]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: split memory_region_from_host from qemu_ram_addr_from_host
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
b35ba30f 60#include "qemu/range.h"
794e8f30
MT		 61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
b35ba30f 64
db7b5426 65//#define DEBUG_SUBPAGE
1196be37 66
e2eef170 67#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
0d53d9fe 71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 72
73static MemoryRegion *system_memory;
309cb471 74static MemoryRegion *system_io;
62152b8a 75
f6790af6
AK		 76AddressSpace address_space_io;
77AddressSpace address_space_memory;
2673a5da 78
0844e007 79MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 80static MemoryRegion io_mem_unassigned;
0e0df1e2 81
7bd4f430
PB		 82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
dbcb8981
PB		 85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
62be4e3a
MT		 88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
729633c2 141 MemoryRegionSection *mru_section;
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
29cb533d
FZ		 314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
97115a8d 325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 326 Node *nodes, MemoryRegionSection *sections)
92e873b9 327{
31ab2b4a 328 PhysPageEntry *p;
97115a8d 329 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 330 int i;
f1f6e3b8 331
9736e55b 332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 334 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 335 }
9affd6fc 336 p = nodes[lp.ptr];
03f49957 337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 338 }
b35ba30f 339
29cb533d 340 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
f3705d53
AK		 345}
346
e5548617
BS		 347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
2a8e7499 349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 350 && mr != &io_mem_watch;
fd6ce8f6 351}
149f54b5 352
79e2b9ae 353/* Called from RCU critical section */
c7086b4a 354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 355 hwaddr addr,
356 bool resolve_subpage)
9f029603 357{
729633c2 358 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 359 subpage_t *subpage;
729633c2 360 bool update;
90260c6c 361
729633c2
FZ		 362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
90260c6c
JK		 370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 373 }
729633c2
FZ		 374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
90260c6c 377 return section;
9f029603
JK		 378}
379
79e2b9ae 380/* Called from RCU critical section */
90260c6c 381static MemoryRegionSection *
c7086b4a 382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 383 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 384{
385 MemoryRegionSection *section;
965eb2fc 386 MemoryRegion *mr;
a87f3954 387 Int128 diff;
149f54b5 388
c7086b4a 389 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
965eb2fc 396 mr = section->mr;
b242e0e0
PB		 397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
965eb2fc 409 if (memory_region_is_ram(mr)) {
e4a511f8 410 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
149f54b5
PB		 413 return section;
414}
90260c6c 415
41063e1e 416/* Called from RCU critical section */
5c8a00ce
PB		 417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
90260c6c 420{
30951157
AK		 421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
30951157
AK		 424
425 for (;;) {
79e2b9ae
PB		 426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
8d7b8cb9 434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
23820dbf 437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
fe680d0d 446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 448 *plen = MIN(page, *plen);
a87f3954
PB		 449 }
450
30951157
AK		 451 *xlat = addr;
452 return mr;
90260c6c
JK		 453}
454
79e2b9ae 455/* Called from RCU critical section */
90260c6c 456MemoryRegionSection *
d7898cda 457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 458 hwaddr *xlat, hwaddr *plen)
90260c6c 459{
30951157 460 MemoryRegionSection *section;
d7898cda
PM		 461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 464
465 assert(!section->mr->iommu_ops);
466 return section;
90260c6c 467}
5b6dd868 468#endif
fd6ce8f6 469
b170fce3 470#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 471
472static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 473{
259186a7 474 CPUState *cpu = opaque;
a513fe19 475
5b6dd868
BS		 476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
259186a7 478 cpu->interrupt_request &= ~0x01;
c01a71c1 479 tlb_flush(cpu, 1);
5b6dd868
BS		 480
481 return 0;
a513fe19 482}
7501267e 483
6c3bff0e
PD		 484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 cpu->exception_index = -1;
6c3bff0e
PD		 489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
adee6424 497 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
5cd8cada 504 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
bac05aa9
AS		 511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
1a1562f5 529const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
6c3bff0e 533 .pre_load = cpu_common_pre_load,
5b6dd868 534 .post_load = cpu_common_post_load,
35d08458 535 .fields = (VMStateField[]) {
259186a7
AF		 536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 538 VMSTATE_END_OF_LIST()
6c3bff0e 539 },
5cd8cada
JQ		 540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
bac05aa9 542 &vmstate_cpu_common_crash_occurred,
5cd8cada 543 NULL
5b6dd868
BS		 544 }
545};
1a1562f5 546
5b6dd868 547#endif
ea041c0e 548
38d8f5c8 549CPUState *qemu_get_cpu(int index)
ea041c0e 550{
bdc44640 551 CPUState *cpu;
ea041c0e 552
bdc44640 553 CPU_FOREACH(cpu) {
55e5c285 554 if (cpu->cpu_index == index) {
bdc44640 555 return cpu;
55e5c285 556 }
ea041c0e 557 }
5b6dd868 558
bdc44640 559 return NULL;
ea041c0e
FB		 560}
561
09daed84 562#if !defined(CONFIG_USER_ONLY)
56943e8c 563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 564{
12ebc9a7
PM		 565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
56943e8c
PM		 570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
12ebc9a7
PM		 575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
09daed84 577
12ebc9a7
PM		 578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 580 }
32857f4d 581
12ebc9a7
PM		 582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
56943e8c 585 if (tcg_enabled()) {
12ebc9a7
PM		 586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 588 }
09daed84 589}
651a5bc0
PM		 590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
09daed84
EI		 596#endif
597
b7bca733
BR		 598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
4bad9e39 643void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 644{
b170fce3 645 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 646 Error *local_err = NULL;
5b6dd868 647
56943e8c 648 cpu->as = NULL;
12ebc9a7 649 cpu->num_ases = 0;
56943e8c 650
291135b5 651#ifndef CONFIG_USER_ONLY
291135b5 652 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
291135b5
EH		 667#endif
668
5b6dd868
BS		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
741da0d3 672 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
5b6dd868 679 }
bdc44640 680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 681#if defined(CONFIG_USER_ONLY)
741da0d3 682 (void) cc;
5b6dd868 683 cpu_list_unlock();
741da0d3 684#else
e0d47944 685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 687 }
b170fce3 688 if (cc->vmsd != NULL) {
741da0d3 689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 690 }
741da0d3 691#endif
ea041c0e
FB		 692}
693
94df27fd 694#if defined(CONFIG_USER_ONLY)
00b941e5 695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
00b941e5 700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 701{
5232e4c7
PM		 702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 705 if (phys != -1) {
5232e4c7 706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 707 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 708 }
1e7855a5 709}
c27004ec 710#endif
d720b93d 711
c527ee8f 712#if defined(CONFIG_USER_ONLY)
75a34036 713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 714
715{
716}
717
3ee887e8
PM		 718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
6658ffb8 734/* Add a watchpoint. */
75a34036 735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags, CPUWatchpoint **watchpoint)
6658ffb8 737{
c0ce998e 738 CPUWatchpoint *wp;
6658ffb8 739
05068c0d 740 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 741 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 744 return -EINVAL;
745 }
7267c094 746 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 747
748 wp->vaddr = addr;
05068c0d 749 wp->len = len;
a1d1bb31
AL		 750 wp->flags = flags;
751
2dc9f411 752 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
6658ffb8 758
31b030d4 759 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
6658ffb8
PB		 764}
765
a1d1bb31 766/* Remove a specific watchpoint. */
75a34036 767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 768 int flags)
6658ffb8 769{
a1d1bb31 770 CPUWatchpoint *wp;
6658ffb8 771
ff4700b0 772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 773 if (addr == wp->vaddr && len == wp->len
6e140f28 774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 775 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 776 return 0;
777 }
778 }
a1d1bb31 779 return -ENOENT;
6658ffb8
PB		 780}
781
a1d1bb31 782/* Remove a specific watchpoint by reference. */
75a34036 783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 784{
ff4700b0 785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 786
31b030d4 787 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 788
7267c094 789 g_free(watchpoint);
a1d1bb31
AL		 790}
791
792/* Remove all matching watchpoints. */
75a34036 793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 794{
c0ce998e 795 CPUWatchpoint *wp, *next;
a1d1bb31 796
ff4700b0 797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
c0ce998e 801 }
7d03f82f 802}
05068c0d
PM		 803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
c527ee8f 824#endif
7d03f82f 825
a1d1bb31 826/* Add a breakpoint. */
b3310ab3 827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 828 CPUBreakpoint **breakpoint)
4c3a88a2 829{
c0ce998e 830 CPUBreakpoint *bp;
3b46e624 831
7267c094 832 bp = g_malloc(sizeof(*bp));
4c3a88a2 833
a1d1bb31
AL		 834 bp->pc = pc;
835 bp->flags = flags;
836
2dc9f411 837 /* keep all GDB-injected breakpoints in front */
00b941e5 838 if (flags & BP_GDB) {
f0c3c505 839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 840 } else {
f0c3c505 841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 842 }
3b46e624 843
f0c3c505 844 breakpoint_invalidate(cpu, pc);
a1d1bb31 845
00b941e5 846 if (breakpoint) {
a1d1bb31 847 *breakpoint = bp;
00b941e5 848 }
4c3a88a2 849 return 0;
4c3a88a2
FB		 850}
851
a1d1bb31 852/* Remove a specific breakpoint. */
b3310ab3 853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 854{
a1d1bb31
AL		 855 CPUBreakpoint *bp;
856
f0c3c505 857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 858 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 859 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 860 return 0;
861 }
7d03f82f 862 }
a1d1bb31 863 return -ENOENT;
7d03f82f
EI		 864}
865
a1d1bb31 866/* Remove a specific breakpoint by reference. */
b3310ab3 867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 868{
f0c3c505
AF		 869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 872
7267c094 873 g_free(breakpoint);
a1d1bb31
AL		 874}
875
876/* Remove all matching breakpoints. */
b3310ab3 877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 878{
c0ce998e 879 CPUBreakpoint *bp, *next;
a1d1bb31 880
f0c3c505 881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
c0ce998e 885 }
4c3a88a2
FB		 886}
887
c33a346e
FB		 888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
3825b28f 890void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 891{
ed2803da
AF		 892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
38e478ec 895 kvm_update_guest_debug(cpu, 0);
ed2803da 896 } else {
ccbb4d44 897 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 898 /* XXX: only flush what is necessary */
bbd77c18 899 tb_flush(cpu);
e22a25c9 900 }
c33a346e 901 }
c33a346e
FB		 902}
903
a47dddd7 904void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 905{
906 va_list ap;
493ae1f0 907 va_list ap2;
7501267e
FB		 908
909 va_start(ap, fmt);
493ae1f0 910 va_copy(ap2, ap);
7501267e
FB		 911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
878096ee 914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 915 if (qemu_log_separate()) {
93fcfe39
AL		 916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
a0762859 919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 920 qemu_log_flush();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617 1048 /* Normal RAM. */
e4e69794 1049 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1050 if (!section->readonly) {
b41aac4f 1051 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1052 } else {
b41aac4f 1053 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1054 }
1055 } else {
0b8e2c10
PM		 1056 AddressSpaceDispatch *d;
1057
1058 d = atomic_rcu_read(&section->address_space->dispatch);
1059 iotlb = section - d->map.sections;
149f54b5 1060 iotlb += xlat;
e5548617
BS		 1061 }
1062
1063 /* Make accesses to pages with watchpoints go via the
1064 watchpoint trap routines. */
ff4700b0 1065 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1066 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1067 /* Avoid trapping reads of pages with a write breakpoint. */
1068 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1069 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1070 *address |= TLB_MMIO;
1071 break;
1072 }
1073 }
1074 }
1075
1076 return iotlb;
1077}
9fa3e853
FB		 1078#endif /* defined(CONFIG_USER_ONLY) */
1079
e2eef170 1080#if !defined(CONFIG_USER_ONLY)
8da3ff18 1081
c227f099 1082static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1083 uint16_t section);
acc9d80b 1084static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1085
a2b257d6
IM		 1086static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1087 qemu_anon_ram_alloc;
91138037
MA		 1088
1089/*
1090 * Set a custom physical guest memory alloator.
1091 * Accelerators with unusual needs may need this. Hopefully, we can
1092 * get rid of it eventually.
1093 */
a2b257d6 1094void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1095{
1096 phys_mem_alloc = alloc;
1097}
1098
53cb28cb
MA		 1099static uint16_t phys_section_add(PhysPageMap *map,
1100 MemoryRegionSection *section)
5312bd8b 1101{
68f3f65b
PB		 1102 /* The physical section number is ORed with a page-aligned
1103 * pointer to produce the iotlb entries. Thus it should
1104 * never overflow into the page-aligned value.
1105 */
53cb28cb 1106 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1107
53cb28cb
MA		 1108 if (map->sections_nb == map->sections_nb_alloc) {
1109 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1110 map->sections = g_renew(MemoryRegionSection, map->sections,
1111 map->sections_nb_alloc);
5312bd8b 1112 }
53cb28cb 1113 map->sections[map->sections_nb] = *section;
dfde4e6e 1114 memory_region_ref(section->mr);
53cb28cb 1115 return map->sections_nb++;
5312bd8b
AK		 1116}
1117
058bc4b5
PB		 1118static void phys_section_destroy(MemoryRegion *mr)
1119{
55b4e80b
DS		 1120 bool have_sub_page = mr->subpage;
1121
dfde4e6e
PB		 1122 memory_region_unref(mr);
1123
55b4e80b 1124 if (have_sub_page) {
058bc4b5 1125 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1126 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1127 g_free(subpage);
1128 }
1129}
1130
6092666e 1131static void phys_sections_free(PhysPageMap *map)
5312bd8b 1132{
9affd6fc
PB		 1133 while (map->sections_nb > 0) {
1134 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1135 phys_section_destroy(section->mr);
1136 }
9affd6fc
PB		 1137 g_free(map->sections);
1138 g_free(map->nodes);
5312bd8b
AK		 1139}
1140
ac1970fb 1141static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1142{
1143 subpage_t *subpage;
a8170e5e 1144 hwaddr base = section->offset_within_address_space
0f0cb164 1145 & TARGET_PAGE_MASK;
97115a8d 1146 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1147 d->map.nodes, d->map.sections);
0f0cb164
AK		 1148 MemoryRegionSection subsection = {
1149 .offset_within_address_space = base,
052e87b0 1150 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1151 };
a8170e5e 1152 hwaddr start, end;
0f0cb164 1153
f3705d53 1154 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1155
f3705d53 1156 if (!(existing->mr->subpage)) {
acc9d80b 1157 subpage = subpage_init(d->as, base);
3be91e86 1158 subsection.address_space = d->as;
0f0cb164 1159 subsection.mr = &subpage->iomem;
ac1970fb 1160 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1161 phys_section_add(&d->map, &subsection));
0f0cb164 1162 } else {
f3705d53 1163 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1164 }
1165 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1166 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1167 subpage_register(subpage, start, end,
1168 phys_section_add(&d->map, section));
0f0cb164
AK		 1169}
1170
1171
052e87b0
PB		 1172static void register_multipage(AddressSpaceDispatch *d,
1173 MemoryRegionSection *section)
33417e70 1174{
a8170e5e 1175 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1176 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1177 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1178 TARGET_PAGE_BITS));
dd81124b 1179
733d5ef5
PB		 1180 assert(num_pages);
1181 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1182}
1183
ac1970fb 1184static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1185{
89ae337a 1186 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1187 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1188 MemoryRegionSection now = *section, remain = *section;
052e87b0 1189 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1190
733d5ef5
PB		 1191 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1192 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1193 - now.offset_within_address_space;
1194
052e87b0 1195 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1196 register_subpage(d, &now);
733d5ef5 1197 } else {
052e87b0 1198 now.size = int128_zero();
733d5ef5 1199 }
052e87b0
PB		 1200 while (int128_ne(remain.size, now.size)) {
1201 remain.size = int128_sub(remain.size, now.size);
1202 remain.offset_within_address_space += int128_get64(now.size);
1203 remain.offset_within_region += int128_get64(now.size);
69b67646 1204 now = remain;
052e87b0 1205 if (int128_lt(remain.size, page_size)) {
733d5ef5 1206 register_subpage(d, &now);
88266249 1207 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1208 now.size = page_size;
ac1970fb 1209 register_subpage(d, &now);
69b67646 1210 } else {
052e87b0 1211 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1212 register_multipage(d, &now);
69b67646 1213 }
0f0cb164
AK		 1214 }
1215}
1216
62a2744c
SY		 1217void qemu_flush_coalesced_mmio_buffer(void)
1218{
1219 if (kvm_enabled())
1220 kvm_flush_coalesced_mmio_buffer();
1221}
1222
b2a8658e
UD		 1223void qemu_mutex_lock_ramlist(void)
1224{
1225 qemu_mutex_lock(&ram_list.mutex);
1226}
1227
1228void qemu_mutex_unlock_ramlist(void)
1229{
1230 qemu_mutex_unlock(&ram_list.mutex);
1231}
1232
e1e84ba0 1233#ifdef __linux__
04b16653
AW		 1234static void *file_ram_alloc(RAMBlock *block,
1235 ram_addr_t memory,
7f56e740
PB		 1236 const char *path,
1237 Error **errp)
c902760f 1238{
fd97fd44 1239 bool unlink_on_error = false;
c902760f 1240 char *filename;
8ca761f6
PF		 1241 char *sanitized_name;
1242 char *c;
794e8f30 1243 void *area;
5c3ece79 1244 int fd = -1;
e1fb6471 1245 int64_t page_size;
c902760f
MT		 1246
1247 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1248 error_setg(errp,
1249 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1250 return NULL;
c902760f
MT		 1251 }
1252
fd97fd44
MA		 1253 for (;;) {
1254 fd = open(path, O_RDWR);
1255 if (fd >= 0) {
1256 /* @path names an existing file, use it */
1257 break;
8d31d6b6 1258 }
fd97fd44
MA		 1259 if (errno == ENOENT) {
1260 /* @path names a file that doesn't exist, create it */
1261 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1262 if (fd >= 0) {
1263 unlink_on_error = true;
1264 break;
1265 }
1266 } else if (errno == EISDIR) {
1267 /* @path names a directory, create a file there */
1268 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1269 sanitized_name = g_strdup(memory_region_name(block->mr));
1270 for (c = sanitized_name; *c != '\0'; c++) {
1271 if (*c == '/') {
1272 *c = '_';
1273 }
1274 }
8ca761f6 1275
fd97fd44
MA		 1276 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1277 sanitized_name);
1278 g_free(sanitized_name);
8d31d6b6 1279
fd97fd44
MA		 1280 fd = mkstemp(filename);
1281 if (fd >= 0) {
1282 unlink(filename);
1283 g_free(filename);
1284 break;
1285 }
1286 g_free(filename);
8d31d6b6 1287 }
fd97fd44
MA		 1288 if (errno != EEXIST && errno != EINTR) {
1289 error_setg_errno(errp, errno,
1290 "can't open backing store %s for guest RAM",
1291 path);
1292 goto error;
1293 }
1294 /*
1295 * Try again on EINTR and EEXIST. The latter happens when
1296 * something else creates the file between our two open().
1297 */
8d31d6b6 1298 }
c902760f 1299
e1fb6471 1300 page_size = qemu_fd_getpagesize(fd);
d2f39add 1301 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1302
e1fb6471 1303 if (memory < page_size) {
fd97fd44
MA		 1304 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1305 "or larger than page size 0x%" PRIx64,
e1fb6471 1306 memory, page_size);
f9a49dfa 1307 goto error;
c902760f 1308 }
c902760f 1309
e1fb6471 1310 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1311
1312 /*
1313 * ftruncate is not supported by hugetlbfs in older
1314 * hosts, so don't bother bailing out on errors.
1315 * If anything goes wrong with it under other filesystems,
1316 * mmap will fail.
1317 */
7f56e740 1318 if (ftruncate(fd, memory)) {
9742bf26 1319 perror("ftruncate");
7f56e740 1320 }
c902760f 1321
d2f39add
DD		 1322 area = qemu_ram_mmap(fd, memory, block->mr->align,
1323 block->flags & RAM_SHARED);
c902760f 1324 if (area == MAP_FAILED) {
7f56e740 1325 error_setg_errno(errp, errno,
fd97fd44 1326 "unable to map backing store for guest RAM");
f9a49dfa 1327 goto error;
c902760f 1328 }
ef36fa14
MT		 1329
1330 if (mem_prealloc) {
38183310 1331 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1332 }
1333
04b16653 1334 block->fd = fd;
c902760f 1335 return area;
f9a49dfa
MT		 1336
1337error:
fd97fd44
MA		 1338 if (unlink_on_error) {
1339 unlink(path);
1340 }
5c3ece79
PB		 1341 if (fd != -1) {
1342 close(fd);
1343 }
f9a49dfa 1344 return NULL;
c902760f
MT		 1345}
1346#endif
1347
0dc3f44a 1348/* Called with the ramlist lock held. */
d17b5288 1349static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1350{
1351 RAMBlock *block, *next_block;
3e837b2c 1352 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1353
49cd9ac6
SH		 1354 assert(size != 0); /* it would hand out same offset multiple times */
1355
0dc3f44a 1356 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1357 return 0;
0d53d9fe 1358 }
04b16653 1359
0dc3f44a 1360 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1361 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1362
62be4e3a 1363 end = block->offset + block->max_length;
04b16653 1364
0dc3f44a 1365 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1366 if (next_block->offset >= end) {
1367 next = MIN(next, next_block->offset);
1368 }
1369 }
1370 if (next - end >= size && next - end < mingap) {
3e837b2c 1371 offset = end;
04b16653
AW		 1372 mingap = next - end;
1373 }
1374 }
3e837b2c
AW		 1375
1376 if (offset == RAM_ADDR_MAX) {
1377 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1378 (uint64_t)size);
1379 abort();
1380 }
1381
04b16653
AW		 1382 return offset;
1383}
1384
652d7ec2 1385ram_addr_t last_ram_offset(void)
d17b5288
AW		 1386{
1387 RAMBlock *block;
1388 ram_addr_t last = 0;
1389
0dc3f44a
MD		 1390 rcu_read_lock();
1391 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1392 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1393 }
0dc3f44a 1394 rcu_read_unlock();
d17b5288
AW		 1395 return last;
1396}
1397
ddb97f1d
JB		 1398static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1399{
1400 int ret;
ddb97f1d
JB		 1401
1402 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1403 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1404 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1405 if (ret) {
1406 perror("qemu_madvise");
1407 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1408 "but dump_guest_core=off specified\n");
1409 }
1410 }
1411}
1412
422148d3
DDAG		 1413const char *qemu_ram_get_idstr(RAMBlock *rb)
1414{
1415 return rb->idstr;
1416}
1417
ae3a7047 1418/* Called with iothread lock held. */
fa53a0e5 1419void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1420{
fa53a0e5 1421 RAMBlock *block;
20cfe881 1422
c5705a77
AK		 1423 assert(new_block);
1424 assert(!new_block->idstr[0]);
84b89d78 1425
09e5ab63
AL		 1426 if (dev) {
1427 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1428 if (id) {
1429 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1430 g_free(id);
84b89d78
CM		 1431 }
1432 }
1433 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1434
ab0a9956 1435 rcu_read_lock();
0dc3f44a 1436 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1437 if (block != new_block &&
1438 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1439 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1440 new_block->idstr);
1441 abort();
1442 }
1443 }
0dc3f44a 1444 rcu_read_unlock();
c5705a77
AK		 1445}
1446
ae3a7047 1447/* Called with iothread lock held. */
fa53a0e5 1448void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1449{
ae3a7047
MD		 1450 /* FIXME: arch_init.c assumes that this is not called throughout
1451 * migration. Ignore the problem since hot-unplug during migration
1452 * does not work anyway.
1453 */
20cfe881
HT		 1454 if (block) {
1455 memset(block->idstr, 0, sizeof(block->idstr));
1456 }
1457}
1458
8490fc78
LC		 1459static int memory_try_enable_merging(void *addr, size_t len)
1460{
75cc7f01 1461 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1462 /* disabled by the user */
1463 return 0;
1464 }
1465
1466 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1467}
1468
62be4e3a
MT		 1469/* Only legal before guest might have detected the memory size: e.g. on
1470 * incoming migration, or right after reset.
1471 *
1472 * As memory core doesn't know how is memory accessed, it is up to
1473 * resize callback to update device state and/or add assertions to detect
1474 * misuse, if necessary.
1475 */
fa53a0e5 1476int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1477{
62be4e3a
MT		 1478 assert(block);
1479
4ed023ce 1480 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1481
62be4e3a
MT		 1482 if (block->used_length == newsize) {
1483 return 0;
1484 }
1485
1486 if (!(block->flags & RAM_RESIZEABLE)) {
1487 error_setg_errno(errp, EINVAL,
1488 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1489 " in != 0x" RAM_ADDR_FMT, block->idstr,
1490 newsize, block->used_length);
1491 return -EINVAL;
1492 }
1493
1494 if (block->max_length < newsize) {
1495 error_setg_errno(errp, EINVAL,
1496 "Length too large: %s: 0x" RAM_ADDR_FMT
1497 " > 0x" RAM_ADDR_FMT, block->idstr,
1498 newsize, block->max_length);
1499 return -EINVAL;
1500 }
1501
1502 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1503 block->used_length = newsize;
58d2707e
PB		 1504 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1505 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1506 memory_region_set_size(block->mr, newsize);
1507 if (block->resized) {
1508 block->resized(block->idstr, newsize, block->host);
1509 }
1510 return 0;
1511}
1512
5b82b703
SH		 1513/* Called with ram_list.mutex held */
1514static void dirty_memory_extend(ram_addr_t old_ram_size,
1515 ram_addr_t new_ram_size)
1516{
1517 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1518 DIRTY_MEMORY_BLOCK_SIZE);
1519 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1520 DIRTY_MEMORY_BLOCK_SIZE);
1521 int i;
1522
1523 /* Only need to extend if block count increased */
1524 if (new_num_blocks <= old_num_blocks) {
1525 return;
1526 }
1527
1528 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1529 DirtyMemoryBlocks *old_blocks;
1530 DirtyMemoryBlocks *new_blocks;
1531 int j;
1532
1533 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1534 new_blocks = g_malloc(sizeof(*new_blocks) +
1535 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1536
1537 if (old_num_blocks) {
1538 memcpy(new_blocks->blocks, old_blocks->blocks,
1539 old_num_blocks * sizeof(old_blocks->blocks[0]));
1540 }
1541
1542 for (j = old_num_blocks; j < new_num_blocks; j++) {
1543 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1544 }
1545
1546 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1547
1548 if (old_blocks) {
1549 g_free_rcu(old_blocks, rcu);
1550 }
1551 }
1552}
1553
528f46af 1554static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1555{
e1c57ab8 1556 RAMBlock *block;
0d53d9fe 1557 RAMBlock *last_block = NULL;
2152f5ca 1558 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1559 Error *err = NULL;
2152f5ca
JQ		 1560
1561 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1562
b2a8658e 1563 qemu_mutex_lock_ramlist();
9b8424d5 1564 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1565
1566 if (!new_block->host) {
1567 if (xen_enabled()) {
9b8424d5 1568 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1569 new_block->mr, &err);
1570 if (err) {
1571 error_propagate(errp, err);
1572 qemu_mutex_unlock_ramlist();
39c350ee 1573 return;
37aa7a0e 1574 }
e1c57ab8 1575 } else {
9b8424d5 1576 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1577 &new_block->mr->align);
39228250 1578 if (!new_block->host) {
ef701d7b
HT		 1579 error_setg_errno(errp, errno,
1580 "cannot set up guest memory '%s'",
1581 memory_region_name(new_block->mr));
1582 qemu_mutex_unlock_ramlist();
39c350ee 1583 return;
39228250 1584 }
9b8424d5 1585 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1586 }
c902760f 1587 }
94a6b54f 1588
dd631697
LZ		 1589 new_ram_size = MAX(old_ram_size,
1590 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1591 if (new_ram_size > old_ram_size) {
1592 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1593 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1594 }
0d53d9fe
MD		 1595 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1596 * QLIST (which has an RCU-friendly variant) does not have insertion at
1597 * tail, so save the last element in last_block.
1598 */
0dc3f44a 1599 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1600 last_block = block;
9b8424d5 1601 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1602 break;
1603 }
1604 }
1605 if (block) {
0dc3f44a 1606 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1607 } else if (last_block) {
0dc3f44a 1608 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1609 } else { /* list is empty */
0dc3f44a 1610 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1611 }
0d6d3c87 1612 ram_list.mru_block = NULL;
94a6b54f 1613
0dc3f44a
MD		 1614 /* Write list before version */
1615 smp_wmb();
f798b07f 1616 ram_list.version++;
b2a8658e 1617 qemu_mutex_unlock_ramlist();
f798b07f 1618
9b8424d5 1619 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1620 new_block->used_length,
1621 DIRTY_CLIENTS_ALL);
94a6b54f 1622
a904c911
PB		 1623 if (new_block->host) {
1624 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1625 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1626 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1627 if (kvm_enabled()) {
1628 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1629 }
e1c57ab8 1630 }
94a6b54f 1631}
e9a1ab19 1632
0b183fc8 1633#ifdef __linux__
528f46af
FZ		 1634RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1635 bool share, const char *mem_path,
1636 Error **errp)
e1c57ab8
PB		 1637{
1638 RAMBlock *new_block;
ef701d7b 1639 Error *local_err = NULL;
e1c57ab8
PB		 1640
1641 if (xen_enabled()) {
7f56e740 1642 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1643 return NULL;
e1c57ab8
PB		 1644 }
1645
1646 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1647 /*
1648 * file_ram_alloc() needs to allocate just like
1649 * phys_mem_alloc, but we haven't bothered to provide
1650 * a hook there.
1651 */
7f56e740
PB		 1652 error_setg(errp,
1653 "-mem-path not supported with this accelerator");
528f46af 1654 return NULL;
e1c57ab8
PB		 1655 }
1656
4ed023ce 1657 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1658 new_block = g_malloc0(sizeof(*new_block));
1659 new_block->mr = mr;
9b8424d5
MT		 1660 new_block->used_length = size;
1661 new_block->max_length = size;
dbcb8981 1662 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1663 new_block->host = file_ram_alloc(new_block, size,
1664 mem_path, errp);
1665 if (!new_block->host) {
1666 g_free(new_block);
528f46af 1667 return NULL;
7f56e740
PB		 1668 }
1669
528f46af 1670 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1671 if (local_err) {
1672 g_free(new_block);
1673 error_propagate(errp, local_err);
528f46af 1674 return NULL;
ef701d7b 1675 }
528f46af 1676 return new_block;
e1c57ab8 1677}
0b183fc8 1678#endif
e1c57ab8 1679
62be4e3a 1680static
528f46af
FZ		 1681RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1682 void (*resized)(const char*,
1683 uint64_t length,
1684 void *host),
1685 void *host, bool resizeable,
1686 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1687{
1688 RAMBlock *new_block;
ef701d7b 1689 Error *local_err = NULL;
e1c57ab8 1690
4ed023ce
DDAG		 1691 size = HOST_PAGE_ALIGN(size);
1692 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1693 new_block = g_malloc0(sizeof(*new_block));
1694 new_block->mr = mr;
62be4e3a 1695 new_block->resized = resized;
9b8424d5
MT		 1696 new_block->used_length = size;
1697 new_block->max_length = max_size;
62be4e3a 1698 assert(max_size >= size);
e1c57ab8
PB		 1699 new_block->fd = -1;
1700 new_block->host = host;
1701 if (host) {
7bd4f430 1702 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1703 }
62be4e3a
MT		 1704 if (resizeable) {
1705 new_block->flags |= RAM_RESIZEABLE;
1706 }
528f46af 1707 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1708 if (local_err) {
1709 g_free(new_block);
1710 error_propagate(errp, local_err);
528f46af 1711 return NULL;
ef701d7b 1712 }
528f46af 1713 return new_block;
e1c57ab8
PB		 1714}
1715
528f46af 1716RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1717 MemoryRegion *mr, Error **errp)
1718{
1719 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1720}
1721
528f46af 1722RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1723{
62be4e3a
MT		 1724 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1725}
1726
528f46af 1727RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1728 void (*resized)(const char*,
1729 uint64_t length,
1730 void *host),
1731 MemoryRegion *mr, Error **errp)
1732{
1733 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1734}
1735
43771539
PB		 1736static void reclaim_ramblock(RAMBlock *block)
1737{
1738 if (block->flags & RAM_PREALLOC) {
1739 ;
1740 } else if (xen_enabled()) {
1741 xen_invalidate_map_cache_entry(block->host);
1742#ifndef _WIN32
1743 } else if (block->fd >= 0) {
2f3a2bb1 1744 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1745 close(block->fd);
1746#endif
1747 } else {
1748 qemu_anon_ram_free(block->host, block->max_length);
1749 }
1750 g_free(block);
1751}
1752
f1060c55 1753void qemu_ram_free(RAMBlock *block)
e9a1ab19 1754{
85bc2a15
MAL		 1755 if (!block) {
1756 return;
1757 }
1758
b2a8658e 1759 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1760 QLIST_REMOVE_RCU(block, next);
1761 ram_list.mru_block = NULL;
1762 /* Write list before version */
1763 smp_wmb();
1764 ram_list.version++;
1765 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1766 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1767}
1768
cd19cfa2
HY		 1769#ifndef _WIN32
1770void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1771{
1772 RAMBlock *block;
1773 ram_addr_t offset;
1774 int flags;
1775 void *area, *vaddr;
1776
0dc3f44a 1777 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1778 offset = addr - block->offset;
9b8424d5 1779 if (offset < block->max_length) {
1240be24 1780 vaddr = ramblock_ptr(block, offset);
7bd4f430 1781 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1782 ;
dfeaf2ab
MA		 1783 } else if (xen_enabled()) {
1784 abort();
cd19cfa2
HY		 1785 } else {
1786 flags = MAP_FIXED;
3435f395 1787 if (block->fd >= 0) {
dbcb8981
PB		 1788 flags |= (block->flags & RAM_SHARED ?
1789 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1790 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1791 flags, block->fd, offset);
cd19cfa2 1792 } else {
2eb9fbaa
MA		 1793 /*
1794 * Remap needs to match alloc. Accelerators that
1795 * set phys_mem_alloc never remap. If they did,
1796 * we'd need a remap hook here.
1797 */
1798 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1799
cd19cfa2
HY		 1800 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1801 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1802 flags, -1, 0);
cd19cfa2
HY		 1803 }
1804 if (area != vaddr) {
f15fbc4b
AP		 1805 fprintf(stderr, "Could not remap addr: "
1806 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1807 length, addr);
1808 exit(1);
1809 }
8490fc78 1810 memory_try_enable_merging(vaddr, length);
ddb97f1d 1811 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1812 }
cd19cfa2
HY		 1813 }
1814 }
1815}
1816#endif /* !_WIN32 */
1817
1b5ec234 1818/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1819 * This should not be used for general purpose DMA. Use address_space_map
1820 * or address_space_rw instead. For local memory (e.g. video ram) that the
1821 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1822 *
49b24afc 1823 * Called within RCU critical section.
1b5ec234 1824 */
3655cb9c 1825void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1826{
3655cb9c
GA		 1827 RAMBlock *block = ram_block;
1828
1829 if (block == NULL) {
1830 block = qemu_get_ram_block(addr);
1831 }
ae3a7047
MD		 1832
1833 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1834 /* We need to check if the requested address is in the RAM
1835 * because we don't want to map the entire memory in QEMU.
1836 * In that case just map until the end of the page.
1837 */
1838 if (block->offset == 0) {
49b24afc 1839 return xen_map_cache(addr, 0, 0);
0d6d3c87 1840 }
ae3a7047
MD		 1841
1842 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1843 }
49b24afc 1844 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1845}
1846
38bee5dc 1847/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1848 * but takes a size argument.
0dc3f44a 1849 *
e81bcda5 1850 * Called within RCU critical section.
ae3a7047 1851 */
3655cb9c
GA		 1852static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1853 hwaddr *size)
38bee5dc 1854{
3655cb9c 1855 RAMBlock *block = ram_block;
e81bcda5 1856 ram_addr_t offset_inside_block;
8ab934f9
SS		 1857 if (*size == 0) {
1858 return NULL;
1859 }
e81bcda5 1860
3655cb9c
GA		 1861 if (block == NULL) {
1862 block = qemu_get_ram_block(addr);
1863 }
e81bcda5
PB		 1864 offset_inside_block = addr - block->offset;
1865 *size = MIN(*size, block->max_length - offset_inside_block);
1866
1867 if (xen_enabled() && block->host == NULL) {
1868 /* We need to check if the requested address is in the RAM
1869 * because we don't want to map the entire memory in QEMU.
1870 * In that case just map the requested area.
1871 */
1872 if (block->offset == 0) {
1873 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1874 }
1875
e81bcda5 1876 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1877 }
e81bcda5
PB		 1878
1879 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1880}
1881
422148d3
DDAG		 1882/*
1883 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1884 * in that RAMBlock.
1885 *
1886 * ptr: Host pointer to look up
1887 * round_offset: If true round the result offset down to a page boundary
1888 * *ram_addr: set to result ram_addr
1889 * *offset: set to result offset within the RAMBlock
1890 *
1891 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1892 *
1893 * By the time this function returns, the returned pointer is not protected
1894 * by RCU anymore. If the caller is not within an RCU critical section and
1895 * does not hold the iothread lock, it must have other means of protecting the
1896 * pointer, such as a reference to the region that includes the incoming
1897 * ram_addr_t.
1898 */
422148d3 1899RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1900 ram_addr_t *offset)
5579c7f3 1901{
94a6b54f
PB		 1902 RAMBlock *block;
1903 uint8_t *host = ptr;
1904
868bb33f 1905 if (xen_enabled()) {
f615f396 1906 ram_addr_t ram_addr;
0dc3f44a 1907 rcu_read_lock();
f615f396
PB		 1908 ram_addr = xen_ram_addr_from_mapcache(ptr);
1909 block = qemu_get_ram_block(ram_addr);
422148d3
DDAG		 1910 if (block) {
1911 *offset = (host - block->host);
1912 }
0dc3f44a 1913 rcu_read_unlock();
422148d3 1914 return block;
712c2b41
SS		 1915 }
1916
0dc3f44a
MD		 1917 rcu_read_lock();
1918 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1919 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1920 goto found;
1921 }
1922
0dc3f44a 1923 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1924 /* This case append when the block is not mapped. */
1925 if (block->host == NULL) {
1926 continue;
1927 }
9b8424d5 1928 if (host - block->host < block->max_length) {
23887b79 1929 goto found;
f471a17e 1930 }
94a6b54f 1931 }
432d268c 1932
0dc3f44a 1933 rcu_read_unlock();
1b5ec234 1934 return NULL;
23887b79
PB		 1935
1936found:
422148d3
DDAG		 1937 *offset = (host - block->host);
1938 if (round_offset) {
1939 *offset &= TARGET_PAGE_MASK;
1940 }
0dc3f44a 1941 rcu_read_unlock();
422148d3
DDAG		 1942 return block;
1943}
1944
e3dd7493
DDAG		 1945/*
1946 * Finds the named RAMBlock
1947 *
1948 * name: The name of RAMBlock to find
1949 *
1950 * Returns: RAMBlock (or NULL if not found)
1951 */
1952RAMBlock *qemu_ram_block_by_name(const char *name)
1953{
1954 RAMBlock *block;
1955
1956 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1957 if (!strcmp(name, block->idstr)) {
1958 return block;
1959 }
1960 }
1961
1962 return NULL;
1963}
1964
422148d3
DDAG		 1965/* Some of the softmmu routines need to translate from a host pointer
1966 (typically a TLB entry) back to a ram offset. */
07bdaa41 1967ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1968{
1969 RAMBlock *block;
f615f396 1970 ram_addr_t offset;
422148d3 1971
f615f396 1972 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1973 if (!block) {
07bdaa41 1974 return RAM_ADDR_INVALID;
422148d3
DDAG		 1975 }
1976
07bdaa41 1977 return block->offset + offset;
e890261f 1978}
f471a17e 1979
49b24afc 1980/* Called within RCU critical section. */
a8170e5e 1981static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1982 uint64_t val, unsigned size)
9fa3e853 1983{
52159192 1984 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1985 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1986 }
0e0df1e2
AK		 1987 switch (size) {
1988 case 1:
3655cb9c 1989 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1990 break;
1991 case 2:
3655cb9c 1992 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1993 break;
1994 case 4:
3655cb9c 1995 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1996 break;
1997 default:
1998 abort();
3a7d929e 1999 }
58d2707e
PB		 2000 /* Set both VGA and migration bits for simplicity and to remove
2001 * the notdirty callback faster.
2002 */
2003 cpu_physical_memory_set_dirty_range(ram_addr, size,
2004 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2005 /* we remove the notdirty callback only if the code has been
2006 flushed */
a2cd8c85 2007 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2008 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2009 }
9fa3e853
FB		 2010}
2011
b018ddf6
PB		 2012static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2013 unsigned size, bool is_write)
2014{
2015 return is_write;
2016}
2017
0e0df1e2 2018static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2019 .write = notdirty_mem_write,
b018ddf6 2020 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2021 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2022};
2023
0f459d16 2024/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2025static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2026{
93afeade 2027 CPUState *cpu = current_cpu;
568496c0 2028 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2029 CPUArchState *env = cpu->env_ptr;
06d55cc1 2030 target_ulong pc, cs_base;
0f459d16 2031 target_ulong vaddr;
a1d1bb31 2032 CPUWatchpoint *wp;
89fee74a 2033 uint32_t cpu_flags;
0f459d16 2034
ff4700b0 2035 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2036 /* We re-entered the check after replacing the TB. Now raise
2037 * the debug interrupt so that is will trigger after the
2038 * current instruction. */
93afeade 2039 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2040 return;
2041 }
93afeade 2042 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2043 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2044 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2045 && (wp->flags & flags)) {
08225676
PM		 2046 if (flags == BP_MEM_READ) {
2047 wp->flags |= BP_WATCHPOINT_HIT_READ;
2048 } else {
2049 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2050 }
2051 wp->hitaddr = vaddr;
66b9b43c 2052 wp->hitattrs = attrs;
ff4700b0 2053 if (!cpu->watchpoint_hit) {
568496c0
SF		 2054 if (wp->flags & BP_CPU &&
2055 !cc->debug_check_watchpoint(cpu, wp)) {
2056 wp->flags &= ~BP_WATCHPOINT_HIT;
2057 continue;
2058 }
ff4700b0 2059 cpu->watchpoint_hit = wp;
239c51a5 2060 tb_check_watchpoint(cpu);
6e140f28 2061 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2062 cpu->exception_index = EXCP_DEBUG;
5638d180 2063 cpu_loop_exit(cpu);
6e140f28
AL		 2064 } else {
2065 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2066 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2067 cpu_resume_from_signal(cpu, NULL);
6e140f28 2068 }
06d55cc1 2069 }
6e140f28
AL		 2070 } else {
2071 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2072 }
2073 }
2074}
2075
6658ffb8
PB		 2076/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2077 so these check for a hit then pass through to the normal out-of-line
2078 phys routines. */
66b9b43c
PM		 2079static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2080 unsigned size, MemTxAttrs attrs)
6658ffb8 2081{
66b9b43c
PM		 2082 MemTxResult res;
2083 uint64_t data;
79ed0416
PM		 2084 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2085 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2086
2087 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2088 switch (size) {
66b9b43c 2089 case 1:
79ed0416 2090 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2091 break;
2092 case 2:
79ed0416 2093 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2094 break;
2095 case 4:
79ed0416 2096 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2097 break;
1ec9b909
AK		 2098 default: abort();
2099 }
66b9b43c
PM		 2100 *pdata = data;
2101 return res;
6658ffb8
PB		 2102}
2103
66b9b43c
PM		 2104static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2105 uint64_t val, unsigned size,
2106 MemTxAttrs attrs)
6658ffb8 2107{
66b9b43c 2108 MemTxResult res;
79ed0416
PM		 2109 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2110 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2111
2112 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2113 switch (size) {
67364150 2114 case 1:
79ed0416 2115 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2116 break;
2117 case 2:
79ed0416 2118 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2119 break;
2120 case 4:
79ed0416 2121 address_space_stl(as, addr, val, attrs, &res);
67364150 2122 break;
1ec9b909
AK		 2123 default: abort();
2124 }
66b9b43c 2125 return res;
6658ffb8
PB		 2126}
2127
1ec9b909 2128static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2129 .read_with_attrs = watch_mem_read,
2130 .write_with_attrs = watch_mem_write,
1ec9b909 2131 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2132};
6658ffb8 2133
f25a49e0
PM		 2134static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2135 unsigned len, MemTxAttrs attrs)
db7b5426 2136{
acc9d80b 2137 subpage_t *subpage = opaque;
ff6cff75 2138 uint8_t buf[8];
5c9eb028 2139 MemTxResult res;
791af8c8 2140
db7b5426 2141#if defined(DEBUG_SUBPAGE)
016e9d62 2142 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2143 subpage, len, addr);
db7b5426 2144#endif
5c9eb028
PM		 2145 res = address_space_read(subpage->as, addr + subpage->base,
2146 attrs, buf, len);
2147 if (res) {
2148 return res;
f25a49e0 2149 }
acc9d80b
JK		 2150 switch (len) {
2151 case 1:
f25a49e0
PM		 2152 *data = ldub_p(buf);
2153 return MEMTX_OK;
acc9d80b 2154 case 2:
f25a49e0
PM		 2155 *data = lduw_p(buf);
2156 return MEMTX_OK;
acc9d80b 2157 case 4:
f25a49e0
PM		 2158 *data = ldl_p(buf);
2159 return MEMTX_OK;
ff6cff75 2160 case 8:
f25a49e0
PM		 2161 *data = ldq_p(buf);
2162 return MEMTX_OK;
acc9d80b
JK		 2163 default:
2164 abort();
2165 }
db7b5426
BS		 2166}
2167
f25a49e0
PM		 2168static MemTxResult subpage_write(void *opaque, hwaddr addr,
2169 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2170{
acc9d80b 2171 subpage_t *subpage = opaque;
ff6cff75 2172 uint8_t buf[8];
acc9d80b 2173
db7b5426 2174#if defined(DEBUG_SUBPAGE)
016e9d62 2175 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2176 " value %"PRIx64"\n",
2177 __func__, subpage, len, addr, value);
db7b5426 2178#endif
acc9d80b
JK		 2179 switch (len) {
2180 case 1:
2181 stb_p(buf, value);
2182 break;
2183 case 2:
2184 stw_p(buf, value);
2185 break;
2186 case 4:
2187 stl_p(buf, value);
2188 break;
ff6cff75
PB		 2189 case 8:
2190 stq_p(buf, value);
2191 break;
acc9d80b
JK		 2192 default:
2193 abort();
2194 }
5c9eb028
PM		 2195 return address_space_write(subpage->as, addr + subpage->base,
2196 attrs, buf, len);
db7b5426
BS		 2197}
2198
c353e4cc 2199static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2200 unsigned len, bool is_write)
c353e4cc 2201{
acc9d80b 2202 subpage_t *subpage = opaque;
c353e4cc 2203#if defined(DEBUG_SUBPAGE)
016e9d62 2204 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2205 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2206#endif
2207
acc9d80b 2208 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2209 len, is_write);
c353e4cc
PB		 2210}
2211
70c68e44 2212static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2213 .read_with_attrs = subpage_read,
2214 .write_with_attrs = subpage_write,
ff6cff75
PB		 2215 .impl.min_access_size = 1,
2216 .impl.max_access_size = 8,
2217 .valid.min_access_size = 1,
2218 .valid.max_access_size = 8,
c353e4cc 2219 .valid.accepts = subpage_accepts,
70c68e44 2220 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2221};
2222
c227f099 2223static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2224 uint16_t section)
db7b5426
BS		 2225{
2226 int idx, eidx;
2227
2228 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2229 return -1;
2230 idx = SUBPAGE_IDX(start);
2231 eidx = SUBPAGE_IDX(end);
2232#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2233 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2234 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2235#endif
db7b5426 2236 for (; idx <= eidx; idx++) {
5312bd8b 2237 mmio->sub_section[idx] = section;
db7b5426
BS		 2238 }
2239
2240 return 0;
2241}
2242
acc9d80b 2243static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2244{
c227f099 2245 subpage_t *mmio;
db7b5426 2246
7267c094 2247 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2248
acc9d80b 2249 mmio->as = as;
1eec614b 2250 mmio->base = base;
2c9b15ca 2251 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2252 NULL, TARGET_PAGE_SIZE);
b3b00c78 2253 mmio->iomem.subpage = true;
db7b5426 2254#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2255 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2256 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2257#endif
b41aac4f 2258 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2259
2260 return mmio;
2261}
2262
a656e22f
PC		 2263static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2264 MemoryRegion *mr)
5312bd8b 2265{
a656e22f 2266 assert(as);
5312bd8b 2267 MemoryRegionSection section = {
a656e22f 2268 .address_space = as,
5312bd8b
AK		 2269 .mr = mr,
2270 .offset_within_address_space = 0,
2271 .offset_within_region = 0,
052e87b0 2272 .size = int128_2_64(),
5312bd8b
AK		 2273 };
2274
53cb28cb 2275 return phys_section_add(map, &section);
5312bd8b
AK		 2276}
2277
a54c87b6 2278MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2279{
a54c87b6
PM		 2280 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2281 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2282 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2283 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2284
2285 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2286}
2287
e9179ce1
AK		 2288static void io_mem_init(void)
2289{
1f6245e5 2290 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2291 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2292 NULL, UINT64_MAX);
2c9b15ca 2293 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2294 NULL, UINT64_MAX);
2c9b15ca 2295 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2296 NULL, UINT64_MAX);
e9179ce1
AK		 2297}
2298
ac1970fb 2299static void mem_begin(MemoryListener *listener)
00752703
PB		 2300{
2301 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2302 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2303 uint16_t n;
2304
a656e22f 2305 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2306 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2307 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2308 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2309 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2310 assert(n == PHYS_SECTION_ROM);
a656e22f 2311 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2312 assert(n == PHYS_SECTION_WATCH);
00752703 2313
9736e55b 2314 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2315 d->as = as;
2316 as->next_dispatch = d;
2317}
2318
79e2b9ae
PB		 2319static void address_space_dispatch_free(AddressSpaceDispatch *d)
2320{
2321 phys_sections_free(&d->map);
2322 g_free(d);
2323}
2324
00752703 2325static void mem_commit(MemoryListener *listener)
ac1970fb 2326{
89ae337a 2327 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2328 AddressSpaceDispatch *cur = as->dispatch;
2329 AddressSpaceDispatch *next = as->next_dispatch;
2330
53cb28cb 2331 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2332
79e2b9ae 2333 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2334 if (cur) {
79e2b9ae 2335 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2336 }
9affd6fc
PB		 2337}
2338
1d71148e 2339static void tcg_commit(MemoryListener *listener)
50c1e149 2340{
32857f4d
PM		 2341 CPUAddressSpace *cpuas;
2342 AddressSpaceDispatch *d;
117712c3
AK		 2343
2344 /* since each CPU stores ram addresses in its TLB cache, we must
2345 reset the modified entries */
32857f4d
PM		 2346 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2347 cpu_reloading_memory_map();
2348 /* The CPU and TLB are protected by the iothread lock.
2349 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2350 * may have split the RCU critical section.
2351 */
2352 d = atomic_rcu_read(&cpuas->as->dispatch);
2353 cpuas->memory_dispatch = d;
2354 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2355}
2356
ac1970fb
AK		 2357void address_space_init_dispatch(AddressSpace *as)
2358{
00752703 2359 as->dispatch = NULL;
89ae337a 2360 as->dispatch_listener = (MemoryListener) {
ac1970fb 2361 .begin = mem_begin,
00752703 2362 .commit = mem_commit,
ac1970fb
AK		 2363 .region_add = mem_add,
2364 .region_nop = mem_add,
2365 .priority = 0,
2366 };
89ae337a 2367 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2368}
2369
6e48e8f9
PB		 2370void address_space_unregister(AddressSpace *as)
2371{
2372 memory_listener_unregister(&as->dispatch_listener);
2373}
2374
83f3c251
AK		 2375void address_space_destroy_dispatch(AddressSpace *as)
2376{
2377 AddressSpaceDispatch *d = as->dispatch;
2378
79e2b9ae
PB		 2379 atomic_rcu_set(&as->dispatch, NULL);
2380 if (d) {
2381 call_rcu(d, address_space_dispatch_free, rcu);
2382 }
83f3c251
AK		 2383}
2384
62152b8a
AK		 2385static void memory_map_init(void)
2386{
7267c094 2387 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2388
57271d63 2389 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2390 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2391
7267c094 2392 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2393 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2394 65536);
7dca8043 2395 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2396}
2397
2398MemoryRegion *get_system_memory(void)
2399{
2400 return system_memory;
2401}
2402
309cb471
AK		 2403MemoryRegion *get_system_io(void)
2404{
2405 return system_io;
2406}
2407
e2eef170
PB		 2408#endif /* !defined(CONFIG_USER_ONLY) */
2409
13eb76e0
FB		 2410/* physical memory access (slow version, mainly for debug) */
2411#if defined(CONFIG_USER_ONLY)
f17ec444 2412int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2413 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2414{
2415 int l, flags;
2416 target_ulong page;
53a5960a 2417 void * p;
13eb76e0
FB		 2418
2419 while (len > 0) {
2420 page = addr & TARGET_PAGE_MASK;
2421 l = (page + TARGET_PAGE_SIZE) - addr;
2422 if (l > len)
2423 l = len;
2424 flags = page_get_flags(page);
2425 if (!(flags & PAGE_VALID))
a68fe89c 2426 return -1;
13eb76e0
FB		 2427 if (is_write) {
2428 if (!(flags & PAGE_WRITE))
a68fe89c 2429 return -1;
579a97f7 2430 /* XXX: this code should not depend on lock_user */
72fb7daa 2431 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2432 return -1;
72fb7daa
AJ		 2433 memcpy(p, buf, l);
2434 unlock_user(p, addr, l);
13eb76e0
FB		 2435 } else {
2436 if (!(flags & PAGE_READ))
a68fe89c 2437 return -1;
579a97f7 2438 /* XXX: this code should not depend on lock_user */
72fb7daa 2439 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2440 return -1;
72fb7daa 2441 memcpy(buf, p, l);
5b257578 2442 unlock_user(p, addr, 0);
13eb76e0
FB		 2443 }
2444 len -= l;
2445 buf += l;
2446 addr += l;
2447 }
a68fe89c 2448 return 0;
13eb76e0 2449}
8df1cd07 2450
13eb76e0 2451#else
51d7a9eb 2452
845b6214 2453static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2454 hwaddr length)
51d7a9eb 2455{
e87f7778
PB		 2456 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2457 /* No early return if dirty_log_mask is or becomes 0, because
2458 * cpu_physical_memory_set_dirty_range will still call
2459 * xen_modified_memory.
2460 */
2461 if (dirty_log_mask) {
2462 dirty_log_mask =
2463 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2464 }
2465 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2466 tb_invalidate_phys_range(addr, addr + length);
2467 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2468 }
e87f7778 2469 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2470}
2471
23326164 2472static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2473{
e1622f4b 2474 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2475
2476 /* Regions are assumed to support 1-4 byte accesses unless
2477 otherwise specified. */
23326164
RH		 2478 if (access_size_max == 0) {
2479 access_size_max = 4;
2480 }
2481
2482 /* Bound the maximum access by the alignment of the address. */
2483 if (!mr->ops->impl.unaligned) {
2484 unsigned align_size_max = addr & -addr;
2485 if (align_size_max != 0 && align_size_max < access_size_max) {
2486 access_size_max = align_size_max;
2487 }
82f2563f 2488 }
23326164
RH		 2489
2490 /* Don't attempt accesses larger than the maximum. */
2491 if (l > access_size_max) {
2492 l = access_size_max;
82f2563f 2493 }
6554f5c0 2494 l = pow2floor(l);
23326164
RH		 2495
2496 return l;
82f2563f
PB		 2497}
2498
4840f10e 2499static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2500{
4840f10e
JK		 2501 bool unlocked = !qemu_mutex_iothread_locked();
2502 bool release_lock = false;
2503
2504 if (unlocked && mr->global_locking) {
2505 qemu_mutex_lock_iothread();
2506 unlocked = false;
2507 release_lock = true;
2508 }
125b3806 2509 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2510 if (unlocked) {
2511 qemu_mutex_lock_iothread();
2512 }
125b3806 2513 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2514 if (unlocked) {
2515 qemu_mutex_unlock_iothread();
2516 }
125b3806 2517 }
4840f10e
JK		 2518
2519 return release_lock;
125b3806
PB		 2520}
2521
a203ac70
PB		 2522/* Called within RCU critical section. */
2523static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2524 MemTxAttrs attrs,
2525 const uint8_t *buf,
2526 int len, hwaddr addr1,
2527 hwaddr l, MemoryRegion *mr)
13eb76e0 2528{
13eb76e0 2529 uint8_t *ptr;
791af8c8 2530 uint64_t val;
3b643495 2531 MemTxResult result = MEMTX_OK;
4840f10e 2532 bool release_lock = false;
3b46e624 2533
a203ac70 2534 for (;;) {
eb7eeb88
PB		 2535 if (!memory_access_is_direct(mr, true)) {
2536 release_lock |= prepare_mmio_access(mr);
2537 l = memory_access_size(mr, l, addr1);
2538 /* XXX: could force current_cpu to NULL to avoid
2539 potential bugs */
2540 switch (l) {
2541 case 8:
2542 /* 64 bit write access */
2543 val = ldq_p(buf);
2544 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2545 attrs);
2546 break;
2547 case 4:
2548 /* 32 bit write access */
2549 val = ldl_p(buf);
2550 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2551 attrs);
2552 break;
2553 case 2:
2554 /* 16 bit write access */
2555 val = lduw_p(buf);
2556 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2557 attrs);
2558 break;
2559 case 1:
2560 /* 8 bit write access */
2561 val = ldub_p(buf);
2562 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2563 attrs);
2564 break;
2565 default:
2566 abort();
13eb76e0
FB		 2567 }
2568 } else {
eb7eeb88
PB		 2569 addr1 += memory_region_get_ram_addr(mr);
2570 /* RAM case */
3655cb9c 2571 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2572 memcpy(ptr, buf, l);
2573 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2574 }
4840f10e
JK		 2575
2576 if (release_lock) {
2577 qemu_mutex_unlock_iothread();
2578 release_lock = false;
2579 }
2580
13eb76e0
FB		 2581 len -= l;
2582 buf += l;
2583 addr += l;
a203ac70
PB		 2584
2585 if (!len) {
2586 break;
2587 }
2588
2589 l = len;
2590 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2591 }
fd8aaa76 2592
3b643495 2593 return result;
13eb76e0 2594}
8df1cd07 2595
a203ac70
PB		 2596MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2597 const uint8_t *buf, int len)
ac1970fb 2598{
eb7eeb88 2599 hwaddr l;
eb7eeb88
PB		 2600 hwaddr addr1;
2601 MemoryRegion *mr;
2602 MemTxResult result = MEMTX_OK;
eb7eeb88 2603
a203ac70
PB		 2604 if (len > 0) {
2605 rcu_read_lock();
eb7eeb88 2606 l = len;
a203ac70
PB		 2607 mr = address_space_translate(as, addr, &addr1, &l, true);
2608 result = address_space_write_continue(as, addr, attrs, buf, len,
2609 addr1, l, mr);
2610 rcu_read_unlock();
2611 }
2612
2613 return result;
2614}
2615
2616/* Called within RCU critical section. */
2617MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2618 MemTxAttrs attrs, uint8_t *buf,
2619 int len, hwaddr addr1, hwaddr l,
2620 MemoryRegion *mr)
2621{
2622 uint8_t *ptr;
2623 uint64_t val;
2624 MemTxResult result = MEMTX_OK;
2625 bool release_lock = false;
eb7eeb88 2626
a203ac70 2627 for (;;) {
eb7eeb88
PB		 2628 if (!memory_access_is_direct(mr, false)) {
2629 /* I/O case */
2630 release_lock |= prepare_mmio_access(mr);
2631 l = memory_access_size(mr, l, addr1);
2632 switch (l) {
2633 case 8:
2634 /* 64 bit read access */
2635 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2636 attrs);
2637 stq_p(buf, val);
2638 break;
2639 case 4:
2640 /* 32 bit read access */
2641 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2642 attrs);
2643 stl_p(buf, val);
2644 break;
2645 case 2:
2646 /* 16 bit read access */
2647 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2648 attrs);
2649 stw_p(buf, val);
2650 break;
2651 case 1:
2652 /* 8 bit read access */
2653 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2654 attrs);
2655 stb_p(buf, val);
2656 break;
2657 default:
2658 abort();
2659 }
2660 } else {
2661 /* RAM case */
8e41fb63
FZ		 2662 ptr = qemu_get_ram_ptr(mr->ram_block,
2663 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2664 memcpy(buf, ptr, l);
2665 }
2666
2667 if (release_lock) {
2668 qemu_mutex_unlock_iothread();
2669 release_lock = false;
2670 }
2671
2672 len -= l;
2673 buf += l;
2674 addr += l;
a203ac70
PB		 2675
2676 if (!len) {
2677 break;
2678 }
2679
2680 l = len;
2681 mr = address_space_translate(as, addr, &addr1, &l, false);
2682 }
2683
2684 return result;
2685}
2686
3cc8f884
PB		 2687MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2688 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2689{
2690 hwaddr l;
2691 hwaddr addr1;
2692 MemoryRegion *mr;
2693 MemTxResult result = MEMTX_OK;
2694
2695 if (len > 0) {
2696 rcu_read_lock();
2697 l = len;
2698 mr = address_space_translate(as, addr, &addr1, &l, false);
2699 result = address_space_read_continue(as, addr, attrs, buf, len,
2700 addr1, l, mr);
2701 rcu_read_unlock();
eb7eeb88 2702 }
eb7eeb88
PB		 2703
2704 return result;
ac1970fb
AK		 2705}
2706
eb7eeb88
PB		 2707MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2708 uint8_t *buf, int len, bool is_write)
2709{
2710 if (is_write) {
2711 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2712 } else {
2713 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2714 }
2715}
ac1970fb 2716
a8170e5e 2717void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2718 int len, int is_write)
2719{
5c9eb028
PM		 2720 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2721 buf, len, is_write);
ac1970fb
AK		 2722}
2723
582b55a9
AG		 2724enum write_rom_type {
2725 WRITE_DATA,
2726 FLUSH_CACHE,
2727};
2728
2a221651 2729static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2730 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2731{
149f54b5 2732 hwaddr l;
d0ecd2aa 2733 uint8_t *ptr;
149f54b5 2734 hwaddr addr1;
5c8a00ce 2735 MemoryRegion *mr;
3b46e624 2736
41063e1e 2737 rcu_read_lock();
d0ecd2aa 2738 while (len > 0) {
149f54b5 2739 l = len;
2a221651 2740 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2741
5c8a00ce
PB		 2742 if (!(memory_region_is_ram(mr) ||
2743 memory_region_is_romd(mr))) {
b242e0e0 2744 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2745 } else {
5c8a00ce 2746 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2747 /* ROM/RAM case */
3655cb9c 2748 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2749 switch (type) {
2750 case WRITE_DATA:
2751 memcpy(ptr, buf, l);
845b6214 2752 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2753 break;
2754 case FLUSH_CACHE:
2755 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2756 break;
2757 }
d0ecd2aa
FB		 2758 }
2759 len -= l;
2760 buf += l;
2761 addr += l;
2762 }
41063e1e 2763 rcu_read_unlock();
d0ecd2aa
FB		 2764}
2765
582b55a9 2766/* used for ROM loading : can write in RAM and ROM */
2a221651 2767void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2768 const uint8_t *buf, int len)
2769{
2a221651 2770 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2771}
2772
2773void cpu_flush_icache_range(hwaddr start, int len)
2774{
2775 /*
2776 * This function should do the same thing as an icache flush that was
2777 * triggered from within the guest. For TCG we are always cache coherent,
2778 * so there is no need to flush anything. For KVM / Xen we need to flush
2779 * the host's instruction cache at least.
2780 */
2781 if (tcg_enabled()) {
2782 return;
2783 }
2784
2a221651
EI		 2785 cpu_physical_memory_write_rom_internal(&address_space_memory,
2786 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2787}
2788
6d16c2f8 2789typedef struct {
d3e71559 2790 MemoryRegion *mr;
6d16c2f8 2791 void *buffer;
a8170e5e
AK		 2792 hwaddr addr;
2793 hwaddr len;
c2cba0ff 2794 bool in_use;
6d16c2f8
AL		 2795} BounceBuffer;
2796
2797static BounceBuffer bounce;
2798
ba223c29 2799typedef struct MapClient {
e95205e1 2800 QEMUBH *bh;
72cf2d4f 2801 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2802} MapClient;
2803
38e047b5 2804QemuMutex map_client_list_lock;
72cf2d4f
BS		 2805static QLIST_HEAD(map_client_list, MapClient) map_client_list
2806 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2807
e95205e1
FZ		 2808static void cpu_unregister_map_client_do(MapClient *client)
2809{
2810 QLIST_REMOVE(client, link);
2811 g_free(client);
2812}
2813
33b6c2ed
FZ		 2814static void cpu_notify_map_clients_locked(void)
2815{
2816 MapClient *client;
2817
2818 while (!QLIST_EMPTY(&map_client_list)) {
2819 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2820 qemu_bh_schedule(client->bh);
2821 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2822 }
2823}
2824
e95205e1 2825void cpu_register_map_client(QEMUBH *bh)
ba223c29 2826{
7267c094 2827 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2828
38e047b5 2829 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2830 client->bh = bh;
72cf2d4f 2831 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2832 if (!atomic_read(&bounce.in_use)) {
2833 cpu_notify_map_clients_locked();
2834 }
38e047b5 2835 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2836}
2837
38e047b5 2838void cpu_exec_init_all(void)
ba223c29 2839{
38e047b5 2840 qemu_mutex_init(&ram_list.mutex);
38e047b5 2841 io_mem_init();
680a4783 2842 memory_map_init();
38e047b5 2843 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2844}
2845
e95205e1 2846void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2847{
2848 MapClient *client;
2849
e95205e1
FZ		 2850 qemu_mutex_lock(&map_client_list_lock);
2851 QLIST_FOREACH(client, &map_client_list, link) {
2852 if (client->bh == bh) {
2853 cpu_unregister_map_client_do(client);
2854 break;
2855 }
ba223c29 2856 }
e95205e1 2857 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2858}
2859
2860static void cpu_notify_map_clients(void)
2861{
38e047b5 2862 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2863 cpu_notify_map_clients_locked();
38e047b5 2864 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2865}
2866
51644ab7
PB		 2867bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2868{
5c8a00ce 2869 MemoryRegion *mr;
51644ab7
PB		 2870 hwaddr l, xlat;
2871
41063e1e 2872 rcu_read_lock();
51644ab7
PB		 2873 while (len > 0) {
2874 l = len;
5c8a00ce
PB		 2875 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2876 if (!memory_access_is_direct(mr, is_write)) {
2877 l = memory_access_size(mr, l, addr);
2878 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2879 return false;
2880 }
2881 }
2882
2883 len -= l;
2884 addr += l;
2885 }
41063e1e 2886 rcu_read_unlock();
51644ab7
PB		 2887 return true;
2888}
2889
6d16c2f8
AL		 2890/* Map a physical memory region into a host virtual address.
2891 * May map a subset of the requested range, given by and returned in *plen.
2892 * May return NULL if resources needed to perform the mapping are exhausted.
2893 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2894 * Use cpu_register_map_client() to know when retrying the map operation is
2895 * likely to succeed.
6d16c2f8 2896 */
ac1970fb 2897void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2898 hwaddr addr,
2899 hwaddr *plen,
ac1970fb 2900 bool is_write)
6d16c2f8 2901{
a8170e5e 2902 hwaddr len = *plen;
e3127ae0
PB		 2903 hwaddr done = 0;
2904 hwaddr l, xlat, base;
2905 MemoryRegion *mr, *this_mr;
2906 ram_addr_t raddr;
e81bcda5 2907 void *ptr;
6d16c2f8 2908
e3127ae0
PB		 2909 if (len == 0) {
2910 return NULL;
2911 }
38bee5dc 2912
e3127ae0 2913 l = len;
41063e1e 2914 rcu_read_lock();
e3127ae0 2915 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2916
e3127ae0 2917 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2918 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2919 rcu_read_unlock();
e3127ae0 2920 return NULL;
6d16c2f8 2921 }
e85d9db5
KW		 2922 /* Avoid unbounded allocations */
2923 l = MIN(l, TARGET_PAGE_SIZE);
2924 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2925 bounce.addr = addr;
2926 bounce.len = l;
d3e71559
PB		 2927
2928 memory_region_ref(mr);
2929 bounce.mr = mr;
e3127ae0 2930 if (!is_write) {
5c9eb028
PM		 2931 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2932 bounce.buffer, l);
8ab934f9 2933 }
6d16c2f8 2934
41063e1e 2935 rcu_read_unlock();
e3127ae0
PB		 2936 *plen = l;
2937 return bounce.buffer;
2938 }
2939
2940 base = xlat;
2941 raddr = memory_region_get_ram_addr(mr);
2942
2943 for (;;) {
6d16c2f8
AL		 2944 len -= l;
2945 addr += l;
e3127ae0
PB		 2946 done += l;
2947 if (len == 0) {
2948 break;
2949 }
2950
2951 l = len;
2952 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2953 if (this_mr != mr || xlat != base + done) {
2954 break;
2955 }
6d16c2f8 2956 }
e3127ae0 2957
d3e71559 2958 memory_region_ref(mr);
e3127ae0 2959 *plen = done;
3655cb9c 2960 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 2961 rcu_read_unlock();
2962
2963 return ptr;
6d16c2f8
AL		 2964}
2965
ac1970fb 2966/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2967 * Will also mark the memory as dirty if is_write == 1. access_len gives
2968 * the amount of memory that was actually read or written by the caller.
2969 */
a8170e5e
AK		 2970void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2971 int is_write, hwaddr access_len)
6d16c2f8
AL		 2972{
2973 if (buffer != bounce.buffer) {
d3e71559
PB		 2974 MemoryRegion *mr;
2975 ram_addr_t addr1;
2976
07bdaa41 2977 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2978 assert(mr != NULL);
07bdaa41 2979 addr1 += memory_region_get_ram_addr(mr);
6d16c2f8 2980 if (is_write) {
845b6214 2981 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2982 }
868bb33f 2983 if (xen_enabled()) {
e41d7c69 2984 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2985 }
d3e71559 2986 memory_region_unref(mr);
6d16c2f8
AL		 2987 return;
2988 }
2989 if (is_write) {
5c9eb028
PM		 2990 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2991 bounce.buffer, access_len);
6d16c2f8 2992 }
f8a83245 2993 qemu_vfree(bounce.buffer);
6d16c2f8 2994 bounce.buffer = NULL;
d3e71559 2995 memory_region_unref(bounce.mr);
c2cba0ff 2996 atomic_mb_set(&bounce.in_use, false);
ba223c29 2997 cpu_notify_map_clients();
6d16c2f8 2998}
d0ecd2aa 2999
a8170e5e
AK		 3000void *cpu_physical_memory_map(hwaddr addr,
3001 hwaddr *plen,
ac1970fb
AK		 3002 int is_write)
3003{
3004 return address_space_map(&address_space_memory, addr, plen, is_write);
3005}
3006
a8170e5e
AK		 3007void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3008 int is_write, hwaddr access_len)
ac1970fb
AK		 3009{
3010 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3011}
3012
8df1cd07 3013/* warning: addr must be aligned */
50013115
PM		 3014static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3015 MemTxAttrs attrs,
3016 MemTxResult *result,
3017 enum device_endian endian)
8df1cd07 3018{
8df1cd07 3019 uint8_t *ptr;
791af8c8 3020 uint64_t val;
5c8a00ce 3021 MemoryRegion *mr;
149f54b5
PB		 3022 hwaddr l = 4;
3023 hwaddr addr1;
50013115 3024 MemTxResult r;
4840f10e 3025 bool release_lock = false;
8df1cd07 3026
41063e1e 3027 rcu_read_lock();
fdfba1a2 3028 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3029 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3030 release_lock |= prepare_mmio_access(mr);
125b3806 3031
8df1cd07 3032 /* I/O case */
50013115 3033 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3034#if defined(TARGET_WORDS_BIGENDIAN)
3035 if (endian == DEVICE_LITTLE_ENDIAN) {
3036 val = bswap32(val);
3037 }
3038#else
3039 if (endian == DEVICE_BIG_ENDIAN) {
3040 val = bswap32(val);
3041 }
3042#endif
8df1cd07
FB		 3043 } else {
3044 /* RAM case */
3655cb9c 3045 ptr = qemu_get_ram_ptr(mr->ram_block,
e4e69794 3046 memory_region_get_ram_addr(mr) + addr1);
1e78bcc1
AG		 3047 switch (endian) {
3048 case DEVICE_LITTLE_ENDIAN:
3049 val = ldl_le_p(ptr);
3050 break;
3051 case DEVICE_BIG_ENDIAN:
3052 val = ldl_be_p(ptr);
3053 break;
3054 default:
3055 val = ldl_p(ptr);
3056 break;
3057 }
50013115
PM		 3058 r = MEMTX_OK;
3059 }
3060 if (result) {
3061 *result = r;
8df1cd07 3062 }
4840f10e
JK		 3063 if (release_lock) {
3064 qemu_mutex_unlock_iothread();
3065 }
41063e1e 3066 rcu_read_unlock();
8df1cd07
FB		 3067 return val;
3068}
3069
50013115
PM		 3070uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3071 MemTxAttrs attrs, MemTxResult *result)
3072{
3073 return address_space_ldl_internal(as, addr, attrs, result,
3074 DEVICE_NATIVE_ENDIAN);
3075}
3076
3077uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3078 MemTxAttrs attrs, MemTxResult *result)
3079{
3080 return address_space_ldl_internal(as, addr, attrs, result,
3081 DEVICE_LITTLE_ENDIAN);
3082}
3083
3084uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3085 MemTxAttrs attrs, MemTxResult *result)
3086{
3087 return address_space_ldl_internal(as, addr, attrs, result,
3088 DEVICE_BIG_ENDIAN);
3089}
3090
fdfba1a2 3091uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3092{
50013115 3093 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3094}
3095
fdfba1a2 3096uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3097{
50013115 3098 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3099}
3100
fdfba1a2 3101uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3102{
50013115 3103 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3104}
3105
84b7b8e7 3106/* warning: addr must be aligned */
50013115
PM		 3107static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3108 MemTxAttrs attrs,
3109 MemTxResult *result,
3110 enum device_endian endian)
84b7b8e7 3111{
84b7b8e7
FB		 3112 uint8_t *ptr;
3113 uint64_t val;
5c8a00ce 3114 MemoryRegion *mr;
149f54b5
PB		 3115 hwaddr l = 8;
3116 hwaddr addr1;
50013115 3117 MemTxResult r;
4840f10e 3118 bool release_lock = false;
84b7b8e7 3119
41063e1e 3120 rcu_read_lock();
2c17449b 3121 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3122 false);
3123 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3124 release_lock |= prepare_mmio_access(mr);
125b3806 3125
84b7b8e7 3126 /* I/O case */
50013115 3127 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3128#if defined(TARGET_WORDS_BIGENDIAN)
3129 if (endian == DEVICE_LITTLE_ENDIAN) {
3130 val = bswap64(val);
3131 }
3132#else
3133 if (endian == DEVICE_BIG_ENDIAN) {
3134 val = bswap64(val);
3135 }
84b7b8e7
FB		 3136#endif
3137 } else {
3138 /* RAM case */
3655cb9c 3139 ptr = qemu_get_ram_ptr(mr->ram_block,
e4e69794 3140 memory_region_get_ram_addr(mr) + addr1);
1e78bcc1
AG		 3141 switch (endian) {
3142 case DEVICE_LITTLE_ENDIAN:
3143 val = ldq_le_p(ptr);
3144 break;
3145 case DEVICE_BIG_ENDIAN:
3146 val = ldq_be_p(ptr);
3147 break;
3148 default:
3149 val = ldq_p(ptr);
3150 break;
3151 }
50013115
PM		 3152 r = MEMTX_OK;
3153 }
3154 if (result) {
3155 *result = r;
84b7b8e7 3156 }
4840f10e
JK		 3157 if (release_lock) {
3158 qemu_mutex_unlock_iothread();
3159 }
41063e1e 3160 rcu_read_unlock();
84b7b8e7
FB		 3161 return val;
3162}
3163
50013115
PM		 3164uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3165 MemTxAttrs attrs, MemTxResult *result)
3166{
3167 return address_space_ldq_internal(as, addr, attrs, result,
3168 DEVICE_NATIVE_ENDIAN);
3169}
3170
3171uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3172 MemTxAttrs attrs, MemTxResult *result)
3173{
3174 return address_space_ldq_internal(as, addr, attrs, result,
3175 DEVICE_LITTLE_ENDIAN);
3176}
3177
3178uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3179 MemTxAttrs attrs, MemTxResult *result)
3180{
3181 return address_space_ldq_internal(as, addr, attrs, result,
3182 DEVICE_BIG_ENDIAN);
3183}
3184
2c17449b 3185uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3186{
50013115 3187 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3188}
3189
2c17449b 3190uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3191{
50013115 3192 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3193}
3194
2c17449b 3195uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3196{
50013115 3197 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3198}
3199
aab33094 3200/* XXX: optimize */
50013115
PM		 3201uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3202 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3203{
3204 uint8_t val;
50013115
PM		 3205 MemTxResult r;
3206
3207 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3208 if (result) {
3209 *result = r;
3210 }
aab33094
FB		 3211 return val;
3212}
3213
50013115
PM		 3214uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3215{
3216 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3217}
3218
733f0b02 3219/* warning: addr must be aligned */
50013115
PM		 3220static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3221 hwaddr addr,
3222 MemTxAttrs attrs,
3223 MemTxResult *result,
3224 enum device_endian endian)
aab33094 3225{
733f0b02
MT		 3226 uint8_t *ptr;
3227 uint64_t val;
5c8a00ce 3228 MemoryRegion *mr;
149f54b5
PB		 3229 hwaddr l = 2;
3230 hwaddr addr1;
50013115 3231 MemTxResult r;
4840f10e 3232 bool release_lock = false;
733f0b02 3233
41063e1e 3234 rcu_read_lock();
41701aa4 3235 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3236 false);
3237 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3238 release_lock |= prepare_mmio_access(mr);
125b3806 3239
733f0b02 3240 /* I/O case */
50013115 3241 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3242#if defined(TARGET_WORDS_BIGENDIAN)
3243 if (endian == DEVICE_LITTLE_ENDIAN) {
3244 val = bswap16(val);
3245 }
3246#else
3247 if (endian == DEVICE_BIG_ENDIAN) {
3248 val = bswap16(val);
3249 }
3250#endif
733f0b02
MT		 3251 } else {
3252 /* RAM case */
3655cb9c 3253 ptr = qemu_get_ram_ptr(mr->ram_block,
e4e69794 3254 memory_region_get_ram_addr(mr) + addr1);
1e78bcc1
AG		 3255 switch (endian) {
3256 case DEVICE_LITTLE_ENDIAN:
3257 val = lduw_le_p(ptr);
3258 break;
3259 case DEVICE_BIG_ENDIAN:
3260 val = lduw_be_p(ptr);
3261 break;
3262 default:
3263 val = lduw_p(ptr);
3264 break;
3265 }
50013115
PM		 3266 r = MEMTX_OK;
3267 }
3268 if (result) {
3269 *result = r;
733f0b02 3270 }
4840f10e
JK		 3271 if (release_lock) {
3272 qemu_mutex_unlock_iothread();
3273 }
41063e1e 3274 rcu_read_unlock();
733f0b02 3275 return val;
aab33094
FB		 3276}
3277
50013115
PM		 3278uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3279 MemTxAttrs attrs, MemTxResult *result)
3280{
3281 return address_space_lduw_internal(as, addr, attrs, result,
3282 DEVICE_NATIVE_ENDIAN);
3283}
3284
3285uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3286 MemTxAttrs attrs, MemTxResult *result)
3287{
3288 return address_space_lduw_internal(as, addr, attrs, result,
3289 DEVICE_LITTLE_ENDIAN);
3290}
3291
3292uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3293 MemTxAttrs attrs, MemTxResult *result)
3294{
3295 return address_space_lduw_internal(as, addr, attrs, result,
3296 DEVICE_BIG_ENDIAN);
3297}
3298
41701aa4 3299uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3300{
50013115 3301 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3302}
3303
41701aa4 3304uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3305{
50013115 3306 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3307}
3308
41701aa4 3309uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3310{
50013115 3311 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3312}
3313
8df1cd07
FB		 3314/* warning: addr must be aligned. The ram page is not masked as dirty
3315 and the code inside is not invalidated. It is useful if the dirty
3316 bits are used to track modified PTEs */
50013115
PM		 3317void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3318 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3319{
8df1cd07 3320 uint8_t *ptr;
5c8a00ce 3321 MemoryRegion *mr;
149f54b5
PB		 3322 hwaddr l = 4;
3323 hwaddr addr1;
50013115 3324 MemTxResult r;
845b6214 3325 uint8_t dirty_log_mask;
4840f10e 3326 bool release_lock = false;
8df1cd07 3327
41063e1e 3328 rcu_read_lock();
2198a121 3329 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3330 true);
3331 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3332 release_lock |= prepare_mmio_access(mr);
125b3806 3333
50013115 3334 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3335 } else {
e4e69794 3336 addr1 += memory_region_get_ram_addr(mr);
3655cb9c 3337 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3338 stl_p(ptr, val);
74576198 3339
845b6214
PB		 3340 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3341 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3342 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3343 r = MEMTX_OK;
3344 }
3345 if (result) {
3346 *result = r;
8df1cd07 3347 }
4840f10e
JK		 3348 if (release_lock) {
3349 qemu_mutex_unlock_iothread();
3350 }
41063e1e 3351 rcu_read_unlock();
8df1cd07
FB		 3352}
3353
50013115
PM		 3354void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3355{
3356 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3357}
3358
8df1cd07 3359/* warning: addr must be aligned */
50013115
PM		 3360static inline void address_space_stl_internal(AddressSpace *as,
3361 hwaddr addr, uint32_t val,
3362 MemTxAttrs attrs,
3363 MemTxResult *result,
3364 enum device_endian endian)
8df1cd07 3365{
8df1cd07 3366 uint8_t *ptr;
5c8a00ce 3367 MemoryRegion *mr;
149f54b5
PB		 3368 hwaddr l = 4;
3369 hwaddr addr1;
50013115 3370 MemTxResult r;
4840f10e 3371 bool release_lock = false;
8df1cd07 3372
41063e1e 3373 rcu_read_lock();
ab1da857 3374 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3375 true);
3376 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3377 release_lock |= prepare_mmio_access(mr);
125b3806 3378
1e78bcc1
AG		 3379#if defined(TARGET_WORDS_BIGENDIAN)
3380 if (endian == DEVICE_LITTLE_ENDIAN) {
3381 val = bswap32(val);
3382 }
3383#else
3384 if (endian == DEVICE_BIG_ENDIAN) {
3385 val = bswap32(val);
3386 }
3387#endif
50013115 3388 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3389 } else {
8df1cd07 3390 /* RAM case */
e4e69794 3391 addr1 += memory_region_get_ram_addr(mr);
3655cb9c 3392 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3393 switch (endian) {
3394 case DEVICE_LITTLE_ENDIAN:
3395 stl_le_p(ptr, val);
3396 break;
3397 case DEVICE_BIG_ENDIAN:
3398 stl_be_p(ptr, val);
3399 break;
3400 default:
3401 stl_p(ptr, val);
3402 break;
3403 }
845b6214 3404 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3405 r = MEMTX_OK;
3406 }
3407 if (result) {
3408 *result = r;
8df1cd07 3409 }
4840f10e
JK		 3410 if (release_lock) {
3411 qemu_mutex_unlock_iothread();
3412 }
41063e1e 3413 rcu_read_unlock();
8df1cd07
FB		 3414}
3415
50013115
PM		 3416void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3417 MemTxAttrs attrs, MemTxResult *result)
3418{
3419 address_space_stl_internal(as, addr, val, attrs, result,
3420 DEVICE_NATIVE_ENDIAN);
3421}
3422
3423void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3424 MemTxAttrs attrs, MemTxResult *result)
3425{
3426 address_space_stl_internal(as, addr, val, attrs, result,
3427 DEVICE_LITTLE_ENDIAN);
3428}
3429
3430void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3431 MemTxAttrs attrs, MemTxResult *result)
3432{
3433 address_space_stl_internal(as, addr, val, attrs, result,
3434 DEVICE_BIG_ENDIAN);
3435}
3436
ab1da857 3437void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3438{
50013115 3439 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3440}
3441
ab1da857 3442void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3443{
50013115 3444 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3445}
3446
ab1da857 3447void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3448{
50013115 3449 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3450}
3451
aab33094 3452/* XXX: optimize */
50013115
PM		 3453void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3454 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3455{
3456 uint8_t v = val;
50013115
PM		 3457 MemTxResult r;
3458
3459 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3460 if (result) {
3461 *result = r;
3462 }
3463}
3464
3465void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3466{
3467 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3468}
3469
733f0b02 3470/* warning: addr must be aligned */
50013115
PM		 3471static inline void address_space_stw_internal(AddressSpace *as,
3472 hwaddr addr, uint32_t val,
3473 MemTxAttrs attrs,
3474 MemTxResult *result,
3475 enum device_endian endian)
aab33094 3476{
733f0b02 3477 uint8_t *ptr;
5c8a00ce 3478 MemoryRegion *mr;
149f54b5
PB		 3479 hwaddr l = 2;
3480 hwaddr addr1;
50013115 3481 MemTxResult r;
4840f10e 3482 bool release_lock = false;
733f0b02 3483
41063e1e 3484 rcu_read_lock();
5ce5944d 3485 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3486 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3487 release_lock |= prepare_mmio_access(mr);
125b3806 3488
1e78bcc1
AG		 3489#if defined(TARGET_WORDS_BIGENDIAN)
3490 if (endian == DEVICE_LITTLE_ENDIAN) {
3491 val = bswap16(val);
3492 }
3493#else
3494 if (endian == DEVICE_BIG_ENDIAN) {
3495 val = bswap16(val);
3496 }
3497#endif
50013115 3498 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3499 } else {
733f0b02 3500 /* RAM case */
e4e69794 3501 addr1 += memory_region_get_ram_addr(mr);
3655cb9c 3502 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3503 switch (endian) {
3504 case DEVICE_LITTLE_ENDIAN:
3505 stw_le_p(ptr, val);
3506 break;
3507 case DEVICE_BIG_ENDIAN:
3508 stw_be_p(ptr, val);
3509 break;
3510 default:
3511 stw_p(ptr, val);
3512 break;
3513 }
845b6214 3514 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3515 r = MEMTX_OK;
3516 }
3517 if (result) {
3518 *result = r;
733f0b02 3519 }
4840f10e
JK		 3520 if (release_lock) {
3521 qemu_mutex_unlock_iothread();
3522 }
41063e1e 3523 rcu_read_unlock();
aab33094
FB		 3524}
3525
50013115
PM		 3526void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3527 MemTxAttrs attrs, MemTxResult *result)
3528{
3529 address_space_stw_internal(as, addr, val, attrs, result,
3530 DEVICE_NATIVE_ENDIAN);
3531}
3532
3533void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3534 MemTxAttrs attrs, MemTxResult *result)
3535{
3536 address_space_stw_internal(as, addr, val, attrs, result,
3537 DEVICE_LITTLE_ENDIAN);
3538}
3539
3540void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3541 MemTxAttrs attrs, MemTxResult *result)
3542{
3543 address_space_stw_internal(as, addr, val, attrs, result,
3544 DEVICE_BIG_ENDIAN);
3545}
3546
5ce5944d 3547void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3548{
50013115 3549 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3550}
3551
5ce5944d 3552void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3553{
50013115 3554 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3555}
3556
5ce5944d 3557void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3558{
50013115 3559 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3560}
3561
aab33094 3562/* XXX: optimize */
50013115
PM		 3563void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3564 MemTxAttrs attrs, MemTxResult *result)
aab33094 3565{
50013115 3566 MemTxResult r;
aab33094 3567 val = tswap64(val);
50013115
PM		 3568 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3569 if (result) {
3570 *result = r;
3571 }
aab33094
FB		 3572}
3573
50013115
PM		 3574void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3575 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3576{
50013115 3577 MemTxResult r;
1e78bcc1 3578 val = cpu_to_le64(val);
50013115
PM		 3579 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3580 if (result) {
3581 *result = r;
3582 }
3583}
3584void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3585 MemTxAttrs attrs, MemTxResult *result)
3586{
3587 MemTxResult r;
3588 val = cpu_to_be64(val);
3589 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3590 if (result) {
3591 *result = r;
3592 }
3593}
3594
3595void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3596{
3597 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3598}
3599
3600void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3601{
3602 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3603}
3604
f606604f 3605void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3606{
50013115 3607 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3608}
3609
5e2972fd 3610/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3611int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3612 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3613{
3614 int l;
a8170e5e 3615 hwaddr phys_addr;
9b3c35e0 3616 target_ulong page;
13eb76e0
FB		 3617
3618 while (len > 0) {
5232e4c7
PM		 3619 int asidx;
3620 MemTxAttrs attrs;
3621
13eb76e0 3622 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3623 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3624 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3625 /* if no physical page mapped, return an error */
3626 if (phys_addr == -1)
3627 return -1;
3628 l = (page + TARGET_PAGE_SIZE) - addr;
3629 if (l > len)
3630 l = len;
5e2972fd 3631 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3632 if (is_write) {
5232e4c7
PM		 3633 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3634 phys_addr, buf, l);
2e38847b 3635 } else {
5232e4c7
PM		 3636 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3637 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3638 buf, l, 0);
2e38847b 3639 }
13eb76e0
FB		 3640 len -= l;
3641 buf += l;
3642 addr += l;
3643 }
3644 return 0;
3645}
038629a6
DDAG		 3646
3647/*
3648 * Allows code that needs to deal with migration bitmaps etc to still be built
3649 * target independent.
3650 */
3651size_t qemu_target_page_bits(void)
3652{
3653 return TARGET_PAGE_BITS;
3654}
3655
a68fe89c 3656#endif
13eb76e0 3657
8e4a424b
BS		 3658/*
3659 * A helper function for the _utterly broken_ virtio device model to find out if
3660 * it's running on a big endian machine. Don't do this at home kids!
3661 */
98ed8ecf
GK		 3662bool target_words_bigendian(void);
3663bool target_words_bigendian(void)
8e4a424b
BS		 3664{
3665#if defined(TARGET_WORDS_BIGENDIAN)
3666 return true;
3667#else
3668 return false;
3669#endif
3670}
3671
76f35538 3672#ifndef CONFIG_USER_ONLY
a8170e5e 3673bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3674{
5c8a00ce 3675 MemoryRegion*mr;
149f54b5 3676 hwaddr l = 1;
41063e1e 3677 bool res;
76f35538 3678
41063e1e 3679 rcu_read_lock();
5c8a00ce
PB		 3680 mr = address_space_translate(&address_space_memory,
3681 phys_addr, &phys_addr, &l, false);
76f35538 3682
41063e1e
PB		 3683 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3684 rcu_read_unlock();
3685 return res;
76f35538 3686}
bd2fa51f 3687
e3807054 3688int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3689{
3690 RAMBlock *block;
e3807054 3691 int ret = 0;
bd2fa51f 3692
0dc3f44a
MD		 3693 rcu_read_lock();
3694 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3695 ret = func(block->idstr, block->host, block->offset,
3696 block->used_length, opaque);
3697 if (ret) {
3698 break;
3699 }
bd2fa51f 3700 }
0dc3f44a 3701 rcu_read_unlock();
e3807054 3702 return ret;
bd2fa51f 3703}
ec3f8c99 3704#endif
Mirror of https://git.qemu.org/git/qemu.git