "out_asm",
1674 "show generated host assembly code for each compiled TB" },
1675 { CPU_LOG_TB_IN_ASM, "in_asm",
1676 "show target assembly code for each compiled TB" },
1677 { CPU_LOG_TB_OP, "op",
1678 "show micro ops for each compiled TB" },
1679 { CPU_LOG_TB_OP_OPT, "op_opt",
1682 "before eflags optimization and "
1684 "after liveness analysis" },
1685 { CPU_LOG_INT, "int",
1686 "show interrupts/exceptions in short format" },
1687 { CPU_LOG_EXEC, "exec",
1688 "show trace before each executed TB (lots of logs)" },
1689 { CPU_LOG_TB_CPU, "cpu",
1690 "show CPU state before block translation" },
1692 { CPU_LOG_PCALL, "pcall",
1693 "show protected mode far calls/returns/exceptions" },
1694 { CPU_LOG_RESET, "cpu_reset",
1695 "show CPU state before CPU resets" },
1698 { CPU_LOG_IOPORT, "ioport",
1699 "show all i/o ports accesses" },
1704 #ifndef CONFIG_USER_ONLY
1705 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1706 = QLIST_HEAD_INITIALIZER(memory_client_list);
1708 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1710 ram_addr_t phys_offset)
1712 CPUPhysMemoryClient *client;
1713 QLIST_FOREACH(client, &memory_client_list, list) {
1714 client->set_memory(client, start_addr, size, phys_offset);
1718 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1719 target_phys_addr_t end)
1721 CPUPhysMemoryClient *client;
1722 QLIST_FOREACH(client, &memory_client_list, list) {
1723 int r = client->sync_dirty_bitmap(client, start, end);
1730 static int cpu_notify_migration_log(int enable)
1732 CPUPhysMemoryClient *client;
1733 QLIST_FOREACH(client, &memory_client_list, list) {
1734 int r = client->migration_log(client, enable);
1741 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1742 int level, void **lp)
1750 PhysPageDesc *pd = *lp;
1751 for (i = 0; i < L2_SIZE; ++i) {
1752 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1753 client->set_memory(client, pd[i].region_offset,
1754 TARGET_PAGE_SIZE, pd[i].phys_offset);
1759 for (i = 0; i < L2_SIZE; ++i) {
1760 phys_page_for_each_1(client, level - 1, pp + i);
1765 static void phys_page_for_each(CPUPhysMemoryClient *client)
1768 for (i = 0; i < P_L1_SIZE; ++i) {
1769 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1774 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1776 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1777 phys_page_for_each(client);
1780 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1782 QLIST_REMOVE(client, list);
1786 static int cmp1(const char *s1, int n, const char *s2)
1788 if (strlen(s2) != n)
1790 return memcmp(s1, s2, n) == 0;
1793 /* takes a comma separated list of log masks. Return 0 if error. */
1794 int cpu_str_to_log_mask(const char *str)
1796 const CPULogItem *item;
1803 p1 = strchr(p, ',');
1806 if(cmp1(p,p1-p,"all")) {
1807 for(item = cpu_log_items; item->mask != 0; item++) {
1811 for(item = cpu_log_items; item->mask != 0; item++) {
1812 if (cmp1(p, p1 - p, item->name))
1826 void cpu_abort(CPUState *env, const char *fmt, ...)
1833 fprintf(stderr, "qemu: fatal: ");
1834 vfprintf(stderr, fmt, ap);
1835 fprintf(stderr, "\n");
1837 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1839 cpu_dump_state(env, stderr, fprintf, 0);
1841 if (qemu_log_enabled()) {
1842 qemu_log("qemu: fatal: ");
1843 qemu_log_vprintf(fmt, ap2);
1846 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1848 log_cpu_state(env, 0);
1855 #if defined(CONFIG_USER_ONLY)
1857 struct sigaction act;
1858 sigfillset(&act.sa_mask);
1859 act.sa_handler = SIG_DFL;
1860 sigaction(SIGABRT, &act, NULL);
1866 CPUState *cpu_copy(CPUState *env)
1868 CPUState *new_env = cpu_init(env->cpu_model_str);
1869 CPUState *next_cpu = new_env->next_cpu;
1870 int cpu_index = new_env->cpu_index;
1871 #if defined(TARGET_HAS_ICE)
1876 memcpy(new_env, env, sizeof(CPUState));
1878 /* Preserve chaining and index. */
1879 new_env->next_cpu = next_cpu;
1880 new_env->cpu_index = cpu_index;
1882 /* Clone all break/watchpoints.
1883 Note: Once we support ptrace with hw-debug register access, make sure
1884 BP_CPU break/watchpoints are handled correctly on clone. */
1885 QTAILQ_INIT(&env->breakpoints);
1886 QTAILQ_INIT(&env->watchpoints);
1887 #if defined(TARGET_HAS_ICE)
1888 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1889 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1891 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1892 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1900 #if !defined(CONFIG_USER_ONLY)
1902 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1906 /* Discard jump cache entries for any tb which might potentially
1907 overlap the flushed page. */
1908 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1909 memset (&env->tb_jmp_cache[i], 0,
1910 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1912 i = tb_jmp_cache_hash_page(addr);
1913 memset (&env->tb_jmp_cache[i], 0,
1914 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1917 static CPUTLBEntry s_cputlb_empty_entry = {
1924 /* NOTE: if flush_global is true, also flush global entries (not
1926 void tlb_flush(CPUState *env, int flush_global)
1930 #if defined(DEBUG_TLB)
1931 printf("tlb_flush:\n");
1933 /* must reset current TB so that interrupts cannot modify the
1934 links while we are modifying them */
1935 env->current_tb = NULL;
1937 for(i = 0; i < CPU_TLB_SIZE; i++) {
1939 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1940 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1944 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1946 env->tlb_flush_addr = -1;
1947 env->tlb_flush_mask = 0;
1951 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1953 if (addr == (tlb_entry->addr_read &
1954 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1955 addr == (tlb_entry->addr_write &
1956 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1957 addr == (tlb_entry->addr_code &
1958 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1959 *tlb_entry = s_cputlb_empty_entry;
1963 void tlb_flush_page(CPUState *env, target_ulong addr)
1968 #if defined(DEBUG_TLB)
1969 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1971 /* Check if we need to flush due to large pages. */
1972 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1973 #if defined(DEBUG_TLB)
1974 printf("tlb_flush_page: forced full flush ("
1975 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1976 env->tlb_flush_addr, env->tlb_flush_mask);
1981 /* must reset current TB so that interrupts cannot modify the
1982 links while we are modifying them */
1983 env->current_tb = NULL;
1985 addr &= TARGET_PAGE_MASK;
1986 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1987 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1988 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1990 tlb_flush_jmp_cache(env, addr);
1993 /* update the TLBs so that writes to code in the virtual page 'addr'
1995 static void tlb_protect_code(ram_addr_t ram_addr)
1997 cpu_physical_memory_reset_dirty(ram_addr,
1998 ram_addr + TARGET_PAGE_SIZE,
2002 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2003 tested for self modifying code */
2004 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2007 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2010 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2011 unsigned long start, unsigned long length)
2014 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2015 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2016 if ((addr - start) < length) {
2017 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2022 /* Note: start and end must be within the same ram block. */
2023 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2027 unsigned long length, start1;
2030 start &= TARGET_PAGE_MASK;
2031 end = TARGET_PAGE_ALIGN(end);
2033 length = end - start;
2036 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2038 /* we modify the TLB cache so that the dirty bit will be set again
2039 when accessing the range */
2040 start1 = (unsigned long)qemu_get_ram_ptr(start);
2041 /* Chek that we don't span multiple blocks - this breaks the
2042 address comparisons below. */
2043 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2044 != (end - 1) - start) {
2048 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2050 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2051 for(i = 0; i < CPU_TLB_SIZE; i++)
2052 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2058 int cpu_physical_memory_set_dirty_tracking(int enable)
2061 in_migration = enable;
2062 ret = cpu_notify_migration_log(!!enable);
2066 int cpu_physical_memory_get_dirty_tracking(void)
2068 return in_migration;
2071 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2072 target_phys_addr_t end_addr)
2076 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2080 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2082 ram_addr_t ram_addr;
2085 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2086 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2087 + tlb_entry->addend);
2088 ram_addr = qemu_ram_addr_from_host(p);
2089 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2090 tlb_entry->addr_write |= TLB_NOTDIRTY;
2095 /* update the TLB according to the current state of the dirty bits */
2096 void cpu_tlb_update_dirty(CPUState *env)
2100 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2101 for(i = 0; i < CPU_TLB_SIZE; i++)
2102 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2106 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2108 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2109 tlb_entry->addr_write = vaddr;
2112 /* update the TLB corresponding to virtual page vaddr
2113 so that it is no longer dirty */
2114 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2119 vaddr &= TARGET_PAGE_MASK;
2120 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2121 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2122 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2125 /* Our TLB does not support large pages, so remember the area covered by
2126 large pages and trigger a full TLB flush if these are invalidated. */
2127 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2130 target_ulong mask = ~(size - 1);
2132 if (env->tlb_flush_addr == (target_ulong)-1) {
2133 env->tlb_flush_addr = vaddr & mask;
2134 env->tlb_flush_mask = mask;
2137 /* Extend the existing region to include the new page.
2138 This is a compromise between unnecessary flushes and the cost
2139 of maintaining a full variable size TLB. */
2140 mask &= env->tlb_flush_mask;
2141 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2144 env->tlb_flush_addr &= mask;
2145 env->tlb_flush_mask = mask;
2148 /* Add a new TLB entry. At most one entry for a given virtual address
2149 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2150 supplied size is only used by tlb_flush_page. */
2151 void tlb_set_page(CPUState *env, target_ulong vaddr,
2152 target_phys_addr_t paddr, int prot,
2153 int mmu_idx, target_ulong size)
2158 target_ulong address;
2159 target_ulong code_address;
2160 unsigned long addend;
2163 target_phys_addr_t iotlb;
2165 assert(size >= TARGET_PAGE_SIZE);
2166 if (size != TARGET_PAGE_SIZE) {
2167 tlb_add_large_page(env, vaddr, size);
2169 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2171 pd = IO_MEM_UNASSIGNED;
2173 pd = p->phys_offset;
2175 #if defined(DEBUG_TLB)
2176 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2177 " prot=%x idx=%d pd=0x%08lx\n",
2178 vaddr, paddr, prot, mmu_idx, pd);
2182 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2183 /* IO memory case (romd handled later) */
2184 address |= TLB_MMIO;
2186 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2187 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2189 iotlb = pd & TARGET_PAGE_MASK;
2190 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2191 iotlb |= IO_MEM_NOTDIRTY;
2193 iotlb |= IO_MEM_ROM;
2195 /* IO handlers are currently passed a physical address.
2196 It would be nice to pass an offset from the base address
2197 of that region. This would avoid having to special case RAM,
2198 and avoid full address decoding in every device.
2199 We can't use the high bits of pd for this because
2200 IO_MEM_ROMD uses these as a ram address. */
2201 iotlb = (pd & ~TARGET_PAGE_MASK);
2203 iotlb += p->region_offset;
2209 code_address = address;
2210 /* Make accesses to pages with watchpoints go via the
2211 watchpoint trap routines. */
2212 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2213 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2214 /* Avoid trapping reads of pages with a write breakpoint. */
2215 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2216 iotlb = io_mem_watch + paddr;
2217 address |= TLB_MMIO;
2223 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2224 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2225 te = &env->tlb_table[mmu_idx][index];
2226 te->addend = addend - vaddr;
2227 if (prot & PAGE_READ) {
2228 te->addr_read = address;
2233 if (prot & PAGE_EXEC) {
2234 te->addr_code = code_address;
2238 if (prot & PAGE_WRITE) {
2239 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2240 (pd & IO_MEM_ROMD)) {
2241 /* Write access calls the I/O callback. */
2242 te->addr_write = address | TLB_MMIO;
2243 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2244 !cpu_physical_memory_is_dirty(pd)) {
2245 te->addr_write = address | TLB_NOTDIRTY;
2247 te->addr_write = address;
2250 te->addr_write = -1;
2256 void tlb_flush(CPUState *env, int flush_global)
2260 void tlb_flush_page(CPUState *env, target_ulong addr)
2265 * Walks guest process memory "regions" one by one
2266 * and calls callback function 'fn' for each region.
2269 struct walk_memory_regions_data
2271 walk_memory_regions_fn fn;
2273 unsigned long start;
2277 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2278 abi_ulong end, int new_prot)
2280 if (data->start != -1ul) {
2281 int rc = data->fn(data->priv, data->start, end, data->prot);
2287 data->start = (new_prot ? end : -1ul);
2288 data->prot = new_prot;
2293 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2294 abi_ulong base, int level, void **lp)
2300 return walk_memory_regions_end(data, base, 0);
2305 for (i = 0; i < L2_SIZE; ++i) {
2306 int prot = pd[i].flags;
2308 pa = base | (i << TARGET_PAGE_BITS);
2309 if (prot != data->prot) {
2310 rc = walk_memory_regions_end(data, pa, prot);
2318 for (i = 0; i < L2_SIZE; ++i) {
2319 pa = base | ((abi_ulong)i <<
2320 (TARGET_PAGE_BITS + L2_BITS * level));
2321 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2331 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2333 struct walk_memory_regions_data data;
2341 for (i = 0; i < V_L1_SIZE; i++) {
2342 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2343 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2349 return walk_memory_regions_end(&data, 0, 0);
2352 static int dump_region(void *priv, abi_ulong start,
2353 abi_ulong end, unsigned long prot)
2355 FILE *f = (FILE *)priv;
2357 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2358 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2359 start, end, end - start,
2360 ((prot & PAGE_READ) ? 'r' : '-'),
2361 ((prot & PAGE_WRITE) ? 'w' : '-'),
2362 ((prot & PAGE_EXEC) ? 'x' : '-'));
2367 /* dump memory mappings */
2368 void page_dump(FILE *f)
2370 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2371 "start", "end", "size", "prot");
2372 walk_memory_regions(f, dump_region);
2375 int page_get_flags(target_ulong address)
2379 p = page_find(address >> TARGET_PAGE_BITS);
2385 /* Modify the flags of a page and invalidate the code if necessary.
2386 The flag PAGE_WRITE_ORG is positioned automatically depending
2387 on PAGE_WRITE. The mmap_lock should already be held. */
2388 void page_set_flags(target_ulong start, target_ulong end, int flags)
2390 target_ulong addr, len;
2392 /* This function should never be called with addresses outside the
2393 guest address space. If this assert fires, it probably indicates
2394 a missing call to h2g_valid. */
2395 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2396 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2398 assert(start < end);
2400 start = start & TARGET_PAGE_MASK;
2401 end = TARGET_PAGE_ALIGN(end);
2403 if (flags & PAGE_WRITE) {
2404 flags |= PAGE_WRITE_ORG;
2407 for (addr = start, len = end - start;
2409 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2410 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2412 /* If the write protection bit is set, then we invalidate
2414 if (!(p->flags & PAGE_WRITE) &&
2415 (flags & PAGE_WRITE) &&
2417 tb_invalidate_phys_page(addr, 0, NULL);
2423 int page_check_range(target_ulong start, target_ulong len, int flags)
2429 /* This function should never be called with addresses outside the
2430 guest address space. If this assert fires, it probably indicates
2431 a missing call to h2g_valid. */
2432 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2433 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2439 if (start + len - 1 < start) {
2440 /* We've wrapped around. */
2444 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2445 start = start & TARGET_PAGE_MASK;
2447 for (addr = start, len = end - start;
2449 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2450 p = page_find(addr >> TARGET_PAGE_BITS);
2453 if( !(p->flags & PAGE_VALID) )
2456 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2458 if (flags & PAGE_WRITE) {
2459 if (!(p->flags & PAGE_WRITE_ORG))
2461 /* unprotect the page if it was put read-only because it
2462 contains translated code */
2463 if (!(p->flags & PAGE_WRITE)) {
2464 if (!page_unprotect(addr, 0, NULL))
2473 /* called from signal handler: invalidate the code and unprotect the
2474 page. Return TRUE if the fault was successfully handled. */
2475 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2479 target_ulong host_start, host_end, addr;
2481 /* Technically this isn't safe inside a signal handler. However we
2482 know this only ever happens in a synchronous SEGV handler, so in
2483 practice it seems to be ok. */
2486 p = page_find(address >> TARGET_PAGE_BITS);
2492 /* if the page was really writable, then we change its
2493 protection back to writable */
2494 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2495 host_start = address & qemu_host_page_mask;
2496 host_end = host_start + qemu_host_page_size;
2499 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2500 p = page_find(addr >> TARGET_PAGE_BITS);
2501 p->flags |= PAGE_WRITE;
2504 /* and since the content will be modified, we must invalidate
2505 the corresponding translated code. */
2506 tb_invalidate_phys_page(addr, pc, puc);
2507 #ifdef DEBUG_TB_CHECK
2508 tb_invalidate_check(addr);
2511 mprotect((void *)g2h(host_start), qemu_host_page_size,
2521 static inline void tlb_set_dirty(CPUState *env,
2522 unsigned long addr, target_ulong vaddr)
2525 #endif /* defined(CONFIG_USER_ONLY) */
2527 #if !defined(CONFIG_USER_ONLY)
2529 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2530 typedef struct subpage_t {
2531 target_phys_addr_t base;
2532 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2533 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2536 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2537 ram_addr_t memory, ram_addr_t region_offset);
2538 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2539 ram_addr_t orig_memory,
2540 ram_addr_t region_offset);
2541 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2544 if (addr > start_addr) \
2547 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2548 if (start_addr2 > 0) \
2552 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2553 end_addr2 = TARGET_PAGE_SIZE - 1; \
2555 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2556 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2561 /* register physical memory.
2562 For RAM, 'size' must be a multiple of the target page size.
2563 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2564 io memory page. The address used when calling the IO function is
2565 the offset from the start of the region, plus region_offset. Both
2566 start_addr and region_offset are rounded down to a page boundary
2567 before calculating this offset. This should not be a problem unless
2568 the low bits of start_addr and region_offset differ. */
2569 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2571 ram_addr_t phys_offset,
2572 ram_addr_t region_offset)
2574 target_phys_addr_t addr, end_addr;
2577 ram_addr_t orig_size = size;
2580 cpu_notify_set_memory(start_addr, size, phys_offset);
2582 if (phys_offset == IO_MEM_UNASSIGNED) {
2583 region_offset = start_addr;
2585 region_offset &= TARGET_PAGE_MASK;
2586 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2587 end_addr = start_addr + (target_phys_addr_t)size;
2588 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2589 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2590 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2591 ram_addr_t orig_memory = p->phys_offset;
2592 target_phys_addr_t start_addr2, end_addr2;
2593 int need_subpage = 0;
2595 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2598 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2599 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2600 &p->phys_offset, orig_memory,
2603 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2606 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2608 p->region_offset = 0;
2610 p->phys_offset = phys_offset;
2611 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2612 (phys_offset & IO_MEM_ROMD))
2613 phys_offset += TARGET_PAGE_SIZE;
2616 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2617 p->phys_offset = phys_offset;
2618 p->region_offset = region_offset;
2619 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2620 (phys_offset & IO_MEM_ROMD)) {
2621 phys_offset += TARGET_PAGE_SIZE;
2623 target_phys_addr_t start_addr2, end_addr2;
2624 int need_subpage = 0;
2626 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2627 end_addr2, need_subpage);
2630 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2631 &p->phys_offset, IO_MEM_UNASSIGNED,
2632 addr & TARGET_PAGE_MASK);
2633 subpage_register(subpage, start_addr2, end_addr2,
2634 phys_offset, region_offset);
2635 p->region_offset = 0;
2639 region_offset += TARGET_PAGE_SIZE;
2642 /* since each CPU stores ram addresses in its TLB cache, we must
2643 reset the modified entries */
2645 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2650 /* XXX: temporary until new memory mapping API */
2651 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2655 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2657 return IO_MEM_UNASSIGNED;
2658 return p->phys_offset;
2661 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2664 kvm_coalesce_mmio_region(addr, size);
2667 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2670 kvm_uncoalesce_mmio_region(addr, size);
2673 void qemu_flush_coalesced_mmio_buffer(void)
2676 kvm_flush_coalesced_mmio_buffer();
2679 #if defined(__linux__) && !defined(TARGET_S390X)
2681 #include <sys/vfs.h>
2683 #define HUGETLBFS_MAGIC 0x958458f6
2685 static long gethugepagesize(const char *path)
2691 ret = statfs(path, &fs);
2692 } while (ret != 0 && errno == EINTR);
2699 if (fs.f_type != HUGETLBFS_MAGIC)
2700 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2705 static void *file_ram_alloc(RAMBlock *block,
2715 unsigned long hpagesize;
2717 hpagesize = gethugepagesize(path);
2722 if (memory < hpagesize) {
2726 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2727 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2731 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2735 fd = mkstemp(filename);
2737 perror("unable to create backing store for hugepages");
2744 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2747 * ftruncate is not supported by hugetlbfs in older
2748 * hosts, so don't bother bailing out on errors.
2749 * If anything goes wrong with it under other filesystems,
2752 if (ftruncate(fd, memory))
2753 perror("ftruncate");
2756 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2757 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2758 * to sidestep this quirk.
2760 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2761 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2763 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2765 if (area == MAP_FAILED) {
2766 perror("file_ram_alloc: can't mmap RAM pages");
2775 static ram_addr_t find_ram_offset(ram_addr_t size)
2777 RAMBlock *block, *next_block;
2778 ram_addr_t offset = 0, mingap = ULONG_MAX;
2780 if (QLIST_EMPTY(&ram_list.blocks))
2783 QLIST_FOREACH(block, &ram_list.blocks, next) {
2784 ram_addr_t end, next = ULONG_MAX;
2786 end = block->offset + block->length;
2788 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2789 if (next_block->offset >= end) {
2790 next = MIN(next, next_block->offset);
2793 if (next - end >= size && next - end < mingap) {
2795 mingap = next - end;
2801 static ram_addr_t last_ram_offset(void)
2804 ram_addr_t last = 0;
2806 QLIST_FOREACH(block, &ram_list.blocks, next)
2807 last = MAX(last, block->offset + block->length);
2812 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
2813 ram_addr_t size, void *host)
2815 RAMBlock *new_block, *block;
2817 size = TARGET_PAGE_ALIGN(size);
2818 new_block = qemu_mallocz(sizeof(*new_block));
2820 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2821 char *id = dev->parent_bus->info->get_dev_path(dev);
2823 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2827 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2829 QLIST_FOREACH(block, &ram_list.blocks, next) {
2830 if (!strcmp(block->idstr, new_block->idstr)) {
2831 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2838 new_block->host = host;
2841 #if defined (__linux__) && !defined(TARGET_S390X)
2842 new_block->host = file_ram_alloc(new_block, size, mem_path);
2843 if (!new_block->host) {
2844 new_block->host = qemu_vmalloc(size);
2845 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2848 fprintf(stderr, "-mem-path option unsupported\n");
2852 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2853 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2854 new_block->host = mmap((void*)0x1000000, size,
2855 PROT_EXEC|PROT_READ|PROT_WRITE,
2856 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2858 new_block->host = qemu_vmalloc(size);
2860 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2864 new_block->offset = find_ram_offset(size);
2865 new_block->length = size;
2867 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2869 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
2870 last_ram_offset() >> TARGET_PAGE_BITS);
2871 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2872 0xff, size >> TARGET_PAGE_BITS);
2875 kvm_setup_guest_memory(new_block->host, size);
2877 return new_block->offset;
2880 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2882 return qemu_ram_alloc_from_ptr(dev, name, size, NULL);
2885 void qemu_ram_free(ram_addr_t addr)
2889 QLIST_FOREACH(block, &ram_list.blocks, next) {
2890 if (addr == block->offset) {
2891 QLIST_REMOVE(block, next);
2893 #if defined (__linux__) && !defined(TARGET_S390X)
2895 munmap(block->host, block->length);
2898 qemu_vfree(block->host);
2902 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2903 munmap(block->host, block->length);
2905 qemu_vfree(block->host);
2915 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2916 With the exception of the softmmu code in this file, this should
2917 only be used for local memory (e.g. video ram) that the device owns,
2918 and knows it isn't going to access beyond the end of the block.
2920 It should not be used for general purpose DMA.
2921 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2923 void *qemu_get_ram_ptr(ram_addr_t addr)
2927 QLIST_FOREACH(block, &ram_list.blocks, next) {
2928 if (addr - block->offset < block->length) {
2929 QLIST_REMOVE(block, next);
2930 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2931 return block->host + (addr - block->offset);
2935 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2941 /* Some of the softmmu routines need to translate from a host pointer
2942 (typically a TLB entry) back to a ram offset. */
2943 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2946 uint8_t *host = ptr;
2948 QLIST_FOREACH(block, &ram_list.blocks, next) {
2949 if (host - block->host < block->length) {
2950 return block->offset + (host - block->host);
2954 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2960 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2962 #ifdef DEBUG_UNASSIGNED
2963 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2965 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2966 do_unassigned_access(addr, 0, 0, 0, 1);
2971 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2973 #ifdef DEBUG_UNASSIGNED
2974 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2976 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2977 do_unassigned_access(addr, 0, 0, 0, 2);
2982 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2984 #ifdef DEBUG_UNASSIGNED
2985 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2987 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2988 do_unassigned_access(addr, 0, 0, 0, 4);
2993 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2995 #ifdef DEBUG_UNASSIGNED
2996 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2998 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2999 do_unassigned_access(addr, 1, 0, 0, 1);
3003 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3005 #ifdef DEBUG_UNASSIGNED
3006 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3008 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3009 do_unassigned_access(addr, 1, 0, 0, 2);
3013 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3015 #ifdef DEBUG_UNASSIGNED
3016 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3018 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3019 do_unassigned_access(addr, 1, 0, 0, 4);
3023 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3024 unassigned_mem_readb,
3025 unassigned_mem_readw,
3026 unassigned_mem_readl,
3029 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3030 unassigned_mem_writeb,
3031 unassigned_mem_writew,
3032 unassigned_mem_writel,
3035 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3039 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3040 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3041 #if !defined(CONFIG_USER_ONLY)
3042 tb_invalidate_phys_page_fast(ram_addr, 1);
3043 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3046 stb_p(qemu_get_ram_ptr(ram_addr), val);
3047 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3048 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3049 /* we remove the notdirty callback only if the code has been
3051 if (dirty_flags == 0xff)
3052 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3055 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3059 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3060 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3061 #if !defined(CONFIG_USER_ONLY)
3062 tb_invalidate_phys_page_fast(ram_addr, 2);
3063 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3066 stw_p(qemu_get_ram_ptr(ram_addr), val);
3067 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3068 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3069 /* we remove the notdirty callback only if the code has been
3071 if (dirty_flags == 0xff)
3072 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3075 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3079 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3080 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3081 #if !defined(CONFIG_USER_ONLY)
3082 tb_invalidate_phys_page_fast(ram_addr, 4);
3083 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3086 stl_p(qemu_get_ram_ptr(ram_addr), val);
3087 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3088 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3089 /* we remove the notdirty callback only if the code has been
3091 if (dirty_flags == 0xff)
3092 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3095 static CPUReadMemoryFunc * const error_mem_read[3] = {
3096 NULL, /* never used */
3097 NULL, /* never used */
3098 NULL, /* never used */
3101 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3102 notdirty_mem_writeb,
3103 notdirty_mem_writew,
3104 notdirty_mem_writel,
3107 /* Generate a debug exception if a watchpoint has been hit. */
3108 static void check_watchpoint(int offset, int len_mask, int flags)
3110 CPUState *env = cpu_single_env;
3111 target_ulong pc, cs_base;
3112 TranslationBlock *tb;
3117 if (env->watchpoint_hit) {
3118 /* We re-entered the check after replacing the TB. Now raise
3119 * the debug interrupt so that is will trigger after the
3120 * current instruction. */
3121 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3124 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3125 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3126 if ((vaddr == (wp->vaddr & len_mask) ||
3127 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3128 wp->flags |= BP_WATCHPOINT_HIT;
3129 if (!env->watchpoint_hit) {
3130 env->watchpoint_hit = wp;
3131 tb = tb_find_pc(env->mem_io_pc);
3133 cpu_abort(env, "check_watchpoint: could not find TB for "
3134 "pc=%p", (void *)env->mem_io_pc);
3136 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3137 tb_phys_invalidate(tb, -1);
3138 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3139 env->exception_index = EXCP_DEBUG;
3141 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3142 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3144 cpu_resume_from_signal(env, NULL);
3147 wp->flags &= ~BP_WATCHPOINT_HIT;
3152 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3153 so these check for a hit then pass through to the normal out-of-line
3155 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3157 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3158 return ldub_phys(addr);
3161 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3163 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3164 return lduw_phys(addr);
3167 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3169 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3170 return ldl_phys(addr);
3173 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3176 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3177 stb_phys(addr, val);
3180 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3183 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3184 stw_phys(addr, val);
3187 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3190 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3191 stl_phys(addr, val);
3194 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3200 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3206 static inline uint32_t subpage_readlen (subpage_t *mmio,
3207 target_phys_addr_t addr,
3210 unsigned int idx = SUBPAGE_IDX(addr);
3211 #if defined(DEBUG_SUBPAGE)
3212 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3213 mmio, len, addr, idx);
3216 addr += mmio->region_offset[idx];
3217 idx = mmio->sub_io_index[idx];
3218 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3221 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3222 uint32_t value, unsigned int len)
3224 unsigned int idx = SUBPAGE_IDX(addr);
3225 #if defined(DEBUG_SUBPAGE)
3226 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3227 __func__, mmio, len, addr, idx, value);
3230 addr += mmio->region_offset[idx];
3231 idx = mmio->sub_io_index[idx];
3232 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3235 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3237 return subpage_readlen(opaque, addr, 0);
3240 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3243 subpage_writelen(opaque, addr, value, 0);
3246 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3248 return subpage_readlen(opaque, addr, 1);
3251 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3254 subpage_writelen(opaque, addr, value, 1);
3257 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3259 return subpage_readlen(opaque, addr, 2);
3262 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3265 subpage_writelen(opaque, addr, value, 2);
3268 static CPUReadMemoryFunc * const subpage_read[] = {
3274 static CPUWriteMemoryFunc * const subpage_write[] = {
3280 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3281 ram_addr_t memory, ram_addr_t region_offset)
3285 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3287 idx = SUBPAGE_IDX(start);
3288 eidx = SUBPAGE_IDX(end);
3289 #if defined(DEBUG_SUBPAGE)
3290 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3291 mmio, start, end, idx, eidx, memory);
3293 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
3294 memory = IO_MEM_UNASSIGNED;
3295 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3296 for (; idx <= eidx; idx++) {
3297 mmio->sub_io_index[idx] = memory;
3298 mmio->region_offset[idx] = region_offset;
3304 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3305 ram_addr_t orig_memory,
3306 ram_addr_t region_offset)
3311 mmio = qemu_mallocz(sizeof(subpage_t));
3314 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3315 #if defined(DEBUG_SUBPAGE)
3316 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3317 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3319 *phys = subpage_memory | IO_MEM_SUBPAGE;
3320 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3325 static int get_free_io_mem_idx(void)
3329 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3330 if (!io_mem_used[i]) {
3334 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3338 /* mem_read and mem_write are arrays of functions containing the
3339 function to access byte (index 0), word (index 1) and dword (index
3340 2). Functions can be omitted with a NULL function pointer.
3341 If io_index is non zero, the corresponding io zone is
3342 modified. If it is zero, a new io zone is allocated. The return
3343 value can be used with cpu_register_physical_memory(). (-1) is
3344 returned if error. */
3345 static int cpu_register_io_memory_fixed(int io_index,
3346 CPUReadMemoryFunc * const *mem_read,
3347 CPUWriteMemoryFunc * const *mem_write,
3352 if (io_index <= 0) {
3353 io_index = get_free_io_mem_idx();
3357 io_index >>= IO_MEM_SHIFT;
3358 if (io_index >= IO_MEM_NB_ENTRIES)
3362 for (i = 0; i < 3; ++i) {
3363 io_mem_read[io_index][i]
3364 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3366 for (i = 0; i < 3; ++i) {
3367 io_mem_write[io_index][i]
3368 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3370 io_mem_opaque[io_index] = opaque;
3372 return (io_index << IO_MEM_SHIFT);
3375 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3376 CPUWriteMemoryFunc * const *mem_write,
3379 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3382 void cpu_unregister_io_memory(int io_table_address)
3385 int io_index = io_table_address >> IO_MEM_SHIFT;
3387 for (i=0;i < 3; i++) {
3388 io_mem_read[io_index][i] = unassigned_mem_read[i];
3389 io_mem_write[io_index][i] = unassigned_mem_write[i];
3391 io_mem_opaque[io_index] = NULL;
3392 io_mem_used[io_index] = 0;
3395 static void io_mem_init(void)
3399 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3400 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3401 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3405 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3406 watch_mem_write, NULL);
3409 #endif /* !defined(CONFIG_USER_ONLY) */
3411 /* physical memory access (slow version, mainly for debug) */
3412 #if defined(CONFIG_USER_ONLY)
3413 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3414 uint8_t *buf, int len, int is_write)
3421 page = addr & TARGET_PAGE_MASK;
3422 l = (page + TARGET_PAGE_SIZE) - addr;
3425 flags = page_get_flags(page);
3426 if (!(flags & PAGE_VALID))
3429 if (!(flags & PAGE_WRITE))
3431 /* XXX: this code should not depend on lock_user */
3432 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3435 unlock_user(p, addr, l);
3437 if (!(flags & PAGE_READ))
3439 /* XXX: this code should not depend on lock_user */
3440 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3443 unlock_user(p, addr, 0);
3453 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3454 int len, int is_write)
3459 target_phys_addr_t page;
3464 page = addr & TARGET_PAGE_MASK;
3465 l = (page + TARGET_PAGE_SIZE) - addr;
3468 p = phys_page_find(page >> TARGET_PAGE_BITS);
3470 pd = IO_MEM_UNASSIGNED;
3472 pd = p->phys_offset;
3476 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3477 target_phys_addr_t addr1 = addr;
3478 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3480 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3481 /* XXX: could force cpu_single_env to NULL to avoid
3483 if (l >= 4 && ((addr1 & 3) == 0)) {
3484 /* 32 bit write access */
3486 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3488 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3489 /* 16 bit write access */
3491 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3494 /* 8 bit write access */
3496 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3500 unsigned long addr1;
3501 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3503 ptr = qemu_get_ram_ptr(addr1);
3504 memcpy(ptr, buf, l);
3505 if (!cpu_physical_memory_is_dirty(addr1)) {
3506 /* invalidate code */
3507 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3509 cpu_physical_memory_set_dirty_flags(
3510 addr1, (0xff & ~CODE_DIRTY_FLAG));
3514 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3515 !(pd & IO_MEM_ROMD)) {
3516 target_phys_addr_t addr1 = addr;
3518 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3520 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3521 if (l >= 4 && ((addr1 & 3) == 0)) {
3522 /* 32 bit read access */
3523 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3526 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3527 /* 16 bit read access */
3528 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3532 /* 8 bit read access */
3533 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3539 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3540 (addr & ~TARGET_PAGE_MASK);
3541 memcpy(buf, ptr, l);
3550 /* used for ROM loading : can write in RAM and ROM */
3551 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3552 const uint8_t *buf, int len)
3556 target_phys_addr_t page;
3561 page = addr & TARGET_PAGE_MASK;
3562 l = (page + TARGET_PAGE_SIZE) - addr;
3565 p = phys_page_find(page >> TARGET_PAGE_BITS);
3567 pd = IO_MEM_UNASSIGNED;
3569 pd = p->phys_offset;
3572 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3573 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3574 !(pd & IO_MEM_ROMD)) {
3577 unsigned long addr1;
3578 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3580 ptr = qemu_get_ram_ptr(addr1);
3581 memcpy(ptr, buf, l);
3591 target_phys_addr_t addr;
3592 target_phys_addr_t len;
3595 static BounceBuffer bounce;
3597 typedef struct MapClient {
3599 void (*callback)(void *opaque);
3600 QLIST_ENTRY(MapClient) link;
3603 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3604 = QLIST_HEAD_INITIALIZER(map_client_list);
3606 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3608 MapClient *client = qemu_malloc(sizeof(*client));
3610 client->opaque = opaque;
3611 client->callback = callback;
3612 QLIST_INSERT_HEAD(&map_client_list, client, link);
3616 void cpu_unregister_map_client(void *_client)
3618 MapClient *client = (MapClient *)_client;
3620 QLIST_REMOVE(client, link);
3624 static void cpu_notify_map_clients(void)
3628 while (!QLIST_EMPTY(&map_client_list)) {
3629 client = QLIST_FIRST(&map_client_list);
3630 client->callback(client->opaque);
3631 cpu_unregister_map_client(client);
3635 /* Map a physical memory region into a host virtual address.
3636 * May map a subset of the requested range, given by and returned in *plen.
3637 * May return NULL if resources needed to perform the mapping are exhausted.
3638 * Use only for reads OR writes - not for read-modify-write operations.
3639 * Use cpu_register_map_client() to know when retrying the map operation is
3640 * likely to succeed.
3642 void *cpu_physical_memory_map(target_phys_addr_t addr,
3643 target_phys_addr_t *plen,
3646 target_phys_addr_t len = *plen;
3647 target_phys_addr_t done = 0;
3649 uint8_t *ret = NULL;
3651 target_phys_addr_t page;
3654 unsigned long addr1;
3657 page = addr & TARGET_PAGE_MASK;
3658 l = (page + TARGET_PAGE_SIZE) - addr;
3661 p = phys_page_find(page >> TARGET_PAGE_BITS);
3663 pd = IO_MEM_UNASSIGNED;
3665 pd = p->phys_offset;
3668 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3669 if (done || bounce.buffer) {
3672 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3676 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3678 ptr = bounce.buffer;
3680 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3681 ptr = qemu_get_ram_ptr(addr1);
3685 } else if (ret + done != ptr) {
3697 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3698 * Will also mark the memory as dirty if is_write == 1. access_len gives
3699 * the amount of memory that was actually read or written by the caller.
3701 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3702 int is_write, target_phys_addr_t access_len)
3704 if (buffer != bounce.buffer) {
3706 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3707 while (access_len) {
3709 l = TARGET_PAGE_SIZE;
3712 if (!cpu_physical_memory_is_dirty(addr1)) {
3713 /* invalidate code */
3714 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3716 cpu_physical_memory_set_dirty_flags(
3717 addr1, (0xff & ~CODE_DIRTY_FLAG));
3726 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3728 qemu_vfree(bounce.buffer);
3729 bounce.buffer = NULL;
3730 cpu_notify_map_clients();
3733 /* warning: addr must be aligned */
3734 uint32_t ldl_phys(target_phys_addr_t addr)
3742 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3744 pd = IO_MEM_UNASSIGNED;
3746 pd = p->phys_offset;
3749 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3750 !(pd & IO_MEM_ROMD)) {
3752 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3754 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3755 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3758 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3759 (addr & ~TARGET_PAGE_MASK);
3765 /* warning: addr must be aligned */
3766 uint64_t ldq_phys(target_phys_addr_t addr)
3774 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3776 pd = IO_MEM_UNASSIGNED;
3778 pd = p->phys_offset;
3781 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3782 !(pd & IO_MEM_ROMD)) {
3784 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3786 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3787 #ifdef TARGET_WORDS_BIGENDIAN
3788 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3789 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3791 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3792 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3796 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3797 (addr & ~TARGET_PAGE_MASK);
3804 uint32_t ldub_phys(target_phys_addr_t addr)
3807 cpu_physical_memory_read(addr, &val, 1);
3811 /* warning: addr must be aligned */
3812 uint32_t lduw_phys(target_phys_addr_t addr)
3820 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3822 pd = IO_MEM_UNASSIGNED;
3824 pd = p->phys_offset;
3827 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3828 !(pd & IO_MEM_ROMD)) {
3830 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3832 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3833 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
3836 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3837 (addr & ~TARGET_PAGE_MASK);
3843 /* warning: addr must be aligned. The ram page is not masked as dirty
3844 and the code inside is not invalidated. It is useful if the dirty
3845 bits are used to track modified PTEs */
3846 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3853 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3855 pd = IO_MEM_UNASSIGNED;
3857 pd = p->phys_offset;
3860 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3861 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3863 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3864 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3866 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3867 ptr = qemu_get_ram_ptr(addr1);
3870 if (unlikely(in_migration)) {
3871 if (!cpu_physical_memory_is_dirty(addr1)) {
3872 /* invalidate code */
3873 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3875 cpu_physical_memory_set_dirty_flags(
3876 addr1, (0xff & ~CODE_DIRTY_FLAG));
3882 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3889 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3891 pd = IO_MEM_UNASSIGNED;
3893 pd = p->phys_offset;
3896 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3897 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3899 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3900 #ifdef TARGET_WORDS_BIGENDIAN
3901 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3902 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3904 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3905 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3908 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3909 (addr & ~TARGET_PAGE_MASK);
3914 /* warning: addr must be aligned */
3915 void stl_phys(target_phys_addr_t addr, uint32_t val)
3922 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3924 pd = IO_MEM_UNASSIGNED;
3926 pd = p->phys_offset;
3929 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3930 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3932 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3933 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3935 unsigned long addr1;
3936 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3938 ptr = qemu_get_ram_ptr(addr1);
3940 if (!cpu_physical_memory_is_dirty(addr1)) {
3941 /* invalidate code */
3942 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3944 cpu_physical_memory_set_dirty_flags(addr1,
3945 (0xff & ~CODE_DIRTY_FLAG));
3951 void stb_phys(target_phys_addr_t addr, uint32_t val)
3954 cpu_physical_memory_write(addr, &v, 1);
3957 /* warning: addr must be aligned */
3958 void stw_phys(target_phys_addr_t addr, uint32_t val)
3965 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3967 pd = IO_MEM_UNASSIGNED;
3969 pd = p->phys_offset;
3972 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3973 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3975 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3976 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
3978 unsigned long addr1;
3979 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3981 ptr = qemu_get_ram_ptr(addr1);
3983 if (!cpu_physical_memory_is_dirty(addr1)) {
3984 /* invalidate code */
3985 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
3987 cpu_physical_memory_set_dirty_flags(addr1,
3988 (0xff & ~CODE_DIRTY_FLAG));
3994 void stq_phys(target_phys_addr_t addr, uint64_t val)
3997 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
4000 /* virtual memory access for debug (includes writing to ROM) */
4001 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4002 uint8_t *buf, int len, int is_write)
4005 target_phys_addr_t phys_addr;
4009 page = addr & TARGET_PAGE_MASK;
4010 phys_addr = cpu_get_phys_page_debug(env, page);
4011 /* if no physical page mapped, return an error */
4012 if (phys_addr == -1)
4014 l = (page + TARGET_PAGE_SIZE) - addr;
4017 phys_addr += (addr & ~TARGET_PAGE_MASK);
4019 cpu_physical_memory_write_rom(phys_addr, buf, l);
4021 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4030 /* in deterministic execution mode, instructions doing device I/Os
4031 must be at the end of the TB */
4032 void cpu_io_recompile(CPUState *env, void *retaddr)
4034 TranslationBlock *tb;
4036 target_ulong pc, cs_base;
4039 tb = tb_find_pc((unsigned long)retaddr);
4041 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4044 n = env->icount_decr.u16.low + tb->icount;
4045 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
4046 /* Calculate how many instructions had been executed before the fault
4048 n = n - env->icount_decr.u16.low;
4049 /* Generate a new TB ending on the I/O insn. */
4051 /* On MIPS and SH, delay slot instructions can only be restarted if
4052 they were already the first instruction in the TB. If this is not
4053 the first instruction in a TB then re-execute the preceding
4055 #if defined(TARGET_MIPS)
4056 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4057 env->active_tc.PC -= 4;
4058 env->icount_decr.u16.low++;
4059 env->hflags &= ~MIPS_HFLAG_BMASK;
4061 #elif defined(TARGET_SH4)
4062 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4065 env->icount_decr.u16.low++;
4066 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4069 /* This should never happen. */
4070 if (n > CF_COUNT_MASK)
4071 cpu_abort(env, "TB too big during recompile");
4073 cflags = n | CF_LAST_IO;
4075 cs_base = tb->cs_base;
4077 tb_phys_invalidate(tb, -1);
4078 /* FIXME: In theory this could raise an exception. In practice
4079 we have already translated the block once so it's probably ok. */
4080 tb_gen_code(env, pc, cs_base, flags, cflags);
4081 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4082 the first in the TB) then we end up generating a whole new TB and
4083 repeating the fault, which is horribly inefficient.
4084 Better would be to execute just this insn uncached, or generate a
4086 cpu_resume_from_signal(env, NULL);
4089 #if !defined(CONFIG_USER_ONLY)
4091 void dump_exec_info(FILE *f,
4092 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
4094 int i, target_code_size, max_target_code_size;
4095 int direct_jmp_count, direct_jmp2_count, cross_page;
4096 TranslationBlock *tb;
4098 target_code_size = 0;
4099 max_target_code_size = 0;
4101 direct_jmp_count = 0;
4102 direct_jmp2_count = 0;
4103 for(i = 0; i < nb_tbs; i++) {
4105 target_code_size += tb->size;
4106 if (tb->size > max_target_code_size)
4107 max_target_code_size = tb->size;
4108 if (tb->page_addr[1] != -1)
4110 if (tb->tb_next_offset[0] != 0xffff) {
4112 if (tb->tb_next_offset[1] != 0xffff) {
4113 direct_jmp2_count++;
4117 /* XXX: avoid using doubles ? */
4118 cpu_fprintf(f, "Translation buffer state:\n");
4119 cpu_fprintf(f, "gen code size %ld/%ld\n",
4120 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4121 cpu_fprintf(f, "TB count %d/%d\n",
4122 nb_tbs, code_gen_max_blocks);
4123 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4124 nb_tbs ? target_code_size / nb_tbs : 0,
4125 max_target_code_size);
4126 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4127 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4128 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4129 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4131 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4132 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4134 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4136 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4137 cpu_fprintf(f, "\nStatistics:\n");
4138 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4139 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4140 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4141 tcg_dump_info(f, cpu_fprintf);
4144 #define MMUSUFFIX _cmmu
4145 #define GETPC() NULL
4146 #define env cpu_single_env
4147 #define SOFTMMU_CODE_ACCESS
4150 #include "softmmu_template.h"
4153 #include "softmmu_template.h"
4156 #include "softmmu_template.h"
4159 #include "softmmu_template.h"
projects / qemu.git / blob