2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
36 #include "qemu-common.h"
42 #include "qemu-timer.h"
43 #if defined(CONFIG_USER_ONLY)
46 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
47 #include <sys/param.h>
48 #if __FreeBSD_version >= 700104
49 #define HAVE_KINFO_GETVMMAP
50 #define sigqueue sigqueue_freebsd /* avoid redefinition */
53 #include <machine/profile.h>
63 //#define DEBUG_TB_INVALIDATE
66 //#define DEBUG_UNASSIGNED
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
80 #define SMC_BITMAP_USE_THRESHOLD 10
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
101 #define code_gen_section \
102 __attribute__((aligned (32)))
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 static uint8_t *code_gen_ptr;
112 #if !defined(CONFIG_USER_ONLY)
114 static int in_migration;
116 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
120 /* current CPU in the current thread. It is only valid inside
122 CPUState *cpu_single_env;
123 /* 0 = Do not count executed instructions.
124 1 = Precise instruction counting.
125 2 = Adaptive rate instruction counting. */
127 /* Current instruction counter. While executing translated code this may
128 include some instructions that have not yet been executed. */
131 typedef struct PageDesc {
132 /* list of TBs intersecting this ram page */
133 TranslationBlock *first_tb;
134 /* in order to optimize self modifying code, we count the number
135 of lookups we do to a given page to use a bitmap */
136 unsigned int code_write_count;
137 uint8_t *code_bitmap;
138 #if defined(CONFIG_USER_ONLY)
143 /* In system mode we want L1_MAP to be based on ram offsets,
144 while in user mode we want it to be based on virtual addresses. */
145 #if !defined(CONFIG_USER_ONLY)
146 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
147 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
152 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
155 /* Size of the L2 (and L3, etc) page tables. */
157 #define L2_SIZE (1 << L2_BITS)
159 /* The bits remaining after N lower levels of page tables. */
160 #define P_L1_BITS_REM \
161 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
162 #define V_L1_BITS_REM \
163 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165 /* Size of the L1 page table. Avoid silly small sizes. */
166 #if P_L1_BITS_REM < 4
167 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169 #define P_L1_BITS P_L1_BITS_REM
172 #if V_L1_BITS_REM < 4
173 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175 #define V_L1_BITS V_L1_BITS_REM
178 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
179 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
182 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184 unsigned long qemu_real_host_page_size;
185 unsigned long qemu_host_page_bits;
186 unsigned long qemu_host_page_size;
187 unsigned long qemu_host_page_mask;
189 /* This is a multi-level map on the virtual address space.
190 The bottom level has pointers to PageDesc. */
191 static void *l1_map[V_L1_SIZE];
193 #if !defined(CONFIG_USER_ONLY)
194 typedef struct PhysPageDesc {
195 /* offset in host memory of the page + io_index in the low bits */
196 ram_addr_t phys_offset;
197 ram_addr_t region_offset;
200 /* This is a multi-level map on the physical address space.
201 The bottom level has pointers to PhysPageDesc. */
202 static void *l1_phys_map[P_L1_SIZE];
204 static void io_mem_init(void);
206 /* io memory support */
207 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
208 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
209 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
210 static char io_mem_used[IO_MEM_NB_ENTRIES];
211 static int io_mem_watch;
216 static const char *logfilename = "qemu.log";
218 static const char *logfilename = "/tmp/qemu.log";
222 static int log_append = 0;
225 #if !defined(CONFIG_USER_ONLY)
226 static int tlb_flush_count;
228 static int tb_flush_count;
229 static int tb_phys_invalidate_count;
232 static void map_exec(void *addr, long size)
235 VirtualProtect(addr, size,
236 PAGE_EXECUTE_READWRITE, &old_protect);
240 static void map_exec(void *addr, long size)
242 unsigned long start, end, page_size;
244 page_size = getpagesize();
245 start = (unsigned long)addr;
246 start &= ~(page_size - 1);
248 end = (unsigned long)addr + size;
249 end += page_size - 1;
250 end &= ~(page_size - 1);
252 mprotect((void *)start, end - start,
253 PROT_READ | PROT_WRITE | PROT_EXEC);
257 static void page_init(void)
259 /* NOTE: we can always suppose that qemu_host_page_size >=
263 SYSTEM_INFO system_info;
265 GetSystemInfo(&system_info);
266 qemu_real_host_page_size = system_info.dwPageSize;
269 qemu_real_host_page_size = getpagesize();
271 if (qemu_host_page_size == 0)
272 qemu_host_page_size = qemu_real_host_page_size;
273 if (qemu_host_page_size < TARGET_PAGE_SIZE)
274 qemu_host_page_size = TARGET_PAGE_SIZE;
275 qemu_host_page_bits = 0;
276 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
277 qemu_host_page_bits++;
278 qemu_host_page_mask = ~(qemu_host_page_size - 1);
280 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
282 #ifdef HAVE_KINFO_GETVMMAP
283 struct kinfo_vmentry *freep;
286 freep = kinfo_getvmmap(getpid(), &cnt);
289 for (i = 0; i < cnt; i++) {
290 unsigned long startaddr, endaddr;
292 startaddr = freep[i].kve_start;
293 endaddr = freep[i].kve_end;
294 if (h2g_valid(startaddr)) {
295 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
297 if (h2g_valid(endaddr)) {
298 endaddr = h2g(endaddr);
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
301 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
303 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
314 last_brk = (unsigned long)sbrk(0);
316 f = fopen("/compat/linux/proc/self/maps", "r");
321 unsigned long startaddr, endaddr;
324 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
326 if (n == 2 && h2g_valid(startaddr)) {
327 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
329 if (h2g_valid(endaddr)) {
330 endaddr = h2g(endaddr);
334 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
346 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
352 #if defined(CONFIG_USER_ONLY)
353 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
354 # define ALLOC(P, SIZE) \
356 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
357 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
360 # define ALLOC(P, SIZE) \
361 do { P = qemu_mallocz(SIZE); } while (0)
364 /* Level 1. Always allocated. */
365 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
368 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
375 ALLOC(p, sizeof(void *) * L2_SIZE);
379 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
387 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
393 return pd + (index & (L2_SIZE - 1));
396 static inline PageDesc *page_find(tb_page_addr_t index)
398 return page_find_alloc(index, 0);
401 #if !defined(CONFIG_USER_ONLY)
402 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
408 /* Level 1. Always allocated. */
409 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
412 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
418 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
420 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
431 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
433 for (i = 0; i < L2_SIZE; i++) {
434 pd[i].phys_offset = IO_MEM_UNASSIGNED;
435 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
439 return pd + (index & (L2_SIZE - 1));
442 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
444 return phys_page_find_alloc(index, 0);
447 static void tlb_protect_code(ram_addr_t ram_addr);
448 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
450 #define mmap_lock() do { } while(0)
451 #define mmap_unlock() do { } while(0)
454 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
456 #if defined(CONFIG_USER_ONLY)
457 /* Currently it is not recommended to allocate big chunks of data in
458 user mode. It will change when a dedicated libc will be used */
459 #define USE_STATIC_CODE_GEN_BUFFER
462 #ifdef USE_STATIC_CODE_GEN_BUFFER
463 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
464 __attribute__((aligned (CODE_GEN_ALIGN)));
467 static void code_gen_alloc(unsigned long tb_size)
469 #ifdef USE_STATIC_CODE_GEN_BUFFER
470 code_gen_buffer = static_code_gen_buffer;
471 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
472 map_exec(code_gen_buffer, code_gen_buffer_size);
474 code_gen_buffer_size = tb_size;
475 if (code_gen_buffer_size == 0) {
476 #if defined(CONFIG_USER_ONLY)
477 /* in user mode, phys_ram_size is not meaningful */
478 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
480 /* XXX: needs adjustments */
481 code_gen_buffer_size = (unsigned long)(ram_size / 4);
484 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
485 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
486 /* The code gen buffer location may have constraints depending on
487 the host cpu and OS */
488 #if defined(__linux__)
493 flags = MAP_PRIVATE | MAP_ANONYMOUS;
494 #if defined(__x86_64__)
496 /* Cannot map more than that */
497 if (code_gen_buffer_size > (800 * 1024 * 1024))
498 code_gen_buffer_size = (800 * 1024 * 1024);
499 #elif defined(__sparc_v9__)
500 // Map the buffer below 2G, so we can use direct calls and branches
502 start = (void *) 0x60000000UL;
503 if (code_gen_buffer_size > (512 * 1024 * 1024))
504 code_gen_buffer_size = (512 * 1024 * 1024);
505 #elif defined(__arm__)
506 /* Map the buffer below 32M, so we can use direct calls and branches */
508 start = (void *) 0x01000000UL;
509 if (code_gen_buffer_size > 16 * 1024 * 1024)
510 code_gen_buffer_size = 16 * 1024 * 1024;
511 #elif defined(__s390x__)
512 /* Map the buffer so that we can use direct calls and branches. */
513 /* We have a +- 4GB range on the branches; leave some slop. */
514 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
515 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
517 start = (void *)0x90000000UL;
519 code_gen_buffer = mmap(start, code_gen_buffer_size,
520 PROT_WRITE | PROT_READ | PROT_EXEC,
522 if (code_gen_buffer == MAP_FAILED) {
523 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
527 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
531 flags = MAP_PRIVATE | MAP_ANONYMOUS;
532 #if defined(__x86_64__)
533 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
534 * 0x40000000 is free */
536 addr = (void *)0x40000000;
537 /* Cannot map more than that */
538 if (code_gen_buffer_size > (800 * 1024 * 1024))
539 code_gen_buffer_size = (800 * 1024 * 1024);
541 code_gen_buffer = mmap(addr, code_gen_buffer_size,
542 PROT_WRITE | PROT_READ | PROT_EXEC,
544 if (code_gen_buffer == MAP_FAILED) {
545 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
550 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
551 map_exec(code_gen_buffer, code_gen_buffer_size);
553 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
554 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
555 code_gen_buffer_max_size = code_gen_buffer_size -
556 (TCG_MAX_OP_SIZE * OPC_MAX_SIZE);
557 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
558 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
561 /* Must be called before using the QEMU cpus. 'tb_size' is the size
562 (in bytes) allocated to the translation buffer. Zero means default
564 void cpu_exec_init_all(unsigned long tb_size)
567 code_gen_alloc(tb_size);
568 code_gen_ptr = code_gen_buffer;
570 #if !defined(CONFIG_USER_ONLY)
573 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
574 /* There's no guest base to take into account, so go ahead and
575 initialize the prologue now. */
576 tcg_prologue_init(&tcg_ctx);
580 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
582 static int cpu_common_post_load(void *opaque, int version_id)
584 CPUState *env = opaque;
586 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
587 version_id is increased. */
588 env->interrupt_request &= ~0x01;
594 static const VMStateDescription vmstate_cpu_common = {
595 .name = "cpu_common",
597 .minimum_version_id = 1,
598 .minimum_version_id_old = 1,
599 .post_load = cpu_common_post_load,
600 .fields = (VMStateField []) {
601 VMSTATE_UINT32(halted, CPUState),
602 VMSTATE_UINT32(interrupt_request, CPUState),
603 VMSTATE_END_OF_LIST()
608 CPUState *qemu_get_cpu(int cpu)
610 CPUState *env = first_cpu;
613 if (env->cpu_index == cpu)
621 void cpu_exec_init(CPUState *env)
626 #if defined(CONFIG_USER_ONLY)
629 env->next_cpu = NULL;
632 while (*penv != NULL) {
633 penv = &(*penv)->next_cpu;
636 env->cpu_index = cpu_index;
638 QTAILQ_INIT(&env->breakpoints);
639 QTAILQ_INIT(&env->watchpoints);
641 #if defined(CONFIG_USER_ONLY)
644 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
645 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
647 cpu_save, cpu_load, env);
651 static inline void invalidate_page_bitmap(PageDesc *p)
653 if (p->code_bitmap) {
654 qemu_free(p->code_bitmap);
655 p->code_bitmap = NULL;
657 p->code_write_count = 0;
660 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
662 static void page_flush_tb_1 (int level, void **lp)
671 for (i = 0; i < L2_SIZE; ++i) {
672 pd[i].first_tb = NULL;
673 invalidate_page_bitmap(pd + i);
677 for (i = 0; i < L2_SIZE; ++i) {
678 page_flush_tb_1 (level - 1, pp + i);
683 static void page_flush_tb(void)
686 for (i = 0; i < V_L1_SIZE; i++) {
687 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
691 /* flush all the translation blocks */
692 /* XXX: tb_flush is currently not thread safe */
693 void tb_flush(CPUState *env1)
696 #if defined(DEBUG_FLUSH)
697 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
698 (unsigned long)(code_gen_ptr - code_gen_buffer),
700 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
702 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
703 cpu_abort(env1, "Internal error: code buffer overflow\n");
707 for(env = first_cpu; env != NULL; env = env->next_cpu) {
708 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
711 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
714 code_gen_ptr = code_gen_buffer;
715 /* XXX: flush processor icache at this point if cache flush is
720 #ifdef DEBUG_TB_CHECK
722 static void tb_invalidate_check(target_ulong address)
724 TranslationBlock *tb;
726 address &= TARGET_PAGE_MASK;
727 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
728 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
729 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
730 address >= tb->pc + tb->size)) {
731 printf("ERROR invalidate: address=" TARGET_FMT_lx
732 " PC=%08lx size=%04x\n",
733 address, (long)tb->pc, tb->size);
739 /* verify that all the pages have correct rights for code */
740 static void tb_page_check(void)
742 TranslationBlock *tb;
743 int i, flags1, flags2;
745 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
746 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
747 flags1 = page_get_flags(tb->pc);
748 flags2 = page_get_flags(tb->pc + tb->size - 1);
749 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
750 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
751 (long)tb->pc, tb->size, flags1, flags2);
759 /* invalidate one TB */
760 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
763 TranslationBlock *tb1;
767 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
770 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
774 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
776 TranslationBlock *tb1;
782 tb1 = (TranslationBlock *)((long)tb1 & ~3);
784 *ptb = tb1->page_next[n1];
787 ptb = &tb1->page_next[n1];
791 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
793 TranslationBlock *tb1, **ptb;
796 ptb = &tb->jmp_next[n];
799 /* find tb(n) in circular list */
803 tb1 = (TranslationBlock *)((long)tb1 & ~3);
804 if (n1 == n && tb1 == tb)
807 ptb = &tb1->jmp_first;
809 ptb = &tb1->jmp_next[n1];
812 /* now we can suppress tb(n) from the list */
813 *ptb = tb->jmp_next[n];
815 tb->jmp_next[n] = NULL;
819 /* reset the jump entry 'n' of a TB so that it is not chained to
821 static inline void tb_reset_jump(TranslationBlock *tb, int n)
823 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
826 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
831 tb_page_addr_t phys_pc;
832 TranslationBlock *tb1, *tb2;
834 /* remove the TB from the hash list */
835 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
836 h = tb_phys_hash_func(phys_pc);
837 tb_remove(&tb_phys_hash[h], tb,
838 offsetof(TranslationBlock, phys_hash_next));
840 /* remove the TB from the page list */
841 if (tb->page_addr[0] != page_addr) {
842 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
843 tb_page_remove(&p->first_tb, tb);
844 invalidate_page_bitmap(p);
846 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
847 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
848 tb_page_remove(&p->first_tb, tb);
849 invalidate_page_bitmap(p);
852 tb_invalidated_flag = 1;
854 /* remove the TB from the hash list */
855 h = tb_jmp_cache_hash_func(tb->pc);
856 for(env = first_cpu; env != NULL; env = env->next_cpu) {
857 if (env->tb_jmp_cache[h] == tb)
858 env->tb_jmp_cache[h] = NULL;
861 /* suppress this TB from the two jump lists */
862 tb_jmp_remove(tb, 0);
863 tb_jmp_remove(tb, 1);
865 /* suppress any remaining jumps to this TB */
871 tb1 = (TranslationBlock *)((long)tb1 & ~3);
872 tb2 = tb1->jmp_next[n1];
873 tb_reset_jump(tb1, n1);
874 tb1->jmp_next[n1] = NULL;
877 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
879 tb_phys_invalidate_count++;
882 static inline void set_bits(uint8_t *tab, int start, int len)
888 mask = 0xff << (start & 7);
889 if ((start & ~7) == (end & ~7)) {
891 mask &= ~(0xff << (end & 7));
896 start = (start + 8) & ~7;
898 while (start < end1) {
903 mask = ~(0xff << (end & 7));
909 static void build_page_bitmap(PageDesc *p)
911 int n, tb_start, tb_end;
912 TranslationBlock *tb;
914 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
919 tb = (TranslationBlock *)((long)tb & ~3);
920 /* NOTE: this is subtle as a TB may span two physical pages */
922 /* NOTE: tb_end may be after the end of the page, but
923 it is not a problem */
924 tb_start = tb->pc & ~TARGET_PAGE_MASK;
925 tb_end = tb_start + tb->size;
926 if (tb_end > TARGET_PAGE_SIZE)
927 tb_end = TARGET_PAGE_SIZE;
930 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
932 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
933 tb = tb->page_next[n];
937 TranslationBlock *tb_gen_code(CPUState *env,
938 target_ulong pc, target_ulong cs_base,
939 int flags, int cflags)
941 TranslationBlock *tb;
943 tb_page_addr_t phys_pc, phys_page2;
944 target_ulong virt_page2;
947 phys_pc = get_page_addr_code(env, pc);
950 /* flush must be done */
952 /* cannot fail at this point */
954 /* Don't forget to invalidate previous TB info. */
955 tb_invalidated_flag = 1;
957 tc_ptr = code_gen_ptr;
959 tb->cs_base = cs_base;
962 cpu_gen_code(env, tb, &code_gen_size);
963 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
965 /* check next page if needed */
966 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
968 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
969 phys_page2 = get_page_addr_code(env, virt_page2);
971 tb_link_page(tb, phys_pc, phys_page2);
975 /* invalidate all TBs which intersect with the target physical page
976 starting in range [start;end[. NOTE: start and end must refer to
977 the same physical page. 'is_cpu_write_access' should be true if called
978 from a real cpu write access: the virtual CPU will exit the current
979 TB if code is modified inside this TB. */
980 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
981 int is_cpu_write_access)
983 TranslationBlock *tb, *tb_next, *saved_tb;
984 CPUState *env = cpu_single_env;
985 tb_page_addr_t tb_start, tb_end;
988 #ifdef TARGET_HAS_PRECISE_SMC
989 int current_tb_not_found = is_cpu_write_access;
990 TranslationBlock *current_tb = NULL;
991 int current_tb_modified = 0;
992 target_ulong current_pc = 0;
993 target_ulong current_cs_base = 0;
994 int current_flags = 0;
995 #endif /* TARGET_HAS_PRECISE_SMC */
997 p = page_find(start >> TARGET_PAGE_BITS);
1000 if (!p->code_bitmap &&
1001 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1002 is_cpu_write_access) {
1003 /* build code bitmap */
1004 build_page_bitmap(p);
1007 /* we remove all the TBs in the range [start, end[ */
1008 /* XXX: see if in some cases it could be faster to invalidate all the code */
1010 while (tb != NULL) {
1012 tb = (TranslationBlock *)((long)tb & ~3);
1013 tb_next = tb->page_next[n];
1014 /* NOTE: this is subtle as a TB may span two physical pages */
1016 /* NOTE: tb_end may be after the end of the page, but
1017 it is not a problem */
1018 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1019 tb_end = tb_start + tb->size;
1021 tb_start = tb->page_addr[1];
1022 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1024 if (!(tb_end <= start || tb_start >= end)) {
1025 #ifdef TARGET_HAS_PRECISE_SMC
1026 if (current_tb_not_found) {
1027 current_tb_not_found = 0;
1029 if (env->mem_io_pc) {
1030 /* now we have a real cpu fault */
1031 current_tb = tb_find_pc(env->mem_io_pc);
1034 if (current_tb == tb &&
1035 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1036 /* If we are modifying the current TB, we must stop
1037 its execution. We could be more precise by checking
1038 that the modification is after the current PC, but it
1039 would require a specialized function to partially
1040 restore the CPU state */
1042 current_tb_modified = 1;
1043 cpu_restore_state(current_tb, env,
1044 env->mem_io_pc, NULL);
1045 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1048 #endif /* TARGET_HAS_PRECISE_SMC */
1049 /* we need to do that to handle the case where a signal
1050 occurs while doing tb_phys_invalidate() */
1053 saved_tb = env->current_tb;
1054 env->current_tb = NULL;
1056 tb_phys_invalidate(tb, -1);
1058 env->current_tb = saved_tb;
1059 if (env->interrupt_request && env->current_tb)
1060 cpu_interrupt(env, env->interrupt_request);
1065 #if !defined(CONFIG_USER_ONLY)
1066 /* if no code remaining, no need to continue to use slow writes */
1068 invalidate_page_bitmap(p);
1069 if (is_cpu_write_access) {
1070 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1074 #ifdef TARGET_HAS_PRECISE_SMC
1075 if (current_tb_modified) {
1076 /* we generate a block containing just the instruction
1077 modifying the memory. It will ensure that it cannot modify
1079 env->current_tb = NULL;
1080 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1081 cpu_resume_from_signal(env, NULL);
1086 /* len must be <= 8 and start must be a multiple of len */
1087 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1093 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1094 cpu_single_env->mem_io_vaddr, len,
1095 cpu_single_env->eip,
1096 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1099 p = page_find(start >> TARGET_PAGE_BITS);
1102 if (p->code_bitmap) {
1103 offset = start & ~TARGET_PAGE_MASK;
1104 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1105 if (b & ((1 << len) - 1))
1109 tb_invalidate_phys_page_range(start, start + len, 1);
1113 #if !defined(CONFIG_SOFTMMU)
1114 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1115 unsigned long pc, void *puc)
1117 TranslationBlock *tb;
1120 #ifdef TARGET_HAS_PRECISE_SMC
1121 TranslationBlock *current_tb = NULL;
1122 CPUState *env = cpu_single_env;
1123 int current_tb_modified = 0;
1124 target_ulong current_pc = 0;
1125 target_ulong current_cs_base = 0;
1126 int current_flags = 0;
1129 addr &= TARGET_PAGE_MASK;
1130 p = page_find(addr >> TARGET_PAGE_BITS);
1134 #ifdef TARGET_HAS_PRECISE_SMC
1135 if (tb && pc != 0) {
1136 current_tb = tb_find_pc(pc);
1139 while (tb != NULL) {
1141 tb = (TranslationBlock *)((long)tb & ~3);
1142 #ifdef TARGET_HAS_PRECISE_SMC
1143 if (current_tb == tb &&
1144 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1145 /* If we are modifying the current TB, we must stop
1146 its execution. We could be more precise by checking
1147 that the modification is after the current PC, but it
1148 would require a specialized function to partially
1149 restore the CPU state */
1151 current_tb_modified = 1;
1152 cpu_restore_state(current_tb, env, pc, puc);
1153 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1156 #endif /* TARGET_HAS_PRECISE_SMC */
1157 tb_phys_invalidate(tb, addr);
1158 tb = tb->page_next[n];
1161 #ifdef TARGET_HAS_PRECISE_SMC
1162 if (current_tb_modified) {
1163 /* we generate a block containing just the instruction
1164 modifying the memory. It will ensure that it cannot modify
1166 env->current_tb = NULL;
1167 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1168 cpu_resume_from_signal(env, puc);
1174 /* add the tb in the target page and protect it if necessary */
1175 static inline void tb_alloc_page(TranslationBlock *tb,
1176 unsigned int n, tb_page_addr_t page_addr)
1179 TranslationBlock *last_first_tb;
1181 tb->page_addr[n] = page_addr;
1182 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1183 tb->page_next[n] = p->first_tb;
1184 last_first_tb = p->first_tb;
1185 p->first_tb = (TranslationBlock *)((long)tb | n);
1186 invalidate_page_bitmap(p);
1188 #if defined(TARGET_HAS_SMC) || 1
1190 #if defined(CONFIG_USER_ONLY)
1191 if (p->flags & PAGE_WRITE) {
1196 /* force the host page as non writable (writes will have a
1197 page fault + mprotect overhead) */
1198 page_addr &= qemu_host_page_mask;
1200 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1201 addr += TARGET_PAGE_SIZE) {
1203 p2 = page_find (addr >> TARGET_PAGE_BITS);
1207 p2->flags &= ~PAGE_WRITE;
1209 mprotect(g2h(page_addr), qemu_host_page_size,
1210 (prot & PAGE_BITS) & ~PAGE_WRITE);
1211 #ifdef DEBUG_TB_INVALIDATE
1212 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1217 /* if some code is already present, then the pages are already
1218 protected. So we handle the case where only the first TB is
1219 allocated in a physical page */
1220 if (!last_first_tb) {
1221 tlb_protect_code(page_addr);
1225 #endif /* TARGET_HAS_SMC */
1228 /* Allocate a new translation block. Flush the translation buffer if
1229 too many translation blocks or too much generated code. */
1230 TranslationBlock *tb_alloc(target_ulong pc)
1232 TranslationBlock *tb;
1234 if (nb_tbs >= code_gen_max_blocks ||
1235 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1237 tb = &tbs[nb_tbs++];
1243 void tb_free(TranslationBlock *tb)
1245 /* In practice this is mostly used for single use temporary TB
1246 Ignore the hard cases and just back up if this TB happens to
1247 be the last one generated. */
1248 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1249 code_gen_ptr = tb->tc_ptr;
1254 /* add a new TB and link it to the physical page tables. phys_page2 is
1255 (-1) to indicate that only one page contains the TB. */
1256 void tb_link_page(TranslationBlock *tb,
1257 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1260 TranslationBlock **ptb;
1262 /* Grab the mmap lock to stop another thread invalidating this TB
1263 before we are done. */
1265 /* add in the physical hash table */
1266 h = tb_phys_hash_func(phys_pc);
1267 ptb = &tb_phys_hash[h];
1268 tb->phys_hash_next = *ptb;
1271 /* add in the page list */
1272 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1273 if (phys_page2 != -1)
1274 tb_alloc_page(tb, 1, phys_page2);
1276 tb->page_addr[1] = -1;
1278 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1279 tb->jmp_next[0] = NULL;
1280 tb->jmp_next[1] = NULL;
1282 /* init original jump addresses */
1283 if (tb->tb_next_offset[0] != 0xffff)
1284 tb_reset_jump(tb, 0);
1285 if (tb->tb_next_offset[1] != 0xffff)
1286 tb_reset_jump(tb, 1);
1288 #ifdef DEBUG_TB_CHECK
1294 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1295 tb[1].tc_ptr. Return NULL if not found */
1296 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1298 int m_min, m_max, m;
1300 TranslationBlock *tb;
1304 if (tc_ptr < (unsigned long)code_gen_buffer ||
1305 tc_ptr >= (unsigned long)code_gen_ptr)
1307 /* binary search (cf Knuth) */
1310 while (m_min <= m_max) {
1311 m = (m_min + m_max) >> 1;
1313 v = (unsigned long)tb->tc_ptr;
1316 else if (tc_ptr < v) {
1325 static void tb_reset_jump_recursive(TranslationBlock *tb);
1327 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1329 TranslationBlock *tb1, *tb_next, **ptb;
1332 tb1 = tb->jmp_next[n];
1334 /* find head of list */
1337 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1340 tb1 = tb1->jmp_next[n1];
1342 /* we are now sure now that tb jumps to tb1 */
1345 /* remove tb from the jmp_first list */
1346 ptb = &tb_next->jmp_first;
1350 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1351 if (n1 == n && tb1 == tb)
1353 ptb = &tb1->jmp_next[n1];
1355 *ptb = tb->jmp_next[n];
1356 tb->jmp_next[n] = NULL;
1358 /* suppress the jump to next tb in generated code */
1359 tb_reset_jump(tb, n);
1361 /* suppress jumps in the tb on which we could have jumped */
1362 tb_reset_jump_recursive(tb_next);
1366 static void tb_reset_jump_recursive(TranslationBlock *tb)
1368 tb_reset_jump_recursive2(tb, 0);
1369 tb_reset_jump_recursive2(tb, 1);
1372 #if defined(TARGET_HAS_ICE)
1373 #if defined(CONFIG_USER_ONLY)
1374 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1376 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1379 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1381 target_phys_addr_t addr;
1383 ram_addr_t ram_addr;
1386 addr = cpu_get_phys_page_debug(env, pc);
1387 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1389 pd = IO_MEM_UNASSIGNED;
1391 pd = p->phys_offset;
1393 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1394 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1397 #endif /* TARGET_HAS_ICE */
1399 #if defined(CONFIG_USER_ONLY)
1400 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1405 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1406 int flags, CPUWatchpoint **watchpoint)
1411 /* Add a watchpoint. */
1412 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1413 int flags, CPUWatchpoint **watchpoint)
1415 target_ulong len_mask = ~(len - 1);
1418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1419 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1420 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1421 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1424 wp = qemu_malloc(sizeof(*wp));
1427 wp->len_mask = len_mask;
1430 /* keep all GDB-injected watchpoints in front */
1432 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1434 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1436 tlb_flush_page(env, addr);
1443 /* Remove a specific watchpoint. */
1444 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1447 target_ulong len_mask = ~(len - 1);
1450 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1451 if (addr == wp->vaddr && len_mask == wp->len_mask
1452 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1453 cpu_watchpoint_remove_by_ref(env, wp);
1460 /* Remove a specific watchpoint by reference. */
1461 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1463 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1465 tlb_flush_page(env, watchpoint->vaddr);
1467 qemu_free(watchpoint);
1470 /* Remove all matching watchpoints. */
1471 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1473 CPUWatchpoint *wp, *next;
1475 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1476 if (wp->flags & mask)
1477 cpu_watchpoint_remove_by_ref(env, wp);
1482 /* Add a breakpoint. */
1483 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1484 CPUBreakpoint **breakpoint)
1486 #if defined(TARGET_HAS_ICE)
1489 bp = qemu_malloc(sizeof(*bp));
1494 /* keep all GDB-injected breakpoints in front */
1496 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1498 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1500 breakpoint_invalidate(env, pc);
1510 /* Remove a specific breakpoint. */
1511 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1513 #if defined(TARGET_HAS_ICE)
1516 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1517 if (bp->pc == pc && bp->flags == flags) {
1518 cpu_breakpoint_remove_by_ref(env, bp);
1528 /* Remove a specific breakpoint by reference. */
1529 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1531 #if defined(TARGET_HAS_ICE)
1532 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1534 breakpoint_invalidate(env, breakpoint->pc);
1536 qemu_free(breakpoint);
1540 /* Remove all matching breakpoints. */
1541 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1543 #if defined(TARGET_HAS_ICE)
1544 CPUBreakpoint *bp, *next;
1546 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1547 if (bp->flags & mask)
1548 cpu_breakpoint_remove_by_ref(env, bp);
1553 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1554 CPU loop after each instruction */
1555 void cpu_single_step(CPUState *env, int enabled)
1557 #if defined(TARGET_HAS_ICE)
1558 if (env->singlestep_enabled != enabled) {
1559 env->singlestep_enabled = enabled;
1561 kvm_update_guest_debug(env, 0);
1563 /* must flush all the translated code to avoid inconsistencies */
1564 /* XXX: only flush what is necessary */
1571 /* enable or disable low levels log */
1572 void cpu_set_log(int log_flags)
1574 loglevel = log_flags;
1575 if (loglevel && !logfile) {
1576 logfile = fopen(logfilename, log_append ? "a" : "w");
1578 perror(logfilename);
1581 #if !defined(CONFIG_SOFTMMU)
1582 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1584 static char logfile_buf[4096];
1585 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1587 #elif !defined(_WIN32)
1588 /* Win32 doesn't support line-buffering and requires size >= 2 */
1589 setvbuf(logfile, NULL, _IOLBF, 0);
1593 if (!loglevel && logfile) {
1599 void cpu_set_log_filename(const char *filename)
1601 logfilename = strdup(filename);
1606 cpu_set_log(loglevel);
1609 static void cpu_unlink_tb(CPUState *env)
1611 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1612 problem and hope the cpu will stop of its own accord. For userspace
1613 emulation this often isn't actually as bad as it sounds. Often
1614 signals are used primarily to interrupt blocking syscalls. */
1615 TranslationBlock *tb;
1616 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1618 spin_lock(&interrupt_lock);
1619 tb = env->current_tb;
1620 /* if the cpu is currently executing code, we must unlink it and
1621 all the potentially executing TB */
1623 env->current_tb = NULL;
1624 tb_reset_jump_recursive(tb);
1626 spin_unlock(&interrupt_lock);
1629 /* mask must never be zero, except for A20 change call */
1630 void cpu_interrupt(CPUState *env, int mask)
1634 old_mask = env->interrupt_request;
1635 env->interrupt_request |= mask;
1637 #ifndef CONFIG_USER_ONLY
1639 * If called from iothread context, wake the target cpu in
1642 if (!qemu_cpu_self(env)) {
1649 env->icount_decr.u16.high = 0xffff;
1650 #ifndef CONFIG_USER_ONLY
1652 && (mask & ~old_mask) != 0) {
1653 cpu_abort(env, "Raised interrupt while not in I/O function");
1661 void cpu_reset_interrupt(CPUState *env, int mask)
1663 env->interrupt_request &= ~mask;
1666 void cpu_exit(CPUState *env)
1668 env->exit_request = 1;
1672 const CPULogItem cpu_log_items[] = {
1673 { CPU_LOG_TB_OUT_ASM, "out_asm",
1674 "show generated host assembly code for each compiled TB" },
1675 { CPU_LOG_TB_IN_ASM, "in_asm",
1676 "show target assembly code for each compiled TB" },
1677 { CPU_LOG_TB_OP, "op",
1678 "show micro ops for each compiled TB" },
1679 { CPU_LOG_TB_OP_OPT, "op_opt",
1682 "before eflags optimization and "
1684 "after liveness analysis" },
1685 { CPU_LOG_INT, "int",
1686 "show interrupts/exceptions in short format" },
1687 { CPU_LOG_EXEC, "exec",
1688 "show trace before each executed TB (lots of logs)" },
1689 { CPU_LOG_TB_CPU, "cpu",
1690 "show CPU state before block translation" },
1692 { CPU_LOG_PCALL, "pcall",
1693 "show protected mode far calls/returns/exceptions" },
1694 { CPU_LOG_RESET, "cpu_reset",
1695 "show CPU state before CPU resets" },
1698 { CPU_LOG_IOPORT, "ioport",
1699 "show all i/o ports accesses" },
1704 #ifndef CONFIG_USER_ONLY
1705 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1706 = QLIST_HEAD_INITIALIZER(memory_client_list);
1708 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1710 ram_addr_t phys_offset)
1712 CPUPhysMemoryClient *client;
1713 QLIST_FOREACH(client, &memory_client_list, list) {
1714 client->set_memory(client, start_addr, size, phys_offset);
1718 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1719 target_phys_addr_t end)
1721 CPUPhysMemoryClient *client;
1722 QLIST_FOREACH(client, &memory_client_list, list) {
1723 int r = client->sync_dirty_bitmap(client, start, end);
1730 static int cpu_notify_migration_log(int enable)
1732 CPUPhysMemoryClient *client;
1733 QLIST_FOREACH(client, &memory_client_list, list) {
1734 int r = client->migration_log(client, enable);
1741 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1742 int level, void **lp)
1750 PhysPageDesc *pd = *lp;
1751 for (i = 0; i < L2_SIZE; ++i) {
1752 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1753 client->set_memory(client, pd[i].region_offset,
1754 TARGET_PAGE_SIZE, pd[i].phys_offset);
1759 for (i = 0; i < L2_SIZE; ++i) {
1760 phys_page_for_each_1(client, level - 1, pp + i);
1765 static void phys_page_for_each(CPUPhysMemoryClient *client)
1768 for (i = 0; i < P_L1_SIZE; ++i) {
1769 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1774 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1776 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1777 phys_page_for_each(client);
1780 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1782 QLIST_REMOVE(client, list);
1786 static int cmp1(const char *s1, int n, const char *s2)
1788 if (strlen(s2) != n)
1790 return memcmp(s1, s2, n) == 0;
1793 /* takes a comma separated list of log masks. Return 0 if error. */
1794 int cpu_str_to_log_mask(const char *str)
1796 const CPULogItem *item;
1803 p1 = strchr(p, ',');
1806 if(cmp1(p,p1-p,"all")) {
1807 for(item = cpu_log_items; item->mask != 0; item++) {
1811 for(item = cpu_log_items; item->mask != 0; item++) {
1812 if (cmp1(p, p1 - p, item->name))
1826 void cpu_abort(CPUState *env, const char *fmt, ...)
1833 fprintf(stderr, "qemu: fatal: ");
1834 vfprintf(stderr, fmt, ap);
1835 fprintf(stderr, "\n");
1837 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1839 cpu_dump_state(env, stderr, fprintf, 0);
1841 if (qemu_log_enabled()) {
1842 qemu_log("qemu: fatal: ");
1843 qemu_log_vprintf(fmt, ap2);
1846 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1848 log_cpu_state(env, 0);
1855 #if defined(CONFIG_USER_ONLY)
1857 struct sigaction act;
1858 sigfillset(&act.sa_mask);
1859 act.sa_handler = SIG_DFL;
1860 sigaction(SIGABRT, &act, NULL);
1866 CPUState *cpu_copy(CPUState *env)
1868 CPUState *new_env = cpu_init(env->cpu_model_str);
1869 CPUState *next_cpu = new_env->next_cpu;
1870 int cpu_index = new_env->cpu_index;
1871 #if defined(TARGET_HAS_ICE)
1876 memcpy(new_env, env, sizeof(CPUState));
1878 /* Preserve chaining and index. */
1879 new_env->next_cpu = next_cpu;
1880 new_env->cpu_index = cpu_index;
1882 /* Clone all break/watchpoints.
1883 Note: Once we support ptrace with hw-debug register access, make sure
1884 BP_CPU break/watchpoints are handled correctly on clone. */
1885 QTAILQ_INIT(&env->breakpoints);
1886 QTAILQ_INIT(&env->watchpoints);
1887 #if defined(TARGET_HAS_ICE)
1888 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1889 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1891 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1892 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1900 #if !defined(CONFIG_USER_ONLY)
1902 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1906 /* Discard jump cache entries for any tb which might potentially
1907 overlap the flushed page. */
1908 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1909 memset (&env->tb_jmp_cache[i], 0,
1910 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1912 i = tb_jmp_cache_hash_page(addr);
1913 memset (&env->tb_jmp_cache[i], 0,
1914 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1917 static CPUTLBEntry s_cputlb_empty_entry = {
1924 /* NOTE: if flush_global is true, also flush global entries (not
1926 void tlb_flush(CPUState *env, int flush_global)
1930 #if defined(DEBUG_TLB)
1931 printf("tlb_flush:\n");
1933 /* must reset current TB so that interrupts cannot modify the
1934 links while we are modifying them */
1935 env->current_tb = NULL;
1937 for(i = 0; i < CPU_TLB_SIZE; i++) {
1939 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1940 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1944 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1946 env->tlb_flush_addr = -1;
1947 env->tlb_flush_mask = 0;
1951 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1953 if (addr == (tlb_entry->addr_read &
1954 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1955 addr == (tlb_entry->addr_write &
1956 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1957 addr == (tlb_entry->addr_code &
1958 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1959 *tlb_entry = s_cputlb_empty_entry;
1963 void tlb_flush_page(CPUState *env, target_ulong addr)
1968 #if defined(DEBUG_TLB)
1969 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1971 /* Check if we need to flush due to large pages. */
1972 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1973 #if defined(DEBUG_TLB)
1974 printf("tlb_flush_page: forced full flush ("
1975 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1976 env->tlb_flush_addr, env->tlb_flush_mask);
1981 /* must reset current TB so that interrupts cannot modify the
1982 links while we are modifying them */
1983 env->current_tb = NULL;
1985 addr &= TARGET_PAGE_MASK;
1986 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1987 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1988 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1990 tlb_flush_jmp_cache(env, addr);
1993 /* update the TLBs so that writes to code in the virtual page 'addr'
1995 static void tlb_protect_code(ram_addr_t ram_addr)
1997 cpu_physical_memory_reset_dirty(ram_addr,
1998 ram_addr + TARGET_PAGE_SIZE,
2002 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2003 tested for self modifying code */
2004 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2007 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2010 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2011 unsigned long start, unsigned long length)
2014 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2015 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2016 if ((addr - start) < length) {
2017 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2022 /* Note: start and end must be within the same ram block. */
2023 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2027 unsigned long length, start1;
2030 start &= TARGET_PAGE_MASK;
2031 end = TARGET_PAGE_ALIGN(end);
2033 length = end - start;
2036 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2038 /* we modify the TLB cache so that the dirty bit will be set again
2039 when accessing the range */
2040 start1 = (unsigned long)qemu_get_ram_ptr(start);
2041 /* Chek that we don't span multiple blocks - this breaks the
2042 address comparisons below. */
2043 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2044 != (end - 1) - start) {
2048 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2050 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2051 for(i = 0; i < CPU_TLB_SIZE; i++)
2052 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2058 int cpu_physical_memory_set_dirty_tracking(int enable)
2061 in_migration = enable;
2062 ret = cpu_notify_migration_log(!!enable);
2066 int cpu_physical_memory_get_dirty_tracking(void)
2068 return in_migration;
2071 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2072 target_phys_addr_t end_addr)
2076 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2080 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2082 ram_addr_t ram_addr;
2085 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2086 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2087 + tlb_entry->addend);
2088 ram_addr = qemu_ram_addr_from_host(p);
2089 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2090 tlb_entry->addr_write |= TLB_NOTDIRTY;
2095 /* update the TLB according to the current state of the dirty bits */
2096 void cpu_tlb_update_dirty(CPUState *env)
2100 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2101 for(i = 0; i < CPU_TLB_SIZE; i++)
2102 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2106 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2108 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2109 tlb_entry->addr_write = vaddr;
2112 /* update the TLB corresponding to virtual page vaddr
2113 so that it is no longer dirty */
2114 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2119 vaddr &= TARGET_PAGE_MASK;
2120 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2121 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2122 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2125 /* Our TLB does not support large pages, so remember the area covered by
2126 large pages and trigger a full TLB flush if these are invalidated. */
2127 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2130 target_ulong mask = ~(size - 1);
2132 if (env->tlb_flush_addr == (target_ulong)-1) {
2133 env->tlb_flush_addr = vaddr & mask;
2134 env->tlb_flush_mask = mask;
2137 /* Extend the existing region to include the new page.
2138 This is a compromise between unnecessary flushes and the cost
2139 of maintaining a full variable size TLB. */
2140 mask &= env->tlb_flush_mask;
2141 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2144 env->tlb_flush_addr &= mask;
2145 env->tlb_flush_mask = mask;
2148 /* Add a new TLB entry. At most one entry for a given virtual address
2149 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2150 supplied size is only used by tlb_flush_page. */
2151 void tlb_set_page(CPUState *env, target_ulong vaddr,
2152 target_phys_addr_t paddr, int prot,
2153 int mmu_idx, target_ulong size)
2158 target_ulong address;
2159 target_ulong code_address;
2160 unsigned long addend;
2163 target_phys_addr_t iotlb;
2165 assert(size >= TARGET_PAGE_SIZE);
2166 if (size != TARGET_PAGE_SIZE) {
2167 tlb_add_large_page(env, vaddr, size);
2169 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2171 pd = IO_MEM_UNASSIGNED;
2173 pd = p->phys_offset;
2175 #if defined(DEBUG_TLB)
2176 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2177 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2181 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2182 /* IO memory case (romd handled later) */
2183 address |= TLB_MMIO;
2185 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2186 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2188 iotlb = pd & TARGET_PAGE_MASK;
2189 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2190 iotlb |= IO_MEM_NOTDIRTY;
2192 iotlb |= IO_MEM_ROM;
2194 /* IO handlers are currently passed a physical address.
2195 It would be nice to pass an offset from the base address
2196 of that region. This would avoid having to special case RAM,
2197 and avoid full address decoding in every device.
2198 We can't use the high bits of pd for this because
2199 IO_MEM_ROMD uses these as a ram address. */
2200 iotlb = (pd & ~TARGET_PAGE_MASK);
2202 iotlb += p->region_offset;
2208 code_address = address;
2209 /* Make accesses to pages with watchpoints go via the
2210 watchpoint trap routines. */
2211 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2212 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2213 /* Avoid trapping reads of pages with a write breakpoint. */
2214 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2215 iotlb = io_mem_watch + paddr;
2216 address |= TLB_MMIO;
2222 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2223 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2224 te = &env->tlb_table[mmu_idx][index];
2225 te->addend = addend - vaddr;
2226 if (prot & PAGE_READ) {
2227 te->addr_read = address;
2232 if (prot & PAGE_EXEC) {
2233 te->addr_code = code_address;
2237 if (prot & PAGE_WRITE) {
2238 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2239 (pd & IO_MEM_ROMD)) {
2240 /* Write access calls the I/O callback. */
2241 te->addr_write = address | TLB_MMIO;
2242 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2243 !cpu_physical_memory_is_dirty(pd)) {
2244 te->addr_write = address | TLB_NOTDIRTY;
2246 te->addr_write = address;
2249 te->addr_write = -1;
2255 void tlb_flush(CPUState *env, int flush_global)
2259 void tlb_flush_page(CPUState *env, target_ulong addr)
2264 * Walks guest process memory "regions" one by one
2265 * and calls callback function 'fn' for each region.
2268 struct walk_memory_regions_data
2270 walk_memory_regions_fn fn;
2272 unsigned long start;
2276 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2277 abi_ulong end, int new_prot)
2279 if (data->start != -1ul) {
2280 int rc = data->fn(data->priv, data->start, end, data->prot);
2286 data->start = (new_prot ? end : -1ul);
2287 data->prot = new_prot;
2292 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2293 abi_ulong base, int level, void **lp)
2299 return walk_memory_regions_end(data, base, 0);
2304 for (i = 0; i < L2_SIZE; ++i) {
2305 int prot = pd[i].flags;
2307 pa = base | (i << TARGET_PAGE_BITS);
2308 if (prot != data->prot) {
2309 rc = walk_memory_regions_end(data, pa, prot);
2317 for (i = 0; i < L2_SIZE; ++i) {
2318 pa = base | ((abi_ulong)i <<
2319 (TARGET_PAGE_BITS + L2_BITS * level));
2320 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2330 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2332 struct walk_memory_regions_data data;
2340 for (i = 0; i < V_L1_SIZE; i++) {
2341 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2342 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2348 return walk_memory_regions_end(&data, 0, 0);
2351 static int dump_region(void *priv, abi_ulong start,
2352 abi_ulong end, unsigned long prot)
2354 FILE *f = (FILE *)priv;
2356 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2357 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2358 start, end, end - start,
2359 ((prot & PAGE_READ) ? 'r' : '-'),
2360 ((prot & PAGE_WRITE) ? 'w' : '-'),
2361 ((prot & PAGE_EXEC) ? 'x' : '-'));
2366 /* dump memory mappings */
2367 void page_dump(FILE *f)
2369 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2370 "start", "end", "size", "prot");
2371 walk_memory_regions(f, dump_region);
2374 int page_get_flags(target_ulong address)
2378 p = page_find(address >> TARGET_PAGE_BITS);
2384 /* Modify the flags of a page and invalidate the code if necessary.
2385 The flag PAGE_WRITE_ORG is positioned automatically depending
2386 on PAGE_WRITE. The mmap_lock should already be held. */
2387 void page_set_flags(target_ulong start, target_ulong end, int flags)
2389 target_ulong addr, len;
2391 /* This function should never be called with addresses outside the
2392 guest address space. If this assert fires, it probably indicates
2393 a missing call to h2g_valid. */
2394 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2395 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2397 assert(start < end);
2399 start = start & TARGET_PAGE_MASK;
2400 end = TARGET_PAGE_ALIGN(end);
2402 if (flags & PAGE_WRITE) {
2403 flags |= PAGE_WRITE_ORG;
2406 for (addr = start, len = end - start;
2408 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2409 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2411 /* If the write protection bit is set, then we invalidate
2413 if (!(p->flags & PAGE_WRITE) &&
2414 (flags & PAGE_WRITE) &&
2416 tb_invalidate_phys_page(addr, 0, NULL);
2422 int page_check_range(target_ulong start, target_ulong len, int flags)
2428 /* This function should never be called with addresses outside the
2429 guest address space. If this assert fires, it probably indicates
2430 a missing call to h2g_valid. */
2431 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2432 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2438 if (start + len - 1 < start) {
2439 /* We've wrapped around. */
2443 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2444 start = start & TARGET_PAGE_MASK;
2446 for (addr = start, len = end - start;
2448 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2449 p = page_find(addr >> TARGET_PAGE_BITS);
2452 if( !(p->flags & PAGE_VALID) )
2455 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2457 if (flags & PAGE_WRITE) {
2458 if (!(p->flags & PAGE_WRITE_ORG))
2460 /* unprotect the page if it was put read-only because it
2461 contains translated code */
2462 if (!(p->flags & PAGE_WRITE)) {
2463 if (!page_unprotect(addr, 0, NULL))
2472 /* called from signal handler: invalidate the code and unprotect the
2473 page. Return TRUE if the fault was successfully handled. */
2474 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2478 target_ulong host_start, host_end, addr;
2480 /* Technically this isn't safe inside a signal handler. However we
2481 know this only ever happens in a synchronous SEGV handler, so in
2482 practice it seems to be ok. */
2485 p = page_find(address >> TARGET_PAGE_BITS);
2491 /* if the page was really writable, then we change its
2492 protection back to writable */
2493 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2494 host_start = address & qemu_host_page_mask;
2495 host_end = host_start + qemu_host_page_size;
2498 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2499 p = page_find(addr >> TARGET_PAGE_BITS);
2500 p->flags |= PAGE_WRITE;
2503 /* and since the content will be modified, we must invalidate
2504 the corresponding translated code. */
2505 tb_invalidate_phys_page(addr, pc, puc);
2506 #ifdef DEBUG_TB_CHECK
2507 tb_invalidate_check(addr);
2510 mprotect((void *)g2h(host_start), qemu_host_page_size,
2520 static inline void tlb_set_dirty(CPUState *env,
2521 unsigned long addr, target_ulong vaddr)
2524 #endif /* defined(CONFIG_USER_ONLY) */
2526 #if !defined(CONFIG_USER_ONLY)
2528 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2529 typedef struct subpage_t {
2530 target_phys_addr_t base;
2531 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2532 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2535 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2536 ram_addr_t memory, ram_addr_t region_offset);
2537 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2538 ram_addr_t orig_memory,
2539 ram_addr_t region_offset);
2540 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2543 if (addr > start_addr) \
2546 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2547 if (start_addr2 > 0) \
2551 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2552 end_addr2 = TARGET_PAGE_SIZE - 1; \
2554 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2555 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2560 /* register physical memory.
2561 For RAM, 'size' must be a multiple of the target page size.
2562 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2563 io memory page. The address used when calling the IO function is
2564 the offset from the start of the region, plus region_offset. Both
2565 start_addr and region_offset are rounded down to a page boundary
2566 before calculating this offset. This should not be a problem unless
2567 the low bits of start_addr and region_offset differ. */
2568 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2570 ram_addr_t phys_offset,
2571 ram_addr_t region_offset)
2573 target_phys_addr_t addr, end_addr;
2576 ram_addr_t orig_size = size;
2579 cpu_notify_set_memory(start_addr, size, phys_offset);
2581 if (phys_offset == IO_MEM_UNASSIGNED) {
2582 region_offset = start_addr;
2584 region_offset &= TARGET_PAGE_MASK;
2585 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2586 end_addr = start_addr + (target_phys_addr_t)size;
2587 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2588 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2589 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2590 ram_addr_t orig_memory = p->phys_offset;
2591 target_phys_addr_t start_addr2, end_addr2;
2592 int need_subpage = 0;
2594 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2597 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2598 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2599 &p->phys_offset, orig_memory,
2602 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2605 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2607 p->region_offset = 0;
2609 p->phys_offset = phys_offset;
2610 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2611 (phys_offset & IO_MEM_ROMD))
2612 phys_offset += TARGET_PAGE_SIZE;
2615 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2616 p->phys_offset = phys_offset;
2617 p->region_offset = region_offset;
2618 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2619 (phys_offset & IO_MEM_ROMD)) {
2620 phys_offset += TARGET_PAGE_SIZE;
2622 target_phys_addr_t start_addr2, end_addr2;
2623 int need_subpage = 0;
2625 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2626 end_addr2, need_subpage);
2629 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2630 &p->phys_offset, IO_MEM_UNASSIGNED,
2631 addr & TARGET_PAGE_MASK);
2632 subpage_register(subpage, start_addr2, end_addr2,
2633 phys_offset, region_offset);
2634 p->region_offset = 0;
2638 region_offset += TARGET_PAGE_SIZE;
2641 /* since each CPU stores ram addresses in its TLB cache, we must
2642 reset the modified entries */
2644 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2649 /* XXX: temporary until new memory mapping API */
2650 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2654 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2656 return IO_MEM_UNASSIGNED;
2657 return p->phys_offset;
2660 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2663 kvm_coalesce_mmio_region(addr, size);
2666 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2669 kvm_uncoalesce_mmio_region(addr, size);
2672 void qemu_flush_coalesced_mmio_buffer(void)
2675 kvm_flush_coalesced_mmio_buffer();
2678 #if defined(__linux__) && !defined(TARGET_S390X)
2680 #include <sys/vfs.h>
2682 #define HUGETLBFS_MAGIC 0x958458f6
2684 static long gethugepagesize(const char *path)
2690 ret = statfs(path, &fs);
2691 } while (ret != 0 && errno == EINTR);
2698 if (fs.f_type != HUGETLBFS_MAGIC)
2699 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2704 static void *file_ram_alloc(RAMBlock *block,
2714 unsigned long hpagesize;
2716 hpagesize = gethugepagesize(path);
2721 if (memory < hpagesize) {
2725 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2726 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2730 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2734 fd = mkstemp(filename);
2736 perror("unable to create backing store for hugepages");
2743 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2746 * ftruncate is not supported by hugetlbfs in older
2747 * hosts, so don't bother bailing out on errors.
2748 * If anything goes wrong with it under other filesystems,
2751 if (ftruncate(fd, memory))
2752 perror("ftruncate");
2755 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2756 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2757 * to sidestep this quirk.
2759 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2760 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2762 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2764 if (area == MAP_FAILED) {
2765 perror("file_ram_alloc: can't mmap RAM pages");
2774 static ram_addr_t find_ram_offset(ram_addr_t size)
2776 RAMBlock *block, *next_block;
2777 ram_addr_t offset = 0, mingap = ULONG_MAX;
2779 if (QLIST_EMPTY(&ram_list.blocks))
2782 QLIST_FOREACH(block, &ram_list.blocks, next) {
2783 ram_addr_t end, next = ULONG_MAX;
2785 end = block->offset + block->length;
2787 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2788 if (next_block->offset >= end) {
2789 next = MIN(next, next_block->offset);
2792 if (next - end >= size && next - end < mingap) {
2794 mingap = next - end;
2800 static ram_addr_t last_ram_offset(void)
2803 ram_addr_t last = 0;
2805 QLIST_FOREACH(block, &ram_list.blocks, next)
2806 last = MAX(last, block->offset + block->length);
2811 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
2812 ram_addr_t size, void *host)
2814 RAMBlock *new_block, *block;
2816 size = TARGET_PAGE_ALIGN(size);
2817 new_block = qemu_mallocz(sizeof(*new_block));
2819 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2820 char *id = dev->parent_bus->info->get_dev_path(dev);
2822 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2826 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2828 QLIST_FOREACH(block, &ram_list.blocks, next) {
2829 if (!strcmp(block->idstr, new_block->idstr)) {
2830 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2837 new_block->host = host;
2840 #if defined (__linux__) && !defined(TARGET_S390X)
2841 new_block->host = file_ram_alloc(new_block, size, mem_path);
2842 if (!new_block->host) {
2843 new_block->host = qemu_vmalloc(size);
2844 #ifdef MADV_MERGEABLE
2845 madvise(new_block->host, size, MADV_MERGEABLE);
2849 fprintf(stderr, "-mem-path option unsupported\n");
2853 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2854 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2855 new_block->host = mmap((void*)0x1000000, size,
2856 PROT_EXEC|PROT_READ|PROT_WRITE,
2857 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2859 new_block->host = qemu_vmalloc(size);
2861 #ifdef MADV_MERGEABLE
2862 madvise(new_block->host, size, MADV_MERGEABLE);
2867 new_block->offset = find_ram_offset(size);
2868 new_block->length = size;
2870 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2872 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
2873 last_ram_offset() >> TARGET_PAGE_BITS);
2874 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2875 0xff, size >> TARGET_PAGE_BITS);
2878 kvm_setup_guest_memory(new_block->host, size);
2880 return new_block->offset;
2883 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2885 return qemu_ram_alloc_from_ptr(dev, name, size, NULL);
2888 void qemu_ram_free(ram_addr_t addr)
2892 QLIST_FOREACH(block, &ram_list.blocks, next) {
2893 if (addr == block->offset) {
2894 QLIST_REMOVE(block, next);
2896 #if defined (__linux__) && !defined(TARGET_S390X)
2898 munmap(block->host, block->length);
2901 qemu_vfree(block->host);
2905 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2906 munmap(block->host, block->length);
2908 qemu_vfree(block->host);
2918 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2919 With the exception of the softmmu code in this file, this should
2920 only be used for local memory (e.g. video ram) that the device owns,
2921 and knows it isn't going to access beyond the end of the block.
2923 It should not be used for general purpose DMA.
2924 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2926 void *qemu_get_ram_ptr(ram_addr_t addr)
2930 QLIST_FOREACH(block, &ram_list.blocks, next) {
2931 if (addr - block->offset < block->length) {
2932 QLIST_REMOVE(block, next);
2933 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2934 return block->host + (addr - block->offset);
2938 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2944 /* Some of the softmmu routines need to translate from a host pointer
2945 (typically a TLB entry) back to a ram offset. */
2946 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2949 uint8_t *host = ptr;
2951 QLIST_FOREACH(block, &ram_list.blocks, next) {
2952 if (host - block->host < block->length) {
2953 return block->offset + (host - block->host);
2957 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2963 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2965 #ifdef DEBUG_UNASSIGNED
2966 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2968 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2969 do_unassigned_access(addr, 0, 0, 0, 1);
2974 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2976 #ifdef DEBUG_UNASSIGNED
2977 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2979 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2980 do_unassigned_access(addr, 0, 0, 0, 2);
2985 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2987 #ifdef DEBUG_UNASSIGNED
2988 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2990 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2991 do_unassigned_access(addr, 0, 0, 0, 4);
2996 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2998 #ifdef DEBUG_UNASSIGNED
2999 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3001 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3002 do_unassigned_access(addr, 1, 0, 0, 1);
3006 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3008 #ifdef DEBUG_UNASSIGNED
3009 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3011 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3012 do_unassigned_access(addr, 1, 0, 0, 2);
3016 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3018 #ifdef DEBUG_UNASSIGNED
3019 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3021 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3022 do_unassigned_access(addr, 1, 0, 0, 4);
3026 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3027 unassigned_mem_readb,
3028 unassigned_mem_readw,
3029 unassigned_mem_readl,
3032 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3033 unassigned_mem_writeb,
3034 unassigned_mem_writew,
3035 unassigned_mem_writel,
3038 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3042 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3043 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3044 #if !defined(CONFIG_USER_ONLY)
3045 tb_invalidate_phys_page_fast(ram_addr, 1);
3046 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3049 stb_p(qemu_get_ram_ptr(ram_addr), val);
3050 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3051 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3052 /* we remove the notdirty callback only if the code has been
3054 if (dirty_flags == 0xff)
3055 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3058 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3062 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3063 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3064 #if !defined(CONFIG_USER_ONLY)
3065 tb_invalidate_phys_page_fast(ram_addr, 2);
3066 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3069 stw_p(qemu_get_ram_ptr(ram_addr), val);
3070 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3071 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3072 /* we remove the notdirty callback only if the code has been
3074 if (dirty_flags == 0xff)
3075 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3078 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3082 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3083 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3084 #if !defined(CONFIG_USER_ONLY)
3085 tb_invalidate_phys_page_fast(ram_addr, 4);
3086 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3089 stl_p(qemu_get_ram_ptr(ram_addr), val);
3090 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3091 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3092 /* we remove the notdirty callback only if the code has been
3094 if (dirty_flags == 0xff)
3095 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3098 static CPUReadMemoryFunc * const error_mem_read[3] = {
3099 NULL, /* never used */
3100 NULL, /* never used */
3101 NULL, /* never used */
3104 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3105 notdirty_mem_writeb,
3106 notdirty_mem_writew,
3107 notdirty_mem_writel,
3110 /* Generate a debug exception if a watchpoint has been hit. */
3111 static void check_watchpoint(int offset, int len_mask, int flags)
3113 CPUState *env = cpu_single_env;
3114 target_ulong pc, cs_base;
3115 TranslationBlock *tb;
3120 if (env->watchpoint_hit) {
3121 /* We re-entered the check after replacing the TB. Now raise
3122 * the debug interrupt so that is will trigger after the
3123 * current instruction. */
3124 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3127 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3128 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3129 if ((vaddr == (wp->vaddr & len_mask) ||
3130 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3131 wp->flags |= BP_WATCHPOINT_HIT;
3132 if (!env->watchpoint_hit) {
3133 env->watchpoint_hit = wp;
3134 tb = tb_find_pc(env->mem_io_pc);
3136 cpu_abort(env, "check_watchpoint: could not find TB for "
3137 "pc=%p", (void *)env->mem_io_pc);
3139 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3140 tb_phys_invalidate(tb, -1);
3141 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3142 env->exception_index = EXCP_DEBUG;
3144 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3145 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3147 cpu_resume_from_signal(env, NULL);
3150 wp->flags &= ~BP_WATCHPOINT_HIT;
3155 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3156 so these check for a hit then pass through to the normal out-of-line
3158 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3160 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3161 return ldub_phys(addr);
3164 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3166 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3167 return lduw_phys(addr);
3170 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3172 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3173 return ldl_phys(addr);
3176 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3179 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3180 stb_phys(addr, val);
3183 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3186 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3187 stw_phys(addr, val);
3190 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3193 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3194 stl_phys(addr, val);
3197 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3203 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3209 static inline uint32_t subpage_readlen (subpage_t *mmio,
3210 target_phys_addr_t addr,
3213 unsigned int idx = SUBPAGE_IDX(addr);
3214 #if defined(DEBUG_SUBPAGE)
3215 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3216 mmio, len, addr, idx);
3219 addr += mmio->region_offset[idx];
3220 idx = mmio->sub_io_index[idx];
3221 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3224 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3225 uint32_t value, unsigned int len)
3227 unsigned int idx = SUBPAGE_IDX(addr);
3228 #if defined(DEBUG_SUBPAGE)
3229 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3230 __func__, mmio, len, addr, idx, value);
3233 addr += mmio->region_offset[idx];
3234 idx = mmio->sub_io_index[idx];
3235 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3238 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3240 return subpage_readlen(opaque, addr, 0);
3243 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3246 subpage_writelen(opaque, addr, value, 0);
3249 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3251 return subpage_readlen(opaque, addr, 1);
3254 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3257 subpage_writelen(opaque, addr, value, 1);
3260 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3262 return subpage_readlen(opaque, addr, 2);
3265 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3268 subpage_writelen(opaque, addr, value, 2);
3271 static CPUReadMemoryFunc * const subpage_read[] = {
3277 static CPUWriteMemoryFunc * const subpage_write[] = {
3283 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3284 ram_addr_t memory, ram_addr_t region_offset)
3288 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3290 idx = SUBPAGE_IDX(start);
3291 eidx = SUBPAGE_IDX(end);
3292 #if defined(DEBUG_SUBPAGE)
3293 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3294 mmio, start, end, idx, eidx, memory);
3296 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
3297 memory = IO_MEM_UNASSIGNED;
3298 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3299 for (; idx <= eidx; idx++) {
3300 mmio->sub_io_index[idx] = memory;
3301 mmio->region_offset[idx] = region_offset;
3307 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3308 ram_addr_t orig_memory,
3309 ram_addr_t region_offset)
3314 mmio = qemu_mallocz(sizeof(subpage_t));
3317 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3318 #if defined(DEBUG_SUBPAGE)
3319 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3320 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3322 *phys = subpage_memory | IO_MEM_SUBPAGE;
3323 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3328 static int get_free_io_mem_idx(void)
3332 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3333 if (!io_mem_used[i]) {
3337 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3341 /* mem_read and mem_write are arrays of functions containing the
3342 function to access byte (index 0), word (index 1) and dword (index
3343 2). Functions can be omitted with a NULL function pointer.
3344 If io_index is non zero, the corresponding io zone is
3345 modified. If it is zero, a new io zone is allocated. The return
3346 value can be used with cpu_register_physical_memory(). (-1) is
3347 returned if error. */
3348 static int cpu_register_io_memory_fixed(int io_index,
3349 CPUReadMemoryFunc * const *mem_read,
3350 CPUWriteMemoryFunc * const *mem_write,
3355 if (io_index <= 0) {
3356 io_index = get_free_io_mem_idx();
3360 io_index >>= IO_MEM_SHIFT;
3361 if (io_index >= IO_MEM_NB_ENTRIES)
3365 for (i = 0; i < 3; ++i) {
3366 io_mem_read[io_index][i]
3367 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3369 for (i = 0; i < 3; ++i) {
3370 io_mem_write[io_index][i]
3371 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3373 io_mem_opaque[io_index] = opaque;
3375 return (io_index << IO_MEM_SHIFT);
3378 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3379 CPUWriteMemoryFunc * const *mem_write,
3382 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3385 void cpu_unregister_io_memory(int io_table_address)
3388 int io_index = io_table_address >> IO_MEM_SHIFT;
3390 for (i=0;i < 3; i++) {
3391 io_mem_read[io_index][i] = unassigned_mem_read[i];
3392 io_mem_write[io_index][i] = unassigned_mem_write[i];
3394 io_mem_opaque[io_index] = NULL;
3395 io_mem_used[io_index] = 0;
3398 static void io_mem_init(void)
3402 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3403 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3404 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3408 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3409 watch_mem_write, NULL);
3412 #endif /* !defined(CONFIG_USER_ONLY) */
3414 /* physical memory access (slow version, mainly for debug) */
3415 #if defined(CONFIG_USER_ONLY)
3416 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3417 uint8_t *buf, int len, int is_write)
3424 page = addr & TARGET_PAGE_MASK;
3425 l = (page + TARGET_PAGE_SIZE) - addr;
3428 flags = page_get_flags(page);
3429 if (!(flags & PAGE_VALID))
3432 if (!(flags & PAGE_WRITE))
3434 /* XXX: this code should not depend on lock_user */
3435 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3438 unlock_user(p, addr, l);
3440 if (!(flags & PAGE_READ))
3442 /* XXX: this code should not depend on lock_user */
3443 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3446 unlock_user(p, addr, 0);
3456 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3457 int len, int is_write)
3462 target_phys_addr_t page;
3467 page = addr & TARGET_PAGE_MASK;
3468 l = (page + TARGET_PAGE_SIZE) - addr;
3471 p = phys_page_find(page >> TARGET_PAGE_BITS);
3473 pd = IO_MEM_UNASSIGNED;
3475 pd = p->phys_offset;
3479 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3480 target_phys_addr_t addr1 = addr;
3481 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3483 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3484 /* XXX: could force cpu_single_env to NULL to avoid
3486 if (l >= 4 && ((addr1 & 3) == 0)) {
3487 /* 32 bit write access */
3489 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3491 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3492 /* 16 bit write access */
3494 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3497 /* 8 bit write access */
3499 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3503 unsigned long addr1;
3504 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3506 ptr = qemu_get_ram_ptr(addr1);
3507 memcpy(ptr, buf, l);
3508 if (!cpu_physical_memory_is_dirty(addr1)) {
3509 /* invalidate code */
3510 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3512 cpu_physical_memory_set_dirty_flags(
3513 addr1, (0xff & ~CODE_DIRTY_FLAG));
3517 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3518 !(pd & IO_MEM_ROMD)) {
3519 target_phys_addr_t addr1 = addr;
3521 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3523 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3524 if (l >= 4 && ((addr1 & 3) == 0)) {
3525 /* 32 bit read access */
3526 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3529 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3530 /* 16 bit read access */
3531 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3535 /* 8 bit read access */
3536 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3542 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3543 (addr & ~TARGET_PAGE_MASK);
3544 memcpy(buf, ptr, l);
3553 /* used for ROM loading : can write in RAM and ROM */
3554 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3555 const uint8_t *buf, int len)
3559 target_phys_addr_t page;
3564 page = addr & TARGET_PAGE_MASK;
3565 l = (page + TARGET_PAGE_SIZE) - addr;
3568 p = phys_page_find(page >> TARGET_PAGE_BITS);
3570 pd = IO_MEM_UNASSIGNED;
3572 pd = p->phys_offset;
3575 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3576 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3577 !(pd & IO_MEM_ROMD)) {
3580 unsigned long addr1;
3581 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3583 ptr = qemu_get_ram_ptr(addr1);
3584 memcpy(ptr, buf, l);
3594 target_phys_addr_t addr;
3595 target_phys_addr_t len;
3598 static BounceBuffer bounce;
3600 typedef struct MapClient {
3602 void (*callback)(void *opaque);
3603 QLIST_ENTRY(MapClient) link;
3606 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3607 = QLIST_HEAD_INITIALIZER(map_client_list);
3609 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3611 MapClient *client = qemu_malloc(sizeof(*client));
3613 client->opaque = opaque;
3614 client->callback = callback;
3615 QLIST_INSERT_HEAD(&map_client_list, client, link);
3619 void cpu_unregister_map_client(void *_client)
3621 MapClient *client = (MapClient *)_client;
3623 QLIST_REMOVE(client, link);
3627 static void cpu_notify_map_clients(void)
3631 while (!QLIST_EMPTY(&map_client_list)) {
3632 client = QLIST_FIRST(&map_client_list);
3633 client->callback(client->opaque);
3634 cpu_unregister_map_client(client);
3638 /* Map a physical memory region into a host virtual address.
3639 * May map a subset of the requested range, given by and returned in *plen.
3640 * May return NULL if resources needed to perform the mapping are exhausted.
3641 * Use only for reads OR writes - not for read-modify-write operations.
3642 * Use cpu_register_map_client() to know when retrying the map operation is
3643 * likely to succeed.
3645 void *cpu_physical_memory_map(target_phys_addr_t addr,
3646 target_phys_addr_t *plen,
3649 target_phys_addr_t len = *plen;
3650 target_phys_addr_t done = 0;
3652 uint8_t *ret = NULL;
3654 target_phys_addr_t page;
3657 unsigned long addr1;
3660 page = addr & TARGET_PAGE_MASK;
3661 l = (page + TARGET_PAGE_SIZE) - addr;
3664 p = phys_page_find(page >> TARGET_PAGE_BITS);
3666 pd = IO_MEM_UNASSIGNED;
3668 pd = p->phys_offset;
3671 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3672 if (done || bounce.buffer) {
3675 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3679 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3681 ptr = bounce.buffer;
3683 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3684 ptr = qemu_get_ram_ptr(addr1);
3688 } else if (ret + done != ptr) {
3700 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3701 * Will also mark the memory as dirty if is_write == 1. access_len gives
3702 * the amount of memory that was actually read or written by the caller.
3704 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3705 int is_write, target_phys_addr_t access_len)
3707 if (buffer != bounce.buffer) {
3709 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3710 while (access_len) {
3712 l = TARGET_PAGE_SIZE;
3715 if (!cpu_physical_memory_is_dirty(addr1)) {
3716 /* invalidate code */
3717 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3719 cpu_physical_memory_set_dirty_flags(
3720 addr1, (0xff & ~CODE_DIRTY_FLAG));
3729 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3731 qemu_vfree(bounce.buffer);
3732 bounce.buffer = NULL;
3733 cpu_notify_map_clients();
3736 /* warning: addr must be aligned */
3737 uint32_t ldl_phys(target_phys_addr_t addr)
3745 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3747 pd = IO_MEM_UNASSIGNED;
3749 pd = p->phys_offset;
3752 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3753 !(pd & IO_MEM_ROMD)) {
3755 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3757 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3758 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3761 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3762 (addr & ~TARGET_PAGE_MASK);
3768 /* warning: addr must be aligned */
3769 uint64_t ldq_phys(target_phys_addr_t addr)
3777 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3779 pd = IO_MEM_UNASSIGNED;
3781 pd = p->phys_offset;
3784 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3785 !(pd & IO_MEM_ROMD)) {
3787 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3789 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3790 #ifdef TARGET_WORDS_BIGENDIAN
3791 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3792 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3794 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3795 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3799 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3800 (addr & ~TARGET_PAGE_MASK);
3807 uint32_t ldub_phys(target_phys_addr_t addr)
3810 cpu_physical_memory_read(addr, &val, 1);
3814 /* warning: addr must be aligned */
3815 uint32_t lduw_phys(target_phys_addr_t addr)
3823 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3825 pd = IO_MEM_UNASSIGNED;
3827 pd = p->phys_offset;
3830 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3831 !(pd & IO_MEM_ROMD)) {
3833 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3835 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3836 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
3839 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3840 (addr & ~TARGET_PAGE_MASK);
3846 /* warning: addr must be aligned. The ram page is not masked as dirty
3847 and the code inside is not invalidated. It is useful if the dirty
3848 bits are used to track modified PTEs */
3849 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3856 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3858 pd = IO_MEM_UNASSIGNED;
3860 pd = p->phys_offset;
3863 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3864 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3866 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3867 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3869 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3870 ptr = qemu_get_ram_ptr(addr1);
3873 if (unlikely(in_migration)) {
3874 if (!cpu_physical_memory_is_dirty(addr1)) {
3875 /* invalidate code */
3876 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3878 cpu_physical_memory_set_dirty_flags(
3879 addr1, (0xff & ~CODE_DIRTY_FLAG));
3885 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3892 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3894 pd = IO_MEM_UNASSIGNED;
3896 pd = p->phys_offset;
3899 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3900 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3902 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3903 #ifdef TARGET_WORDS_BIGENDIAN
3904 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3905 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3907 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3908 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3911 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3912 (addr & ~TARGET_PAGE_MASK);
3917 /* warning: addr must be aligned */
3918 void stl_phys(target_phys_addr_t addr, uint32_t val)
3925 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3927 pd = IO_MEM_UNASSIGNED;
3929 pd = p->phys_offset;
3932 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3933 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3935 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3936 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3938 unsigned long addr1;
3939 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3941 ptr = qemu_get_ram_ptr(addr1);
3943 if (!cpu_physical_memory_is_dirty(addr1)) {
3944 /* invalidate code */
3945 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3947 cpu_physical_memory_set_dirty_flags(addr1,
3948 (0xff & ~CODE_DIRTY_FLAG));
3954 void stb_phys(target_phys_addr_t addr, uint32_t val)
3957 cpu_physical_memory_write(addr, &v, 1);
3960 /* warning: addr must be aligned */
3961 void stw_phys(target_phys_addr_t addr, uint32_t val)
3968 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3970 pd = IO_MEM_UNASSIGNED;
3972 pd = p->phys_offset;
3975 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3976 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3978 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3979 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
3981 unsigned long addr1;
3982 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3984 ptr = qemu_get_ram_ptr(addr1);
3986 if (!cpu_physical_memory_is_dirty(addr1)) {
3987 /* invalidate code */
3988 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
3990 cpu_physical_memory_set_dirty_flags(addr1,
3991 (0xff & ~CODE_DIRTY_FLAG));
3997 void stq_phys(target_phys_addr_t addr, uint64_t val)
4000 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
4003 /* virtual memory access for debug (includes writing to ROM) */
4004 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4005 uint8_t *buf, int len, int is_write)
4008 target_phys_addr_t phys_addr;
4012 page = addr & TARGET_PAGE_MASK;
4013 phys_addr = cpu_get_phys_page_debug(env, page);
4014 /* if no physical page mapped, return an error */
4015 if (phys_addr == -1)
4017 l = (page + TARGET_PAGE_SIZE) - addr;
4020 phys_addr += (addr & ~TARGET_PAGE_MASK);
4022 cpu_physical_memory_write_rom(phys_addr, buf, l);
4024 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4033 /* in deterministic execution mode, instructions doing device I/Os
4034 must be at the end of the TB */
4035 void cpu_io_recompile(CPUState *env, void *retaddr)
4037 TranslationBlock *tb;
4039 target_ulong pc, cs_base;
4042 tb = tb_find_pc((unsigned long)retaddr);
4044 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4047 n = env->icount_decr.u16.low + tb->icount;
4048 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
4049 /* Calculate how many instructions had been executed before the fault
4051 n = n - env->icount_decr.u16.low;
4052 /* Generate a new TB ending on the I/O insn. */
4054 /* On MIPS and SH, delay slot instructions can only be restarted if
4055 they were already the first instruction in the TB. If this is not
4056 the first instruction in a TB then re-execute the preceding
4058 #if defined(TARGET_MIPS)
4059 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4060 env->active_tc.PC -= 4;
4061 env->icount_decr.u16.low++;
4062 env->hflags &= ~MIPS_HFLAG_BMASK;
4064 #elif defined(TARGET_SH4)
4065 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4068 env->icount_decr.u16.low++;
4069 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4072 /* This should never happen. */
4073 if (n > CF_COUNT_MASK)
4074 cpu_abort(env, "TB too big during recompile");
4076 cflags = n | CF_LAST_IO;
4078 cs_base = tb->cs_base;
4080 tb_phys_invalidate(tb, -1);
4081 /* FIXME: In theory this could raise an exception. In practice
4082 we have already translated the block once so it's probably ok. */
4083 tb_gen_code(env, pc, cs_base, flags, cflags);
4084 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4085 the first in the TB) then we end up generating a whole new TB and
4086 repeating the fault, which is horribly inefficient.
4087 Better would be to execute just this insn uncached, or generate a
4089 cpu_resume_from_signal(env, NULL);
4092 #if !defined(CONFIG_USER_ONLY)
4094 void dump_exec_info(FILE *f,
4095 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
4097 int i, target_code_size, max_target_code_size;
4098 int direct_jmp_count, direct_jmp2_count, cross_page;
4099 TranslationBlock *tb;
4101 target_code_size = 0;
4102 max_target_code_size = 0;
4104 direct_jmp_count = 0;
4105 direct_jmp2_count = 0;
4106 for(i = 0; i < nb_tbs; i++) {
4108 target_code_size += tb->size;
4109 if (tb->size > max_target_code_size)
4110 max_target_code_size = tb->size;
4111 if (tb->page_addr[1] != -1)
4113 if (tb->tb_next_offset[0] != 0xffff) {
4115 if (tb->tb_next_offset[1] != 0xffff) {
4116 direct_jmp2_count++;
4120 /* XXX: avoid using doubles ? */
4121 cpu_fprintf(f, "Translation buffer state:\n");
4122 cpu_fprintf(f, "gen code size %ld/%ld\n",
4123 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4124 cpu_fprintf(f, "TB count %d/%d\n",
4125 nb_tbs, code_gen_max_blocks);
4126 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4127 nb_tbs ? target_code_size / nb_tbs : 0,
4128 max_target_code_size);
4129 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4130 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4131 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4132 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4134 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4135 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4137 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4139 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4140 cpu_fprintf(f, "\nStatistics:\n");
4141 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4142 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4143 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4144 tcg_dump_info(f, cpu_fprintf);
4147 #define MMUSUFFIX _cmmu
4148 #define GETPC() NULL
4149 #define env cpu_single_env
4150 #define SOFTMMU_CODE_ACCESS
4153 #include "softmmu_template.h"
4156 #include "softmmu_template.h"
4159 #include "softmmu_template.h"
4162 #include "softmmu_template.h"
projects / qemu.git / blob