]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: export memory_region_access_valid to exec.c
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
1de7afc9 32#include "qemu/osdep.h"
9c17d615 33#include "sysemu/kvm.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
022c62cb 37#include "exec/memory.h"
9c17d615 38#include "sysemu/dma.h"
022c62cb 39#include "exec/address-spaces.h"
53a5960a
PB		 40#if defined(CONFIG_USER_ONLY)
41#include <qemu.h>
432d268c 42#else /* !CONFIG_USER_ONLY */
9c17d615 43#include "sysemu/xen-mapcache.h"
6506e4f9 44#include "trace.h"
53a5960a 45#endif
0d6d3c87 46#include "exec/cpu-all.h"
54936004 47
022c62cb 48#include "exec/cputlb.h"
5b6dd868 49#include "translate-all.h"
0cac1b66 50
022c62cb 51#include "exec/memory-internal.h"
67d95c15 52
db7b5426 53//#define DEBUG_SUBPAGE
1196be37 54
e2eef170 55#if !defined(CONFIG_USER_ONLY)
9fa3e853 56int phys_ram_fd;
74576198 57static int in_migration;
94a6b54f 58
a3161038 59RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 60
61static MemoryRegion *system_memory;
309cb471 62static MemoryRegion *system_io;
62152b8a 63
f6790af6
AK		 64AddressSpace address_space_io;
65AddressSpace address_space_memory;
9e11908f 66DMAContext dma_context_memory;
2673a5da 67
0844e007
PB		 68MemoryRegion io_mem_rom, io_mem_notdirty;
69static MemoryRegion io_mem_unassigned, io_mem_subpage_ram;
0e0df1e2 70
e2eef170 71#endif
9fa3e853 72
9349b4f9 73CPUArchState *first_cpu;
6a00d601
FB		 74/* current CPU in the current thread. It is only valid inside
75 cpu_exec() */
9349b4f9 76DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 77/* 0 = Do not count executed instructions.
bf20dc07 78 1 = Precise instruction counting.
2e70f6ef 79 2 = Adaptive rate instruction counting. */
5708fc66 80int use_icount;
6a00d601 81
e2eef170 82#if !defined(CONFIG_USER_ONLY)
4346ae3e 83
5312bd8b
AK		 84static MemoryRegionSection *phys_sections;
85static unsigned phys_sections_nb, phys_sections_nb_alloc;
86static uint16_t phys_section_unassigned;
aa102231
AK		 87static uint16_t phys_section_notdirty;
88static uint16_t phys_section_rom;
89static uint16_t phys_section_watch;
5312bd8b 90
d6f2ea22
AK		 91/* Simple allocator for PhysPageEntry nodes */
92static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
93static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
94
07f07b31 95#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 96
e2eef170 97static void io_mem_init(void);
62152b8a 98static void memory_map_init(void);
8b9c99d9 99static void *qemu_safe_ram_ptr(ram_addr_t addr);
e2eef170 100
1ec9b909 101static MemoryRegion io_mem_watch;
6658ffb8 102#endif
fd6ce8f6 103
6d9a1304 104#if !defined(CONFIG_USER_ONLY)
d6f2ea22 105
f7bf5461 106static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 107{
f7bf5461 108 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 109 typedef PhysPageEntry Node[L2_SIZE];
110 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
112 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 113 phys_map_nodes = g_renew(Node, phys_map_nodes,
114 phys_map_nodes_nb_alloc);
115 }
f7bf5461
AK		 116}
117
118static uint16_t phys_map_node_alloc(void)
119{
120 unsigned i;
121 uint16_t ret;
122
123 ret = phys_map_nodes_nb++;
124 assert(ret != PHYS_MAP_NODE_NIL);
125 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 126 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 127 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 128 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 129 }
f7bf5461 130 return ret;
d6f2ea22
AK		 131}
132
133static void phys_map_nodes_reset(void)
134{
135 phys_map_nodes_nb = 0;
136}
137
92e873b9 138
a8170e5e
AK		 139static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
140 hwaddr *nb, uint16_t leaf,
2999097b 141 int level)
f7bf5461
AK		 142{
143 PhysPageEntry *p;
144 int i;
a8170e5e 145 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 146
07f07b31 147 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 148 lp->ptr = phys_map_node_alloc();
149 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 150 if (level == 0) {
151 for (i = 0; i < L2_SIZE; i++) {
07f07b31 152 p[i].is_leaf = 1;
c19e8800 153 p[i].ptr = phys_section_unassigned;
4346ae3e 154 }
67c4d23c 155 }
f7bf5461 156 } else {
c19e8800 157 p = phys_map_nodes[lp->ptr];
92e873b9 158 }
2999097b 159 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 160
2999097b 161 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 162 if ((*index & (step - 1)) == 0 && *nb >= step) {
163 lp->is_leaf = true;
c19e8800 164 lp->ptr = leaf;
07f07b31
AK		 165 *index += step;
166 *nb -= step;
2999097b
AK		 167 } else {
168 phys_page_set_level(lp, index, nb, leaf, level - 1);
169 }
170 ++lp;
f7bf5461
AK		 171 }
172}
173
ac1970fb 174static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 175 hwaddr index, hwaddr nb,
2999097b 176 uint16_t leaf)
f7bf5461 177{
2999097b 178 /* Wildly overreserve - it doesn't matter much. */
07f07b31 179 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 180
ac1970fb 181 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 182}
183
149f54b5 184static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 185{
ac1970fb 186 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 187 PhysPageEntry *p;
188 int i;
f1f6e3b8 189
07f07b31 190 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 191 if (lp.ptr == PHYS_MAP_NODE_NIL) {
fd298934 192 return &phys_sections[phys_section_unassigned];
31ab2b4a 193 }
c19e8800 194 p = phys_map_nodes[lp.ptr];
31ab2b4a 195 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 196 }
fd298934 197 return &phys_sections[lp.ptr];
f3705d53
AK		 198}
199
e5548617
BS		 200bool memory_region_is_unassigned(MemoryRegion *mr)
201{
2a8e7499 202 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 203 && mr != &io_mem_watch;
fd6ce8f6 204}
149f54b5
PB		 205
206MemoryRegionSection *address_space_translate(AddressSpace *as, hwaddr addr,
207 hwaddr *xlat, hwaddr *plen,
208 bool is_write)
209{
210 MemoryRegionSection *section;
211 Int128 diff;
212
213 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
214 /* Compute offset within MemoryRegionSection */
215 addr -= section->offset_within_address_space;
216
217 /* Compute offset within MemoryRegion */
218 *xlat = addr + section->offset_within_region;
219
220 diff = int128_sub(section->mr->size, int128_make64(addr));
221 *plen = MIN(int128_get64(diff), *plen);
222 return section;
223}
5b6dd868 224#endif
fd6ce8f6 225
5b6dd868 226void cpu_exec_init_all(void)
fdbb84d1 227{
5b6dd868 228#if !defined(CONFIG_USER_ONLY)
b2a8658e 229 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 230 memory_map_init();
231 io_mem_init();
fdbb84d1 232#endif
5b6dd868 233}
fdbb84d1 234
b170fce3 235#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 236
237static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 238{
259186a7 239 CPUState *cpu = opaque;
a513fe19 240
5b6dd868
BS		 241 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
242 version_id is increased. */
259186a7
AF		 243 cpu->interrupt_request &= ~0x01;
244 tlb_flush(cpu->env_ptr, 1);
5b6dd868
BS		 245
246 return 0;
a513fe19 247}
7501267e 248
5b6dd868
BS		 249static const VMStateDescription vmstate_cpu_common = {
250 .name = "cpu_common",
251 .version_id = 1,
252 .minimum_version_id = 1,
253 .minimum_version_id_old = 1,
254 .post_load = cpu_common_post_load,
255 .fields = (VMStateField []) {
259186a7
AF		 256 VMSTATE_UINT32(halted, CPUState),
257 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868
BS		 258 VMSTATE_END_OF_LIST()
259 }
260};
b170fce3
AF		 261#else
262#define vmstate_cpu_common vmstate_dummy
5b6dd868 263#endif
ea041c0e 264
38d8f5c8 265CPUState *qemu_get_cpu(int index)
ea041c0e 266{
5b6dd868 267 CPUArchState *env = first_cpu;
38d8f5c8 268 CPUState *cpu = NULL;
ea041c0e 269
5b6dd868 270 while (env) {
55e5c285
AF		 271 cpu = ENV_GET_CPU(env);
272 if (cpu->cpu_index == index) {
5b6dd868 273 break;
55e5c285 274 }
5b6dd868 275 env = env->next_cpu;
ea041c0e 276 }
5b6dd868 277
d76fddae 278 return env ? cpu : NULL;
ea041c0e
FB		 279}
280
d6b9e0d6
MT		 281void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
282{
283 CPUArchState *env = first_cpu;
284
285 while (env) {
286 func(ENV_GET_CPU(env), data);
287 env = env->next_cpu;
288 }
289}
290
5b6dd868 291void cpu_exec_init(CPUArchState *env)
ea041c0e 292{
5b6dd868 293 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 294 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868
BS		 295 CPUArchState **penv;
296 int cpu_index;
297
298#if defined(CONFIG_USER_ONLY)
299 cpu_list_lock();
300#endif
301 env->next_cpu = NULL;
302 penv = &first_cpu;
303 cpu_index = 0;
304 while (*penv != NULL) {
305 penv = &(*penv)->next_cpu;
306 cpu_index++;
307 }
55e5c285 308 cpu->cpu_index = cpu_index;
1b1ed8dc 309 cpu->numa_node = 0;
5b6dd868
BS		 310 QTAILQ_INIT(&env->breakpoints);
311 QTAILQ_INIT(&env->watchpoints);
312#ifndef CONFIG_USER_ONLY
313 cpu->thread_id = qemu_get_thread_id();
314#endif
315 *penv = env;
316#if defined(CONFIG_USER_ONLY)
317 cpu_list_unlock();
318#endif
259186a7 319 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
5b6dd868 320#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 321 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
322 cpu_save, cpu_load, env);
b170fce3 323 assert(cc->vmsd == NULL);
5b6dd868 324#endif
b170fce3
AF		 325 if (cc->vmsd != NULL) {
326 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
327 }
ea041c0e
FB		 328}
329
1fddef4b 330#if defined(TARGET_HAS_ICE)
94df27fd 331#if defined(CONFIG_USER_ONLY)
9349b4f9 332static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 333{
334 tb_invalidate_phys_page_range(pc, pc + 1, 0);
335}
336#else
1e7855a5
MF		 337static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
338{
9d70c4b7
MF		 339 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
340 (pc & ~TARGET_PAGE_MASK));
1e7855a5 341}
c27004ec 342#endif
94df27fd 343#endif /* TARGET_HAS_ICE */
d720b93d 344
c527ee8f 345#if defined(CONFIG_USER_ONLY)
9349b4f9 346void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 347
348{
349}
350
9349b4f9 351int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 352 int flags, CPUWatchpoint **watchpoint)
353{
354 return -ENOSYS;
355}
356#else
6658ffb8 357/* Add a watchpoint. */
9349b4f9 358int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 359 int flags, CPUWatchpoint **watchpoint)
6658ffb8 360{
b4051334 361 target_ulong len_mask = ~(len - 1);
c0ce998e 362 CPUWatchpoint *wp;
6658ffb8 363
b4051334 364 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 365 if ((len & (len - 1)) || (addr & ~len_mask) ||
366 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 367 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
368 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
369 return -EINVAL;
370 }
7267c094 371 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 372
373 wp->vaddr = addr;
b4051334 374 wp->len_mask = len_mask;
a1d1bb31
AL		 375 wp->flags = flags;
376
2dc9f411 377 /* keep all GDB-injected watchpoints in front */
c0ce998e 378 if (flags & BP_GDB)
72cf2d4f 379 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 380 else
72cf2d4f 381 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 382
6658ffb8 383 tlb_flush_page(env, addr);
a1d1bb31
AL		 384
385 if (watchpoint)
386 *watchpoint = wp;
387 return 0;
6658ffb8
PB		 388}
389
a1d1bb31 390/* Remove a specific watchpoint. */
9349b4f9 391int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 392 int flags)
6658ffb8 393{
b4051334 394 target_ulong len_mask = ~(len - 1);
a1d1bb31 395 CPUWatchpoint *wp;
6658ffb8 396
72cf2d4f 397 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 398 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 399 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 400 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 401 return 0;
402 }
403 }
a1d1bb31 404 return -ENOENT;
6658ffb8
PB		 405}
406
a1d1bb31 407/* Remove a specific watchpoint by reference. */
9349b4f9 408void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 409{
72cf2d4f 410 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 411
a1d1bb31
AL		 412 tlb_flush_page(env, watchpoint->vaddr);
413
7267c094 414 g_free(watchpoint);
a1d1bb31
AL		 415}
416
417/* Remove all matching watchpoints. */
9349b4f9 418void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 419{
c0ce998e 420 CPUWatchpoint *wp, *next;
a1d1bb31 421
72cf2d4f 422 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 423 if (wp->flags & mask)
424 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 425 }
7d03f82f 426}
c527ee8f 427#endif
7d03f82f 428
a1d1bb31 429/* Add a breakpoint. */
9349b4f9 430int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 431 CPUBreakpoint **breakpoint)
4c3a88a2 432{
1fddef4b 433#if defined(TARGET_HAS_ICE)
c0ce998e 434 CPUBreakpoint *bp;
3b46e624 435
7267c094 436 bp = g_malloc(sizeof(*bp));
4c3a88a2 437
a1d1bb31
AL		 438 bp->pc = pc;
439 bp->flags = flags;
440
2dc9f411 441 /* keep all GDB-injected breakpoints in front */
c0ce998e 442 if (flags & BP_GDB)
72cf2d4f 443 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 444 else
72cf2d4f 445 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 446
d720b93d 447 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 448
449 if (breakpoint)
450 *breakpoint = bp;
4c3a88a2
FB		 451 return 0;
452#else
a1d1bb31 453 return -ENOSYS;
4c3a88a2
FB		 454#endif
455}
456
a1d1bb31 457/* Remove a specific breakpoint. */
9349b4f9 458int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 459{
7d03f82f 460#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 461 CPUBreakpoint *bp;
462
72cf2d4f 463 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 464 if (bp->pc == pc && bp->flags == flags) {
465 cpu_breakpoint_remove_by_ref(env, bp);
466 return 0;
467 }
7d03f82f 468 }
a1d1bb31
AL		 469 return -ENOENT;
470#else
471 return -ENOSYS;
7d03f82f
EI		 472#endif
473}
474
a1d1bb31 475/* Remove a specific breakpoint by reference. */
9349b4f9 476void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 477{
1fddef4b 478#if defined(TARGET_HAS_ICE)
72cf2d4f 479 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 480
a1d1bb31
AL		 481 breakpoint_invalidate(env, breakpoint->pc);
482
7267c094 483 g_free(breakpoint);
a1d1bb31
AL		 484#endif
485}
486
487/* Remove all matching breakpoints. */
9349b4f9 488void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 489{
490#if defined(TARGET_HAS_ICE)
c0ce998e 491 CPUBreakpoint *bp, *next;
a1d1bb31 492
72cf2d4f 493 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 494 if (bp->flags & mask)
495 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 496 }
4c3a88a2
FB		 497#endif
498}
499
c33a346e
FB		 500/* enable or disable single step mode. EXCP_DEBUG is returned by the
501 CPU loop after each instruction */
9349b4f9 502void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 503{
1fddef4b 504#if defined(TARGET_HAS_ICE)
c33a346e
FB		 505 if (env->singlestep_enabled != enabled) {
506 env->singlestep_enabled = enabled;
e22a25c9
AL		 507 if (kvm_enabled())
508 kvm_update_guest_debug(env, 0);
509 else {
ccbb4d44 510 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 511 /* XXX: only flush what is necessary */
512 tb_flush(env);
513 }
c33a346e
FB		 514 }
515#endif
516}
517
9349b4f9 518void cpu_exit(CPUArchState *env)
3098dba0 519{
fcd7d003
AF		 520 CPUState *cpu = ENV_GET_CPU(env);
521
522 cpu->exit_request = 1;
378df4b2 523 cpu->tcg_exit_req = 1;
3098dba0
AJ		 524}
525
9349b4f9 526void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 527{
528 va_list ap;
493ae1f0 529 va_list ap2;
7501267e
FB		 530
531 va_start(ap, fmt);
493ae1f0 532 va_copy(ap2, ap);
7501267e
FB		 533 fprintf(stderr, "qemu: fatal: ");
534 vfprintf(stderr, fmt, ap);
535 fprintf(stderr, "\n");
6fd2a026 536 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 537 if (qemu_log_enabled()) {
538 qemu_log("qemu: fatal: ");
539 qemu_log_vprintf(fmt, ap2);
540 qemu_log("\n");
6fd2a026 541 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 542 qemu_log_flush();
93fcfe39 543 qemu_log_close();
924edcae 544 }
493ae1f0 545 va_end(ap2);
f9373291 546 va_end(ap);
fd052bf6
RV		 547#if defined(CONFIG_USER_ONLY)
548 {
549 struct sigaction act;
550 sigfillset(&act.sa_mask);
551 act.sa_handler = SIG_DFL;
552 sigaction(SIGABRT, &act, NULL);
553 }
554#endif
7501267e
FB		 555 abort();
556}
557
9349b4f9 558CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 559{
9349b4f9
AF		 560 CPUArchState *new_env = cpu_init(env->cpu_model_str);
561 CPUArchState *next_cpu = new_env->next_cpu;
5a38f081
AL		 562#if defined(TARGET_HAS_ICE)
563 CPUBreakpoint *bp;
564 CPUWatchpoint *wp;
565#endif
566
9349b4f9 567 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081 568
55e5c285 569 /* Preserve chaining. */
c5be9f08 570 new_env->next_cpu = next_cpu;
5a38f081
AL		 571
572 /* Clone all break/watchpoints.
573 Note: Once we support ptrace with hw-debug register access, make sure
574 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 575 QTAILQ_INIT(&env->breakpoints);
576 QTAILQ_INIT(&env->watchpoints);
5a38f081 577#if defined(TARGET_HAS_ICE)
72cf2d4f 578 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 579 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
580 }
72cf2d4f 581 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 582 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
583 wp->flags, NULL);
584 }
585#endif
586
c5be9f08
TS		 587 return new_env;
588}
589
0124311e 590#if !defined(CONFIG_USER_ONLY)
d24981d3
JQ		 591static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
592 uintptr_t length)
593{
594 uintptr_t start1;
595
596 /* we modify the TLB cache so that the dirty bit will be set again
597 when accessing the range */
598 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
599 /* Check that we don't span multiple blocks - this breaks the
600 address comparisons below. */
601 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
602 != (end - 1) - start) {
603 abort();
604 }
605 cpu_tlb_reset_dirty_all(start1, length);
606
607}
608
5579c7f3 609/* Note: start and end must be within the same ram block. */
c227f099 610void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 611 int dirty_flags)
1ccde1cb 612{
d24981d3 613 uintptr_t length;
1ccde1cb
FB		 614
615 start &= TARGET_PAGE_MASK;
616 end = TARGET_PAGE_ALIGN(end);
617
618 length = end - start;
619 if (length == 0)
620 return;
f7c11b53 621 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 622
d24981d3
JQ		 623 if (tcg_enabled()) {
624 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 625 }
1ccde1cb
FB		 626}
627
8b9c99d9 628static int cpu_physical_memory_set_dirty_tracking(int enable)
74576198 629{
f6f3fbca 630 int ret = 0;
74576198 631 in_migration = enable;
f6f3fbca 632 return ret;
74576198
AL		 633}
634
a8170e5e 635hwaddr memory_region_section_get_iotlb(CPUArchState *env,
149f54b5
PB		 636 MemoryRegionSection *section,
637 target_ulong vaddr,
638 hwaddr paddr, hwaddr xlat,
639 int prot,
640 target_ulong *address)
e5548617 641{
a8170e5e 642 hwaddr iotlb;
e5548617
BS		 643 CPUWatchpoint *wp;
644
cc5bea60 645 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 646 /* Normal RAM. */
647 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 648 + xlat;
e5548617
BS		 649 if (!section->readonly) {
650 iotlb |= phys_section_notdirty;
651 } else {
652 iotlb |= phys_section_rom;
653 }
654 } else {
e5548617 655 iotlb = section - phys_sections;
149f54b5 656 iotlb += xlat;
e5548617
BS		 657 }
658
659 /* Make accesses to pages with watchpoints go via the
660 watchpoint trap routines. */
661 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
662 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
663 /* Avoid trapping reads of pages with a write breakpoint. */
664 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
665 iotlb = phys_section_watch + paddr;
666 *address |= TLB_MMIO;
667 break;
668 }
669 }
670 }
671
672 return iotlb;
673}
9fa3e853
FB		 674#endif /* defined(CONFIG_USER_ONLY) */
675
e2eef170 676#if !defined(CONFIG_USER_ONLY)
8da3ff18 677
c04b2b78
PB		 678#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
679typedef struct subpage_t {
70c68e44 680 MemoryRegion iomem;
a8170e5e 681 hwaddr base;
5312bd8b 682 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 683} subpage_t;
684
c227f099 685static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 686 uint16_t section);
a8170e5e 687static subpage_t *subpage_init(hwaddr base);
5312bd8b 688static void destroy_page_desc(uint16_t section_index)
54688b1e 689{
5312bd8b
AK		 690 MemoryRegionSection *section = &phys_sections[section_index];
691 MemoryRegion *mr = section->mr;
54688b1e
AK		 692
693 if (mr->subpage) {
694 subpage_t *subpage = container_of(mr, subpage_t, iomem);
695 memory_region_destroy(&subpage->iomem);
696 g_free(subpage);
697 }
698}
699
4346ae3e 700static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 701{
702 unsigned i;
d6f2ea22 703 PhysPageEntry *p;
54688b1e 704
c19e8800 705 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 706 return;
707 }
708
c19e8800 709 p = phys_map_nodes[lp->ptr];
4346ae3e 710 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 711 if (!p[i].is_leaf) {
54688b1e 712 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 713 } else {
c19e8800 714 destroy_page_desc(p[i].ptr);
54688b1e 715 }
54688b1e 716 }
07f07b31 717 lp->is_leaf = 0;
c19e8800 718 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 719}
720
ac1970fb 721static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 722{
ac1970fb 723 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 724 phys_map_nodes_reset();
54688b1e
AK		 725}
726
5312bd8b
AK		 727static uint16_t phys_section_add(MemoryRegionSection *section)
728{
68f3f65b
PB		 729 /* The physical section number is ORed with a page-aligned
730 * pointer to produce the iotlb entries. Thus it should
731 * never overflow into the page-aligned value.
732 */
733 assert(phys_sections_nb < TARGET_PAGE_SIZE);
734
5312bd8b
AK		 735 if (phys_sections_nb == phys_sections_nb_alloc) {
736 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
737 phys_sections = g_renew(MemoryRegionSection, phys_sections,
738 phys_sections_nb_alloc);
739 }
740 phys_sections[phys_sections_nb] = *section;
741 return phys_sections_nb++;
742}
743
744static void phys_sections_clear(void)
745{
746 phys_sections_nb = 0;
747}
748
ac1970fb 749static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 750{
751 subpage_t *subpage;
a8170e5e 752 hwaddr base = section->offset_within_address_space
0f0cb164 753 & TARGET_PAGE_MASK;
ac1970fb 754 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 755 MemoryRegionSection subsection = {
756 .offset_within_address_space = base,
757 .size = TARGET_PAGE_SIZE,
758 };
a8170e5e 759 hwaddr start, end;
0f0cb164 760
f3705d53 761 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 762
f3705d53 763 if (!(existing->mr->subpage)) {
0f0cb164
AK		 764 subpage = subpage_init(base);
765 subsection.mr = &subpage->iomem;
ac1970fb 766 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 767 phys_section_add(&subsection));
0f0cb164 768 } else {
f3705d53 769 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 770 }
771 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 772 end = start + section->size - 1;
0f0cb164
AK		 773 subpage_register(subpage, start, end, phys_section_add(section));
774}
775
776
ac1970fb 777static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 778{
a8170e5e 779 hwaddr start_addr = section->offset_within_address_space;
dd81124b 780 ram_addr_t size = section->size;
a8170e5e 781 hwaddr addr;
5312bd8b 782 uint16_t section_index = phys_section_add(section);
dd81124b 783
3b8e6a2d 784 assert(size);
f6f3fbca 785
3b8e6a2d 786 addr = start_addr;
ac1970fb 787 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 788 section_index);
33417e70
FB		 789}
790
86a86236
AK		 791QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > MAX_PHYS_ADDR_SPACE_BITS)
792
793static MemoryRegionSection limit(MemoryRegionSection section)
794{
795 section.size = MIN(section.offset_within_address_space + section.size,
796 MAX_PHYS_ADDR + 1)
797 - section.offset_within_address_space;
798
799 return section;
800}
801
ac1970fb 802static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 803{
ac1970fb 804 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
86a86236 805 MemoryRegionSection now = limit(*section), remain = limit(*section);
0f0cb164
AK		 806
807 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
808 || (now.size < TARGET_PAGE_SIZE)) {
809 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
810 - now.offset_within_address_space,
811 now.size);
ac1970fb 812 register_subpage(d, &now);
0f0cb164
AK		 813 remain.size -= now.size;
814 remain.offset_within_address_space += now.size;
815 remain.offset_within_region += now.size;
816 }
69b67646
TH		 817 while (remain.size >= TARGET_PAGE_SIZE) {
818 now = remain;
819 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
820 now.size = TARGET_PAGE_SIZE;
ac1970fb 821 register_subpage(d, &now);
69b67646
TH		 822 } else {
823 now.size &= TARGET_PAGE_MASK;
ac1970fb 824 register_multipage(d, &now);
69b67646 825 }
0f0cb164
AK		 826 remain.size -= now.size;
827 remain.offset_within_address_space += now.size;
828 remain.offset_within_region += now.size;
829 }
830 now = remain;
831 if (now.size) {
ac1970fb 832 register_subpage(d, &now);
0f0cb164
AK		 833 }
834}
835
62a2744c
SY		 836void qemu_flush_coalesced_mmio_buffer(void)
837{
838 if (kvm_enabled())
839 kvm_flush_coalesced_mmio_buffer();
840}
841
b2a8658e
UD		 842void qemu_mutex_lock_ramlist(void)
843{
844 qemu_mutex_lock(&ram_list.mutex);
845}
846
847void qemu_mutex_unlock_ramlist(void)
848{
849 qemu_mutex_unlock(&ram_list.mutex);
850}
851
c902760f
MT		 852#if defined(__linux__) && !defined(TARGET_S390X)
853
854#include <sys/vfs.h>
855
856#define HUGETLBFS_MAGIC 0x958458f6
857
858static long gethugepagesize(const char *path)
859{
860 struct statfs fs;
861 int ret;
862
863 do {
9742bf26 864 ret = statfs(path, &fs);
c902760f
MT		 865 } while (ret != 0 && errno == EINTR);
866
867 if (ret != 0) {
9742bf26
YT		 868 perror(path);
869 return 0;
c902760f
MT		 870 }
871
872 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 873 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 874
875 return fs.f_bsize;
876}
877
04b16653
AW		 878static void *file_ram_alloc(RAMBlock *block,
879 ram_addr_t memory,
880 const char *path)
c902760f
MT		 881{
882 char *filename;
8ca761f6
PF		 883 char *sanitized_name;
884 char *c;
c902760f
MT		 885 void *area;
886 int fd;
887#ifdef MAP_POPULATE
888 int flags;
889#endif
890 unsigned long hpagesize;
891
892 hpagesize = gethugepagesize(path);
893 if (!hpagesize) {
9742bf26 894 return NULL;
c902760f
MT		 895 }
896
897 if (memory < hpagesize) {
898 return NULL;
899 }
900
901 if (kvm_enabled() && !kvm_has_sync_mmu()) {
902 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
903 return NULL;
904 }
905
8ca761f6
PF		 906 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
907 sanitized_name = g_strdup(block->mr->name);
908 for (c = sanitized_name; *c != '\0'; c++) {
909 if (*c == '/')
910 *c = '_';
911 }
912
913 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
914 sanitized_name);
915 g_free(sanitized_name);
c902760f
MT		 916
917 fd = mkstemp(filename);
918 if (fd < 0) {
9742bf26 919 perror("unable to create backing store for hugepages");
e4ada482 920 g_free(filename);
9742bf26 921 return NULL;
c902760f
MT		 922 }
923 unlink(filename);
e4ada482 924 g_free(filename);
c902760f
MT		 925
926 memory = (memory+hpagesize-1) & ~(hpagesize-1);
927
928 /*
929 * ftruncate is not supported by hugetlbfs in older
930 * hosts, so don't bother bailing out on errors.
931 * If anything goes wrong with it under other filesystems,
932 * mmap will fail.
933 */
934 if (ftruncate(fd, memory))
9742bf26 935 perror("ftruncate");
c902760f
MT		 936
937#ifdef MAP_POPULATE
938 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
939 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
940 * to sidestep this quirk.
941 */
942 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
943 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
944#else
945 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
946#endif
947 if (area == MAP_FAILED) {
9742bf26
YT		 948 perror("file_ram_alloc: can't mmap RAM pages");
949 close(fd);
950 return (NULL);
c902760f 951 }
04b16653 952 block->fd = fd;
c902760f
MT		 953 return area;
954}
955#endif
956
d17b5288 957static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 958{
959 RAMBlock *block, *next_block;
3e837b2c 960 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 961
49cd9ac6
SH		 962 assert(size != 0); /* it would hand out same offset multiple times */
963
a3161038 964 if (QTAILQ_EMPTY(&ram_list.blocks))
04b16653
AW		 965 return 0;
966
a3161038 967 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 968 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 969
970 end = block->offset + block->length;
971
a3161038 972 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
04b16653
AW		 973 if (next_block->offset >= end) {
974 next = MIN(next, next_block->offset);
975 }
976 }
977 if (next - end >= size && next - end < mingap) {
3e837b2c 978 offset = end;
04b16653
AW		 979 mingap = next - end;
980 }
981 }
3e837b2c
AW		 982
983 if (offset == RAM_ADDR_MAX) {
984 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
985 (uint64_t)size);
986 abort();
987 }
988
04b16653
AW		 989 return offset;
990}
991
652d7ec2 992ram_addr_t last_ram_offset(void)
d17b5288
AW		 993{
994 RAMBlock *block;
995 ram_addr_t last = 0;
996
a3161038 997 QTAILQ_FOREACH(block, &ram_list.blocks, next)
d17b5288
AW		 998 last = MAX(last, block->offset + block->length);
999
1000 return last;
1001}
1002
ddb97f1d
JB		 1003static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1004{
1005 int ret;
1006 QemuOpts *machine_opts;
1007
1008 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1009 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1010 if (machine_opts &&
1011 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1012 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1013 if (ret) {
1014 perror("qemu_madvise");
1015 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1016 "but dump_guest_core=off specified\n");
1017 }
1018 }
1019}
1020
c5705a77 1021void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 1022{
1023 RAMBlock *new_block, *block;
1024
c5705a77 1025 new_block = NULL;
a3161038 1026 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77
AK		 1027 if (block->offset == addr) {
1028 new_block = block;
1029 break;
1030 }
1031 }
1032 assert(new_block);
1033 assert(!new_block->idstr[0]);
84b89d78 1034
09e5ab63
AL		 1035 if (dev) {
1036 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1037 if (id) {
1038 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1039 g_free(id);
84b89d78
CM		 1040 }
1041 }
1042 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1043
b2a8658e
UD		 1044 /* This assumes the iothread lock is taken here too. */
1045 qemu_mutex_lock_ramlist();
a3161038 1046 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77 1047 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1048 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1049 new_block->idstr);
1050 abort();
1051 }
1052 }
b2a8658e 1053 qemu_mutex_unlock_ramlist();
c5705a77
AK		 1054}
1055
8490fc78
LC		 1056static int memory_try_enable_merging(void *addr, size_t len)
1057{
1058 QemuOpts *opts;
1059
1060 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1061 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1062 /* disabled by the user */
1063 return 0;
1064 }
1065
1066 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1067}
1068
c5705a77
AK		 1069ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1070 MemoryRegion *mr)
1071{
abb26d63 1072 RAMBlock *block, *new_block;
c5705a77
AK		 1073
1074 size = TARGET_PAGE_ALIGN(size);
1075 new_block = g_malloc0(sizeof(*new_block));
84b89d78 1076
b2a8658e
UD		 1077 /* This assumes the iothread lock is taken here too. */
1078 qemu_mutex_lock_ramlist();
7c637366 1079 new_block->mr = mr;
432d268c 1080 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 1081 if (host) {
1082 new_block->host = host;
cd19cfa2 1083 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 1084 } else {
1085 if (mem_path) {
c902760f 1086#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 1087 new_block->host = file_ram_alloc(new_block, size, mem_path);
1088 if (!new_block->host) {
6eebf958 1089 new_block->host = qemu_anon_ram_alloc(size);
8490fc78 1090 memory_try_enable_merging(new_block->host, size);
6977dfe6 1091 }
c902760f 1092#else
6977dfe6
YT		 1093 fprintf(stderr, "-mem-path option unsupported\n");
1094 exit(1);
c902760f 1095#endif
6977dfe6 1096 } else {
868bb33f 1097 if (xen_enabled()) {
fce537d4 1098 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 1099 } else if (kvm_enabled()) {
1100 /* some s390/kvm configurations have special constraints */
6eebf958 1101 new_block->host = kvm_ram_alloc(size);
432d268c 1102 } else {
6eebf958 1103 new_block->host = qemu_anon_ram_alloc(size);
432d268c 1104 }
8490fc78 1105 memory_try_enable_merging(new_block->host, size);
6977dfe6 1106 }
c902760f 1107 }
94a6b54f
PB		 1108 new_block->length = size;
1109
abb26d63
PB		 1110 /* Keep the list sorted from biggest to smallest block. */
1111 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1112 if (block->length < new_block->length) {
1113 break;
1114 }
1115 }
1116 if (block) {
1117 QTAILQ_INSERT_BEFORE(block, new_block, next);
1118 } else {
1119 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1120 }
0d6d3c87 1121 ram_list.mru_block = NULL;
94a6b54f 1122
f798b07f 1123 ram_list.version++;
b2a8658e 1124 qemu_mutex_unlock_ramlist();
f798b07f 1125
7267c094 1126 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 1127 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 1128 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1129 0, size >> TARGET_PAGE_BITS);
1720aeee 1130 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 1131
ddb97f1d 1132 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 1133 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 1134
6f0437e8
JK		 1135 if (kvm_enabled())
1136 kvm_setup_guest_memory(new_block->host, size);
1137
94a6b54f
PB		 1138 return new_block->offset;
1139}
e9a1ab19 1140
c5705a77 1141ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 1142{
c5705a77 1143 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 1144}
1145
1f2e98b6
AW		 1146void qemu_ram_free_from_ptr(ram_addr_t addr)
1147{
1148 RAMBlock *block;
1149
b2a8658e
UD		 1150 /* This assumes the iothread lock is taken here too. */
1151 qemu_mutex_lock_ramlist();
a3161038 1152 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1f2e98b6 1153 if (addr == block->offset) {
a3161038 1154 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1155 ram_list.mru_block = NULL;
f798b07f 1156 ram_list.version++;
7267c094 1157 g_free(block);
b2a8658e 1158 break;
1f2e98b6
AW		 1159 }
1160 }
b2a8658e 1161 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1162}
1163
c227f099 1164void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1165{
04b16653
AW		 1166 RAMBlock *block;
1167
b2a8658e
UD		 1168 /* This assumes the iothread lock is taken here too. */
1169 qemu_mutex_lock_ramlist();
a3161038 1170 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
04b16653 1171 if (addr == block->offset) {
a3161038 1172 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1173 ram_list.mru_block = NULL;
f798b07f 1174 ram_list.version++;
cd19cfa2
HY		 1175 if (block->flags & RAM_PREALLOC_MASK) {
1176 ;
1177 } else if (mem_path) {
04b16653
AW		 1178#if defined (__linux__) && !defined(TARGET_S390X)
1179 if (block->fd) {
1180 munmap(block->host, block->length);
1181 close(block->fd);
1182 } else {
e7a09b92 1183 qemu_anon_ram_free(block->host, block->length);
04b16653 1184 }
fd28aa13
JK		 1185#else
1186 abort();
04b16653
AW		 1187#endif
1188 } else {
868bb33f 1189 if (xen_enabled()) {
e41d7c69 1190 xen_invalidate_map_cache_entry(block->host);
432d268c 1191 } else {
e7a09b92 1192 qemu_anon_ram_free(block->host, block->length);
432d268c 1193 }
04b16653 1194 }
7267c094 1195 g_free(block);
b2a8658e 1196 break;
04b16653
AW		 1197 }
1198 }
b2a8658e 1199 qemu_mutex_unlock_ramlist();
04b16653 1200
e9a1ab19
FB		 1201}
1202
cd19cfa2
HY		 1203#ifndef _WIN32
1204void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1205{
1206 RAMBlock *block;
1207 ram_addr_t offset;
1208 int flags;
1209 void *area, *vaddr;
1210
a3161038 1211 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
cd19cfa2
HY		 1212 offset = addr - block->offset;
1213 if (offset < block->length) {
1214 vaddr = block->host + offset;
1215 if (block->flags & RAM_PREALLOC_MASK) {
1216 ;
1217 } else {
1218 flags = MAP_FIXED;
1219 munmap(vaddr, length);
1220 if (mem_path) {
1221#if defined(__linux__) && !defined(TARGET_S390X)
1222 if (block->fd) {
1223#ifdef MAP_POPULATE
1224 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1225 MAP_PRIVATE;
1226#else
1227 flags |= MAP_PRIVATE;
1228#endif
1229 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1230 flags, block->fd, offset);
1231 } else {
1232 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1233 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1234 flags, -1, 0);
1235 }
fd28aa13
JK		 1236#else
1237 abort();
cd19cfa2
HY		 1238#endif
1239 } else {
1240#if defined(TARGET_S390X) && defined(CONFIG_KVM)
1241 flags |= MAP_SHARED | MAP_ANONYMOUS;
1242 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1243 flags, -1, 0);
1244#else
1245 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1246 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1247 flags, -1, 0);
1248#endif
1249 }
1250 if (area != vaddr) {
f15fbc4b
AP		 1251 fprintf(stderr, "Could not remap addr: "
1252 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1253 length, addr);
1254 exit(1);
1255 }
8490fc78 1256 memory_try_enable_merging(vaddr, length);
ddb97f1d 1257 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 1258 }
1259 return;
1260 }
1261 }
1262}
1263#endif /* !_WIN32 */
1264
dc828ca1 1265/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 1266 With the exception of the softmmu code in this file, this should
1267 only be used for local memory (e.g. video ram) that the device owns,
1268 and knows it isn't going to access beyond the end of the block.
1269
1270 It should not be used for general purpose DMA.
1271 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1272 */
c227f099 1273void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 1274{
94a6b54f
PB		 1275 RAMBlock *block;
1276
b2a8658e 1277 /* The list is protected by the iothread lock here. */
0d6d3c87
PB		 1278 block = ram_list.mru_block;
1279 if (block && addr - block->offset < block->length) {
1280 goto found;
1281 }
a3161038 1282 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f471a17e 1283 if (addr - block->offset < block->length) {
0d6d3c87 1284 goto found;
f471a17e 1285 }
94a6b54f 1286 }
f471a17e
AW		 1287
1288 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1289 abort();
1290
0d6d3c87
PB		 1291found:
1292 ram_list.mru_block = block;
1293 if (xen_enabled()) {
1294 /* We need to check if the requested address is in the RAM
1295 * because we don't want to map the entire memory in QEMU.
1296 * In that case just map until the end of the page.
1297 */
1298 if (block->offset == 0) {
1299 return xen_map_cache(addr, 0, 0);
1300 } else if (block->host == NULL) {
1301 block->host =
1302 xen_map_cache(block->offset, block->length, 1);
1303 }
1304 }
1305 return block->host + (addr - block->offset);
dc828ca1
PB		 1306}
1307
0d6d3c87
PB		 1308/* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1309 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1310 *
1311 * ??? Is this still necessary?
b2e0a138 1312 */
8b9c99d9 1313static void *qemu_safe_ram_ptr(ram_addr_t addr)
b2e0a138
MT		 1314{
1315 RAMBlock *block;
1316
b2a8658e 1317 /* The list is protected by the iothread lock here. */
a3161038 1318 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
b2e0a138 1319 if (addr - block->offset < block->length) {
868bb33f 1320 if (xen_enabled()) {
432d268c
JN		 1321 /* We need to check if the requested address is in the RAM
1322 * because we don't want to map the entire memory in QEMU.
712c2b41 1323 * In that case just map until the end of the page.
432d268c
JN		 1324 */
1325 if (block->offset == 0) {
e41d7c69 1326 return xen_map_cache(addr, 0, 0);
432d268c 1327 } else if (block->host == NULL) {
e41d7c69
JK		 1328 block->host =
1329 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 1330 }
1331 }
b2e0a138
MT		 1332 return block->host + (addr - block->offset);
1333 }
1334 }
1335
1336 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1337 abort();
1338
1339 return NULL;
1340}
1341
38bee5dc
SS		 1342/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1343 * but takes a size argument */
8b9c99d9 1344static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 1345{
8ab934f9
SS		 1346 if (*size == 0) {
1347 return NULL;
1348 }
868bb33f 1349 if (xen_enabled()) {
e41d7c69 1350 return xen_map_cache(addr, *size, 1);
868bb33f 1351 } else {
38bee5dc
SS		 1352 RAMBlock *block;
1353
a3161038 1354 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
38bee5dc
SS		 1355 if (addr - block->offset < block->length) {
1356 if (addr - block->offset + *size > block->length)
1357 *size = block->length - addr + block->offset;
1358 return block->host + (addr - block->offset);
1359 }
1360 }
1361
1362 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1363 abort();
38bee5dc
SS		 1364 }
1365}
1366
e890261f 1367int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1368{
94a6b54f
PB		 1369 RAMBlock *block;
1370 uint8_t *host = ptr;
1371
868bb33f 1372 if (xen_enabled()) {
e41d7c69 1373 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 1374 return 0;
1375 }
1376
a3161038 1377 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 1378 /* This case append when the block is not mapped. */
1379 if (block->host == NULL) {
1380 continue;
1381 }
f471a17e 1382 if (host - block->host < block->length) {
e890261f
MT		 1383 *ram_addr = block->offset + (host - block->host);
1384 return 0;
f471a17e 1385 }
94a6b54f 1386 }
432d268c 1387
e890261f
MT		 1388 return -1;
1389}
f471a17e 1390
e890261f
MT		 1391/* Some of the softmmu routines need to translate from a host pointer
1392 (typically a TLB entry) back to a ram offset. */
1393ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1394{
1395 ram_addr_t ram_addr;
f471a17e 1396
e890261f
MT		 1397 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1398 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1399 abort();
1400 }
1401 return ram_addr;
5579c7f3
PB		 1402}
1403
a8170e5e 1404static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1405 uint64_t val, unsigned size)
9fa3e853 1406{
3a7d929e 1407 int dirty_flags;
f7c11b53 1408 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1409 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
0e0df1e2 1410 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 1411 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1412 }
0e0df1e2
AK		 1413 switch (size) {
1414 case 1:
1415 stb_p(qemu_get_ram_ptr(ram_addr), val);
1416 break;
1417 case 2:
1418 stw_p(qemu_get_ram_ptr(ram_addr), val);
1419 break;
1420 case 4:
1421 stl_p(qemu_get_ram_ptr(ram_addr), val);
1422 break;
1423 default:
1424 abort();
3a7d929e 1425 }
f23db169 1426 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 1427 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 1428 /* we remove the notdirty callback only if the code has been
1429 flushed */
1430 if (dirty_flags == 0xff)
2e70f6ef 1431 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 1432}
1433
b018ddf6
PB		 1434static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1435 unsigned size, bool is_write)
1436{
1437 return is_write;
1438}
1439
0e0df1e2 1440static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1441 .write = notdirty_mem_write,
b018ddf6 1442 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1443 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1444};
1445
0f459d16 1446/* Generate a debug exception if a watchpoint has been hit. */
b4051334 1447static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 1448{
9349b4f9 1449 CPUArchState *env = cpu_single_env;
06d55cc1 1450 target_ulong pc, cs_base;
0f459d16 1451 target_ulong vaddr;
a1d1bb31 1452 CPUWatchpoint *wp;
06d55cc1 1453 int cpu_flags;
0f459d16 1454
06d55cc1
AL		 1455 if (env->watchpoint_hit) {
1456 /* We re-entered the check after replacing the TB. Now raise
1457 * the debug interrupt so that is will trigger after the
1458 * current instruction. */
c3affe56 1459 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1460 return;
1461 }
2e70f6ef 1462 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 1463 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 1464 if ((vaddr == (wp->vaddr & len_mask) ||
1465 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 1466 wp->flags |= BP_WATCHPOINT_HIT;
1467 if (!env->watchpoint_hit) {
1468 env->watchpoint_hit = wp;
5a316526 1469 tb_check_watchpoint(env);
6e140f28
AL		 1470 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1471 env->exception_index = EXCP_DEBUG;
488d6577 1472 cpu_loop_exit(env);
6e140f28
AL		 1473 } else {
1474 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1475 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 1476 cpu_resume_from_signal(env, NULL);
6e140f28 1477 }
06d55cc1 1478 }
6e140f28
AL		 1479 } else {
1480 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1481 }
1482 }
1483}
1484
6658ffb8
PB		 1485/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1486 so these check for a hit then pass through to the normal out-of-line
1487 phys routines. */
a8170e5e 1488static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1489 unsigned size)
6658ffb8 1490{
1ec9b909
AK		 1491 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1492 switch (size) {
1493 case 1: return ldub_phys(addr);
1494 case 2: return lduw_phys(addr);
1495 case 4: return ldl_phys(addr);
1496 default: abort();
1497 }
6658ffb8
PB		 1498}
1499
a8170e5e 1500static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1501 uint64_t val, unsigned size)
6658ffb8 1502{
1ec9b909
AK		 1503 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1504 switch (size) {
67364150
MF		 1505 case 1:
1506 stb_phys(addr, val);
1507 break;
1508 case 2:
1509 stw_phys(addr, val);
1510 break;
1511 case 4:
1512 stl_phys(addr, val);
1513 break;
1ec9b909
AK		 1514 default: abort();
1515 }
6658ffb8
PB		 1516}
1517
1ec9b909
AK		 1518static const MemoryRegionOps watch_mem_ops = {
1519 .read = watch_mem_read,
1520 .write = watch_mem_write,
1521 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1522};
6658ffb8 1523
a8170e5e 1524static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1525 unsigned len)
db7b5426 1526{
70c68e44 1527 subpage_t *mmio = opaque;
f6405247 1528 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 1529 MemoryRegionSection *section;
db7b5426
BS		 1530#if defined(DEBUG_SUBPAGE)
1531 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1532 mmio, len, addr, idx);
1533#endif
db7b5426 1534
5312bd8b
AK		 1535 section = &phys_sections[mmio->sub_section[idx]];
1536 addr += mmio->base;
1537 addr -= section->offset_within_address_space;
1538 addr += section->offset_within_region;
37ec01d4 1539 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 1540}
1541
a8170e5e 1542static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1543 uint64_t value, unsigned len)
db7b5426 1544{
70c68e44 1545 subpage_t *mmio = opaque;
f6405247 1546 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 1547 MemoryRegionSection *section;
db7b5426 1548#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 1549 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1550 " idx %d value %"PRIx64"\n",
f6405247 1551 __func__, mmio, len, addr, idx, value);
db7b5426 1552#endif
f6405247 1553
5312bd8b
AK		 1554 section = &phys_sections[mmio->sub_section[idx]];
1555 addr += mmio->base;
1556 addr -= section->offset_within_address_space;
1557 addr += section->offset_within_region;
37ec01d4 1558 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 1559}
1560
70c68e44
AK		 1561static const MemoryRegionOps subpage_ops = {
1562 .read = subpage_read,
1563 .write = subpage_write,
1564 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 1565};
1566
a8170e5e 1567static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
de712f94 1568 unsigned size)
56384e8b
AF		 1569{
1570 ram_addr_t raddr = addr;
1571 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 1572 switch (size) {
1573 case 1: return ldub_p(ptr);
1574 case 2: return lduw_p(ptr);
1575 case 4: return ldl_p(ptr);
1576 default: abort();
1577 }
56384e8b
AF		 1578}
1579
a8170e5e 1580static void subpage_ram_write(void *opaque, hwaddr addr,
de712f94 1581 uint64_t value, unsigned size)
56384e8b
AF		 1582{
1583 ram_addr_t raddr = addr;
1584 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 1585 switch (size) {
1586 case 1: return stb_p(ptr, value);
1587 case 2: return stw_p(ptr, value);
1588 case 4: return stl_p(ptr, value);
1589 default: abort();
1590 }
56384e8b
AF		 1591}
1592
de712f94
AK		 1593static const MemoryRegionOps subpage_ram_ops = {
1594 .read = subpage_ram_read,
1595 .write = subpage_ram_write,
1596 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 1597};
1598
c227f099 1599static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1600 uint16_t section)
db7b5426
BS		 1601{
1602 int idx, eidx;
1603
1604 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1605 return -1;
1606 idx = SUBPAGE_IDX(start);
1607 eidx = SUBPAGE_IDX(end);
1608#if defined(DEBUG_SUBPAGE)
0bf9e31a 1609 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 1610 mmio, start, end, idx, eidx, memory);
1611#endif
5312bd8b
AK		 1612 if (memory_region_is_ram(phys_sections[section].mr)) {
1613 MemoryRegionSection new_section = phys_sections[section];
1614 new_section.mr = &io_mem_subpage_ram;
1615 section = phys_section_add(&new_section);
56384e8b 1616 }
db7b5426 1617 for (; idx <= eidx; idx++) {
5312bd8b 1618 mmio->sub_section[idx] = section;
db7b5426
BS		 1619 }
1620
1621 return 0;
1622}
1623
a8170e5e 1624static subpage_t *subpage_init(hwaddr base)
db7b5426 1625{
c227f099 1626 subpage_t *mmio;
db7b5426 1627
7267c094 1628 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 1629
1630 mmio->base = base;
70c68e44
AK		 1631 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1632 "subpage", TARGET_PAGE_SIZE);
b3b00c78 1633 mmio->iomem.subpage = true;
db7b5426 1634#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 1635 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1636 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 1637#endif
0f0cb164 1638 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 1639
1640 return mmio;
1641}
1642
5312bd8b
AK		 1643static uint16_t dummy_section(MemoryRegion *mr)
1644{
1645 MemoryRegionSection section = {
1646 .mr = mr,
1647 .offset_within_address_space = 0,
1648 .offset_within_region = 0,
1649 .size = UINT64_MAX,
1650 };
1651
1652 return phys_section_add(&section);
1653}
1654
a8170e5e 1655MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 1656{
37ec01d4 1657 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 1658}
1659
e9179ce1
AK		 1660static void io_mem_init(void)
1661{
bf8d5166 1662 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
0e0df1e2
AK		 1663 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1664 "unassigned", UINT64_MAX);
1665 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1666 "notdirty", UINT64_MAX);
de712f94
AK		 1667 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1668 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 1669 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1670 "watch", UINT64_MAX);
e9179ce1
AK		 1671}
1672
ac1970fb
AK		 1673static void mem_begin(MemoryListener *listener)
1674{
1675 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1676
1677 destroy_all_mappings(d);
1678 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1679}
1680
50c1e149
AK		 1681static void core_begin(MemoryListener *listener)
1682{
5312bd8b
AK		 1683 phys_sections_clear();
1684 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 1685 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1686 phys_section_rom = dummy_section(&io_mem_rom);
1687 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 1688}
1689
1d71148e 1690static void tcg_commit(MemoryListener *listener)
50c1e149 1691{
9349b4f9 1692 CPUArchState *env;
117712c3
AK		 1693
1694 /* since each CPU stores ram addresses in its TLB cache, we must
1695 reset the modified entries */
1696 /* XXX: slow ! */
1697 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1698 tlb_flush(env, 1);
1699 }
50c1e149
AK		 1700}
1701
93632747
AK		 1702static void core_log_global_start(MemoryListener *listener)
1703{
1704 cpu_physical_memory_set_dirty_tracking(1);
1705}
1706
1707static void core_log_global_stop(MemoryListener *listener)
1708{
1709 cpu_physical_memory_set_dirty_tracking(0);
1710}
1711
4855d41a
AK		 1712static void io_region_add(MemoryListener *listener,
1713 MemoryRegionSection *section)
1714{
a2d33521
AK		 1715 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1716
1717 mrio->mr = section->mr;
1718 mrio->offset = section->offset_within_region;
1719 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 1720 section->offset_within_address_space, section->size);
a2d33521 1721 ioport_register(&mrio->iorange);
4855d41a
AK		 1722}
1723
1724static void io_region_del(MemoryListener *listener,
1725 MemoryRegionSection *section)
1726{
1727 isa_unassign_ioport(section->offset_within_address_space, section->size);
1728}
1729
93632747 1730static MemoryListener core_memory_listener = {
50c1e149 1731 .begin = core_begin,
93632747
AK		 1732 .log_global_start = core_log_global_start,
1733 .log_global_stop = core_log_global_stop,
ac1970fb 1734 .priority = 1,
93632747
AK		 1735};
1736
4855d41a
AK		 1737static MemoryListener io_memory_listener = {
1738 .region_add = io_region_add,
1739 .region_del = io_region_del,
4855d41a
AK		 1740 .priority = 0,
1741};
1742
1d71148e
AK		 1743static MemoryListener tcg_memory_listener = {
1744 .commit = tcg_commit,
1745};
1746
ac1970fb
AK		 1747void address_space_init_dispatch(AddressSpace *as)
1748{
1749 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1750
1751 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1752 d->listener = (MemoryListener) {
1753 .begin = mem_begin,
1754 .region_add = mem_add,
1755 .region_nop = mem_add,
1756 .priority = 0,
1757 };
1758 as->dispatch = d;
1759 memory_listener_register(&d->listener, as);
1760}
1761
83f3c251
AK		 1762void address_space_destroy_dispatch(AddressSpace *as)
1763{
1764 AddressSpaceDispatch *d = as->dispatch;
1765
1766 memory_listener_unregister(&d->listener);
1767 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1768 g_free(d);
1769 as->dispatch = NULL;
1770}
1771
62152b8a
AK		 1772static void memory_map_init(void)
1773{
7267c094 1774 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 1775 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 1776 address_space_init(&address_space_memory, system_memory);
1777 address_space_memory.name = "memory";
309cb471 1778
7267c094 1779 system_io = g_malloc(sizeof(*system_io));
309cb471 1780 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 1781 address_space_init(&address_space_io, system_io);
1782 address_space_io.name = "I/O";
93632747 1783
f6790af6
AK		 1784 memory_listener_register(&core_memory_listener, &address_space_memory);
1785 memory_listener_register(&io_memory_listener, &address_space_io);
1786 memory_listener_register(&tcg_memory_listener, &address_space_memory);
9e11908f
PM		 1787
1788 dma_context_init(&dma_context_memory, &address_space_memory,
1789 NULL, NULL, NULL);
62152b8a
AK		 1790}
1791
1792MemoryRegion *get_system_memory(void)
1793{
1794 return system_memory;
1795}
1796
309cb471
AK		 1797MemoryRegion *get_system_io(void)
1798{
1799 return system_io;
1800}
1801
e2eef170
PB		 1802#endif /* !defined(CONFIG_USER_ONLY) */
1803
13eb76e0
FB		 1804/* physical memory access (slow version, mainly for debug) */
1805#if defined(CONFIG_USER_ONLY)
9349b4f9 1806int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 1807 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 1808{
1809 int l, flags;
1810 target_ulong page;
53a5960a 1811 void * p;
13eb76e0
FB		 1812
1813 while (len > 0) {
1814 page = addr & TARGET_PAGE_MASK;
1815 l = (page + TARGET_PAGE_SIZE) - addr;
1816 if (l > len)
1817 l = len;
1818 flags = page_get_flags(page);
1819 if (!(flags & PAGE_VALID))
a68fe89c 1820 return -1;
13eb76e0
FB		 1821 if (is_write) {
1822 if (!(flags & PAGE_WRITE))
a68fe89c 1823 return -1;
579a97f7 1824 /* XXX: this code should not depend on lock_user */
72fb7daa 1825 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 1826 return -1;
72fb7daa
AJ		 1827 memcpy(p, buf, l);
1828 unlock_user(p, addr, l);
13eb76e0
FB		 1829 } else {
1830 if (!(flags & PAGE_READ))
a68fe89c 1831 return -1;
579a97f7 1832 /* XXX: this code should not depend on lock_user */
72fb7daa 1833 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 1834 return -1;
72fb7daa 1835 memcpy(buf, p, l);
5b257578 1836 unlock_user(p, addr, 0);
13eb76e0
FB		 1837 }
1838 len -= l;
1839 buf += l;
1840 addr += l;
1841 }
a68fe89c 1842 return 0;
13eb76e0 1843}
8df1cd07 1844
13eb76e0 1845#else
51d7a9eb 1846
a8170e5e
AK		 1847static void invalidate_and_set_dirty(hwaddr addr,
1848 hwaddr length)
51d7a9eb
AP		 1849{
1850 if (!cpu_physical_memory_is_dirty(addr)) {
1851 /* invalidate code */
1852 tb_invalidate_phys_page_range(addr, addr + length, 0);
1853 /* set dirty bit */
1854 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1855 }
e226939d 1856 xen_modified_memory(addr, length);
51d7a9eb
AP		 1857}
1858
2bbfa05d
PB		 1859static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1860{
1861 if (memory_region_is_ram(mr)) {
1862 return !(is_write && mr->readonly);
1863 }
1864 if (memory_region_is_romd(mr)) {
1865 return !is_write;
1866 }
1867
1868 return false;
1869}
1870
82f2563f
PB		 1871static inline int memory_access_size(int l, hwaddr addr)
1872{
1873 if (l >= 4 && ((addr & 3) == 0)) {
1874 return 4;
1875 }
1876 if (l >= 2 && ((addr & 1) == 0)) {
1877 return 2;
1878 }
1879 return 1;
1880}
1881
a8170e5e 1882void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 1883 int len, bool is_write)
13eb76e0 1884{
149f54b5 1885 hwaddr l;
13eb76e0
FB		 1886 uint8_t *ptr;
1887 uint32_t val;
149f54b5 1888 hwaddr addr1;
f3705d53 1889 MemoryRegionSection *section;
3b46e624 1890
13eb76e0 1891 while (len > 0) {
149f54b5
PB		 1892 l = len;
1893 section = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 1894
13eb76e0 1895 if (is_write) {
2bbfa05d 1896 if (!memory_access_is_direct(section->mr, is_write)) {
82f2563f 1897 l = memory_access_size(l, addr1);
6a00d601
FB		 1898 /* XXX: could force cpu_single_env to NULL to avoid
1899 potential bugs */
82f2563f 1900 if (l == 4) {
1c213d19 1901 /* 32 bit write access */
c27004ec 1902 val = ldl_p(buf);
37ec01d4 1903 io_mem_write(section->mr, addr1, val, 4);
82f2563f 1904 } else if (l == 2) {
1c213d19 1905 /* 16 bit write access */
c27004ec 1906 val = lduw_p(buf);
37ec01d4 1907 io_mem_write(section->mr, addr1, val, 2);
13eb76e0 1908 } else {
1c213d19 1909 /* 8 bit write access */
c27004ec 1910 val = ldub_p(buf);
37ec01d4 1911 io_mem_write(section->mr, addr1, val, 1);
13eb76e0 1912 }
2bbfa05d 1913 } else {
149f54b5 1914 addr1 += memory_region_get_ram_addr(section->mr);
13eb76e0 1915 /* RAM case */
5579c7f3 1916 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 1917 memcpy(ptr, buf, l);
51d7a9eb 1918 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 1919 }
1920 } else {
2bbfa05d 1921 if (!memory_access_is_direct(section->mr, is_write)) {
13eb76e0 1922 /* I/O case */
82f2563f
PB		 1923 l = memory_access_size(l, addr1);
1924 if (l == 4) {
13eb76e0 1925 /* 32 bit read access */
37ec01d4 1926 val = io_mem_read(section->mr, addr1, 4);
c27004ec 1927 stl_p(buf, val);
82f2563f 1928 } else if (l == 2) {
13eb76e0 1929 /* 16 bit read access */
37ec01d4 1930 val = io_mem_read(section->mr, addr1, 2);
c27004ec 1931 stw_p(buf, val);
13eb76e0 1932 } else {
1c213d19 1933 /* 8 bit read access */
37ec01d4 1934 val = io_mem_read(section->mr, addr1, 1);
c27004ec 1935 stb_p(buf, val);
13eb76e0
FB		 1936 }
1937 } else {
1938 /* RAM case */
149f54b5 1939 ptr = qemu_get_ram_ptr(section->mr->ram_addr + addr1);
f3705d53 1940 memcpy(buf, ptr, l);
13eb76e0
FB		 1941 }
1942 }
1943 len -= l;
1944 buf += l;
1945 addr += l;
1946 }
1947}
8df1cd07 1948
a8170e5e 1949void address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 1950 const uint8_t *buf, int len)
1951{
1952 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1953}
1954
1955/**
1956 * address_space_read: read from an address space.
1957 *
1958 * @as: #AddressSpace to be accessed
1959 * @addr: address within that address space
1960 * @buf: buffer with the data transferred
1961 */
a8170e5e 1962void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb
AK		 1963{
1964 address_space_rw(as, addr, buf, len, false);
1965}
1966
1967
a8170e5e 1968void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 1969 int len, int is_write)
1970{
1971 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1972}
1973
d0ecd2aa 1974/* used for ROM loading : can write in RAM and ROM */
a8170e5e 1975void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 1976 const uint8_t *buf, int len)
1977{
149f54b5 1978 hwaddr l;
d0ecd2aa 1979 uint8_t *ptr;
149f54b5 1980 hwaddr addr1;
f3705d53 1981 MemoryRegionSection *section;
3b46e624 1982
d0ecd2aa 1983 while (len > 0) {
149f54b5
PB		 1984 l = len;
1985 section = address_space_translate(&address_space_memory,
1986 addr, &addr1, &l, true);
3b46e624 1987
cc5bea60
BS		 1988 if (!(memory_region_is_ram(section->mr) ||
1989 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 1990 /* do nothing */
1991 } else {
149f54b5 1992 addr1 += memory_region_get_ram_addr(section->mr);
d0ecd2aa 1993 /* ROM/RAM case */
5579c7f3 1994 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 1995 memcpy(ptr, buf, l);
51d7a9eb 1996 invalidate_and_set_dirty(addr1, l);
d0ecd2aa
FB		 1997 }
1998 len -= l;
1999 buf += l;
2000 addr += l;
2001 }
2002}
2003
6d16c2f8
AL		 2004typedef struct {
2005 void *buffer;
a8170e5e
AK		 2006 hwaddr addr;
2007 hwaddr len;
6d16c2f8
AL		 2008} BounceBuffer;
2009
2010static BounceBuffer bounce;
2011
ba223c29
AL		 2012typedef struct MapClient {
2013 void *opaque;
2014 void (*callback)(void *opaque);
72cf2d4f 2015 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2016} MapClient;
2017
72cf2d4f
BS		 2018static QLIST_HEAD(map_client_list, MapClient) map_client_list
2019 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2020
2021void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2022{
7267c094 2023 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2024
2025 client->opaque = opaque;
2026 client->callback = callback;
72cf2d4f 2027 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2028 return client;
2029}
2030
8b9c99d9 2031static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2032{
2033 MapClient *client = (MapClient *)_client;
2034
72cf2d4f 2035 QLIST_REMOVE(client, link);
7267c094 2036 g_free(client);
ba223c29
AL		 2037}
2038
2039static void cpu_notify_map_clients(void)
2040{
2041 MapClient *client;
2042
72cf2d4f
BS		 2043 while (!QLIST_EMPTY(&map_client_list)) {
2044 client = QLIST_FIRST(&map_client_list);
ba223c29 2045 client->callback(client->opaque);
34d5e948 2046 cpu_unregister_map_client(client);
ba223c29
AL		 2047 }
2048}
2049
6d16c2f8
AL		 2050/* Map a physical memory region into a host virtual address.
2051 * May map a subset of the requested range, given by and returned in *plen.
2052 * May return NULL if resources needed to perform the mapping are exhausted.
2053 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2054 * Use cpu_register_map_client() to know when retrying the map operation is
2055 * likely to succeed.
6d16c2f8 2056 */
ac1970fb 2057void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2058 hwaddr addr,
2059 hwaddr *plen,
ac1970fb 2060 bool is_write)
6d16c2f8 2061{
a8170e5e
AK		 2062 hwaddr len = *plen;
2063 hwaddr todo = 0;
149f54b5 2064 hwaddr l, xlat;
f3705d53 2065 MemoryRegionSection *section;
f15fbc4b 2066 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 2067 ram_addr_t rlen;
2068 void *ret;
6d16c2f8
AL		 2069
2070 while (len > 0) {
149f54b5
PB		 2071 l = len;
2072 section = address_space_translate(as, addr, &xlat, &l, is_write);
6d16c2f8 2073
2bbfa05d 2074 if (!memory_access_is_direct(section->mr, is_write)) {
38bee5dc 2075 if (todo || bounce.buffer) {
6d16c2f8
AL		 2076 break;
2077 }
2078 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2079 bounce.addr = addr;
2080 bounce.len = l;
2081 if (!is_write) {
ac1970fb 2082 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 2083 }
38bee5dc
SS		 2084
2085 *plen = l;
2086 return bounce.buffer;
6d16c2f8 2087 }
8ab934f9 2088 if (!todo) {
149f54b5
PB		 2089 raddr = memory_region_get_ram_addr(section->mr) + xlat;
2090 } else {
2091 if (memory_region_get_ram_addr(section->mr) + xlat != raddr + todo) {
2092 break;
2093 }
8ab934f9 2094 }
6d16c2f8
AL		 2095
2096 len -= l;
2097 addr += l;
38bee5dc 2098 todo += l;
6d16c2f8 2099 }
8ab934f9
SS		 2100 rlen = todo;
2101 ret = qemu_ram_ptr_length(raddr, &rlen);
2102 *plen = rlen;
2103 return ret;
6d16c2f8
AL		 2104}
2105
ac1970fb 2106/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2107 * Will also mark the memory as dirty if is_write == 1. access_len gives
2108 * the amount of memory that was actually read or written by the caller.
2109 */
a8170e5e
AK		 2110void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2111 int is_write, hwaddr access_len)
6d16c2f8
AL		 2112{
2113 if (buffer != bounce.buffer) {
2114 if (is_write) {
e890261f 2115 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 2116 while (access_len) {
2117 unsigned l;
2118 l = TARGET_PAGE_SIZE;
2119 if (l > access_len)
2120 l = access_len;
51d7a9eb 2121 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 2122 addr1 += l;
2123 access_len -= l;
2124 }
2125 }
868bb33f 2126 if (xen_enabled()) {
e41d7c69 2127 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2128 }
6d16c2f8
AL		 2129 return;
2130 }
2131 if (is_write) {
ac1970fb 2132 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2133 }
f8a83245 2134 qemu_vfree(bounce.buffer);
6d16c2f8 2135 bounce.buffer = NULL;
ba223c29 2136 cpu_notify_map_clients();
6d16c2f8 2137}
d0ecd2aa 2138
a8170e5e
AK		 2139void *cpu_physical_memory_map(hwaddr addr,
2140 hwaddr *plen,
ac1970fb
AK		 2141 int is_write)
2142{
2143 return address_space_map(&address_space_memory, addr, plen, is_write);
2144}
2145
a8170e5e
AK		 2146void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2147 int is_write, hwaddr access_len)
ac1970fb
AK		 2148{
2149 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2150}
2151
8df1cd07 2152/* warning: addr must be aligned */
a8170e5e 2153static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 2154 enum device_endian endian)
8df1cd07 2155{
8df1cd07
FB		 2156 uint8_t *ptr;
2157 uint32_t val;
f3705d53 2158 MemoryRegionSection *section;
149f54b5
PB		 2159 hwaddr l = 4;
2160 hwaddr addr1;
8df1cd07 2161
149f54b5
PB		 2162 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2163 false);
2bbfa05d 2164 if (l < 4 || !memory_access_is_direct(section->mr, false)) {
8df1cd07 2165 /* I/O case */
149f54b5 2166 val = io_mem_read(section->mr, addr1, 4);
1e78bcc1
AG		 2167#if defined(TARGET_WORDS_BIGENDIAN)
2168 if (endian == DEVICE_LITTLE_ENDIAN) {
2169 val = bswap32(val);
2170 }
2171#else
2172 if (endian == DEVICE_BIG_ENDIAN) {
2173 val = bswap32(val);
2174 }
2175#endif
8df1cd07
FB		 2176 } else {
2177 /* RAM case */
f3705d53 2178 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 2179 & TARGET_PAGE_MASK)
149f54b5 2180 + addr1);
1e78bcc1
AG		 2181 switch (endian) {
2182 case DEVICE_LITTLE_ENDIAN:
2183 val = ldl_le_p(ptr);
2184 break;
2185 case DEVICE_BIG_ENDIAN:
2186 val = ldl_be_p(ptr);
2187 break;
2188 default:
2189 val = ldl_p(ptr);
2190 break;
2191 }
8df1cd07
FB		 2192 }
2193 return val;
2194}
2195
a8170e5e 2196uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 2197{
2198 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2199}
2200
a8170e5e 2201uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 2202{
2203 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2204}
2205
a8170e5e 2206uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 2207{
2208 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2209}
2210
84b7b8e7 2211/* warning: addr must be aligned */
a8170e5e 2212static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 2213 enum device_endian endian)
84b7b8e7 2214{
84b7b8e7
FB		 2215 uint8_t *ptr;
2216 uint64_t val;
f3705d53 2217 MemoryRegionSection *section;
149f54b5
PB		 2218 hwaddr l = 8;
2219 hwaddr addr1;
84b7b8e7 2220
149f54b5
PB		 2221 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2222 false);
2bbfa05d 2223 if (l < 8 || !memory_access_is_direct(section->mr, false)) {
84b7b8e7 2224 /* I/O case */
1e78bcc1
AG		 2225
2226 /* XXX This is broken when device endian != cpu endian.
2227 Fix and add "endian" variable check */
84b7b8e7 2228#ifdef TARGET_WORDS_BIGENDIAN
149f54b5
PB		 2229 val = io_mem_read(section->mr, addr1, 4) << 32;
2230 val |= io_mem_read(section->mr, addr1 + 4, 4);
84b7b8e7 2231#else
149f54b5
PB		 2232 val = io_mem_read(section->mr, addr1, 4);
2233 val |= io_mem_read(section->mr, addr1 + 4, 4) << 32;
84b7b8e7
FB		 2234#endif
2235 } else {
2236 /* RAM case */
f3705d53 2237 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 2238 & TARGET_PAGE_MASK)
149f54b5 2239 + addr1);
1e78bcc1
AG		 2240 switch (endian) {
2241 case DEVICE_LITTLE_ENDIAN:
2242 val = ldq_le_p(ptr);
2243 break;
2244 case DEVICE_BIG_ENDIAN:
2245 val = ldq_be_p(ptr);
2246 break;
2247 default:
2248 val = ldq_p(ptr);
2249 break;
2250 }
84b7b8e7
FB		 2251 }
2252 return val;
2253}
2254
a8170e5e 2255uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 2256{
2257 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2258}
2259
a8170e5e 2260uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 2261{
2262 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2263}
2264
a8170e5e 2265uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 2266{
2267 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2268}
2269
aab33094 2270/* XXX: optimize */
a8170e5e 2271uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 2272{
2273 uint8_t val;
2274 cpu_physical_memory_read(addr, &val, 1);
2275 return val;
2276}
2277
733f0b02 2278/* warning: addr must be aligned */
a8170e5e 2279static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 2280 enum device_endian endian)
aab33094 2281{
733f0b02
MT		 2282 uint8_t *ptr;
2283 uint64_t val;
f3705d53 2284 MemoryRegionSection *section;
149f54b5
PB		 2285 hwaddr l = 2;
2286 hwaddr addr1;
733f0b02 2287
149f54b5
PB		 2288 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2289 false);
2bbfa05d 2290 if (l < 2 || !memory_access_is_direct(section->mr, false)) {
733f0b02 2291 /* I/O case */
149f54b5 2292 val = io_mem_read(section->mr, addr1, 2);
1e78bcc1
AG		 2293#if defined(TARGET_WORDS_BIGENDIAN)
2294 if (endian == DEVICE_LITTLE_ENDIAN) {
2295 val = bswap16(val);
2296 }
2297#else
2298 if (endian == DEVICE_BIG_ENDIAN) {
2299 val = bswap16(val);
2300 }
2301#endif
733f0b02
MT		 2302 } else {
2303 /* RAM case */
f3705d53 2304 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 2305 & TARGET_PAGE_MASK)
149f54b5 2306 + addr1);
1e78bcc1
AG		 2307 switch (endian) {
2308 case DEVICE_LITTLE_ENDIAN:
2309 val = lduw_le_p(ptr);
2310 break;
2311 case DEVICE_BIG_ENDIAN:
2312 val = lduw_be_p(ptr);
2313 break;
2314 default:
2315 val = lduw_p(ptr);
2316 break;
2317 }
733f0b02
MT		 2318 }
2319 return val;
aab33094
FB		 2320}
2321
a8170e5e 2322uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 2323{
2324 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2325}
2326
a8170e5e 2327uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 2328{
2329 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2330}
2331
a8170e5e 2332uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 2333{
2334 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2335}
2336
8df1cd07
FB		 2337/* warning: addr must be aligned. The ram page is not masked as dirty
2338 and the code inside is not invalidated. It is useful if the dirty
2339 bits are used to track modified PTEs */
a8170e5e 2340void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 2341{
8df1cd07 2342 uint8_t *ptr;
f3705d53 2343 MemoryRegionSection *section;
149f54b5
PB		 2344 hwaddr l = 4;
2345 hwaddr addr1;
8df1cd07 2346
149f54b5
PB		 2347 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2348 true);
2bbfa05d 2349 if (l < 4 || !memory_access_is_direct(section->mr, true)) {
149f54b5 2350 io_mem_write(section->mr, addr1, val, 4);
8df1cd07 2351 } else {
149f54b5 2352 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
5579c7f3 2353 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2354 stl_p(ptr, val);
74576198
AL		 2355
2356 if (unlikely(in_migration)) {
2357 if (!cpu_physical_memory_is_dirty(addr1)) {
2358 /* invalidate code */
2359 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2360 /* set dirty bit */
f7c11b53
YT		 2361 cpu_physical_memory_set_dirty_flags(
2362 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 2363 }
2364 }
8df1cd07
FB		 2365 }
2366}
2367
2368/* warning: addr must be aligned */
a8170e5e 2369static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2370 enum device_endian endian)
8df1cd07 2371{
8df1cd07 2372 uint8_t *ptr;
f3705d53 2373 MemoryRegionSection *section;
149f54b5
PB		 2374 hwaddr l = 4;
2375 hwaddr addr1;
8df1cd07 2376
149f54b5
PB		 2377 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2378 true);
2bbfa05d 2379 if (l < 4 || !memory_access_is_direct(section->mr, true)) {
1e78bcc1
AG		 2380#if defined(TARGET_WORDS_BIGENDIAN)
2381 if (endian == DEVICE_LITTLE_ENDIAN) {
2382 val = bswap32(val);
2383 }
2384#else
2385 if (endian == DEVICE_BIG_ENDIAN) {
2386 val = bswap32(val);
2387 }
2388#endif
149f54b5 2389 io_mem_write(section->mr, addr1, val, 4);
8df1cd07 2390 } else {
8df1cd07 2391 /* RAM case */
149f54b5 2392 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
5579c7f3 2393 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2394 switch (endian) {
2395 case DEVICE_LITTLE_ENDIAN:
2396 stl_le_p(ptr, val);
2397 break;
2398 case DEVICE_BIG_ENDIAN:
2399 stl_be_p(ptr, val);
2400 break;
2401 default:
2402 stl_p(ptr, val);
2403 break;
2404 }
51d7a9eb 2405 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2406 }
2407}
2408
a8170e5e 2409void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2410{
2411 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2412}
2413
a8170e5e 2414void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2415{
2416 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2417}
2418
a8170e5e 2419void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2420{
2421 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2422}
2423
aab33094 2424/* XXX: optimize */
a8170e5e 2425void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 2426{
2427 uint8_t v = val;
2428 cpu_physical_memory_write(addr, &v, 1);
2429}
2430
733f0b02 2431/* warning: addr must be aligned */
a8170e5e 2432static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2433 enum device_endian endian)
aab33094 2434{
733f0b02 2435 uint8_t *ptr;
f3705d53 2436 MemoryRegionSection *section;
149f54b5
PB		 2437 hwaddr l = 2;
2438 hwaddr addr1;
733f0b02 2439
149f54b5
PB		 2440 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2441 true);
2bbfa05d 2442 if (l < 2 || !memory_access_is_direct(section->mr, true)) {
1e78bcc1
AG		 2443#if defined(TARGET_WORDS_BIGENDIAN)
2444 if (endian == DEVICE_LITTLE_ENDIAN) {
2445 val = bswap16(val);
2446 }
2447#else
2448 if (endian == DEVICE_BIG_ENDIAN) {
2449 val = bswap16(val);
2450 }
2451#endif
149f54b5 2452 io_mem_write(section->mr, addr1, val, 2);
733f0b02 2453 } else {
733f0b02 2454 /* RAM case */
149f54b5 2455 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
733f0b02 2456 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2457 switch (endian) {
2458 case DEVICE_LITTLE_ENDIAN:
2459 stw_le_p(ptr, val);
2460 break;
2461 case DEVICE_BIG_ENDIAN:
2462 stw_be_p(ptr, val);
2463 break;
2464 default:
2465 stw_p(ptr, val);
2466 break;
2467 }
51d7a9eb 2468 invalidate_and_set_dirty(addr1, 2);
733f0b02 2469 }
aab33094
FB		 2470}
2471
a8170e5e 2472void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2473{
2474 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2475}
2476
a8170e5e 2477void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2478{
2479 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2480}
2481
a8170e5e 2482void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2483{
2484 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2485}
2486
aab33094 2487/* XXX: optimize */
a8170e5e 2488void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 2489{
2490 val = tswap64(val);
71d2b725 2491 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 2492}
2493
a8170e5e 2494void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2495{
2496 val = cpu_to_le64(val);
2497 cpu_physical_memory_write(addr, &val, 8);
2498}
2499
a8170e5e 2500void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2501{
2502 val = cpu_to_be64(val);
2503 cpu_physical_memory_write(addr, &val, 8);
2504}
2505
5e2972fd 2506/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 2507int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 2508 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2509{
2510 int l;
a8170e5e 2511 hwaddr phys_addr;
9b3c35e0 2512 target_ulong page;
13eb76e0
FB		 2513
2514 while (len > 0) {
2515 page = addr & TARGET_PAGE_MASK;
2516 phys_addr = cpu_get_phys_page_debug(env, page);
2517 /* if no physical page mapped, return an error */
2518 if (phys_addr == -1)
2519 return -1;
2520 l = (page + TARGET_PAGE_SIZE) - addr;
2521 if (l > len)
2522 l = len;
5e2972fd 2523 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 2524 if (is_write)
2525 cpu_physical_memory_write_rom(phys_addr, buf, l);
2526 else
5e2972fd 2527 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 2528 len -= l;
2529 buf += l;
2530 addr += l;
2531 }
2532 return 0;
2533}
a68fe89c 2534#endif
13eb76e0 2535
8e4a424b
BS		 2536#if !defined(CONFIG_USER_ONLY)
2537
2538/*
2539 * A helper function for the _utterly broken_ virtio device model to find out if
2540 * it's running on a big endian machine. Don't do this at home kids!
2541 */
2542bool virtio_is_big_endian(void);
2543bool virtio_is_big_endian(void)
2544{
2545#if defined(TARGET_WORDS_BIGENDIAN)
2546 return true;
2547#else
2548 return false;
2549#endif
2550}
2551
2552#endif
2553
76f35538 2554#ifndef CONFIG_USER_ONLY
a8170e5e 2555bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538
WC		 2556{
2557 MemoryRegionSection *section;
149f54b5 2558 hwaddr l = 1;
76f35538 2559
149f54b5
PB		 2560 section = address_space_translate(&address_space_memory,
2561 phys_addr, &phys_addr, &l, false);
76f35538
WC		 2562
2563 return !(memory_region_is_ram(section->mr) ||
2564 memory_region_is_romd(section->mr));
2565}
2566#endif
Mirror of https://git.qemu.org/git/qemu.git