2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
36 #include "qemu-common.h"
41 #include "qemu-timer.h"
42 #if defined(CONFIG_USER_ONLY)
45 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
46 #include <sys/param.h>
47 #if __FreeBSD_version >= 700104
48 #define HAVE_KINFO_GETVMMAP
49 #define sigqueue sigqueue_freebsd /* avoid redefinition */
52 #include <machine/profile.h>
62 //#define DEBUG_TB_INVALIDATE
65 //#define DEBUG_UNASSIGNED
67 /* make various TB consistency checks */
68 //#define DEBUG_TB_CHECK
69 //#define DEBUG_TLB_CHECK
71 //#define DEBUG_IOPORT
72 //#define DEBUG_SUBPAGE
74 #if !defined(CONFIG_USER_ONLY)
75 /* TB consistency checks only implemented for usermode emulation. */
79 #define SMC_BITMAP_USE_THRESHOLD 10
81 static TranslationBlock *tbs;
82 int code_gen_max_blocks;
83 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
85 /* any access to the tbs or the page table must use this lock */
86 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
88 #if defined(__arm__) || defined(__sparc_v9__)
89 /* The prologue must be reachable with a direct jump. ARM and Sparc64
90 have limited branch ranges (possibly also PPC) so place it in a
91 section close to code segment. */
92 #define code_gen_section \
93 __attribute__((__section__(".gen_code"))) \
94 __attribute__((aligned (32)))
96 /* Maximum alignment for Win32 is 16. */
97 #define code_gen_section \
98 __attribute__((aligned (16)))
100 #define code_gen_section \
101 __attribute__((aligned (32)))
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 uint8_t *code_gen_ptr;
111 #if !defined(CONFIG_USER_ONLY)
113 uint8_t *phys_ram_dirty;
114 static int in_migration;
116 typedef struct RAMBlock {
120 struct RAMBlock *next;
123 static RAMBlock *ram_blocks;
124 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
125 then we can no longer assume contiguous ram offsets, and external uses
126 of this variable will break. */
127 ram_addr_t last_ram_offset;
131 /* current CPU in the current thread. It is only valid inside
133 CPUState *cpu_single_env;
134 /* 0 = Do not count executed instructions.
135 1 = Precise instruction counting.
136 2 = Adaptive rate instruction counting. */
138 /* Current instruction counter. While executing translated code this may
139 include some instructions that have not yet been executed. */
142 typedef struct PageDesc {
143 /* list of TBs intersecting this ram page */
144 TranslationBlock *first_tb;
145 /* in order to optimize self modifying code, we count the number
146 of lookups we do to a given page to use a bitmap */
147 unsigned int code_write_count;
148 uint8_t *code_bitmap;
149 #if defined(CONFIG_USER_ONLY)
154 /* In system mode we want L1_MAP to be based on ram offsets,
155 while in user mode we want it to be based on virtual addresses. */
156 #if !defined(CONFIG_USER_ONLY)
157 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
158 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
160 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
163 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
166 /* Size of the L2 (and L3, etc) page tables. */
168 #define L2_SIZE (1 << L2_BITS)
170 /* The bits remaining after N lower levels of page tables. */
171 #define P_L1_BITS_REM \
172 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
173 #define V_L1_BITS_REM \
174 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
176 /* Size of the L1 page table. Avoid silly small sizes. */
177 #if P_L1_BITS_REM < 4
178 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
180 #define P_L1_BITS P_L1_BITS_REM
183 #if V_L1_BITS_REM < 4
184 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
186 #define V_L1_BITS V_L1_BITS_REM
189 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
190 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
192 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
193 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
195 unsigned long qemu_real_host_page_size;
196 unsigned long qemu_host_page_bits;
197 unsigned long qemu_host_page_size;
198 unsigned long qemu_host_page_mask;
200 /* This is a multi-level map on the virtual address space.
201 The bottom level has pointers to PageDesc. */
202 static void *l1_map[V_L1_SIZE];
204 #if !defined(CONFIG_USER_ONLY)
205 typedef struct PhysPageDesc {
206 /* offset in host memory of the page + io_index in the low bits */
207 ram_addr_t phys_offset;
208 ram_addr_t region_offset;
211 /* This is a multi-level map on the physical address space.
212 The bottom level has pointers to PhysPageDesc. */
213 static void *l1_phys_map[P_L1_SIZE];
215 static void io_mem_init(void);
217 /* io memory support */
218 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
219 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
220 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
221 static char io_mem_used[IO_MEM_NB_ENTRIES];
222 static int io_mem_watch;
227 static const char *logfilename = "qemu.log";
229 static const char *logfilename = "/tmp/qemu.log";
233 static int log_append = 0;
236 #if !defined(CONFIG_USER_ONLY)
237 static int tlb_flush_count;
239 static int tb_flush_count;
240 static int tb_phys_invalidate_count;
243 static void map_exec(void *addr, long size)
246 VirtualProtect(addr, size,
247 PAGE_EXECUTE_READWRITE, &old_protect);
251 static void map_exec(void *addr, long size)
253 unsigned long start, end, page_size;
255 page_size = getpagesize();
256 start = (unsigned long)addr;
257 start &= ~(page_size - 1);
259 end = (unsigned long)addr + size;
260 end += page_size - 1;
261 end &= ~(page_size - 1);
263 mprotect((void *)start, end - start,
264 PROT_READ | PROT_WRITE | PROT_EXEC);
268 static void page_init(void)
270 /* NOTE: we can always suppose that qemu_host_page_size >=
274 SYSTEM_INFO system_info;
276 GetSystemInfo(&system_info);
277 qemu_real_host_page_size = system_info.dwPageSize;
280 qemu_real_host_page_size = getpagesize();
282 if (qemu_host_page_size == 0)
283 qemu_host_page_size = qemu_real_host_page_size;
284 if (qemu_host_page_size < TARGET_PAGE_SIZE)
285 qemu_host_page_size = TARGET_PAGE_SIZE;
286 qemu_host_page_bits = 0;
287 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
288 qemu_host_page_bits++;
289 qemu_host_page_mask = ~(qemu_host_page_size - 1);
291 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
293 #ifdef HAVE_KINFO_GETVMMAP
294 struct kinfo_vmentry *freep;
297 freep = kinfo_getvmmap(getpid(), &cnt);
300 for (i = 0; i < cnt; i++) {
301 unsigned long startaddr, endaddr;
303 startaddr = freep[i].kve_start;
304 endaddr = freep[i].kve_end;
305 if (h2g_valid(startaddr)) {
306 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
308 if (h2g_valid(endaddr)) {
309 endaddr = h2g(endaddr);
310 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
312 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
314 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
325 last_brk = (unsigned long)sbrk(0);
327 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
328 f = fopen("/compat/linux/proc/self/maps", "r");
330 f = fopen("/proc/self/maps", "r");
336 unsigned long startaddr, endaddr;
339 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
341 if (n == 2 && h2g_valid(startaddr)) {
342 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
344 if (h2g_valid(endaddr)) {
345 endaddr = h2g(endaddr);
349 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
361 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
367 #if defined(CONFIG_USER_ONLY)
368 /* We can't use qemu_malloc because it may recurse into a locked mutex.
369 Neither can we record the new pages we reserve while allocating a
370 given page because that may recurse into an unallocated page table
371 entry. Stuff the allocations we do make into a queue and process
372 them after having completed one entire page table allocation. */
374 unsigned long reserve[2 * (V_L1_SHIFT / L2_BITS)];
377 # define ALLOC(P, SIZE) \
379 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
380 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
381 if (h2g_valid(P)) { \
382 reserve[reserve_idx] = h2g(P); \
383 reserve[reserve_idx + 1] = SIZE; \
388 # define ALLOC(P, SIZE) \
389 do { P = qemu_mallocz(SIZE); } while (0)
392 /* Level 1. Always allocated. */
393 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
396 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
403 ALLOC(p, sizeof(void *) * L2_SIZE);
407 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
415 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
420 #if defined(CONFIG_USER_ONLY)
421 for (i = 0; i < reserve_idx; i += 2) {
422 unsigned long addr = reserve[i];
423 unsigned long len = reserve[i + 1];
425 page_set_flags(addr & TARGET_PAGE_MASK,
426 TARGET_PAGE_ALIGN(addr + len),
431 return pd + (index & (L2_SIZE - 1));
434 static inline PageDesc *page_find(tb_page_addr_t index)
436 return page_find_alloc(index, 0);
439 #if !defined(CONFIG_USER_ONLY)
440 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
446 /* Level 1. Always allocated. */
447 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
450 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
456 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
458 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
469 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
471 for (i = 0; i < L2_SIZE; i++) {
472 pd[i].phys_offset = IO_MEM_UNASSIGNED;
473 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
477 return pd + (index & (L2_SIZE - 1));
480 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
482 return phys_page_find_alloc(index, 0);
485 static void tlb_protect_code(ram_addr_t ram_addr);
486 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
488 #define mmap_lock() do { } while(0)
489 #define mmap_unlock() do { } while(0)
492 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
494 #if defined(CONFIG_USER_ONLY)
495 /* Currently it is not recommended to allocate big chunks of data in
496 user mode. It will change when a dedicated libc will be used */
497 #define USE_STATIC_CODE_GEN_BUFFER
500 #ifdef USE_STATIC_CODE_GEN_BUFFER
501 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
502 __attribute__((aligned (CODE_GEN_ALIGN)));
505 static void code_gen_alloc(unsigned long tb_size)
507 #ifdef USE_STATIC_CODE_GEN_BUFFER
508 code_gen_buffer = static_code_gen_buffer;
509 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
510 map_exec(code_gen_buffer, code_gen_buffer_size);
512 code_gen_buffer_size = tb_size;
513 if (code_gen_buffer_size == 0) {
514 #if defined(CONFIG_USER_ONLY)
515 /* in user mode, phys_ram_size is not meaningful */
516 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
518 /* XXX: needs adjustments */
519 code_gen_buffer_size = (unsigned long)(ram_size / 4);
522 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
523 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
524 /* The code gen buffer location may have constraints depending on
525 the host cpu and OS */
526 #if defined(__linux__)
531 flags = MAP_PRIVATE | MAP_ANONYMOUS;
532 #if defined(__x86_64__)
534 /* Cannot map more than that */
535 if (code_gen_buffer_size > (800 * 1024 * 1024))
536 code_gen_buffer_size = (800 * 1024 * 1024);
537 #elif defined(__sparc_v9__)
538 // Map the buffer below 2G, so we can use direct calls and branches
540 start = (void *) 0x60000000UL;
541 if (code_gen_buffer_size > (512 * 1024 * 1024))
542 code_gen_buffer_size = (512 * 1024 * 1024);
543 #elif defined(__arm__)
544 /* Map the buffer below 32M, so we can use direct calls and branches */
546 start = (void *) 0x01000000UL;
547 if (code_gen_buffer_size > 16 * 1024 * 1024)
548 code_gen_buffer_size = 16 * 1024 * 1024;
550 code_gen_buffer = mmap(start, code_gen_buffer_size,
551 PROT_WRITE | PROT_READ | PROT_EXEC,
553 if (code_gen_buffer == MAP_FAILED) {
554 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
558 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
562 flags = MAP_PRIVATE | MAP_ANONYMOUS;
563 #if defined(__x86_64__)
564 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
565 * 0x40000000 is free */
567 addr = (void *)0x40000000;
568 /* Cannot map more than that */
569 if (code_gen_buffer_size > (800 * 1024 * 1024))
570 code_gen_buffer_size = (800 * 1024 * 1024);
572 code_gen_buffer = mmap(addr, code_gen_buffer_size,
573 PROT_WRITE | PROT_READ | PROT_EXEC,
575 if (code_gen_buffer == MAP_FAILED) {
576 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
581 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
582 map_exec(code_gen_buffer, code_gen_buffer_size);
584 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
585 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
586 code_gen_buffer_max_size = code_gen_buffer_size -
587 code_gen_max_block_size();
588 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
589 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
592 /* Must be called before using the QEMU cpus. 'tb_size' is the size
593 (in bytes) allocated to the translation buffer. Zero means default
595 void cpu_exec_init_all(unsigned long tb_size)
598 code_gen_alloc(tb_size);
599 code_gen_ptr = code_gen_buffer;
601 #if !defined(CONFIG_USER_ONLY)
606 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
608 static int cpu_common_post_load(void *opaque, int version_id)
610 CPUState *env = opaque;
612 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
613 version_id is increased. */
614 env->interrupt_request &= ~0x01;
620 static const VMStateDescription vmstate_cpu_common = {
621 .name = "cpu_common",
623 .minimum_version_id = 1,
624 .minimum_version_id_old = 1,
625 .post_load = cpu_common_post_load,
626 .fields = (VMStateField []) {
627 VMSTATE_UINT32(halted, CPUState),
628 VMSTATE_UINT32(interrupt_request, CPUState),
629 VMSTATE_END_OF_LIST()
634 CPUState *qemu_get_cpu(int cpu)
636 CPUState *env = first_cpu;
639 if (env->cpu_index == cpu)
647 void cpu_exec_init(CPUState *env)
652 #if defined(CONFIG_USER_ONLY)
655 env->next_cpu = NULL;
658 while (*penv != NULL) {
659 penv = &(*penv)->next_cpu;
662 env->cpu_index = cpu_index;
664 QTAILQ_INIT(&env->breakpoints);
665 QTAILQ_INIT(&env->watchpoints);
667 #if defined(CONFIG_USER_ONLY)
670 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
671 vmstate_register(cpu_index, &vmstate_cpu_common, env);
672 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
673 cpu_save, cpu_load, env);
677 static inline void invalidate_page_bitmap(PageDesc *p)
679 if (p->code_bitmap) {
680 qemu_free(p->code_bitmap);
681 p->code_bitmap = NULL;
683 p->code_write_count = 0;
686 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
688 static void page_flush_tb_1 (int level, void **lp)
697 for (i = 0; i < L2_SIZE; ++i) {
698 pd[i].first_tb = NULL;
699 invalidate_page_bitmap(pd + i);
703 for (i = 0; i < L2_SIZE; ++i) {
704 page_flush_tb_1 (level - 1, pp + i);
709 static void page_flush_tb(void)
712 for (i = 0; i < V_L1_SIZE; i++) {
713 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
717 /* flush all the translation blocks */
718 /* XXX: tb_flush is currently not thread safe */
719 void tb_flush(CPUState *env1)
722 #if defined(DEBUG_FLUSH)
723 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
724 (unsigned long)(code_gen_ptr - code_gen_buffer),
726 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
728 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
729 cpu_abort(env1, "Internal error: code buffer overflow\n");
733 for(env = first_cpu; env != NULL; env = env->next_cpu) {
734 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
737 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
740 code_gen_ptr = code_gen_buffer;
741 /* XXX: flush processor icache at this point if cache flush is
746 #ifdef DEBUG_TB_CHECK
748 static void tb_invalidate_check(target_ulong address)
750 TranslationBlock *tb;
752 address &= TARGET_PAGE_MASK;
753 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
754 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
755 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
756 address >= tb->pc + tb->size)) {
757 printf("ERROR invalidate: address=" TARGET_FMT_lx
758 " PC=%08lx size=%04x\n",
759 address, (long)tb->pc, tb->size);
765 /* verify that all the pages have correct rights for code */
766 static void tb_page_check(void)
768 TranslationBlock *tb;
769 int i, flags1, flags2;
771 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
772 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
773 flags1 = page_get_flags(tb->pc);
774 flags2 = page_get_flags(tb->pc + tb->size - 1);
775 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
776 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
777 (long)tb->pc, tb->size, flags1, flags2);
785 /* invalidate one TB */
786 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
789 TranslationBlock *tb1;
793 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
796 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
800 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
802 TranslationBlock *tb1;
808 tb1 = (TranslationBlock *)((long)tb1 & ~3);
810 *ptb = tb1->page_next[n1];
813 ptb = &tb1->page_next[n1];
817 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
819 TranslationBlock *tb1, **ptb;
822 ptb = &tb->jmp_next[n];
825 /* find tb(n) in circular list */
829 tb1 = (TranslationBlock *)((long)tb1 & ~3);
830 if (n1 == n && tb1 == tb)
833 ptb = &tb1->jmp_first;
835 ptb = &tb1->jmp_next[n1];
838 /* now we can suppress tb(n) from the list */
839 *ptb = tb->jmp_next[n];
841 tb->jmp_next[n] = NULL;
845 /* reset the jump entry 'n' of a TB so that it is not chained to
847 static inline void tb_reset_jump(TranslationBlock *tb, int n)
849 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
852 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
857 tb_page_addr_t phys_pc;
858 TranslationBlock *tb1, *tb2;
860 /* remove the TB from the hash list */
861 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
862 h = tb_phys_hash_func(phys_pc);
863 tb_remove(&tb_phys_hash[h], tb,
864 offsetof(TranslationBlock, phys_hash_next));
866 /* remove the TB from the page list */
867 if (tb->page_addr[0] != page_addr) {
868 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
869 tb_page_remove(&p->first_tb, tb);
870 invalidate_page_bitmap(p);
872 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
873 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
874 tb_page_remove(&p->first_tb, tb);
875 invalidate_page_bitmap(p);
878 tb_invalidated_flag = 1;
880 /* remove the TB from the hash list */
881 h = tb_jmp_cache_hash_func(tb->pc);
882 for(env = first_cpu; env != NULL; env = env->next_cpu) {
883 if (env->tb_jmp_cache[h] == tb)
884 env->tb_jmp_cache[h] = NULL;
887 /* suppress this TB from the two jump lists */
888 tb_jmp_remove(tb, 0);
889 tb_jmp_remove(tb, 1);
891 /* suppress any remaining jumps to this TB */
897 tb1 = (TranslationBlock *)((long)tb1 & ~3);
898 tb2 = tb1->jmp_next[n1];
899 tb_reset_jump(tb1, n1);
900 tb1->jmp_next[n1] = NULL;
903 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
905 tb_phys_invalidate_count++;
908 static inline void set_bits(uint8_t *tab, int start, int len)
914 mask = 0xff << (start & 7);
915 if ((start & ~7) == (end & ~7)) {
917 mask &= ~(0xff << (end & 7));
922 start = (start + 8) & ~7;
924 while (start < end1) {
929 mask = ~(0xff << (end & 7));
935 static void build_page_bitmap(PageDesc *p)
937 int n, tb_start, tb_end;
938 TranslationBlock *tb;
940 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
945 tb = (TranslationBlock *)((long)tb & ~3);
946 /* NOTE: this is subtle as a TB may span two physical pages */
948 /* NOTE: tb_end may be after the end of the page, but
949 it is not a problem */
950 tb_start = tb->pc & ~TARGET_PAGE_MASK;
951 tb_end = tb_start + tb->size;
952 if (tb_end > TARGET_PAGE_SIZE)
953 tb_end = TARGET_PAGE_SIZE;
956 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
958 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
959 tb = tb->page_next[n];
963 TranslationBlock *tb_gen_code(CPUState *env,
964 target_ulong pc, target_ulong cs_base,
965 int flags, int cflags)
967 TranslationBlock *tb;
969 tb_page_addr_t phys_pc, phys_page2;
970 target_ulong virt_page2;
973 phys_pc = get_page_addr_code(env, pc);
976 /* flush must be done */
978 /* cannot fail at this point */
980 /* Don't forget to invalidate previous TB info. */
981 tb_invalidated_flag = 1;
983 tc_ptr = code_gen_ptr;
985 tb->cs_base = cs_base;
988 cpu_gen_code(env, tb, &code_gen_size);
989 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
991 /* check next page if needed */
992 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
994 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
995 phys_page2 = get_page_addr_code(env, virt_page2);
997 tb_link_page(tb, phys_pc, phys_page2);
1001 /* invalidate all TBs which intersect with the target physical page
1002 starting in range [start;end[. NOTE: start and end must refer to
1003 the same physical page. 'is_cpu_write_access' should be true if called
1004 from a real cpu write access: the virtual CPU will exit the current
1005 TB if code is modified inside this TB. */
1006 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1007 int is_cpu_write_access)
1009 TranslationBlock *tb, *tb_next, *saved_tb;
1010 CPUState *env = cpu_single_env;
1011 tb_page_addr_t tb_start, tb_end;
1014 #ifdef TARGET_HAS_PRECISE_SMC
1015 int current_tb_not_found = is_cpu_write_access;
1016 TranslationBlock *current_tb = NULL;
1017 int current_tb_modified = 0;
1018 target_ulong current_pc = 0;
1019 target_ulong current_cs_base = 0;
1020 int current_flags = 0;
1021 #endif /* TARGET_HAS_PRECISE_SMC */
1023 p = page_find(start >> TARGET_PAGE_BITS);
1026 if (!p->code_bitmap &&
1027 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1028 is_cpu_write_access) {
1029 /* build code bitmap */
1030 build_page_bitmap(p);
1033 /* we remove all the TBs in the range [start, end[ */
1034 /* XXX: see if in some cases it could be faster to invalidate all the code */
1036 while (tb != NULL) {
1038 tb = (TranslationBlock *)((long)tb & ~3);
1039 tb_next = tb->page_next[n];
1040 /* NOTE: this is subtle as a TB may span two physical pages */
1042 /* NOTE: tb_end may be after the end of the page, but
1043 it is not a problem */
1044 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1045 tb_end = tb_start + tb->size;
1047 tb_start = tb->page_addr[1];
1048 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1050 if (!(tb_end <= start || tb_start >= end)) {
1051 #ifdef TARGET_HAS_PRECISE_SMC
1052 if (current_tb_not_found) {
1053 current_tb_not_found = 0;
1055 if (env->mem_io_pc) {
1056 /* now we have a real cpu fault */
1057 current_tb = tb_find_pc(env->mem_io_pc);
1060 if (current_tb == tb &&
1061 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1062 /* If we are modifying the current TB, we must stop
1063 its execution. We could be more precise by checking
1064 that the modification is after the current PC, but it
1065 would require a specialized function to partially
1066 restore the CPU state */
1068 current_tb_modified = 1;
1069 cpu_restore_state(current_tb, env,
1070 env->mem_io_pc, NULL);
1071 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1074 #endif /* TARGET_HAS_PRECISE_SMC */
1075 /* we need to do that to handle the case where a signal
1076 occurs while doing tb_phys_invalidate() */
1079 saved_tb = env->current_tb;
1080 env->current_tb = NULL;
1082 tb_phys_invalidate(tb, -1);
1084 env->current_tb = saved_tb;
1085 if (env->interrupt_request && env->current_tb)
1086 cpu_interrupt(env, env->interrupt_request);
1091 #if !defined(CONFIG_USER_ONLY)
1092 /* if no code remaining, no need to continue to use slow writes */
1094 invalidate_page_bitmap(p);
1095 if (is_cpu_write_access) {
1096 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1100 #ifdef TARGET_HAS_PRECISE_SMC
1101 if (current_tb_modified) {
1102 /* we generate a block containing just the instruction
1103 modifying the memory. It will ensure that it cannot modify
1105 env->current_tb = NULL;
1106 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1107 cpu_resume_from_signal(env, NULL);
1112 /* len must be <= 8 and start must be a multiple of len */
1113 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1119 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1120 cpu_single_env->mem_io_vaddr, len,
1121 cpu_single_env->eip,
1122 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1125 p = page_find(start >> TARGET_PAGE_BITS);
1128 if (p->code_bitmap) {
1129 offset = start & ~TARGET_PAGE_MASK;
1130 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1131 if (b & ((1 << len) - 1))
1135 tb_invalidate_phys_page_range(start, start + len, 1);
1139 #if !defined(CONFIG_SOFTMMU)
1140 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1141 unsigned long pc, void *puc)
1143 TranslationBlock *tb;
1146 #ifdef TARGET_HAS_PRECISE_SMC
1147 TranslationBlock *current_tb = NULL;
1148 CPUState *env = cpu_single_env;
1149 int current_tb_modified = 0;
1150 target_ulong current_pc = 0;
1151 target_ulong current_cs_base = 0;
1152 int current_flags = 0;
1155 addr &= TARGET_PAGE_MASK;
1156 p = page_find(addr >> TARGET_PAGE_BITS);
1160 #ifdef TARGET_HAS_PRECISE_SMC
1161 if (tb && pc != 0) {
1162 current_tb = tb_find_pc(pc);
1165 while (tb != NULL) {
1167 tb = (TranslationBlock *)((long)tb & ~3);
1168 #ifdef TARGET_HAS_PRECISE_SMC
1169 if (current_tb == tb &&
1170 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1171 /* If we are modifying the current TB, we must stop
1172 its execution. We could be more precise by checking
1173 that the modification is after the current PC, but it
1174 would require a specialized function to partially
1175 restore the CPU state */
1177 current_tb_modified = 1;
1178 cpu_restore_state(current_tb, env, pc, puc);
1179 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1182 #endif /* TARGET_HAS_PRECISE_SMC */
1183 tb_phys_invalidate(tb, addr);
1184 tb = tb->page_next[n];
1187 #ifdef TARGET_HAS_PRECISE_SMC
1188 if (current_tb_modified) {
1189 /* we generate a block containing just the instruction
1190 modifying the memory. It will ensure that it cannot modify
1192 env->current_tb = NULL;
1193 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1194 cpu_resume_from_signal(env, puc);
1200 /* add the tb in the target page and protect it if necessary */
1201 static inline void tb_alloc_page(TranslationBlock *tb,
1202 unsigned int n, tb_page_addr_t page_addr)
1205 TranslationBlock *last_first_tb;
1207 tb->page_addr[n] = page_addr;
1208 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1209 tb->page_next[n] = p->first_tb;
1210 last_first_tb = p->first_tb;
1211 p->first_tb = (TranslationBlock *)((long)tb | n);
1212 invalidate_page_bitmap(p);
1214 #if defined(TARGET_HAS_SMC) || 1
1216 #if defined(CONFIG_USER_ONLY)
1217 if (p->flags & PAGE_WRITE) {
1222 /* force the host page as non writable (writes will have a
1223 page fault + mprotect overhead) */
1224 page_addr &= qemu_host_page_mask;
1226 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1227 addr += TARGET_PAGE_SIZE) {
1229 p2 = page_find (addr >> TARGET_PAGE_BITS);
1233 p2->flags &= ~PAGE_WRITE;
1235 mprotect(g2h(page_addr), qemu_host_page_size,
1236 (prot & PAGE_BITS) & ~PAGE_WRITE);
1237 #ifdef DEBUG_TB_INVALIDATE
1238 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1243 /* if some code is already present, then the pages are already
1244 protected. So we handle the case where only the first TB is
1245 allocated in a physical page */
1246 if (!last_first_tb) {
1247 tlb_protect_code(page_addr);
1251 #endif /* TARGET_HAS_SMC */
1254 /* Allocate a new translation block. Flush the translation buffer if
1255 too many translation blocks or too much generated code. */
1256 TranslationBlock *tb_alloc(target_ulong pc)
1258 TranslationBlock *tb;
1260 if (nb_tbs >= code_gen_max_blocks ||
1261 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1263 tb = &tbs[nb_tbs++];
1269 void tb_free(TranslationBlock *tb)
1271 /* In practice this is mostly used for single use temporary TB
1272 Ignore the hard cases and just back up if this TB happens to
1273 be the last one generated. */
1274 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1275 code_gen_ptr = tb->tc_ptr;
1280 /* add a new TB and link it to the physical page tables. phys_page2 is
1281 (-1) to indicate that only one page contains the TB. */
1282 void tb_link_page(TranslationBlock *tb,
1283 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1286 TranslationBlock **ptb;
1288 /* Grab the mmap lock to stop another thread invalidating this TB
1289 before we are done. */
1291 /* add in the physical hash table */
1292 h = tb_phys_hash_func(phys_pc);
1293 ptb = &tb_phys_hash[h];
1294 tb->phys_hash_next = *ptb;
1297 /* add in the page list */
1298 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1299 if (phys_page2 != -1)
1300 tb_alloc_page(tb, 1, phys_page2);
1302 tb->page_addr[1] = -1;
1304 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1305 tb->jmp_next[0] = NULL;
1306 tb->jmp_next[1] = NULL;
1308 /* init original jump addresses */
1309 if (tb->tb_next_offset[0] != 0xffff)
1310 tb_reset_jump(tb, 0);
1311 if (tb->tb_next_offset[1] != 0xffff)
1312 tb_reset_jump(tb, 1);
1314 #ifdef DEBUG_TB_CHECK
1320 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1321 tb[1].tc_ptr. Return NULL if not found */
1322 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1324 int m_min, m_max, m;
1326 TranslationBlock *tb;
1330 if (tc_ptr < (unsigned long)code_gen_buffer ||
1331 tc_ptr >= (unsigned long)code_gen_ptr)
1333 /* binary search (cf Knuth) */
1336 while (m_min <= m_max) {
1337 m = (m_min + m_max) >> 1;
1339 v = (unsigned long)tb->tc_ptr;
1342 else if (tc_ptr < v) {
1351 static void tb_reset_jump_recursive(TranslationBlock *tb);
1353 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1355 TranslationBlock *tb1, *tb_next, **ptb;
1358 tb1 = tb->jmp_next[n];
1360 /* find head of list */
1363 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1366 tb1 = tb1->jmp_next[n1];
1368 /* we are now sure now that tb jumps to tb1 */
1371 /* remove tb from the jmp_first list */
1372 ptb = &tb_next->jmp_first;
1376 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1377 if (n1 == n && tb1 == tb)
1379 ptb = &tb1->jmp_next[n1];
1381 *ptb = tb->jmp_next[n];
1382 tb->jmp_next[n] = NULL;
1384 /* suppress the jump to next tb in generated code */
1385 tb_reset_jump(tb, n);
1387 /* suppress jumps in the tb on which we could have jumped */
1388 tb_reset_jump_recursive(tb_next);
1392 static void tb_reset_jump_recursive(TranslationBlock *tb)
1394 tb_reset_jump_recursive2(tb, 0);
1395 tb_reset_jump_recursive2(tb, 1);
1398 #if defined(TARGET_HAS_ICE)
1399 #if defined(CONFIG_USER_ONLY)
1400 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1402 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1405 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1407 target_phys_addr_t addr;
1409 ram_addr_t ram_addr;
1412 addr = cpu_get_phys_page_debug(env, pc);
1413 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1415 pd = IO_MEM_UNASSIGNED;
1417 pd = p->phys_offset;
1419 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1420 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1423 #endif /* TARGET_HAS_ICE */
1425 #if defined(CONFIG_USER_ONLY)
1426 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1431 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1432 int flags, CPUWatchpoint **watchpoint)
1437 /* Add a watchpoint. */
1438 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1439 int flags, CPUWatchpoint **watchpoint)
1441 target_ulong len_mask = ~(len - 1);
1444 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1445 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1446 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1447 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1450 wp = qemu_malloc(sizeof(*wp));
1453 wp->len_mask = len_mask;
1456 /* keep all GDB-injected watchpoints in front */
1458 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1460 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1462 tlb_flush_page(env, addr);
1469 /* Remove a specific watchpoint. */
1470 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1473 target_ulong len_mask = ~(len - 1);
1476 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1477 if (addr == wp->vaddr && len_mask == wp->len_mask
1478 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1479 cpu_watchpoint_remove_by_ref(env, wp);
1486 /* Remove a specific watchpoint by reference. */
1487 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1489 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1491 tlb_flush_page(env, watchpoint->vaddr);
1493 qemu_free(watchpoint);
1496 /* Remove all matching watchpoints. */
1497 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1499 CPUWatchpoint *wp, *next;
1501 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1502 if (wp->flags & mask)
1503 cpu_watchpoint_remove_by_ref(env, wp);
1508 /* Add a breakpoint. */
1509 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1510 CPUBreakpoint **breakpoint)
1512 #if defined(TARGET_HAS_ICE)
1515 bp = qemu_malloc(sizeof(*bp));
1520 /* keep all GDB-injected breakpoints in front */
1522 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1524 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1526 breakpoint_invalidate(env, pc);
1536 /* Remove a specific breakpoint. */
1537 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1539 #if defined(TARGET_HAS_ICE)
1542 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1543 if (bp->pc == pc && bp->flags == flags) {
1544 cpu_breakpoint_remove_by_ref(env, bp);
1554 /* Remove a specific breakpoint by reference. */
1555 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1557 #if defined(TARGET_HAS_ICE)
1558 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1560 breakpoint_invalidate(env, breakpoint->pc);
1562 qemu_free(breakpoint);
1566 /* Remove all matching breakpoints. */
1567 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1569 #if defined(TARGET_HAS_ICE)
1570 CPUBreakpoint *bp, *next;
1572 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1573 if (bp->flags & mask)
1574 cpu_breakpoint_remove_by_ref(env, bp);
1579 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1580 CPU loop after each instruction */
1581 void cpu_single_step(CPUState *env, int enabled)
1583 #if defined(TARGET_HAS_ICE)
1584 if (env->singlestep_enabled != enabled) {
1585 env->singlestep_enabled = enabled;
1587 kvm_update_guest_debug(env, 0);
1589 /* must flush all the translated code to avoid inconsistencies */
1590 /* XXX: only flush what is necessary */
1597 /* enable or disable low levels log */
1598 void cpu_set_log(int log_flags)
1600 loglevel = log_flags;
1601 if (loglevel && !logfile) {
1602 logfile = fopen(logfilename, log_append ? "a" : "w");
1604 perror(logfilename);
1607 #if !defined(CONFIG_SOFTMMU)
1608 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1610 static char logfile_buf[4096];
1611 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1613 #elif !defined(_WIN32)
1614 /* Win32 doesn't support line-buffering and requires size >= 2 */
1615 setvbuf(logfile, NULL, _IOLBF, 0);
1619 if (!loglevel && logfile) {
1625 void cpu_set_log_filename(const char *filename)
1627 logfilename = strdup(filename);
1632 cpu_set_log(loglevel);
1635 static void cpu_unlink_tb(CPUState *env)
1637 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1638 problem and hope the cpu will stop of its own accord. For userspace
1639 emulation this often isn't actually as bad as it sounds. Often
1640 signals are used primarily to interrupt blocking syscalls. */
1641 TranslationBlock *tb;
1642 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1644 spin_lock(&interrupt_lock);
1645 tb = env->current_tb;
1646 /* if the cpu is currently executing code, we must unlink it and
1647 all the potentially executing TB */
1649 env->current_tb = NULL;
1650 tb_reset_jump_recursive(tb);
1652 spin_unlock(&interrupt_lock);
1655 /* mask must never be zero, except for A20 change call */
1656 void cpu_interrupt(CPUState *env, int mask)
1660 old_mask = env->interrupt_request;
1661 env->interrupt_request |= mask;
1663 #ifndef CONFIG_USER_ONLY
1665 * If called from iothread context, wake the target cpu in
1668 if (!qemu_cpu_self(env)) {
1675 env->icount_decr.u16.high = 0xffff;
1676 #ifndef CONFIG_USER_ONLY
1678 && (mask & ~old_mask) != 0) {
1679 cpu_abort(env, "Raised interrupt while not in I/O function");
1687 void cpu_reset_interrupt(CPUState *env, int mask)
1689 env->interrupt_request &= ~mask;
1692 void cpu_exit(CPUState *env)
1694 env->exit_request = 1;
1698 const CPULogItem cpu_log_items[] = {
1699 { CPU_LOG_TB_OUT_ASM, "out_asm",
1700 "show generated host assembly code for each compiled TB" },
1701 { CPU_LOG_TB_IN_ASM, "in_asm",
1702 "show target assembly code for each compiled TB" },
1703 { CPU_LOG_TB_OP, "op",
1704 "show micro ops for each compiled TB" },
1705 { CPU_LOG_TB_OP_OPT, "op_opt",
1708 "before eflags optimization and "
1710 "after liveness analysis" },
1711 { CPU_LOG_INT, "int",
1712 "show interrupts/exceptions in short format" },
1713 { CPU_LOG_EXEC, "exec",
1714 "show trace before each executed TB (lots of logs)" },
1715 { CPU_LOG_TB_CPU, "cpu",
1716 "show CPU state before block translation" },
1718 { CPU_LOG_PCALL, "pcall",
1719 "show protected mode far calls/returns/exceptions" },
1720 { CPU_LOG_RESET, "cpu_reset",
1721 "show CPU state before CPU resets" },
1724 { CPU_LOG_IOPORT, "ioport",
1725 "show all i/o ports accesses" },
1730 #ifndef CONFIG_USER_ONLY
1731 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1732 = QLIST_HEAD_INITIALIZER(memory_client_list);
1734 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1736 ram_addr_t phys_offset)
1738 CPUPhysMemoryClient *client;
1739 QLIST_FOREACH(client, &memory_client_list, list) {
1740 client->set_memory(client, start_addr, size, phys_offset);
1744 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1745 target_phys_addr_t end)
1747 CPUPhysMemoryClient *client;
1748 QLIST_FOREACH(client, &memory_client_list, list) {
1749 int r = client->sync_dirty_bitmap(client, start, end);
1756 static int cpu_notify_migration_log(int enable)
1758 CPUPhysMemoryClient *client;
1759 QLIST_FOREACH(client, &memory_client_list, list) {
1760 int r = client->migration_log(client, enable);
1767 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1768 int level, void **lp)
1776 PhysPageDesc *pd = *lp;
1777 for (i = 0; i < L2_SIZE; ++i) {
1778 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1779 client->set_memory(client, pd[i].region_offset,
1780 TARGET_PAGE_SIZE, pd[i].phys_offset);
1785 for (i = 0; i < L2_SIZE; ++i) {
1786 phys_page_for_each_1(client, level - 1, pp + i);
1791 static void phys_page_for_each(CPUPhysMemoryClient *client)
1794 for (i = 0; i < P_L1_SIZE; ++i) {
1795 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1800 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1802 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1803 phys_page_for_each(client);
1806 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1808 QLIST_REMOVE(client, list);
1812 static int cmp1(const char *s1, int n, const char *s2)
1814 if (strlen(s2) != n)
1816 return memcmp(s1, s2, n) == 0;
1819 /* takes a comma separated list of log masks. Return 0 if error. */
1820 int cpu_str_to_log_mask(const char *str)
1822 const CPULogItem *item;
1829 p1 = strchr(p, ',');
1832 if(cmp1(p,p1-p,"all")) {
1833 for(item = cpu_log_items; item->mask != 0; item++) {
1837 for(item = cpu_log_items; item->mask != 0; item++) {
1838 if (cmp1(p, p1 - p, item->name))
1852 void cpu_abort(CPUState *env, const char *fmt, ...)
1859 fprintf(stderr, "qemu: fatal: ");
1860 vfprintf(stderr, fmt, ap);
1861 fprintf(stderr, "\n");
1863 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1865 cpu_dump_state(env, stderr, fprintf, 0);
1867 if (qemu_log_enabled()) {
1868 qemu_log("qemu: fatal: ");
1869 qemu_log_vprintf(fmt, ap2);
1872 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1874 log_cpu_state(env, 0);
1881 #if defined(CONFIG_USER_ONLY)
1883 struct sigaction act;
1884 sigfillset(&act.sa_mask);
1885 act.sa_handler = SIG_DFL;
1886 sigaction(SIGABRT, &act, NULL);
1892 CPUState *cpu_copy(CPUState *env)
1894 CPUState *new_env = cpu_init(env->cpu_model_str);
1895 CPUState *next_cpu = new_env->next_cpu;
1896 int cpu_index = new_env->cpu_index;
1897 #if defined(TARGET_HAS_ICE)
1902 memcpy(new_env, env, sizeof(CPUState));
1904 /* Preserve chaining and index. */
1905 new_env->next_cpu = next_cpu;
1906 new_env->cpu_index = cpu_index;
1908 /* Clone all break/watchpoints.
1909 Note: Once we support ptrace with hw-debug register access, make sure
1910 BP_CPU break/watchpoints are handled correctly on clone. */
1911 QTAILQ_INIT(&env->breakpoints);
1912 QTAILQ_INIT(&env->watchpoints);
1913 #if defined(TARGET_HAS_ICE)
1914 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1915 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1917 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1918 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1926 #if !defined(CONFIG_USER_ONLY)
1928 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1932 /* Discard jump cache entries for any tb which might potentially
1933 overlap the flushed page. */
1934 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1935 memset (&env->tb_jmp_cache[i], 0,
1936 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1938 i = tb_jmp_cache_hash_page(addr);
1939 memset (&env->tb_jmp_cache[i], 0,
1940 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1943 static CPUTLBEntry s_cputlb_empty_entry = {
1950 /* NOTE: if flush_global is true, also flush global entries (not
1952 void tlb_flush(CPUState *env, int flush_global)
1956 #if defined(DEBUG_TLB)
1957 printf("tlb_flush:\n");
1959 /* must reset current TB so that interrupts cannot modify the
1960 links while we are modifying them */
1961 env->current_tb = NULL;
1963 for(i = 0; i < CPU_TLB_SIZE; i++) {
1965 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1966 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1970 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1972 env->tlb_flush_addr = -1;
1973 env->tlb_flush_mask = 0;
1977 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1979 if (addr == (tlb_entry->addr_read &
1980 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1981 addr == (tlb_entry->addr_write &
1982 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1983 addr == (tlb_entry->addr_code &
1984 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1985 *tlb_entry = s_cputlb_empty_entry;
1989 void tlb_flush_page(CPUState *env, target_ulong addr)
1994 #if defined(DEBUG_TLB)
1995 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1997 /* Check if we need to flush due to large pages. */
1998 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1999 #if defined(DEBUG_TLB)
2000 printf("tlb_flush_page: forced full flush ("
2001 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2002 env->tlb_flush_addr, env->tlb_flush_mask);
2007 /* must reset current TB so that interrupts cannot modify the
2008 links while we are modifying them */
2009 env->current_tb = NULL;
2011 addr &= TARGET_PAGE_MASK;
2012 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2013 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2014 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
2016 tlb_flush_jmp_cache(env, addr);
2019 /* update the TLBs so that writes to code in the virtual page 'addr'
2021 static void tlb_protect_code(ram_addr_t ram_addr)
2023 cpu_physical_memory_reset_dirty(ram_addr,
2024 ram_addr + TARGET_PAGE_SIZE,
2028 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2029 tested for self modifying code */
2030 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2033 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2036 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2037 unsigned long start, unsigned long length)
2040 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2041 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2042 if ((addr - start) < length) {
2043 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2048 /* Note: start and end must be within the same ram block. */
2049 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2053 unsigned long length, start1;
2056 start &= TARGET_PAGE_MASK;
2057 end = TARGET_PAGE_ALIGN(end);
2059 length = end - start;
2062 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2064 /* we modify the TLB cache so that the dirty bit will be set again
2065 when accessing the range */
2066 start1 = (unsigned long)qemu_get_ram_ptr(start);
2067 /* Chek that we don't span multiple blocks - this breaks the
2068 address comparisons below. */
2069 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2070 != (end - 1) - start) {
2074 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2076 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2077 for(i = 0; i < CPU_TLB_SIZE; i++)
2078 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2084 int cpu_physical_memory_set_dirty_tracking(int enable)
2087 in_migration = enable;
2088 ret = cpu_notify_migration_log(!!enable);
2092 int cpu_physical_memory_get_dirty_tracking(void)
2094 return in_migration;
2097 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2098 target_phys_addr_t end_addr)
2102 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2106 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2108 ram_addr_t ram_addr;
2111 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2112 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2113 + tlb_entry->addend);
2114 ram_addr = qemu_ram_addr_from_host(p);
2115 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2116 tlb_entry->addr_write |= TLB_NOTDIRTY;
2121 /* update the TLB according to the current state of the dirty bits */
2122 void cpu_tlb_update_dirty(CPUState *env)
2126 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2127 for(i = 0; i < CPU_TLB_SIZE; i++)
2128 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2132 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2134 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2135 tlb_entry->addr_write = vaddr;
2138 /* update the TLB corresponding to virtual page vaddr
2139 so that it is no longer dirty */
2140 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2145 vaddr &= TARGET_PAGE_MASK;
2146 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2147 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2148 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2151 /* Our TLB does not support large pages, so remember the area covered by
2152 large pages and trigger a full TLB flush if these are invalidated. */
2153 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2156 target_ulong mask = ~(size - 1);
2158 if (env->tlb_flush_addr == (target_ulong)-1) {
2159 env->tlb_flush_addr = vaddr & mask;
2160 env->tlb_flush_mask = mask;
2163 /* Extend the existing region to include the new page.
2164 This is a compromise between unnecessary flushes and the cost
2165 of maintaining a full variable size TLB. */
2166 mask &= env->tlb_flush_mask;
2167 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2170 env->tlb_flush_addr &= mask;
2171 env->tlb_flush_mask = mask;
2174 /* Add a new TLB entry. At most one entry for a given virtual address
2175 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2176 supplied size is only used by tlb_flush_page. */
2177 void tlb_set_page(CPUState *env, target_ulong vaddr,
2178 target_phys_addr_t paddr, int prot,
2179 int mmu_idx, target_ulong size)
2184 target_ulong address;
2185 target_ulong code_address;
2186 unsigned long addend;
2189 target_phys_addr_t iotlb;
2191 assert(size >= TARGET_PAGE_SIZE);
2192 if (size != TARGET_PAGE_SIZE) {
2193 tlb_add_large_page(env, vaddr, size);
2195 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2197 pd = IO_MEM_UNASSIGNED;
2199 pd = p->phys_offset;
2201 #if defined(DEBUG_TLB)
2202 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2203 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2207 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2208 /* IO memory case (romd handled later) */
2209 address |= TLB_MMIO;
2211 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2212 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2214 iotlb = pd & TARGET_PAGE_MASK;
2215 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2216 iotlb |= IO_MEM_NOTDIRTY;
2218 iotlb |= IO_MEM_ROM;
2220 /* IO handlers are currently passed a physical address.
2221 It would be nice to pass an offset from the base address
2222 of that region. This would avoid having to special case RAM,
2223 and avoid full address decoding in every device.
2224 We can't use the high bits of pd for this because
2225 IO_MEM_ROMD uses these as a ram address. */
2226 iotlb = (pd & ~TARGET_PAGE_MASK);
2228 iotlb += p->region_offset;
2234 code_address = address;
2235 /* Make accesses to pages with watchpoints go via the
2236 watchpoint trap routines. */
2237 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2238 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2239 iotlb = io_mem_watch + paddr;
2240 /* TODO: The memory case can be optimized by not trapping
2241 reads of pages with a write breakpoint. */
2242 address |= TLB_MMIO;
2246 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2247 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2248 te = &env->tlb_table[mmu_idx][index];
2249 te->addend = addend - vaddr;
2250 if (prot & PAGE_READ) {
2251 te->addr_read = address;
2256 if (prot & PAGE_EXEC) {
2257 te->addr_code = code_address;
2261 if (prot & PAGE_WRITE) {
2262 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2263 (pd & IO_MEM_ROMD)) {
2264 /* Write access calls the I/O callback. */
2265 te->addr_write = address | TLB_MMIO;
2266 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2267 !cpu_physical_memory_is_dirty(pd)) {
2268 te->addr_write = address | TLB_NOTDIRTY;
2270 te->addr_write = address;
2273 te->addr_write = -1;
2279 void tlb_flush(CPUState *env, int flush_global)
2283 void tlb_flush_page(CPUState *env, target_ulong addr)
2288 * Walks guest process memory "regions" one by one
2289 * and calls callback function 'fn' for each region.
2292 struct walk_memory_regions_data
2294 walk_memory_regions_fn fn;
2296 unsigned long start;
2300 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2301 abi_ulong end, int new_prot)
2303 if (data->start != -1ul) {
2304 int rc = data->fn(data->priv, data->start, end, data->prot);
2310 data->start = (new_prot ? end : -1ul);
2311 data->prot = new_prot;
2316 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2317 abi_ulong base, int level, void **lp)
2323 return walk_memory_regions_end(data, base, 0);
2328 for (i = 0; i < L2_SIZE; ++i) {
2329 int prot = pd[i].flags;
2331 pa = base | (i << TARGET_PAGE_BITS);
2332 if (prot != data->prot) {
2333 rc = walk_memory_regions_end(data, pa, prot);
2341 for (i = 0; i < L2_SIZE; ++i) {
2342 pa = base | ((abi_ulong)i <<
2343 (TARGET_PAGE_BITS + L2_BITS * level));
2344 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2354 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2356 struct walk_memory_regions_data data;
2364 for (i = 0; i < V_L1_SIZE; i++) {
2365 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2366 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2372 return walk_memory_regions_end(&data, 0, 0);
2375 static int dump_region(void *priv, abi_ulong start,
2376 abi_ulong end, unsigned long prot)
2378 FILE *f = (FILE *)priv;
2380 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2381 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2382 start, end, end - start,
2383 ((prot & PAGE_READ) ? 'r' : '-'),
2384 ((prot & PAGE_WRITE) ? 'w' : '-'),
2385 ((prot & PAGE_EXEC) ? 'x' : '-'));
2390 /* dump memory mappings */
2391 void page_dump(FILE *f)
2393 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2394 "start", "end", "size", "prot");
2395 walk_memory_regions(f, dump_region);
2398 int page_get_flags(target_ulong address)
2402 p = page_find(address >> TARGET_PAGE_BITS);
2408 /* Modify the flags of a page and invalidate the code if necessary.
2409 The flag PAGE_WRITE_ORG is positioned automatically depending
2410 on PAGE_WRITE. The mmap_lock should already be held. */
2411 void page_set_flags(target_ulong start, target_ulong end, int flags)
2413 target_ulong addr, len;
2415 /* This function should never be called with addresses outside the
2416 guest address space. If this assert fires, it probably indicates
2417 a missing call to h2g_valid. */
2418 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2419 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2421 assert(start < end);
2423 start = start & TARGET_PAGE_MASK;
2424 end = TARGET_PAGE_ALIGN(end);
2426 if (flags & PAGE_WRITE) {
2427 flags |= PAGE_WRITE_ORG;
2430 for (addr = start, len = end - start;
2432 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2433 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2435 /* If the write protection bit is set, then we invalidate
2437 if (!(p->flags & PAGE_WRITE) &&
2438 (flags & PAGE_WRITE) &&
2440 tb_invalidate_phys_page(addr, 0, NULL);
2446 int page_check_range(target_ulong start, target_ulong len, int flags)
2452 /* This function should never be called with addresses outside the
2453 guest address space. If this assert fires, it probably indicates
2454 a missing call to h2g_valid. */
2455 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2456 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2459 if (start + len - 1 < start) {
2460 /* We've wrapped around. */
2464 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2465 start = start & TARGET_PAGE_MASK;
2467 for (addr = start, len = end - start;
2469 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2470 p = page_find(addr >> TARGET_PAGE_BITS);
2473 if( !(p->flags & PAGE_VALID) )
2476 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2478 if (flags & PAGE_WRITE) {
2479 if (!(p->flags & PAGE_WRITE_ORG))
2481 /* unprotect the page if it was put read-only because it
2482 contains translated code */
2483 if (!(p->flags & PAGE_WRITE)) {
2484 if (!page_unprotect(addr, 0, NULL))
2493 /* called from signal handler: invalidate the code and unprotect the
2494 page. Return TRUE if the fault was successfully handled. */
2495 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2499 target_ulong host_start, host_end, addr;
2501 /* Technically this isn't safe inside a signal handler. However we
2502 know this only ever happens in a synchronous SEGV handler, so in
2503 practice it seems to be ok. */
2506 p = page_find(address >> TARGET_PAGE_BITS);
2512 /* if the page was really writable, then we change its
2513 protection back to writable */
2514 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2515 host_start = address & qemu_host_page_mask;
2516 host_end = host_start + qemu_host_page_size;
2519 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2520 p = page_find(addr >> TARGET_PAGE_BITS);
2521 p->flags |= PAGE_WRITE;
2524 /* and since the content will be modified, we must invalidate
2525 the corresponding translated code. */
2526 tb_invalidate_phys_page(addr, pc, puc);
2527 #ifdef DEBUG_TB_CHECK
2528 tb_invalidate_check(addr);
2531 mprotect((void *)g2h(host_start), qemu_host_page_size,
2541 static inline void tlb_set_dirty(CPUState *env,
2542 unsigned long addr, target_ulong vaddr)
2545 #endif /* defined(CONFIG_USER_ONLY) */
2547 #if !defined(CONFIG_USER_ONLY)
2549 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2550 typedef struct subpage_t {
2551 target_phys_addr_t base;
2552 CPUReadMemoryFunc * const *mem_read[TARGET_PAGE_SIZE][4];
2553 CPUWriteMemoryFunc * const *mem_write[TARGET_PAGE_SIZE][4];
2554 void *opaque[TARGET_PAGE_SIZE][2][4];
2555 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
2558 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2559 ram_addr_t memory, ram_addr_t region_offset);
2560 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2561 ram_addr_t orig_memory, ram_addr_t region_offset);
2562 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2565 if (addr > start_addr) \
2568 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2569 if (start_addr2 > 0) \
2573 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2574 end_addr2 = TARGET_PAGE_SIZE - 1; \
2576 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2577 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2582 /* register physical memory.
2583 For RAM, 'size' must be a multiple of the target page size.
2584 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2585 io memory page. The address used when calling the IO function is
2586 the offset from the start of the region, plus region_offset. Both
2587 start_addr and region_offset are rounded down to a page boundary
2588 before calculating this offset. This should not be a problem unless
2589 the low bits of start_addr and region_offset differ. */
2590 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2592 ram_addr_t phys_offset,
2593 ram_addr_t region_offset)
2595 target_phys_addr_t addr, end_addr;
2598 ram_addr_t orig_size = size;
2601 cpu_notify_set_memory(start_addr, size, phys_offset);
2603 if (phys_offset == IO_MEM_UNASSIGNED) {
2604 region_offset = start_addr;
2606 region_offset &= TARGET_PAGE_MASK;
2607 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2608 end_addr = start_addr + (target_phys_addr_t)size;
2609 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2610 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2611 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2612 ram_addr_t orig_memory = p->phys_offset;
2613 target_phys_addr_t start_addr2, end_addr2;
2614 int need_subpage = 0;
2616 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2618 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2619 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2620 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2621 &p->phys_offset, orig_memory,
2624 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2627 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2629 p->region_offset = 0;
2631 p->phys_offset = phys_offset;
2632 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2633 (phys_offset & IO_MEM_ROMD))
2634 phys_offset += TARGET_PAGE_SIZE;
2637 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2638 p->phys_offset = phys_offset;
2639 p->region_offset = region_offset;
2640 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2641 (phys_offset & IO_MEM_ROMD)) {
2642 phys_offset += TARGET_PAGE_SIZE;
2644 target_phys_addr_t start_addr2, end_addr2;
2645 int need_subpage = 0;
2647 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2648 end_addr2, need_subpage);
2650 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2651 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2652 &p->phys_offset, IO_MEM_UNASSIGNED,
2653 addr & TARGET_PAGE_MASK);
2654 subpage_register(subpage, start_addr2, end_addr2,
2655 phys_offset, region_offset);
2656 p->region_offset = 0;
2660 region_offset += TARGET_PAGE_SIZE;
2663 /* since each CPU stores ram addresses in its TLB cache, we must
2664 reset the modified entries */
2666 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2671 /* XXX: temporary until new memory mapping API */
2672 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2676 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2678 return IO_MEM_UNASSIGNED;
2679 return p->phys_offset;
2682 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2685 kvm_coalesce_mmio_region(addr, size);
2688 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2691 kvm_uncoalesce_mmio_region(addr, size);
2694 void qemu_flush_coalesced_mmio_buffer(void)
2697 kvm_flush_coalesced_mmio_buffer();
2700 #if defined(__linux__) && !defined(TARGET_S390X)
2702 #include <sys/vfs.h>
2704 #define HUGETLBFS_MAGIC 0x958458f6
2706 static long gethugepagesize(const char *path)
2712 ret = statfs(path, &fs);
2713 } while (ret != 0 && errno == EINTR);
2720 if (fs.f_type != HUGETLBFS_MAGIC)
2721 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2726 static void *file_ram_alloc(ram_addr_t memory, const char *path)
2734 unsigned long hpagesize;
2736 hpagesize = gethugepagesize(path);
2741 if (memory < hpagesize) {
2745 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2746 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2750 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2754 fd = mkstemp(filename);
2756 perror("unable to create backing store for hugepages");
2763 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2766 * ftruncate is not supported by hugetlbfs in older
2767 * hosts, so don't bother bailing out on errors.
2768 * If anything goes wrong with it under other filesystems,
2771 if (ftruncate(fd, memory))
2772 perror("ftruncate");
2775 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2776 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2777 * to sidestep this quirk.
2779 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2780 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2782 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2784 if (area == MAP_FAILED) {
2785 perror("file_ram_alloc: can't mmap RAM pages");
2793 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2795 RAMBlock *new_block;
2797 size = TARGET_PAGE_ALIGN(size);
2798 new_block = qemu_malloc(sizeof(*new_block));
2801 #if defined (__linux__) && !defined(TARGET_S390X)
2802 new_block->host = file_ram_alloc(size, mem_path);
2803 if (!new_block->host)
2806 fprintf(stderr, "-mem-path option unsupported\n");
2810 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2811 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2812 new_block->host = mmap((void*)0x1000000, size,
2813 PROT_EXEC|PROT_READ|PROT_WRITE,
2814 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2816 new_block->host = qemu_vmalloc(size);
2818 #ifdef MADV_MERGEABLE
2819 madvise(new_block->host, size, MADV_MERGEABLE);
2822 new_block->offset = last_ram_offset;
2823 new_block->length = size;
2825 new_block->next = ram_blocks;
2826 ram_blocks = new_block;
2828 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2829 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2830 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2831 0xff, size >> TARGET_PAGE_BITS);
2833 last_ram_offset += size;
2836 kvm_setup_guest_memory(new_block->host, size);
2838 return new_block->offset;
2841 void qemu_ram_free(ram_addr_t addr)
2843 /* TODO: implement this. */
2846 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2847 With the exception of the softmmu code in this file, this should
2848 only be used for local memory (e.g. video ram) that the device owns,
2849 and knows it isn't going to access beyond the end of the block.
2851 It should not be used for general purpose DMA.
2852 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2854 void *qemu_get_ram_ptr(ram_addr_t addr)
2861 prevp = &ram_blocks;
2863 while (block && (block->offset > addr
2864 || block->offset + block->length <= addr)) {
2866 prevp = &prev->next;
2868 block = block->next;
2871 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2874 /* Move this entry to to start of the list. */
2876 prev->next = block->next;
2877 block->next = *prevp;
2880 return block->host + (addr - block->offset);
2883 /* Some of the softmmu routines need to translate from a host pointer
2884 (typically a TLB entry) back to a ram offset. */
2885 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2888 uint8_t *host = ptr;
2891 while (block && (block->host > host
2892 || block->host + block->length <= host)) {
2893 block = block->next;
2896 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2899 return block->offset + (host - block->host);
2902 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2904 #ifdef DEBUG_UNASSIGNED
2905 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2907 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2908 do_unassigned_access(addr, 0, 0, 0, 1);
2913 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2915 #ifdef DEBUG_UNASSIGNED
2916 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2918 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2919 do_unassigned_access(addr, 0, 0, 0, 2);
2924 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2926 #ifdef DEBUG_UNASSIGNED
2927 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2929 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2930 do_unassigned_access(addr, 0, 0, 0, 4);
2935 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2937 #ifdef DEBUG_UNASSIGNED
2938 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2940 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2941 do_unassigned_access(addr, 1, 0, 0, 1);
2945 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2947 #ifdef DEBUG_UNASSIGNED
2948 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2950 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2951 do_unassigned_access(addr, 1, 0, 0, 2);
2955 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2957 #ifdef DEBUG_UNASSIGNED
2958 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2960 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2961 do_unassigned_access(addr, 1, 0, 0, 4);
2965 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
2966 unassigned_mem_readb,
2967 unassigned_mem_readw,
2968 unassigned_mem_readl,
2971 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
2972 unassigned_mem_writeb,
2973 unassigned_mem_writew,
2974 unassigned_mem_writel,
2977 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2981 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
2982 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2983 #if !defined(CONFIG_USER_ONLY)
2984 tb_invalidate_phys_page_fast(ram_addr, 1);
2985 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
2988 stb_p(qemu_get_ram_ptr(ram_addr), val);
2989 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2990 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
2991 /* we remove the notdirty callback only if the code has been
2993 if (dirty_flags == 0xff)
2994 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2997 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3001 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3002 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3003 #if !defined(CONFIG_USER_ONLY)
3004 tb_invalidate_phys_page_fast(ram_addr, 2);
3005 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3008 stw_p(qemu_get_ram_ptr(ram_addr), val);
3009 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3010 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3011 /* we remove the notdirty callback only if the code has been
3013 if (dirty_flags == 0xff)
3014 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3017 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3021 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3022 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3023 #if !defined(CONFIG_USER_ONLY)
3024 tb_invalidate_phys_page_fast(ram_addr, 4);
3025 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3028 stl_p(qemu_get_ram_ptr(ram_addr), val);
3029 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3030 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3031 /* we remove the notdirty callback only if the code has been
3033 if (dirty_flags == 0xff)
3034 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3037 static CPUReadMemoryFunc * const error_mem_read[3] = {
3038 NULL, /* never used */
3039 NULL, /* never used */
3040 NULL, /* never used */
3043 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3044 notdirty_mem_writeb,
3045 notdirty_mem_writew,
3046 notdirty_mem_writel,
3049 /* Generate a debug exception if a watchpoint has been hit. */
3050 static void check_watchpoint(int offset, int len_mask, int flags)
3052 CPUState *env = cpu_single_env;
3053 target_ulong pc, cs_base;
3054 TranslationBlock *tb;
3059 if (env->watchpoint_hit) {
3060 /* We re-entered the check after replacing the TB. Now raise
3061 * the debug interrupt so that is will trigger after the
3062 * current instruction. */
3063 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3066 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3067 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3068 if ((vaddr == (wp->vaddr & len_mask) ||
3069 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3070 wp->flags |= BP_WATCHPOINT_HIT;
3071 if (!env->watchpoint_hit) {
3072 env->watchpoint_hit = wp;
3073 tb = tb_find_pc(env->mem_io_pc);
3075 cpu_abort(env, "check_watchpoint: could not find TB for "
3076 "pc=%p", (void *)env->mem_io_pc);
3078 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3079 tb_phys_invalidate(tb, -1);
3080 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3081 env->exception_index = EXCP_DEBUG;
3083 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3084 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3086 cpu_resume_from_signal(env, NULL);
3089 wp->flags &= ~BP_WATCHPOINT_HIT;
3094 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3095 so these check for a hit then pass through to the normal out-of-line
3097 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3099 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3100 return ldub_phys(addr);
3103 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3105 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3106 return lduw_phys(addr);
3109 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3111 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3112 return ldl_phys(addr);
3115 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3118 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3119 stb_phys(addr, val);
3122 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3125 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3126 stw_phys(addr, val);
3129 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3132 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3133 stl_phys(addr, val);
3136 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3142 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3148 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
3154 idx = SUBPAGE_IDX(addr);
3155 #if defined(DEBUG_SUBPAGE)
3156 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3157 mmio, len, addr, idx);
3159 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
3160 addr + mmio->region_offset[idx][0][len]);
3165 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3166 uint32_t value, unsigned int len)
3170 idx = SUBPAGE_IDX(addr);
3171 #if defined(DEBUG_SUBPAGE)
3172 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
3173 mmio, len, addr, idx, value);
3175 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
3176 addr + mmio->region_offset[idx][1][len],
3180 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3182 #if defined(DEBUG_SUBPAGE)
3183 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3186 return subpage_readlen(opaque, addr, 0);
3189 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3192 #if defined(DEBUG_SUBPAGE)
3193 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3195 subpage_writelen(opaque, addr, value, 0);
3198 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3200 #if defined(DEBUG_SUBPAGE)
3201 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3204 return subpage_readlen(opaque, addr, 1);
3207 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3210 #if defined(DEBUG_SUBPAGE)
3211 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3213 subpage_writelen(opaque, addr, value, 1);
3216 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3218 #if defined(DEBUG_SUBPAGE)
3219 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3222 return subpage_readlen(opaque, addr, 2);
3225 static void subpage_writel (void *opaque,
3226 target_phys_addr_t addr, uint32_t value)
3228 #if defined(DEBUG_SUBPAGE)
3229 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3231 subpage_writelen(opaque, addr, value, 2);
3234 static CPUReadMemoryFunc * const subpage_read[] = {
3240 static CPUWriteMemoryFunc * const subpage_write[] = {
3246 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3247 ram_addr_t memory, ram_addr_t region_offset)
3252 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3254 idx = SUBPAGE_IDX(start);
3255 eidx = SUBPAGE_IDX(end);
3256 #if defined(DEBUG_SUBPAGE)
3257 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3258 mmio, start, end, idx, eidx, memory);
3260 memory >>= IO_MEM_SHIFT;
3261 for (; idx <= eidx; idx++) {
3262 for (i = 0; i < 4; i++) {
3263 if (io_mem_read[memory][i]) {
3264 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
3265 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
3266 mmio->region_offset[idx][0][i] = region_offset;
3268 if (io_mem_write[memory][i]) {
3269 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
3270 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
3271 mmio->region_offset[idx][1][i] = region_offset;
3279 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3280 ram_addr_t orig_memory, ram_addr_t region_offset)
3285 mmio = qemu_mallocz(sizeof(subpage_t));
3288 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3289 #if defined(DEBUG_SUBPAGE)
3290 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3291 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3293 *phys = subpage_memory | IO_MEM_SUBPAGE;
3294 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
3300 static int get_free_io_mem_idx(void)
3304 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3305 if (!io_mem_used[i]) {
3309 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3313 /* mem_read and mem_write are arrays of functions containing the
3314 function to access byte (index 0), word (index 1) and dword (index
3315 2). Functions can be omitted with a NULL function pointer.
3316 If io_index is non zero, the corresponding io zone is
3317 modified. If it is zero, a new io zone is allocated. The return
3318 value can be used with cpu_register_physical_memory(). (-1) is
3319 returned if error. */
3320 static int cpu_register_io_memory_fixed(int io_index,
3321 CPUReadMemoryFunc * const *mem_read,
3322 CPUWriteMemoryFunc * const *mem_write,
3325 int i, subwidth = 0;
3327 if (io_index <= 0) {
3328 io_index = get_free_io_mem_idx();
3332 io_index >>= IO_MEM_SHIFT;
3333 if (io_index >= IO_MEM_NB_ENTRIES)
3337 for(i = 0;i < 3; i++) {
3338 if (!mem_read[i] || !mem_write[i])
3339 subwidth = IO_MEM_SUBWIDTH;
3340 io_mem_read[io_index][i] = mem_read[i];
3341 io_mem_write[io_index][i] = mem_write[i];
3343 io_mem_opaque[io_index] = opaque;
3344 return (io_index << IO_MEM_SHIFT) | subwidth;
3347 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3348 CPUWriteMemoryFunc * const *mem_write,
3351 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3354 void cpu_unregister_io_memory(int io_table_address)
3357 int io_index = io_table_address >> IO_MEM_SHIFT;
3359 for (i=0;i < 3; i++) {
3360 io_mem_read[io_index][i] = unassigned_mem_read[i];
3361 io_mem_write[io_index][i] = unassigned_mem_write[i];
3363 io_mem_opaque[io_index] = NULL;
3364 io_mem_used[io_index] = 0;
3367 static void io_mem_init(void)
3371 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3372 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3373 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3377 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3378 watch_mem_write, NULL);
3381 #endif /* !defined(CONFIG_USER_ONLY) */
3383 /* physical memory access (slow version, mainly for debug) */
3384 #if defined(CONFIG_USER_ONLY)
3385 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3386 uint8_t *buf, int len, int is_write)
3393 page = addr & TARGET_PAGE_MASK;
3394 l = (page + TARGET_PAGE_SIZE) - addr;
3397 flags = page_get_flags(page);
3398 if (!(flags & PAGE_VALID))
3401 if (!(flags & PAGE_WRITE))
3403 /* XXX: this code should not depend on lock_user */
3404 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3407 unlock_user(p, addr, l);
3409 if (!(flags & PAGE_READ))
3411 /* XXX: this code should not depend on lock_user */
3412 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3415 unlock_user(p, addr, 0);
3425 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3426 int len, int is_write)
3431 target_phys_addr_t page;
3436 page = addr & TARGET_PAGE_MASK;
3437 l = (page + TARGET_PAGE_SIZE) - addr;
3440 p = phys_page_find(page >> TARGET_PAGE_BITS);
3442 pd = IO_MEM_UNASSIGNED;
3444 pd = p->phys_offset;
3448 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3449 target_phys_addr_t addr1 = addr;
3450 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3452 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3453 /* XXX: could force cpu_single_env to NULL to avoid
3455 if (l >= 4 && ((addr1 & 3) == 0)) {
3456 /* 32 bit write access */
3458 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3460 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3461 /* 16 bit write access */
3463 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3466 /* 8 bit write access */
3468 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3472 unsigned long addr1;
3473 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3475 ptr = qemu_get_ram_ptr(addr1);
3476 memcpy(ptr, buf, l);
3477 if (!cpu_physical_memory_is_dirty(addr1)) {
3478 /* invalidate code */
3479 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3481 cpu_physical_memory_set_dirty_flags(
3482 addr1, (0xff & ~CODE_DIRTY_FLAG));
3486 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3487 !(pd & IO_MEM_ROMD)) {
3488 target_phys_addr_t addr1 = addr;
3490 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3492 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3493 if (l >= 4 && ((addr1 & 3) == 0)) {
3494 /* 32 bit read access */
3495 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3498 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3499 /* 16 bit read access */
3500 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3504 /* 8 bit read access */
3505 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3511 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3512 (addr & ~TARGET_PAGE_MASK);
3513 memcpy(buf, ptr, l);
3522 /* used for ROM loading : can write in RAM and ROM */
3523 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3524 const uint8_t *buf, int len)
3528 target_phys_addr_t page;
3533 page = addr & TARGET_PAGE_MASK;
3534 l = (page + TARGET_PAGE_SIZE) - addr;
3537 p = phys_page_find(page >> TARGET_PAGE_BITS);
3539 pd = IO_MEM_UNASSIGNED;
3541 pd = p->phys_offset;
3544 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3545 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3546 !(pd & IO_MEM_ROMD)) {
3549 unsigned long addr1;
3550 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3552 ptr = qemu_get_ram_ptr(addr1);
3553 memcpy(ptr, buf, l);
3563 target_phys_addr_t addr;
3564 target_phys_addr_t len;
3567 static BounceBuffer bounce;
3569 typedef struct MapClient {
3571 void (*callback)(void *opaque);
3572 QLIST_ENTRY(MapClient) link;
3575 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3576 = QLIST_HEAD_INITIALIZER(map_client_list);
3578 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3580 MapClient *client = qemu_malloc(sizeof(*client));
3582 client->opaque = opaque;
3583 client->callback = callback;
3584 QLIST_INSERT_HEAD(&map_client_list, client, link);
3588 void cpu_unregister_map_client(void *_client)
3590 MapClient *client = (MapClient *)_client;
3592 QLIST_REMOVE(client, link);
3596 static void cpu_notify_map_clients(void)
3600 while (!QLIST_EMPTY(&map_client_list)) {
3601 client = QLIST_FIRST(&map_client_list);
3602 client->callback(client->opaque);
3603 cpu_unregister_map_client(client);
3607 /* Map a physical memory region into a host virtual address.
3608 * May map a subset of the requested range, given by and returned in *plen.
3609 * May return NULL if resources needed to perform the mapping are exhausted.
3610 * Use only for reads OR writes - not for read-modify-write operations.
3611 * Use cpu_register_map_client() to know when retrying the map operation is
3612 * likely to succeed.
3614 void *cpu_physical_memory_map(target_phys_addr_t addr,
3615 target_phys_addr_t *plen,
3618 target_phys_addr_t len = *plen;
3619 target_phys_addr_t done = 0;
3621 uint8_t *ret = NULL;
3623 target_phys_addr_t page;
3626 unsigned long addr1;
3629 page = addr & TARGET_PAGE_MASK;
3630 l = (page + TARGET_PAGE_SIZE) - addr;
3633 p = phys_page_find(page >> TARGET_PAGE_BITS);
3635 pd = IO_MEM_UNASSIGNED;
3637 pd = p->phys_offset;
3640 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3641 if (done || bounce.buffer) {
3644 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3648 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3650 ptr = bounce.buffer;
3652 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3653 ptr = qemu_get_ram_ptr(addr1);
3657 } else if (ret + done != ptr) {
3669 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3670 * Will also mark the memory as dirty if is_write == 1. access_len gives
3671 * the amount of memory that was actually read or written by the caller.
3673 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3674 int is_write, target_phys_addr_t access_len)
3676 if (buffer != bounce.buffer) {
3678 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3679 while (access_len) {
3681 l = TARGET_PAGE_SIZE;
3684 if (!cpu_physical_memory_is_dirty(addr1)) {
3685 /* invalidate code */
3686 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3688 cpu_physical_memory_set_dirty_flags(
3689 addr1, (0xff & ~CODE_DIRTY_FLAG));
3698 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3700 qemu_vfree(bounce.buffer);
3701 bounce.buffer = NULL;
3702 cpu_notify_map_clients();
3705 /* warning: addr must be aligned */
3706 uint32_t ldl_phys(target_phys_addr_t addr)
3714 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3716 pd = IO_MEM_UNASSIGNED;
3718 pd = p->phys_offset;
3721 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3722 !(pd & IO_MEM_ROMD)) {
3724 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3726 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3727 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3730 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3731 (addr & ~TARGET_PAGE_MASK);
3737 /* warning: addr must be aligned */
3738 uint64_t ldq_phys(target_phys_addr_t addr)
3746 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3748 pd = IO_MEM_UNASSIGNED;
3750 pd = p->phys_offset;
3753 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3754 !(pd & IO_MEM_ROMD)) {
3756 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3758 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3759 #ifdef TARGET_WORDS_BIGENDIAN
3760 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3761 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3763 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3764 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3768 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3769 (addr & ~TARGET_PAGE_MASK);
3776 uint32_t ldub_phys(target_phys_addr_t addr)
3779 cpu_physical_memory_read(addr, &val, 1);
3784 uint32_t lduw_phys(target_phys_addr_t addr)
3787 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3788 return tswap16(val);
3791 /* warning: addr must be aligned. The ram page is not masked as dirty
3792 and the code inside is not invalidated. It is useful if the dirty
3793 bits are used to track modified PTEs */
3794 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3801 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3803 pd = IO_MEM_UNASSIGNED;
3805 pd = p->phys_offset;
3808 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3809 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3811 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3812 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3814 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3815 ptr = qemu_get_ram_ptr(addr1);
3818 if (unlikely(in_migration)) {
3819 if (!cpu_physical_memory_is_dirty(addr1)) {
3820 /* invalidate code */
3821 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3823 cpu_physical_memory_set_dirty_flags(
3824 addr1, (0xff & ~CODE_DIRTY_FLAG));
3830 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3837 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3839 pd = IO_MEM_UNASSIGNED;
3841 pd = p->phys_offset;
3844 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3845 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3847 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3848 #ifdef TARGET_WORDS_BIGENDIAN
3849 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3850 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3852 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3853 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3856 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3857 (addr & ~TARGET_PAGE_MASK);
3862 /* warning: addr must be aligned */
3863 void stl_phys(target_phys_addr_t addr, uint32_t val)
3870 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3872 pd = IO_MEM_UNASSIGNED;
3874 pd = p->phys_offset;
3877 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3878 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3880 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3881 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3883 unsigned long addr1;
3884 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3886 ptr = qemu_get_ram_ptr(addr1);
3888 if (!cpu_physical_memory_is_dirty(addr1)) {
3889 /* invalidate code */
3890 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3892 cpu_physical_memory_set_dirty_flags(addr1,
3893 (0xff & ~CODE_DIRTY_FLAG));
3899 void stb_phys(target_phys_addr_t addr, uint32_t val)
3902 cpu_physical_memory_write(addr, &v, 1);
3906 void stw_phys(target_phys_addr_t addr, uint32_t val)
3908 uint16_t v = tswap16(val);
3909 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3913 void stq_phys(target_phys_addr_t addr, uint64_t val)
3916 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3919 /* virtual memory access for debug (includes writing to ROM) */
3920 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3921 uint8_t *buf, int len, int is_write)
3924 target_phys_addr_t phys_addr;
3928 page = addr & TARGET_PAGE_MASK;
3929 phys_addr = cpu_get_phys_page_debug(env, page);
3930 /* if no physical page mapped, return an error */
3931 if (phys_addr == -1)
3933 l = (page + TARGET_PAGE_SIZE) - addr;
3936 phys_addr += (addr & ~TARGET_PAGE_MASK);
3938 cpu_physical_memory_write_rom(phys_addr, buf, l);
3940 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3949 /* in deterministic execution mode, instructions doing device I/Os
3950 must be at the end of the TB */
3951 void cpu_io_recompile(CPUState *env, void *retaddr)
3953 TranslationBlock *tb;
3955 target_ulong pc, cs_base;
3958 tb = tb_find_pc((unsigned long)retaddr);
3960 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3963 n = env->icount_decr.u16.low + tb->icount;
3964 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3965 /* Calculate how many instructions had been executed before the fault
3967 n = n - env->icount_decr.u16.low;
3968 /* Generate a new TB ending on the I/O insn. */
3970 /* On MIPS and SH, delay slot instructions can only be restarted if
3971 they were already the first instruction in the TB. If this is not
3972 the first instruction in a TB then re-execute the preceding
3974 #if defined(TARGET_MIPS)
3975 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3976 env->active_tc.PC -= 4;
3977 env->icount_decr.u16.low++;
3978 env->hflags &= ~MIPS_HFLAG_BMASK;
3980 #elif defined(TARGET_SH4)
3981 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3984 env->icount_decr.u16.low++;
3985 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3988 /* This should never happen. */
3989 if (n > CF_COUNT_MASK)
3990 cpu_abort(env, "TB too big during recompile");
3992 cflags = n | CF_LAST_IO;
3994 cs_base = tb->cs_base;
3996 tb_phys_invalidate(tb, -1);
3997 /* FIXME: In theory this could raise an exception. In practice
3998 we have already translated the block once so it's probably ok. */
3999 tb_gen_code(env, pc, cs_base, flags, cflags);
4000 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4001 the first in the TB) then we end up generating a whole new TB and
4002 repeating the fault, which is horribly inefficient.
4003 Better would be to execute just this insn uncached, or generate a
4005 cpu_resume_from_signal(env, NULL);
4008 #if !defined(CONFIG_USER_ONLY)
4010 void dump_exec_info(FILE *f,
4011 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
4013 int i, target_code_size, max_target_code_size;
4014 int direct_jmp_count, direct_jmp2_count, cross_page;
4015 TranslationBlock *tb;
4017 target_code_size = 0;
4018 max_target_code_size = 0;
4020 direct_jmp_count = 0;
4021 direct_jmp2_count = 0;
4022 for(i = 0; i < nb_tbs; i++) {
4024 target_code_size += tb->size;
4025 if (tb->size > max_target_code_size)
4026 max_target_code_size = tb->size;
4027 if (tb->page_addr[1] != -1)
4029 if (tb->tb_next_offset[0] != 0xffff) {
4031 if (tb->tb_next_offset[1] != 0xffff) {
4032 direct_jmp2_count++;
4036 /* XXX: avoid using doubles ? */
4037 cpu_fprintf(f, "Translation buffer state:\n");
4038 cpu_fprintf(f, "gen code size %ld/%ld\n",
4039 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4040 cpu_fprintf(f, "TB count %d/%d\n",
4041 nb_tbs, code_gen_max_blocks);
4042 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4043 nb_tbs ? target_code_size / nb_tbs : 0,
4044 max_target_code_size);
4045 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4046 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4047 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4048 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4050 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4051 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4053 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4055 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4056 cpu_fprintf(f, "\nStatistics:\n");
4057 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4058 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4059 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4060 tcg_dump_info(f, cpu_fprintf);
4063 #define MMUSUFFIX _cmmu
4064 #define GETPC() NULL
4065 #define env cpu_single_env
4066 #define SOFTMMU_CODE_ACCESS
4069 #include "softmmu_template.h"
4072 #include "softmmu_template.h"
4075 #include "softmmu_template.h"
4078 #include "softmmu_template.h"
projects / qemu.git / blob