4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
53 #include "qemu/cache-utils.h"
55 #include "qemu/range.h"
57 //#define DEBUG_SUBPAGE
59 #if !defined(CONFIG_USER_ONLY)
60 static int in_migration;
62 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
64 static MemoryRegion *system_memory;
65 static MemoryRegion *system_io;
67 AddressSpace address_space_io;
68 AddressSpace address_space_memory;
70 MemoryRegion io_mem_rom, io_mem_notdirty;
71 static MemoryRegion io_mem_unassigned;
75 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
76 /* current CPU in the current thread. It is only valid inside
78 DEFINE_TLS(CPUState *, current_cpu);
79 /* 0 = Do not count executed instructions.
80 1 = Precise instruction counting.
81 2 = Adaptive rate instruction counting. */
84 #if !defined(CONFIG_USER_ONLY)
86 typedef struct PhysPageEntry PhysPageEntry;
88 struct PhysPageEntry {
89 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
91 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
95 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
97 /* Size of the L2 (and L3, etc) page tables. */
98 #define ADDR_SPACE_BITS 64
101 #define P_L2_SIZE (1 << P_L2_BITS)
103 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
105 typedef PhysPageEntry Node[P_L2_SIZE];
107 typedef struct PhysPageMap {
108 unsigned sections_nb;
109 unsigned sections_nb_alloc;
111 unsigned nodes_nb_alloc;
113 MemoryRegionSection *sections;
116 struct AddressSpaceDispatch {
117 /* This is a multi-level map on the physical address space.
118 * The bottom level has pointers to MemoryRegionSections.
120 PhysPageEntry phys_map;
125 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
126 typedef struct subpage_t {
130 uint16_t sub_section[TARGET_PAGE_SIZE];
133 #define PHYS_SECTION_UNASSIGNED 0
134 #define PHYS_SECTION_NOTDIRTY 1
135 #define PHYS_SECTION_ROM 2
136 #define PHYS_SECTION_WATCH 3
138 static void io_mem_init(void);
139 static void memory_map_init(void);
141 static MemoryRegion io_mem_watch;
144 #if !defined(CONFIG_USER_ONLY)
146 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
148 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
149 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
151 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
155 static uint32_t phys_map_node_alloc(PhysPageMap *map)
160 ret = map->nodes_nb++;
161 assert(ret != PHYS_MAP_NODE_NIL);
162 assert(ret != map->nodes_nb_alloc);
163 for (i = 0; i < P_L2_SIZE; ++i) {
164 map->nodes[ret][i].skip = 1;
165 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
170 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
171 hwaddr *index, hwaddr *nb, uint16_t leaf,
176 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
178 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
179 lp->ptr = phys_map_node_alloc(map);
180 p = map->nodes[lp->ptr];
182 for (i = 0; i < P_L2_SIZE; i++) {
184 p[i].ptr = PHYS_SECTION_UNASSIGNED;
188 p = map->nodes[lp->ptr];
190 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
192 while (*nb && lp < &p[P_L2_SIZE]) {
193 if ((*index & (step - 1)) == 0 && *nb >= step) {
199 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
205 static void phys_page_set(AddressSpaceDispatch *d,
206 hwaddr index, hwaddr nb,
209 /* Wildly overreserve - it doesn't matter much. */
210 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
212 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
215 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
216 * and update our entry so we can skip it and go directly to the destination.
218 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220 unsigned valid_ptr = P_L2_SIZE;
225 if (lp->ptr == PHYS_MAP_NODE_NIL) {
230 for (i = 0; i < P_L2_SIZE; i++) {
231 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
238 phys_page_compact(&p[i], nodes, compacted);
242 /* We can only compress if there's only one child. */
247 assert(valid_ptr < P_L2_SIZE);
249 /* Don't compress if it won't fit in the # of bits we have. */
250 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
254 lp->ptr = p[valid_ptr].ptr;
255 if (!p[valid_ptr].skip) {
256 /* If our only child is a leaf, make this a leaf. */
257 /* By design, we should have made this node a leaf to begin with so we
258 * should never reach here.
259 * But since it's so simple to handle this, let's do it just in case we
264 lp->skip += p[valid_ptr].skip;
268 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270 DECLARE_BITMAP(compacted, nodes_nb);
272 if (d->phys_map.skip) {
273 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
277 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
278 Node *nodes, MemoryRegionSection *sections)
281 hwaddr index = addr >> TARGET_PAGE_BITS;
284 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
285 if (lp.ptr == PHYS_MAP_NODE_NIL) {
286 return §ions[PHYS_SECTION_UNASSIGNED];
289 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
292 if (sections[lp.ptr].size.hi ||
293 range_covers_byte(sections[lp.ptr].offset_within_address_space,
294 sections[lp.ptr].size.lo, addr)) {
295 return §ions[lp.ptr];
297 return §ions[PHYS_SECTION_UNASSIGNED];
301 bool memory_region_is_unassigned(MemoryRegion *mr)
303 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
304 && mr != &io_mem_watch;
307 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
309 bool resolve_subpage)
311 MemoryRegionSection *section;
314 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
315 if (resolve_subpage && section->mr->subpage) {
316 subpage = container_of(section->mr, subpage_t, iomem);
317 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
322 static MemoryRegionSection *
323 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
324 hwaddr *plen, bool resolve_subpage)
326 MemoryRegionSection *section;
329 section = address_space_lookup_region(d, addr, resolve_subpage);
330 /* Compute offset within MemoryRegionSection */
331 addr -= section->offset_within_address_space;
333 /* Compute offset within MemoryRegion */
334 *xlat = addr + section->offset_within_region;
336 diff = int128_sub(section->mr->size, int128_make64(addr));
337 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
341 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
342 hwaddr *xlat, hwaddr *plen,
346 MemoryRegionSection *section;
351 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
354 if (!mr->iommu_ops) {
358 iotlb = mr->iommu_ops->translate(mr, addr);
359 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
360 | (addr & iotlb.addr_mask));
361 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
362 if (!(iotlb.perm & (1 << is_write))) {
363 mr = &io_mem_unassigned;
367 as = iotlb.target_as;
375 MemoryRegionSection *
376 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
379 MemoryRegionSection *section;
380 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
382 assert(!section->mr->iommu_ops);
387 void cpu_exec_init_all(void)
389 #if !defined(CONFIG_USER_ONLY)
390 qemu_mutex_init(&ram_list.mutex);
396 #if !defined(CONFIG_USER_ONLY)
398 static int cpu_common_post_load(void *opaque, int version_id)
400 CPUState *cpu = opaque;
402 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
403 version_id is increased. */
404 cpu->interrupt_request &= ~0x01;
405 tlb_flush(cpu->env_ptr, 1);
410 const VMStateDescription vmstate_cpu_common = {
411 .name = "cpu_common",
413 .minimum_version_id = 1,
414 .minimum_version_id_old = 1,
415 .post_load = cpu_common_post_load,
416 .fields = (VMStateField []) {
417 VMSTATE_UINT32(halted, CPUState),
418 VMSTATE_UINT32(interrupt_request, CPUState),
419 VMSTATE_END_OF_LIST()
425 CPUState *qemu_get_cpu(int index)
430 if (cpu->cpu_index == index) {
438 void cpu_exec_init(CPUArchState *env)
440 CPUState *cpu = ENV_GET_CPU(env);
441 CPUClass *cc = CPU_GET_CLASS(cpu);
445 #if defined(CONFIG_USER_ONLY)
449 CPU_FOREACH(some_cpu) {
452 cpu->cpu_index = cpu_index;
454 QTAILQ_INIT(&env->breakpoints);
455 QTAILQ_INIT(&env->watchpoints);
456 #ifndef CONFIG_USER_ONLY
457 cpu->thread_id = qemu_get_thread_id();
459 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
460 #if defined(CONFIG_USER_ONLY)
463 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
464 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
466 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
467 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
468 cpu_save, cpu_load, env);
469 assert(cc->vmsd == NULL);
470 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
472 if (cc->vmsd != NULL) {
473 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
477 #if defined(TARGET_HAS_ICE)
478 #if defined(CONFIG_USER_ONLY)
479 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
481 tb_invalidate_phys_page_range(pc, pc + 1, 0);
484 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
486 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
488 tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
492 #endif /* TARGET_HAS_ICE */
494 #if defined(CONFIG_USER_ONLY)
495 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
500 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
501 int flags, CPUWatchpoint **watchpoint)
506 /* Add a watchpoint. */
507 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
508 int flags, CPUWatchpoint **watchpoint)
510 target_ulong len_mask = ~(len - 1);
513 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
514 if ((len & (len - 1)) || (addr & ~len_mask) ||
515 len == 0 || len > TARGET_PAGE_SIZE) {
516 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
517 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
520 wp = g_malloc(sizeof(*wp));
523 wp->len_mask = len_mask;
526 /* keep all GDB-injected watchpoints in front */
528 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
530 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
532 tlb_flush_page(env, addr);
539 /* Remove a specific watchpoint. */
540 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
543 target_ulong len_mask = ~(len - 1);
546 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
547 if (addr == wp->vaddr && len_mask == wp->len_mask
548 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
549 cpu_watchpoint_remove_by_ref(env, wp);
556 /* Remove a specific watchpoint by reference. */
557 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
559 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
561 tlb_flush_page(env, watchpoint->vaddr);
566 /* Remove all matching watchpoints. */
567 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
569 CPUWatchpoint *wp, *next;
571 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
572 if (wp->flags & mask)
573 cpu_watchpoint_remove_by_ref(env, wp);
578 /* Add a breakpoint. */
579 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
580 CPUBreakpoint **breakpoint)
582 #if defined(TARGET_HAS_ICE)
585 bp = g_malloc(sizeof(*bp));
590 /* keep all GDB-injected breakpoints in front */
591 if (flags & BP_GDB) {
592 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
594 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
597 breakpoint_invalidate(ENV_GET_CPU(env), pc);
608 /* Remove a specific breakpoint. */
609 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
611 #if defined(TARGET_HAS_ICE)
614 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
615 if (bp->pc == pc && bp->flags == flags) {
616 cpu_breakpoint_remove_by_ref(env, bp);
626 /* Remove a specific breakpoint by reference. */
627 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
629 #if defined(TARGET_HAS_ICE)
630 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
632 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
638 /* Remove all matching breakpoints. */
639 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
641 #if defined(TARGET_HAS_ICE)
642 CPUBreakpoint *bp, *next;
644 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
645 if (bp->flags & mask)
646 cpu_breakpoint_remove_by_ref(env, bp);
651 /* enable or disable single step mode. EXCP_DEBUG is returned by the
652 CPU loop after each instruction */
653 void cpu_single_step(CPUState *cpu, int enabled)
655 #if defined(TARGET_HAS_ICE)
656 if (cpu->singlestep_enabled != enabled) {
657 cpu->singlestep_enabled = enabled;
659 kvm_update_guest_debug(cpu, 0);
661 /* must flush all the translated code to avoid inconsistencies */
662 /* XXX: only flush what is necessary */
663 CPUArchState *env = cpu->env_ptr;
670 void cpu_abort(CPUArchState *env, const char *fmt, ...)
672 CPUState *cpu = ENV_GET_CPU(env);
678 fprintf(stderr, "qemu: fatal: ");
679 vfprintf(stderr, fmt, ap);
680 fprintf(stderr, "\n");
681 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
682 if (qemu_log_enabled()) {
683 qemu_log("qemu: fatal: ");
684 qemu_log_vprintf(fmt, ap2);
686 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
692 #if defined(CONFIG_USER_ONLY)
694 struct sigaction act;
695 sigfillset(&act.sa_mask);
696 act.sa_handler = SIG_DFL;
697 sigaction(SIGABRT, &act, NULL);
703 #if !defined(CONFIG_USER_ONLY)
704 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
708 /* The list is protected by the iothread lock here. */
709 block = ram_list.mru_block;
710 if (block && addr - block->offset < block->length) {
713 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
714 if (addr - block->offset < block->length) {
719 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
723 ram_list.mru_block = block;
727 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
733 end = TARGET_PAGE_ALIGN(start + length);
734 start &= TARGET_PAGE_MASK;
736 block = qemu_get_ram_block(start);
737 assert(block == qemu_get_ram_block(end - 1));
738 start1 = (uintptr_t)block->host + (start - block->offset);
739 cpu_tlb_reset_dirty_all(start1, length);
742 /* Note: start and end must be within the same ram block. */
743 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
748 cpu_physical_memory_clear_dirty_range(start, length, client);
751 tlb_reset_dirty_range_all(start, length);
755 static int cpu_physical_memory_set_dirty_tracking(int enable)
758 in_migration = enable;
762 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
763 MemoryRegionSection *section,
765 hwaddr paddr, hwaddr xlat,
767 target_ulong *address)
772 if (memory_region_is_ram(section->mr)) {
774 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
776 if (!section->readonly) {
777 iotlb |= PHYS_SECTION_NOTDIRTY;
779 iotlb |= PHYS_SECTION_ROM;
782 iotlb = section - address_space_memory.dispatch->map.sections;
786 /* Make accesses to pages with watchpoints go via the
787 watchpoint trap routines. */
788 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
789 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
790 /* Avoid trapping reads of pages with a write breakpoint. */
791 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
792 iotlb = PHYS_SECTION_WATCH + paddr;
793 *address |= TLB_MMIO;
801 #endif /* defined(CONFIG_USER_ONLY) */
803 #if !defined(CONFIG_USER_ONLY)
805 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
807 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
809 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
812 * Set a custom physical guest memory alloator.
813 * Accelerators with unusual needs may need this. Hopefully, we can
814 * get rid of it eventually.
816 void phys_mem_set_alloc(void *(*alloc)(size_t))
818 phys_mem_alloc = alloc;
821 static uint16_t phys_section_add(PhysPageMap *map,
822 MemoryRegionSection *section)
824 /* The physical section number is ORed with a page-aligned
825 * pointer to produce the iotlb entries. Thus it should
826 * never overflow into the page-aligned value.
828 assert(map->sections_nb < TARGET_PAGE_SIZE);
830 if (map->sections_nb == map->sections_nb_alloc) {
831 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
832 map->sections = g_renew(MemoryRegionSection, map->sections,
833 map->sections_nb_alloc);
835 map->sections[map->sections_nb] = *section;
836 memory_region_ref(section->mr);
837 return map->sections_nb++;
840 static void phys_section_destroy(MemoryRegion *mr)
842 memory_region_unref(mr);
845 subpage_t *subpage = container_of(mr, subpage_t, iomem);
846 memory_region_destroy(&subpage->iomem);
851 static void phys_sections_free(PhysPageMap *map)
853 while (map->sections_nb > 0) {
854 MemoryRegionSection *section = &map->sections[--map->sections_nb];
855 phys_section_destroy(section->mr);
857 g_free(map->sections);
861 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
864 hwaddr base = section->offset_within_address_space
866 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
867 d->map.nodes, d->map.sections);
868 MemoryRegionSection subsection = {
869 .offset_within_address_space = base,
870 .size = int128_make64(TARGET_PAGE_SIZE),
874 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
876 if (!(existing->mr->subpage)) {
877 subpage = subpage_init(d->as, base);
878 subsection.mr = &subpage->iomem;
879 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
880 phys_section_add(&d->map, &subsection));
882 subpage = container_of(existing->mr, subpage_t, iomem);
884 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
885 end = start + int128_get64(section->size) - 1;
886 subpage_register(subpage, start, end,
887 phys_section_add(&d->map, section));
891 static void register_multipage(AddressSpaceDispatch *d,
892 MemoryRegionSection *section)
894 hwaddr start_addr = section->offset_within_address_space;
895 uint16_t section_index = phys_section_add(&d->map, section);
896 uint64_t num_pages = int128_get64(int128_rshift(section->size,
900 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
903 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
905 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
906 AddressSpaceDispatch *d = as->next_dispatch;
907 MemoryRegionSection now = *section, remain = *section;
908 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
910 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
911 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
912 - now.offset_within_address_space;
914 now.size = int128_min(int128_make64(left), now.size);
915 register_subpage(d, &now);
917 now.size = int128_zero();
919 while (int128_ne(remain.size, now.size)) {
920 remain.size = int128_sub(remain.size, now.size);
921 remain.offset_within_address_space += int128_get64(now.size);
922 remain.offset_within_region += int128_get64(now.size);
924 if (int128_lt(remain.size, page_size)) {
925 register_subpage(d, &now);
926 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
927 now.size = page_size;
928 register_subpage(d, &now);
930 now.size = int128_and(now.size, int128_neg(page_size));
931 register_multipage(d, &now);
936 void qemu_flush_coalesced_mmio_buffer(void)
939 kvm_flush_coalesced_mmio_buffer();
942 void qemu_mutex_lock_ramlist(void)
944 qemu_mutex_lock(&ram_list.mutex);
947 void qemu_mutex_unlock_ramlist(void)
949 qemu_mutex_unlock(&ram_list.mutex);
956 #define HUGETLBFS_MAGIC 0x958458f6
958 static long gethugepagesize(const char *path)
964 ret = statfs(path, &fs);
965 } while (ret != 0 && errno == EINTR);
972 if (fs.f_type != HUGETLBFS_MAGIC)
973 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
978 static sigjmp_buf sigjump;
980 static void sigbus_handler(int signal)
982 siglongjmp(sigjump, 1);
985 static void *file_ram_alloc(RAMBlock *block,
990 char *sanitized_name;
994 unsigned long hpagesize;
996 hpagesize = gethugepagesize(path);
1001 if (memory < hpagesize) {
1005 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1006 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1010 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1011 sanitized_name = g_strdup(block->mr->name);
1012 for (c = sanitized_name; *c != '\0'; c++) {
1017 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1019 g_free(sanitized_name);
1021 fd = mkstemp(filename);
1023 perror("unable to create backing store for hugepages");
1030 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1033 * ftruncate is not supported by hugetlbfs in older
1034 * hosts, so don't bother bailing out on errors.
1035 * If anything goes wrong with it under other filesystems,
1038 if (ftruncate(fd, memory))
1039 perror("ftruncate");
1041 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1042 if (area == MAP_FAILED) {
1043 perror("file_ram_alloc: can't mmap RAM pages");
1050 struct sigaction act, oldact;
1051 sigset_t set, oldset;
1053 memset(&act, 0, sizeof(act));
1054 act.sa_handler = &sigbus_handler;
1057 ret = sigaction(SIGBUS, &act, &oldact);
1059 perror("file_ram_alloc: failed to install signal handler");
1063 /* unblock SIGBUS */
1065 sigaddset(&set, SIGBUS);
1066 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
1068 if (sigsetjmp(sigjump, 1)) {
1069 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
1073 /* MAP_POPULATE silently ignores failures */
1074 for (i = 0; i < (memory/hpagesize)-1; i++) {
1075 memset(area + (hpagesize*i), 0, 1);
1078 ret = sigaction(SIGBUS, &oldact, NULL);
1080 perror("file_ram_alloc: failed to reinstall signal handler");
1084 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
1091 static void *file_ram_alloc(RAMBlock *block,
1095 fprintf(stderr, "-mem-path not supported on this host\n");
1100 static ram_addr_t find_ram_offset(ram_addr_t size)
1102 RAMBlock *block, *next_block;
1103 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1105 assert(size != 0); /* it would hand out same offset multiple times */
1107 if (QTAILQ_EMPTY(&ram_list.blocks))
1110 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1111 ram_addr_t end, next = RAM_ADDR_MAX;
1113 end = block->offset + block->length;
1115 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1116 if (next_block->offset >= end) {
1117 next = MIN(next, next_block->offset);
1120 if (next - end >= size && next - end < mingap) {
1122 mingap = next - end;
1126 if (offset == RAM_ADDR_MAX) {
1127 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1135 ram_addr_t last_ram_offset(void)
1138 ram_addr_t last = 0;
1140 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1141 last = MAX(last, block->offset + block->length);
1146 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1150 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1151 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1152 "dump-guest-core", true)) {
1153 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1155 perror("qemu_madvise");
1156 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1157 "but dump_guest_core=off specified\n");
1162 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1164 RAMBlock *new_block, *block;
1167 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1168 if (block->offset == addr) {
1174 assert(!new_block->idstr[0]);
1177 char *id = qdev_get_dev_path(dev);
1179 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1183 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1185 /* This assumes the iothread lock is taken here too. */
1186 qemu_mutex_lock_ramlist();
1187 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1188 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1189 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1194 qemu_mutex_unlock_ramlist();
1197 static int memory_try_enable_merging(void *addr, size_t len)
1199 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1200 /* disabled by the user */
1204 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1207 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1210 RAMBlock *block, *new_block;
1211 ram_addr_t old_ram_size, new_ram_size;
1213 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1215 size = TARGET_PAGE_ALIGN(size);
1216 new_block = g_malloc0(sizeof(*new_block));
1219 /* This assumes the iothread lock is taken here too. */
1220 qemu_mutex_lock_ramlist();
1222 new_block->offset = find_ram_offset(size);
1224 new_block->host = host;
1225 new_block->flags |= RAM_PREALLOC_MASK;
1226 } else if (xen_enabled()) {
1228 fprintf(stderr, "-mem-path not supported with Xen\n");
1231 xen_ram_alloc(new_block->offset, size, mr);
1234 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1236 * file_ram_alloc() needs to allocate just like
1237 * phys_mem_alloc, but we haven't bothered to provide
1241 "-mem-path not supported with this accelerator\n");
1244 new_block->host = file_ram_alloc(new_block, size, mem_path);
1246 if (!new_block->host) {
1247 new_block->host = phys_mem_alloc(size);
1248 if (!new_block->host) {
1249 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1250 new_block->mr->name, strerror(errno));
1253 memory_try_enable_merging(new_block->host, size);
1256 new_block->length = size;
1258 /* Keep the list sorted from biggest to smallest block. */
1259 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1260 if (block->length < new_block->length) {
1265 QTAILQ_INSERT_BEFORE(block, new_block, next);
1267 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1269 ram_list.mru_block = NULL;
1272 qemu_mutex_unlock_ramlist();
1274 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1276 if (new_ram_size > old_ram_size) {
1278 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1279 ram_list.dirty_memory[i] =
1280 bitmap_zero_extend(ram_list.dirty_memory[i],
1281 old_ram_size, new_ram_size);
1284 cpu_physical_memory_set_dirty_range(new_block->offset, size);
1286 qemu_ram_setup_dump(new_block->host, size);
1287 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1288 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1291 kvm_setup_guest_memory(new_block->host, size);
1293 return new_block->offset;
1296 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1298 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1301 void qemu_ram_free_from_ptr(ram_addr_t addr)
1305 /* This assumes the iothread lock is taken here too. */
1306 qemu_mutex_lock_ramlist();
1307 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1308 if (addr == block->offset) {
1309 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1310 ram_list.mru_block = NULL;
1316 qemu_mutex_unlock_ramlist();
1319 void qemu_ram_free(ram_addr_t addr)
1323 /* This assumes the iothread lock is taken here too. */
1324 qemu_mutex_lock_ramlist();
1325 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1326 if (addr == block->offset) {
1327 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1328 ram_list.mru_block = NULL;
1330 if (block->flags & RAM_PREALLOC_MASK) {
1332 } else if (xen_enabled()) {
1333 xen_invalidate_map_cache_entry(block->host);
1335 } else if (block->fd >= 0) {
1336 munmap(block->host, block->length);
1340 qemu_anon_ram_free(block->host, block->length);
1346 qemu_mutex_unlock_ramlist();
1351 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1358 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1359 offset = addr - block->offset;
1360 if (offset < block->length) {
1361 vaddr = block->host + offset;
1362 if (block->flags & RAM_PREALLOC_MASK) {
1364 } else if (xen_enabled()) {
1368 munmap(vaddr, length);
1369 if (block->fd >= 0) {
1371 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1374 flags |= MAP_PRIVATE;
1376 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1377 flags, block->fd, offset);
1380 * Remap needs to match alloc. Accelerators that
1381 * set phys_mem_alloc never remap. If they did,
1382 * we'd need a remap hook here.
1384 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1386 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1387 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1390 if (area != vaddr) {
1391 fprintf(stderr, "Could not remap addr: "
1392 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1396 memory_try_enable_merging(vaddr, length);
1397 qemu_ram_setup_dump(vaddr, length);
1403 #endif /* !_WIN32 */
1405 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1406 With the exception of the softmmu code in this file, this should
1407 only be used for local memory (e.g. video ram) that the device owns,
1408 and knows it isn't going to access beyond the end of the block.
1410 It should not be used for general purpose DMA.
1411 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1413 void *qemu_get_ram_ptr(ram_addr_t addr)
1415 RAMBlock *block = qemu_get_ram_block(addr);
1417 if (xen_enabled()) {
1418 /* We need to check if the requested address is in the RAM
1419 * because we don't want to map the entire memory in QEMU.
1420 * In that case just map until the end of the page.
1422 if (block->offset == 0) {
1423 return xen_map_cache(addr, 0, 0);
1424 } else if (block->host == NULL) {
1426 xen_map_cache(block->offset, block->length, 1);
1429 return block->host + (addr - block->offset);
1432 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1433 * but takes a size argument */
1434 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1439 if (xen_enabled()) {
1440 return xen_map_cache(addr, *size, 1);
1444 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1445 if (addr - block->offset < block->length) {
1446 if (addr - block->offset + *size > block->length)
1447 *size = block->length - addr + block->offset;
1448 return block->host + (addr - block->offset);
1452 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1457 /* Some of the softmmu routines need to translate from a host pointer
1458 (typically a TLB entry) back to a ram offset. */
1459 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1462 uint8_t *host = ptr;
1464 if (xen_enabled()) {
1465 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1466 return qemu_get_ram_block(*ram_addr)->mr;
1469 block = ram_list.mru_block;
1470 if (block && block->host && host - block->host < block->length) {
1474 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1475 /* This case append when the block is not mapped. */
1476 if (block->host == NULL) {
1479 if (host - block->host < block->length) {
1487 *ram_addr = block->offset + (host - block->host);
1491 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1492 uint64_t val, unsigned size)
1494 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1495 tb_invalidate_phys_page_fast(ram_addr, size);
1499 stb_p(qemu_get_ram_ptr(ram_addr), val);
1502 stw_p(qemu_get_ram_ptr(ram_addr), val);
1505 stl_p(qemu_get_ram_ptr(ram_addr), val);
1510 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1511 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1512 /* we remove the notdirty callback only if the code has been
1514 if (!cpu_physical_memory_is_clean(ram_addr)) {
1515 CPUArchState *env = current_cpu->env_ptr;
1516 tlb_set_dirty(env, env->mem_io_vaddr);
1520 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1521 unsigned size, bool is_write)
1526 static const MemoryRegionOps notdirty_mem_ops = {
1527 .write = notdirty_mem_write,
1528 .valid.accepts = notdirty_mem_accepts,
1529 .endianness = DEVICE_NATIVE_ENDIAN,
1532 /* Generate a debug exception if a watchpoint has been hit. */
1533 static void check_watchpoint(int offset, int len_mask, int flags)
1535 CPUArchState *env = current_cpu->env_ptr;
1536 target_ulong pc, cs_base;
1541 if (env->watchpoint_hit) {
1542 /* We re-entered the check after replacing the TB. Now raise
1543 * the debug interrupt so that is will trigger after the
1544 * current instruction. */
1545 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1548 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1549 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1550 if ((vaddr == (wp->vaddr & len_mask) ||
1551 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1552 wp->flags |= BP_WATCHPOINT_HIT;
1553 if (!env->watchpoint_hit) {
1554 env->watchpoint_hit = wp;
1555 tb_check_watchpoint(env);
1556 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1557 env->exception_index = EXCP_DEBUG;
1560 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1561 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1562 cpu_resume_from_signal(env, NULL);
1566 wp->flags &= ~BP_WATCHPOINT_HIT;
1571 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1572 so these check for a hit then pass through to the normal out-of-line
1574 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1577 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1579 case 1: return ldub_phys(addr);
1580 case 2: return lduw_phys(addr);
1581 case 4: return ldl_phys(addr);
1586 static void watch_mem_write(void *opaque, hwaddr addr,
1587 uint64_t val, unsigned size)
1589 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1592 stb_phys(addr, val);
1595 stw_phys(addr, val);
1598 stl_phys(addr, val);
1604 static const MemoryRegionOps watch_mem_ops = {
1605 .read = watch_mem_read,
1606 .write = watch_mem_write,
1607 .endianness = DEVICE_NATIVE_ENDIAN,
1610 static uint64_t subpage_read(void *opaque, hwaddr addr,
1613 subpage_t *subpage = opaque;
1616 #if defined(DEBUG_SUBPAGE)
1617 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1618 subpage, len, addr);
1620 address_space_read(subpage->as, addr + subpage->base, buf, len);
1633 static void subpage_write(void *opaque, hwaddr addr,
1634 uint64_t value, unsigned len)
1636 subpage_t *subpage = opaque;
1639 #if defined(DEBUG_SUBPAGE)
1640 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1641 " value %"PRIx64"\n",
1642 __func__, subpage, len, addr, value);
1657 address_space_write(subpage->as, addr + subpage->base, buf, len);
1660 static bool subpage_accepts(void *opaque, hwaddr addr,
1661 unsigned len, bool is_write)
1663 subpage_t *subpage = opaque;
1664 #if defined(DEBUG_SUBPAGE)
1665 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1666 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1669 return address_space_access_valid(subpage->as, addr + subpage->base,
1673 static const MemoryRegionOps subpage_ops = {
1674 .read = subpage_read,
1675 .write = subpage_write,
1676 .valid.accepts = subpage_accepts,
1677 .endianness = DEVICE_NATIVE_ENDIAN,
1680 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1685 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1687 idx = SUBPAGE_IDX(start);
1688 eidx = SUBPAGE_IDX(end);
1689 #if defined(DEBUG_SUBPAGE)
1690 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1691 __func__, mmio, start, end, idx, eidx, section);
1693 for (; idx <= eidx; idx++) {
1694 mmio->sub_section[idx] = section;
1700 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1704 mmio = g_malloc0(sizeof(subpage_t));
1708 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1709 "subpage", TARGET_PAGE_SIZE);
1710 mmio->iomem.subpage = true;
1711 #if defined(DEBUG_SUBPAGE)
1712 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1713 mmio, base, TARGET_PAGE_SIZE);
1715 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1720 static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr)
1722 MemoryRegionSection section = {
1724 .offset_within_address_space = 0,
1725 .offset_within_region = 0,
1726 .size = int128_2_64(),
1729 return phys_section_add(map, §ion);
1732 MemoryRegion *iotlb_to_region(hwaddr index)
1734 return address_space_memory.dispatch->map.sections[
1735 index & ~TARGET_PAGE_MASK].mr;
1738 static void io_mem_init(void)
1740 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1741 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1742 "unassigned", UINT64_MAX);
1743 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1744 "notdirty", UINT64_MAX);
1745 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1746 "watch", UINT64_MAX);
1749 static void mem_begin(MemoryListener *listener)
1751 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1752 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1755 n = dummy_section(&d->map, &io_mem_unassigned);
1756 assert(n == PHYS_SECTION_UNASSIGNED);
1757 n = dummy_section(&d->map, &io_mem_notdirty);
1758 assert(n == PHYS_SECTION_NOTDIRTY);
1759 n = dummy_section(&d->map, &io_mem_rom);
1760 assert(n == PHYS_SECTION_ROM);
1761 n = dummy_section(&d->map, &io_mem_watch);
1762 assert(n == PHYS_SECTION_WATCH);
1764 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1766 as->next_dispatch = d;
1769 static void mem_commit(MemoryListener *listener)
1771 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1772 AddressSpaceDispatch *cur = as->dispatch;
1773 AddressSpaceDispatch *next = as->next_dispatch;
1775 phys_page_compact_all(next, next->map.nodes_nb);
1777 as->dispatch = next;
1780 phys_sections_free(&cur->map);
1785 static void tcg_commit(MemoryListener *listener)
1789 /* since each CPU stores ram addresses in its TLB cache, we must
1790 reset the modified entries */
1793 CPUArchState *env = cpu->env_ptr;
1799 static void core_log_global_start(MemoryListener *listener)
1801 cpu_physical_memory_set_dirty_tracking(1);
1804 static void core_log_global_stop(MemoryListener *listener)
1806 cpu_physical_memory_set_dirty_tracking(0);
1809 static MemoryListener core_memory_listener = {
1810 .log_global_start = core_log_global_start,
1811 .log_global_stop = core_log_global_stop,
1815 static MemoryListener tcg_memory_listener = {
1816 .commit = tcg_commit,
1819 void address_space_init_dispatch(AddressSpace *as)
1821 as->dispatch = NULL;
1822 as->dispatch_listener = (MemoryListener) {
1824 .commit = mem_commit,
1825 .region_add = mem_add,
1826 .region_nop = mem_add,
1829 memory_listener_register(&as->dispatch_listener, as);
1832 void address_space_destroy_dispatch(AddressSpace *as)
1834 AddressSpaceDispatch *d = as->dispatch;
1836 memory_listener_unregister(&as->dispatch_listener);
1838 as->dispatch = NULL;
1841 static void memory_map_init(void)
1843 system_memory = g_malloc(sizeof(*system_memory));
1845 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1846 address_space_init(&address_space_memory, system_memory, "memory");
1848 system_io = g_malloc(sizeof(*system_io));
1849 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1851 address_space_init(&address_space_io, system_io, "I/O");
1853 memory_listener_register(&core_memory_listener, &address_space_memory);
1854 if (tcg_enabled()) {
1855 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1859 MemoryRegion *get_system_memory(void)
1861 return system_memory;
1864 MemoryRegion *get_system_io(void)
1869 #endif /* !defined(CONFIG_USER_ONLY) */
1871 /* physical memory access (slow version, mainly for debug) */
1872 #if defined(CONFIG_USER_ONLY)
1873 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1874 uint8_t *buf, int len, int is_write)
1881 page = addr & TARGET_PAGE_MASK;
1882 l = (page + TARGET_PAGE_SIZE) - addr;
1885 flags = page_get_flags(page);
1886 if (!(flags & PAGE_VALID))
1889 if (!(flags & PAGE_WRITE))
1891 /* XXX: this code should not depend on lock_user */
1892 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1895 unlock_user(p, addr, l);
1897 if (!(flags & PAGE_READ))
1899 /* XXX: this code should not depend on lock_user */
1900 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1903 unlock_user(p, addr, 0);
1914 static void invalidate_and_set_dirty(hwaddr addr,
1917 if (cpu_physical_memory_is_clean(addr)) {
1918 /* invalidate code */
1919 tb_invalidate_phys_page_range(addr, addr + length, 0);
1921 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1922 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1924 xen_modified_memory(addr, length);
1927 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1929 if (memory_region_is_ram(mr)) {
1930 return !(is_write && mr->readonly);
1932 if (memory_region_is_romd(mr)) {
1939 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1941 unsigned access_size_max = mr->ops->valid.max_access_size;
1943 /* Regions are assumed to support 1-4 byte accesses unless
1944 otherwise specified. */
1945 if (access_size_max == 0) {
1946 access_size_max = 4;
1949 /* Bound the maximum access by the alignment of the address. */
1950 if (!mr->ops->impl.unaligned) {
1951 unsigned align_size_max = addr & -addr;
1952 if (align_size_max != 0 && align_size_max < access_size_max) {
1953 access_size_max = align_size_max;
1957 /* Don't attempt accesses larger than the maximum. */
1958 if (l > access_size_max) {
1959 l = access_size_max;
1962 l = 1 << (qemu_fls(l) - 1);
1968 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1969 int len, bool is_write)
1980 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1983 if (!memory_access_is_direct(mr, is_write)) {
1984 l = memory_access_size(mr, l, addr1);
1985 /* XXX: could force current_cpu to NULL to avoid
1989 /* 64 bit write access */
1991 error |= io_mem_write(mr, addr1, val, 8);
1994 /* 32 bit write access */
1996 error |= io_mem_write(mr, addr1, val, 4);
1999 /* 16 bit write access */
2001 error |= io_mem_write(mr, addr1, val, 2);
2004 /* 8 bit write access */
2006 error |= io_mem_write(mr, addr1, val, 1);
2012 addr1 += memory_region_get_ram_addr(mr);
2014 ptr = qemu_get_ram_ptr(addr1);
2015 memcpy(ptr, buf, l);
2016 invalidate_and_set_dirty(addr1, l);
2019 if (!memory_access_is_direct(mr, is_write)) {
2021 l = memory_access_size(mr, l, addr1);
2024 /* 64 bit read access */
2025 error |= io_mem_read(mr, addr1, &val, 8);
2029 /* 32 bit read access */
2030 error |= io_mem_read(mr, addr1, &val, 4);
2034 /* 16 bit read access */
2035 error |= io_mem_read(mr, addr1, &val, 2);
2039 /* 8 bit read access */
2040 error |= io_mem_read(mr, addr1, &val, 1);
2048 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2049 memcpy(buf, ptr, l);
2060 bool address_space_write(AddressSpace *as, hwaddr addr,
2061 const uint8_t *buf, int len)
2063 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2066 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2068 return address_space_rw(as, addr, buf, len, false);
2072 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2073 int len, int is_write)
2075 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2078 enum write_rom_type {
2083 static inline void cpu_physical_memory_write_rom_internal(
2084 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2093 mr = address_space_translate(&address_space_memory,
2094 addr, &addr1, &l, true);
2096 if (!(memory_region_is_ram(mr) ||
2097 memory_region_is_romd(mr))) {
2100 addr1 += memory_region_get_ram_addr(mr);
2102 ptr = qemu_get_ram_ptr(addr1);
2105 memcpy(ptr, buf, l);
2106 invalidate_and_set_dirty(addr1, l);
2109 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2119 /* used for ROM loading : can write in RAM and ROM */
2120 void cpu_physical_memory_write_rom(hwaddr addr,
2121 const uint8_t *buf, int len)
2123 cpu_physical_memory_write_rom_internal(addr, buf, len, WRITE_DATA);
2126 void cpu_flush_icache_range(hwaddr start, int len)
2129 * This function should do the same thing as an icache flush that was
2130 * triggered from within the guest. For TCG we are always cache coherent,
2131 * so there is no need to flush anything. For KVM / Xen we need to flush
2132 * the host's instruction cache at least.
2134 if (tcg_enabled()) {
2138 cpu_physical_memory_write_rom_internal(start, NULL, len, FLUSH_CACHE);
2148 static BounceBuffer bounce;
2150 typedef struct MapClient {
2152 void (*callback)(void *opaque);
2153 QLIST_ENTRY(MapClient) link;
2156 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2157 = QLIST_HEAD_INITIALIZER(map_client_list);
2159 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2161 MapClient *client = g_malloc(sizeof(*client));
2163 client->opaque = opaque;
2164 client->callback = callback;
2165 QLIST_INSERT_HEAD(&map_client_list, client, link);
2169 static void cpu_unregister_map_client(void *_client)
2171 MapClient *client = (MapClient *)_client;
2173 QLIST_REMOVE(client, link);
2177 static void cpu_notify_map_clients(void)
2181 while (!QLIST_EMPTY(&map_client_list)) {
2182 client = QLIST_FIRST(&map_client_list);
2183 client->callback(client->opaque);
2184 cpu_unregister_map_client(client);
2188 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2195 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2196 if (!memory_access_is_direct(mr, is_write)) {
2197 l = memory_access_size(mr, l, addr);
2198 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2209 /* Map a physical memory region into a host virtual address.
2210 * May map a subset of the requested range, given by and returned in *plen.
2211 * May return NULL if resources needed to perform the mapping are exhausted.
2212 * Use only for reads OR writes - not for read-modify-write operations.
2213 * Use cpu_register_map_client() to know when retrying the map operation is
2214 * likely to succeed.
2216 void *address_space_map(AddressSpace *as,
2223 hwaddr l, xlat, base;
2224 MemoryRegion *mr, *this_mr;
2232 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2233 if (!memory_access_is_direct(mr, is_write)) {
2234 if (bounce.buffer) {
2237 /* Avoid unbounded allocations */
2238 l = MIN(l, TARGET_PAGE_SIZE);
2239 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2243 memory_region_ref(mr);
2246 address_space_read(as, addr, bounce.buffer, l);
2250 return bounce.buffer;
2254 raddr = memory_region_get_ram_addr(mr);
2265 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2266 if (this_mr != mr || xlat != base + done) {
2271 memory_region_ref(mr);
2273 return qemu_ram_ptr_length(raddr + base, plen);
2276 /* Unmaps a memory region previously mapped by address_space_map().
2277 * Will also mark the memory as dirty if is_write == 1. access_len gives
2278 * the amount of memory that was actually read or written by the caller.
2280 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2281 int is_write, hwaddr access_len)
2283 if (buffer != bounce.buffer) {
2287 mr = qemu_ram_addr_from_host(buffer, &addr1);
2290 while (access_len) {
2292 l = TARGET_PAGE_SIZE;
2295 invalidate_and_set_dirty(addr1, l);
2300 if (xen_enabled()) {
2301 xen_invalidate_map_cache_entry(buffer);
2303 memory_region_unref(mr);
2307 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2309 qemu_vfree(bounce.buffer);
2310 bounce.buffer = NULL;
2311 memory_region_unref(bounce.mr);
2312 cpu_notify_map_clients();
2315 void *cpu_physical_memory_map(hwaddr addr,
2319 return address_space_map(&address_space_memory, addr, plen, is_write);
2322 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2323 int is_write, hwaddr access_len)
2325 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2328 /* warning: addr must be aligned */
2329 static inline uint32_t ldl_phys_internal(hwaddr addr,
2330 enum device_endian endian)
2338 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2340 if (l < 4 || !memory_access_is_direct(mr, false)) {
2342 io_mem_read(mr, addr1, &val, 4);
2343 #if defined(TARGET_WORDS_BIGENDIAN)
2344 if (endian == DEVICE_LITTLE_ENDIAN) {
2348 if (endian == DEVICE_BIG_ENDIAN) {
2354 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2358 case DEVICE_LITTLE_ENDIAN:
2359 val = ldl_le_p(ptr);
2361 case DEVICE_BIG_ENDIAN:
2362 val = ldl_be_p(ptr);
2372 uint32_t ldl_phys(hwaddr addr)
2374 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2377 uint32_t ldl_le_phys(hwaddr addr)
2379 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2382 uint32_t ldl_be_phys(hwaddr addr)
2384 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2387 /* warning: addr must be aligned */
2388 static inline uint64_t ldq_phys_internal(hwaddr addr,
2389 enum device_endian endian)
2397 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2399 if (l < 8 || !memory_access_is_direct(mr, false)) {
2401 io_mem_read(mr, addr1, &val, 8);
2402 #if defined(TARGET_WORDS_BIGENDIAN)
2403 if (endian == DEVICE_LITTLE_ENDIAN) {
2407 if (endian == DEVICE_BIG_ENDIAN) {
2413 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2417 case DEVICE_LITTLE_ENDIAN:
2418 val = ldq_le_p(ptr);
2420 case DEVICE_BIG_ENDIAN:
2421 val = ldq_be_p(ptr);
2431 uint64_t ldq_phys(hwaddr addr)
2433 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2436 uint64_t ldq_le_phys(hwaddr addr)
2438 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2441 uint64_t ldq_be_phys(hwaddr addr)
2443 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2447 uint32_t ldub_phys(hwaddr addr)
2450 cpu_physical_memory_read(addr, &val, 1);
2454 /* warning: addr must be aligned */
2455 static inline uint32_t lduw_phys_internal(hwaddr addr,
2456 enum device_endian endian)
2464 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2466 if (l < 2 || !memory_access_is_direct(mr, false)) {
2468 io_mem_read(mr, addr1, &val, 2);
2469 #if defined(TARGET_WORDS_BIGENDIAN)
2470 if (endian == DEVICE_LITTLE_ENDIAN) {
2474 if (endian == DEVICE_BIG_ENDIAN) {
2480 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2484 case DEVICE_LITTLE_ENDIAN:
2485 val = lduw_le_p(ptr);
2487 case DEVICE_BIG_ENDIAN:
2488 val = lduw_be_p(ptr);
2498 uint32_t lduw_phys(hwaddr addr)
2500 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2503 uint32_t lduw_le_phys(hwaddr addr)
2505 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2508 uint32_t lduw_be_phys(hwaddr addr)
2510 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2513 /* warning: addr must be aligned. The ram page is not masked as dirty
2514 and the code inside is not invalidated. It is useful if the dirty
2515 bits are used to track modified PTEs */
2516 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2523 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2525 if (l < 4 || !memory_access_is_direct(mr, true)) {
2526 io_mem_write(mr, addr1, val, 4);
2528 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2529 ptr = qemu_get_ram_ptr(addr1);
2532 if (unlikely(in_migration)) {
2533 if (cpu_physical_memory_is_clean(addr1)) {
2534 /* invalidate code */
2535 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2537 cpu_physical_memory_set_dirty_flag(addr1,
2538 DIRTY_MEMORY_MIGRATION);
2539 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2545 /* warning: addr must be aligned */
2546 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2547 enum device_endian endian)
2554 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2556 if (l < 4 || !memory_access_is_direct(mr, true)) {
2557 #if defined(TARGET_WORDS_BIGENDIAN)
2558 if (endian == DEVICE_LITTLE_ENDIAN) {
2562 if (endian == DEVICE_BIG_ENDIAN) {
2566 io_mem_write(mr, addr1, val, 4);
2569 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2570 ptr = qemu_get_ram_ptr(addr1);
2572 case DEVICE_LITTLE_ENDIAN:
2575 case DEVICE_BIG_ENDIAN:
2582 invalidate_and_set_dirty(addr1, 4);
2586 void stl_phys(hwaddr addr, uint32_t val)
2588 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2591 void stl_le_phys(hwaddr addr, uint32_t val)
2593 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2596 void stl_be_phys(hwaddr addr, uint32_t val)
2598 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2602 void stb_phys(hwaddr addr, uint32_t val)
2605 cpu_physical_memory_write(addr, &v, 1);
2608 /* warning: addr must be aligned */
2609 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2610 enum device_endian endian)
2617 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2619 if (l < 2 || !memory_access_is_direct(mr, true)) {
2620 #if defined(TARGET_WORDS_BIGENDIAN)
2621 if (endian == DEVICE_LITTLE_ENDIAN) {
2625 if (endian == DEVICE_BIG_ENDIAN) {
2629 io_mem_write(mr, addr1, val, 2);
2632 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2633 ptr = qemu_get_ram_ptr(addr1);
2635 case DEVICE_LITTLE_ENDIAN:
2638 case DEVICE_BIG_ENDIAN:
2645 invalidate_and_set_dirty(addr1, 2);
2649 void stw_phys(hwaddr addr, uint32_t val)
2651 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2654 void stw_le_phys(hwaddr addr, uint32_t val)
2656 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2659 void stw_be_phys(hwaddr addr, uint32_t val)
2661 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2665 void stq_phys(hwaddr addr, uint64_t val)
2668 cpu_physical_memory_write(addr, &val, 8);
2671 void stq_le_phys(hwaddr addr, uint64_t val)
2673 val = cpu_to_le64(val);
2674 cpu_physical_memory_write(addr, &val, 8);
2677 void stq_be_phys(hwaddr addr, uint64_t val)
2679 val = cpu_to_be64(val);
2680 cpu_physical_memory_write(addr, &val, 8);
2683 /* virtual memory access for debug (includes writing to ROM) */
2684 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2685 uint8_t *buf, int len, int is_write)
2692 page = addr & TARGET_PAGE_MASK;
2693 phys_addr = cpu_get_phys_page_debug(cpu, page);
2694 /* if no physical page mapped, return an error */
2695 if (phys_addr == -1)
2697 l = (page + TARGET_PAGE_SIZE) - addr;
2700 phys_addr += (addr & ~TARGET_PAGE_MASK);
2702 cpu_physical_memory_write_rom(phys_addr, buf, l);
2704 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2713 #if !defined(CONFIG_USER_ONLY)
2716 * A helper function for the _utterly broken_ virtio device model to find out if
2717 * it's running on a big endian machine. Don't do this at home kids!
2719 bool virtio_is_big_endian(void);
2720 bool virtio_is_big_endian(void)
2722 #if defined(TARGET_WORDS_BIGENDIAN)
2731 #ifndef CONFIG_USER_ONLY
2732 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2737 mr = address_space_translate(&address_space_memory,
2738 phys_addr, &phys_addr, &l, false);
2740 return !(memory_region_is_ram(mr) ||
2741 memory_region_is_romd(mr));
2744 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2748 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2749 func(block->host, block->offset, block->length, opaque);
projects / qemu.git / blob