4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 #include "qemu/mmap-alloc.h"
63 //#define DEBUG_SUBPAGE
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
89 #define RAM_RESIZEABLE (1 << 2)
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
102 #if !defined(CONFIG_USER_ONLY)
104 typedef struct PhysPageEntry PhysPageEntry;
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
119 #define P_L2_SIZE (1 << P_L2_BITS)
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
123 typedef PhysPageEntry Node[P_L2_SIZE];
125 typedef struct PhysPageMap {
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
131 unsigned nodes_nb_alloc;
133 MemoryRegionSection *sections;
136 struct AddressSpaceDispatch {
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
142 PhysPageEntry phys_map;
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
152 uint16_t sub_section[TARGET_PAGE_SIZE];
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
164 static MemoryRegion io_mem_watch;
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
173 struct CPUAddressSpace {
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
182 #if !defined(CONFIG_USER_ONLY)
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
200 ret = map->nodes_nb++;
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
254 unsigned valid_ptr = P_L2_SIZE;
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 phys_page_compact(&p[i], nodes, compacted);
276 /* We can only compress if there's only one child. */
281 assert(valid_ptr < P_L2_SIZE);
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
298 lp->skip += p[valid_ptr].skip;
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
304 DECLARE_BITMAP(compacted, nodes_nb);
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
315 hwaddr index = addr >> TARGET_PAGE_BITS;
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return §ions[PHYS_SECTION_UNASSIGNED];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return §ions[lp.ptr];
331 return §ions[PHYS_SECTION_UNASSIGNED];
335 bool memory_region_is_unassigned(MemoryRegion *mr)
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
344 bool resolve_subpage)
346 MemoryRegionSection *section;
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
362 MemoryRegionSection *section;
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
393 /* Called from RCU critical section */
394 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
399 MemoryRegionSection *section;
403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
407 if (!mr->iommu_ops) {
411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
420 as = iotlb.target_as;
423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
425 *plen = MIN(page, *plen);
432 /* Called from RCU critical section */
433 MemoryRegionSection *
434 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
437 MemoryRegionSection *section;
438 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
440 section = address_space_translate_internal(d, addr, xlat, plen, false);
442 assert(!section->mr->iommu_ops);
447 #if !defined(CONFIG_USER_ONLY)
449 static int cpu_common_post_load(void *opaque, int version_id)
451 CPUState *cpu = opaque;
453 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
454 version_id is increased. */
455 cpu->interrupt_request &= ~0x01;
461 static int cpu_common_pre_load(void *opaque)
463 CPUState *cpu = opaque;
465 cpu->exception_index = -1;
470 static bool cpu_common_exception_index_needed(void *opaque)
472 CPUState *cpu = opaque;
474 return tcg_enabled() && cpu->exception_index != -1;
477 static const VMStateDescription vmstate_cpu_common_exception_index = {
478 .name = "cpu_common/exception_index",
480 .minimum_version_id = 1,
481 .needed = cpu_common_exception_index_needed,
482 .fields = (VMStateField[]) {
483 VMSTATE_INT32(exception_index, CPUState),
484 VMSTATE_END_OF_LIST()
488 static bool cpu_common_crash_occurred_needed(void *opaque)
490 CPUState *cpu = opaque;
492 return cpu->crash_occurred;
495 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
496 .name = "cpu_common/crash_occurred",
498 .minimum_version_id = 1,
499 .needed = cpu_common_crash_occurred_needed,
500 .fields = (VMStateField[]) {
501 VMSTATE_BOOL(crash_occurred, CPUState),
502 VMSTATE_END_OF_LIST()
506 const VMStateDescription vmstate_cpu_common = {
507 .name = "cpu_common",
509 .minimum_version_id = 1,
510 .pre_load = cpu_common_pre_load,
511 .post_load = cpu_common_post_load,
512 .fields = (VMStateField[]) {
513 VMSTATE_UINT32(halted, CPUState),
514 VMSTATE_UINT32(interrupt_request, CPUState),
515 VMSTATE_END_OF_LIST()
517 .subsections = (const VMStateDescription*[]) {
518 &vmstate_cpu_common_exception_index,
519 &vmstate_cpu_common_crash_occurred,
526 CPUState *qemu_get_cpu(int index)
531 if (cpu->cpu_index == index) {
539 #if !defined(CONFIG_USER_ONLY)
540 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
542 CPUAddressSpace *newas;
544 /* Target code should have set num_ases before calling us */
545 assert(asidx < cpu->num_ases);
548 /* address space 0 gets the convenience alias */
552 /* KVM cannot currently support multiple address spaces. */
553 assert(asidx == 0 || !kvm_enabled());
555 if (!cpu->cpu_ases) {
556 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
559 newas = &cpu->cpu_ases[asidx];
563 newas->tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&newas->tcg_as_listener, as);
569 #ifndef CONFIG_USER_ONLY
570 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
572 static int cpu_get_free_index(Error **errp)
574 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
576 if (cpu >= MAX_CPUMASK_BITS) {
577 error_setg(errp, "Trying to use more CPUs than max of %d",
582 bitmap_set(cpu_index_map, cpu, 1);
586 void cpu_exec_exit(CPUState *cpu)
588 if (cpu->cpu_index == -1) {
589 /* cpu_index was never allocated by this @cpu or was already freed. */
593 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
598 static int cpu_get_free_index(Error **errp)
603 CPU_FOREACH(some_cpu) {
609 void cpu_exec_exit(CPUState *cpu)
614 void cpu_exec_init(CPUState *cpu, Error **errp)
616 CPUClass *cc = CPU_GET_CLASS(cpu);
618 Error *local_err = NULL;
623 #ifndef CONFIG_USER_ONLY
624 cpu->thread_id = qemu_get_thread_id();
627 #if defined(CONFIG_USER_ONLY)
630 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
632 error_propagate(errp, local_err);
633 #if defined(CONFIG_USER_ONLY)
638 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
639 #if defined(CONFIG_USER_ONLY)
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
645 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
647 cpu_save, cpu_load, cpu->env_ptr);
648 assert(cc->vmsd == NULL);
649 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
651 if (cc->vmsd != NULL) {
652 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
656 #if defined(CONFIG_USER_ONLY)
657 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
659 tb_invalidate_phys_page_range(pc, pc + 1, 0);
662 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
664 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
666 tb_invalidate_phys_addr(cpu->as,
667 phys | (pc & ~TARGET_PAGE_MASK));
672 #if defined(CONFIG_USER_ONLY)
673 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
678 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
684 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
688 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
689 int flags, CPUWatchpoint **watchpoint)
694 /* Add a watchpoint. */
695 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
696 int flags, CPUWatchpoint **watchpoint)
700 /* forbid ranges which are empty or run off the end of the address space */
701 if (len == 0 || (addr + len - 1) < addr) {
702 error_report("tried to set invalid watchpoint at %"
703 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
706 wp = g_malloc(sizeof(*wp));
712 /* keep all GDB-injected watchpoints in front */
713 if (flags & BP_GDB) {
714 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
716 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
719 tlb_flush_page(cpu, addr);
726 /* Remove a specific watchpoint. */
727 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
732 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
733 if (addr == wp->vaddr && len == wp->len
734 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
735 cpu_watchpoint_remove_by_ref(cpu, wp);
742 /* Remove a specific watchpoint by reference. */
743 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
745 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
747 tlb_flush_page(cpu, watchpoint->vaddr);
752 /* Remove all matching watchpoints. */
753 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
755 CPUWatchpoint *wp, *next;
757 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
758 if (wp->flags & mask) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
764 /* Return true if this watchpoint address matches the specified
765 * access (ie the address range covered by the watchpoint overlaps
766 * partially or completely with the address range covered by the
769 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
773 /* We know the lengths are non-zero, but a little caution is
774 * required to avoid errors in the case where the range ends
775 * exactly at the top of the address space and so addr + len
776 * wraps round to zero.
778 vaddr wpend = wp->vaddr + wp->len - 1;
779 vaddr addrend = addr + len - 1;
781 return !(addr > wpend || wp->vaddr > addrend);
786 /* Add a breakpoint. */
787 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
788 CPUBreakpoint **breakpoint)
792 bp = g_malloc(sizeof(*bp));
797 /* keep all GDB-injected breakpoints in front */
798 if (flags & BP_GDB) {
799 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
801 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
804 breakpoint_invalidate(cpu, pc);
812 /* Remove a specific breakpoint. */
813 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
817 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
818 if (bp->pc == pc && bp->flags == flags) {
819 cpu_breakpoint_remove_by_ref(cpu, bp);
826 /* Remove a specific breakpoint by reference. */
827 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
829 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
831 breakpoint_invalidate(cpu, breakpoint->pc);
836 /* Remove all matching breakpoints. */
837 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
839 CPUBreakpoint *bp, *next;
841 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
842 if (bp->flags & mask) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
848 /* enable or disable single step mode. EXCP_DEBUG is returned by the
849 CPU loop after each instruction */
850 void cpu_single_step(CPUState *cpu, int enabled)
852 if (cpu->singlestep_enabled != enabled) {
853 cpu->singlestep_enabled = enabled;
855 kvm_update_guest_debug(cpu, 0);
857 /* must flush all the translated code to avoid inconsistencies */
858 /* XXX: only flush what is necessary */
864 void cpu_abort(CPUState *cpu, const char *fmt, ...)
871 fprintf(stderr, "qemu: fatal: ");
872 vfprintf(stderr, fmt, ap);
873 fprintf(stderr, "\n");
874 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
875 if (qemu_log_separate()) {
876 qemu_log("qemu: fatal: ");
877 qemu_log_vprintf(fmt, ap2);
879 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
886 #if defined(CONFIG_USER_ONLY)
888 struct sigaction act;
889 sigfillset(&act.sa_mask);
890 act.sa_handler = SIG_DFL;
891 sigaction(SIGABRT, &act, NULL);
897 #if !defined(CONFIG_USER_ONLY)
898 /* Called from RCU critical section */
899 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
903 block = atomic_rcu_read(&ram_list.mru_block);
904 if (block && addr - block->offset < block->max_length) {
907 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
908 if (addr - block->offset < block->max_length) {
913 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
917 /* It is safe to write mru_block outside the iothread lock. This
922 * xxx removed from list
926 * call_rcu(reclaim_ramblock, xxx);
929 * atomic_rcu_set is not needed here. The block was already published
930 * when it was placed into the list. Here we're just making an extra
931 * copy of the pointer.
933 ram_list.mru_block = block;
937 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
944 end = TARGET_PAGE_ALIGN(start + length);
945 start &= TARGET_PAGE_MASK;
948 block = qemu_get_ram_block(start);
949 assert(block == qemu_get_ram_block(end - 1));
950 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
952 tlb_reset_dirty(cpu, start1, length);
957 /* Note: start and end must be within the same ram block. */
958 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
962 unsigned long end, page;
969 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
970 page = start >> TARGET_PAGE_BITS;
971 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
974 if (dirty && tcg_enabled()) {
975 tlb_reset_dirty_range_all(start, length);
981 /* Called from RCU critical section */
982 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
983 MemoryRegionSection *section,
985 hwaddr paddr, hwaddr xlat,
987 target_ulong *address)
992 if (memory_region_is_ram(section->mr)) {
994 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
996 if (!section->readonly) {
997 iotlb |= PHYS_SECTION_NOTDIRTY;
999 iotlb |= PHYS_SECTION_ROM;
1002 AddressSpaceDispatch *d;
1004 d = atomic_rcu_read(§ion->address_space->dispatch);
1005 iotlb = section - d->map.sections;
1009 /* Make accesses to pages with watchpoints go via the
1010 watchpoint trap routines. */
1011 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1012 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1013 /* Avoid trapping reads of pages with a write breakpoint. */
1014 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1015 iotlb = PHYS_SECTION_WATCH + paddr;
1016 *address |= TLB_MMIO;
1024 #endif /* defined(CONFIG_USER_ONLY) */
1026 #if !defined(CONFIG_USER_ONLY)
1028 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1030 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1032 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1033 qemu_anon_ram_alloc;
1036 * Set a custom physical guest memory alloator.
1037 * Accelerators with unusual needs may need this. Hopefully, we can
1038 * get rid of it eventually.
1040 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1042 phys_mem_alloc = alloc;
1045 static uint16_t phys_section_add(PhysPageMap *map,
1046 MemoryRegionSection *section)
1048 /* The physical section number is ORed with a page-aligned
1049 * pointer to produce the iotlb entries. Thus it should
1050 * never overflow into the page-aligned value.
1052 assert(map->sections_nb < TARGET_PAGE_SIZE);
1054 if (map->sections_nb == map->sections_nb_alloc) {
1055 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1056 map->sections = g_renew(MemoryRegionSection, map->sections,
1057 map->sections_nb_alloc);
1059 map->sections[map->sections_nb] = *section;
1060 memory_region_ref(section->mr);
1061 return map->sections_nb++;
1064 static void phys_section_destroy(MemoryRegion *mr)
1066 bool have_sub_page = mr->subpage;
1068 memory_region_unref(mr);
1070 if (have_sub_page) {
1071 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1072 object_unref(OBJECT(&subpage->iomem));
1077 static void phys_sections_free(PhysPageMap *map)
1079 while (map->sections_nb > 0) {
1080 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1081 phys_section_destroy(section->mr);
1083 g_free(map->sections);
1087 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1090 hwaddr base = section->offset_within_address_space
1092 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1093 d->map.nodes, d->map.sections);
1094 MemoryRegionSection subsection = {
1095 .offset_within_address_space = base,
1096 .size = int128_make64(TARGET_PAGE_SIZE),
1100 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1102 if (!(existing->mr->subpage)) {
1103 subpage = subpage_init(d->as, base);
1104 subsection.address_space = d->as;
1105 subsection.mr = &subpage->iomem;
1106 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1107 phys_section_add(&d->map, &subsection));
1109 subpage = container_of(existing->mr, subpage_t, iomem);
1111 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1112 end = start + int128_get64(section->size) - 1;
1113 subpage_register(subpage, start, end,
1114 phys_section_add(&d->map, section));
1118 static void register_multipage(AddressSpaceDispatch *d,
1119 MemoryRegionSection *section)
1121 hwaddr start_addr = section->offset_within_address_space;
1122 uint16_t section_index = phys_section_add(&d->map, section);
1123 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1127 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1130 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1132 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1133 AddressSpaceDispatch *d = as->next_dispatch;
1134 MemoryRegionSection now = *section, remain = *section;
1135 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1137 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1138 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1139 - now.offset_within_address_space;
1141 now.size = int128_min(int128_make64(left), now.size);
1142 register_subpage(d, &now);
1144 now.size = int128_zero();
1146 while (int128_ne(remain.size, now.size)) {
1147 remain.size = int128_sub(remain.size, now.size);
1148 remain.offset_within_address_space += int128_get64(now.size);
1149 remain.offset_within_region += int128_get64(now.size);
1151 if (int128_lt(remain.size, page_size)) {
1152 register_subpage(d, &now);
1153 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1154 now.size = page_size;
1155 register_subpage(d, &now);
1157 now.size = int128_and(now.size, int128_neg(page_size));
1158 register_multipage(d, &now);
1163 void qemu_flush_coalesced_mmio_buffer(void)
1166 kvm_flush_coalesced_mmio_buffer();
1169 void qemu_mutex_lock_ramlist(void)
1171 qemu_mutex_lock(&ram_list.mutex);
1174 void qemu_mutex_unlock_ramlist(void)
1176 qemu_mutex_unlock(&ram_list.mutex);
1181 #include <sys/vfs.h>
1183 #define HUGETLBFS_MAGIC 0x958458f6
1185 static long gethugepagesize(const char *path, Error **errp)
1191 ret = statfs(path, &fs);
1192 } while (ret != 0 && errno == EINTR);
1195 error_setg_errno(errp, errno, "failed to get page size of file %s",
1203 static void *file_ram_alloc(RAMBlock *block,
1210 char *sanitized_name;
1215 Error *local_err = NULL;
1217 hpagesize = gethugepagesize(path, &local_err);
1219 error_propagate(errp, local_err);
1222 block->mr->align = hpagesize;
1224 if (memory < hpagesize) {
1225 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1226 "or larger than huge page size 0x%" PRIx64,
1231 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1233 "host lacks kvm mmu notifiers, -mem-path unsupported");
1237 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1238 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1239 sanitized_name = g_strdup(memory_region_name(block->mr));
1240 for (c = sanitized_name; *c != '\0'; c++) {
1246 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1248 g_free(sanitized_name);
1250 fd = mkstemp(filename);
1256 fd = open(path, O_RDWR | O_CREAT, 0644);
1260 error_setg_errno(errp, errno,
1261 "unable to create backing store for hugepages");
1265 memory = ROUND_UP(memory, hpagesize);
1268 * ftruncate is not supported by hugetlbfs in older
1269 * hosts, so don't bother bailing out on errors.
1270 * If anything goes wrong with it under other filesystems,
1273 if (ftruncate(fd, memory)) {
1274 perror("ftruncate");
1277 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1278 if (area == MAP_FAILED) {
1279 error_setg_errno(errp, errno,
1280 "unable to map backing store for hugepages");
1286 os_mem_prealloc(fd, area, memory);
1297 /* Called with the ramlist lock held. */
1298 static ram_addr_t find_ram_offset(ram_addr_t size)
1300 RAMBlock *block, *next_block;
1301 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1303 assert(size != 0); /* it would hand out same offset multiple times */
1305 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1309 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1310 ram_addr_t end, next = RAM_ADDR_MAX;
1312 end = block->offset + block->max_length;
1314 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1315 if (next_block->offset >= end) {
1316 next = MIN(next, next_block->offset);
1319 if (next - end >= size && next - end < mingap) {
1321 mingap = next - end;
1325 if (offset == RAM_ADDR_MAX) {
1326 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1334 ram_addr_t last_ram_offset(void)
1337 ram_addr_t last = 0;
1340 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1341 last = MAX(last, block->offset + block->max_length);
1347 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1351 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1352 if (!machine_dump_guest_core(current_machine)) {
1353 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1355 perror("qemu_madvise");
1356 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1357 "but dump_guest_core=off specified\n");
1362 /* Called within an RCU critical section, or while the ramlist lock
1365 static RAMBlock *find_ram_block(ram_addr_t addr)
1369 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1370 if (block->offset == addr) {
1378 const char *qemu_ram_get_idstr(RAMBlock *rb)
1383 /* Called with iothread lock held. */
1384 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1386 RAMBlock *new_block, *block;
1389 new_block = find_ram_block(addr);
1391 assert(!new_block->idstr[0]);
1394 char *id = qdev_get_dev_path(dev);
1396 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1400 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1402 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1403 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1404 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1412 /* Called with iothread lock held. */
1413 void qemu_ram_unset_idstr(ram_addr_t addr)
1417 /* FIXME: arch_init.c assumes that this is not called throughout
1418 * migration. Ignore the problem since hot-unplug during migration
1419 * does not work anyway.
1423 block = find_ram_block(addr);
1425 memset(block->idstr, 0, sizeof(block->idstr));
1430 static int memory_try_enable_merging(void *addr, size_t len)
1432 if (!machine_mem_merge(current_machine)) {
1433 /* disabled by the user */
1437 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1440 /* Only legal before guest might have detected the memory size: e.g. on
1441 * incoming migration, or right after reset.
1443 * As memory core doesn't know how is memory accessed, it is up to
1444 * resize callback to update device state and/or add assertions to detect
1445 * misuse, if necessary.
1447 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1449 RAMBlock *block = find_ram_block(base);
1453 newsize = HOST_PAGE_ALIGN(newsize);
1455 if (block->used_length == newsize) {
1459 if (!(block->flags & RAM_RESIZEABLE)) {
1460 error_setg_errno(errp, EINVAL,
1461 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1462 " in != 0x" RAM_ADDR_FMT, block->idstr,
1463 newsize, block->used_length);
1467 if (block->max_length < newsize) {
1468 error_setg_errno(errp, EINVAL,
1469 "Length too large: %s: 0x" RAM_ADDR_FMT
1470 " > 0x" RAM_ADDR_FMT, block->idstr,
1471 newsize, block->max_length);
1475 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1476 block->used_length = newsize;
1477 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1479 memory_region_set_size(block->mr, newsize);
1480 if (block->resized) {
1481 block->resized(block->idstr, newsize, block->host);
1486 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1489 RAMBlock *last_block = NULL;
1490 ram_addr_t old_ram_size, new_ram_size;
1492 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1494 qemu_mutex_lock_ramlist();
1495 new_block->offset = find_ram_offset(new_block->max_length);
1497 if (!new_block->host) {
1498 if (xen_enabled()) {
1499 xen_ram_alloc(new_block->offset, new_block->max_length,
1502 new_block->host = phys_mem_alloc(new_block->max_length,
1503 &new_block->mr->align);
1504 if (!new_block->host) {
1505 error_setg_errno(errp, errno,
1506 "cannot set up guest memory '%s'",
1507 memory_region_name(new_block->mr));
1508 qemu_mutex_unlock_ramlist();
1511 memory_try_enable_merging(new_block->host, new_block->max_length);
1515 new_ram_size = MAX(old_ram_size,
1516 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1517 if (new_ram_size > old_ram_size) {
1518 migration_bitmap_extend(old_ram_size, new_ram_size);
1520 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1521 * QLIST (which has an RCU-friendly variant) does not have insertion at
1522 * tail, so save the last element in last_block.
1524 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1526 if (block->max_length < new_block->max_length) {
1531 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1532 } else if (last_block) {
1533 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1534 } else { /* list is empty */
1535 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1537 ram_list.mru_block = NULL;
1539 /* Write list before version */
1542 qemu_mutex_unlock_ramlist();
1544 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1546 if (new_ram_size > old_ram_size) {
1549 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1550 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1551 ram_list.dirty_memory[i] =
1552 bitmap_zero_extend(ram_list.dirty_memory[i],
1553 old_ram_size, new_ram_size);
1556 cpu_physical_memory_set_dirty_range(new_block->offset,
1557 new_block->used_length,
1560 if (new_block->host) {
1561 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1562 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1563 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1564 if (kvm_enabled()) {
1565 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1569 return new_block->offset;
1573 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1574 bool share, const char *mem_path,
1577 RAMBlock *new_block;
1579 Error *local_err = NULL;
1581 if (xen_enabled()) {
1582 error_setg(errp, "-mem-path not supported with Xen");
1586 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1588 * file_ram_alloc() needs to allocate just like
1589 * phys_mem_alloc, but we haven't bothered to provide
1593 "-mem-path not supported with this accelerator");
1597 size = HOST_PAGE_ALIGN(size);
1598 new_block = g_malloc0(sizeof(*new_block));
1600 new_block->used_length = size;
1601 new_block->max_length = size;
1602 new_block->flags = share ? RAM_SHARED : 0;
1603 new_block->host = file_ram_alloc(new_block, size,
1605 if (!new_block->host) {
1610 addr = ram_block_add(new_block, &local_err);
1613 error_propagate(errp, local_err);
1621 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1622 void (*resized)(const char*,
1625 void *host, bool resizeable,
1626 MemoryRegion *mr, Error **errp)
1628 RAMBlock *new_block;
1630 Error *local_err = NULL;
1632 size = HOST_PAGE_ALIGN(size);
1633 max_size = HOST_PAGE_ALIGN(max_size);
1634 new_block = g_malloc0(sizeof(*new_block));
1636 new_block->resized = resized;
1637 new_block->used_length = size;
1638 new_block->max_length = max_size;
1639 assert(max_size >= size);
1641 new_block->host = host;
1643 new_block->flags |= RAM_PREALLOC;
1646 new_block->flags |= RAM_RESIZEABLE;
1648 addr = ram_block_add(new_block, &local_err);
1651 error_propagate(errp, local_err);
1657 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1658 MemoryRegion *mr, Error **errp)
1660 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1663 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1665 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1668 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1669 void (*resized)(const char*,
1672 MemoryRegion *mr, Error **errp)
1674 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1677 static void reclaim_ramblock(RAMBlock *block)
1679 if (block->flags & RAM_PREALLOC) {
1681 } else if (xen_enabled()) {
1682 xen_invalidate_map_cache_entry(block->host);
1684 } else if (block->fd >= 0) {
1685 qemu_ram_munmap(block->host, block->max_length);
1689 qemu_anon_ram_free(block->host, block->max_length);
1694 void qemu_ram_free(ram_addr_t addr)
1698 qemu_mutex_lock_ramlist();
1699 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1700 if (addr == block->offset) {
1701 QLIST_REMOVE_RCU(block, next);
1702 ram_list.mru_block = NULL;
1703 /* Write list before version */
1706 call_rcu(block, reclaim_ramblock, rcu);
1710 qemu_mutex_unlock_ramlist();
1714 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1721 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1722 offset = addr - block->offset;
1723 if (offset < block->max_length) {
1724 vaddr = ramblock_ptr(block, offset);
1725 if (block->flags & RAM_PREALLOC) {
1727 } else if (xen_enabled()) {
1731 if (block->fd >= 0) {
1732 flags |= (block->flags & RAM_SHARED ?
1733 MAP_SHARED : MAP_PRIVATE);
1734 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1735 flags, block->fd, offset);
1738 * Remap needs to match alloc. Accelerators that
1739 * set phys_mem_alloc never remap. If they did,
1740 * we'd need a remap hook here.
1742 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1744 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1745 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1748 if (area != vaddr) {
1749 fprintf(stderr, "Could not remap addr: "
1750 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1754 memory_try_enable_merging(vaddr, length);
1755 qemu_ram_setup_dump(vaddr, length);
1760 #endif /* !_WIN32 */
1762 int qemu_get_ram_fd(ram_addr_t addr)
1768 block = qemu_get_ram_block(addr);
1774 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1779 block = qemu_get_ram_block(addr);
1784 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1790 block = qemu_get_ram_block(addr);
1791 ptr = ramblock_ptr(block, 0);
1796 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1797 * This should not be used for general purpose DMA. Use address_space_map
1798 * or address_space_rw instead. For local memory (e.g. video ram) that the
1799 * device owns, use memory_region_get_ram_ptr.
1801 * Called within RCU critical section.
1803 void *qemu_get_ram_ptr(ram_addr_t addr)
1805 RAMBlock *block = qemu_get_ram_block(addr);
1807 if (xen_enabled() && block->host == NULL) {
1808 /* We need to check if the requested address is in the RAM
1809 * because we don't want to map the entire memory in QEMU.
1810 * In that case just map until the end of the page.
1812 if (block->offset == 0) {
1813 return xen_map_cache(addr, 0, 0);
1816 block->host = xen_map_cache(block->offset, block->max_length, 1);
1818 return ramblock_ptr(block, addr - block->offset);
1821 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1822 * but takes a size argument.
1824 * Called within RCU critical section.
1826 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1829 ram_addr_t offset_inside_block;
1834 block = qemu_get_ram_block(addr);
1835 offset_inside_block = addr - block->offset;
1836 *size = MIN(*size, block->max_length - offset_inside_block);
1838 if (xen_enabled() && block->host == NULL) {
1839 /* We need to check if the requested address is in the RAM
1840 * because we don't want to map the entire memory in QEMU.
1841 * In that case just map the requested area.
1843 if (block->offset == 0) {
1844 return xen_map_cache(addr, *size, 1);
1847 block->host = xen_map_cache(block->offset, block->max_length, 1);
1850 return ramblock_ptr(block, offset_inside_block);
1854 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1857 * ptr: Host pointer to look up
1858 * round_offset: If true round the result offset down to a page boundary
1859 * *ram_addr: set to result ram_addr
1860 * *offset: set to result offset within the RAMBlock
1862 * Returns: RAMBlock (or NULL if not found)
1864 * By the time this function returns, the returned pointer is not protected
1865 * by RCU anymore. If the caller is not within an RCU critical section and
1866 * does not hold the iothread lock, it must have other means of protecting the
1867 * pointer, such as a reference to the region that includes the incoming
1870 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1871 ram_addr_t *ram_addr,
1875 uint8_t *host = ptr;
1877 if (xen_enabled()) {
1879 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1880 block = qemu_get_ram_block(*ram_addr);
1882 *offset = (host - block->host);
1889 block = atomic_rcu_read(&ram_list.mru_block);
1890 if (block && block->host && host - block->host < block->max_length) {
1894 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1895 /* This case append when the block is not mapped. */
1896 if (block->host == NULL) {
1899 if (host - block->host < block->max_length) {
1908 *offset = (host - block->host);
1910 *offset &= TARGET_PAGE_MASK;
1912 *ram_addr = block->offset + *offset;
1918 * Finds the named RAMBlock
1920 * name: The name of RAMBlock to find
1922 * Returns: RAMBlock (or NULL if not found)
1924 RAMBlock *qemu_ram_block_by_name(const char *name)
1928 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1929 if (!strcmp(name, block->idstr)) {
1937 /* Some of the softmmu routines need to translate from a host pointer
1938 (typically a TLB entry) back to a ram offset. */
1939 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1942 ram_addr_t offset; /* Not used */
1944 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1953 /* Called within RCU critical section. */
1954 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1955 uint64_t val, unsigned size)
1957 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1958 tb_invalidate_phys_page_fast(ram_addr, size);
1962 stb_p(qemu_get_ram_ptr(ram_addr), val);
1965 stw_p(qemu_get_ram_ptr(ram_addr), val);
1968 stl_p(qemu_get_ram_ptr(ram_addr), val);
1973 /* Set both VGA and migration bits for simplicity and to remove
1974 * the notdirty callback faster.
1976 cpu_physical_memory_set_dirty_range(ram_addr, size,
1977 DIRTY_CLIENTS_NOCODE);
1978 /* we remove the notdirty callback only if the code has been
1980 if (!cpu_physical_memory_is_clean(ram_addr)) {
1981 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1985 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1986 unsigned size, bool is_write)
1991 static const MemoryRegionOps notdirty_mem_ops = {
1992 .write = notdirty_mem_write,
1993 .valid.accepts = notdirty_mem_accepts,
1994 .endianness = DEVICE_NATIVE_ENDIAN,
1997 /* Generate a debug exception if a watchpoint has been hit. */
1998 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2000 CPUState *cpu = current_cpu;
2001 CPUArchState *env = cpu->env_ptr;
2002 target_ulong pc, cs_base;
2007 if (cpu->watchpoint_hit) {
2008 /* We re-entered the check after replacing the TB. Now raise
2009 * the debug interrupt so that is will trigger after the
2010 * current instruction. */
2011 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2014 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2015 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2016 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2017 && (wp->flags & flags)) {
2018 if (flags == BP_MEM_READ) {
2019 wp->flags |= BP_WATCHPOINT_HIT_READ;
2021 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2023 wp->hitaddr = vaddr;
2024 wp->hitattrs = attrs;
2025 if (!cpu->watchpoint_hit) {
2026 cpu->watchpoint_hit = wp;
2027 tb_check_watchpoint(cpu);
2028 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2029 cpu->exception_index = EXCP_DEBUG;
2032 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2033 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2034 cpu_resume_from_signal(cpu, NULL);
2038 wp->flags &= ~BP_WATCHPOINT_HIT;
2043 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2044 so these check for a hit then pass through to the normal out-of-line
2046 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2047 unsigned size, MemTxAttrs attrs)
2052 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2055 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2058 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2061 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2069 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2070 uint64_t val, unsigned size,
2075 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2078 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2081 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2084 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2091 static const MemoryRegionOps watch_mem_ops = {
2092 .read_with_attrs = watch_mem_read,
2093 .write_with_attrs = watch_mem_write,
2094 .endianness = DEVICE_NATIVE_ENDIAN,
2097 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2098 unsigned len, MemTxAttrs attrs)
2100 subpage_t *subpage = opaque;
2104 #if defined(DEBUG_SUBPAGE)
2105 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2106 subpage, len, addr);
2108 res = address_space_read(subpage->as, addr + subpage->base,
2115 *data = ldub_p(buf);
2118 *data = lduw_p(buf);
2131 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2132 uint64_t value, unsigned len, MemTxAttrs attrs)
2134 subpage_t *subpage = opaque;
2137 #if defined(DEBUG_SUBPAGE)
2138 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2139 " value %"PRIx64"\n",
2140 __func__, subpage, len, addr, value);
2158 return address_space_write(subpage->as, addr + subpage->base,
2162 static bool subpage_accepts(void *opaque, hwaddr addr,
2163 unsigned len, bool is_write)
2165 subpage_t *subpage = opaque;
2166 #if defined(DEBUG_SUBPAGE)
2167 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2168 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2171 return address_space_access_valid(subpage->as, addr + subpage->base,
2175 static const MemoryRegionOps subpage_ops = {
2176 .read_with_attrs = subpage_read,
2177 .write_with_attrs = subpage_write,
2178 .impl.min_access_size = 1,
2179 .impl.max_access_size = 8,
2180 .valid.min_access_size = 1,
2181 .valid.max_access_size = 8,
2182 .valid.accepts = subpage_accepts,
2183 .endianness = DEVICE_NATIVE_ENDIAN,
2186 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2191 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2193 idx = SUBPAGE_IDX(start);
2194 eidx = SUBPAGE_IDX(end);
2195 #if defined(DEBUG_SUBPAGE)
2196 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2197 __func__, mmio, start, end, idx, eidx, section);
2199 for (; idx <= eidx; idx++) {
2200 mmio->sub_section[idx] = section;
2206 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2210 mmio = g_malloc0(sizeof(subpage_t));
2214 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2215 NULL, TARGET_PAGE_SIZE);
2216 mmio->iomem.subpage = true;
2217 #if defined(DEBUG_SUBPAGE)
2218 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2219 mmio, base, TARGET_PAGE_SIZE);
2221 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2226 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2230 MemoryRegionSection section = {
2231 .address_space = as,
2233 .offset_within_address_space = 0,
2234 .offset_within_region = 0,
2235 .size = int128_2_64(),
2238 return phys_section_add(map, §ion);
2241 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2243 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2244 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2245 MemoryRegionSection *sections = d->map.sections;
2247 return sections[index & ~TARGET_PAGE_MASK].mr;
2250 static void io_mem_init(void)
2252 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2253 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2255 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2257 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2261 static void mem_begin(MemoryListener *listener)
2263 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2264 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2267 n = dummy_section(&d->map, as, &io_mem_unassigned);
2268 assert(n == PHYS_SECTION_UNASSIGNED);
2269 n = dummy_section(&d->map, as, &io_mem_notdirty);
2270 assert(n == PHYS_SECTION_NOTDIRTY);
2271 n = dummy_section(&d->map, as, &io_mem_rom);
2272 assert(n == PHYS_SECTION_ROM);
2273 n = dummy_section(&d->map, as, &io_mem_watch);
2274 assert(n == PHYS_SECTION_WATCH);
2276 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2278 as->next_dispatch = d;
2281 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2283 phys_sections_free(&d->map);
2287 static void mem_commit(MemoryListener *listener)
2289 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2290 AddressSpaceDispatch *cur = as->dispatch;
2291 AddressSpaceDispatch *next = as->next_dispatch;
2293 phys_page_compact_all(next, next->map.nodes_nb);
2295 atomic_rcu_set(&as->dispatch, next);
2297 call_rcu(cur, address_space_dispatch_free, rcu);
2301 static void tcg_commit(MemoryListener *listener)
2303 CPUAddressSpace *cpuas;
2304 AddressSpaceDispatch *d;
2306 /* since each CPU stores ram addresses in its TLB cache, we must
2307 reset the modified entries */
2308 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2309 cpu_reloading_memory_map();
2310 /* The CPU and TLB are protected by the iothread lock.
2311 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2312 * may have split the RCU critical section.
2314 d = atomic_rcu_read(&cpuas->as->dispatch);
2315 cpuas->memory_dispatch = d;
2316 tlb_flush(cpuas->cpu, 1);
2319 void address_space_init_dispatch(AddressSpace *as)
2321 as->dispatch = NULL;
2322 as->dispatch_listener = (MemoryListener) {
2324 .commit = mem_commit,
2325 .region_add = mem_add,
2326 .region_nop = mem_add,
2329 memory_listener_register(&as->dispatch_listener, as);
2332 void address_space_unregister(AddressSpace *as)
2334 memory_listener_unregister(&as->dispatch_listener);
2337 void address_space_destroy_dispatch(AddressSpace *as)
2339 AddressSpaceDispatch *d = as->dispatch;
2341 atomic_rcu_set(&as->dispatch, NULL);
2343 call_rcu(d, address_space_dispatch_free, rcu);
2347 static void memory_map_init(void)
2349 system_memory = g_malloc(sizeof(*system_memory));
2351 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2352 address_space_init(&address_space_memory, system_memory, "memory");
2354 system_io = g_malloc(sizeof(*system_io));
2355 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2357 address_space_init(&address_space_io, system_io, "I/O");
2360 MemoryRegion *get_system_memory(void)
2362 return system_memory;
2365 MemoryRegion *get_system_io(void)
2370 #endif /* !defined(CONFIG_USER_ONLY) */
2372 /* physical memory access (slow version, mainly for debug) */
2373 #if defined(CONFIG_USER_ONLY)
2374 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2375 uint8_t *buf, int len, int is_write)
2382 page = addr & TARGET_PAGE_MASK;
2383 l = (page + TARGET_PAGE_SIZE) - addr;
2386 flags = page_get_flags(page);
2387 if (!(flags & PAGE_VALID))
2390 if (!(flags & PAGE_WRITE))
2392 /* XXX: this code should not depend on lock_user */
2393 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2396 unlock_user(p, addr, l);
2398 if (!(flags & PAGE_READ))
2400 /* XXX: this code should not depend on lock_user */
2401 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2404 unlock_user(p, addr, 0);
2415 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2418 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2419 /* No early return if dirty_log_mask is or becomes 0, because
2420 * cpu_physical_memory_set_dirty_range will still call
2421 * xen_modified_memory.
2423 if (dirty_log_mask) {
2425 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2427 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2428 tb_invalidate_phys_range(addr, addr + length);
2429 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2431 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2434 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2436 unsigned access_size_max = mr->ops->valid.max_access_size;
2438 /* Regions are assumed to support 1-4 byte accesses unless
2439 otherwise specified. */
2440 if (access_size_max == 0) {
2441 access_size_max = 4;
2444 /* Bound the maximum access by the alignment of the address. */
2445 if (!mr->ops->impl.unaligned) {
2446 unsigned align_size_max = addr & -addr;
2447 if (align_size_max != 0 && align_size_max < access_size_max) {
2448 access_size_max = align_size_max;
2452 /* Don't attempt accesses larger than the maximum. */
2453 if (l > access_size_max) {
2454 l = access_size_max;
2461 static bool prepare_mmio_access(MemoryRegion *mr)
2463 bool unlocked = !qemu_mutex_iothread_locked();
2464 bool release_lock = false;
2466 if (unlocked && mr->global_locking) {
2467 qemu_mutex_lock_iothread();
2469 release_lock = true;
2471 if (mr->flush_coalesced_mmio) {
2473 qemu_mutex_lock_iothread();
2475 qemu_flush_coalesced_mmio_buffer();
2477 qemu_mutex_unlock_iothread();
2481 return release_lock;
2484 /* Called within RCU critical section. */
2485 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2488 int len, hwaddr addr1,
2489 hwaddr l, MemoryRegion *mr)
2493 MemTxResult result = MEMTX_OK;
2494 bool release_lock = false;
2497 if (!memory_access_is_direct(mr, true)) {
2498 release_lock |= prepare_mmio_access(mr);
2499 l = memory_access_size(mr, l, addr1);
2500 /* XXX: could force current_cpu to NULL to avoid
2504 /* 64 bit write access */
2506 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2510 /* 32 bit write access */
2512 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2516 /* 16 bit write access */
2518 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2522 /* 8 bit write access */
2524 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2531 addr1 += memory_region_get_ram_addr(mr);
2533 ptr = qemu_get_ram_ptr(addr1);
2534 memcpy(ptr, buf, l);
2535 invalidate_and_set_dirty(mr, addr1, l);
2539 qemu_mutex_unlock_iothread();
2540 release_lock = false;
2552 mr = address_space_translate(as, addr, &addr1, &l, true);
2558 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2559 const uint8_t *buf, int len)
2564 MemTxResult result = MEMTX_OK;
2569 mr = address_space_translate(as, addr, &addr1, &l, true);
2570 result = address_space_write_continue(as, addr, attrs, buf, len,
2578 /* Called within RCU critical section. */
2579 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2580 MemTxAttrs attrs, uint8_t *buf,
2581 int len, hwaddr addr1, hwaddr l,
2586 MemTxResult result = MEMTX_OK;
2587 bool release_lock = false;
2590 if (!memory_access_is_direct(mr, false)) {
2592 release_lock |= prepare_mmio_access(mr);
2593 l = memory_access_size(mr, l, addr1);
2596 /* 64 bit read access */
2597 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2602 /* 32 bit read access */
2603 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2608 /* 16 bit read access */
2609 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2614 /* 8 bit read access */
2615 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2624 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2625 memcpy(buf, ptr, l);
2629 qemu_mutex_unlock_iothread();
2630 release_lock = false;
2642 mr = address_space_translate(as, addr, &addr1, &l, false);
2648 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2649 MemTxAttrs attrs, uint8_t *buf, int len)
2654 MemTxResult result = MEMTX_OK;
2659 mr = address_space_translate(as, addr, &addr1, &l, false);
2660 result = address_space_read_continue(as, addr, attrs, buf, len,
2668 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2669 uint8_t *buf, int len, bool is_write)
2672 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2674 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2678 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2679 int len, int is_write)
2681 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2682 buf, len, is_write);
2685 enum write_rom_type {
2690 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2691 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2701 mr = address_space_translate(as, addr, &addr1, &l, true);
2703 if (!(memory_region_is_ram(mr) ||
2704 memory_region_is_romd(mr))) {
2705 l = memory_access_size(mr, l, addr1);
2707 addr1 += memory_region_get_ram_addr(mr);
2709 ptr = qemu_get_ram_ptr(addr1);
2712 memcpy(ptr, buf, l);
2713 invalidate_and_set_dirty(mr, addr1, l);
2716 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2727 /* used for ROM loading : can write in RAM and ROM */
2728 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2729 const uint8_t *buf, int len)
2731 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2734 void cpu_flush_icache_range(hwaddr start, int len)
2737 * This function should do the same thing as an icache flush that was
2738 * triggered from within the guest. For TCG we are always cache coherent,
2739 * so there is no need to flush anything. For KVM / Xen we need to flush
2740 * the host's instruction cache at least.
2742 if (tcg_enabled()) {
2746 cpu_physical_memory_write_rom_internal(&address_space_memory,
2747 start, NULL, len, FLUSH_CACHE);
2758 static BounceBuffer bounce;
2760 typedef struct MapClient {
2762 QLIST_ENTRY(MapClient) link;
2765 QemuMutex map_client_list_lock;
2766 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2767 = QLIST_HEAD_INITIALIZER(map_client_list);
2769 static void cpu_unregister_map_client_do(MapClient *client)
2771 QLIST_REMOVE(client, link);
2775 static void cpu_notify_map_clients_locked(void)
2779 while (!QLIST_EMPTY(&map_client_list)) {
2780 client = QLIST_FIRST(&map_client_list);
2781 qemu_bh_schedule(client->bh);
2782 cpu_unregister_map_client_do(client);
2786 void cpu_register_map_client(QEMUBH *bh)
2788 MapClient *client = g_malloc(sizeof(*client));
2790 qemu_mutex_lock(&map_client_list_lock);
2792 QLIST_INSERT_HEAD(&map_client_list, client, link);
2793 if (!atomic_read(&bounce.in_use)) {
2794 cpu_notify_map_clients_locked();
2796 qemu_mutex_unlock(&map_client_list_lock);
2799 void cpu_exec_init_all(void)
2801 qemu_mutex_init(&ram_list.mutex);
2804 qemu_mutex_init(&map_client_list_lock);
2807 void cpu_unregister_map_client(QEMUBH *bh)
2811 qemu_mutex_lock(&map_client_list_lock);
2812 QLIST_FOREACH(client, &map_client_list, link) {
2813 if (client->bh == bh) {
2814 cpu_unregister_map_client_do(client);
2818 qemu_mutex_unlock(&map_client_list_lock);
2821 static void cpu_notify_map_clients(void)
2823 qemu_mutex_lock(&map_client_list_lock);
2824 cpu_notify_map_clients_locked();
2825 qemu_mutex_unlock(&map_client_list_lock);
2828 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2836 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2837 if (!memory_access_is_direct(mr, is_write)) {
2838 l = memory_access_size(mr, l, addr);
2839 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2851 /* Map a physical memory region into a host virtual address.
2852 * May map a subset of the requested range, given by and returned in *plen.
2853 * May return NULL if resources needed to perform the mapping are exhausted.
2854 * Use only for reads OR writes - not for read-modify-write operations.
2855 * Use cpu_register_map_client() to know when retrying the map operation is
2856 * likely to succeed.
2858 void *address_space_map(AddressSpace *as,
2865 hwaddr l, xlat, base;
2866 MemoryRegion *mr, *this_mr;
2876 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2878 if (!memory_access_is_direct(mr, is_write)) {
2879 if (atomic_xchg(&bounce.in_use, true)) {
2883 /* Avoid unbounded allocations */
2884 l = MIN(l, TARGET_PAGE_SIZE);
2885 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2889 memory_region_ref(mr);
2892 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2898 return bounce.buffer;
2902 raddr = memory_region_get_ram_addr(mr);
2913 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2914 if (this_mr != mr || xlat != base + done) {
2919 memory_region_ref(mr);
2921 ptr = qemu_ram_ptr_length(raddr + base, plen);
2927 /* Unmaps a memory region previously mapped by address_space_map().
2928 * Will also mark the memory as dirty if is_write == 1. access_len gives
2929 * the amount of memory that was actually read or written by the caller.
2931 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2932 int is_write, hwaddr access_len)
2934 if (buffer != bounce.buffer) {
2938 mr = qemu_ram_addr_from_host(buffer, &addr1);
2941 invalidate_and_set_dirty(mr, addr1, access_len);
2943 if (xen_enabled()) {
2944 xen_invalidate_map_cache_entry(buffer);
2946 memory_region_unref(mr);
2950 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2951 bounce.buffer, access_len);
2953 qemu_vfree(bounce.buffer);
2954 bounce.buffer = NULL;
2955 memory_region_unref(bounce.mr);
2956 atomic_mb_set(&bounce.in_use, false);
2957 cpu_notify_map_clients();
2960 void *cpu_physical_memory_map(hwaddr addr,
2964 return address_space_map(&address_space_memory, addr, plen, is_write);
2967 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2968 int is_write, hwaddr access_len)
2970 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2973 /* warning: addr must be aligned */
2974 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2976 MemTxResult *result,
2977 enum device_endian endian)
2985 bool release_lock = false;
2988 mr = address_space_translate(as, addr, &addr1, &l, false);
2989 if (l < 4 || !memory_access_is_direct(mr, false)) {
2990 release_lock |= prepare_mmio_access(mr);
2993 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2994 #if defined(TARGET_WORDS_BIGENDIAN)
2995 if (endian == DEVICE_LITTLE_ENDIAN) {
2999 if (endian == DEVICE_BIG_ENDIAN) {
3005 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3009 case DEVICE_LITTLE_ENDIAN:
3010 val = ldl_le_p(ptr);
3012 case DEVICE_BIG_ENDIAN:
3013 val = ldl_be_p(ptr);
3025 qemu_mutex_unlock_iothread();
3031 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3032 MemTxAttrs attrs, MemTxResult *result)
3034 return address_space_ldl_internal(as, addr, attrs, result,
3035 DEVICE_NATIVE_ENDIAN);
3038 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3039 MemTxAttrs attrs, MemTxResult *result)
3041 return address_space_ldl_internal(as, addr, attrs, result,
3042 DEVICE_LITTLE_ENDIAN);
3045 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3046 MemTxAttrs attrs, MemTxResult *result)
3048 return address_space_ldl_internal(as, addr, attrs, result,
3052 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3054 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3057 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3059 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3062 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3064 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3067 /* warning: addr must be aligned */
3068 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3070 MemTxResult *result,
3071 enum device_endian endian)
3079 bool release_lock = false;
3082 mr = address_space_translate(as, addr, &addr1, &l,
3084 if (l < 8 || !memory_access_is_direct(mr, false)) {
3085 release_lock |= prepare_mmio_access(mr);
3088 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3089 #if defined(TARGET_WORDS_BIGENDIAN)
3090 if (endian == DEVICE_LITTLE_ENDIAN) {
3094 if (endian == DEVICE_BIG_ENDIAN) {
3100 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3104 case DEVICE_LITTLE_ENDIAN:
3105 val = ldq_le_p(ptr);
3107 case DEVICE_BIG_ENDIAN:
3108 val = ldq_be_p(ptr);
3120 qemu_mutex_unlock_iothread();
3126 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3127 MemTxAttrs attrs, MemTxResult *result)
3129 return address_space_ldq_internal(as, addr, attrs, result,
3130 DEVICE_NATIVE_ENDIAN);
3133 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3134 MemTxAttrs attrs, MemTxResult *result)
3136 return address_space_ldq_internal(as, addr, attrs, result,
3137 DEVICE_LITTLE_ENDIAN);
3140 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3141 MemTxAttrs attrs, MemTxResult *result)
3143 return address_space_ldq_internal(as, addr, attrs, result,
3147 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3149 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3152 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3154 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3157 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3159 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3163 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3164 MemTxAttrs attrs, MemTxResult *result)
3169 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3176 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3178 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3181 /* warning: addr must be aligned */
3182 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3185 MemTxResult *result,
3186 enum device_endian endian)
3194 bool release_lock = false;
3197 mr = address_space_translate(as, addr, &addr1, &l,
3199 if (l < 2 || !memory_access_is_direct(mr, false)) {
3200 release_lock |= prepare_mmio_access(mr);
3203 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3204 #if defined(TARGET_WORDS_BIGENDIAN)
3205 if (endian == DEVICE_LITTLE_ENDIAN) {
3209 if (endian == DEVICE_BIG_ENDIAN) {
3215 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3219 case DEVICE_LITTLE_ENDIAN:
3220 val = lduw_le_p(ptr);
3222 case DEVICE_BIG_ENDIAN:
3223 val = lduw_be_p(ptr);
3235 qemu_mutex_unlock_iothread();
3241 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3244 return address_space_lduw_internal(as, addr, attrs, result,
3245 DEVICE_NATIVE_ENDIAN);
3248 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3249 MemTxAttrs attrs, MemTxResult *result)
3251 return address_space_lduw_internal(as, addr, attrs, result,
3252 DEVICE_LITTLE_ENDIAN);
3255 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3256 MemTxAttrs attrs, MemTxResult *result)
3258 return address_space_lduw_internal(as, addr, attrs, result,
3262 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3264 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3267 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3269 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3272 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3274 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3277 /* warning: addr must be aligned. The ram page is not masked as dirty
3278 and the code inside is not invalidated. It is useful if the dirty
3279 bits are used to track modified PTEs */
3280 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3281 MemTxAttrs attrs, MemTxResult *result)
3288 uint8_t dirty_log_mask;
3289 bool release_lock = false;
3292 mr = address_space_translate(as, addr, &addr1, &l,
3294 if (l < 4 || !memory_access_is_direct(mr, true)) {
3295 release_lock |= prepare_mmio_access(mr);
3297 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3299 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3300 ptr = qemu_get_ram_ptr(addr1);
3303 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3304 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3305 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3312 qemu_mutex_unlock_iothread();
3317 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3319 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3322 /* warning: addr must be aligned */
3323 static inline void address_space_stl_internal(AddressSpace *as,
3324 hwaddr addr, uint32_t val,
3326 MemTxResult *result,
3327 enum device_endian endian)
3334 bool release_lock = false;
3337 mr = address_space_translate(as, addr, &addr1, &l,
3339 if (l < 4 || !memory_access_is_direct(mr, true)) {
3340 release_lock |= prepare_mmio_access(mr);
3342 #if defined(TARGET_WORDS_BIGENDIAN)
3343 if (endian == DEVICE_LITTLE_ENDIAN) {
3347 if (endian == DEVICE_BIG_ENDIAN) {
3351 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3354 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3355 ptr = qemu_get_ram_ptr(addr1);
3357 case DEVICE_LITTLE_ENDIAN:
3360 case DEVICE_BIG_ENDIAN:
3367 invalidate_and_set_dirty(mr, addr1, 4);
3374 qemu_mutex_unlock_iothread();
3379 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3380 MemTxAttrs attrs, MemTxResult *result)
3382 address_space_stl_internal(as, addr, val, attrs, result,
3383 DEVICE_NATIVE_ENDIAN);
3386 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3387 MemTxAttrs attrs, MemTxResult *result)
3389 address_space_stl_internal(as, addr, val, attrs, result,
3390 DEVICE_LITTLE_ENDIAN);
3393 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3396 address_space_stl_internal(as, addr, val, attrs, result,
3400 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3402 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3405 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3407 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3410 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3412 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3416 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3417 MemTxAttrs attrs, MemTxResult *result)
3422 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3428 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3430 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3433 /* warning: addr must be aligned */
3434 static inline void address_space_stw_internal(AddressSpace *as,
3435 hwaddr addr, uint32_t val,
3437 MemTxResult *result,
3438 enum device_endian endian)
3445 bool release_lock = false;
3448 mr = address_space_translate(as, addr, &addr1, &l, true);
3449 if (l < 2 || !memory_access_is_direct(mr, true)) {
3450 release_lock |= prepare_mmio_access(mr);
3452 #if defined(TARGET_WORDS_BIGENDIAN)
3453 if (endian == DEVICE_LITTLE_ENDIAN) {
3457 if (endian == DEVICE_BIG_ENDIAN) {
3461 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3464 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3465 ptr = qemu_get_ram_ptr(addr1);
3467 case DEVICE_LITTLE_ENDIAN:
3470 case DEVICE_BIG_ENDIAN:
3477 invalidate_and_set_dirty(mr, addr1, 2);
3484 qemu_mutex_unlock_iothread();
3489 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3490 MemTxAttrs attrs, MemTxResult *result)
3492 address_space_stw_internal(as, addr, val, attrs, result,
3493 DEVICE_NATIVE_ENDIAN);
3496 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3497 MemTxAttrs attrs, MemTxResult *result)
3499 address_space_stw_internal(as, addr, val, attrs, result,
3500 DEVICE_LITTLE_ENDIAN);
3503 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3504 MemTxAttrs attrs, MemTxResult *result)
3506 address_space_stw_internal(as, addr, val, attrs, result,
3510 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3512 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3515 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3517 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3520 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3522 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3526 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3527 MemTxAttrs attrs, MemTxResult *result)
3531 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3537 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3538 MemTxAttrs attrs, MemTxResult *result)
3541 val = cpu_to_le64(val);
3542 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3547 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3548 MemTxAttrs attrs, MemTxResult *result)
3551 val = cpu_to_be64(val);
3552 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3558 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3560 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3563 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3565 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3568 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3570 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3573 /* virtual memory access for debug (includes writing to ROM) */
3574 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3575 uint8_t *buf, int len, int is_write)
3582 page = addr & TARGET_PAGE_MASK;
3583 phys_addr = cpu_get_phys_page_debug(cpu, page);
3584 /* if no physical page mapped, return an error */
3585 if (phys_addr == -1)
3587 l = (page + TARGET_PAGE_SIZE) - addr;
3590 phys_addr += (addr & ~TARGET_PAGE_MASK);
3592 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3594 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3605 * Allows code that needs to deal with migration bitmaps etc to still be built
3606 * target independent.
3608 size_t qemu_target_page_bits(void)
3610 return TARGET_PAGE_BITS;
3616 * A helper function for the _utterly broken_ virtio device model to find out if
3617 * it's running on a big endian machine. Don't do this at home kids!
3619 bool target_words_bigendian(void);
3620 bool target_words_bigendian(void)
3622 #if defined(TARGET_WORDS_BIGENDIAN)
3629 #ifndef CONFIG_USER_ONLY
3630 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3637 mr = address_space_translate(&address_space_memory,
3638 phys_addr, &phys_addr, &l, false);
3640 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3645 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3651 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3652 ret = func(block->idstr, block->host, block->offset,
3653 block->used_length, opaque);
projects / qemu.git / blob