4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
85 #define RAM_RESIZEABLE (1 << 2)
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
92 DEFINE_TLS(CPUState *, current_cpu);
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
98 #if !defined(CONFIG_USER_ONLY)
100 typedef struct PhysPageEntry PhysPageEntry;
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
115 #define P_L2_SIZE (1 << P_L2_BITS)
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119 typedef PhysPageEntry Node[P_L2_SIZE];
121 typedef struct PhysPageMap {
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
127 unsigned nodes_nb_alloc;
129 MemoryRegionSection *sections;
132 struct AddressSpaceDispatch {
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
138 PhysPageEntry phys_map;
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
148 uint16_t sub_section[TARGET_PAGE_SIZE];
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
160 static MemoryRegion io_mem_watch;
163 #if !defined(CONFIG_USER_ONLY)
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
181 ret = map->nodes_nb++;
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 unsigned valid_ptr = P_L2_SIZE;
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
253 phys_page_compact(&p[i], nodes, compacted);
257 /* We can only compress if there's only one child. */
262 assert(valid_ptr < P_L2_SIZE);
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
279 lp->skip += p[valid_ptr].skip;
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 DECLARE_BITMAP(compacted, nodes_nb);
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
296 hwaddr index = addr >> TARGET_PAGE_BITS;
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return §ions[PHYS_SECTION_UNASSIGNED];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return §ions[lp.ptr];
312 return §ions[PHYS_SECTION_UNASSIGNED];
316 bool memory_region_is_unassigned(MemoryRegion *mr)
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 bool resolve_subpage)
327 MemoryRegionSection *section;
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
343 MemoryRegionSection *section;
347 section = address_space_lookup_region(d, addr, resolve_subpage);
348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
355 if (memory_region_is_ram(mr)) {
356 diff = int128_sub(section->size, int128_make64(addr));
357 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
362 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
364 if (memory_region_is_ram(mr)) {
365 return !(is_write && mr->readonly);
367 if (memory_region_is_romd(mr)) {
374 /* Called from RCU critical section */
375 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
376 hwaddr *xlat, hwaddr *plen,
380 MemoryRegionSection *section;
384 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
385 section = address_space_translate_internal(d, addr, &addr, plen, true);
388 if (!mr->iommu_ops) {
392 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
393 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
394 | (addr & iotlb.addr_mask));
395 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
396 if (!(iotlb.perm & (1 << is_write))) {
397 mr = &io_mem_unassigned;
401 as = iotlb.target_as;
404 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
405 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
406 *plen = MIN(page, *plen);
413 /* Called from RCU critical section */
414 MemoryRegionSection *
415 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
416 hwaddr *xlat, hwaddr *plen)
418 MemoryRegionSection *section;
419 section = address_space_translate_internal(cpu->memory_dispatch,
420 addr, xlat, plen, false);
422 assert(!section->mr->iommu_ops);
427 #if !defined(CONFIG_USER_ONLY)
429 static int cpu_common_post_load(void *opaque, int version_id)
431 CPUState *cpu = opaque;
433 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
434 version_id is increased. */
435 cpu->interrupt_request &= ~0x01;
441 static int cpu_common_pre_load(void *opaque)
443 CPUState *cpu = opaque;
445 cpu->exception_index = -1;
450 static bool cpu_common_exception_index_needed(void *opaque)
452 CPUState *cpu = opaque;
454 return tcg_enabled() && cpu->exception_index != -1;
457 static const VMStateDescription vmstate_cpu_common_exception_index = {
458 .name = "cpu_common/exception_index",
460 .minimum_version_id = 1,
461 .needed = cpu_common_exception_index_needed,
462 .fields = (VMStateField[]) {
463 VMSTATE_INT32(exception_index, CPUState),
464 VMSTATE_END_OF_LIST()
468 const VMStateDescription vmstate_cpu_common = {
469 .name = "cpu_common",
471 .minimum_version_id = 1,
472 .pre_load = cpu_common_pre_load,
473 .post_load = cpu_common_post_load,
474 .fields = (VMStateField[]) {
475 VMSTATE_UINT32(halted, CPUState),
476 VMSTATE_UINT32(interrupt_request, CPUState),
477 VMSTATE_END_OF_LIST()
479 .subsections = (const VMStateDescription*[]) {
480 &vmstate_cpu_common_exception_index,
487 CPUState *qemu_get_cpu(int index)
492 if (cpu->cpu_index == index) {
500 #if !defined(CONFIG_USER_ONLY)
501 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
503 /* We only support one address space per cpu at the moment. */
504 assert(cpu->as == as);
506 if (cpu->tcg_as_listener) {
507 memory_listener_unregister(cpu->tcg_as_listener);
509 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
511 cpu->tcg_as_listener->commit = tcg_commit;
512 memory_listener_register(cpu->tcg_as_listener, as);
516 void cpu_exec_init(CPUArchState *env)
518 CPUState *cpu = ENV_GET_CPU(env);
519 CPUClass *cc = CPU_GET_CLASS(cpu);
523 #if defined(CONFIG_USER_ONLY)
527 CPU_FOREACH(some_cpu) {
530 cpu->cpu_index = cpu_index;
532 QTAILQ_INIT(&cpu->breakpoints);
533 QTAILQ_INIT(&cpu->watchpoints);
534 #ifndef CONFIG_USER_ONLY
535 cpu->as = &address_space_memory;
536 cpu->thread_id = qemu_get_thread_id();
537 cpu_reload_memory_map(cpu);
539 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
540 #if defined(CONFIG_USER_ONLY)
543 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
544 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
546 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
547 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
548 cpu_save, cpu_load, env);
549 assert(cc->vmsd == NULL);
550 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
552 if (cc->vmsd != NULL) {
553 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
557 #if defined(CONFIG_USER_ONLY)
558 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
560 tb_invalidate_phys_page_range(pc, pc + 1, 0);
563 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
565 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
567 tb_invalidate_phys_addr(cpu->as,
568 phys | (pc & ~TARGET_PAGE_MASK));
573 #if defined(CONFIG_USER_ONLY)
574 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
579 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
585 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
589 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
590 int flags, CPUWatchpoint **watchpoint)
595 /* Add a watchpoint. */
596 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
597 int flags, CPUWatchpoint **watchpoint)
601 /* forbid ranges which are empty or run off the end of the address space */
602 if (len == 0 || (addr + len - 1) < addr) {
603 error_report("tried to set invalid watchpoint at %"
604 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
607 wp = g_malloc(sizeof(*wp));
613 /* keep all GDB-injected watchpoints in front */
614 if (flags & BP_GDB) {
615 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
617 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
620 tlb_flush_page(cpu, addr);
627 /* Remove a specific watchpoint. */
628 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
633 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
634 if (addr == wp->vaddr && len == wp->len
635 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
636 cpu_watchpoint_remove_by_ref(cpu, wp);
643 /* Remove a specific watchpoint by reference. */
644 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
646 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
648 tlb_flush_page(cpu, watchpoint->vaddr);
653 /* Remove all matching watchpoints. */
654 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
656 CPUWatchpoint *wp, *next;
658 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
659 if (wp->flags & mask) {
660 cpu_watchpoint_remove_by_ref(cpu, wp);
665 /* Return true if this watchpoint address matches the specified
666 * access (ie the address range covered by the watchpoint overlaps
667 * partially or completely with the address range covered by the
670 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
674 /* We know the lengths are non-zero, but a little caution is
675 * required to avoid errors in the case where the range ends
676 * exactly at the top of the address space and so addr + len
677 * wraps round to zero.
679 vaddr wpend = wp->vaddr + wp->len - 1;
680 vaddr addrend = addr + len - 1;
682 return !(addr > wpend || wp->vaddr > addrend);
687 /* Add a breakpoint. */
688 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
689 CPUBreakpoint **breakpoint)
693 bp = g_malloc(sizeof(*bp));
698 /* keep all GDB-injected breakpoints in front */
699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
702 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
705 breakpoint_invalidate(cpu, pc);
713 /* Remove a specific breakpoint. */
714 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
718 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
719 if (bp->pc == pc && bp->flags == flags) {
720 cpu_breakpoint_remove_by_ref(cpu, bp);
727 /* Remove a specific breakpoint by reference. */
728 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
730 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
732 breakpoint_invalidate(cpu, breakpoint->pc);
737 /* Remove all matching breakpoints. */
738 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
740 CPUBreakpoint *bp, *next;
742 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
743 if (bp->flags & mask) {
744 cpu_breakpoint_remove_by_ref(cpu, bp);
749 /* enable or disable single step mode. EXCP_DEBUG is returned by the
750 CPU loop after each instruction */
751 void cpu_single_step(CPUState *cpu, int enabled)
753 if (cpu->singlestep_enabled != enabled) {
754 cpu->singlestep_enabled = enabled;
756 kvm_update_guest_debug(cpu, 0);
758 /* must flush all the translated code to avoid inconsistencies */
759 /* XXX: only flush what is necessary */
760 CPUArchState *env = cpu->env_ptr;
766 void cpu_abort(CPUState *cpu, const char *fmt, ...)
773 fprintf(stderr, "qemu: fatal: ");
774 vfprintf(stderr, fmt, ap);
775 fprintf(stderr, "\n");
776 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
777 if (qemu_log_enabled()) {
778 qemu_log("qemu: fatal: ");
779 qemu_log_vprintf(fmt, ap2);
781 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
787 #if defined(CONFIG_USER_ONLY)
789 struct sigaction act;
790 sigfillset(&act.sa_mask);
791 act.sa_handler = SIG_DFL;
792 sigaction(SIGABRT, &act, NULL);
798 #if !defined(CONFIG_USER_ONLY)
799 /* Called from RCU critical section */
800 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
804 block = atomic_rcu_read(&ram_list.mru_block);
805 if (block && addr - block->offset < block->max_length) {
808 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
809 if (addr - block->offset < block->max_length) {
814 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
818 /* It is safe to write mru_block outside the iothread lock. This
823 * xxx removed from list
827 * call_rcu(reclaim_ramblock, xxx);
830 * atomic_rcu_set is not needed here. The block was already published
831 * when it was placed into the list. Here we're just making an extra
832 * copy of the pointer.
834 ram_list.mru_block = block;
838 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
844 end = TARGET_PAGE_ALIGN(start + length);
845 start &= TARGET_PAGE_MASK;
848 block = qemu_get_ram_block(start);
849 assert(block == qemu_get_ram_block(end - 1));
850 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
851 cpu_tlb_reset_dirty_all(start1, length);
855 /* Note: start and end must be within the same ram block. */
856 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
860 unsigned long end, page;
867 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
868 page = start >> TARGET_PAGE_BITS;
869 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
872 if (dirty && tcg_enabled()) {
873 tlb_reset_dirty_range_all(start, length);
879 /* Called from RCU critical section */
880 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
881 MemoryRegionSection *section,
883 hwaddr paddr, hwaddr xlat,
885 target_ulong *address)
890 if (memory_region_is_ram(section->mr)) {
892 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
894 if (!section->readonly) {
895 iotlb |= PHYS_SECTION_NOTDIRTY;
897 iotlb |= PHYS_SECTION_ROM;
900 iotlb = section - section->address_space->dispatch->map.sections;
904 /* Make accesses to pages with watchpoints go via the
905 watchpoint trap routines. */
906 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
907 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
908 /* Avoid trapping reads of pages with a write breakpoint. */
909 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
910 iotlb = PHYS_SECTION_WATCH + paddr;
911 *address |= TLB_MMIO;
919 #endif /* defined(CONFIG_USER_ONLY) */
921 #if !defined(CONFIG_USER_ONLY)
923 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
925 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
927 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
931 * Set a custom physical guest memory alloator.
932 * Accelerators with unusual needs may need this. Hopefully, we can
933 * get rid of it eventually.
935 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
937 phys_mem_alloc = alloc;
940 static uint16_t phys_section_add(PhysPageMap *map,
941 MemoryRegionSection *section)
943 /* The physical section number is ORed with a page-aligned
944 * pointer to produce the iotlb entries. Thus it should
945 * never overflow into the page-aligned value.
947 assert(map->sections_nb < TARGET_PAGE_SIZE);
949 if (map->sections_nb == map->sections_nb_alloc) {
950 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
951 map->sections = g_renew(MemoryRegionSection, map->sections,
952 map->sections_nb_alloc);
954 map->sections[map->sections_nb] = *section;
955 memory_region_ref(section->mr);
956 return map->sections_nb++;
959 static void phys_section_destroy(MemoryRegion *mr)
961 memory_region_unref(mr);
964 subpage_t *subpage = container_of(mr, subpage_t, iomem);
965 object_unref(OBJECT(&subpage->iomem));
970 static void phys_sections_free(PhysPageMap *map)
972 while (map->sections_nb > 0) {
973 MemoryRegionSection *section = &map->sections[--map->sections_nb];
974 phys_section_destroy(section->mr);
976 g_free(map->sections);
980 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
983 hwaddr base = section->offset_within_address_space
985 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
986 d->map.nodes, d->map.sections);
987 MemoryRegionSection subsection = {
988 .offset_within_address_space = base,
989 .size = int128_make64(TARGET_PAGE_SIZE),
993 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
995 if (!(existing->mr->subpage)) {
996 subpage = subpage_init(d->as, base);
997 subsection.address_space = d->as;
998 subsection.mr = &subpage->iomem;
999 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1000 phys_section_add(&d->map, &subsection));
1002 subpage = container_of(existing->mr, subpage_t, iomem);
1004 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1005 end = start + int128_get64(section->size) - 1;
1006 subpage_register(subpage, start, end,
1007 phys_section_add(&d->map, section));
1011 static void register_multipage(AddressSpaceDispatch *d,
1012 MemoryRegionSection *section)
1014 hwaddr start_addr = section->offset_within_address_space;
1015 uint16_t section_index = phys_section_add(&d->map, section);
1016 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1020 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1023 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1025 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1026 AddressSpaceDispatch *d = as->next_dispatch;
1027 MemoryRegionSection now = *section, remain = *section;
1028 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1030 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1031 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1032 - now.offset_within_address_space;
1034 now.size = int128_min(int128_make64(left), now.size);
1035 register_subpage(d, &now);
1037 now.size = int128_zero();
1039 while (int128_ne(remain.size, now.size)) {
1040 remain.size = int128_sub(remain.size, now.size);
1041 remain.offset_within_address_space += int128_get64(now.size);
1042 remain.offset_within_region += int128_get64(now.size);
1044 if (int128_lt(remain.size, page_size)) {
1045 register_subpage(d, &now);
1046 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1047 now.size = page_size;
1048 register_subpage(d, &now);
1050 now.size = int128_and(now.size, int128_neg(page_size));
1051 register_multipage(d, &now);
1056 void qemu_flush_coalesced_mmio_buffer(void)
1059 kvm_flush_coalesced_mmio_buffer();
1062 void qemu_mutex_lock_ramlist(void)
1064 qemu_mutex_lock(&ram_list.mutex);
1067 void qemu_mutex_unlock_ramlist(void)
1069 qemu_mutex_unlock(&ram_list.mutex);
1074 #include <sys/vfs.h>
1076 #define HUGETLBFS_MAGIC 0x958458f6
1078 static long gethugepagesize(const char *path, Error **errp)
1084 ret = statfs(path, &fs);
1085 } while (ret != 0 && errno == EINTR);
1088 error_setg_errno(errp, errno, "failed to get page size of file %s",
1093 if (fs.f_type != HUGETLBFS_MAGIC)
1094 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1099 static void *file_ram_alloc(RAMBlock *block,
1105 char *sanitized_name;
1110 Error *local_err = NULL;
1112 hpagesize = gethugepagesize(path, &local_err);
1114 error_propagate(errp, local_err);
1117 block->mr->align = hpagesize;
1119 if (memory < hpagesize) {
1120 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1121 "or larger than huge page size 0x%" PRIx64,
1126 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1128 "host lacks kvm mmu notifiers, -mem-path unsupported");
1132 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1133 sanitized_name = g_strdup(memory_region_name(block->mr));
1134 for (c = sanitized_name; *c != '\0'; c++) {
1139 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1141 g_free(sanitized_name);
1143 fd = mkstemp(filename);
1145 error_setg_errno(errp, errno,
1146 "unable to create backing store for hugepages");
1153 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1156 * ftruncate is not supported by hugetlbfs in older
1157 * hosts, so don't bother bailing out on errors.
1158 * If anything goes wrong with it under other filesystems,
1161 if (ftruncate(fd, memory)) {
1162 perror("ftruncate");
1165 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1166 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1168 if (area == MAP_FAILED) {
1169 error_setg_errno(errp, errno,
1170 "unable to map backing store for hugepages");
1176 os_mem_prealloc(fd, area, memory);
1184 error_report("%s", error_get_pretty(*errp));
1191 /* Called with the ramlist lock held. */
1192 static ram_addr_t find_ram_offset(ram_addr_t size)
1194 RAMBlock *block, *next_block;
1195 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1197 assert(size != 0); /* it would hand out same offset multiple times */
1199 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1203 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1204 ram_addr_t end, next = RAM_ADDR_MAX;
1206 end = block->offset + block->max_length;
1208 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1209 if (next_block->offset >= end) {
1210 next = MIN(next, next_block->offset);
1213 if (next - end >= size && next - end < mingap) {
1215 mingap = next - end;
1219 if (offset == RAM_ADDR_MAX) {
1220 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1228 ram_addr_t last_ram_offset(void)
1231 ram_addr_t last = 0;
1234 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1235 last = MAX(last, block->offset + block->max_length);
1241 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1245 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1246 if (!machine_dump_guest_core(current_machine)) {
1247 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1249 perror("qemu_madvise");
1250 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1251 "but dump_guest_core=off specified\n");
1256 /* Called within an RCU critical section, or while the ramlist lock
1259 static RAMBlock *find_ram_block(ram_addr_t addr)
1263 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1264 if (block->offset == addr) {
1272 /* Called with iothread lock held. */
1273 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1275 RAMBlock *new_block, *block;
1278 new_block = find_ram_block(addr);
1280 assert(!new_block->idstr[0]);
1283 char *id = qdev_get_dev_path(dev);
1285 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1289 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1291 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1292 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1293 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1301 /* Called with iothread lock held. */
1302 void qemu_ram_unset_idstr(ram_addr_t addr)
1306 /* FIXME: arch_init.c assumes that this is not called throughout
1307 * migration. Ignore the problem since hot-unplug during migration
1308 * does not work anyway.
1312 block = find_ram_block(addr);
1314 memset(block->idstr, 0, sizeof(block->idstr));
1319 static int memory_try_enable_merging(void *addr, size_t len)
1321 if (!machine_mem_merge(current_machine)) {
1322 /* disabled by the user */
1326 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1329 /* Only legal before guest might have detected the memory size: e.g. on
1330 * incoming migration, or right after reset.
1332 * As memory core doesn't know how is memory accessed, it is up to
1333 * resize callback to update device state and/or add assertions to detect
1334 * misuse, if necessary.
1336 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1338 RAMBlock *block = find_ram_block(base);
1342 newsize = TARGET_PAGE_ALIGN(newsize);
1344 if (block->used_length == newsize) {
1348 if (!(block->flags & RAM_RESIZEABLE)) {
1349 error_setg_errno(errp, EINVAL,
1350 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1351 " in != 0x" RAM_ADDR_FMT, block->idstr,
1352 newsize, block->used_length);
1356 if (block->max_length < newsize) {
1357 error_setg_errno(errp, EINVAL,
1358 "Length too large: %s: 0x" RAM_ADDR_FMT
1359 " > 0x" RAM_ADDR_FMT, block->idstr,
1360 newsize, block->max_length);
1364 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1365 block->used_length = newsize;
1366 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1368 memory_region_set_size(block->mr, newsize);
1369 if (block->resized) {
1370 block->resized(block->idstr, newsize, block->host);
1375 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1378 RAMBlock *last_block = NULL;
1379 ram_addr_t old_ram_size, new_ram_size;
1381 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1383 qemu_mutex_lock_ramlist();
1384 new_block->offset = find_ram_offset(new_block->max_length);
1386 if (!new_block->host) {
1387 if (xen_enabled()) {
1388 xen_ram_alloc(new_block->offset, new_block->max_length,
1391 new_block->host = phys_mem_alloc(new_block->max_length,
1392 &new_block->mr->align);
1393 if (!new_block->host) {
1394 error_setg_errno(errp, errno,
1395 "cannot set up guest memory '%s'",
1396 memory_region_name(new_block->mr));
1397 qemu_mutex_unlock_ramlist();
1400 memory_try_enable_merging(new_block->host, new_block->max_length);
1404 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1405 * QLIST (which has an RCU-friendly variant) does not have insertion at
1406 * tail, so save the last element in last_block.
1408 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1410 if (block->max_length < new_block->max_length) {
1415 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1416 } else if (last_block) {
1417 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1418 } else { /* list is empty */
1419 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1421 ram_list.mru_block = NULL;
1423 /* Write list before version */
1426 qemu_mutex_unlock_ramlist();
1428 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1430 if (new_ram_size > old_ram_size) {
1433 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1434 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1435 ram_list.dirty_memory[i] =
1436 bitmap_zero_extend(ram_list.dirty_memory[i],
1437 old_ram_size, new_ram_size);
1440 cpu_physical_memory_set_dirty_range(new_block->offset,
1441 new_block->used_length,
1444 if (new_block->host) {
1445 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1446 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1447 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1448 if (kvm_enabled()) {
1449 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1453 return new_block->offset;
1457 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1458 bool share, const char *mem_path,
1461 RAMBlock *new_block;
1463 Error *local_err = NULL;
1465 if (xen_enabled()) {
1466 error_setg(errp, "-mem-path not supported with Xen");
1470 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1472 * file_ram_alloc() needs to allocate just like
1473 * phys_mem_alloc, but we haven't bothered to provide
1477 "-mem-path not supported with this accelerator");
1481 size = TARGET_PAGE_ALIGN(size);
1482 new_block = g_malloc0(sizeof(*new_block));
1484 new_block->used_length = size;
1485 new_block->max_length = size;
1486 new_block->flags = share ? RAM_SHARED : 0;
1487 new_block->host = file_ram_alloc(new_block, size,
1489 if (!new_block->host) {
1494 addr = ram_block_add(new_block, &local_err);
1497 error_propagate(errp, local_err);
1505 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1506 void (*resized)(const char*,
1509 void *host, bool resizeable,
1510 MemoryRegion *mr, Error **errp)
1512 RAMBlock *new_block;
1514 Error *local_err = NULL;
1516 size = TARGET_PAGE_ALIGN(size);
1517 max_size = TARGET_PAGE_ALIGN(max_size);
1518 new_block = g_malloc0(sizeof(*new_block));
1520 new_block->resized = resized;
1521 new_block->used_length = size;
1522 new_block->max_length = max_size;
1523 assert(max_size >= size);
1525 new_block->host = host;
1527 new_block->flags |= RAM_PREALLOC;
1530 new_block->flags |= RAM_RESIZEABLE;
1532 addr = ram_block_add(new_block, &local_err);
1535 error_propagate(errp, local_err);
1541 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1542 MemoryRegion *mr, Error **errp)
1544 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1547 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1549 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1552 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1553 void (*resized)(const char*,
1556 MemoryRegion *mr, Error **errp)
1558 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1561 void qemu_ram_free_from_ptr(ram_addr_t addr)
1565 qemu_mutex_lock_ramlist();
1566 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1567 if (addr == block->offset) {
1568 QLIST_REMOVE_RCU(block, next);
1569 ram_list.mru_block = NULL;
1570 /* Write list before version */
1573 g_free_rcu(block, rcu);
1577 qemu_mutex_unlock_ramlist();
1580 static void reclaim_ramblock(RAMBlock *block)
1582 if (block->flags & RAM_PREALLOC) {
1584 } else if (xen_enabled()) {
1585 xen_invalidate_map_cache_entry(block->host);
1587 } else if (block->fd >= 0) {
1588 munmap(block->host, block->max_length);
1592 qemu_anon_ram_free(block->host, block->max_length);
1597 void qemu_ram_free(ram_addr_t addr)
1601 qemu_mutex_lock_ramlist();
1602 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1603 if (addr == block->offset) {
1604 QLIST_REMOVE_RCU(block, next);
1605 ram_list.mru_block = NULL;
1606 /* Write list before version */
1609 call_rcu(block, reclaim_ramblock, rcu);
1613 qemu_mutex_unlock_ramlist();
1617 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1624 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1625 offset = addr - block->offset;
1626 if (offset < block->max_length) {
1627 vaddr = ramblock_ptr(block, offset);
1628 if (block->flags & RAM_PREALLOC) {
1630 } else if (xen_enabled()) {
1634 if (block->fd >= 0) {
1635 flags |= (block->flags & RAM_SHARED ?
1636 MAP_SHARED : MAP_PRIVATE);
1637 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1638 flags, block->fd, offset);
1641 * Remap needs to match alloc. Accelerators that
1642 * set phys_mem_alloc never remap. If they did,
1643 * we'd need a remap hook here.
1645 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1647 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1648 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1651 if (area != vaddr) {
1652 fprintf(stderr, "Could not remap addr: "
1653 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1657 memory_try_enable_merging(vaddr, length);
1658 qemu_ram_setup_dump(vaddr, length);
1663 #endif /* !_WIN32 */
1665 int qemu_get_ram_fd(ram_addr_t addr)
1671 block = qemu_get_ram_block(addr);
1677 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1683 block = qemu_get_ram_block(addr);
1684 ptr = ramblock_ptr(block, 0);
1689 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1690 * This should not be used for general purpose DMA. Use address_space_map
1691 * or address_space_rw instead. For local memory (e.g. video ram) that the
1692 * device owns, use memory_region_get_ram_ptr.
1694 * By the time this function returns, the returned pointer is not protected
1695 * by RCU anymore. If the caller is not within an RCU critical section and
1696 * does not hold the iothread lock, it must have other means of protecting the
1697 * pointer, such as a reference to the region that includes the incoming
1700 void *qemu_get_ram_ptr(ram_addr_t addr)
1706 block = qemu_get_ram_block(addr);
1708 if (xen_enabled() && block->host == NULL) {
1709 /* We need to check if the requested address is in the RAM
1710 * because we don't want to map the entire memory in QEMU.
1711 * In that case just map until the end of the page.
1713 if (block->offset == 0) {
1714 ptr = xen_map_cache(addr, 0, 0);
1718 block->host = xen_map_cache(block->offset, block->max_length, 1);
1720 ptr = ramblock_ptr(block, addr - block->offset);
1727 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1728 * but takes a size argument.
1730 * By the time this function returns, the returned pointer is not protected
1731 * by RCU anymore. If the caller is not within an RCU critical section and
1732 * does not hold the iothread lock, it must have other means of protecting the
1733 * pointer, such as a reference to the region that includes the incoming
1736 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1742 if (xen_enabled()) {
1743 return xen_map_cache(addr, *size, 1);
1747 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1748 if (addr - block->offset < block->max_length) {
1749 if (addr - block->offset + *size > block->max_length)
1750 *size = block->max_length - addr + block->offset;
1751 ptr = ramblock_ptr(block, addr - block->offset);
1757 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1762 /* Some of the softmmu routines need to translate from a host pointer
1763 * (typically a TLB entry) back to a ram offset.
1765 * By the time this function returns, the returned pointer is not protected
1766 * by RCU anymore. If the caller is not within an RCU critical section and
1767 * does not hold the iothread lock, it must have other means of protecting the
1768 * pointer, such as a reference to the region that includes the incoming
1771 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1774 uint8_t *host = ptr;
1777 if (xen_enabled()) {
1779 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1780 mr = qemu_get_ram_block(*ram_addr)->mr;
1786 block = atomic_rcu_read(&ram_list.mru_block);
1787 if (block && block->host && host - block->host < block->max_length) {
1791 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1792 /* This case append when the block is not mapped. */
1793 if (block->host == NULL) {
1796 if (host - block->host < block->max_length) {
1805 *ram_addr = block->offset + (host - block->host);
1811 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1812 uint64_t val, unsigned size)
1814 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1815 tb_invalidate_phys_page_fast(ram_addr, size);
1819 stb_p(qemu_get_ram_ptr(ram_addr), val);
1822 stw_p(qemu_get_ram_ptr(ram_addr), val);
1825 stl_p(qemu_get_ram_ptr(ram_addr), val);
1830 /* Set both VGA and migration bits for simplicity and to remove
1831 * the notdirty callback faster.
1833 cpu_physical_memory_set_dirty_range(ram_addr, size,
1834 DIRTY_CLIENTS_NOCODE);
1835 /* we remove the notdirty callback only if the code has been
1837 if (!cpu_physical_memory_is_clean(ram_addr)) {
1838 CPUArchState *env = current_cpu->env_ptr;
1839 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1843 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1844 unsigned size, bool is_write)
1849 static const MemoryRegionOps notdirty_mem_ops = {
1850 .write = notdirty_mem_write,
1851 .valid.accepts = notdirty_mem_accepts,
1852 .endianness = DEVICE_NATIVE_ENDIAN,
1855 /* Generate a debug exception if a watchpoint has been hit. */
1856 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1858 CPUState *cpu = current_cpu;
1859 CPUArchState *env = cpu->env_ptr;
1860 target_ulong pc, cs_base;
1865 if (cpu->watchpoint_hit) {
1866 /* We re-entered the check after replacing the TB. Now raise
1867 * the debug interrupt so that is will trigger after the
1868 * current instruction. */
1869 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1872 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1873 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1874 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1875 && (wp->flags & flags)) {
1876 if (flags == BP_MEM_READ) {
1877 wp->flags |= BP_WATCHPOINT_HIT_READ;
1879 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1881 wp->hitaddr = vaddr;
1882 wp->hitattrs = attrs;
1883 if (!cpu->watchpoint_hit) {
1884 cpu->watchpoint_hit = wp;
1885 tb_check_watchpoint(cpu);
1886 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1887 cpu->exception_index = EXCP_DEBUG;
1890 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1891 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1892 cpu_resume_from_signal(cpu, NULL);
1896 wp->flags &= ~BP_WATCHPOINT_HIT;
1901 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1902 so these check for a hit then pass through to the normal out-of-line
1904 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1905 unsigned size, MemTxAttrs attrs)
1910 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1913 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1916 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1919 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1927 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1928 uint64_t val, unsigned size,
1933 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1936 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1939 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1942 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1949 static const MemoryRegionOps watch_mem_ops = {
1950 .read_with_attrs = watch_mem_read,
1951 .write_with_attrs = watch_mem_write,
1952 .endianness = DEVICE_NATIVE_ENDIAN,
1955 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1956 unsigned len, MemTxAttrs attrs)
1958 subpage_t *subpage = opaque;
1962 #if defined(DEBUG_SUBPAGE)
1963 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1964 subpage, len, addr);
1966 res = address_space_read(subpage->as, addr + subpage->base,
1973 *data = ldub_p(buf);
1976 *data = lduw_p(buf);
1989 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1990 uint64_t value, unsigned len, MemTxAttrs attrs)
1992 subpage_t *subpage = opaque;
1995 #if defined(DEBUG_SUBPAGE)
1996 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1997 " value %"PRIx64"\n",
1998 __func__, subpage, len, addr, value);
2016 return address_space_write(subpage->as, addr + subpage->base,
2020 static bool subpage_accepts(void *opaque, hwaddr addr,
2021 unsigned len, bool is_write)
2023 subpage_t *subpage = opaque;
2024 #if defined(DEBUG_SUBPAGE)
2025 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2026 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2029 return address_space_access_valid(subpage->as, addr + subpage->base,
2033 static const MemoryRegionOps subpage_ops = {
2034 .read_with_attrs = subpage_read,
2035 .write_with_attrs = subpage_write,
2036 .impl.min_access_size = 1,
2037 .impl.max_access_size = 8,
2038 .valid.min_access_size = 1,
2039 .valid.max_access_size = 8,
2040 .valid.accepts = subpage_accepts,
2041 .endianness = DEVICE_NATIVE_ENDIAN,
2044 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2049 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2051 idx = SUBPAGE_IDX(start);
2052 eidx = SUBPAGE_IDX(end);
2053 #if defined(DEBUG_SUBPAGE)
2054 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2055 __func__, mmio, start, end, idx, eidx, section);
2057 for (; idx <= eidx; idx++) {
2058 mmio->sub_section[idx] = section;
2064 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2068 mmio = g_malloc0(sizeof(subpage_t));
2072 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2073 NULL, TARGET_PAGE_SIZE);
2074 mmio->iomem.subpage = true;
2075 #if defined(DEBUG_SUBPAGE)
2076 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2077 mmio, base, TARGET_PAGE_SIZE);
2079 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2084 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2088 MemoryRegionSection section = {
2089 .address_space = as,
2091 .offset_within_address_space = 0,
2092 .offset_within_region = 0,
2093 .size = int128_2_64(),
2096 return phys_section_add(map, §ion);
2099 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2101 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2102 MemoryRegionSection *sections = d->map.sections;
2104 return sections[index & ~TARGET_PAGE_MASK].mr;
2107 static void io_mem_init(void)
2109 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2110 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2112 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2114 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2118 static void mem_begin(MemoryListener *listener)
2120 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2121 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2124 n = dummy_section(&d->map, as, &io_mem_unassigned);
2125 assert(n == PHYS_SECTION_UNASSIGNED);
2126 n = dummy_section(&d->map, as, &io_mem_notdirty);
2127 assert(n == PHYS_SECTION_NOTDIRTY);
2128 n = dummy_section(&d->map, as, &io_mem_rom);
2129 assert(n == PHYS_SECTION_ROM);
2130 n = dummy_section(&d->map, as, &io_mem_watch);
2131 assert(n == PHYS_SECTION_WATCH);
2133 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2135 as->next_dispatch = d;
2138 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2140 phys_sections_free(&d->map);
2144 static void mem_commit(MemoryListener *listener)
2146 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2147 AddressSpaceDispatch *cur = as->dispatch;
2148 AddressSpaceDispatch *next = as->next_dispatch;
2150 phys_page_compact_all(next, next->map.nodes_nb);
2152 atomic_rcu_set(&as->dispatch, next);
2154 call_rcu(cur, address_space_dispatch_free, rcu);
2158 static void tcg_commit(MemoryListener *listener)
2162 /* since each CPU stores ram addresses in its TLB cache, we must
2163 reset the modified entries */
2166 /* FIXME: Disentangle the cpu.h circular files deps so we can
2167 directly get the right CPU from listener. */
2168 if (cpu->tcg_as_listener != listener) {
2171 cpu_reload_memory_map(cpu);
2175 void address_space_init_dispatch(AddressSpace *as)
2177 as->dispatch = NULL;
2178 as->dispatch_listener = (MemoryListener) {
2180 .commit = mem_commit,
2181 .region_add = mem_add,
2182 .region_nop = mem_add,
2185 memory_listener_register(&as->dispatch_listener, as);
2188 void address_space_unregister(AddressSpace *as)
2190 memory_listener_unregister(&as->dispatch_listener);
2193 void address_space_destroy_dispatch(AddressSpace *as)
2195 AddressSpaceDispatch *d = as->dispatch;
2197 atomic_rcu_set(&as->dispatch, NULL);
2199 call_rcu(d, address_space_dispatch_free, rcu);
2203 static void memory_map_init(void)
2205 system_memory = g_malloc(sizeof(*system_memory));
2207 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2208 address_space_init(&address_space_memory, system_memory, "memory");
2210 system_io = g_malloc(sizeof(*system_io));
2211 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2213 address_space_init(&address_space_io, system_io, "I/O");
2216 MemoryRegion *get_system_memory(void)
2218 return system_memory;
2221 MemoryRegion *get_system_io(void)
2226 #endif /* !defined(CONFIG_USER_ONLY) */
2228 /* physical memory access (slow version, mainly for debug) */
2229 #if defined(CONFIG_USER_ONLY)
2230 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2231 uint8_t *buf, int len, int is_write)
2238 page = addr & TARGET_PAGE_MASK;
2239 l = (page + TARGET_PAGE_SIZE) - addr;
2242 flags = page_get_flags(page);
2243 if (!(flags & PAGE_VALID))
2246 if (!(flags & PAGE_WRITE))
2248 /* XXX: this code should not depend on lock_user */
2249 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2252 unlock_user(p, addr, l);
2254 if (!(flags & PAGE_READ))
2256 /* XXX: this code should not depend on lock_user */
2257 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2260 unlock_user(p, addr, 0);
2271 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2274 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2275 /* No early return if dirty_log_mask is or becomes 0, because
2276 * cpu_physical_memory_set_dirty_range will still call
2277 * xen_modified_memory.
2279 if (dirty_log_mask) {
2281 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2283 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2284 tb_invalidate_phys_range(addr, addr + length);
2285 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2287 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2290 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2292 unsigned access_size_max = mr->ops->valid.max_access_size;
2294 /* Regions are assumed to support 1-4 byte accesses unless
2295 otherwise specified. */
2296 if (access_size_max == 0) {
2297 access_size_max = 4;
2300 /* Bound the maximum access by the alignment of the address. */
2301 if (!mr->ops->impl.unaligned) {
2302 unsigned align_size_max = addr & -addr;
2303 if (align_size_max != 0 && align_size_max < access_size_max) {
2304 access_size_max = align_size_max;
2308 /* Don't attempt accesses larger than the maximum. */
2309 if (l > access_size_max) {
2310 l = access_size_max;
2313 l = 1 << (qemu_fls(l) - 1);
2319 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2320 uint8_t *buf, int len, bool is_write)
2327 MemTxResult result = MEMTX_OK;
2332 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2335 if (!memory_access_is_direct(mr, is_write)) {
2336 l = memory_access_size(mr, l, addr1);
2337 /* XXX: could force current_cpu to NULL to avoid
2341 /* 64 bit write access */
2343 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2347 /* 32 bit write access */
2349 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2353 /* 16 bit write access */
2355 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2359 /* 8 bit write access */
2361 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2368 addr1 += memory_region_get_ram_addr(mr);
2370 ptr = qemu_get_ram_ptr(addr1);
2371 memcpy(ptr, buf, l);
2372 invalidate_and_set_dirty(mr, addr1, l);
2375 if (!memory_access_is_direct(mr, is_write)) {
2377 l = memory_access_size(mr, l, addr1);
2380 /* 64 bit read access */
2381 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2386 /* 32 bit read access */
2387 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2392 /* 16 bit read access */
2393 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2398 /* 8 bit read access */
2399 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2408 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2409 memcpy(buf, ptr, l);
2421 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2422 const uint8_t *buf, int len)
2424 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2427 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2428 uint8_t *buf, int len)
2430 return address_space_rw(as, addr, attrs, buf, len, false);
2434 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2435 int len, int is_write)
2437 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2438 buf, len, is_write);
2441 enum write_rom_type {
2446 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2447 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2457 mr = address_space_translate(as, addr, &addr1, &l, true);
2459 if (!(memory_region_is_ram(mr) ||
2460 memory_region_is_romd(mr))) {
2463 addr1 += memory_region_get_ram_addr(mr);
2465 ptr = qemu_get_ram_ptr(addr1);
2468 memcpy(ptr, buf, l);
2469 invalidate_and_set_dirty(mr, addr1, l);
2472 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2483 /* used for ROM loading : can write in RAM and ROM */
2484 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2485 const uint8_t *buf, int len)
2487 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2490 void cpu_flush_icache_range(hwaddr start, int len)
2493 * This function should do the same thing as an icache flush that was
2494 * triggered from within the guest. For TCG we are always cache coherent,
2495 * so there is no need to flush anything. For KVM / Xen we need to flush
2496 * the host's instruction cache at least.
2498 if (tcg_enabled()) {
2502 cpu_physical_memory_write_rom_internal(&address_space_memory,
2503 start, NULL, len, FLUSH_CACHE);
2514 static BounceBuffer bounce;
2516 typedef struct MapClient {
2518 QLIST_ENTRY(MapClient) link;
2521 QemuMutex map_client_list_lock;
2522 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2523 = QLIST_HEAD_INITIALIZER(map_client_list);
2525 static void cpu_unregister_map_client_do(MapClient *client)
2527 QLIST_REMOVE(client, link);
2531 static void cpu_notify_map_clients_locked(void)
2535 while (!QLIST_EMPTY(&map_client_list)) {
2536 client = QLIST_FIRST(&map_client_list);
2537 qemu_bh_schedule(client->bh);
2538 cpu_unregister_map_client_do(client);
2542 void cpu_register_map_client(QEMUBH *bh)
2544 MapClient *client = g_malloc(sizeof(*client));
2546 qemu_mutex_lock(&map_client_list_lock);
2548 QLIST_INSERT_HEAD(&map_client_list, client, link);
2549 if (!atomic_read(&bounce.in_use)) {
2550 cpu_notify_map_clients_locked();
2552 qemu_mutex_unlock(&map_client_list_lock);
2555 void cpu_exec_init_all(void)
2557 qemu_mutex_init(&ram_list.mutex);
2560 qemu_mutex_init(&map_client_list_lock);
2563 void cpu_unregister_map_client(QEMUBH *bh)
2567 qemu_mutex_lock(&map_client_list_lock);
2568 QLIST_FOREACH(client, &map_client_list, link) {
2569 if (client->bh == bh) {
2570 cpu_unregister_map_client_do(client);
2574 qemu_mutex_unlock(&map_client_list_lock);
2577 static void cpu_notify_map_clients(void)
2579 qemu_mutex_lock(&map_client_list_lock);
2580 cpu_notify_map_clients_locked();
2581 qemu_mutex_unlock(&map_client_list_lock);
2584 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2592 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2593 if (!memory_access_is_direct(mr, is_write)) {
2594 l = memory_access_size(mr, l, addr);
2595 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2607 /* Map a physical memory region into a host virtual address.
2608 * May map a subset of the requested range, given by and returned in *plen.
2609 * May return NULL if resources needed to perform the mapping are exhausted.
2610 * Use only for reads OR writes - not for read-modify-write operations.
2611 * Use cpu_register_map_client() to know when retrying the map operation is
2612 * likely to succeed.
2614 void *address_space_map(AddressSpace *as,
2621 hwaddr l, xlat, base;
2622 MemoryRegion *mr, *this_mr;
2631 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2633 if (!memory_access_is_direct(mr, is_write)) {
2634 if (atomic_xchg(&bounce.in_use, true)) {
2638 /* Avoid unbounded allocations */
2639 l = MIN(l, TARGET_PAGE_SIZE);
2640 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2644 memory_region_ref(mr);
2647 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2653 return bounce.buffer;
2657 raddr = memory_region_get_ram_addr(mr);
2668 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2669 if (this_mr != mr || xlat != base + done) {
2674 memory_region_ref(mr);
2677 return qemu_ram_ptr_length(raddr + base, plen);
2680 /* Unmaps a memory region previously mapped by address_space_map().
2681 * Will also mark the memory as dirty if is_write == 1. access_len gives
2682 * the amount of memory that was actually read or written by the caller.
2684 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2685 int is_write, hwaddr access_len)
2687 if (buffer != bounce.buffer) {
2691 mr = qemu_ram_addr_from_host(buffer, &addr1);
2694 invalidate_and_set_dirty(mr, addr1, access_len);
2696 if (xen_enabled()) {
2697 xen_invalidate_map_cache_entry(buffer);
2699 memory_region_unref(mr);
2703 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2704 bounce.buffer, access_len);
2706 qemu_vfree(bounce.buffer);
2707 bounce.buffer = NULL;
2708 memory_region_unref(bounce.mr);
2709 atomic_mb_set(&bounce.in_use, false);
2710 cpu_notify_map_clients();
2713 void *cpu_physical_memory_map(hwaddr addr,
2717 return address_space_map(&address_space_memory, addr, plen, is_write);
2720 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2721 int is_write, hwaddr access_len)
2723 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2726 /* warning: addr must be aligned */
2727 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2729 MemTxResult *result,
2730 enum device_endian endian)
2740 mr = address_space_translate(as, addr, &addr1, &l, false);
2741 if (l < 4 || !memory_access_is_direct(mr, false)) {
2743 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2744 #if defined(TARGET_WORDS_BIGENDIAN)
2745 if (endian == DEVICE_LITTLE_ENDIAN) {
2749 if (endian == DEVICE_BIG_ENDIAN) {
2755 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2759 case DEVICE_LITTLE_ENDIAN:
2760 val = ldl_le_p(ptr);
2762 case DEVICE_BIG_ENDIAN:
2763 val = ldl_be_p(ptr);
2778 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2779 MemTxAttrs attrs, MemTxResult *result)
2781 return address_space_ldl_internal(as, addr, attrs, result,
2782 DEVICE_NATIVE_ENDIAN);
2785 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2786 MemTxAttrs attrs, MemTxResult *result)
2788 return address_space_ldl_internal(as, addr, attrs, result,
2789 DEVICE_LITTLE_ENDIAN);
2792 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2793 MemTxAttrs attrs, MemTxResult *result)
2795 return address_space_ldl_internal(as, addr, attrs, result,
2799 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2801 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2804 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2806 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2809 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2811 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2814 /* warning: addr must be aligned */
2815 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2817 MemTxResult *result,
2818 enum device_endian endian)
2828 mr = address_space_translate(as, addr, &addr1, &l,
2830 if (l < 8 || !memory_access_is_direct(mr, false)) {
2832 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2833 #if defined(TARGET_WORDS_BIGENDIAN)
2834 if (endian == DEVICE_LITTLE_ENDIAN) {
2838 if (endian == DEVICE_BIG_ENDIAN) {
2844 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2848 case DEVICE_LITTLE_ENDIAN:
2849 val = ldq_le_p(ptr);
2851 case DEVICE_BIG_ENDIAN:
2852 val = ldq_be_p(ptr);
2867 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2868 MemTxAttrs attrs, MemTxResult *result)
2870 return address_space_ldq_internal(as, addr, attrs, result,
2871 DEVICE_NATIVE_ENDIAN);
2874 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2875 MemTxAttrs attrs, MemTxResult *result)
2877 return address_space_ldq_internal(as, addr, attrs, result,
2878 DEVICE_LITTLE_ENDIAN);
2881 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2882 MemTxAttrs attrs, MemTxResult *result)
2884 return address_space_ldq_internal(as, addr, attrs, result,
2888 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2890 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2893 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2895 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2898 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2900 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2904 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2905 MemTxAttrs attrs, MemTxResult *result)
2910 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2917 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2919 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2922 /* warning: addr must be aligned */
2923 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2926 MemTxResult *result,
2927 enum device_endian endian)
2937 mr = address_space_translate(as, addr, &addr1, &l,
2939 if (l < 2 || !memory_access_is_direct(mr, false)) {
2941 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2942 #if defined(TARGET_WORDS_BIGENDIAN)
2943 if (endian == DEVICE_LITTLE_ENDIAN) {
2947 if (endian == DEVICE_BIG_ENDIAN) {
2953 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2957 case DEVICE_LITTLE_ENDIAN:
2958 val = lduw_le_p(ptr);
2960 case DEVICE_BIG_ENDIAN:
2961 val = lduw_be_p(ptr);
2976 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
2977 MemTxAttrs attrs, MemTxResult *result)
2979 return address_space_lduw_internal(as, addr, attrs, result,
2980 DEVICE_NATIVE_ENDIAN);
2983 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs, MemTxResult *result)
2986 return address_space_lduw_internal(as, addr, attrs, result,
2987 DEVICE_LITTLE_ENDIAN);
2990 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
2991 MemTxAttrs attrs, MemTxResult *result)
2993 return address_space_lduw_internal(as, addr, attrs, result,
2997 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2999 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3002 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3004 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3007 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3009 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3012 /* warning: addr must be aligned. The ram page is not masked as dirty
3013 and the code inside is not invalidated. It is useful if the dirty
3014 bits are used to track modified PTEs */
3015 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3016 MemTxAttrs attrs, MemTxResult *result)
3023 uint8_t dirty_log_mask;
3026 mr = address_space_translate(as, addr, &addr1, &l,
3028 if (l < 4 || !memory_access_is_direct(mr, true)) {
3029 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3031 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3032 ptr = qemu_get_ram_ptr(addr1);
3035 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3036 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3037 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3046 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3048 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3051 /* warning: addr must be aligned */
3052 static inline void address_space_stl_internal(AddressSpace *as,
3053 hwaddr addr, uint32_t val,
3055 MemTxResult *result,
3056 enum device_endian endian)
3065 mr = address_space_translate(as, addr, &addr1, &l,
3067 if (l < 4 || !memory_access_is_direct(mr, true)) {
3068 #if defined(TARGET_WORDS_BIGENDIAN)
3069 if (endian == DEVICE_LITTLE_ENDIAN) {
3073 if (endian == DEVICE_BIG_ENDIAN) {
3077 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3080 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3081 ptr = qemu_get_ram_ptr(addr1);
3083 case DEVICE_LITTLE_ENDIAN:
3086 case DEVICE_BIG_ENDIAN:
3093 invalidate_and_set_dirty(mr, addr1, 4);
3102 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3103 MemTxAttrs attrs, MemTxResult *result)
3105 address_space_stl_internal(as, addr, val, attrs, result,
3106 DEVICE_NATIVE_ENDIAN);
3109 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3110 MemTxAttrs attrs, MemTxResult *result)
3112 address_space_stl_internal(as, addr, val, attrs, result,
3113 DEVICE_LITTLE_ENDIAN);
3116 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3117 MemTxAttrs attrs, MemTxResult *result)
3119 address_space_stl_internal(as, addr, val, attrs, result,
3123 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3125 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3128 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3130 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3133 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3135 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3139 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3140 MemTxAttrs attrs, MemTxResult *result)
3145 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3151 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3153 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3156 /* warning: addr must be aligned */
3157 static inline void address_space_stw_internal(AddressSpace *as,
3158 hwaddr addr, uint32_t val,
3160 MemTxResult *result,
3161 enum device_endian endian)
3170 mr = address_space_translate(as, addr, &addr1, &l, true);
3171 if (l < 2 || !memory_access_is_direct(mr, true)) {
3172 #if defined(TARGET_WORDS_BIGENDIAN)
3173 if (endian == DEVICE_LITTLE_ENDIAN) {
3177 if (endian == DEVICE_BIG_ENDIAN) {
3181 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3184 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3185 ptr = qemu_get_ram_ptr(addr1);
3187 case DEVICE_LITTLE_ENDIAN:
3190 case DEVICE_BIG_ENDIAN:
3197 invalidate_and_set_dirty(mr, addr1, 2);
3206 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3207 MemTxAttrs attrs, MemTxResult *result)
3209 address_space_stw_internal(as, addr, val, attrs, result,
3210 DEVICE_NATIVE_ENDIAN);
3213 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3214 MemTxAttrs attrs, MemTxResult *result)
3216 address_space_stw_internal(as, addr, val, attrs, result,
3217 DEVICE_LITTLE_ENDIAN);
3220 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3221 MemTxAttrs attrs, MemTxResult *result)
3223 address_space_stw_internal(as, addr, val, attrs, result,
3227 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3229 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3232 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3234 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3237 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3239 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3243 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3244 MemTxAttrs attrs, MemTxResult *result)
3248 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3254 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3255 MemTxAttrs attrs, MemTxResult *result)
3258 val = cpu_to_le64(val);
3259 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3264 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3265 MemTxAttrs attrs, MemTxResult *result)
3268 val = cpu_to_be64(val);
3269 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3275 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3277 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3280 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3282 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3285 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3287 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3290 /* virtual memory access for debug (includes writing to ROM) */
3291 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3292 uint8_t *buf, int len, int is_write)
3299 page = addr & TARGET_PAGE_MASK;
3300 phys_addr = cpu_get_phys_page_debug(cpu, page);
3301 /* if no physical page mapped, return an error */
3302 if (phys_addr == -1)
3304 l = (page + TARGET_PAGE_SIZE) - addr;
3307 phys_addr += (addr & ~TARGET_PAGE_MASK);
3309 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3311 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3323 * A helper function for the _utterly broken_ virtio device model to find out if
3324 * it's running on a big endian machine. Don't do this at home kids!
3326 bool target_words_bigendian(void);
3327 bool target_words_bigendian(void)
3329 #if defined(TARGET_WORDS_BIGENDIAN)
3336 #ifndef CONFIG_USER_ONLY
3337 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3344 mr = address_space_translate(&address_space_memory,
3345 phys_addr, &phys_addr, &l, false);
3347 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3352 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3358 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3359 ret = func(block->idstr, block->host, block->offset,
3360 block->used_length, opaque);
projects / qemu.git / blob