4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_UNASSIGNED
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
58 static int in_migration;
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
67 DMAContext dma_context_memory;
69 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
70 static MemoryRegion io_mem_subpage_ram;
74 CPUArchState *first_cpu;
75 /* current CPU in the current thread. It is only valid inside
77 DEFINE_TLS(CPUArchState *,cpu_single_env);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
83 #if !defined(CONFIG_USER_ONLY)
85 static MemoryRegionSection *phys_sections;
86 static unsigned phys_sections_nb, phys_sections_nb_alloc;
87 static uint16_t phys_section_unassigned;
88 static uint16_t phys_section_notdirty;
89 static uint16_t phys_section_rom;
90 static uint16_t phys_section_watch;
92 /* Simple allocator for PhysPageEntry nodes */
93 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
94 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
96 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
98 static void io_mem_init(void);
99 static void memory_map_init(void);
100 static void *qemu_safe_ram_ptr(ram_addr_t addr);
102 static MemoryRegion io_mem_watch;
105 #if !defined(CONFIG_USER_ONLY)
107 static void phys_map_node_reserve(unsigned nodes)
109 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
110 typedef PhysPageEntry Node[L2_SIZE];
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
112 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
113 phys_map_nodes_nb + nodes);
114 phys_map_nodes = g_renew(Node, phys_map_nodes,
115 phys_map_nodes_nb_alloc);
119 static uint16_t phys_map_node_alloc(void)
124 ret = phys_map_nodes_nb++;
125 assert(ret != PHYS_MAP_NODE_NIL);
126 assert(ret != phys_map_nodes_nb_alloc);
127 for (i = 0; i < L2_SIZE; ++i) {
128 phys_map_nodes[ret][i].is_leaf = 0;
129 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
134 static void phys_map_nodes_reset(void)
136 phys_map_nodes_nb = 0;
140 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
141 hwaddr *nb, uint16_t leaf,
146 hwaddr step = (hwaddr)1 << (level * L2_BITS);
148 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
149 lp->ptr = phys_map_node_alloc();
150 p = phys_map_nodes[lp->ptr];
152 for (i = 0; i < L2_SIZE; i++) {
154 p[i].ptr = phys_section_unassigned;
158 p = phys_map_nodes[lp->ptr];
160 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
162 while (*nb && lp < &p[L2_SIZE]) {
163 if ((*index & (step - 1)) == 0 && *nb >= step) {
169 phys_page_set_level(lp, index, nb, leaf, level - 1);
175 static void phys_page_set(AddressSpaceDispatch *d,
176 hwaddr index, hwaddr nb,
179 /* Wildly overreserve - it doesn't matter much. */
180 phys_map_node_reserve(3 * P_L2_LEVELS);
182 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
185 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
187 PhysPageEntry lp = d->phys_map;
190 uint16_t s_index = phys_section_unassigned;
192 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
193 if (lp.ptr == PHYS_MAP_NODE_NIL) {
196 p = phys_map_nodes[lp.ptr];
197 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
202 return &phys_sections[s_index];
205 bool memory_region_is_unassigned(MemoryRegion *mr)
207 return mr != &io_mem_ram && mr != &io_mem_rom
208 && mr != &io_mem_notdirty && !mr->rom_device
209 && mr != &io_mem_watch;
213 void cpu_exec_init_all(void)
215 #if !defined(CONFIG_USER_ONLY)
221 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
223 static int cpu_common_post_load(void *opaque, int version_id)
225 CPUArchState *env = opaque;
227 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
228 version_id is increased. */
229 env->interrupt_request &= ~0x01;
235 static const VMStateDescription vmstate_cpu_common = {
236 .name = "cpu_common",
238 .minimum_version_id = 1,
239 .minimum_version_id_old = 1,
240 .post_load = cpu_common_post_load,
241 .fields = (VMStateField []) {
242 VMSTATE_UINT32(halted, CPUArchState),
243 VMSTATE_UINT32(interrupt_request, CPUArchState),
244 VMSTATE_END_OF_LIST()
249 CPUArchState *qemu_get_cpu(int cpu)
251 CPUArchState *env = first_cpu;
254 if (env->cpu_index == cpu)
262 void cpu_exec_init(CPUArchState *env)
264 #ifndef CONFIG_USER_ONLY
265 CPUState *cpu = ENV_GET_CPU(env);
270 #if defined(CONFIG_USER_ONLY)
273 env->next_cpu = NULL;
276 while (*penv != NULL) {
277 penv = &(*penv)->next_cpu;
280 env->cpu_index = cpu_index;
282 QTAILQ_INIT(&env->breakpoints);
283 QTAILQ_INIT(&env->watchpoints);
284 #ifndef CONFIG_USER_ONLY
285 cpu->thread_id = qemu_get_thread_id();
288 #if defined(CONFIG_USER_ONLY)
291 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
292 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
293 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
294 cpu_save, cpu_load, env);
298 #if defined(TARGET_HAS_ICE)
299 #if defined(CONFIG_USER_ONLY)
300 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
302 tb_invalidate_phys_page_range(pc, pc + 1, 0);
305 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
307 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
308 (pc & ~TARGET_PAGE_MASK));
311 #endif /* TARGET_HAS_ICE */
313 #if defined(CONFIG_USER_ONLY)
314 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
319 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
320 int flags, CPUWatchpoint **watchpoint)
325 /* Add a watchpoint. */
326 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
327 int flags, CPUWatchpoint **watchpoint)
329 target_ulong len_mask = ~(len - 1);
332 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
333 if ((len & (len - 1)) || (addr & ~len_mask) ||
334 len == 0 || len > TARGET_PAGE_SIZE) {
335 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
336 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
339 wp = g_malloc(sizeof(*wp));
342 wp->len_mask = len_mask;
345 /* keep all GDB-injected watchpoints in front */
347 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
349 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
351 tlb_flush_page(env, addr);
358 /* Remove a specific watchpoint. */
359 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
362 target_ulong len_mask = ~(len - 1);
365 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
366 if (addr == wp->vaddr && len_mask == wp->len_mask
367 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
368 cpu_watchpoint_remove_by_ref(env, wp);
375 /* Remove a specific watchpoint by reference. */
376 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
378 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
380 tlb_flush_page(env, watchpoint->vaddr);
385 /* Remove all matching watchpoints. */
386 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
388 CPUWatchpoint *wp, *next;
390 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
391 if (wp->flags & mask)
392 cpu_watchpoint_remove_by_ref(env, wp);
397 /* Add a breakpoint. */
398 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
399 CPUBreakpoint **breakpoint)
401 #if defined(TARGET_HAS_ICE)
404 bp = g_malloc(sizeof(*bp));
409 /* keep all GDB-injected breakpoints in front */
411 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
413 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
415 breakpoint_invalidate(env, pc);
425 /* Remove a specific breakpoint. */
426 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
428 #if defined(TARGET_HAS_ICE)
431 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
432 if (bp->pc == pc && bp->flags == flags) {
433 cpu_breakpoint_remove_by_ref(env, bp);
443 /* Remove a specific breakpoint by reference. */
444 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
446 #if defined(TARGET_HAS_ICE)
447 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
449 breakpoint_invalidate(env, breakpoint->pc);
455 /* Remove all matching breakpoints. */
456 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
458 #if defined(TARGET_HAS_ICE)
459 CPUBreakpoint *bp, *next;
461 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
462 if (bp->flags & mask)
463 cpu_breakpoint_remove_by_ref(env, bp);
468 /* enable or disable single step mode. EXCP_DEBUG is returned by the
469 CPU loop after each instruction */
470 void cpu_single_step(CPUArchState *env, int enabled)
472 #if defined(TARGET_HAS_ICE)
473 if (env->singlestep_enabled != enabled) {
474 env->singlestep_enabled = enabled;
476 kvm_update_guest_debug(env, 0);
478 /* must flush all the translated code to avoid inconsistencies */
479 /* XXX: only flush what is necessary */
486 void cpu_reset_interrupt(CPUArchState *env, int mask)
488 env->interrupt_request &= ~mask;
491 void cpu_exit(CPUArchState *env)
493 env->exit_request = 1;
497 void cpu_abort(CPUArchState *env, const char *fmt, ...)
504 fprintf(stderr, "qemu: fatal: ");
505 vfprintf(stderr, fmt, ap);
506 fprintf(stderr, "\n");
507 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
508 if (qemu_log_enabled()) {
509 qemu_log("qemu: fatal: ");
510 qemu_log_vprintf(fmt, ap2);
512 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
518 #if defined(CONFIG_USER_ONLY)
520 struct sigaction act;
521 sigfillset(&act.sa_mask);
522 act.sa_handler = SIG_DFL;
523 sigaction(SIGABRT, &act, NULL);
529 CPUArchState *cpu_copy(CPUArchState *env)
531 CPUArchState *new_env = cpu_init(env->cpu_model_str);
532 CPUArchState *next_cpu = new_env->next_cpu;
533 int cpu_index = new_env->cpu_index;
534 #if defined(TARGET_HAS_ICE)
539 memcpy(new_env, env, sizeof(CPUArchState));
541 /* Preserve chaining and index. */
542 new_env->next_cpu = next_cpu;
543 new_env->cpu_index = cpu_index;
545 /* Clone all break/watchpoints.
546 Note: Once we support ptrace with hw-debug register access, make sure
547 BP_CPU break/watchpoints are handled correctly on clone. */
548 QTAILQ_INIT(&env->breakpoints);
549 QTAILQ_INIT(&env->watchpoints);
550 #if defined(TARGET_HAS_ICE)
551 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
552 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
554 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
555 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
563 #if !defined(CONFIG_USER_ONLY)
564 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
569 /* we modify the TLB cache so that the dirty bit will be set again
570 when accessing the range */
571 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
572 /* Check that we don't span multiple blocks - this breaks the
573 address comparisons below. */
574 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
575 != (end - 1) - start) {
578 cpu_tlb_reset_dirty_all(start1, length);
582 /* Note: start and end must be within the same ram block. */
583 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
588 start &= TARGET_PAGE_MASK;
589 end = TARGET_PAGE_ALIGN(end);
591 length = end - start;
594 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
597 tlb_reset_dirty_range_all(start, end, length);
601 static int cpu_physical_memory_set_dirty_tracking(int enable)
604 in_migration = enable;
608 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
609 MemoryRegionSection *section,
613 target_ulong *address)
618 if (memory_region_is_ram(section->mr)) {
620 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
621 + memory_region_section_addr(section, paddr);
622 if (!section->readonly) {
623 iotlb |= phys_section_notdirty;
625 iotlb |= phys_section_rom;
628 /* IO handlers are currently passed a physical address.
629 It would be nice to pass an offset from the base address
630 of that region. This would avoid having to special case RAM,
631 and avoid full address decoding in every device.
632 We can't use the high bits of pd for this because
633 IO_MEM_ROMD uses these as a ram address. */
634 iotlb = section - phys_sections;
635 iotlb += memory_region_section_addr(section, paddr);
638 /* Make accesses to pages with watchpoints go via the
639 watchpoint trap routines. */
640 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
641 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
642 /* Avoid trapping reads of pages with a write breakpoint. */
643 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
644 iotlb = phys_section_watch + paddr;
645 *address |= TLB_MMIO;
653 #endif /* defined(CONFIG_USER_ONLY) */
655 #if !defined(CONFIG_USER_ONLY)
657 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
658 typedef struct subpage_t {
661 uint16_t sub_section[TARGET_PAGE_SIZE];
664 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
666 static subpage_t *subpage_init(hwaddr base);
667 static void destroy_page_desc(uint16_t section_index)
669 MemoryRegionSection *section = &phys_sections[section_index];
670 MemoryRegion *mr = section->mr;
673 subpage_t *subpage = container_of(mr, subpage_t, iomem);
674 memory_region_destroy(&subpage->iomem);
679 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
684 if (lp->ptr == PHYS_MAP_NODE_NIL) {
688 p = phys_map_nodes[lp->ptr];
689 for (i = 0; i < L2_SIZE; ++i) {
691 destroy_l2_mapping(&p[i], level - 1);
693 destroy_page_desc(p[i].ptr);
697 lp->ptr = PHYS_MAP_NODE_NIL;
700 static void destroy_all_mappings(AddressSpaceDispatch *d)
702 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
703 phys_map_nodes_reset();
706 static uint16_t phys_section_add(MemoryRegionSection *section)
708 if (phys_sections_nb == phys_sections_nb_alloc) {
709 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
710 phys_sections = g_renew(MemoryRegionSection, phys_sections,
711 phys_sections_nb_alloc);
713 phys_sections[phys_sections_nb] = *section;
714 return phys_sections_nb++;
717 static void phys_sections_clear(void)
719 phys_sections_nb = 0;
722 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
725 hwaddr base = section->offset_within_address_space
727 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
728 MemoryRegionSection subsection = {
729 .offset_within_address_space = base,
730 .size = TARGET_PAGE_SIZE,
734 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
736 if (!(existing->mr->subpage)) {
737 subpage = subpage_init(base);
738 subsection.mr = &subpage->iomem;
739 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
740 phys_section_add(&subsection));
742 subpage = container_of(existing->mr, subpage_t, iomem);
744 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
745 end = start + section->size - 1;
746 subpage_register(subpage, start, end, phys_section_add(section));
750 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
752 hwaddr start_addr = section->offset_within_address_space;
753 ram_addr_t size = section->size;
755 uint16_t section_index = phys_section_add(section);
760 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
764 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
766 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
767 MemoryRegionSection now = *section, remain = *section;
769 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
770 || (now.size < TARGET_PAGE_SIZE)) {
771 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
772 - now.offset_within_address_space,
774 register_subpage(d, &now);
775 remain.size -= now.size;
776 remain.offset_within_address_space += now.size;
777 remain.offset_within_region += now.size;
779 while (remain.size >= TARGET_PAGE_SIZE) {
781 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
782 now.size = TARGET_PAGE_SIZE;
783 register_subpage(d, &now);
785 now.size &= TARGET_PAGE_MASK;
786 register_multipage(d, &now);
788 remain.size -= now.size;
789 remain.offset_within_address_space += now.size;
790 remain.offset_within_region += now.size;
794 register_subpage(d, &now);
798 void qemu_flush_coalesced_mmio_buffer(void)
801 kvm_flush_coalesced_mmio_buffer();
804 #if defined(__linux__) && !defined(TARGET_S390X)
808 #define HUGETLBFS_MAGIC 0x958458f6
810 static long gethugepagesize(const char *path)
816 ret = statfs(path, &fs);
817 } while (ret != 0 && errno == EINTR);
824 if (fs.f_type != HUGETLBFS_MAGIC)
825 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
830 static void *file_ram_alloc(RAMBlock *block,
840 unsigned long hpagesize;
842 hpagesize = gethugepagesize(path);
847 if (memory < hpagesize) {
851 if (kvm_enabled() && !kvm_has_sync_mmu()) {
852 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
856 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
860 fd = mkstemp(filename);
862 perror("unable to create backing store for hugepages");
869 memory = (memory+hpagesize-1) & ~(hpagesize-1);
872 * ftruncate is not supported by hugetlbfs in older
873 * hosts, so don't bother bailing out on errors.
874 * If anything goes wrong with it under other filesystems,
877 if (ftruncate(fd, memory))
881 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
882 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
883 * to sidestep this quirk.
885 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
886 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
888 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
890 if (area == MAP_FAILED) {
891 perror("file_ram_alloc: can't mmap RAM pages");
900 static ram_addr_t find_ram_offset(ram_addr_t size)
902 RAMBlock *block, *next_block;
903 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
905 if (QTAILQ_EMPTY(&ram_list.blocks))
908 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
909 ram_addr_t end, next = RAM_ADDR_MAX;
911 end = block->offset + block->length;
913 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
914 if (next_block->offset >= end) {
915 next = MIN(next, next_block->offset);
918 if (next - end >= size && next - end < mingap) {
924 if (offset == RAM_ADDR_MAX) {
925 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
933 ram_addr_t last_ram_offset(void)
938 QTAILQ_FOREACH(block, &ram_list.blocks, next)
939 last = MAX(last, block->offset + block->length);
944 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
947 QemuOpts *machine_opts;
949 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
950 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
952 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
953 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
955 perror("qemu_madvise");
956 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
957 "but dump_guest_core=off specified\n");
962 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
964 RAMBlock *new_block, *block;
967 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
968 if (block->offset == addr) {
974 assert(!new_block->idstr[0]);
977 char *id = qdev_get_dev_path(dev);
979 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
983 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
985 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
986 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
987 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
994 static int memory_try_enable_merging(void *addr, size_t len)
998 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
999 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1000 /* disabled by the user */
1004 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1007 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1010 RAMBlock *block, *new_block;
1012 size = TARGET_PAGE_ALIGN(size);
1013 new_block = g_malloc0(sizeof(*new_block));
1016 new_block->offset = find_ram_offset(size);
1018 new_block->host = host;
1019 new_block->flags |= RAM_PREALLOC_MASK;
1022 #if defined (__linux__) && !defined(TARGET_S390X)
1023 new_block->host = file_ram_alloc(new_block, size, mem_path);
1024 if (!new_block->host) {
1025 new_block->host = qemu_vmalloc(size);
1026 memory_try_enable_merging(new_block->host, size);
1029 fprintf(stderr, "-mem-path option unsupported\n");
1033 if (xen_enabled()) {
1034 xen_ram_alloc(new_block->offset, size, mr);
1035 } else if (kvm_enabled()) {
1036 /* some s390/kvm configurations have special constraints */
1037 new_block->host = kvm_vmalloc(size);
1039 new_block->host = qemu_vmalloc(size);
1041 memory_try_enable_merging(new_block->host, size);
1044 new_block->length = size;
1046 /* Keep the list sorted from biggest to smallest block. */
1047 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1048 if (block->length < new_block->length) {
1053 QTAILQ_INSERT_BEFORE(block, new_block, next);
1055 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1057 ram_list.mru_block = NULL;
1061 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1062 last_ram_offset() >> TARGET_PAGE_BITS);
1063 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1064 0, size >> TARGET_PAGE_BITS);
1065 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1067 qemu_ram_setup_dump(new_block->host, size);
1068 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1071 kvm_setup_guest_memory(new_block->host, size);
1073 return new_block->offset;
1076 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1078 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1081 void qemu_ram_free_from_ptr(ram_addr_t addr)
1085 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1086 if (addr == block->offset) {
1087 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1088 ram_list.mru_block = NULL;
1096 void qemu_ram_free(ram_addr_t addr)
1100 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1101 if (addr == block->offset) {
1102 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1103 ram_list.mru_block = NULL;
1105 if (block->flags & RAM_PREALLOC_MASK) {
1107 } else if (mem_path) {
1108 #if defined (__linux__) && !defined(TARGET_S390X)
1110 munmap(block->host, block->length);
1113 qemu_vfree(block->host);
1119 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1120 munmap(block->host, block->length);
1122 if (xen_enabled()) {
1123 xen_invalidate_map_cache_entry(block->host);
1125 qemu_vfree(block->host);
1137 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1144 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1145 offset = addr - block->offset;
1146 if (offset < block->length) {
1147 vaddr = block->host + offset;
1148 if (block->flags & RAM_PREALLOC_MASK) {
1152 munmap(vaddr, length);
1154 #if defined(__linux__) && !defined(TARGET_S390X)
1157 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1160 flags |= MAP_PRIVATE;
1162 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1163 flags, block->fd, offset);
1165 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1166 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1173 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1174 flags |= MAP_SHARED | MAP_ANONYMOUS;
1175 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1178 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1179 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1183 if (area != vaddr) {
1184 fprintf(stderr, "Could not remap addr: "
1185 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1189 memory_try_enable_merging(vaddr, length);
1190 qemu_ram_setup_dump(vaddr, length);
1196 #endif /* !_WIN32 */
1198 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1199 With the exception of the softmmu code in this file, this should
1200 only be used for local memory (e.g. video ram) that the device owns,
1201 and knows it isn't going to access beyond the end of the block.
1203 It should not be used for general purpose DMA.
1204 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1206 void *qemu_get_ram_ptr(ram_addr_t addr)
1210 block = ram_list.mru_block;
1211 if (block && addr - block->offset < block->length) {
1214 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1215 if (addr - block->offset < block->length) {
1220 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1224 ram_list.mru_block = block;
1225 if (xen_enabled()) {
1226 /* We need to check if the requested address is in the RAM
1227 * because we don't want to map the entire memory in QEMU.
1228 * In that case just map until the end of the page.
1230 if (block->offset == 0) {
1231 return xen_map_cache(addr, 0, 0);
1232 } else if (block->host == NULL) {
1234 xen_map_cache(block->offset, block->length, 1);
1237 return block->host + (addr - block->offset);
1240 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1241 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1243 * ??? Is this still necessary?
1245 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1249 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1250 if (addr - block->offset < block->length) {
1251 if (xen_enabled()) {
1252 /* We need to check if the requested address is in the RAM
1253 * because we don't want to map the entire memory in QEMU.
1254 * In that case just map until the end of the page.
1256 if (block->offset == 0) {
1257 return xen_map_cache(addr, 0, 0);
1258 } else if (block->host == NULL) {
1260 xen_map_cache(block->offset, block->length, 1);
1263 return block->host + (addr - block->offset);
1267 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1273 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1274 * but takes a size argument */
1275 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1280 if (xen_enabled()) {
1281 return xen_map_cache(addr, *size, 1);
1285 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1286 if (addr - block->offset < block->length) {
1287 if (addr - block->offset + *size > block->length)
1288 *size = block->length - addr + block->offset;
1289 return block->host + (addr - block->offset);
1293 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1298 void qemu_put_ram_ptr(void *addr)
1300 trace_qemu_put_ram_ptr(addr);
1303 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1306 uint8_t *host = ptr;
1308 if (xen_enabled()) {
1309 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1313 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1314 /* This case append when the block is not mapped. */
1315 if (block->host == NULL) {
1318 if (host - block->host < block->length) {
1319 *ram_addr = block->offset + (host - block->host);
1327 /* Some of the softmmu routines need to translate from a host pointer
1328 (typically a TLB entry) back to a ram offset. */
1329 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1331 ram_addr_t ram_addr;
1333 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1334 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1340 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1343 #ifdef DEBUG_UNASSIGNED
1344 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1346 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1347 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1352 static void unassigned_mem_write(void *opaque, hwaddr addr,
1353 uint64_t val, unsigned size)
1355 #ifdef DEBUG_UNASSIGNED
1356 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1358 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1359 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1363 static const MemoryRegionOps unassigned_mem_ops = {
1364 .read = unassigned_mem_read,
1365 .write = unassigned_mem_write,
1366 .endianness = DEVICE_NATIVE_ENDIAN,
1369 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1375 static void error_mem_write(void *opaque, hwaddr addr,
1376 uint64_t value, unsigned size)
1381 static const MemoryRegionOps error_mem_ops = {
1382 .read = error_mem_read,
1383 .write = error_mem_write,
1384 .endianness = DEVICE_NATIVE_ENDIAN,
1387 static const MemoryRegionOps rom_mem_ops = {
1388 .read = error_mem_read,
1389 .write = unassigned_mem_write,
1390 .endianness = DEVICE_NATIVE_ENDIAN,
1393 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1394 uint64_t val, unsigned size)
1397 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1398 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1399 #if !defined(CONFIG_USER_ONLY)
1400 tb_invalidate_phys_page_fast(ram_addr, size);
1401 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1406 stb_p(qemu_get_ram_ptr(ram_addr), val);
1409 stw_p(qemu_get_ram_ptr(ram_addr), val);
1412 stl_p(qemu_get_ram_ptr(ram_addr), val);
1417 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1418 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1419 /* we remove the notdirty callback only if the code has been
1421 if (dirty_flags == 0xff)
1422 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1425 static const MemoryRegionOps notdirty_mem_ops = {
1426 .read = error_mem_read,
1427 .write = notdirty_mem_write,
1428 .endianness = DEVICE_NATIVE_ENDIAN,
1431 /* Generate a debug exception if a watchpoint has been hit. */
1432 static void check_watchpoint(int offset, int len_mask, int flags)
1434 CPUArchState *env = cpu_single_env;
1435 target_ulong pc, cs_base;
1440 if (env->watchpoint_hit) {
1441 /* We re-entered the check after replacing the TB. Now raise
1442 * the debug interrupt so that is will trigger after the
1443 * current instruction. */
1444 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
1447 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1448 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1449 if ((vaddr == (wp->vaddr & len_mask) ||
1450 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1451 wp->flags |= BP_WATCHPOINT_HIT;
1452 if (!env->watchpoint_hit) {
1453 env->watchpoint_hit = wp;
1454 tb_check_watchpoint(env);
1455 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1456 env->exception_index = EXCP_DEBUG;
1459 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1460 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1461 cpu_resume_from_signal(env, NULL);
1465 wp->flags &= ~BP_WATCHPOINT_HIT;
1470 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1471 so these check for a hit then pass through to the normal out-of-line
1473 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1476 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1478 case 1: return ldub_phys(addr);
1479 case 2: return lduw_phys(addr);
1480 case 4: return ldl_phys(addr);
1485 static void watch_mem_write(void *opaque, hwaddr addr,
1486 uint64_t val, unsigned size)
1488 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1491 stb_phys(addr, val);
1494 stw_phys(addr, val);
1497 stl_phys(addr, val);
1503 static const MemoryRegionOps watch_mem_ops = {
1504 .read = watch_mem_read,
1505 .write = watch_mem_write,
1506 .endianness = DEVICE_NATIVE_ENDIAN,
1509 static uint64_t subpage_read(void *opaque, hwaddr addr,
1512 subpage_t *mmio = opaque;
1513 unsigned int idx = SUBPAGE_IDX(addr);
1514 MemoryRegionSection *section;
1515 #if defined(DEBUG_SUBPAGE)
1516 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1517 mmio, len, addr, idx);
1520 section = &phys_sections[mmio->sub_section[idx]];
1522 addr -= section->offset_within_address_space;
1523 addr += section->offset_within_region;
1524 return io_mem_read(section->mr, addr, len);
1527 static void subpage_write(void *opaque, hwaddr addr,
1528 uint64_t value, unsigned len)
1530 subpage_t *mmio = opaque;
1531 unsigned int idx = SUBPAGE_IDX(addr);
1532 MemoryRegionSection *section;
1533 #if defined(DEBUG_SUBPAGE)
1534 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1535 " idx %d value %"PRIx64"\n",
1536 __func__, mmio, len, addr, idx, value);
1539 section = &phys_sections[mmio->sub_section[idx]];
1541 addr -= section->offset_within_address_space;
1542 addr += section->offset_within_region;
1543 io_mem_write(section->mr, addr, value, len);
1546 static const MemoryRegionOps subpage_ops = {
1547 .read = subpage_read,
1548 .write = subpage_write,
1549 .endianness = DEVICE_NATIVE_ENDIAN,
1552 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1555 ram_addr_t raddr = addr;
1556 void *ptr = qemu_get_ram_ptr(raddr);
1558 case 1: return ldub_p(ptr);
1559 case 2: return lduw_p(ptr);
1560 case 4: return ldl_p(ptr);
1565 static void subpage_ram_write(void *opaque, hwaddr addr,
1566 uint64_t value, unsigned size)
1568 ram_addr_t raddr = addr;
1569 void *ptr = qemu_get_ram_ptr(raddr);
1571 case 1: return stb_p(ptr, value);
1572 case 2: return stw_p(ptr, value);
1573 case 4: return stl_p(ptr, value);
1578 static const MemoryRegionOps subpage_ram_ops = {
1579 .read = subpage_ram_read,
1580 .write = subpage_ram_write,
1581 .endianness = DEVICE_NATIVE_ENDIAN,
1584 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1589 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1591 idx = SUBPAGE_IDX(start);
1592 eidx = SUBPAGE_IDX(end);
1593 #if defined(DEBUG_SUBPAGE)
1594 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1595 mmio, start, end, idx, eidx, memory);
1597 if (memory_region_is_ram(phys_sections[section].mr)) {
1598 MemoryRegionSection new_section = phys_sections[section];
1599 new_section.mr = &io_mem_subpage_ram;
1600 section = phys_section_add(&new_section);
1602 for (; idx <= eidx; idx++) {
1603 mmio->sub_section[idx] = section;
1609 static subpage_t *subpage_init(hwaddr base)
1613 mmio = g_malloc0(sizeof(subpage_t));
1616 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1617 "subpage", TARGET_PAGE_SIZE);
1618 mmio->iomem.subpage = true;
1619 #if defined(DEBUG_SUBPAGE)
1620 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1621 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1623 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1628 static uint16_t dummy_section(MemoryRegion *mr)
1630 MemoryRegionSection section = {
1632 .offset_within_address_space = 0,
1633 .offset_within_region = 0,
1637 return phys_section_add(§ion);
1640 MemoryRegion *iotlb_to_region(hwaddr index)
1642 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1645 static void io_mem_init(void)
1647 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
1648 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1649 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1650 "unassigned", UINT64_MAX);
1651 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1652 "notdirty", UINT64_MAX);
1653 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1654 "subpage-ram", UINT64_MAX);
1655 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1656 "watch", UINT64_MAX);
1659 static void mem_begin(MemoryListener *listener)
1661 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1663 destroy_all_mappings(d);
1664 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1667 static void core_begin(MemoryListener *listener)
1669 phys_sections_clear();
1670 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1671 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1672 phys_section_rom = dummy_section(&io_mem_rom);
1673 phys_section_watch = dummy_section(&io_mem_watch);
1676 static void tcg_commit(MemoryListener *listener)
1680 /* since each CPU stores ram addresses in its TLB cache, we must
1681 reset the modified entries */
1683 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1688 static void core_log_global_start(MemoryListener *listener)
1690 cpu_physical_memory_set_dirty_tracking(1);
1693 static void core_log_global_stop(MemoryListener *listener)
1695 cpu_physical_memory_set_dirty_tracking(0);
1698 static void io_region_add(MemoryListener *listener,
1699 MemoryRegionSection *section)
1701 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1703 mrio->mr = section->mr;
1704 mrio->offset = section->offset_within_region;
1705 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1706 section->offset_within_address_space, section->size);
1707 ioport_register(&mrio->iorange);
1710 static void io_region_del(MemoryListener *listener,
1711 MemoryRegionSection *section)
1713 isa_unassign_ioport(section->offset_within_address_space, section->size);
1716 static MemoryListener core_memory_listener = {
1717 .begin = core_begin,
1718 .log_global_start = core_log_global_start,
1719 .log_global_stop = core_log_global_stop,
1723 static MemoryListener io_memory_listener = {
1724 .region_add = io_region_add,
1725 .region_del = io_region_del,
1729 static MemoryListener tcg_memory_listener = {
1730 .commit = tcg_commit,
1733 void address_space_init_dispatch(AddressSpace *as)
1735 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1737 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1738 d->listener = (MemoryListener) {
1740 .region_add = mem_add,
1741 .region_nop = mem_add,
1745 memory_listener_register(&d->listener, as);
1748 void address_space_destroy_dispatch(AddressSpace *as)
1750 AddressSpaceDispatch *d = as->dispatch;
1752 memory_listener_unregister(&d->listener);
1753 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1755 as->dispatch = NULL;
1758 static void memory_map_init(void)
1760 system_memory = g_malloc(sizeof(*system_memory));
1761 memory_region_init(system_memory, "system", INT64_MAX);
1762 address_space_init(&address_space_memory, system_memory);
1763 address_space_memory.name = "memory";
1765 system_io = g_malloc(sizeof(*system_io));
1766 memory_region_init(system_io, "io", 65536);
1767 address_space_init(&address_space_io, system_io);
1768 address_space_io.name = "I/O";
1770 memory_listener_register(&core_memory_listener, &address_space_memory);
1771 memory_listener_register(&io_memory_listener, &address_space_io);
1772 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1774 dma_context_init(&dma_context_memory, &address_space_memory,
1778 MemoryRegion *get_system_memory(void)
1780 return system_memory;
1783 MemoryRegion *get_system_io(void)
1788 #endif /* !defined(CONFIG_USER_ONLY) */
1790 /* physical memory access (slow version, mainly for debug) */
1791 #if defined(CONFIG_USER_ONLY)
1792 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1793 uint8_t *buf, int len, int is_write)
1800 page = addr & TARGET_PAGE_MASK;
1801 l = (page + TARGET_PAGE_SIZE) - addr;
1804 flags = page_get_flags(page);
1805 if (!(flags & PAGE_VALID))
1808 if (!(flags & PAGE_WRITE))
1810 /* XXX: this code should not depend on lock_user */
1811 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1814 unlock_user(p, addr, l);
1816 if (!(flags & PAGE_READ))
1818 /* XXX: this code should not depend on lock_user */
1819 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1822 unlock_user(p, addr, 0);
1833 static void invalidate_and_set_dirty(hwaddr addr,
1836 if (!cpu_physical_memory_is_dirty(addr)) {
1837 /* invalidate code */
1838 tb_invalidate_phys_page_range(addr, addr + length, 0);
1840 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1842 xen_modified_memory(addr, length);
1845 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1846 int len, bool is_write)
1848 AddressSpaceDispatch *d = as->dispatch;
1853 MemoryRegionSection *section;
1856 page = addr & TARGET_PAGE_MASK;
1857 l = (page + TARGET_PAGE_SIZE) - addr;
1860 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1863 if (!memory_region_is_ram(section->mr)) {
1865 addr1 = memory_region_section_addr(section, addr);
1866 /* XXX: could force cpu_single_env to NULL to avoid
1868 if (l >= 4 && ((addr1 & 3) == 0)) {
1869 /* 32 bit write access */
1871 io_mem_write(section->mr, addr1, val, 4);
1873 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1874 /* 16 bit write access */
1876 io_mem_write(section->mr, addr1, val, 2);
1879 /* 8 bit write access */
1881 io_mem_write(section->mr, addr1, val, 1);
1884 } else if (!section->readonly) {
1886 addr1 = memory_region_get_ram_addr(section->mr)
1887 + memory_region_section_addr(section, addr);
1889 ptr = qemu_get_ram_ptr(addr1);
1890 memcpy(ptr, buf, l);
1891 invalidate_and_set_dirty(addr1, l);
1892 qemu_put_ram_ptr(ptr);
1895 if (!(memory_region_is_ram(section->mr) ||
1896 memory_region_is_romd(section->mr))) {
1899 addr1 = memory_region_section_addr(section, addr);
1900 if (l >= 4 && ((addr1 & 3) == 0)) {
1901 /* 32 bit read access */
1902 val = io_mem_read(section->mr, addr1, 4);
1905 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1906 /* 16 bit read access */
1907 val = io_mem_read(section->mr, addr1, 2);
1911 /* 8 bit read access */
1912 val = io_mem_read(section->mr, addr1, 1);
1918 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1919 + memory_region_section_addr(section,
1921 memcpy(buf, ptr, l);
1922 qemu_put_ram_ptr(ptr);
1931 void address_space_write(AddressSpace *as, hwaddr addr,
1932 const uint8_t *buf, int len)
1934 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1938 * address_space_read: read from an address space.
1940 * @as: #AddressSpace to be accessed
1941 * @addr: address within that address space
1942 * @buf: buffer with the data transferred
1944 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1946 address_space_rw(as, addr, buf, len, false);
1950 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1951 int len, int is_write)
1953 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1956 /* used for ROM loading : can write in RAM and ROM */
1957 void cpu_physical_memory_write_rom(hwaddr addr,
1958 const uint8_t *buf, int len)
1960 AddressSpaceDispatch *d = address_space_memory.dispatch;
1964 MemoryRegionSection *section;
1967 page = addr & TARGET_PAGE_MASK;
1968 l = (page + TARGET_PAGE_SIZE) - addr;
1971 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1973 if (!(memory_region_is_ram(section->mr) ||
1974 memory_region_is_romd(section->mr))) {
1977 unsigned long addr1;
1978 addr1 = memory_region_get_ram_addr(section->mr)
1979 + memory_region_section_addr(section, addr);
1981 ptr = qemu_get_ram_ptr(addr1);
1982 memcpy(ptr, buf, l);
1983 invalidate_and_set_dirty(addr1, l);
1984 qemu_put_ram_ptr(ptr);
1998 static BounceBuffer bounce;
2000 typedef struct MapClient {
2002 void (*callback)(void *opaque);
2003 QLIST_ENTRY(MapClient) link;
2006 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2007 = QLIST_HEAD_INITIALIZER(map_client_list);
2009 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2011 MapClient *client = g_malloc(sizeof(*client));
2013 client->opaque = opaque;
2014 client->callback = callback;
2015 QLIST_INSERT_HEAD(&map_client_list, client, link);
2019 static void cpu_unregister_map_client(void *_client)
2021 MapClient *client = (MapClient *)_client;
2023 QLIST_REMOVE(client, link);
2027 static void cpu_notify_map_clients(void)
2031 while (!QLIST_EMPTY(&map_client_list)) {
2032 client = QLIST_FIRST(&map_client_list);
2033 client->callback(client->opaque);
2034 cpu_unregister_map_client(client);
2038 /* Map a physical memory region into a host virtual address.
2039 * May map a subset of the requested range, given by and returned in *plen.
2040 * May return NULL if resources needed to perform the mapping are exhausted.
2041 * Use only for reads OR writes - not for read-modify-write operations.
2042 * Use cpu_register_map_client() to know when retrying the map operation is
2043 * likely to succeed.
2045 void *address_space_map(AddressSpace *as,
2050 AddressSpaceDispatch *d = as->dispatch;
2055 MemoryRegionSection *section;
2056 ram_addr_t raddr = RAM_ADDR_MAX;
2061 page = addr & TARGET_PAGE_MASK;
2062 l = (page + TARGET_PAGE_SIZE) - addr;
2065 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2067 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2068 if (todo || bounce.buffer) {
2071 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2075 address_space_read(as, addr, bounce.buffer, l);
2079 return bounce.buffer;
2082 raddr = memory_region_get_ram_addr(section->mr)
2083 + memory_region_section_addr(section, addr);
2091 ret = qemu_ram_ptr_length(raddr, &rlen);
2096 /* Unmaps a memory region previously mapped by address_space_map().
2097 * Will also mark the memory as dirty if is_write == 1. access_len gives
2098 * the amount of memory that was actually read or written by the caller.
2100 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2101 int is_write, hwaddr access_len)
2103 if (buffer != bounce.buffer) {
2105 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2106 while (access_len) {
2108 l = TARGET_PAGE_SIZE;
2111 invalidate_and_set_dirty(addr1, l);
2116 if (xen_enabled()) {
2117 xen_invalidate_map_cache_entry(buffer);
2122 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2124 qemu_vfree(bounce.buffer);
2125 bounce.buffer = NULL;
2126 cpu_notify_map_clients();
2129 void *cpu_physical_memory_map(hwaddr addr,
2133 return address_space_map(&address_space_memory, addr, plen, is_write);
2136 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2137 int is_write, hwaddr access_len)
2139 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2142 /* warning: addr must be aligned */
2143 static inline uint32_t ldl_phys_internal(hwaddr addr,
2144 enum device_endian endian)
2148 MemoryRegionSection *section;
2150 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2152 if (!(memory_region_is_ram(section->mr) ||
2153 memory_region_is_romd(section->mr))) {
2155 addr = memory_region_section_addr(section, addr);
2156 val = io_mem_read(section->mr, addr, 4);
2157 #if defined(TARGET_WORDS_BIGENDIAN)
2158 if (endian == DEVICE_LITTLE_ENDIAN) {
2162 if (endian == DEVICE_BIG_ENDIAN) {
2168 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2170 + memory_region_section_addr(section, addr));
2172 case DEVICE_LITTLE_ENDIAN:
2173 val = ldl_le_p(ptr);
2175 case DEVICE_BIG_ENDIAN:
2176 val = ldl_be_p(ptr);
2186 uint32_t ldl_phys(hwaddr addr)
2188 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2191 uint32_t ldl_le_phys(hwaddr addr)
2193 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2196 uint32_t ldl_be_phys(hwaddr addr)
2198 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2201 /* warning: addr must be aligned */
2202 static inline uint64_t ldq_phys_internal(hwaddr addr,
2203 enum device_endian endian)
2207 MemoryRegionSection *section;
2209 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2211 if (!(memory_region_is_ram(section->mr) ||
2212 memory_region_is_romd(section->mr))) {
2214 addr = memory_region_section_addr(section, addr);
2216 /* XXX This is broken when device endian != cpu endian.
2217 Fix and add "endian" variable check */
2218 #ifdef TARGET_WORDS_BIGENDIAN
2219 val = io_mem_read(section->mr, addr, 4) << 32;
2220 val |= io_mem_read(section->mr, addr + 4, 4);
2222 val = io_mem_read(section->mr, addr, 4);
2223 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2227 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2229 + memory_region_section_addr(section, addr));
2231 case DEVICE_LITTLE_ENDIAN:
2232 val = ldq_le_p(ptr);
2234 case DEVICE_BIG_ENDIAN:
2235 val = ldq_be_p(ptr);
2245 uint64_t ldq_phys(hwaddr addr)
2247 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2250 uint64_t ldq_le_phys(hwaddr addr)
2252 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2255 uint64_t ldq_be_phys(hwaddr addr)
2257 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2261 uint32_t ldub_phys(hwaddr addr)
2264 cpu_physical_memory_read(addr, &val, 1);
2268 /* warning: addr must be aligned */
2269 static inline uint32_t lduw_phys_internal(hwaddr addr,
2270 enum device_endian endian)
2274 MemoryRegionSection *section;
2276 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2278 if (!(memory_region_is_ram(section->mr) ||
2279 memory_region_is_romd(section->mr))) {
2281 addr = memory_region_section_addr(section, addr);
2282 val = io_mem_read(section->mr, addr, 2);
2283 #if defined(TARGET_WORDS_BIGENDIAN)
2284 if (endian == DEVICE_LITTLE_ENDIAN) {
2288 if (endian == DEVICE_BIG_ENDIAN) {
2294 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2296 + memory_region_section_addr(section, addr));
2298 case DEVICE_LITTLE_ENDIAN:
2299 val = lduw_le_p(ptr);
2301 case DEVICE_BIG_ENDIAN:
2302 val = lduw_be_p(ptr);
2312 uint32_t lduw_phys(hwaddr addr)
2314 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2317 uint32_t lduw_le_phys(hwaddr addr)
2319 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2322 uint32_t lduw_be_phys(hwaddr addr)
2324 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2327 /* warning: addr must be aligned. The ram page is not masked as dirty
2328 and the code inside is not invalidated. It is useful if the dirty
2329 bits are used to track modified PTEs */
2330 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2333 MemoryRegionSection *section;
2335 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2337 if (!memory_region_is_ram(section->mr) || section->readonly) {
2338 addr = memory_region_section_addr(section, addr);
2339 if (memory_region_is_ram(section->mr)) {
2340 section = &phys_sections[phys_section_rom];
2342 io_mem_write(section->mr, addr, val, 4);
2344 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2346 + memory_region_section_addr(section, addr);
2347 ptr = qemu_get_ram_ptr(addr1);
2350 if (unlikely(in_migration)) {
2351 if (!cpu_physical_memory_is_dirty(addr1)) {
2352 /* invalidate code */
2353 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2355 cpu_physical_memory_set_dirty_flags(
2356 addr1, (0xff & ~CODE_DIRTY_FLAG));
2362 void stq_phys_notdirty(hwaddr addr, uint64_t val)
2365 MemoryRegionSection *section;
2367 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2369 if (!memory_region_is_ram(section->mr) || section->readonly) {
2370 addr = memory_region_section_addr(section, addr);
2371 if (memory_region_is_ram(section->mr)) {
2372 section = &phys_sections[phys_section_rom];
2374 #ifdef TARGET_WORDS_BIGENDIAN
2375 io_mem_write(section->mr, addr, val >> 32, 4);
2376 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
2378 io_mem_write(section->mr, addr, (uint32_t)val, 4);
2379 io_mem_write(section->mr, addr + 4, val >> 32, 4);
2382 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2384 + memory_region_section_addr(section, addr));
2389 /* warning: addr must be aligned */
2390 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2391 enum device_endian endian)
2394 MemoryRegionSection *section;
2396 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2398 if (!memory_region_is_ram(section->mr) || section->readonly) {
2399 addr = memory_region_section_addr(section, addr);
2400 if (memory_region_is_ram(section->mr)) {
2401 section = &phys_sections[phys_section_rom];
2403 #if defined(TARGET_WORDS_BIGENDIAN)
2404 if (endian == DEVICE_LITTLE_ENDIAN) {
2408 if (endian == DEVICE_BIG_ENDIAN) {
2412 io_mem_write(section->mr, addr, val, 4);
2414 unsigned long addr1;
2415 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2416 + memory_region_section_addr(section, addr);
2418 ptr = qemu_get_ram_ptr(addr1);
2420 case DEVICE_LITTLE_ENDIAN:
2423 case DEVICE_BIG_ENDIAN:
2430 invalidate_and_set_dirty(addr1, 4);
2434 void stl_phys(hwaddr addr, uint32_t val)
2436 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2439 void stl_le_phys(hwaddr addr, uint32_t val)
2441 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2444 void stl_be_phys(hwaddr addr, uint32_t val)
2446 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2450 void stb_phys(hwaddr addr, uint32_t val)
2453 cpu_physical_memory_write(addr, &v, 1);
2456 /* warning: addr must be aligned */
2457 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2458 enum device_endian endian)
2461 MemoryRegionSection *section;
2463 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2465 if (!memory_region_is_ram(section->mr) || section->readonly) {
2466 addr = memory_region_section_addr(section, addr);
2467 if (memory_region_is_ram(section->mr)) {
2468 section = &phys_sections[phys_section_rom];
2470 #if defined(TARGET_WORDS_BIGENDIAN)
2471 if (endian == DEVICE_LITTLE_ENDIAN) {
2475 if (endian == DEVICE_BIG_ENDIAN) {
2479 io_mem_write(section->mr, addr, val, 2);
2481 unsigned long addr1;
2482 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2483 + memory_region_section_addr(section, addr);
2485 ptr = qemu_get_ram_ptr(addr1);
2487 case DEVICE_LITTLE_ENDIAN:
2490 case DEVICE_BIG_ENDIAN:
2497 invalidate_and_set_dirty(addr1, 2);
2501 void stw_phys(hwaddr addr, uint32_t val)
2503 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2506 void stw_le_phys(hwaddr addr, uint32_t val)
2508 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2511 void stw_be_phys(hwaddr addr, uint32_t val)
2513 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2517 void stq_phys(hwaddr addr, uint64_t val)
2520 cpu_physical_memory_write(addr, &val, 8);
2523 void stq_le_phys(hwaddr addr, uint64_t val)
2525 val = cpu_to_le64(val);
2526 cpu_physical_memory_write(addr, &val, 8);
2529 void stq_be_phys(hwaddr addr, uint64_t val)
2531 val = cpu_to_be64(val);
2532 cpu_physical_memory_write(addr, &val, 8);
2535 /* virtual memory access for debug (includes writing to ROM) */
2536 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2537 uint8_t *buf, int len, int is_write)
2544 page = addr & TARGET_PAGE_MASK;
2545 phys_addr = cpu_get_phys_page_debug(env, page);
2546 /* if no physical page mapped, return an error */
2547 if (phys_addr == -1)
2549 l = (page + TARGET_PAGE_SIZE) - addr;
2552 phys_addr += (addr & ~TARGET_PAGE_MASK);
2554 cpu_physical_memory_write_rom(phys_addr, buf, l);
2556 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2565 #if !defined(CONFIG_USER_ONLY)
2568 * A helper function for the _utterly broken_ virtio device model to find out if
2569 * it's running on a big endian machine. Don't do this at home kids!
2571 bool virtio_is_big_endian(void);
2572 bool virtio_is_big_endian(void)
2574 #if defined(TARGET_WORDS_BIGENDIAN)
2583 #ifndef CONFIG_USER_ONLY
2584 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2586 MemoryRegionSection *section;
2588 section = phys_page_find(address_space_memory.dispatch,
2589 phys_addr >> TARGET_PAGE_BITS);
2591 return !(memory_region_is_ram(section->mr) ||
2592 memory_region_is_romd(section->mr));
projects / qemu.git / blob