4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
53 #include "qemu/cache-utils.h"
55 #include "qemu/range.h"
57 //#define DEBUG_SUBPAGE
59 #if !defined(CONFIG_USER_ONLY)
60 static int in_migration;
62 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
64 static MemoryRegion *system_memory;
65 static MemoryRegion *system_io;
67 AddressSpace address_space_io;
68 AddressSpace address_space_memory;
70 MemoryRegion io_mem_rom, io_mem_notdirty;
71 static MemoryRegion io_mem_unassigned;
75 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
76 /* current CPU in the current thread. It is only valid inside
78 DEFINE_TLS(CPUState *, current_cpu);
79 /* 0 = Do not count executed instructions.
80 1 = Precise instruction counting.
81 2 = Adaptive rate instruction counting. */
84 #if !defined(CONFIG_USER_ONLY)
86 typedef struct PhysPageEntry PhysPageEntry;
88 struct PhysPageEntry {
89 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
91 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
95 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
97 /* Size of the L2 (and L3, etc) page tables. */
98 #define ADDR_SPACE_BITS 64
101 #define P_L2_SIZE (1 << P_L2_BITS)
103 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
105 typedef PhysPageEntry Node[P_L2_SIZE];
107 typedef struct PhysPageMap {
108 unsigned sections_nb;
109 unsigned sections_nb_alloc;
111 unsigned nodes_nb_alloc;
113 MemoryRegionSection *sections;
116 struct AddressSpaceDispatch {
117 /* This is a multi-level map on the physical address space.
118 * The bottom level has pointers to MemoryRegionSections.
120 PhysPageEntry phys_map;
125 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
126 typedef struct subpage_t {
130 uint16_t sub_section[TARGET_PAGE_SIZE];
133 #define PHYS_SECTION_UNASSIGNED 0
134 #define PHYS_SECTION_NOTDIRTY 1
135 #define PHYS_SECTION_ROM 2
136 #define PHYS_SECTION_WATCH 3
138 static void io_mem_init(void);
139 static void memory_map_init(void);
141 static MemoryRegion io_mem_watch;
144 #if !defined(CONFIG_USER_ONLY)
146 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
148 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
149 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
151 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
155 static uint32_t phys_map_node_alloc(PhysPageMap *map)
160 ret = map->nodes_nb++;
161 assert(ret != PHYS_MAP_NODE_NIL);
162 assert(ret != map->nodes_nb_alloc);
163 for (i = 0; i < P_L2_SIZE; ++i) {
164 map->nodes[ret][i].skip = 1;
165 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
170 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
171 hwaddr *index, hwaddr *nb, uint16_t leaf,
176 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
178 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
179 lp->ptr = phys_map_node_alloc(map);
180 p = map->nodes[lp->ptr];
182 for (i = 0; i < P_L2_SIZE; i++) {
184 p[i].ptr = PHYS_SECTION_UNASSIGNED;
188 p = map->nodes[lp->ptr];
190 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
192 while (*nb && lp < &p[P_L2_SIZE]) {
193 if ((*index & (step - 1)) == 0 && *nb >= step) {
199 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
205 static void phys_page_set(AddressSpaceDispatch *d,
206 hwaddr index, hwaddr nb,
209 /* Wildly overreserve - it doesn't matter much. */
210 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
212 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
215 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
216 * and update our entry so we can skip it and go directly to the destination.
218 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220 unsigned valid_ptr = P_L2_SIZE;
225 if (lp->ptr == PHYS_MAP_NODE_NIL) {
230 for (i = 0; i < P_L2_SIZE; i++) {
231 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
238 phys_page_compact(&p[i], nodes, compacted);
242 /* We can only compress if there's only one child. */
247 assert(valid_ptr < P_L2_SIZE);
249 /* Don't compress if it won't fit in the # of bits we have. */
250 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
254 lp->ptr = p[valid_ptr].ptr;
255 if (!p[valid_ptr].skip) {
256 /* If our only child is a leaf, make this a leaf. */
257 /* By design, we should have made this node a leaf to begin with so we
258 * should never reach here.
259 * But since it's so simple to handle this, let's do it just in case we
264 lp->skip += p[valid_ptr].skip;
268 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270 DECLARE_BITMAP(compacted, nodes_nb);
272 if (d->phys_map.skip) {
273 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
277 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
278 Node *nodes, MemoryRegionSection *sections)
281 hwaddr index = addr >> TARGET_PAGE_BITS;
284 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
285 if (lp.ptr == PHYS_MAP_NODE_NIL) {
286 return §ions[PHYS_SECTION_UNASSIGNED];
289 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
292 if (sections[lp.ptr].size.hi ||
293 range_covers_byte(sections[lp.ptr].offset_within_address_space,
294 sections[lp.ptr].size.lo, addr)) {
295 return §ions[lp.ptr];
297 return §ions[PHYS_SECTION_UNASSIGNED];
301 bool memory_region_is_unassigned(MemoryRegion *mr)
303 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
304 && mr != &io_mem_watch;
307 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
309 bool resolve_subpage)
311 MemoryRegionSection *section;
314 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
315 if (resolve_subpage && section->mr->subpage) {
316 subpage = container_of(section->mr, subpage_t, iomem);
317 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
322 static MemoryRegionSection *
323 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
324 hwaddr *plen, bool resolve_subpage)
326 MemoryRegionSection *section;
329 section = address_space_lookup_region(d, addr, resolve_subpage);
330 /* Compute offset within MemoryRegionSection */
331 addr -= section->offset_within_address_space;
333 /* Compute offset within MemoryRegion */
334 *xlat = addr + section->offset_within_region;
336 diff = int128_sub(section->mr->size, int128_make64(addr));
337 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
341 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
342 hwaddr *xlat, hwaddr *plen,
346 MemoryRegionSection *section;
351 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
354 if (!mr->iommu_ops) {
358 iotlb = mr->iommu_ops->translate(mr, addr);
359 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
360 | (addr & iotlb.addr_mask));
361 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
362 if (!(iotlb.perm & (1 << is_write))) {
363 mr = &io_mem_unassigned;
367 as = iotlb.target_as;
375 MemoryRegionSection *
376 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
379 MemoryRegionSection *section;
380 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
382 assert(!section->mr->iommu_ops);
387 void cpu_exec_init_all(void)
389 #if !defined(CONFIG_USER_ONLY)
390 qemu_mutex_init(&ram_list.mutex);
396 #if !defined(CONFIG_USER_ONLY)
398 static int cpu_common_post_load(void *opaque, int version_id)
400 CPUState *cpu = opaque;
402 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
403 version_id is increased. */
404 cpu->interrupt_request &= ~0x01;
405 tlb_flush(cpu->env_ptr, 1);
410 const VMStateDescription vmstate_cpu_common = {
411 .name = "cpu_common",
413 .minimum_version_id = 1,
414 .minimum_version_id_old = 1,
415 .post_load = cpu_common_post_load,
416 .fields = (VMStateField []) {
417 VMSTATE_UINT32(halted, CPUState),
418 VMSTATE_UINT32(interrupt_request, CPUState),
419 VMSTATE_END_OF_LIST()
425 CPUState *qemu_get_cpu(int index)
430 if (cpu->cpu_index == index) {
438 void cpu_exec_init(CPUArchState *env)
440 CPUState *cpu = ENV_GET_CPU(env);
441 CPUClass *cc = CPU_GET_CLASS(cpu);
445 #if defined(CONFIG_USER_ONLY)
449 CPU_FOREACH(some_cpu) {
452 cpu->cpu_index = cpu_index;
454 QTAILQ_INIT(&env->breakpoints);
455 QTAILQ_INIT(&env->watchpoints);
456 #ifndef CONFIG_USER_ONLY
457 cpu->thread_id = qemu_get_thread_id();
459 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
460 #if defined(CONFIG_USER_ONLY)
463 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
464 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
466 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
467 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
468 cpu_save, cpu_load, env);
469 assert(cc->vmsd == NULL);
470 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
472 if (cc->vmsd != NULL) {
473 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
477 #if defined(TARGET_HAS_ICE)
478 #if defined(CONFIG_USER_ONLY)
479 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
481 tb_invalidate_phys_page_range(pc, pc + 1, 0);
484 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
486 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
488 tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
492 #endif /* TARGET_HAS_ICE */
494 #if defined(CONFIG_USER_ONLY)
495 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
500 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
501 int flags, CPUWatchpoint **watchpoint)
506 /* Add a watchpoint. */
507 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
508 int flags, CPUWatchpoint **watchpoint)
510 target_ulong len_mask = ~(len - 1);
513 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
514 if ((len & (len - 1)) || (addr & ~len_mask) ||
515 len == 0 || len > TARGET_PAGE_SIZE) {
516 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
517 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
520 wp = g_malloc(sizeof(*wp));
523 wp->len_mask = len_mask;
526 /* keep all GDB-injected watchpoints in front */
528 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
530 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
532 tlb_flush_page(env, addr);
539 /* Remove a specific watchpoint. */
540 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
543 target_ulong len_mask = ~(len - 1);
546 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
547 if (addr == wp->vaddr && len_mask == wp->len_mask
548 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
549 cpu_watchpoint_remove_by_ref(env, wp);
556 /* Remove a specific watchpoint by reference. */
557 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
559 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
561 tlb_flush_page(env, watchpoint->vaddr);
566 /* Remove all matching watchpoints. */
567 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
569 CPUWatchpoint *wp, *next;
571 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
572 if (wp->flags & mask)
573 cpu_watchpoint_remove_by_ref(env, wp);
578 /* Add a breakpoint. */
579 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
580 CPUBreakpoint **breakpoint)
582 #if defined(TARGET_HAS_ICE)
585 bp = g_malloc(sizeof(*bp));
590 /* keep all GDB-injected breakpoints in front */
591 if (flags & BP_GDB) {
592 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
594 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
597 breakpoint_invalidate(ENV_GET_CPU(env), pc);
608 /* Remove a specific breakpoint. */
609 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
611 #if defined(TARGET_HAS_ICE)
614 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
615 if (bp->pc == pc && bp->flags == flags) {
616 cpu_breakpoint_remove_by_ref(env, bp);
626 /* Remove a specific breakpoint by reference. */
627 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
629 #if defined(TARGET_HAS_ICE)
630 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
632 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
638 /* Remove all matching breakpoints. */
639 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
641 #if defined(TARGET_HAS_ICE)
642 CPUBreakpoint *bp, *next;
644 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
645 if (bp->flags & mask)
646 cpu_breakpoint_remove_by_ref(env, bp);
651 /* enable or disable single step mode. EXCP_DEBUG is returned by the
652 CPU loop after each instruction */
653 void cpu_single_step(CPUState *cpu, int enabled)
655 #if defined(TARGET_HAS_ICE)
656 if (cpu->singlestep_enabled != enabled) {
657 cpu->singlestep_enabled = enabled;
659 kvm_update_guest_debug(cpu, 0);
661 /* must flush all the translated code to avoid inconsistencies */
662 /* XXX: only flush what is necessary */
663 CPUArchState *env = cpu->env_ptr;
670 void cpu_abort(CPUArchState *env, const char *fmt, ...)
672 CPUState *cpu = ENV_GET_CPU(env);
678 fprintf(stderr, "qemu: fatal: ");
679 vfprintf(stderr, fmt, ap);
680 fprintf(stderr, "\n");
681 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
682 if (qemu_log_enabled()) {
683 qemu_log("qemu: fatal: ");
684 qemu_log_vprintf(fmt, ap2);
686 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
692 #if defined(CONFIG_USER_ONLY)
694 struct sigaction act;
695 sigfillset(&act.sa_mask);
696 act.sa_handler = SIG_DFL;
697 sigaction(SIGABRT, &act, NULL);
703 #if !defined(CONFIG_USER_ONLY)
704 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
708 /* The list is protected by the iothread lock here. */
709 block = ram_list.mru_block;
710 if (block && addr - block->offset < block->length) {
713 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
714 if (addr - block->offset < block->length) {
719 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
723 ram_list.mru_block = block;
727 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
733 block = qemu_get_ram_block(start);
734 assert(block == qemu_get_ram_block(end - 1));
735 start1 = (uintptr_t)block->host + (start - block->offset);
736 cpu_tlb_reset_dirty_all(start1, length);
739 /* Note: start and end must be within the same ram block. */
740 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
745 start &= TARGET_PAGE_MASK;
746 end = TARGET_PAGE_ALIGN(end);
748 length = end - start;
751 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
754 tlb_reset_dirty_range_all(start, end, length);
758 static int cpu_physical_memory_set_dirty_tracking(int enable)
761 in_migration = enable;
765 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
766 MemoryRegionSection *section,
768 hwaddr paddr, hwaddr xlat,
770 target_ulong *address)
775 if (memory_region_is_ram(section->mr)) {
777 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
779 if (!section->readonly) {
780 iotlb |= PHYS_SECTION_NOTDIRTY;
782 iotlb |= PHYS_SECTION_ROM;
785 iotlb = section - address_space_memory.dispatch->map.sections;
789 /* Make accesses to pages with watchpoints go via the
790 watchpoint trap routines. */
791 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
792 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
793 /* Avoid trapping reads of pages with a write breakpoint. */
794 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
795 iotlb = PHYS_SECTION_WATCH + paddr;
796 *address |= TLB_MMIO;
804 #endif /* defined(CONFIG_USER_ONLY) */
806 #if !defined(CONFIG_USER_ONLY)
808 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
810 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
812 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
815 * Set a custom physical guest memory alloator.
816 * Accelerators with unusual needs may need this. Hopefully, we can
817 * get rid of it eventually.
819 void phys_mem_set_alloc(void *(*alloc)(size_t))
821 phys_mem_alloc = alloc;
824 static uint16_t phys_section_add(PhysPageMap *map,
825 MemoryRegionSection *section)
827 /* The physical section number is ORed with a page-aligned
828 * pointer to produce the iotlb entries. Thus it should
829 * never overflow into the page-aligned value.
831 assert(map->sections_nb < TARGET_PAGE_SIZE);
833 if (map->sections_nb == map->sections_nb_alloc) {
834 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
835 map->sections = g_renew(MemoryRegionSection, map->sections,
836 map->sections_nb_alloc);
838 map->sections[map->sections_nb] = *section;
839 memory_region_ref(section->mr);
840 return map->sections_nb++;
843 static void phys_section_destroy(MemoryRegion *mr)
845 memory_region_unref(mr);
848 subpage_t *subpage = container_of(mr, subpage_t, iomem);
849 memory_region_destroy(&subpage->iomem);
854 static void phys_sections_free(PhysPageMap *map)
856 while (map->sections_nb > 0) {
857 MemoryRegionSection *section = &map->sections[--map->sections_nb];
858 phys_section_destroy(section->mr);
860 g_free(map->sections);
864 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
867 hwaddr base = section->offset_within_address_space
869 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
870 d->map.nodes, d->map.sections);
871 MemoryRegionSection subsection = {
872 .offset_within_address_space = base,
873 .size = int128_make64(TARGET_PAGE_SIZE),
877 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
879 if (!(existing->mr->subpage)) {
880 subpage = subpage_init(d->as, base);
881 subsection.mr = &subpage->iomem;
882 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
883 phys_section_add(&d->map, &subsection));
885 subpage = container_of(existing->mr, subpage_t, iomem);
887 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
888 end = start + int128_get64(section->size) - 1;
889 subpage_register(subpage, start, end,
890 phys_section_add(&d->map, section));
894 static void register_multipage(AddressSpaceDispatch *d,
895 MemoryRegionSection *section)
897 hwaddr start_addr = section->offset_within_address_space;
898 uint16_t section_index = phys_section_add(&d->map, section);
899 uint64_t num_pages = int128_get64(int128_rshift(section->size,
903 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
906 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
908 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
909 AddressSpaceDispatch *d = as->next_dispatch;
910 MemoryRegionSection now = *section, remain = *section;
911 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
913 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
914 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
915 - now.offset_within_address_space;
917 now.size = int128_min(int128_make64(left), now.size);
918 register_subpage(d, &now);
920 now.size = int128_zero();
922 while (int128_ne(remain.size, now.size)) {
923 remain.size = int128_sub(remain.size, now.size);
924 remain.offset_within_address_space += int128_get64(now.size);
925 remain.offset_within_region += int128_get64(now.size);
927 if (int128_lt(remain.size, page_size)) {
928 register_subpage(d, &now);
929 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
930 now.size = page_size;
931 register_subpage(d, &now);
933 now.size = int128_and(now.size, int128_neg(page_size));
934 register_multipage(d, &now);
939 void qemu_flush_coalesced_mmio_buffer(void)
942 kvm_flush_coalesced_mmio_buffer();
945 void qemu_mutex_lock_ramlist(void)
947 qemu_mutex_lock(&ram_list.mutex);
950 void qemu_mutex_unlock_ramlist(void)
952 qemu_mutex_unlock(&ram_list.mutex);
959 #define HUGETLBFS_MAGIC 0x958458f6
961 static long gethugepagesize(const char *path)
967 ret = statfs(path, &fs);
968 } while (ret != 0 && errno == EINTR);
975 if (fs.f_type != HUGETLBFS_MAGIC)
976 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
981 static sigjmp_buf sigjump;
983 static void sigbus_handler(int signal)
985 siglongjmp(sigjump, 1);
988 static void *file_ram_alloc(RAMBlock *block,
993 char *sanitized_name;
997 unsigned long hpagesize;
999 hpagesize = gethugepagesize(path);
1004 if (memory < hpagesize) {
1008 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1009 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1013 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1014 sanitized_name = g_strdup(block->mr->name);
1015 for (c = sanitized_name; *c != '\0'; c++) {
1020 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1022 g_free(sanitized_name);
1024 fd = mkstemp(filename);
1026 perror("unable to create backing store for hugepages");
1033 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1036 * ftruncate is not supported by hugetlbfs in older
1037 * hosts, so don't bother bailing out on errors.
1038 * If anything goes wrong with it under other filesystems,
1041 if (ftruncate(fd, memory))
1042 perror("ftruncate");
1044 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1045 if (area == MAP_FAILED) {
1046 perror("file_ram_alloc: can't mmap RAM pages");
1053 struct sigaction act, oldact;
1054 sigset_t set, oldset;
1056 memset(&act, 0, sizeof(act));
1057 act.sa_handler = &sigbus_handler;
1060 ret = sigaction(SIGBUS, &act, &oldact);
1062 perror("file_ram_alloc: failed to install signal handler");
1066 /* unblock SIGBUS */
1068 sigaddset(&set, SIGBUS);
1069 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
1071 if (sigsetjmp(sigjump, 1)) {
1072 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
1076 /* MAP_POPULATE silently ignores failures */
1077 for (i = 0; i < (memory/hpagesize)-1; i++) {
1078 memset(area + (hpagesize*i), 0, 1);
1081 ret = sigaction(SIGBUS, &oldact, NULL);
1083 perror("file_ram_alloc: failed to reinstall signal handler");
1087 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
1094 static void *file_ram_alloc(RAMBlock *block,
1098 fprintf(stderr, "-mem-path not supported on this host\n");
1103 static ram_addr_t find_ram_offset(ram_addr_t size)
1105 RAMBlock *block, *next_block;
1106 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1108 assert(size != 0); /* it would hand out same offset multiple times */
1110 if (QTAILQ_EMPTY(&ram_list.blocks))
1113 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1114 ram_addr_t end, next = RAM_ADDR_MAX;
1116 end = block->offset + block->length;
1118 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1119 if (next_block->offset >= end) {
1120 next = MIN(next, next_block->offset);
1123 if (next - end >= size && next - end < mingap) {
1125 mingap = next - end;
1129 if (offset == RAM_ADDR_MAX) {
1130 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1138 ram_addr_t last_ram_offset(void)
1141 ram_addr_t last = 0;
1143 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1144 last = MAX(last, block->offset + block->length);
1149 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1153 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1154 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1155 "dump-guest-core", true)) {
1156 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1158 perror("qemu_madvise");
1159 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1160 "but dump_guest_core=off specified\n");
1165 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1167 RAMBlock *new_block, *block;
1170 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1171 if (block->offset == addr) {
1177 assert(!new_block->idstr[0]);
1180 char *id = qdev_get_dev_path(dev);
1182 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1186 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1188 /* This assumes the iothread lock is taken here too. */
1189 qemu_mutex_lock_ramlist();
1190 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1191 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1192 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1197 qemu_mutex_unlock_ramlist();
1200 static int memory_try_enable_merging(void *addr, size_t len)
1202 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1203 /* disabled by the user */
1207 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1210 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1213 RAMBlock *block, *new_block;
1215 size = TARGET_PAGE_ALIGN(size);
1216 new_block = g_malloc0(sizeof(*new_block));
1219 /* This assumes the iothread lock is taken here too. */
1220 qemu_mutex_lock_ramlist();
1222 new_block->offset = find_ram_offset(size);
1224 new_block->host = host;
1225 new_block->flags |= RAM_PREALLOC_MASK;
1226 } else if (xen_enabled()) {
1228 fprintf(stderr, "-mem-path not supported with Xen\n");
1231 xen_ram_alloc(new_block->offset, size, mr);
1234 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1236 * file_ram_alloc() needs to allocate just like
1237 * phys_mem_alloc, but we haven't bothered to provide
1241 "-mem-path not supported with this accelerator\n");
1244 new_block->host = file_ram_alloc(new_block, size, mem_path);
1246 if (!new_block->host) {
1247 new_block->host = phys_mem_alloc(size);
1248 if (!new_block->host) {
1249 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1250 new_block->mr->name, strerror(errno));
1253 memory_try_enable_merging(new_block->host, size);
1256 new_block->length = size;
1258 /* Keep the list sorted from biggest to smallest block. */
1259 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1260 if (block->length < new_block->length) {
1265 QTAILQ_INSERT_BEFORE(block, new_block, next);
1267 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1269 ram_list.mru_block = NULL;
1272 qemu_mutex_unlock_ramlist();
1274 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1275 last_ram_offset() >> TARGET_PAGE_BITS);
1276 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1277 0, size >> TARGET_PAGE_BITS);
1278 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1280 qemu_ram_setup_dump(new_block->host, size);
1281 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1282 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1285 kvm_setup_guest_memory(new_block->host, size);
1287 return new_block->offset;
1290 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1292 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1295 void qemu_ram_free_from_ptr(ram_addr_t addr)
1299 /* This assumes the iothread lock is taken here too. */
1300 qemu_mutex_lock_ramlist();
1301 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1302 if (addr == block->offset) {
1303 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1304 ram_list.mru_block = NULL;
1310 qemu_mutex_unlock_ramlist();
1313 void qemu_ram_free(ram_addr_t addr)
1317 /* This assumes the iothread lock is taken here too. */
1318 qemu_mutex_lock_ramlist();
1319 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1320 if (addr == block->offset) {
1321 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1322 ram_list.mru_block = NULL;
1324 if (block->flags & RAM_PREALLOC_MASK) {
1326 } else if (xen_enabled()) {
1327 xen_invalidate_map_cache_entry(block->host);
1329 } else if (block->fd >= 0) {
1330 munmap(block->host, block->length);
1334 qemu_anon_ram_free(block->host, block->length);
1340 qemu_mutex_unlock_ramlist();
1345 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1352 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1353 offset = addr - block->offset;
1354 if (offset < block->length) {
1355 vaddr = block->host + offset;
1356 if (block->flags & RAM_PREALLOC_MASK) {
1358 } else if (xen_enabled()) {
1362 munmap(vaddr, length);
1363 if (block->fd >= 0) {
1365 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1368 flags |= MAP_PRIVATE;
1370 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1371 flags, block->fd, offset);
1374 * Remap needs to match alloc. Accelerators that
1375 * set phys_mem_alloc never remap. If they did,
1376 * we'd need a remap hook here.
1378 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1380 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1381 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1384 if (area != vaddr) {
1385 fprintf(stderr, "Could not remap addr: "
1386 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1390 memory_try_enable_merging(vaddr, length);
1391 qemu_ram_setup_dump(vaddr, length);
1397 #endif /* !_WIN32 */
1399 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1400 With the exception of the softmmu code in this file, this should
1401 only be used for local memory (e.g. video ram) that the device owns,
1402 and knows it isn't going to access beyond the end of the block.
1404 It should not be used for general purpose DMA.
1405 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1407 void *qemu_get_ram_ptr(ram_addr_t addr)
1409 RAMBlock *block = qemu_get_ram_block(addr);
1411 if (xen_enabled()) {
1412 /* We need to check if the requested address is in the RAM
1413 * because we don't want to map the entire memory in QEMU.
1414 * In that case just map until the end of the page.
1416 if (block->offset == 0) {
1417 return xen_map_cache(addr, 0, 0);
1418 } else if (block->host == NULL) {
1420 xen_map_cache(block->offset, block->length, 1);
1423 return block->host + (addr - block->offset);
1426 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1427 * but takes a size argument */
1428 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1433 if (xen_enabled()) {
1434 return xen_map_cache(addr, *size, 1);
1438 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1439 if (addr - block->offset < block->length) {
1440 if (addr - block->offset + *size > block->length)
1441 *size = block->length - addr + block->offset;
1442 return block->host + (addr - block->offset);
1446 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1451 /* Some of the softmmu routines need to translate from a host pointer
1452 (typically a TLB entry) back to a ram offset. */
1453 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1456 uint8_t *host = ptr;
1458 if (xen_enabled()) {
1459 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1460 return qemu_get_ram_block(*ram_addr)->mr;
1463 block = ram_list.mru_block;
1464 if (block && block->host && host - block->host < block->length) {
1468 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1469 /* This case append when the block is not mapped. */
1470 if (block->host == NULL) {
1473 if (host - block->host < block->length) {
1481 *ram_addr = block->offset + (host - block->host);
1485 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1486 uint64_t val, unsigned size)
1489 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1490 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1491 tb_invalidate_phys_page_fast(ram_addr, size);
1492 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1496 stb_p(qemu_get_ram_ptr(ram_addr), val);
1499 stw_p(qemu_get_ram_ptr(ram_addr), val);
1502 stl_p(qemu_get_ram_ptr(ram_addr), val);
1507 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1508 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1509 /* we remove the notdirty callback only if the code has been
1511 if (dirty_flags == 0xff) {
1512 CPUArchState *env = current_cpu->env_ptr;
1513 tlb_set_dirty(env, env->mem_io_vaddr);
1517 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1518 unsigned size, bool is_write)
1523 static const MemoryRegionOps notdirty_mem_ops = {
1524 .write = notdirty_mem_write,
1525 .valid.accepts = notdirty_mem_accepts,
1526 .endianness = DEVICE_NATIVE_ENDIAN,
1529 /* Generate a debug exception if a watchpoint has been hit. */
1530 static void check_watchpoint(int offset, int len_mask, int flags)
1532 CPUArchState *env = current_cpu->env_ptr;
1533 target_ulong pc, cs_base;
1538 if (env->watchpoint_hit) {
1539 /* We re-entered the check after replacing the TB. Now raise
1540 * the debug interrupt so that is will trigger after the
1541 * current instruction. */
1542 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1545 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1546 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1547 if ((vaddr == (wp->vaddr & len_mask) ||
1548 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1549 wp->flags |= BP_WATCHPOINT_HIT;
1550 if (!env->watchpoint_hit) {
1551 env->watchpoint_hit = wp;
1552 tb_check_watchpoint(env);
1553 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1554 env->exception_index = EXCP_DEBUG;
1557 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1558 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1559 cpu_resume_from_signal(env, NULL);
1563 wp->flags &= ~BP_WATCHPOINT_HIT;
1568 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1569 so these check for a hit then pass through to the normal out-of-line
1571 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1574 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1576 case 1: return ldub_phys(addr);
1577 case 2: return lduw_phys(addr);
1578 case 4: return ldl_phys(addr);
1583 static void watch_mem_write(void *opaque, hwaddr addr,
1584 uint64_t val, unsigned size)
1586 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1589 stb_phys(addr, val);
1592 stw_phys(addr, val);
1595 stl_phys(addr, val);
1601 static const MemoryRegionOps watch_mem_ops = {
1602 .read = watch_mem_read,
1603 .write = watch_mem_write,
1604 .endianness = DEVICE_NATIVE_ENDIAN,
1607 static uint64_t subpage_read(void *opaque, hwaddr addr,
1610 subpage_t *subpage = opaque;
1613 #if defined(DEBUG_SUBPAGE)
1614 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1615 subpage, len, addr);
1617 address_space_read(subpage->as, addr + subpage->base, buf, len);
1630 static void subpage_write(void *opaque, hwaddr addr,
1631 uint64_t value, unsigned len)
1633 subpage_t *subpage = opaque;
1636 #if defined(DEBUG_SUBPAGE)
1637 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1638 " value %"PRIx64"\n",
1639 __func__, subpage, len, addr, value);
1654 address_space_write(subpage->as, addr + subpage->base, buf, len);
1657 static bool subpage_accepts(void *opaque, hwaddr addr,
1658 unsigned len, bool is_write)
1660 subpage_t *subpage = opaque;
1661 #if defined(DEBUG_SUBPAGE)
1662 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1663 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1666 return address_space_access_valid(subpage->as, addr + subpage->base,
1670 static const MemoryRegionOps subpage_ops = {
1671 .read = subpage_read,
1672 .write = subpage_write,
1673 .valid.accepts = subpage_accepts,
1674 .endianness = DEVICE_NATIVE_ENDIAN,
1677 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1682 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1684 idx = SUBPAGE_IDX(start);
1685 eidx = SUBPAGE_IDX(end);
1686 #if defined(DEBUG_SUBPAGE)
1687 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1688 __func__, mmio, start, end, idx, eidx, section);
1690 for (; idx <= eidx; idx++) {
1691 mmio->sub_section[idx] = section;
1697 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1701 mmio = g_malloc0(sizeof(subpage_t));
1705 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1706 "subpage", TARGET_PAGE_SIZE);
1707 mmio->iomem.subpage = true;
1708 #if defined(DEBUG_SUBPAGE)
1709 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1710 mmio, base, TARGET_PAGE_SIZE);
1712 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1717 static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr)
1719 MemoryRegionSection section = {
1721 .offset_within_address_space = 0,
1722 .offset_within_region = 0,
1723 .size = int128_2_64(),
1726 return phys_section_add(map, §ion);
1729 MemoryRegion *iotlb_to_region(hwaddr index)
1731 return address_space_memory.dispatch->map.sections[
1732 index & ~TARGET_PAGE_MASK].mr;
1735 static void io_mem_init(void)
1737 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1738 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1739 "unassigned", UINT64_MAX);
1740 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1741 "notdirty", UINT64_MAX);
1742 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1743 "watch", UINT64_MAX);
1746 static void mem_begin(MemoryListener *listener)
1748 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1749 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1752 n = dummy_section(&d->map, &io_mem_unassigned);
1753 assert(n == PHYS_SECTION_UNASSIGNED);
1754 n = dummy_section(&d->map, &io_mem_notdirty);
1755 assert(n == PHYS_SECTION_NOTDIRTY);
1756 n = dummy_section(&d->map, &io_mem_rom);
1757 assert(n == PHYS_SECTION_ROM);
1758 n = dummy_section(&d->map, &io_mem_watch);
1759 assert(n == PHYS_SECTION_WATCH);
1761 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1763 as->next_dispatch = d;
1766 static void mem_commit(MemoryListener *listener)
1768 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1769 AddressSpaceDispatch *cur = as->dispatch;
1770 AddressSpaceDispatch *next = as->next_dispatch;
1772 phys_page_compact_all(next, next->map.nodes_nb);
1774 as->dispatch = next;
1777 phys_sections_free(&cur->map);
1782 static void tcg_commit(MemoryListener *listener)
1786 /* since each CPU stores ram addresses in its TLB cache, we must
1787 reset the modified entries */
1790 CPUArchState *env = cpu->env_ptr;
1796 static void core_log_global_start(MemoryListener *listener)
1798 cpu_physical_memory_set_dirty_tracking(1);
1801 static void core_log_global_stop(MemoryListener *listener)
1803 cpu_physical_memory_set_dirty_tracking(0);
1806 static MemoryListener core_memory_listener = {
1807 .log_global_start = core_log_global_start,
1808 .log_global_stop = core_log_global_stop,
1812 static MemoryListener tcg_memory_listener = {
1813 .commit = tcg_commit,
1816 void address_space_init_dispatch(AddressSpace *as)
1818 as->dispatch = NULL;
1819 as->dispatch_listener = (MemoryListener) {
1821 .commit = mem_commit,
1822 .region_add = mem_add,
1823 .region_nop = mem_add,
1826 memory_listener_register(&as->dispatch_listener, as);
1829 void address_space_destroy_dispatch(AddressSpace *as)
1831 AddressSpaceDispatch *d = as->dispatch;
1833 memory_listener_unregister(&as->dispatch_listener);
1835 as->dispatch = NULL;
1838 static void memory_map_init(void)
1840 system_memory = g_malloc(sizeof(*system_memory));
1842 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1843 address_space_init(&address_space_memory, system_memory, "memory");
1845 system_io = g_malloc(sizeof(*system_io));
1846 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1848 address_space_init(&address_space_io, system_io, "I/O");
1850 memory_listener_register(&core_memory_listener, &address_space_memory);
1851 if (tcg_enabled()) {
1852 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1856 MemoryRegion *get_system_memory(void)
1858 return system_memory;
1861 MemoryRegion *get_system_io(void)
1866 #endif /* !defined(CONFIG_USER_ONLY) */
1868 /* physical memory access (slow version, mainly for debug) */
1869 #if defined(CONFIG_USER_ONLY)
1870 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1871 uint8_t *buf, int len, int is_write)
1878 page = addr & TARGET_PAGE_MASK;
1879 l = (page + TARGET_PAGE_SIZE) - addr;
1882 flags = page_get_flags(page);
1883 if (!(flags & PAGE_VALID))
1886 if (!(flags & PAGE_WRITE))
1888 /* XXX: this code should not depend on lock_user */
1889 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1892 unlock_user(p, addr, l);
1894 if (!(flags & PAGE_READ))
1896 /* XXX: this code should not depend on lock_user */
1897 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1900 unlock_user(p, addr, 0);
1911 static void invalidate_and_set_dirty(hwaddr addr,
1914 if (!cpu_physical_memory_is_dirty(addr)) {
1915 /* invalidate code */
1916 tb_invalidate_phys_page_range(addr, addr + length, 0);
1918 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1920 xen_modified_memory(addr, length);
1923 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1925 if (memory_region_is_ram(mr)) {
1926 return !(is_write && mr->readonly);
1928 if (memory_region_is_romd(mr)) {
1935 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1937 unsigned access_size_max = mr->ops->valid.max_access_size;
1939 /* Regions are assumed to support 1-4 byte accesses unless
1940 otherwise specified. */
1941 if (access_size_max == 0) {
1942 access_size_max = 4;
1945 /* Bound the maximum access by the alignment of the address. */
1946 if (!mr->ops->impl.unaligned) {
1947 unsigned align_size_max = addr & -addr;
1948 if (align_size_max != 0 && align_size_max < access_size_max) {
1949 access_size_max = align_size_max;
1953 /* Don't attempt accesses larger than the maximum. */
1954 if (l > access_size_max) {
1955 l = access_size_max;
1958 l = 1 << (qemu_fls(l) - 1);
1964 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1965 int len, bool is_write)
1976 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1979 if (!memory_access_is_direct(mr, is_write)) {
1980 l = memory_access_size(mr, l, addr1);
1981 /* XXX: could force current_cpu to NULL to avoid
1985 /* 64 bit write access */
1987 error |= io_mem_write(mr, addr1, val, 8);
1990 /* 32 bit write access */
1992 error |= io_mem_write(mr, addr1, val, 4);
1995 /* 16 bit write access */
1997 error |= io_mem_write(mr, addr1, val, 2);
2000 /* 8 bit write access */
2002 error |= io_mem_write(mr, addr1, val, 1);
2008 addr1 += memory_region_get_ram_addr(mr);
2010 ptr = qemu_get_ram_ptr(addr1);
2011 memcpy(ptr, buf, l);
2012 invalidate_and_set_dirty(addr1, l);
2015 if (!memory_access_is_direct(mr, is_write)) {
2017 l = memory_access_size(mr, l, addr1);
2020 /* 64 bit read access */
2021 error |= io_mem_read(mr, addr1, &val, 8);
2025 /* 32 bit read access */
2026 error |= io_mem_read(mr, addr1, &val, 4);
2030 /* 16 bit read access */
2031 error |= io_mem_read(mr, addr1, &val, 2);
2035 /* 8 bit read access */
2036 error |= io_mem_read(mr, addr1, &val, 1);
2044 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2045 memcpy(buf, ptr, l);
2056 bool address_space_write(AddressSpace *as, hwaddr addr,
2057 const uint8_t *buf, int len)
2059 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2062 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2064 return address_space_rw(as, addr, buf, len, false);
2068 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2069 int len, int is_write)
2071 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2074 enum write_rom_type {
2079 static inline void cpu_physical_memory_write_rom_internal(
2080 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2089 mr = address_space_translate(&address_space_memory,
2090 addr, &addr1, &l, true);
2092 if (!(memory_region_is_ram(mr) ||
2093 memory_region_is_romd(mr))) {
2096 addr1 += memory_region_get_ram_addr(mr);
2098 ptr = qemu_get_ram_ptr(addr1);
2101 memcpy(ptr, buf, l);
2102 invalidate_and_set_dirty(addr1, l);
2105 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2115 /* used for ROM loading : can write in RAM and ROM */
2116 void cpu_physical_memory_write_rom(hwaddr addr,
2117 const uint8_t *buf, int len)
2119 cpu_physical_memory_write_rom_internal(addr, buf, len, WRITE_DATA);
2122 void cpu_flush_icache_range(hwaddr start, int len)
2125 * This function should do the same thing as an icache flush that was
2126 * triggered from within the guest. For TCG we are always cache coherent,
2127 * so there is no need to flush anything. For KVM / Xen we need to flush
2128 * the host's instruction cache at least.
2130 if (tcg_enabled()) {
2134 cpu_physical_memory_write_rom_internal(start, NULL, len, FLUSH_CACHE);
2144 static BounceBuffer bounce;
2146 typedef struct MapClient {
2148 void (*callback)(void *opaque);
2149 QLIST_ENTRY(MapClient) link;
2152 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2153 = QLIST_HEAD_INITIALIZER(map_client_list);
2155 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2157 MapClient *client = g_malloc(sizeof(*client));
2159 client->opaque = opaque;
2160 client->callback = callback;
2161 QLIST_INSERT_HEAD(&map_client_list, client, link);
2165 static void cpu_unregister_map_client(void *_client)
2167 MapClient *client = (MapClient *)_client;
2169 QLIST_REMOVE(client, link);
2173 static void cpu_notify_map_clients(void)
2177 while (!QLIST_EMPTY(&map_client_list)) {
2178 client = QLIST_FIRST(&map_client_list);
2179 client->callback(client->opaque);
2180 cpu_unregister_map_client(client);
2184 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2191 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2192 if (!memory_access_is_direct(mr, is_write)) {
2193 l = memory_access_size(mr, l, addr);
2194 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2205 /* Map a physical memory region into a host virtual address.
2206 * May map a subset of the requested range, given by and returned in *plen.
2207 * May return NULL if resources needed to perform the mapping are exhausted.
2208 * Use only for reads OR writes - not for read-modify-write operations.
2209 * Use cpu_register_map_client() to know when retrying the map operation is
2210 * likely to succeed.
2212 void *address_space_map(AddressSpace *as,
2219 hwaddr l, xlat, base;
2220 MemoryRegion *mr, *this_mr;
2228 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2229 if (!memory_access_is_direct(mr, is_write)) {
2230 if (bounce.buffer) {
2233 /* Avoid unbounded allocations */
2234 l = MIN(l, TARGET_PAGE_SIZE);
2235 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2239 memory_region_ref(mr);
2242 address_space_read(as, addr, bounce.buffer, l);
2246 return bounce.buffer;
2250 raddr = memory_region_get_ram_addr(mr);
2261 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2262 if (this_mr != mr || xlat != base + done) {
2267 memory_region_ref(mr);
2269 return qemu_ram_ptr_length(raddr + base, plen);
2272 /* Unmaps a memory region previously mapped by address_space_map().
2273 * Will also mark the memory as dirty if is_write == 1. access_len gives
2274 * the amount of memory that was actually read or written by the caller.
2276 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2277 int is_write, hwaddr access_len)
2279 if (buffer != bounce.buffer) {
2283 mr = qemu_ram_addr_from_host(buffer, &addr1);
2286 while (access_len) {
2288 l = TARGET_PAGE_SIZE;
2291 invalidate_and_set_dirty(addr1, l);
2296 if (xen_enabled()) {
2297 xen_invalidate_map_cache_entry(buffer);
2299 memory_region_unref(mr);
2303 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2305 qemu_vfree(bounce.buffer);
2306 bounce.buffer = NULL;
2307 memory_region_unref(bounce.mr);
2308 cpu_notify_map_clients();
2311 void *cpu_physical_memory_map(hwaddr addr,
2315 return address_space_map(&address_space_memory, addr, plen, is_write);
2318 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2319 int is_write, hwaddr access_len)
2321 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2324 /* warning: addr must be aligned */
2325 static inline uint32_t ldl_phys_internal(hwaddr addr,
2326 enum device_endian endian)
2334 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2336 if (l < 4 || !memory_access_is_direct(mr, false)) {
2338 io_mem_read(mr, addr1, &val, 4);
2339 #if defined(TARGET_WORDS_BIGENDIAN)
2340 if (endian == DEVICE_LITTLE_ENDIAN) {
2344 if (endian == DEVICE_BIG_ENDIAN) {
2350 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2354 case DEVICE_LITTLE_ENDIAN:
2355 val = ldl_le_p(ptr);
2357 case DEVICE_BIG_ENDIAN:
2358 val = ldl_be_p(ptr);
2368 uint32_t ldl_phys(hwaddr addr)
2370 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2373 uint32_t ldl_le_phys(hwaddr addr)
2375 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2378 uint32_t ldl_be_phys(hwaddr addr)
2380 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2383 /* warning: addr must be aligned */
2384 static inline uint64_t ldq_phys_internal(hwaddr addr,
2385 enum device_endian endian)
2393 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2395 if (l < 8 || !memory_access_is_direct(mr, false)) {
2397 io_mem_read(mr, addr1, &val, 8);
2398 #if defined(TARGET_WORDS_BIGENDIAN)
2399 if (endian == DEVICE_LITTLE_ENDIAN) {
2403 if (endian == DEVICE_BIG_ENDIAN) {
2409 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2413 case DEVICE_LITTLE_ENDIAN:
2414 val = ldq_le_p(ptr);
2416 case DEVICE_BIG_ENDIAN:
2417 val = ldq_be_p(ptr);
2427 uint64_t ldq_phys(hwaddr addr)
2429 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2432 uint64_t ldq_le_phys(hwaddr addr)
2434 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2437 uint64_t ldq_be_phys(hwaddr addr)
2439 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2443 uint32_t ldub_phys(hwaddr addr)
2446 cpu_physical_memory_read(addr, &val, 1);
2450 /* warning: addr must be aligned */
2451 static inline uint32_t lduw_phys_internal(hwaddr addr,
2452 enum device_endian endian)
2460 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2462 if (l < 2 || !memory_access_is_direct(mr, false)) {
2464 io_mem_read(mr, addr1, &val, 2);
2465 #if defined(TARGET_WORDS_BIGENDIAN)
2466 if (endian == DEVICE_LITTLE_ENDIAN) {
2470 if (endian == DEVICE_BIG_ENDIAN) {
2476 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2480 case DEVICE_LITTLE_ENDIAN:
2481 val = lduw_le_p(ptr);
2483 case DEVICE_BIG_ENDIAN:
2484 val = lduw_be_p(ptr);
2494 uint32_t lduw_phys(hwaddr addr)
2496 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2499 uint32_t lduw_le_phys(hwaddr addr)
2501 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2504 uint32_t lduw_be_phys(hwaddr addr)
2506 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2509 /* warning: addr must be aligned. The ram page is not masked as dirty
2510 and the code inside is not invalidated. It is useful if the dirty
2511 bits are used to track modified PTEs */
2512 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2519 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2521 if (l < 4 || !memory_access_is_direct(mr, true)) {
2522 io_mem_write(mr, addr1, val, 4);
2524 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2525 ptr = qemu_get_ram_ptr(addr1);
2528 if (unlikely(in_migration)) {
2529 if (!cpu_physical_memory_is_dirty(addr1)) {
2530 /* invalidate code */
2531 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2533 cpu_physical_memory_set_dirty_flags(
2534 addr1, (0xff & ~CODE_DIRTY_FLAG));
2540 /* warning: addr must be aligned */
2541 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2542 enum device_endian endian)
2549 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2551 if (l < 4 || !memory_access_is_direct(mr, true)) {
2552 #if defined(TARGET_WORDS_BIGENDIAN)
2553 if (endian == DEVICE_LITTLE_ENDIAN) {
2557 if (endian == DEVICE_BIG_ENDIAN) {
2561 io_mem_write(mr, addr1, val, 4);
2564 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2565 ptr = qemu_get_ram_ptr(addr1);
2567 case DEVICE_LITTLE_ENDIAN:
2570 case DEVICE_BIG_ENDIAN:
2577 invalidate_and_set_dirty(addr1, 4);
2581 void stl_phys(hwaddr addr, uint32_t val)
2583 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2586 void stl_le_phys(hwaddr addr, uint32_t val)
2588 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2591 void stl_be_phys(hwaddr addr, uint32_t val)
2593 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2597 void stb_phys(hwaddr addr, uint32_t val)
2600 cpu_physical_memory_write(addr, &v, 1);
2603 /* warning: addr must be aligned */
2604 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2605 enum device_endian endian)
2612 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2614 if (l < 2 || !memory_access_is_direct(mr, true)) {
2615 #if defined(TARGET_WORDS_BIGENDIAN)
2616 if (endian == DEVICE_LITTLE_ENDIAN) {
2620 if (endian == DEVICE_BIG_ENDIAN) {
2624 io_mem_write(mr, addr1, val, 2);
2627 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2628 ptr = qemu_get_ram_ptr(addr1);
2630 case DEVICE_LITTLE_ENDIAN:
2633 case DEVICE_BIG_ENDIAN:
2640 invalidate_and_set_dirty(addr1, 2);
2644 void stw_phys(hwaddr addr, uint32_t val)
2646 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2649 void stw_le_phys(hwaddr addr, uint32_t val)
2651 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2654 void stw_be_phys(hwaddr addr, uint32_t val)
2656 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2660 void stq_phys(hwaddr addr, uint64_t val)
2663 cpu_physical_memory_write(addr, &val, 8);
2666 void stq_le_phys(hwaddr addr, uint64_t val)
2668 val = cpu_to_le64(val);
2669 cpu_physical_memory_write(addr, &val, 8);
2672 void stq_be_phys(hwaddr addr, uint64_t val)
2674 val = cpu_to_be64(val);
2675 cpu_physical_memory_write(addr, &val, 8);
2678 /* virtual memory access for debug (includes writing to ROM) */
2679 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2680 uint8_t *buf, int len, int is_write)
2687 page = addr & TARGET_PAGE_MASK;
2688 phys_addr = cpu_get_phys_page_debug(cpu, page);
2689 /* if no physical page mapped, return an error */
2690 if (phys_addr == -1)
2692 l = (page + TARGET_PAGE_SIZE) - addr;
2695 phys_addr += (addr & ~TARGET_PAGE_MASK);
2697 cpu_physical_memory_write_rom(phys_addr, buf, l);
2699 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2708 #if !defined(CONFIG_USER_ONLY)
2711 * A helper function for the _utterly broken_ virtio device model to find out if
2712 * it's running on a big endian machine. Don't do this at home kids!
2714 bool virtio_is_big_endian(void);
2715 bool virtio_is_big_endian(void)
2717 #if defined(TARGET_WORDS_BIGENDIAN)
2726 #ifndef CONFIG_USER_ONLY
2727 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2732 mr = address_space_translate(&address_space_memory,
2733 phys_addr, &phys_addr, &l, false);
2735 return !(memory_region_is_ram(mr) ||
2736 memory_region_is_romd(mr));
2739 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2743 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2744 func(block->host, block->offset, block->length, opaque);
projects / qemu.git / blob