4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUState *, current_cpu);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 typedef PhysPageEntry Node[L2_SIZE];
93 struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map;
99 MemoryRegionSection *sections;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t {
108 uint16_t sub_section[TARGET_PAGE_SIZE];
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
120 unsigned nodes_nb_alloc;
122 MemoryRegionSection *sections;
125 static PhysPageMap *prev_map;
126 static PhysPageMap next_map;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
132 static void *qemu_safe_ram_ptr(ram_addr_t addr);
134 static MemoryRegion io_mem_watch;
137 #if !defined(CONFIG_USER_ONLY)
139 static void phys_map_node_reserve(unsigned nodes)
141 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
142 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
144 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
145 next_map.nodes_nb + nodes);
146 next_map.nodes = g_renew(Node, next_map.nodes,
147 next_map.nodes_nb_alloc);
151 static uint16_t phys_map_node_alloc(void)
156 ret = next_map.nodes_nb++;
157 assert(ret != PHYS_MAP_NODE_NIL);
158 assert(ret != next_map.nodes_nb_alloc);
159 for (i = 0; i < L2_SIZE; ++i) {
160 next_map.nodes[ret][i].is_leaf = 0;
161 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
166 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
167 hwaddr *nb, uint16_t leaf,
172 hwaddr step = (hwaddr)1 << (level * L2_BITS);
174 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
175 lp->ptr = phys_map_node_alloc();
176 p = next_map.nodes[lp->ptr];
178 for (i = 0; i < L2_SIZE; i++) {
180 p[i].ptr = PHYS_SECTION_UNASSIGNED;
184 p = next_map.nodes[lp->ptr];
186 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
188 while (*nb && lp < &p[L2_SIZE]) {
189 if ((*index & (step - 1)) == 0 && *nb >= step) {
195 phys_page_set_level(lp, index, nb, leaf, level - 1);
201 static void phys_page_set(AddressSpaceDispatch *d,
202 hwaddr index, hwaddr nb,
205 /* Wildly overreserve - it doesn't matter much. */
206 phys_map_node_reserve(3 * P_L2_LEVELS);
208 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
211 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
212 Node *nodes, MemoryRegionSection *sections)
217 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
218 if (lp.ptr == PHYS_MAP_NODE_NIL) {
219 return §ions[PHYS_SECTION_UNASSIGNED];
222 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
224 return §ions[lp.ptr];
227 bool memory_region_is_unassigned(MemoryRegion *mr)
229 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
230 && mr != &io_mem_watch;
233 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
235 bool resolve_subpage)
237 MemoryRegionSection *section;
240 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
241 d->nodes, d->sections);
242 if (resolve_subpage && section->mr->subpage) {
243 subpage = container_of(section->mr, subpage_t, iomem);
244 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
249 static MemoryRegionSection *
250 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
251 hwaddr *plen, bool resolve_subpage)
253 MemoryRegionSection *section;
256 section = address_space_lookup_region(d, addr, resolve_subpage);
257 /* Compute offset within MemoryRegionSection */
258 addr -= section->offset_within_address_space;
260 /* Compute offset within MemoryRegion */
261 *xlat = addr + section->offset_within_region;
263 diff = int128_sub(section->mr->size, int128_make64(addr));
264 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
268 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
269 hwaddr *xlat, hwaddr *plen,
273 MemoryRegionSection *section;
278 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
281 if (!mr->iommu_ops) {
285 iotlb = mr->iommu_ops->translate(mr, addr);
286 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
287 | (addr & iotlb.addr_mask));
288 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
289 if (!(iotlb.perm & (1 << is_write))) {
290 mr = &io_mem_unassigned;
294 as = iotlb.target_as;
302 MemoryRegionSection *
303 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
306 MemoryRegionSection *section;
307 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
309 assert(!section->mr->iommu_ops);
314 void cpu_exec_init_all(void)
316 #if !defined(CONFIG_USER_ONLY)
317 qemu_mutex_init(&ram_list.mutex);
323 #if !defined(CONFIG_USER_ONLY)
325 static int cpu_common_post_load(void *opaque, int version_id)
327 CPUState *cpu = opaque;
329 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
330 version_id is increased. */
331 cpu->interrupt_request &= ~0x01;
332 tlb_flush(cpu->env_ptr, 1);
337 const VMStateDescription vmstate_cpu_common = {
338 .name = "cpu_common",
340 .minimum_version_id = 1,
341 .minimum_version_id_old = 1,
342 .post_load = cpu_common_post_load,
343 .fields = (VMStateField []) {
344 VMSTATE_UINT32(halted, CPUState),
345 VMSTATE_UINT32(interrupt_request, CPUState),
346 VMSTATE_END_OF_LIST()
352 CPUState *qemu_get_cpu(int index)
357 if (cpu->cpu_index == index) {
365 void cpu_exec_init(CPUArchState *env)
367 CPUState *cpu = ENV_GET_CPU(env);
368 CPUClass *cc = CPU_GET_CLASS(cpu);
372 #if defined(CONFIG_USER_ONLY)
376 CPU_FOREACH(some_cpu) {
379 cpu->cpu_index = cpu_index;
381 QTAILQ_INIT(&env->breakpoints);
382 QTAILQ_INIT(&env->watchpoints);
383 #ifndef CONFIG_USER_ONLY
384 cpu->thread_id = qemu_get_thread_id();
386 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
387 #if defined(CONFIG_USER_ONLY)
390 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
391 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
393 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
394 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
395 cpu_save, cpu_load, env);
396 assert(cc->vmsd == NULL);
397 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
399 if (cc->vmsd != NULL) {
400 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
404 #if defined(TARGET_HAS_ICE)
405 #if defined(CONFIG_USER_ONLY)
406 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
408 tb_invalidate_phys_page_range(pc, pc + 1, 0);
411 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
413 tb_invalidate_phys_addr(cpu_get_phys_page_debug(cpu, pc) |
414 (pc & ~TARGET_PAGE_MASK));
417 #endif /* TARGET_HAS_ICE */
419 #if defined(CONFIG_USER_ONLY)
420 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
425 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
426 int flags, CPUWatchpoint **watchpoint)
431 /* Add a watchpoint. */
432 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
433 int flags, CPUWatchpoint **watchpoint)
435 target_ulong len_mask = ~(len - 1);
438 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
439 if ((len & (len - 1)) || (addr & ~len_mask) ||
440 len == 0 || len > TARGET_PAGE_SIZE) {
441 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
442 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
445 wp = g_malloc(sizeof(*wp));
448 wp->len_mask = len_mask;
451 /* keep all GDB-injected watchpoints in front */
453 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
455 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
457 tlb_flush_page(env, addr);
464 /* Remove a specific watchpoint. */
465 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
468 target_ulong len_mask = ~(len - 1);
471 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
472 if (addr == wp->vaddr && len_mask == wp->len_mask
473 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
474 cpu_watchpoint_remove_by_ref(env, wp);
481 /* Remove a specific watchpoint by reference. */
482 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
484 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
486 tlb_flush_page(env, watchpoint->vaddr);
491 /* Remove all matching watchpoints. */
492 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
494 CPUWatchpoint *wp, *next;
496 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
497 if (wp->flags & mask)
498 cpu_watchpoint_remove_by_ref(env, wp);
503 /* Add a breakpoint. */
504 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
505 CPUBreakpoint **breakpoint)
507 #if defined(TARGET_HAS_ICE)
510 bp = g_malloc(sizeof(*bp));
515 /* keep all GDB-injected breakpoints in front */
516 if (flags & BP_GDB) {
517 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
519 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
522 breakpoint_invalidate(ENV_GET_CPU(env), pc);
533 /* Remove a specific breakpoint. */
534 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
536 #if defined(TARGET_HAS_ICE)
539 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
540 if (bp->pc == pc && bp->flags == flags) {
541 cpu_breakpoint_remove_by_ref(env, bp);
551 /* Remove a specific breakpoint by reference. */
552 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
554 #if defined(TARGET_HAS_ICE)
555 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
557 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
563 /* Remove all matching breakpoints. */
564 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
566 #if defined(TARGET_HAS_ICE)
567 CPUBreakpoint *bp, *next;
569 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
570 if (bp->flags & mask)
571 cpu_breakpoint_remove_by_ref(env, bp);
576 /* enable or disable single step mode. EXCP_DEBUG is returned by the
577 CPU loop after each instruction */
578 void cpu_single_step(CPUState *cpu, int enabled)
580 #if defined(TARGET_HAS_ICE)
581 if (cpu->singlestep_enabled != enabled) {
582 cpu->singlestep_enabled = enabled;
584 kvm_update_guest_debug(cpu, 0);
586 /* must flush all the translated code to avoid inconsistencies */
587 /* XXX: only flush what is necessary */
588 CPUArchState *env = cpu->env_ptr;
595 void cpu_abort(CPUArchState *env, const char *fmt, ...)
597 CPUState *cpu = ENV_GET_CPU(env);
603 fprintf(stderr, "qemu: fatal: ");
604 vfprintf(stderr, fmt, ap);
605 fprintf(stderr, "\n");
606 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
607 if (qemu_log_enabled()) {
608 qemu_log("qemu: fatal: ");
609 qemu_log_vprintf(fmt, ap2);
611 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
617 #if defined(CONFIG_USER_ONLY)
619 struct sigaction act;
620 sigfillset(&act.sa_mask);
621 act.sa_handler = SIG_DFL;
622 sigaction(SIGABRT, &act, NULL);
628 CPUArchState *cpu_copy(CPUArchState *env)
630 CPUArchState *new_env = cpu_init(env->cpu_model_str);
631 #if defined(TARGET_HAS_ICE)
636 /* Reset non arch specific state */
637 cpu_reset(ENV_GET_CPU(new_env));
639 /* Copy arch specific state into the new CPU */
640 memcpy(new_env, env, sizeof(CPUArchState));
642 /* Clone all break/watchpoints.
643 Note: Once we support ptrace with hw-debug register access, make sure
644 BP_CPU break/watchpoints are handled correctly on clone. */
645 QTAILQ_INIT(&env->breakpoints);
646 QTAILQ_INIT(&env->watchpoints);
647 #if defined(TARGET_HAS_ICE)
648 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
649 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
651 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
652 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
660 #if !defined(CONFIG_USER_ONLY)
661 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
666 /* we modify the TLB cache so that the dirty bit will be set again
667 when accessing the range */
668 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
669 /* Check that we don't span multiple blocks - this breaks the
670 address comparisons below. */
671 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
672 != (end - 1) - start) {
675 cpu_tlb_reset_dirty_all(start1, length);
679 /* Note: start and end must be within the same ram block. */
680 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
685 start &= TARGET_PAGE_MASK;
686 end = TARGET_PAGE_ALIGN(end);
688 length = end - start;
691 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
694 tlb_reset_dirty_range_all(start, end, length);
698 static int cpu_physical_memory_set_dirty_tracking(int enable)
701 in_migration = enable;
705 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
706 MemoryRegionSection *section,
708 hwaddr paddr, hwaddr xlat,
710 target_ulong *address)
715 if (memory_region_is_ram(section->mr)) {
717 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
719 if (!section->readonly) {
720 iotlb |= PHYS_SECTION_NOTDIRTY;
722 iotlb |= PHYS_SECTION_ROM;
725 iotlb = section - address_space_memory.dispatch->sections;
729 /* Make accesses to pages with watchpoints go via the
730 watchpoint trap routines. */
731 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
732 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
733 /* Avoid trapping reads of pages with a write breakpoint. */
734 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
735 iotlb = PHYS_SECTION_WATCH + paddr;
736 *address |= TLB_MMIO;
744 #endif /* defined(CONFIG_USER_ONLY) */
746 #if !defined(CONFIG_USER_ONLY)
748 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
750 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
752 static void *(*phys_mem_alloc)(ram_addr_t size) = qemu_anon_ram_alloc;
755 * Set a custom physical guest memory alloator.
756 * Accelerators with unusual needs may need this. Hopefully, we can
757 * get rid of it eventually.
759 void phys_mem_set_alloc(void *(*alloc)(ram_addr_t))
761 phys_mem_alloc = alloc;
764 static uint16_t phys_section_add(MemoryRegionSection *section)
766 /* The physical section number is ORed with a page-aligned
767 * pointer to produce the iotlb entries. Thus it should
768 * never overflow into the page-aligned value.
770 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
772 if (next_map.sections_nb == next_map.sections_nb_alloc) {
773 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
775 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
776 next_map.sections_nb_alloc);
778 next_map.sections[next_map.sections_nb] = *section;
779 memory_region_ref(section->mr);
780 return next_map.sections_nb++;
783 static void phys_section_destroy(MemoryRegion *mr)
785 memory_region_unref(mr);
788 subpage_t *subpage = container_of(mr, subpage_t, iomem);
789 memory_region_destroy(&subpage->iomem);
794 static void phys_sections_free(PhysPageMap *map)
796 while (map->sections_nb > 0) {
797 MemoryRegionSection *section = &map->sections[--map->sections_nb];
798 phys_section_destroy(section->mr);
800 g_free(map->sections);
805 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
808 hwaddr base = section->offset_within_address_space
810 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
811 next_map.nodes, next_map.sections);
812 MemoryRegionSection subsection = {
813 .offset_within_address_space = base,
814 .size = int128_make64(TARGET_PAGE_SIZE),
818 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
820 if (!(existing->mr->subpage)) {
821 subpage = subpage_init(d->as, base);
822 subsection.mr = &subpage->iomem;
823 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
824 phys_section_add(&subsection));
826 subpage = container_of(existing->mr, subpage_t, iomem);
828 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
829 end = start + int128_get64(section->size) - 1;
830 subpage_register(subpage, start, end, phys_section_add(section));
834 static void register_multipage(AddressSpaceDispatch *d,
835 MemoryRegionSection *section)
837 hwaddr start_addr = section->offset_within_address_space;
838 uint16_t section_index = phys_section_add(section);
839 uint64_t num_pages = int128_get64(int128_rshift(section->size,
843 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
846 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
848 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
849 AddressSpaceDispatch *d = as->next_dispatch;
850 MemoryRegionSection now = *section, remain = *section;
851 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
853 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
854 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
855 - now.offset_within_address_space;
857 now.size = int128_min(int128_make64(left), now.size);
858 register_subpage(d, &now);
860 now.size = int128_zero();
862 while (int128_ne(remain.size, now.size)) {
863 remain.size = int128_sub(remain.size, now.size);
864 remain.offset_within_address_space += int128_get64(now.size);
865 remain.offset_within_region += int128_get64(now.size);
867 if (int128_lt(remain.size, page_size)) {
868 register_subpage(d, &now);
869 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
870 now.size = page_size;
871 register_subpage(d, &now);
873 now.size = int128_and(now.size, int128_neg(page_size));
874 register_multipage(d, &now);
879 void qemu_flush_coalesced_mmio_buffer(void)
882 kvm_flush_coalesced_mmio_buffer();
885 void qemu_mutex_lock_ramlist(void)
887 qemu_mutex_lock(&ram_list.mutex);
890 void qemu_mutex_unlock_ramlist(void)
892 qemu_mutex_unlock(&ram_list.mutex);
899 #define HUGETLBFS_MAGIC 0x958458f6
901 static long gethugepagesize(const char *path)
907 ret = statfs(path, &fs);
908 } while (ret != 0 && errno == EINTR);
915 if (fs.f_type != HUGETLBFS_MAGIC)
916 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
921 static void *file_ram_alloc(RAMBlock *block,
926 char *sanitized_name;
933 unsigned long hpagesize;
935 hpagesize = gethugepagesize(path);
940 if (memory < hpagesize) {
944 if (kvm_enabled() && !kvm_has_sync_mmu()) {
945 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
949 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
950 sanitized_name = g_strdup(block->mr->name);
951 for (c = sanitized_name; *c != '\0'; c++) {
956 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
958 g_free(sanitized_name);
960 fd = mkstemp(filename);
962 perror("unable to create backing store for hugepages");
969 memory = (memory+hpagesize-1) & ~(hpagesize-1);
972 * ftruncate is not supported by hugetlbfs in older
973 * hosts, so don't bother bailing out on errors.
974 * If anything goes wrong with it under other filesystems,
977 if (ftruncate(fd, memory))
981 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
982 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
983 * to sidestep this quirk.
985 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
986 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
988 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
990 if (area == MAP_FAILED) {
991 perror("file_ram_alloc: can't mmap RAM pages");
999 static void *file_ram_alloc(RAMBlock *block,
1003 fprintf(stderr, "-mem-path not supported on this host\n");
1008 static ram_addr_t find_ram_offset(ram_addr_t size)
1010 RAMBlock *block, *next_block;
1011 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1013 assert(size != 0); /* it would hand out same offset multiple times */
1015 if (QTAILQ_EMPTY(&ram_list.blocks))
1018 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1019 ram_addr_t end, next = RAM_ADDR_MAX;
1021 end = block->offset + block->length;
1023 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1024 if (next_block->offset >= end) {
1025 next = MIN(next, next_block->offset);
1028 if (next - end >= size && next - end < mingap) {
1030 mingap = next - end;
1034 if (offset == RAM_ADDR_MAX) {
1035 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1043 ram_addr_t last_ram_offset(void)
1046 ram_addr_t last = 0;
1048 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1049 last = MAX(last, block->offset + block->length);
1054 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1058 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1059 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1060 "dump-guest-core", true)) {
1061 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1063 perror("qemu_madvise");
1064 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1065 "but dump_guest_core=off specified\n");
1070 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1072 RAMBlock *new_block, *block;
1075 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1076 if (block->offset == addr) {
1082 assert(!new_block->idstr[0]);
1085 char *id = qdev_get_dev_path(dev);
1087 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1091 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1093 /* This assumes the iothread lock is taken here too. */
1094 qemu_mutex_lock_ramlist();
1095 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1096 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1097 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1102 qemu_mutex_unlock_ramlist();
1105 static int memory_try_enable_merging(void *addr, size_t len)
1107 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1108 /* disabled by the user */
1112 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1115 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1118 RAMBlock *block, *new_block;
1120 size = TARGET_PAGE_ALIGN(size);
1121 new_block = g_malloc0(sizeof(*new_block));
1124 /* This assumes the iothread lock is taken here too. */
1125 qemu_mutex_lock_ramlist();
1127 new_block->offset = find_ram_offset(size);
1129 new_block->host = host;
1130 new_block->flags |= RAM_PREALLOC_MASK;
1131 } else if (xen_enabled()) {
1133 fprintf(stderr, "-mem-path not supported with Xen\n");
1136 xen_ram_alloc(new_block->offset, size, mr);
1139 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1141 * file_ram_alloc() needs to allocate just like
1142 * phys_mem_alloc, but we haven't bothered to provide
1146 "-mem-path not supported with this accelerator\n");
1149 new_block->host = file_ram_alloc(new_block, size, mem_path);
1151 if (!new_block->host) {
1152 new_block->host = phys_mem_alloc(size);
1153 if (!new_block->host) {
1154 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1155 new_block->mr->name, strerror(errno));
1158 memory_try_enable_merging(new_block->host, size);
1161 new_block->length = size;
1163 /* Keep the list sorted from biggest to smallest block. */
1164 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1165 if (block->length < new_block->length) {
1170 QTAILQ_INSERT_BEFORE(block, new_block, next);
1172 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1174 ram_list.mru_block = NULL;
1177 qemu_mutex_unlock_ramlist();
1179 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1180 last_ram_offset() >> TARGET_PAGE_BITS);
1181 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1182 0, size >> TARGET_PAGE_BITS);
1183 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1185 qemu_ram_setup_dump(new_block->host, size);
1186 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1187 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1190 kvm_setup_guest_memory(new_block->host, size);
1192 return new_block->offset;
1195 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1197 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1200 void qemu_ram_free_from_ptr(ram_addr_t addr)
1204 /* This assumes the iothread lock is taken here too. */
1205 qemu_mutex_lock_ramlist();
1206 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1207 if (addr == block->offset) {
1208 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1209 ram_list.mru_block = NULL;
1215 qemu_mutex_unlock_ramlist();
1218 void qemu_ram_free(ram_addr_t addr)
1222 /* This assumes the iothread lock is taken here too. */
1223 qemu_mutex_lock_ramlist();
1224 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1225 if (addr == block->offset) {
1226 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1227 ram_list.mru_block = NULL;
1229 if (block->flags & RAM_PREALLOC_MASK) {
1231 } else if (xen_enabled()) {
1232 xen_invalidate_map_cache_entry(block->host);
1234 } else if (block->fd >= 0) {
1235 munmap(block->host, block->length);
1239 qemu_anon_ram_free(block->host, block->length);
1245 qemu_mutex_unlock_ramlist();
1250 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1257 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1258 offset = addr - block->offset;
1259 if (offset < block->length) {
1260 vaddr = block->host + offset;
1261 if (block->flags & RAM_PREALLOC_MASK) {
1263 } else if (xen_enabled()) {
1267 munmap(vaddr, length);
1268 if (block->fd >= 0) {
1270 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1273 flags |= MAP_PRIVATE;
1275 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1276 flags, block->fd, offset);
1279 * Remap needs to match alloc. Accelerators that
1280 * set phys_mem_alloc never remap. If they did,
1281 * we'd need a remap hook here.
1283 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1285 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1286 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1289 if (area != vaddr) {
1290 fprintf(stderr, "Could not remap addr: "
1291 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1295 memory_try_enable_merging(vaddr, length);
1296 qemu_ram_setup_dump(vaddr, length);
1302 #endif /* !_WIN32 */
1304 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1308 /* The list is protected by the iothread lock here. */
1309 block = ram_list.mru_block;
1310 if (block && addr - block->offset < block->length) {
1313 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1314 if (addr - block->offset < block->length) {
1319 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1323 ram_list.mru_block = block;
1327 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1328 With the exception of the softmmu code in this file, this should
1329 only be used for local memory (e.g. video ram) that the device owns,
1330 and knows it isn't going to access beyond the end of the block.
1332 It should not be used for general purpose DMA.
1333 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1335 void *qemu_get_ram_ptr(ram_addr_t addr)
1337 RAMBlock *block = qemu_get_ram_block(addr);
1339 if (xen_enabled()) {
1340 /* We need to check if the requested address is in the RAM
1341 * because we don't want to map the entire memory in QEMU.
1342 * In that case just map until the end of the page.
1344 if (block->offset == 0) {
1345 return xen_map_cache(addr, 0, 0);
1346 } else if (block->host == NULL) {
1348 xen_map_cache(block->offset, block->length, 1);
1351 return block->host + (addr - block->offset);
1354 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1355 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1357 * ??? Is this still necessary?
1359 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1363 /* The list is protected by the iothread lock here. */
1364 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1365 if (addr - block->offset < block->length) {
1366 if (xen_enabled()) {
1367 /* We need to check if the requested address is in the RAM
1368 * because we don't want to map the entire memory in QEMU.
1369 * In that case just map until the end of the page.
1371 if (block->offset == 0) {
1372 return xen_map_cache(addr, 0, 0);
1373 } else if (block->host == NULL) {
1375 xen_map_cache(block->offset, block->length, 1);
1378 return block->host + (addr - block->offset);
1382 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1388 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1389 * but takes a size argument */
1390 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1395 if (xen_enabled()) {
1396 return xen_map_cache(addr, *size, 1);
1400 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1401 if (addr - block->offset < block->length) {
1402 if (addr - block->offset + *size > block->length)
1403 *size = block->length - addr + block->offset;
1404 return block->host + (addr - block->offset);
1408 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1413 /* Some of the softmmu routines need to translate from a host pointer
1414 (typically a TLB entry) back to a ram offset. */
1415 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1418 uint8_t *host = ptr;
1420 if (xen_enabled()) {
1421 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1422 return qemu_get_ram_block(*ram_addr)->mr;
1425 block = ram_list.mru_block;
1426 if (block && block->host && host - block->host < block->length) {
1430 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1431 /* This case append when the block is not mapped. */
1432 if (block->host == NULL) {
1435 if (host - block->host < block->length) {
1443 *ram_addr = block->offset + (host - block->host);
1447 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1448 uint64_t val, unsigned size)
1451 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1452 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1453 tb_invalidate_phys_page_fast(ram_addr, size);
1454 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1458 stb_p(qemu_get_ram_ptr(ram_addr), val);
1461 stw_p(qemu_get_ram_ptr(ram_addr), val);
1464 stl_p(qemu_get_ram_ptr(ram_addr), val);
1469 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1470 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1471 /* we remove the notdirty callback only if the code has been
1473 if (dirty_flags == 0xff) {
1474 CPUArchState *env = current_cpu->env_ptr;
1475 tlb_set_dirty(env, env->mem_io_vaddr);
1479 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1480 unsigned size, bool is_write)
1485 static const MemoryRegionOps notdirty_mem_ops = {
1486 .write = notdirty_mem_write,
1487 .valid.accepts = notdirty_mem_accepts,
1488 .endianness = DEVICE_NATIVE_ENDIAN,
1491 /* Generate a debug exception if a watchpoint has been hit. */
1492 static void check_watchpoint(int offset, int len_mask, int flags)
1494 CPUArchState *env = current_cpu->env_ptr;
1495 target_ulong pc, cs_base;
1500 if (env->watchpoint_hit) {
1501 /* We re-entered the check after replacing the TB. Now raise
1502 * the debug interrupt so that is will trigger after the
1503 * current instruction. */
1504 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1507 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1508 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1509 if ((vaddr == (wp->vaddr & len_mask) ||
1510 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1511 wp->flags |= BP_WATCHPOINT_HIT;
1512 if (!env->watchpoint_hit) {
1513 env->watchpoint_hit = wp;
1514 tb_check_watchpoint(env);
1515 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1516 env->exception_index = EXCP_DEBUG;
1519 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1520 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1521 cpu_resume_from_signal(env, NULL);
1525 wp->flags &= ~BP_WATCHPOINT_HIT;
1530 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1531 so these check for a hit then pass through to the normal out-of-line
1533 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1536 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1538 case 1: return ldub_phys(addr);
1539 case 2: return lduw_phys(addr);
1540 case 4: return ldl_phys(addr);
1545 static void watch_mem_write(void *opaque, hwaddr addr,
1546 uint64_t val, unsigned size)
1548 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1551 stb_phys(addr, val);
1554 stw_phys(addr, val);
1557 stl_phys(addr, val);
1563 static const MemoryRegionOps watch_mem_ops = {
1564 .read = watch_mem_read,
1565 .write = watch_mem_write,
1566 .endianness = DEVICE_NATIVE_ENDIAN,
1569 static uint64_t subpage_read(void *opaque, hwaddr addr,
1572 subpage_t *subpage = opaque;
1575 #if defined(DEBUG_SUBPAGE)
1576 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1577 subpage, len, addr);
1579 address_space_read(subpage->as, addr + subpage->base, buf, len);
1592 static void subpage_write(void *opaque, hwaddr addr,
1593 uint64_t value, unsigned len)
1595 subpage_t *subpage = opaque;
1598 #if defined(DEBUG_SUBPAGE)
1599 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1600 " value %"PRIx64"\n",
1601 __func__, subpage, len, addr, value);
1616 address_space_write(subpage->as, addr + subpage->base, buf, len);
1619 static bool subpage_accepts(void *opaque, hwaddr addr,
1620 unsigned size, bool is_write)
1622 subpage_t *subpage = opaque;
1623 #if defined(DEBUG_SUBPAGE)
1624 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1625 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1628 return address_space_access_valid(subpage->as, addr + subpage->base,
1632 static const MemoryRegionOps subpage_ops = {
1633 .read = subpage_read,
1634 .write = subpage_write,
1635 .valid.accepts = subpage_accepts,
1636 .endianness = DEVICE_NATIVE_ENDIAN,
1639 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1644 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1646 idx = SUBPAGE_IDX(start);
1647 eidx = SUBPAGE_IDX(end);
1648 #if defined(DEBUG_SUBPAGE)
1649 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1650 mmio, start, end, idx, eidx, memory);
1652 for (; idx <= eidx; idx++) {
1653 mmio->sub_section[idx] = section;
1659 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1663 mmio = g_malloc0(sizeof(subpage_t));
1667 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1668 "subpage", TARGET_PAGE_SIZE);
1669 mmio->iomem.subpage = true;
1670 #if defined(DEBUG_SUBPAGE)
1671 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1672 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1674 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1679 static uint16_t dummy_section(MemoryRegion *mr)
1681 MemoryRegionSection section = {
1683 .offset_within_address_space = 0,
1684 .offset_within_region = 0,
1685 .size = int128_2_64(),
1688 return phys_section_add(§ion);
1691 MemoryRegion *iotlb_to_region(hwaddr index)
1693 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1696 static void io_mem_init(void)
1698 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1699 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1700 "unassigned", UINT64_MAX);
1701 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1702 "notdirty", UINT64_MAX);
1703 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1704 "watch", UINT64_MAX);
1707 static void mem_begin(MemoryListener *listener)
1709 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1710 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1712 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1714 as->next_dispatch = d;
1717 static void mem_commit(MemoryListener *listener)
1719 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1720 AddressSpaceDispatch *cur = as->dispatch;
1721 AddressSpaceDispatch *next = as->next_dispatch;
1723 next->nodes = next_map.nodes;
1724 next->sections = next_map.sections;
1726 as->dispatch = next;
1730 static void core_begin(MemoryListener *listener)
1734 prev_map = g_new(PhysPageMap, 1);
1735 *prev_map = next_map;
1737 memset(&next_map, 0, sizeof(next_map));
1738 n = dummy_section(&io_mem_unassigned);
1739 assert(n == PHYS_SECTION_UNASSIGNED);
1740 n = dummy_section(&io_mem_notdirty);
1741 assert(n == PHYS_SECTION_NOTDIRTY);
1742 n = dummy_section(&io_mem_rom);
1743 assert(n == PHYS_SECTION_ROM);
1744 n = dummy_section(&io_mem_watch);
1745 assert(n == PHYS_SECTION_WATCH);
1748 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1749 * All AddressSpaceDispatch instances have switched to the next map.
1751 static void core_commit(MemoryListener *listener)
1753 phys_sections_free(prev_map);
1756 static void tcg_commit(MemoryListener *listener)
1760 /* since each CPU stores ram addresses in its TLB cache, we must
1761 reset the modified entries */
1764 CPUArchState *env = cpu->env_ptr;
1770 static void core_log_global_start(MemoryListener *listener)
1772 cpu_physical_memory_set_dirty_tracking(1);
1775 static void core_log_global_stop(MemoryListener *listener)
1777 cpu_physical_memory_set_dirty_tracking(0);
1780 static MemoryListener core_memory_listener = {
1781 .begin = core_begin,
1782 .commit = core_commit,
1783 .log_global_start = core_log_global_start,
1784 .log_global_stop = core_log_global_stop,
1788 static MemoryListener tcg_memory_listener = {
1789 .commit = tcg_commit,
1792 void address_space_init_dispatch(AddressSpace *as)
1794 as->dispatch = NULL;
1795 as->dispatch_listener = (MemoryListener) {
1797 .commit = mem_commit,
1798 .region_add = mem_add,
1799 .region_nop = mem_add,
1802 memory_listener_register(&as->dispatch_listener, as);
1805 void address_space_destroy_dispatch(AddressSpace *as)
1807 AddressSpaceDispatch *d = as->dispatch;
1809 memory_listener_unregister(&as->dispatch_listener);
1811 as->dispatch = NULL;
1814 static void memory_map_init(void)
1816 system_memory = g_malloc(sizeof(*system_memory));
1817 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1818 address_space_init(&address_space_memory, system_memory, "memory");
1820 system_io = g_malloc(sizeof(*system_io));
1821 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1823 address_space_init(&address_space_io, system_io, "I/O");
1825 memory_listener_register(&core_memory_listener, &address_space_memory);
1826 if (tcg_enabled()) {
1827 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1831 MemoryRegion *get_system_memory(void)
1833 return system_memory;
1836 MemoryRegion *get_system_io(void)
1841 #endif /* !defined(CONFIG_USER_ONLY) */
1843 /* physical memory access (slow version, mainly for debug) */
1844 #if defined(CONFIG_USER_ONLY)
1845 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1846 uint8_t *buf, int len, int is_write)
1853 page = addr & TARGET_PAGE_MASK;
1854 l = (page + TARGET_PAGE_SIZE) - addr;
1857 flags = page_get_flags(page);
1858 if (!(flags & PAGE_VALID))
1861 if (!(flags & PAGE_WRITE))
1863 /* XXX: this code should not depend on lock_user */
1864 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1867 unlock_user(p, addr, l);
1869 if (!(flags & PAGE_READ))
1871 /* XXX: this code should not depend on lock_user */
1872 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1875 unlock_user(p, addr, 0);
1886 static void invalidate_and_set_dirty(hwaddr addr,
1889 if (!cpu_physical_memory_is_dirty(addr)) {
1890 /* invalidate code */
1891 tb_invalidate_phys_page_range(addr, addr + length, 0);
1893 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1895 xen_modified_memory(addr, length);
1898 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1900 if (memory_region_is_ram(mr)) {
1901 return !(is_write && mr->readonly);
1903 if (memory_region_is_romd(mr)) {
1910 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1912 unsigned access_size_max = mr->ops->valid.max_access_size;
1914 /* Regions are assumed to support 1-4 byte accesses unless
1915 otherwise specified. */
1916 if (access_size_max == 0) {
1917 access_size_max = 4;
1920 /* Bound the maximum access by the alignment of the address. */
1921 if (!mr->ops->impl.unaligned) {
1922 unsigned align_size_max = addr & -addr;
1923 if (align_size_max != 0 && align_size_max < access_size_max) {
1924 access_size_max = align_size_max;
1928 /* Don't attempt accesses larger than the maximum. */
1929 if (l > access_size_max) {
1930 l = access_size_max;
1933 l = 1 << (qemu_fls(l) - 1);
1939 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1940 int len, bool is_write)
1951 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1954 if (!memory_access_is_direct(mr, is_write)) {
1955 l = memory_access_size(mr, l, addr1);
1956 /* XXX: could force current_cpu to NULL to avoid
1960 /* 64 bit write access */
1962 error |= io_mem_write(mr, addr1, val, 8);
1965 /* 32 bit write access */
1967 error |= io_mem_write(mr, addr1, val, 4);
1970 /* 16 bit write access */
1972 error |= io_mem_write(mr, addr1, val, 2);
1975 /* 8 bit write access */
1977 error |= io_mem_write(mr, addr1, val, 1);
1983 addr1 += memory_region_get_ram_addr(mr);
1985 ptr = qemu_get_ram_ptr(addr1);
1986 memcpy(ptr, buf, l);
1987 invalidate_and_set_dirty(addr1, l);
1990 if (!memory_access_is_direct(mr, is_write)) {
1992 l = memory_access_size(mr, l, addr1);
1995 /* 64 bit read access */
1996 error |= io_mem_read(mr, addr1, &val, 8);
2000 /* 32 bit read access */
2001 error |= io_mem_read(mr, addr1, &val, 4);
2005 /* 16 bit read access */
2006 error |= io_mem_read(mr, addr1, &val, 2);
2010 /* 8 bit read access */
2011 error |= io_mem_read(mr, addr1, &val, 1);
2019 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2020 memcpy(buf, ptr, l);
2031 bool address_space_write(AddressSpace *as, hwaddr addr,
2032 const uint8_t *buf, int len)
2034 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2037 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2039 return address_space_rw(as, addr, buf, len, false);
2043 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2044 int len, int is_write)
2046 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2049 /* used for ROM loading : can write in RAM and ROM */
2050 void cpu_physical_memory_write_rom(hwaddr addr,
2051 const uint8_t *buf, int len)
2060 mr = address_space_translate(&address_space_memory,
2061 addr, &addr1, &l, true);
2063 if (!(memory_region_is_ram(mr) ||
2064 memory_region_is_romd(mr))) {
2067 addr1 += memory_region_get_ram_addr(mr);
2069 ptr = qemu_get_ram_ptr(addr1);
2070 memcpy(ptr, buf, l);
2071 invalidate_and_set_dirty(addr1, l);
2086 static BounceBuffer bounce;
2088 typedef struct MapClient {
2090 void (*callback)(void *opaque);
2091 QLIST_ENTRY(MapClient) link;
2094 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2095 = QLIST_HEAD_INITIALIZER(map_client_list);
2097 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2099 MapClient *client = g_malloc(sizeof(*client));
2101 client->opaque = opaque;
2102 client->callback = callback;
2103 QLIST_INSERT_HEAD(&map_client_list, client, link);
2107 static void cpu_unregister_map_client(void *_client)
2109 MapClient *client = (MapClient *)_client;
2111 QLIST_REMOVE(client, link);
2115 static void cpu_notify_map_clients(void)
2119 while (!QLIST_EMPTY(&map_client_list)) {
2120 client = QLIST_FIRST(&map_client_list);
2121 client->callback(client->opaque);
2122 cpu_unregister_map_client(client);
2126 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2133 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2134 if (!memory_access_is_direct(mr, is_write)) {
2135 l = memory_access_size(mr, l, addr);
2136 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2147 /* Map a physical memory region into a host virtual address.
2148 * May map a subset of the requested range, given by and returned in *plen.
2149 * May return NULL if resources needed to perform the mapping are exhausted.
2150 * Use only for reads OR writes - not for read-modify-write operations.
2151 * Use cpu_register_map_client() to know when retrying the map operation is
2152 * likely to succeed.
2154 void *address_space_map(AddressSpace *as,
2161 hwaddr l, xlat, base;
2162 MemoryRegion *mr, *this_mr;
2170 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2171 if (!memory_access_is_direct(mr, is_write)) {
2172 if (bounce.buffer) {
2175 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2179 memory_region_ref(mr);
2182 address_space_read(as, addr, bounce.buffer, l);
2186 return bounce.buffer;
2190 raddr = memory_region_get_ram_addr(mr);
2201 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2202 if (this_mr != mr || xlat != base + done) {
2207 memory_region_ref(mr);
2209 return qemu_ram_ptr_length(raddr + base, plen);
2212 /* Unmaps a memory region previously mapped by address_space_map().
2213 * Will also mark the memory as dirty if is_write == 1. access_len gives
2214 * the amount of memory that was actually read or written by the caller.
2216 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2217 int is_write, hwaddr access_len)
2219 if (buffer != bounce.buffer) {
2223 mr = qemu_ram_addr_from_host(buffer, &addr1);
2226 while (access_len) {
2228 l = TARGET_PAGE_SIZE;
2231 invalidate_and_set_dirty(addr1, l);
2236 if (xen_enabled()) {
2237 xen_invalidate_map_cache_entry(buffer);
2239 memory_region_unref(mr);
2243 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2245 qemu_vfree(bounce.buffer);
2246 bounce.buffer = NULL;
2247 memory_region_unref(bounce.mr);
2248 cpu_notify_map_clients();
2251 void *cpu_physical_memory_map(hwaddr addr,
2255 return address_space_map(&address_space_memory, addr, plen, is_write);
2258 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2259 int is_write, hwaddr access_len)
2261 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2264 /* warning: addr must be aligned */
2265 static inline uint32_t ldl_phys_internal(hwaddr addr,
2266 enum device_endian endian)
2274 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2276 if (l < 4 || !memory_access_is_direct(mr, false)) {
2278 io_mem_read(mr, addr1, &val, 4);
2279 #if defined(TARGET_WORDS_BIGENDIAN)
2280 if (endian == DEVICE_LITTLE_ENDIAN) {
2284 if (endian == DEVICE_BIG_ENDIAN) {
2290 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2294 case DEVICE_LITTLE_ENDIAN:
2295 val = ldl_le_p(ptr);
2297 case DEVICE_BIG_ENDIAN:
2298 val = ldl_be_p(ptr);
2308 uint32_t ldl_phys(hwaddr addr)
2310 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2313 uint32_t ldl_le_phys(hwaddr addr)
2315 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2318 uint32_t ldl_be_phys(hwaddr addr)
2320 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2323 /* warning: addr must be aligned */
2324 static inline uint64_t ldq_phys_internal(hwaddr addr,
2325 enum device_endian endian)
2333 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2335 if (l < 8 || !memory_access_is_direct(mr, false)) {
2337 io_mem_read(mr, addr1, &val, 8);
2338 #if defined(TARGET_WORDS_BIGENDIAN)
2339 if (endian == DEVICE_LITTLE_ENDIAN) {
2343 if (endian == DEVICE_BIG_ENDIAN) {
2349 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2353 case DEVICE_LITTLE_ENDIAN:
2354 val = ldq_le_p(ptr);
2356 case DEVICE_BIG_ENDIAN:
2357 val = ldq_be_p(ptr);
2367 uint64_t ldq_phys(hwaddr addr)
2369 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2372 uint64_t ldq_le_phys(hwaddr addr)
2374 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2377 uint64_t ldq_be_phys(hwaddr addr)
2379 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2383 uint32_t ldub_phys(hwaddr addr)
2386 cpu_physical_memory_read(addr, &val, 1);
2390 /* warning: addr must be aligned */
2391 static inline uint32_t lduw_phys_internal(hwaddr addr,
2392 enum device_endian endian)
2400 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2402 if (l < 2 || !memory_access_is_direct(mr, false)) {
2404 io_mem_read(mr, addr1, &val, 2);
2405 #if defined(TARGET_WORDS_BIGENDIAN)
2406 if (endian == DEVICE_LITTLE_ENDIAN) {
2410 if (endian == DEVICE_BIG_ENDIAN) {
2416 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2420 case DEVICE_LITTLE_ENDIAN:
2421 val = lduw_le_p(ptr);
2423 case DEVICE_BIG_ENDIAN:
2424 val = lduw_be_p(ptr);
2434 uint32_t lduw_phys(hwaddr addr)
2436 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2439 uint32_t lduw_le_phys(hwaddr addr)
2441 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2444 uint32_t lduw_be_phys(hwaddr addr)
2446 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2449 /* warning: addr must be aligned. The ram page is not masked as dirty
2450 and the code inside is not invalidated. It is useful if the dirty
2451 bits are used to track modified PTEs */
2452 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2459 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2461 if (l < 4 || !memory_access_is_direct(mr, true)) {
2462 io_mem_write(mr, addr1, val, 4);
2464 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2465 ptr = qemu_get_ram_ptr(addr1);
2468 if (unlikely(in_migration)) {
2469 if (!cpu_physical_memory_is_dirty(addr1)) {
2470 /* invalidate code */
2471 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2473 cpu_physical_memory_set_dirty_flags(
2474 addr1, (0xff & ~CODE_DIRTY_FLAG));
2480 /* warning: addr must be aligned */
2481 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2482 enum device_endian endian)
2489 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2491 if (l < 4 || !memory_access_is_direct(mr, true)) {
2492 #if defined(TARGET_WORDS_BIGENDIAN)
2493 if (endian == DEVICE_LITTLE_ENDIAN) {
2497 if (endian == DEVICE_BIG_ENDIAN) {
2501 io_mem_write(mr, addr1, val, 4);
2504 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2505 ptr = qemu_get_ram_ptr(addr1);
2507 case DEVICE_LITTLE_ENDIAN:
2510 case DEVICE_BIG_ENDIAN:
2517 invalidate_and_set_dirty(addr1, 4);
2521 void stl_phys(hwaddr addr, uint32_t val)
2523 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2526 void stl_le_phys(hwaddr addr, uint32_t val)
2528 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2531 void stl_be_phys(hwaddr addr, uint32_t val)
2533 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2537 void stb_phys(hwaddr addr, uint32_t val)
2540 cpu_physical_memory_write(addr, &v, 1);
2543 /* warning: addr must be aligned */
2544 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2545 enum device_endian endian)
2552 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2554 if (l < 2 || !memory_access_is_direct(mr, true)) {
2555 #if defined(TARGET_WORDS_BIGENDIAN)
2556 if (endian == DEVICE_LITTLE_ENDIAN) {
2560 if (endian == DEVICE_BIG_ENDIAN) {
2564 io_mem_write(mr, addr1, val, 2);
2567 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2568 ptr = qemu_get_ram_ptr(addr1);
2570 case DEVICE_LITTLE_ENDIAN:
2573 case DEVICE_BIG_ENDIAN:
2580 invalidate_and_set_dirty(addr1, 2);
2584 void stw_phys(hwaddr addr, uint32_t val)
2586 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2589 void stw_le_phys(hwaddr addr, uint32_t val)
2591 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2594 void stw_be_phys(hwaddr addr, uint32_t val)
2596 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2600 void stq_phys(hwaddr addr, uint64_t val)
2603 cpu_physical_memory_write(addr, &val, 8);
2606 void stq_le_phys(hwaddr addr, uint64_t val)
2608 val = cpu_to_le64(val);
2609 cpu_physical_memory_write(addr, &val, 8);
2612 void stq_be_phys(hwaddr addr, uint64_t val)
2614 val = cpu_to_be64(val);
2615 cpu_physical_memory_write(addr, &val, 8);
2618 /* virtual memory access for debug (includes writing to ROM) */
2619 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2620 uint8_t *buf, int len, int is_write)
2627 page = addr & TARGET_PAGE_MASK;
2628 phys_addr = cpu_get_phys_page_debug(cpu, page);
2629 /* if no physical page mapped, return an error */
2630 if (phys_addr == -1)
2632 l = (page + TARGET_PAGE_SIZE) - addr;
2635 phys_addr += (addr & ~TARGET_PAGE_MASK);
2637 cpu_physical_memory_write_rom(phys_addr, buf, l);
2639 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2648 #if !defined(CONFIG_USER_ONLY)
2651 * A helper function for the _utterly broken_ virtio device model to find out if
2652 * it's running on a big endian machine. Don't do this at home kids!
2654 bool virtio_is_big_endian(void);
2655 bool virtio_is_big_endian(void)
2657 #if defined(TARGET_WORDS_BIGENDIAN)
2666 #ifndef CONFIG_USER_ONLY
2667 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2672 mr = address_space_translate(&address_space_memory,
2673 phys_addr, &phys_addr, &l, false);
2675 return !(memory_region_is_ram(mr) ||
2676 memory_region_is_romd(mr));
2679 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2683 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2684 func(block->host, block->offset, block->length, opaque);
projects / qemu.git / blob