]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
trace: add "-trace help"
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
777872e5 20#ifndef _WIN32
d5a8f07c
FB		 21#include <sys/mman.h>
22#endif
54936004 23
055403b2 24#include "qemu-common.h"
6180a181 25#include "cpu.h"
b67d9a52 26#include "tcg.h"
b3c7724c 27#include "hw/hw.h"
4485bd26 28#if !defined(CONFIG_USER_ONLY)
47c8ca53 29#include "hw/boards.h"
4485bd26 30#endif
cc9e98cb 31#include "hw/qdev.h"
9c17d615 32#include "sysemu/kvm.h"
2ff3de68 33#include "sysemu/sysemu.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
0dc3f44a 48#include "qemu/rcu_queue.h"
4840f10e 49#include "qemu/main-loop.h"
5b6dd868 50#include "translate-all.h"
7615936e 51#include "sysemu/replay.h"
0cac1b66 52
022c62cb 53#include "exec/memory-internal.h"
220c3ebd 54#include "exec/ram_addr.h"
67d95c15 55
b35ba30f 56#include "qemu/range.h"
794e8f30
MT		 57#ifndef _WIN32
58#include "qemu/mmap-alloc.h"
59#endif
b35ba30f 60
db7b5426 61//#define DEBUG_SUBPAGE
1196be37 62
e2eef170 63#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 64/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
65 * are protected by the ramlist lock.
66 */
0d53d9fe 67RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 68
69static MemoryRegion *system_memory;
309cb471 70static MemoryRegion *system_io;
62152b8a 71
f6790af6
AK		 72AddressSpace address_space_io;
73AddressSpace address_space_memory;
2673a5da 74
0844e007 75MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 76static MemoryRegion io_mem_unassigned;
0e0df1e2 77
7bd4f430
PB		 78/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
79#define RAM_PREALLOC (1 << 0)
80
dbcb8981
PB		 81/* RAM is mmap-ed with MAP_SHARED */
82#define RAM_SHARED (1 << 1)
83
62be4e3a
MT		 84/* Only a portion of RAM (used_length) is actually used, and migrated.
85 * This used_length size can change across reboots.
86 */
87#define RAM_RESIZEABLE (1 << 2)
88
e2eef170 89#endif
9fa3e853 90
bdc44640 91struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 92/* current CPU in the current thread. It is only valid inside
93 cpu_exec() */
f240eb6f 94__thread CPUState *current_cpu;
2e70f6ef 95/* 0 = Do not count executed instructions.
bf20dc07 96 1 = Precise instruction counting.
2e70f6ef 97 2 = Adaptive rate instruction counting. */
5708fc66 98int use_icount;
6a00d601 99
e2eef170 100#if !defined(CONFIG_USER_ONLY)
4346ae3e 101
1db8abb1
PB		 102typedef struct PhysPageEntry PhysPageEntry;
103
104struct PhysPageEntry {
9736e55b 105 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 106 uint32_t skip : 6;
9736e55b 107 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 108 uint32_t ptr : 26;
1db8abb1
PB		 109};
110
8b795765
MT		 111#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
112
03f49957 113/* Size of the L2 (and L3, etc) page tables. */
57271d63 114#define ADDR_SPACE_BITS 64
03f49957 115
026736ce 116#define P_L2_BITS 9
03f49957
PB		 117#define P_L2_SIZE (1 << P_L2_BITS)
118
119#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
120
121typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 122
53cb28cb 123typedef struct PhysPageMap {
79e2b9ae
PB		 124 struct rcu_head rcu;
125
53cb28cb
MA		 126 unsigned sections_nb;
127 unsigned sections_nb_alloc;
128 unsigned nodes_nb;
129 unsigned nodes_nb_alloc;
130 Node *nodes;
131 MemoryRegionSection *sections;
132} PhysPageMap;
133
1db8abb1 134struct AddressSpaceDispatch {
79e2b9ae
PB		 135 struct rcu_head rcu;
136
1db8abb1
PB		 137 /* This is a multi-level map on the physical address space.
138 * The bottom level has pointers to MemoryRegionSections.
139 */
140 PhysPageEntry phys_map;
53cb28cb 141 PhysPageMap map;
acc9d80b 142 AddressSpace *as;
1db8abb1
PB		 143};
144
90260c6c
JK		 145#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
146typedef struct subpage_t {
147 MemoryRegion iomem;
acc9d80b 148 AddressSpace *as;
90260c6c
JK		 149 hwaddr base;
150 uint16_t sub_section[TARGET_PAGE_SIZE];
151} subpage_t;
152
b41aac4f
LPF		 153#define PHYS_SECTION_UNASSIGNED 0
154#define PHYS_SECTION_NOTDIRTY 1
155#define PHYS_SECTION_ROM 2
156#define PHYS_SECTION_WATCH 3
5312bd8b 157
e2eef170 158static void io_mem_init(void);
62152b8a 159static void memory_map_init(void);
09daed84 160static void tcg_commit(MemoryListener *listener);
e2eef170 161
1ec9b909 162static MemoryRegion io_mem_watch;
32857f4d
PM		 163
164/**
165 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
166 * @cpu: the CPU whose AddressSpace this is
167 * @as: the AddressSpace itself
168 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
169 * @tcg_as_listener: listener for tracking changes to the AddressSpace
170 */
171struct CPUAddressSpace {
172 CPUState *cpu;
173 AddressSpace *as;
174 struct AddressSpaceDispatch *memory_dispatch;
175 MemoryListener tcg_as_listener;
176};
177
6658ffb8 178#endif
fd6ce8f6 179
6d9a1304 180#if !defined(CONFIG_USER_ONLY)
d6f2ea22 181
53cb28cb 182static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 183{
53cb28cb
MA		 184 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
185 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
186 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
187 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 188 }
f7bf5461
AK		 189}
190
db94604b 191static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 192{
193 unsigned i;
8b795765 194 uint32_t ret;
db94604b
PB		 195 PhysPageEntry e;
196 PhysPageEntry *p;
f7bf5461 197
53cb28cb 198 ret = map->nodes_nb++;
db94604b 199 p = map->nodes[ret];
f7bf5461 200 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 201 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 202
203 e.skip = leaf ? 0 : 1;
204 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 205 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 206 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 207 }
f7bf5461 208 return ret;
d6f2ea22
AK		 209}
210
53cb28cb
MA		 211static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
212 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 213 int level)
f7bf5461
AK		 214{
215 PhysPageEntry *p;
03f49957 216 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 217
9736e55b 218 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 219 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 220 }
db94604b 221 p = map->nodes[lp->ptr];
03f49957 222 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 223
03f49957 224 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 225 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 226 lp->skip = 0;
c19e8800 227 lp->ptr = leaf;
07f07b31
AK		 228 *index += step;
229 *nb -= step;
2999097b 230 } else {
53cb28cb 231 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 232 }
233 ++lp;
f7bf5461
AK		 234 }
235}
236
ac1970fb 237static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 238 hwaddr index, hwaddr nb,
2999097b 239 uint16_t leaf)
f7bf5461 240{
2999097b 241 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 242 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 243
53cb28cb 244 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 245}
246
b35ba30f
MT		 247/* Compact a non leaf page entry. Simply detect that the entry has a single child,
248 * and update our entry so we can skip it and go directly to the destination.
249 */
250static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
251{
252 unsigned valid_ptr = P_L2_SIZE;
253 int valid = 0;
254 PhysPageEntry *p;
255 int i;
256
257 if (lp->ptr == PHYS_MAP_NODE_NIL) {
258 return;
259 }
260
261 p = nodes[lp->ptr];
262 for (i = 0; i < P_L2_SIZE; i++) {
263 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
264 continue;
265 }
266
267 valid_ptr = i;
268 valid++;
269 if (p[i].skip) {
270 phys_page_compact(&p[i], nodes, compacted);
271 }
272 }
273
274 /* We can only compress if there's only one child. */
275 if (valid != 1) {
276 return;
277 }
278
279 assert(valid_ptr < P_L2_SIZE);
280
281 /* Don't compress if it won't fit in the # of bits we have. */
282 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
283 return;
284 }
285
286 lp->ptr = p[valid_ptr].ptr;
287 if (!p[valid_ptr].skip) {
288 /* If our only child is a leaf, make this a leaf. */
289 /* By design, we should have made this node a leaf to begin with so we
290 * should never reach here.
291 * But since it's so simple to handle this, let's do it just in case we
292 * change this rule.
293 */
294 lp->skip = 0;
295 } else {
296 lp->skip += p[valid_ptr].skip;
297 }
298}
299
300static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
301{
302 DECLARE_BITMAP(compacted, nodes_nb);
303
304 if (d->phys_map.skip) {
53cb28cb 305 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 306 }
307}
308
97115a8d 309static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 310 Node *nodes, MemoryRegionSection *sections)
92e873b9 311{
31ab2b4a 312 PhysPageEntry *p;
97115a8d 313 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 314 int i;
f1f6e3b8 315
9736e55b 316 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 317 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 318 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 319 }
9affd6fc 320 p = nodes[lp.ptr];
03f49957 321 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 322 }
b35ba30f
MT		 323
324 if (sections[lp.ptr].size.hi ||
325 range_covers_byte(sections[lp.ptr].offset_within_address_space,
326 sections[lp.ptr].size.lo, addr)) {
327 return &sections[lp.ptr];
328 } else {
329 return &sections[PHYS_SECTION_UNASSIGNED];
330 }
f3705d53
AK		 331}
332
e5548617
BS		 333bool memory_region_is_unassigned(MemoryRegion *mr)
334{
2a8e7499 335 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 336 && mr != &io_mem_watch;
fd6ce8f6 337}
149f54b5 338
79e2b9ae 339/* Called from RCU critical section */
c7086b4a 340static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 341 hwaddr addr,
342 bool resolve_subpage)
9f029603 343{
90260c6c
JK		 344 MemoryRegionSection *section;
345 subpage_t *subpage;
346
53cb28cb 347 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 348 if (resolve_subpage && section->mr->subpage) {
349 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 350 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 351 }
352 return section;
9f029603
JK		 353}
354
79e2b9ae 355/* Called from RCU critical section */
90260c6c 356static MemoryRegionSection *
c7086b4a 357address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 358 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 359{
360 MemoryRegionSection *section;
965eb2fc 361 MemoryRegion *mr;
a87f3954 362 Int128 diff;
149f54b5 363
c7086b4a 364 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 365 /* Compute offset within MemoryRegionSection */
366 addr -= section->offset_within_address_space;
367
368 /* Compute offset within MemoryRegion */
369 *xlat = addr + section->offset_within_region;
370
965eb2fc 371 mr = section->mr;
b242e0e0
PB		 372
373 /* MMIO registers can be expected to perform full-width accesses based only
374 * on their address, without considering adjacent registers that could
375 * decode to completely different MemoryRegions. When such registers
376 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
377 * regions overlap wildly. For this reason we cannot clamp the accesses
378 * here.
379 *
380 * If the length is small (as is the case for address_space_ldl/stl),
381 * everything works fine. If the incoming length is large, however,
382 * the caller really has to do the clamping through memory_access_size.
383 */
965eb2fc 384 if (memory_region_is_ram(mr)) {
e4a511f8 385 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 386 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
387 }
149f54b5
PB		 388 return section;
389}
90260c6c 390
41063e1e 391/* Called from RCU critical section */
5c8a00ce
PB		 392MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
393 hwaddr *xlat, hwaddr *plen,
394 bool is_write)
90260c6c 395{
30951157
AK		 396 IOMMUTLBEntry iotlb;
397 MemoryRegionSection *section;
398 MemoryRegion *mr;
30951157
AK		 399
400 for (;;) {
79e2b9ae
PB		 401 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
402 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 403 mr = section->mr;
404
405 if (!mr->iommu_ops) {
406 break;
407 }
408
8d7b8cb9 409 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 410 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
411 | (addr & iotlb.addr_mask));
23820dbf 412 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 413 if (!(iotlb.perm & (1 << is_write))) {
414 mr = &io_mem_unassigned;
415 break;
416 }
417
418 as = iotlb.target_as;
419 }
420
fe680d0d 421 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 422 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 423 *plen = MIN(page, *plen);
a87f3954
PB		 424 }
425
30951157
AK		 426 *xlat = addr;
427 return mr;
90260c6c
JK		 428}
429
79e2b9ae 430/* Called from RCU critical section */
90260c6c 431MemoryRegionSection *
d7898cda 432address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 433 hwaddr *xlat, hwaddr *plen)
90260c6c 434{
30951157 435 MemoryRegionSection *section;
d7898cda
PM		 436 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
437
438 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 439
440 assert(!section->mr->iommu_ops);
441 return section;
90260c6c 442}
5b6dd868 443#endif
fd6ce8f6 444
b170fce3 445#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 446
447static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 448{
259186a7 449 CPUState *cpu = opaque;
a513fe19 450
5b6dd868
BS		 451 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
452 version_id is increased. */
259186a7 453 cpu->interrupt_request &= ~0x01;
c01a71c1 454 tlb_flush(cpu, 1);
5b6dd868
BS		 455
456 return 0;
a513fe19 457}
7501267e 458
6c3bff0e
PD		 459static int cpu_common_pre_load(void *opaque)
460{
461 CPUState *cpu = opaque;
462
adee6424 463 cpu->exception_index = -1;
6c3bff0e
PD		 464
465 return 0;
466}
467
468static bool cpu_common_exception_index_needed(void *opaque)
469{
470 CPUState *cpu = opaque;
471
adee6424 472 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 473}
474
475static const VMStateDescription vmstate_cpu_common_exception_index = {
476 .name = "cpu_common/exception_index",
477 .version_id = 1,
478 .minimum_version_id = 1,
5cd8cada 479 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 480 .fields = (VMStateField[]) {
481 VMSTATE_INT32(exception_index, CPUState),
482 VMSTATE_END_OF_LIST()
483 }
484};
485
bac05aa9
AS		 486static bool cpu_common_crash_occurred_needed(void *opaque)
487{
488 CPUState *cpu = opaque;
489
490 return cpu->crash_occurred;
491}
492
493static const VMStateDescription vmstate_cpu_common_crash_occurred = {
494 .name = "cpu_common/crash_occurred",
495 .version_id = 1,
496 .minimum_version_id = 1,
497 .needed = cpu_common_crash_occurred_needed,
498 .fields = (VMStateField[]) {
499 VMSTATE_BOOL(crash_occurred, CPUState),
500 VMSTATE_END_OF_LIST()
501 }
502};
503
1a1562f5 504const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 505 .name = "cpu_common",
506 .version_id = 1,
507 .minimum_version_id = 1,
6c3bff0e 508 .pre_load = cpu_common_pre_load,
5b6dd868 509 .post_load = cpu_common_post_load,
35d08458 510 .fields = (VMStateField[]) {
259186a7
AF		 511 VMSTATE_UINT32(halted, CPUState),
512 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 513 VMSTATE_END_OF_LIST()
6c3bff0e 514 },
5cd8cada
JQ		 515 .subsections = (const VMStateDescription*[]) {
516 &vmstate_cpu_common_exception_index,
bac05aa9 517 &vmstate_cpu_common_crash_occurred,
5cd8cada 518 NULL
5b6dd868
BS		 519 }
520};
1a1562f5 521
5b6dd868 522#endif
ea041c0e 523
38d8f5c8 524CPUState *qemu_get_cpu(int index)
ea041c0e 525{
bdc44640 526 CPUState *cpu;
ea041c0e 527
bdc44640 528 CPU_FOREACH(cpu) {
55e5c285 529 if (cpu->cpu_index == index) {
bdc44640 530 return cpu;
55e5c285 531 }
ea041c0e 532 }
5b6dd868 533
bdc44640 534 return NULL;
ea041c0e
FB		 535}
536
09daed84 537#if !defined(CONFIG_USER_ONLY)
56943e8c 538void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 539{
12ebc9a7
PM		 540 CPUAddressSpace *newas;
541
542 /* Target code should have set num_ases before calling us */
543 assert(asidx < cpu->num_ases);
544
56943e8c
PM		 545 if (asidx == 0) {
546 /* address space 0 gets the convenience alias */
547 cpu->as = as;
548 }
549
12ebc9a7
PM		 550 /* KVM cannot currently support multiple address spaces. */
551 assert(asidx == 0 || !kvm_enabled());
09daed84 552
12ebc9a7
PM		 553 if (!cpu->cpu_ases) {
554 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 555 }
32857f4d 556
12ebc9a7
PM		 557 newas = &cpu->cpu_ases[asidx];
558 newas->cpu = cpu;
559 newas->as = as;
56943e8c 560 if (tcg_enabled()) {
12ebc9a7
PM		 561 newas->tcg_as_listener.commit = tcg_commit;
562 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 563 }
09daed84 564}
651a5bc0
PM		 565
566AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
567{
568 /* Return the AddressSpace corresponding to the specified index */
569 return cpu->cpu_ases[asidx].as;
570}
09daed84
EI		 571#endif
572
b7bca733
BR		 573#ifndef CONFIG_USER_ONLY
574static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
575
576static int cpu_get_free_index(Error **errp)
577{
578 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
579
580 if (cpu >= MAX_CPUMASK_BITS) {
581 error_setg(errp, "Trying to use more CPUs than max of %d",
582 MAX_CPUMASK_BITS);
583 return -1;
584 }
585
586 bitmap_set(cpu_index_map, cpu, 1);
587 return cpu;
588}
589
590void cpu_exec_exit(CPUState *cpu)
591{
592 if (cpu->cpu_index == -1) {
593 /* cpu_index was never allocated by this @cpu or was already freed. */
594 return;
595 }
596
597 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
598 cpu->cpu_index = -1;
599}
600#else
601
602static int cpu_get_free_index(Error **errp)
603{
604 CPUState *some_cpu;
605 int cpu_index = 0;
606
607 CPU_FOREACH(some_cpu) {
608 cpu_index++;
609 }
610 return cpu_index;
611}
612
613void cpu_exec_exit(CPUState *cpu)
614{
615}
616#endif
617
4bad9e39 618void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 619{
b170fce3 620 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 621 int cpu_index;
b7bca733 622 Error *local_err = NULL;
5b6dd868 623
56943e8c 624 cpu->as = NULL;
12ebc9a7 625 cpu->num_ases = 0;
56943e8c 626
291135b5 627#ifndef CONFIG_USER_ONLY
291135b5 628 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 629
630 /* This is a softmmu CPU object, so create a property for it
631 * so users can wire up its memory. (This can't go in qom/cpu.c
632 * because that file is compiled only once for both user-mode
633 * and system builds.) The default if no link is set up is to use
634 * the system address space.
635 */
636 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
637 (Object **)&cpu->memory,
638 qdev_prop_allow_set_link_before_realize,
639 OBJ_PROP_LINK_UNREF_ON_RELEASE,
640 &error_abort);
641 cpu->memory = system_memory;
642 object_ref(OBJECT(cpu->memory));
291135b5
EH		 643#endif
644
5b6dd868
BS		 645#if defined(CONFIG_USER_ONLY)
646 cpu_list_lock();
647#endif
b7bca733
BR		 648 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
649 if (local_err) {
650 error_propagate(errp, local_err);
651#if defined(CONFIG_USER_ONLY)
652 cpu_list_unlock();
653#endif
654 return;
5b6dd868 655 }
bdc44640 656 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 657#if defined(CONFIG_USER_ONLY)
658 cpu_list_unlock();
659#endif
e0d47944
AF		 660 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
661 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
662 }
5b6dd868 663#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 664 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 665 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 666 assert(cc->vmsd == NULL);
e0d47944 667 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 668#endif
b170fce3
AF		 669 if (cc->vmsd != NULL) {
670 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
671 }
ea041c0e
FB		 672}
673
94df27fd 674#if defined(CONFIG_USER_ONLY)
00b941e5 675static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 676{
677 tb_invalidate_phys_page_range(pc, pc + 1, 0);
678}
679#else
00b941e5 680static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 681{
5232e4c7
PM		 682 MemTxAttrs attrs;
683 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
684 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 685 if (phys != -1) {
5232e4c7 686 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 687 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 688 }
1e7855a5 689}
c27004ec 690#endif
d720b93d 691
c527ee8f 692#if defined(CONFIG_USER_ONLY)
75a34036 693void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 694
695{
696}
697
3ee887e8
PM		 698int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
699 int flags)
700{
701 return -ENOSYS;
702}
703
704void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
705{
706}
707
75a34036 708int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 709 int flags, CPUWatchpoint **watchpoint)
710{
711 return -ENOSYS;
712}
713#else
6658ffb8 714/* Add a watchpoint. */
75a34036 715int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 716 int flags, CPUWatchpoint **watchpoint)
6658ffb8 717{
c0ce998e 718 CPUWatchpoint *wp;
6658ffb8 719
05068c0d 720 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 721 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 722 error_report("tried to set invalid watchpoint at %"
723 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 724 return -EINVAL;
725 }
7267c094 726 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 727
728 wp->vaddr = addr;
05068c0d 729 wp->len = len;
a1d1bb31
AL		 730 wp->flags = flags;
731
2dc9f411 732 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 733 if (flags & BP_GDB) {
734 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
735 } else {
736 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
737 }
6658ffb8 738
31b030d4 739 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 740
741 if (watchpoint)
742 *watchpoint = wp;
743 return 0;
6658ffb8
PB		 744}
745
a1d1bb31 746/* Remove a specific watchpoint. */
75a34036 747int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 748 int flags)
6658ffb8 749{
a1d1bb31 750 CPUWatchpoint *wp;
6658ffb8 751
ff4700b0 752 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 753 if (addr == wp->vaddr && len == wp->len
6e140f28 754 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 755 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 756 return 0;
757 }
758 }
a1d1bb31 759 return -ENOENT;
6658ffb8
PB		 760}
761
a1d1bb31 762/* Remove a specific watchpoint by reference. */
75a34036 763void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 764{
ff4700b0 765 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 766
31b030d4 767 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 768
7267c094 769 g_free(watchpoint);
a1d1bb31
AL		 770}
771
772/* Remove all matching watchpoints. */
75a34036 773void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 774{
c0ce998e 775 CPUWatchpoint *wp, *next;
a1d1bb31 776
ff4700b0 777 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 778 if (wp->flags & mask) {
779 cpu_watchpoint_remove_by_ref(cpu, wp);
780 }
c0ce998e 781 }
7d03f82f 782}
05068c0d
PM		 783
784/* Return true if this watchpoint address matches the specified
785 * access (ie the address range covered by the watchpoint overlaps
786 * partially or completely with the address range covered by the
787 * access).
788 */
789static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
790 vaddr addr,
791 vaddr len)
792{
793 /* We know the lengths are non-zero, but a little caution is
794 * required to avoid errors in the case where the range ends
795 * exactly at the top of the address space and so addr + len
796 * wraps round to zero.
797 */
798 vaddr wpend = wp->vaddr + wp->len - 1;
799 vaddr addrend = addr + len - 1;
800
801 return !(addr > wpend || wp->vaddr > addrend);
802}
803
c527ee8f 804#endif
7d03f82f 805
a1d1bb31 806/* Add a breakpoint. */
b3310ab3 807int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 808 CPUBreakpoint **breakpoint)
4c3a88a2 809{
c0ce998e 810 CPUBreakpoint *bp;
3b46e624 811
7267c094 812 bp = g_malloc(sizeof(*bp));
4c3a88a2 813
a1d1bb31
AL		 814 bp->pc = pc;
815 bp->flags = flags;
816
2dc9f411 817 /* keep all GDB-injected breakpoints in front */
00b941e5 818 if (flags & BP_GDB) {
f0c3c505 819 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 820 } else {
f0c3c505 821 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 822 }
3b46e624 823
f0c3c505 824 breakpoint_invalidate(cpu, pc);
a1d1bb31 825
00b941e5 826 if (breakpoint) {
a1d1bb31 827 *breakpoint = bp;
00b941e5 828 }
4c3a88a2 829 return 0;
4c3a88a2
FB		 830}
831
a1d1bb31 832/* Remove a specific breakpoint. */
b3310ab3 833int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 834{
a1d1bb31
AL		 835 CPUBreakpoint *bp;
836
f0c3c505 837 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 838 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 839 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 840 return 0;
841 }
7d03f82f 842 }
a1d1bb31 843 return -ENOENT;
7d03f82f
EI		 844}
845
a1d1bb31 846/* Remove a specific breakpoint by reference. */
b3310ab3 847void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 848{
f0c3c505
AF		 849 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
850
851 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 852
7267c094 853 g_free(breakpoint);
a1d1bb31
AL		 854}
855
856/* Remove all matching breakpoints. */
b3310ab3 857void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 858{
c0ce998e 859 CPUBreakpoint *bp, *next;
a1d1bb31 860
f0c3c505 861 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 862 if (bp->flags & mask) {
863 cpu_breakpoint_remove_by_ref(cpu, bp);
864 }
c0ce998e 865 }
4c3a88a2
FB		 866}
867
c33a346e
FB		 868/* enable or disable single step mode. EXCP_DEBUG is returned by the
869 CPU loop after each instruction */
3825b28f 870void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 871{
ed2803da
AF		 872 if (cpu->singlestep_enabled != enabled) {
873 cpu->singlestep_enabled = enabled;
874 if (kvm_enabled()) {
38e478ec 875 kvm_update_guest_debug(cpu, 0);
ed2803da 876 } else {
ccbb4d44 877 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 878 /* XXX: only flush what is necessary */
bbd77c18 879 tb_flush(cpu);
e22a25c9 880 }
c33a346e 881 }
c33a346e
FB		 882}
883
a47dddd7 884void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 885{
886 va_list ap;
493ae1f0 887 va_list ap2;
7501267e
FB		 888
889 va_start(ap, fmt);
493ae1f0 890 va_copy(ap2, ap);
7501267e
FB		 891 fprintf(stderr, "qemu: fatal: ");
892 vfprintf(stderr, fmt, ap);
893 fprintf(stderr, "\n");
878096ee 894 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 895 if (qemu_log_separate()) {
93fcfe39
AL		 896 qemu_log("qemu: fatal: ");
897 qemu_log_vprintf(fmt, ap2);
898 qemu_log("\n");
a0762859 899 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 900 qemu_log_flush();
93fcfe39 901 qemu_log_close();
924edcae 902 }
493ae1f0 903 va_end(ap2);
f9373291 904 va_end(ap);
7615936e 905 replay_finish();
fd052bf6
RV		 906#if defined(CONFIG_USER_ONLY)
907 {
908 struct sigaction act;
909 sigfillset(&act.sa_mask);
910 act.sa_handler = SIG_DFL;
911 sigaction(SIGABRT, &act, NULL);
912 }
913#endif
7501267e
FB		 914 abort();
915}
916
0124311e 917#if !defined(CONFIG_USER_ONLY)
0dc3f44a 918/* Called from RCU critical section */
041603fe
PB		 919static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
920{
921 RAMBlock *block;
922
43771539 923 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 924 if (block && addr - block->offset < block->max_length) {
68851b98 925 return block;
041603fe 926 }
0dc3f44a 927 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 928 if (addr - block->offset < block->max_length) {
041603fe
PB		 929 goto found;
930 }
931 }
932
933 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
934 abort();
935
936found:
43771539
PB		 937 /* It is safe to write mru_block outside the iothread lock. This
938 * is what happens:
939 *
940 * mru_block = xxx
941 * rcu_read_unlock()
942 * xxx removed from list
943 * rcu_read_lock()
944 * read mru_block
945 * mru_block = NULL;
946 * call_rcu(reclaim_ramblock, xxx);
947 * rcu_read_unlock()
948 *
949 * atomic_rcu_set is not needed here. The block was already published
950 * when it was placed into the list. Here we're just making an extra
951 * copy of the pointer.
952 */
041603fe
PB		 953 ram_list.mru_block = block;
954 return block;
955}
956
a2f4d5be 957static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 958{
9a13565d 959 CPUState *cpu;
041603fe 960 ram_addr_t start1;
a2f4d5be
JQ		 961 RAMBlock *block;
962 ram_addr_t end;
963
964 end = TARGET_PAGE_ALIGN(start + length);
965 start &= TARGET_PAGE_MASK;
d24981d3 966
0dc3f44a 967 rcu_read_lock();
041603fe
PB		 968 block = qemu_get_ram_block(start);
969 assert(block == qemu_get_ram_block(end - 1));
1240be24 970 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 971 CPU_FOREACH(cpu) {
972 tlb_reset_dirty(cpu, start1, length);
973 }
0dc3f44a 974 rcu_read_unlock();
d24981d3
JQ		 975}
976
5579c7f3 977/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 978bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
979 ram_addr_t length,
980 unsigned client)
1ccde1cb 981{
03eebc9e
SH		 982 unsigned long end, page;
983 bool dirty;
984
985 if (length == 0) {
986 return false;
987 }
f23db169 988
03eebc9e
SH		 989 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
990 page = start >> TARGET_PAGE_BITS;
991 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
992 page, end - page);
993
994 if (dirty && tcg_enabled()) {
a2f4d5be 995 tlb_reset_dirty_range_all(start, length);
5579c7f3 996 }
03eebc9e
SH		 997
998 return dirty;
1ccde1cb
FB		 999}
1000
79e2b9ae 1001/* Called from RCU critical section */
bb0e627a 1002hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1003 MemoryRegionSection *section,
1004 target_ulong vaddr,
1005 hwaddr paddr, hwaddr xlat,
1006 int prot,
1007 target_ulong *address)
e5548617 1008{
a8170e5e 1009 hwaddr iotlb;
e5548617
BS		 1010 CPUWatchpoint *wp;
1011
cc5bea60 1012 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1013 /* Normal RAM. */
1014 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1015 + xlat;
e5548617 1016 if (!section->readonly) {
b41aac4f 1017 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1018 } else {
b41aac4f 1019 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1020 }
1021 } else {
0b8e2c10
PM		 1022 AddressSpaceDispatch *d;
1023
1024 d = atomic_rcu_read(&section->address_space->dispatch);
1025 iotlb = section - d->map.sections;
149f54b5 1026 iotlb += xlat;
e5548617
BS		 1027 }
1028
1029 /* Make accesses to pages with watchpoints go via the
1030 watchpoint trap routines. */
ff4700b0 1031 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1032 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1033 /* Avoid trapping reads of pages with a write breakpoint. */
1034 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1035 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1036 *address |= TLB_MMIO;
1037 break;
1038 }
1039 }
1040 }
1041
1042 return iotlb;
1043}
9fa3e853
FB		 1044#endif /* defined(CONFIG_USER_ONLY) */
1045
e2eef170 1046#if !defined(CONFIG_USER_ONLY)
8da3ff18 1047
c227f099 1048static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1049 uint16_t section);
acc9d80b 1050static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1051
a2b257d6
IM		 1052static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1053 qemu_anon_ram_alloc;
91138037
MA		 1054
1055/*
1056 * Set a custom physical guest memory alloator.
1057 * Accelerators with unusual needs may need this. Hopefully, we can
1058 * get rid of it eventually.
1059 */
a2b257d6 1060void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1061{
1062 phys_mem_alloc = alloc;
1063}
1064
53cb28cb
MA		 1065static uint16_t phys_section_add(PhysPageMap *map,
1066 MemoryRegionSection *section)
5312bd8b 1067{
68f3f65b
PB		 1068 /* The physical section number is ORed with a page-aligned
1069 * pointer to produce the iotlb entries. Thus it should
1070 * never overflow into the page-aligned value.
1071 */
53cb28cb 1072 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1073
53cb28cb
MA		 1074 if (map->sections_nb == map->sections_nb_alloc) {
1075 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1076 map->sections = g_renew(MemoryRegionSection, map->sections,
1077 map->sections_nb_alloc);
5312bd8b 1078 }
53cb28cb 1079 map->sections[map->sections_nb] = *section;
dfde4e6e 1080 memory_region_ref(section->mr);
53cb28cb 1081 return map->sections_nb++;
5312bd8b
AK		 1082}
1083
058bc4b5
PB		 1084static void phys_section_destroy(MemoryRegion *mr)
1085{
55b4e80b
DS		 1086 bool have_sub_page = mr->subpage;
1087
dfde4e6e
PB		 1088 memory_region_unref(mr);
1089
55b4e80b 1090 if (have_sub_page) {
058bc4b5 1091 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1092 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1093 g_free(subpage);
1094 }
1095}
1096
6092666e 1097static void phys_sections_free(PhysPageMap *map)
5312bd8b 1098{
9affd6fc
PB		 1099 while (map->sections_nb > 0) {
1100 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1101 phys_section_destroy(section->mr);
1102 }
9affd6fc
PB		 1103 g_free(map->sections);
1104 g_free(map->nodes);
5312bd8b
AK		 1105}
1106
ac1970fb 1107static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1108{
1109 subpage_t *subpage;
a8170e5e 1110 hwaddr base = section->offset_within_address_space
0f0cb164 1111 & TARGET_PAGE_MASK;
97115a8d 1112 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1113 d->map.nodes, d->map.sections);
0f0cb164
AK		 1114 MemoryRegionSection subsection = {
1115 .offset_within_address_space = base,
052e87b0 1116 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1117 };
a8170e5e 1118 hwaddr start, end;
0f0cb164 1119
f3705d53 1120 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1121
f3705d53 1122 if (!(existing->mr->subpage)) {
acc9d80b 1123 subpage = subpage_init(d->as, base);
3be91e86 1124 subsection.address_space = d->as;
0f0cb164 1125 subsection.mr = &subpage->iomem;
ac1970fb 1126 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1127 phys_section_add(&d->map, &subsection));
0f0cb164 1128 } else {
f3705d53 1129 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1130 }
1131 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1132 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1133 subpage_register(subpage, start, end,
1134 phys_section_add(&d->map, section));
0f0cb164
AK		 1135}
1136
1137
052e87b0
PB		 1138static void register_multipage(AddressSpaceDispatch *d,
1139 MemoryRegionSection *section)
33417e70 1140{
a8170e5e 1141 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1142 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1143 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1144 TARGET_PAGE_BITS));
dd81124b 1145
733d5ef5
PB		 1146 assert(num_pages);
1147 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1148}
1149
ac1970fb 1150static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1151{
89ae337a 1152 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1153 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1154 MemoryRegionSection now = *section, remain = *section;
052e87b0 1155 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1156
733d5ef5
PB		 1157 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1158 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1159 - now.offset_within_address_space;
1160
052e87b0 1161 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1162 register_subpage(d, &now);
733d5ef5 1163 } else {
052e87b0 1164 now.size = int128_zero();
733d5ef5 1165 }
052e87b0
PB		 1166 while (int128_ne(remain.size, now.size)) {
1167 remain.size = int128_sub(remain.size, now.size);
1168 remain.offset_within_address_space += int128_get64(now.size);
1169 remain.offset_within_region += int128_get64(now.size);
69b67646 1170 now = remain;
052e87b0 1171 if (int128_lt(remain.size, page_size)) {
733d5ef5 1172 register_subpage(d, &now);
88266249 1173 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1174 now.size = page_size;
ac1970fb 1175 register_subpage(d, &now);
69b67646 1176 } else {
052e87b0 1177 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1178 register_multipage(d, &now);
69b67646 1179 }
0f0cb164
AK		 1180 }
1181}
1182
62a2744c
SY		 1183void qemu_flush_coalesced_mmio_buffer(void)
1184{
1185 if (kvm_enabled())
1186 kvm_flush_coalesced_mmio_buffer();
1187}
1188
b2a8658e
UD		 1189void qemu_mutex_lock_ramlist(void)
1190{
1191 qemu_mutex_lock(&ram_list.mutex);
1192}
1193
1194void qemu_mutex_unlock_ramlist(void)
1195{
1196 qemu_mutex_unlock(&ram_list.mutex);
1197}
1198
e1e84ba0 1199#ifdef __linux__
c902760f
MT		 1200
1201#include <sys/vfs.h>
1202
1203#define HUGETLBFS_MAGIC 0x958458f6
1204
fc7a5800 1205static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1206{
1207 struct statfs fs;
1208 int ret;
1209
1210 do {
9742bf26 1211 ret = statfs(path, &fs);
c902760f
MT		 1212 } while (ret != 0 && errno == EINTR);
1213
1214 if (ret != 0) {
fc7a5800
HT		 1215 error_setg_errno(errp, errno, "failed to get page size of file %s",
1216 path);
9742bf26 1217 return 0;
c902760f
MT		 1218 }
1219
c902760f
MT		 1220 return fs.f_bsize;
1221}
1222
04b16653
AW		 1223static void *file_ram_alloc(RAMBlock *block,
1224 ram_addr_t memory,
7f56e740
PB		 1225 const char *path,
1226 Error **errp)
c902760f 1227{
8d31d6b6 1228 struct stat st;
c902760f 1229 char *filename;
8ca761f6
PF		 1230 char *sanitized_name;
1231 char *c;
794e8f30 1232 void *area;
c902760f 1233 int fd;
557529dd 1234 uint64_t hpagesize;
fc7a5800 1235 Error *local_err = NULL;
c902760f 1236
fc7a5800
HT		 1237 hpagesize = gethugepagesize(path, &local_err);
1238 if (local_err) {
1239 error_propagate(errp, local_err);
f9a49dfa 1240 goto error;
c902760f 1241 }
a2b257d6 1242 block->mr->align = hpagesize;
c902760f
MT		 1243
1244 if (memory < hpagesize) {
557529dd
HT		 1245 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1246 "or larger than huge page size 0x%" PRIx64,
1247 memory, hpagesize);
1248 goto error;
c902760f
MT		 1249 }
1250
1251 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1252 error_setg(errp,
1253 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1254 goto error;
c902760f
MT		 1255 }
1256
8d31d6b6
PF		 1257 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1258 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1259 sanitized_name = g_strdup(memory_region_name(block->mr));
1260 for (c = sanitized_name; *c != '\0'; c++) {
1261 if (*c == '/') {
1262 *c = '_';
1263 }
1264 }
8ca761f6 1265
8d31d6b6
PF		 1266 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1267 sanitized_name);
1268 g_free(sanitized_name);
1269
1270 fd = mkstemp(filename);
1271 if (fd >= 0) {
1272 unlink(filename);
1273 }
1274 g_free(filename);
1275 } else {
1276 fd = open(path, O_RDWR | O_CREAT, 0644);
1277 }
c902760f 1278
c902760f 1279 if (fd < 0) {
7f56e740
PB		 1280 error_setg_errno(errp, errno,
1281 "unable to create backing store for hugepages");
f9a49dfa 1282 goto error;
c902760f 1283 }
c902760f 1284
9284f319 1285 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1286
1287 /*
1288 * ftruncate is not supported by hugetlbfs in older
1289 * hosts, so don't bother bailing out on errors.
1290 * If anything goes wrong with it under other filesystems,
1291 * mmap will fail.
1292 */
7f56e740 1293 if (ftruncate(fd, memory)) {
9742bf26 1294 perror("ftruncate");
7f56e740 1295 }
c902760f 1296
794e8f30 1297 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1298 if (area == MAP_FAILED) {
7f56e740
PB		 1299 error_setg_errno(errp, errno,
1300 "unable to map backing store for hugepages");
9742bf26 1301 close(fd);
f9a49dfa 1302 goto error;
c902760f 1303 }
ef36fa14
MT		 1304
1305 if (mem_prealloc) {
38183310 1306 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1307 }
1308
04b16653 1309 block->fd = fd;
c902760f 1310 return area;
f9a49dfa
MT		 1311
1312error:
f9a49dfa 1313 return NULL;
c902760f
MT		 1314}
1315#endif
1316
0dc3f44a 1317/* Called with the ramlist lock held. */
d17b5288 1318static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1319{
1320 RAMBlock *block, *next_block;
3e837b2c 1321 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1322
49cd9ac6
SH		 1323 assert(size != 0); /* it would hand out same offset multiple times */
1324
0dc3f44a 1325 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1326 return 0;
0d53d9fe 1327 }
04b16653 1328
0dc3f44a 1329 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1330 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1331
62be4e3a 1332 end = block->offset + block->max_length;
04b16653 1333
0dc3f44a 1334 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1335 if (next_block->offset >= end) {
1336 next = MIN(next, next_block->offset);
1337 }
1338 }
1339 if (next - end >= size && next - end < mingap) {
3e837b2c 1340 offset = end;
04b16653
AW		 1341 mingap = next - end;
1342 }
1343 }
3e837b2c
AW		 1344
1345 if (offset == RAM_ADDR_MAX) {
1346 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1347 (uint64_t)size);
1348 abort();
1349 }
1350
04b16653
AW		 1351 return offset;
1352}
1353
652d7ec2 1354ram_addr_t last_ram_offset(void)
d17b5288
AW		 1355{
1356 RAMBlock *block;
1357 ram_addr_t last = 0;
1358
0dc3f44a
MD		 1359 rcu_read_lock();
1360 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1361 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1362 }
0dc3f44a 1363 rcu_read_unlock();
d17b5288
AW		 1364 return last;
1365}
1366
ddb97f1d
JB		 1367static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1368{
1369 int ret;
ddb97f1d
JB		 1370
1371 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1372 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1373 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1374 if (ret) {
1375 perror("qemu_madvise");
1376 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1377 "but dump_guest_core=off specified\n");
1378 }
1379 }
1380}
1381
0dc3f44a
MD		 1382/* Called within an RCU critical section, or while the ramlist lock
1383 * is held.
1384 */
20cfe881 1385static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1386{
20cfe881 1387 RAMBlock *block;
84b89d78 1388
0dc3f44a 1389 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1390 if (block->offset == addr) {
20cfe881 1391 return block;
c5705a77
AK		 1392 }
1393 }
20cfe881
HT		 1394
1395 return NULL;
1396}
1397
422148d3
DDAG		 1398const char *qemu_ram_get_idstr(RAMBlock *rb)
1399{
1400 return rb->idstr;
1401}
1402
ae3a7047 1403/* Called with iothread lock held. */
20cfe881
HT		 1404void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1405{
ae3a7047 1406 RAMBlock *new_block, *block;
20cfe881 1407
0dc3f44a 1408 rcu_read_lock();
ae3a7047 1409 new_block = find_ram_block(addr);
c5705a77
AK		 1410 assert(new_block);
1411 assert(!new_block->idstr[0]);
84b89d78 1412
09e5ab63
AL		 1413 if (dev) {
1414 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1415 if (id) {
1416 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1417 g_free(id);
84b89d78
CM		 1418 }
1419 }
1420 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1421
0dc3f44a 1422 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1423 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1424 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1425 new_block->idstr);
1426 abort();
1427 }
1428 }
0dc3f44a 1429 rcu_read_unlock();
c5705a77
AK		 1430}
1431
ae3a7047 1432/* Called with iothread lock held. */
20cfe881
HT		 1433void qemu_ram_unset_idstr(ram_addr_t addr)
1434{
ae3a7047 1435 RAMBlock *block;
20cfe881 1436
ae3a7047
MD		 1437 /* FIXME: arch_init.c assumes that this is not called throughout
1438 * migration. Ignore the problem since hot-unplug during migration
1439 * does not work anyway.
1440 */
1441
0dc3f44a 1442 rcu_read_lock();
ae3a7047 1443 block = find_ram_block(addr);
20cfe881
HT		 1444 if (block) {
1445 memset(block->idstr, 0, sizeof(block->idstr));
1446 }
0dc3f44a 1447 rcu_read_unlock();
20cfe881
HT		 1448}
1449
8490fc78
LC		 1450static int memory_try_enable_merging(void *addr, size_t len)
1451{
75cc7f01 1452 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1453 /* disabled by the user */
1454 return 0;
1455 }
1456
1457 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1458}
1459
62be4e3a
MT		 1460/* Only legal before guest might have detected the memory size: e.g. on
1461 * incoming migration, or right after reset.
1462 *
1463 * As memory core doesn't know how is memory accessed, it is up to
1464 * resize callback to update device state and/or add assertions to detect
1465 * misuse, if necessary.
1466 */
1467int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1468{
1469 RAMBlock *block = find_ram_block(base);
1470
1471 assert(block);
1472
4ed023ce 1473 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1474
62be4e3a
MT		 1475 if (block->used_length == newsize) {
1476 return 0;
1477 }
1478
1479 if (!(block->flags & RAM_RESIZEABLE)) {
1480 error_setg_errno(errp, EINVAL,
1481 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1482 " in != 0x" RAM_ADDR_FMT, block->idstr,
1483 newsize, block->used_length);
1484 return -EINVAL;
1485 }
1486
1487 if (block->max_length < newsize) {
1488 error_setg_errno(errp, EINVAL,
1489 "Length too large: %s: 0x" RAM_ADDR_FMT
1490 " > 0x" RAM_ADDR_FMT, block->idstr,
1491 newsize, block->max_length);
1492 return -EINVAL;
1493 }
1494
1495 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1496 block->used_length = newsize;
58d2707e
PB		 1497 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1498 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1499 memory_region_set_size(block->mr, newsize);
1500 if (block->resized) {
1501 block->resized(block->idstr, newsize, block->host);
1502 }
1503 return 0;
1504}
1505
ef701d7b 1506static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1507{
e1c57ab8 1508 RAMBlock *block;
0d53d9fe 1509 RAMBlock *last_block = NULL;
2152f5ca 1510 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1511 Error *err = NULL;
2152f5ca
JQ		 1512
1513 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1514
b2a8658e 1515 qemu_mutex_lock_ramlist();
9b8424d5 1516 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1517
1518 if (!new_block->host) {
1519 if (xen_enabled()) {
9b8424d5 1520 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1521 new_block->mr, &err);
1522 if (err) {
1523 error_propagate(errp, err);
1524 qemu_mutex_unlock_ramlist();
1525 return -1;
1526 }
e1c57ab8 1527 } else {
9b8424d5 1528 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1529 &new_block->mr->align);
39228250 1530 if (!new_block->host) {
ef701d7b
HT		 1531 error_setg_errno(errp, errno,
1532 "cannot set up guest memory '%s'",
1533 memory_region_name(new_block->mr));
1534 qemu_mutex_unlock_ramlist();
1535 return -1;
39228250 1536 }
9b8424d5 1537 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1538 }
c902760f 1539 }
94a6b54f 1540
dd631697
LZ		 1541 new_ram_size = MAX(old_ram_size,
1542 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1543 if (new_ram_size > old_ram_size) {
1544 migration_bitmap_extend(old_ram_size, new_ram_size);
1545 }
0d53d9fe
MD		 1546 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1547 * QLIST (which has an RCU-friendly variant) does not have insertion at
1548 * tail, so save the last element in last_block.
1549 */
0dc3f44a 1550 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1551 last_block = block;
9b8424d5 1552 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1553 break;
1554 }
1555 }
1556 if (block) {
0dc3f44a 1557 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1558 } else if (last_block) {
0dc3f44a 1559 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1560 } else { /* list is empty */
0dc3f44a 1561 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1562 }
0d6d3c87 1563 ram_list.mru_block = NULL;
94a6b54f 1564
0dc3f44a
MD		 1565 /* Write list before version */
1566 smp_wmb();
f798b07f 1567 ram_list.version++;
b2a8658e 1568 qemu_mutex_unlock_ramlist();
f798b07f 1569
2152f5ca
JQ		 1570 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1571
1572 if (new_ram_size > old_ram_size) {
1ab4c8ce 1573 int i;
ae3a7047
MD		 1574
1575 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1576 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1577 ram_list.dirty_memory[i] =
1578 bitmap_zero_extend(ram_list.dirty_memory[i],
1579 old_ram_size, new_ram_size);
1580 }
2152f5ca 1581 }
9b8424d5 1582 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1583 new_block->used_length,
1584 DIRTY_CLIENTS_ALL);
94a6b54f 1585
a904c911
PB		 1586 if (new_block->host) {
1587 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1588 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1589 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1590 if (kvm_enabled()) {
1591 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1592 }
e1c57ab8 1593 }
6f0437e8 1594
94a6b54f
PB		 1595 return new_block->offset;
1596}
e9a1ab19 1597
0b183fc8 1598#ifdef __linux__
e1c57ab8 1599ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1600 bool share, const char *mem_path,
7f56e740 1601 Error **errp)
e1c57ab8
PB		 1602{
1603 RAMBlock *new_block;
ef701d7b
HT		 1604 ram_addr_t addr;
1605 Error *local_err = NULL;
e1c57ab8
PB		 1606
1607 if (xen_enabled()) {
7f56e740
PB		 1608 error_setg(errp, "-mem-path not supported with Xen");
1609 return -1;
e1c57ab8
PB		 1610 }
1611
1612 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1613 /*
1614 * file_ram_alloc() needs to allocate just like
1615 * phys_mem_alloc, but we haven't bothered to provide
1616 * a hook there.
1617 */
7f56e740
PB		 1618 error_setg(errp,
1619 "-mem-path not supported with this accelerator");
1620 return -1;
e1c57ab8
PB		 1621 }
1622
4ed023ce 1623 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1624 new_block = g_malloc0(sizeof(*new_block));
1625 new_block->mr = mr;
9b8424d5
MT		 1626 new_block->used_length = size;
1627 new_block->max_length = size;
dbcb8981 1628 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1629 new_block->host = file_ram_alloc(new_block, size,
1630 mem_path, errp);
1631 if (!new_block->host) {
1632 g_free(new_block);
1633 return -1;
1634 }
1635
ef701d7b
HT		 1636 addr = ram_block_add(new_block, &local_err);
1637 if (local_err) {
1638 g_free(new_block);
1639 error_propagate(errp, local_err);
1640 return -1;
1641 }
1642 return addr;
e1c57ab8 1643}
0b183fc8 1644#endif
e1c57ab8 1645
62be4e3a
MT		 1646static
1647ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1648 void (*resized)(const char*,
1649 uint64_t length,
1650 void *host),
1651 void *host, bool resizeable,
ef701d7b 1652 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1653{
1654 RAMBlock *new_block;
ef701d7b
HT		 1655 ram_addr_t addr;
1656 Error *local_err = NULL;
e1c57ab8 1657
4ed023ce
DDAG		 1658 size = HOST_PAGE_ALIGN(size);
1659 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1660 new_block = g_malloc0(sizeof(*new_block));
1661 new_block->mr = mr;
62be4e3a 1662 new_block->resized = resized;
9b8424d5
MT		 1663 new_block->used_length = size;
1664 new_block->max_length = max_size;
62be4e3a 1665 assert(max_size >= size);
e1c57ab8
PB		 1666 new_block->fd = -1;
1667 new_block->host = host;
1668 if (host) {
7bd4f430 1669 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1670 }
62be4e3a
MT		 1671 if (resizeable) {
1672 new_block->flags |= RAM_RESIZEABLE;
1673 }
ef701d7b
HT		 1674 addr = ram_block_add(new_block, &local_err);
1675 if (local_err) {
1676 g_free(new_block);
1677 error_propagate(errp, local_err);
1678 return -1;
1679 }
1680 return addr;
e1c57ab8
PB		 1681}
1682
62be4e3a
MT		 1683ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1684 MemoryRegion *mr, Error **errp)
1685{
1686 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1687}
1688
ef701d7b 1689ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1690{
62be4e3a
MT		 1691 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1692}
1693
1694ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1695 void (*resized)(const char*,
1696 uint64_t length,
1697 void *host),
1698 MemoryRegion *mr, Error **errp)
1699{
1700 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1701}
1702
43771539
PB		 1703static void reclaim_ramblock(RAMBlock *block)
1704{
1705 if (block->flags & RAM_PREALLOC) {
1706 ;
1707 } else if (xen_enabled()) {
1708 xen_invalidate_map_cache_entry(block->host);
1709#ifndef _WIN32
1710 } else if (block->fd >= 0) {
2f3a2bb1 1711 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1712 close(block->fd);
1713#endif
1714 } else {
1715 qemu_anon_ram_free(block->host, block->max_length);
1716 }
1717 g_free(block);
1718}
1719
c227f099 1720void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1721{
04b16653
AW		 1722 RAMBlock *block;
1723
b2a8658e 1724 qemu_mutex_lock_ramlist();
0dc3f44a 1725 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1726 if (addr == block->offset) {
0dc3f44a 1727 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1728 ram_list.mru_block = NULL;
0dc3f44a
MD		 1729 /* Write list before version */
1730 smp_wmb();
f798b07f 1731 ram_list.version++;
43771539 1732 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1733 break;
04b16653
AW		 1734 }
1735 }
b2a8658e 1736 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1737}
1738
cd19cfa2
HY		 1739#ifndef _WIN32
1740void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1741{
1742 RAMBlock *block;
1743 ram_addr_t offset;
1744 int flags;
1745 void *area, *vaddr;
1746
0dc3f44a 1747 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1748 offset = addr - block->offset;
9b8424d5 1749 if (offset < block->max_length) {
1240be24 1750 vaddr = ramblock_ptr(block, offset);
7bd4f430 1751 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1752 ;
dfeaf2ab
MA		 1753 } else if (xen_enabled()) {
1754 abort();
cd19cfa2
HY		 1755 } else {
1756 flags = MAP_FIXED;
3435f395 1757 if (block->fd >= 0) {
dbcb8981
PB		 1758 flags |= (block->flags & RAM_SHARED ?
1759 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1760 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1761 flags, block->fd, offset);
cd19cfa2 1762 } else {
2eb9fbaa
MA		 1763 /*
1764 * Remap needs to match alloc. Accelerators that
1765 * set phys_mem_alloc never remap. If they did,
1766 * we'd need a remap hook here.
1767 */
1768 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1769
cd19cfa2
HY		 1770 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1771 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1772 flags, -1, 0);
cd19cfa2
HY		 1773 }
1774 if (area != vaddr) {
f15fbc4b
AP		 1775 fprintf(stderr, "Could not remap addr: "
1776 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1777 length, addr);
1778 exit(1);
1779 }
8490fc78 1780 memory_try_enable_merging(vaddr, length);
ddb97f1d 1781 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1782 }
cd19cfa2
HY		 1783 }
1784 }
1785}
1786#endif /* !_WIN32 */
1787
a35ba7be
PB		 1788int qemu_get_ram_fd(ram_addr_t addr)
1789{
ae3a7047
MD		 1790 RAMBlock *block;
1791 int fd;
a35ba7be 1792
0dc3f44a 1793 rcu_read_lock();
ae3a7047
MD		 1794 block = qemu_get_ram_block(addr);
1795 fd = block->fd;
0dc3f44a 1796 rcu_read_unlock();
ae3a7047 1797 return fd;
a35ba7be
PB		 1798}
1799
56a571d9
TM		 1800void qemu_set_ram_fd(ram_addr_t addr, int fd)
1801{
1802 RAMBlock *block;
1803
1804 rcu_read_lock();
1805 block = qemu_get_ram_block(addr);
1806 block->fd = fd;
1807 rcu_read_unlock();
1808}
1809
3fd74b84
DM		 1810void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1811{
ae3a7047
MD		 1812 RAMBlock *block;
1813 void *ptr;
3fd74b84 1814
0dc3f44a 1815 rcu_read_lock();
ae3a7047
MD		 1816 block = qemu_get_ram_block(addr);
1817 ptr = ramblock_ptr(block, 0);
0dc3f44a 1818 rcu_read_unlock();
ae3a7047 1819 return ptr;
3fd74b84
DM		 1820}
1821
1b5ec234 1822/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1823 * This should not be used for general purpose DMA. Use address_space_map
1824 * or address_space_rw instead. For local memory (e.g. video ram) that the
1825 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1826 *
49b24afc 1827 * Called within RCU critical section.
1b5ec234
PB		 1828 */
1829void *qemu_get_ram_ptr(ram_addr_t addr)
1830{
49b24afc 1831 RAMBlock *block = qemu_get_ram_block(addr);
ae3a7047
MD		 1832
1833 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1834 /* We need to check if the requested address is in the RAM
1835 * because we don't want to map the entire memory in QEMU.
1836 * In that case just map until the end of the page.
1837 */
1838 if (block->offset == 0) {
49b24afc 1839 return xen_map_cache(addr, 0, 0);
0d6d3c87 1840 }
ae3a7047
MD		 1841
1842 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1843 }
49b24afc 1844 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1845}
1846
38bee5dc 1847/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1848 * but takes a size argument.
0dc3f44a 1849 *
e81bcda5 1850 * Called within RCU critical section.
ae3a7047 1851 */
cb85f7ab 1852static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1853{
e81bcda5
PB		 1854 RAMBlock *block;
1855 ram_addr_t offset_inside_block;
8ab934f9
SS		 1856 if (*size == 0) {
1857 return NULL;
1858 }
e81bcda5
PB		 1859
1860 block = qemu_get_ram_block(addr);
1861 offset_inside_block = addr - block->offset;
1862 *size = MIN(*size, block->max_length - offset_inside_block);
1863
1864 if (xen_enabled() && block->host == NULL) {
1865 /* We need to check if the requested address is in the RAM
1866 * because we don't want to map the entire memory in QEMU.
1867 * In that case just map the requested area.
1868 */
1869 if (block->offset == 0) {
1870 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1871 }
1872
e81bcda5 1873 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1874 }
e81bcda5
PB		 1875
1876 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1877}
1878
422148d3
DDAG		 1879/*
1880 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1881 * in that RAMBlock.
1882 *
1883 * ptr: Host pointer to look up
1884 * round_offset: If true round the result offset down to a page boundary
1885 * *ram_addr: set to result ram_addr
1886 * *offset: set to result offset within the RAMBlock
1887 *
1888 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1889 *
1890 * By the time this function returns, the returned pointer is not protected
1891 * by RCU anymore. If the caller is not within an RCU critical section and
1892 * does not hold the iothread lock, it must have other means of protecting the
1893 * pointer, such as a reference to the region that includes the incoming
1894 * ram_addr_t.
1895 */
422148d3
DDAG		 1896RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1897 ram_addr_t *ram_addr,
1898 ram_addr_t *offset)
5579c7f3 1899{
94a6b54f
PB		 1900 RAMBlock *block;
1901 uint8_t *host = ptr;
1902
868bb33f 1903 if (xen_enabled()) {
0dc3f44a 1904 rcu_read_lock();
e41d7c69 1905 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1906 block = qemu_get_ram_block(*ram_addr);
1907 if (block) {
1908 *offset = (host - block->host);
1909 }
0dc3f44a 1910 rcu_read_unlock();
422148d3 1911 return block;
712c2b41
SS		 1912 }
1913
0dc3f44a
MD		 1914 rcu_read_lock();
1915 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1916 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1917 goto found;
1918 }
1919
0dc3f44a 1920 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1921 /* This case append when the block is not mapped. */
1922 if (block->host == NULL) {
1923 continue;
1924 }
9b8424d5 1925 if (host - block->host < block->max_length) {
23887b79 1926 goto found;
f471a17e 1927 }
94a6b54f 1928 }
432d268c 1929
0dc3f44a 1930 rcu_read_unlock();
1b5ec234 1931 return NULL;
23887b79
PB		 1932
1933found:
422148d3
DDAG		 1934 *offset = (host - block->host);
1935 if (round_offset) {
1936 *offset &= TARGET_PAGE_MASK;
1937 }
1938 *ram_addr = block->offset + *offset;
0dc3f44a 1939 rcu_read_unlock();
422148d3
DDAG		 1940 return block;
1941}
1942
e3dd7493
DDAG		 1943/*
1944 * Finds the named RAMBlock
1945 *
1946 * name: The name of RAMBlock to find
1947 *
1948 * Returns: RAMBlock (or NULL if not found)
1949 */
1950RAMBlock *qemu_ram_block_by_name(const char *name)
1951{
1952 RAMBlock *block;
1953
1954 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1955 if (!strcmp(name, block->idstr)) {
1956 return block;
1957 }
1958 }
1959
1960 return NULL;
1961}
1962
422148d3
DDAG		 1963/* Some of the softmmu routines need to translate from a host pointer
1964 (typically a TLB entry) back to a ram offset. */
1965MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1966{
1967 RAMBlock *block;
1968 ram_addr_t offset; /* Not used */
1969
1970 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1971
1972 if (!block) {
1973 return NULL;
1974 }
1975
1976 return block->mr;
e890261f 1977}
f471a17e 1978
49b24afc 1979/* Called within RCU critical section. */
a8170e5e 1980static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1981 uint64_t val, unsigned size)
9fa3e853 1982{
52159192 1983 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1984 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1985 }
0e0df1e2
AK		 1986 switch (size) {
1987 case 1:
1988 stb_p(qemu_get_ram_ptr(ram_addr), val);
1989 break;
1990 case 2:
1991 stw_p(qemu_get_ram_ptr(ram_addr), val);
1992 break;
1993 case 4:
1994 stl_p(qemu_get_ram_ptr(ram_addr), val);
1995 break;
1996 default:
1997 abort();
3a7d929e 1998 }
58d2707e
PB		 1999 /* Set both VGA and migration bits for simplicity and to remove
2000 * the notdirty callback faster.
2001 */
2002 cpu_physical_memory_set_dirty_range(ram_addr, size,
2003 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2004 /* we remove the notdirty callback only if the code has been
2005 flushed */
a2cd8c85 2006 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2007 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2008 }
9fa3e853
FB		 2009}
2010
b018ddf6
PB		 2011static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2012 unsigned size, bool is_write)
2013{
2014 return is_write;
2015}
2016
0e0df1e2 2017static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2018 .write = notdirty_mem_write,
b018ddf6 2019 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2020 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2021};
2022
0f459d16 2023/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2024static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2025{
93afeade
AF		 2026 CPUState *cpu = current_cpu;
2027 CPUArchState *env = cpu->env_ptr;
06d55cc1 2028 target_ulong pc, cs_base;
0f459d16 2029 target_ulong vaddr;
a1d1bb31 2030 CPUWatchpoint *wp;
06d55cc1 2031 int cpu_flags;
0f459d16 2032
ff4700b0 2033 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2034 /* We re-entered the check after replacing the TB. Now raise
2035 * the debug interrupt so that is will trigger after the
2036 * current instruction. */
93afeade 2037 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2038 return;
2039 }
93afeade 2040 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2041 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2042 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2043 && (wp->flags & flags)) {
08225676
PM		 2044 if (flags == BP_MEM_READ) {
2045 wp->flags |= BP_WATCHPOINT_HIT_READ;
2046 } else {
2047 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2048 }
2049 wp->hitaddr = vaddr;
66b9b43c 2050 wp->hitattrs = attrs;
ff4700b0
AF		 2051 if (!cpu->watchpoint_hit) {
2052 cpu->watchpoint_hit = wp;
239c51a5 2053 tb_check_watchpoint(cpu);
6e140f28 2054 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2055 cpu->exception_index = EXCP_DEBUG;
5638d180 2056 cpu_loop_exit(cpu);
6e140f28
AL		 2057 } else {
2058 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2059 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2060 cpu_resume_from_signal(cpu, NULL);
6e140f28 2061 }
06d55cc1 2062 }
6e140f28
AL		 2063 } else {
2064 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2065 }
2066 }
2067}
2068
6658ffb8
PB		 2069/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2070 so these check for a hit then pass through to the normal out-of-line
2071 phys routines. */
66b9b43c
PM		 2072static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2073 unsigned size, MemTxAttrs attrs)
6658ffb8 2074{
66b9b43c
PM		 2075 MemTxResult res;
2076 uint64_t data;
79ed0416
PM		 2077 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2078 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2079
2080 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2081 switch (size) {
66b9b43c 2082 case 1:
79ed0416 2083 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2084 break;
2085 case 2:
79ed0416 2086 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2087 break;
2088 case 4:
79ed0416 2089 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2090 break;
1ec9b909
AK		 2091 default: abort();
2092 }
66b9b43c
PM		 2093 *pdata = data;
2094 return res;
6658ffb8
PB		 2095}
2096
66b9b43c
PM		 2097static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2098 uint64_t val, unsigned size,
2099 MemTxAttrs attrs)
6658ffb8 2100{
66b9b43c 2101 MemTxResult res;
79ed0416
PM		 2102 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2103 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2104
2105 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2106 switch (size) {
67364150 2107 case 1:
79ed0416 2108 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2109 break;
2110 case 2:
79ed0416 2111 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2112 break;
2113 case 4:
79ed0416 2114 address_space_stl(as, addr, val, attrs, &res);
67364150 2115 break;
1ec9b909
AK		 2116 default: abort();
2117 }
66b9b43c 2118 return res;
6658ffb8
PB		 2119}
2120
1ec9b909 2121static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2122 .read_with_attrs = watch_mem_read,
2123 .write_with_attrs = watch_mem_write,
1ec9b909 2124 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2125};
6658ffb8 2126
f25a49e0
PM		 2127static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2128 unsigned len, MemTxAttrs attrs)
db7b5426 2129{
acc9d80b 2130 subpage_t *subpage = opaque;
ff6cff75 2131 uint8_t buf[8];
5c9eb028 2132 MemTxResult res;
791af8c8 2133
db7b5426 2134#if defined(DEBUG_SUBPAGE)
016e9d62 2135 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2136 subpage, len, addr);
db7b5426 2137#endif
5c9eb028
PM		 2138 res = address_space_read(subpage->as, addr + subpage->base,
2139 attrs, buf, len);
2140 if (res) {
2141 return res;
f25a49e0 2142 }
acc9d80b
JK		 2143 switch (len) {
2144 case 1:
f25a49e0
PM		 2145 *data = ldub_p(buf);
2146 return MEMTX_OK;
acc9d80b 2147 case 2:
f25a49e0
PM		 2148 *data = lduw_p(buf);
2149 return MEMTX_OK;
acc9d80b 2150 case 4:
f25a49e0
PM		 2151 *data = ldl_p(buf);
2152 return MEMTX_OK;
ff6cff75 2153 case 8:
f25a49e0
PM		 2154 *data = ldq_p(buf);
2155 return MEMTX_OK;
acc9d80b
JK		 2156 default:
2157 abort();
2158 }
db7b5426
BS		 2159}
2160
f25a49e0
PM		 2161static MemTxResult subpage_write(void *opaque, hwaddr addr,
2162 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2163{
acc9d80b 2164 subpage_t *subpage = opaque;
ff6cff75 2165 uint8_t buf[8];
acc9d80b 2166
db7b5426 2167#if defined(DEBUG_SUBPAGE)
016e9d62 2168 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2169 " value %"PRIx64"\n",
2170 __func__, subpage, len, addr, value);
db7b5426 2171#endif
acc9d80b
JK		 2172 switch (len) {
2173 case 1:
2174 stb_p(buf, value);
2175 break;
2176 case 2:
2177 stw_p(buf, value);
2178 break;
2179 case 4:
2180 stl_p(buf, value);
2181 break;
ff6cff75
PB		 2182 case 8:
2183 stq_p(buf, value);
2184 break;
acc9d80b
JK		 2185 default:
2186 abort();
2187 }
5c9eb028
PM		 2188 return address_space_write(subpage->as, addr + subpage->base,
2189 attrs, buf, len);
db7b5426
BS		 2190}
2191
c353e4cc 2192static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2193 unsigned len, bool is_write)
c353e4cc 2194{
acc9d80b 2195 subpage_t *subpage = opaque;
c353e4cc 2196#if defined(DEBUG_SUBPAGE)
016e9d62 2197 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2198 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2199#endif
2200
acc9d80b 2201 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2202 len, is_write);
c353e4cc
PB		 2203}
2204
70c68e44 2205static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2206 .read_with_attrs = subpage_read,
2207 .write_with_attrs = subpage_write,
ff6cff75
PB		 2208 .impl.min_access_size = 1,
2209 .impl.max_access_size = 8,
2210 .valid.min_access_size = 1,
2211 .valid.max_access_size = 8,
c353e4cc 2212 .valid.accepts = subpage_accepts,
70c68e44 2213 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2214};
2215
c227f099 2216static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2217 uint16_t section)
db7b5426
BS		 2218{
2219 int idx, eidx;
2220
2221 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2222 return -1;
2223 idx = SUBPAGE_IDX(start);
2224 eidx = SUBPAGE_IDX(end);
2225#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2226 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2227 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2228#endif
db7b5426 2229 for (; idx <= eidx; idx++) {
5312bd8b 2230 mmio->sub_section[idx] = section;
db7b5426
BS		 2231 }
2232
2233 return 0;
2234}
2235
acc9d80b 2236static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2237{
c227f099 2238 subpage_t *mmio;
db7b5426 2239
7267c094 2240 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2241
acc9d80b 2242 mmio->as = as;
1eec614b 2243 mmio->base = base;
2c9b15ca 2244 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2245 NULL, TARGET_PAGE_SIZE);
b3b00c78 2246 mmio->iomem.subpage = true;
db7b5426 2247#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2248 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2249 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2250#endif
b41aac4f 2251 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2252
2253 return mmio;
2254}
2255
a656e22f
PC		 2256static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2257 MemoryRegion *mr)
5312bd8b 2258{
a656e22f 2259 assert(as);
5312bd8b 2260 MemoryRegionSection section = {
a656e22f 2261 .address_space = as,
5312bd8b
AK		 2262 .mr = mr,
2263 .offset_within_address_space = 0,
2264 .offset_within_region = 0,
052e87b0 2265 .size = int128_2_64(),
5312bd8b
AK		 2266 };
2267
53cb28cb 2268 return phys_section_add(map, &section);
5312bd8b
AK		 2269}
2270
a54c87b6 2271MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2272{
a54c87b6
PM		 2273 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2274 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2275 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2276 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2277
2278 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2279}
2280
e9179ce1
AK		 2281static void io_mem_init(void)
2282{
1f6245e5 2283 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2284 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2285 NULL, UINT64_MAX);
2c9b15ca 2286 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2287 NULL, UINT64_MAX);
2c9b15ca 2288 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2289 NULL, UINT64_MAX);
e9179ce1
AK		 2290}
2291
ac1970fb 2292static void mem_begin(MemoryListener *listener)
00752703
PB		 2293{
2294 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2295 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2296 uint16_t n;
2297
a656e22f 2298 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2299 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2300 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2301 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2302 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2303 assert(n == PHYS_SECTION_ROM);
a656e22f 2304 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2305 assert(n == PHYS_SECTION_WATCH);
00752703 2306
9736e55b 2307 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2308 d->as = as;
2309 as->next_dispatch = d;
2310}
2311
79e2b9ae
PB		 2312static void address_space_dispatch_free(AddressSpaceDispatch *d)
2313{
2314 phys_sections_free(&d->map);
2315 g_free(d);
2316}
2317
00752703 2318static void mem_commit(MemoryListener *listener)
ac1970fb 2319{
89ae337a 2320 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2321 AddressSpaceDispatch *cur = as->dispatch;
2322 AddressSpaceDispatch *next = as->next_dispatch;
2323
53cb28cb 2324 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2325
79e2b9ae 2326 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2327 if (cur) {
79e2b9ae 2328 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2329 }
9affd6fc
PB		 2330}
2331
1d71148e 2332static void tcg_commit(MemoryListener *listener)
50c1e149 2333{
32857f4d
PM		 2334 CPUAddressSpace *cpuas;
2335 AddressSpaceDispatch *d;
117712c3
AK		 2336
2337 /* since each CPU stores ram addresses in its TLB cache, we must
2338 reset the modified entries */
32857f4d
PM		 2339 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2340 cpu_reloading_memory_map();
2341 /* The CPU and TLB are protected by the iothread lock.
2342 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2343 * may have split the RCU critical section.
2344 */
2345 d = atomic_rcu_read(&cpuas->as->dispatch);
2346 cpuas->memory_dispatch = d;
2347 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2348}
2349
ac1970fb
AK		 2350void address_space_init_dispatch(AddressSpace *as)
2351{
00752703 2352 as->dispatch = NULL;
89ae337a 2353 as->dispatch_listener = (MemoryListener) {
ac1970fb 2354 .begin = mem_begin,
00752703 2355 .commit = mem_commit,
ac1970fb
AK		 2356 .region_add = mem_add,
2357 .region_nop = mem_add,
2358 .priority = 0,
2359 };
89ae337a 2360 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2361}
2362
6e48e8f9
PB		 2363void address_space_unregister(AddressSpace *as)
2364{
2365 memory_listener_unregister(&as->dispatch_listener);
2366}
2367
83f3c251
AK		 2368void address_space_destroy_dispatch(AddressSpace *as)
2369{
2370 AddressSpaceDispatch *d = as->dispatch;
2371
79e2b9ae
PB		 2372 atomic_rcu_set(&as->dispatch, NULL);
2373 if (d) {
2374 call_rcu(d, address_space_dispatch_free, rcu);
2375 }
83f3c251
AK		 2376}
2377
62152b8a
AK		 2378static void memory_map_init(void)
2379{
7267c094 2380 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2381
57271d63 2382 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2383 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2384
7267c094 2385 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2386 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2387 65536);
7dca8043 2388 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2389}
2390
2391MemoryRegion *get_system_memory(void)
2392{
2393 return system_memory;
2394}
2395
309cb471
AK		 2396MemoryRegion *get_system_io(void)
2397{
2398 return system_io;
2399}
2400
e2eef170
PB		 2401#endif /* !defined(CONFIG_USER_ONLY) */
2402
13eb76e0
FB		 2403/* physical memory access (slow version, mainly for debug) */
2404#if defined(CONFIG_USER_ONLY)
f17ec444 2405int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2406 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2407{
2408 int l, flags;
2409 target_ulong page;
53a5960a 2410 void * p;
13eb76e0
FB		 2411
2412 while (len > 0) {
2413 page = addr & TARGET_PAGE_MASK;
2414 l = (page + TARGET_PAGE_SIZE) - addr;
2415 if (l > len)
2416 l = len;
2417 flags = page_get_flags(page);
2418 if (!(flags & PAGE_VALID))
a68fe89c 2419 return -1;
13eb76e0
FB		 2420 if (is_write) {
2421 if (!(flags & PAGE_WRITE))
a68fe89c 2422 return -1;
579a97f7 2423 /* XXX: this code should not depend on lock_user */
72fb7daa 2424 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2425 return -1;
72fb7daa
AJ		 2426 memcpy(p, buf, l);
2427 unlock_user(p, addr, l);
13eb76e0
FB		 2428 } else {
2429 if (!(flags & PAGE_READ))
a68fe89c 2430 return -1;
579a97f7 2431 /* XXX: this code should not depend on lock_user */
72fb7daa 2432 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2433 return -1;
72fb7daa 2434 memcpy(buf, p, l);
5b257578 2435 unlock_user(p, addr, 0);
13eb76e0
FB		 2436 }
2437 len -= l;
2438 buf += l;
2439 addr += l;
2440 }
a68fe89c 2441 return 0;
13eb76e0 2442}
8df1cd07 2443
13eb76e0 2444#else
51d7a9eb 2445
845b6214 2446static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2447 hwaddr length)
51d7a9eb 2448{
e87f7778
PB		 2449 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2450 /* No early return if dirty_log_mask is or becomes 0, because
2451 * cpu_physical_memory_set_dirty_range will still call
2452 * xen_modified_memory.
2453 */
2454 if (dirty_log_mask) {
2455 dirty_log_mask =
2456 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2457 }
2458 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2459 tb_invalidate_phys_range(addr, addr + length);
2460 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2461 }
e87f7778 2462 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2463}
2464
23326164 2465static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2466{
e1622f4b 2467 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2468
2469 /* Regions are assumed to support 1-4 byte accesses unless
2470 otherwise specified. */
23326164
RH		 2471 if (access_size_max == 0) {
2472 access_size_max = 4;
2473 }
2474
2475 /* Bound the maximum access by the alignment of the address. */
2476 if (!mr->ops->impl.unaligned) {
2477 unsigned align_size_max = addr & -addr;
2478 if (align_size_max != 0 && align_size_max < access_size_max) {
2479 access_size_max = align_size_max;
2480 }
82f2563f 2481 }
23326164
RH		 2482
2483 /* Don't attempt accesses larger than the maximum. */
2484 if (l > access_size_max) {
2485 l = access_size_max;
82f2563f 2486 }
6554f5c0 2487 l = pow2floor(l);
23326164
RH		 2488
2489 return l;
82f2563f
PB		 2490}
2491
4840f10e 2492static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2493{
4840f10e
JK		 2494 bool unlocked = !qemu_mutex_iothread_locked();
2495 bool release_lock = false;
2496
2497 if (unlocked && mr->global_locking) {
2498 qemu_mutex_lock_iothread();
2499 unlocked = false;
2500 release_lock = true;
2501 }
125b3806 2502 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2503 if (unlocked) {
2504 qemu_mutex_lock_iothread();
2505 }
125b3806 2506 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2507 if (unlocked) {
2508 qemu_mutex_unlock_iothread();
2509 }
125b3806 2510 }
4840f10e
JK		 2511
2512 return release_lock;
125b3806
PB		 2513}
2514
a203ac70
PB		 2515/* Called within RCU critical section. */
2516static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2517 MemTxAttrs attrs,
2518 const uint8_t *buf,
2519 int len, hwaddr addr1,
2520 hwaddr l, MemoryRegion *mr)
13eb76e0 2521{
13eb76e0 2522 uint8_t *ptr;
791af8c8 2523 uint64_t val;
3b643495 2524 MemTxResult result = MEMTX_OK;
4840f10e 2525 bool release_lock = false;
3b46e624 2526
a203ac70 2527 for (;;) {
eb7eeb88
PB		 2528 if (!memory_access_is_direct(mr, true)) {
2529 release_lock |= prepare_mmio_access(mr);
2530 l = memory_access_size(mr, l, addr1);
2531 /* XXX: could force current_cpu to NULL to avoid
2532 potential bugs */
2533 switch (l) {
2534 case 8:
2535 /* 64 bit write access */
2536 val = ldq_p(buf);
2537 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2538 attrs);
2539 break;
2540 case 4:
2541 /* 32 bit write access */
2542 val = ldl_p(buf);
2543 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2544 attrs);
2545 break;
2546 case 2:
2547 /* 16 bit write access */
2548 val = lduw_p(buf);
2549 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2550 attrs);
2551 break;
2552 case 1:
2553 /* 8 bit write access */
2554 val = ldub_p(buf);
2555 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2556 attrs);
2557 break;
2558 default:
2559 abort();
13eb76e0
FB		 2560 }
2561 } else {
eb7eeb88
PB		 2562 addr1 += memory_region_get_ram_addr(mr);
2563 /* RAM case */
2564 ptr = qemu_get_ram_ptr(addr1);
2565 memcpy(ptr, buf, l);
2566 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2567 }
4840f10e
JK		 2568
2569 if (release_lock) {
2570 qemu_mutex_unlock_iothread();
2571 release_lock = false;
2572 }
2573
13eb76e0
FB		 2574 len -= l;
2575 buf += l;
2576 addr += l;
a203ac70
PB		 2577
2578 if (!len) {
2579 break;
2580 }
2581
2582 l = len;
2583 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2584 }
fd8aaa76 2585
3b643495 2586 return result;
13eb76e0 2587}
8df1cd07 2588
a203ac70
PB		 2589MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2590 const uint8_t *buf, int len)
ac1970fb 2591{
eb7eeb88 2592 hwaddr l;
eb7eeb88
PB		 2593 hwaddr addr1;
2594 MemoryRegion *mr;
2595 MemTxResult result = MEMTX_OK;
eb7eeb88 2596
a203ac70
PB		 2597 if (len > 0) {
2598 rcu_read_lock();
eb7eeb88 2599 l = len;
a203ac70
PB		 2600 mr = address_space_translate(as, addr, &addr1, &l, true);
2601 result = address_space_write_continue(as, addr, attrs, buf, len,
2602 addr1, l, mr);
2603 rcu_read_unlock();
2604 }
2605
2606 return result;
2607}
2608
2609/* Called within RCU critical section. */
2610MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2611 MemTxAttrs attrs, uint8_t *buf,
2612 int len, hwaddr addr1, hwaddr l,
2613 MemoryRegion *mr)
2614{
2615 uint8_t *ptr;
2616 uint64_t val;
2617 MemTxResult result = MEMTX_OK;
2618 bool release_lock = false;
eb7eeb88 2619
a203ac70 2620 for (;;) {
eb7eeb88
PB		 2621 if (!memory_access_is_direct(mr, false)) {
2622 /* I/O case */
2623 release_lock |= prepare_mmio_access(mr);
2624 l = memory_access_size(mr, l, addr1);
2625 switch (l) {
2626 case 8:
2627 /* 64 bit read access */
2628 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2629 attrs);
2630 stq_p(buf, val);
2631 break;
2632 case 4:
2633 /* 32 bit read access */
2634 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2635 attrs);
2636 stl_p(buf, val);
2637 break;
2638 case 2:
2639 /* 16 bit read access */
2640 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2641 attrs);
2642 stw_p(buf, val);
2643 break;
2644 case 1:
2645 /* 8 bit read access */
2646 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2647 attrs);
2648 stb_p(buf, val);
2649 break;
2650 default:
2651 abort();
2652 }
2653 } else {
2654 /* RAM case */
2655 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2656 memcpy(buf, ptr, l);
2657 }
2658
2659 if (release_lock) {
2660 qemu_mutex_unlock_iothread();
2661 release_lock = false;
2662 }
2663
2664 len -= l;
2665 buf += l;
2666 addr += l;
a203ac70
PB		 2667
2668 if (!len) {
2669 break;
2670 }
2671
2672 l = len;
2673 mr = address_space_translate(as, addr, &addr1, &l, false);
2674 }
2675
2676 return result;
2677}
2678
3cc8f884
PB		 2679MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2680 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2681{
2682 hwaddr l;
2683 hwaddr addr1;
2684 MemoryRegion *mr;
2685 MemTxResult result = MEMTX_OK;
2686
2687 if (len > 0) {
2688 rcu_read_lock();
2689 l = len;
2690 mr = address_space_translate(as, addr, &addr1, &l, false);
2691 result = address_space_read_continue(as, addr, attrs, buf, len,
2692 addr1, l, mr);
2693 rcu_read_unlock();
eb7eeb88 2694 }
eb7eeb88
PB		 2695
2696 return result;
ac1970fb
AK		 2697}
2698
eb7eeb88
PB		 2699MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2700 uint8_t *buf, int len, bool is_write)
2701{
2702 if (is_write) {
2703 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2704 } else {
2705 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2706 }
2707}
ac1970fb 2708
a8170e5e 2709void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2710 int len, int is_write)
2711{
5c9eb028
PM		 2712 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2713 buf, len, is_write);
ac1970fb
AK		 2714}
2715
582b55a9
AG		 2716enum write_rom_type {
2717 WRITE_DATA,
2718 FLUSH_CACHE,
2719};
2720
2a221651 2721static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2722 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2723{
149f54b5 2724 hwaddr l;
d0ecd2aa 2725 uint8_t *ptr;
149f54b5 2726 hwaddr addr1;
5c8a00ce 2727 MemoryRegion *mr;
3b46e624 2728
41063e1e 2729 rcu_read_lock();
d0ecd2aa 2730 while (len > 0) {
149f54b5 2731 l = len;
2a221651 2732 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2733
5c8a00ce
PB		 2734 if (!(memory_region_is_ram(mr) ||
2735 memory_region_is_romd(mr))) {
b242e0e0 2736 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2737 } else {
5c8a00ce 2738 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2739 /* ROM/RAM case */
5579c7f3 2740 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2741 switch (type) {
2742 case WRITE_DATA:
2743 memcpy(ptr, buf, l);
845b6214 2744 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2745 break;
2746 case FLUSH_CACHE:
2747 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2748 break;
2749 }
d0ecd2aa
FB		 2750 }
2751 len -= l;
2752 buf += l;
2753 addr += l;
2754 }
41063e1e 2755 rcu_read_unlock();
d0ecd2aa
FB		 2756}
2757
582b55a9 2758/* used for ROM loading : can write in RAM and ROM */
2a221651 2759void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2760 const uint8_t *buf, int len)
2761{
2a221651 2762 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2763}
2764
2765void cpu_flush_icache_range(hwaddr start, int len)
2766{
2767 /*
2768 * This function should do the same thing as an icache flush that was
2769 * triggered from within the guest. For TCG we are always cache coherent,
2770 * so there is no need to flush anything. For KVM / Xen we need to flush
2771 * the host's instruction cache at least.
2772 */
2773 if (tcg_enabled()) {
2774 return;
2775 }
2776
2a221651
EI		 2777 cpu_physical_memory_write_rom_internal(&address_space_memory,
2778 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2779}
2780
6d16c2f8 2781typedef struct {
d3e71559 2782 MemoryRegion *mr;
6d16c2f8 2783 void *buffer;
a8170e5e
AK		 2784 hwaddr addr;
2785 hwaddr len;
c2cba0ff 2786 bool in_use;
6d16c2f8
AL		 2787} BounceBuffer;
2788
2789static BounceBuffer bounce;
2790
ba223c29 2791typedef struct MapClient {
e95205e1 2792 QEMUBH *bh;
72cf2d4f 2793 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2794} MapClient;
2795
38e047b5 2796QemuMutex map_client_list_lock;
72cf2d4f
BS		 2797static QLIST_HEAD(map_client_list, MapClient) map_client_list
2798 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2799
e95205e1
FZ		 2800static void cpu_unregister_map_client_do(MapClient *client)
2801{
2802 QLIST_REMOVE(client, link);
2803 g_free(client);
2804}
2805
33b6c2ed
FZ		 2806static void cpu_notify_map_clients_locked(void)
2807{
2808 MapClient *client;
2809
2810 while (!QLIST_EMPTY(&map_client_list)) {
2811 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2812 qemu_bh_schedule(client->bh);
2813 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2814 }
2815}
2816
e95205e1 2817void cpu_register_map_client(QEMUBH *bh)
ba223c29 2818{
7267c094 2819 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2820
38e047b5 2821 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2822 client->bh = bh;
72cf2d4f 2823 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2824 if (!atomic_read(&bounce.in_use)) {
2825 cpu_notify_map_clients_locked();
2826 }
38e047b5 2827 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2828}
2829
38e047b5 2830void cpu_exec_init_all(void)
ba223c29 2831{
38e047b5 2832 qemu_mutex_init(&ram_list.mutex);
38e047b5 2833 io_mem_init();
680a4783 2834 memory_map_init();
38e047b5 2835 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2836}
2837
e95205e1 2838void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2839{
2840 MapClient *client;
2841
e95205e1
FZ		 2842 qemu_mutex_lock(&map_client_list_lock);
2843 QLIST_FOREACH(client, &map_client_list, link) {
2844 if (client->bh == bh) {
2845 cpu_unregister_map_client_do(client);
2846 break;
2847 }
ba223c29 2848 }
e95205e1 2849 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2850}
2851
2852static void cpu_notify_map_clients(void)
2853{
38e047b5 2854 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2855 cpu_notify_map_clients_locked();
38e047b5 2856 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2857}
2858
51644ab7
PB		 2859bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2860{
5c8a00ce 2861 MemoryRegion *mr;
51644ab7
PB		 2862 hwaddr l, xlat;
2863
41063e1e 2864 rcu_read_lock();
51644ab7
PB		 2865 while (len > 0) {
2866 l = len;
5c8a00ce
PB		 2867 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2868 if (!memory_access_is_direct(mr, is_write)) {
2869 l = memory_access_size(mr, l, addr);
2870 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2871 return false;
2872 }
2873 }
2874
2875 len -= l;
2876 addr += l;
2877 }
41063e1e 2878 rcu_read_unlock();
51644ab7
PB		 2879 return true;
2880}
2881
6d16c2f8
AL		 2882/* Map a physical memory region into a host virtual address.
2883 * May map a subset of the requested range, given by and returned in *plen.
2884 * May return NULL if resources needed to perform the mapping are exhausted.
2885 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2886 * Use cpu_register_map_client() to know when retrying the map operation is
2887 * likely to succeed.
6d16c2f8 2888 */
ac1970fb 2889void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2890 hwaddr addr,
2891 hwaddr *plen,
ac1970fb 2892 bool is_write)
6d16c2f8 2893{
a8170e5e 2894 hwaddr len = *plen;
e3127ae0
PB		 2895 hwaddr done = 0;
2896 hwaddr l, xlat, base;
2897 MemoryRegion *mr, *this_mr;
2898 ram_addr_t raddr;
e81bcda5 2899 void *ptr;
6d16c2f8 2900
e3127ae0
PB		 2901 if (len == 0) {
2902 return NULL;
2903 }
38bee5dc 2904
e3127ae0 2905 l = len;
41063e1e 2906 rcu_read_lock();
e3127ae0 2907 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2908
e3127ae0 2909 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2910 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2911 rcu_read_unlock();
e3127ae0 2912 return NULL;
6d16c2f8 2913 }
e85d9db5
KW		 2914 /* Avoid unbounded allocations */
2915 l = MIN(l, TARGET_PAGE_SIZE);
2916 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2917 bounce.addr = addr;
2918 bounce.len = l;
d3e71559
PB		 2919
2920 memory_region_ref(mr);
2921 bounce.mr = mr;
e3127ae0 2922 if (!is_write) {
5c9eb028
PM		 2923 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2924 bounce.buffer, l);
8ab934f9 2925 }
6d16c2f8 2926
41063e1e 2927 rcu_read_unlock();
e3127ae0
PB		 2928 *plen = l;
2929 return bounce.buffer;
2930 }
2931
2932 base = xlat;
2933 raddr = memory_region_get_ram_addr(mr);
2934
2935 for (;;) {
6d16c2f8
AL		 2936 len -= l;
2937 addr += l;
e3127ae0
PB		 2938 done += l;
2939 if (len == 0) {
2940 break;
2941 }
2942
2943 l = len;
2944 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2945 if (this_mr != mr || xlat != base + done) {
2946 break;
2947 }
6d16c2f8 2948 }
e3127ae0 2949
d3e71559 2950 memory_region_ref(mr);
e3127ae0 2951 *plen = done;
e81bcda5
PB		 2952 ptr = qemu_ram_ptr_length(raddr + base, plen);
2953 rcu_read_unlock();
2954
2955 return ptr;
6d16c2f8
AL		 2956}
2957
ac1970fb 2958/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2959 * Will also mark the memory as dirty if is_write == 1. access_len gives
2960 * the amount of memory that was actually read or written by the caller.
2961 */
a8170e5e
AK		 2962void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2963 int is_write, hwaddr access_len)
6d16c2f8
AL		 2964{
2965 if (buffer != bounce.buffer) {
d3e71559
PB		 2966 MemoryRegion *mr;
2967 ram_addr_t addr1;
2968
2969 mr = qemu_ram_addr_from_host(buffer, &addr1);
2970 assert(mr != NULL);
6d16c2f8 2971 if (is_write) {
845b6214 2972 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2973 }
868bb33f 2974 if (xen_enabled()) {
e41d7c69 2975 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2976 }
d3e71559 2977 memory_region_unref(mr);
6d16c2f8
AL		 2978 return;
2979 }
2980 if (is_write) {
5c9eb028
PM		 2981 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2982 bounce.buffer, access_len);
6d16c2f8 2983 }
f8a83245 2984 qemu_vfree(bounce.buffer);
6d16c2f8 2985 bounce.buffer = NULL;
d3e71559 2986 memory_region_unref(bounce.mr);
c2cba0ff 2987 atomic_mb_set(&bounce.in_use, false);
ba223c29 2988 cpu_notify_map_clients();
6d16c2f8 2989}
d0ecd2aa 2990
a8170e5e
AK		 2991void *cpu_physical_memory_map(hwaddr addr,
2992 hwaddr *plen,
ac1970fb
AK		 2993 int is_write)
2994{
2995 return address_space_map(&address_space_memory, addr, plen, is_write);
2996}
2997
a8170e5e
AK		 2998void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2999 int is_write, hwaddr access_len)
ac1970fb
AK		 3000{
3001 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3002}
3003
8df1cd07 3004/* warning: addr must be aligned */
50013115
PM		 3005static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3006 MemTxAttrs attrs,
3007 MemTxResult *result,
3008 enum device_endian endian)
8df1cd07 3009{
8df1cd07 3010 uint8_t *ptr;
791af8c8 3011 uint64_t val;
5c8a00ce 3012 MemoryRegion *mr;
149f54b5
PB		 3013 hwaddr l = 4;
3014 hwaddr addr1;
50013115 3015 MemTxResult r;
4840f10e 3016 bool release_lock = false;
8df1cd07 3017
41063e1e 3018 rcu_read_lock();
fdfba1a2 3019 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3020 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3021 release_lock |= prepare_mmio_access(mr);
125b3806 3022
8df1cd07 3023 /* I/O case */
50013115 3024 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3025#if defined(TARGET_WORDS_BIGENDIAN)
3026 if (endian == DEVICE_LITTLE_ENDIAN) {
3027 val = bswap32(val);
3028 }
3029#else
3030 if (endian == DEVICE_BIG_ENDIAN) {
3031 val = bswap32(val);
3032 }
3033#endif
8df1cd07
FB		 3034 } else {
3035 /* RAM case */
5c8a00ce 3036 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3037 & TARGET_PAGE_MASK)
149f54b5 3038 + addr1);
1e78bcc1
AG		 3039 switch (endian) {
3040 case DEVICE_LITTLE_ENDIAN:
3041 val = ldl_le_p(ptr);
3042 break;
3043 case DEVICE_BIG_ENDIAN:
3044 val = ldl_be_p(ptr);
3045 break;
3046 default:
3047 val = ldl_p(ptr);
3048 break;
3049 }
50013115
PM		 3050 r = MEMTX_OK;
3051 }
3052 if (result) {
3053 *result = r;
8df1cd07 3054 }
4840f10e
JK		 3055 if (release_lock) {
3056 qemu_mutex_unlock_iothread();
3057 }
41063e1e 3058 rcu_read_unlock();
8df1cd07
FB		 3059 return val;
3060}
3061
50013115
PM		 3062uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3063 MemTxAttrs attrs, MemTxResult *result)
3064{
3065 return address_space_ldl_internal(as, addr, attrs, result,
3066 DEVICE_NATIVE_ENDIAN);
3067}
3068
3069uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3070 MemTxAttrs attrs, MemTxResult *result)
3071{
3072 return address_space_ldl_internal(as, addr, attrs, result,
3073 DEVICE_LITTLE_ENDIAN);
3074}
3075
3076uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3077 MemTxAttrs attrs, MemTxResult *result)
3078{
3079 return address_space_ldl_internal(as, addr, attrs, result,
3080 DEVICE_BIG_ENDIAN);
3081}
3082
fdfba1a2 3083uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3084{
50013115 3085 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3086}
3087
fdfba1a2 3088uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3089{
50013115 3090 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3091}
3092
fdfba1a2 3093uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3094{
50013115 3095 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3096}
3097
84b7b8e7 3098/* warning: addr must be aligned */
50013115
PM		 3099static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3100 MemTxAttrs attrs,
3101 MemTxResult *result,
3102 enum device_endian endian)
84b7b8e7 3103{
84b7b8e7
FB		 3104 uint8_t *ptr;
3105 uint64_t val;
5c8a00ce 3106 MemoryRegion *mr;
149f54b5
PB		 3107 hwaddr l = 8;
3108 hwaddr addr1;
50013115 3109 MemTxResult r;
4840f10e 3110 bool release_lock = false;
84b7b8e7 3111
41063e1e 3112 rcu_read_lock();
2c17449b 3113 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3114 false);
3115 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3116 release_lock |= prepare_mmio_access(mr);
125b3806 3117
84b7b8e7 3118 /* I/O case */
50013115 3119 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3120#if defined(TARGET_WORDS_BIGENDIAN)
3121 if (endian == DEVICE_LITTLE_ENDIAN) {
3122 val = bswap64(val);
3123 }
3124#else
3125 if (endian == DEVICE_BIG_ENDIAN) {
3126 val = bswap64(val);
3127 }
84b7b8e7
FB		 3128#endif
3129 } else {
3130 /* RAM case */
5c8a00ce 3131 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3132 & TARGET_PAGE_MASK)
149f54b5 3133 + addr1);
1e78bcc1
AG		 3134 switch (endian) {
3135 case DEVICE_LITTLE_ENDIAN:
3136 val = ldq_le_p(ptr);
3137 break;
3138 case DEVICE_BIG_ENDIAN:
3139 val = ldq_be_p(ptr);
3140 break;
3141 default:
3142 val = ldq_p(ptr);
3143 break;
3144 }
50013115
PM		 3145 r = MEMTX_OK;
3146 }
3147 if (result) {
3148 *result = r;
84b7b8e7 3149 }
4840f10e
JK		 3150 if (release_lock) {
3151 qemu_mutex_unlock_iothread();
3152 }
41063e1e 3153 rcu_read_unlock();
84b7b8e7
FB		 3154 return val;
3155}
3156
50013115
PM		 3157uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3158 MemTxAttrs attrs, MemTxResult *result)
3159{
3160 return address_space_ldq_internal(as, addr, attrs, result,
3161 DEVICE_NATIVE_ENDIAN);
3162}
3163
3164uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3165 MemTxAttrs attrs, MemTxResult *result)
3166{
3167 return address_space_ldq_internal(as, addr, attrs, result,
3168 DEVICE_LITTLE_ENDIAN);
3169}
3170
3171uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3172 MemTxAttrs attrs, MemTxResult *result)
3173{
3174 return address_space_ldq_internal(as, addr, attrs, result,
3175 DEVICE_BIG_ENDIAN);
3176}
3177
2c17449b 3178uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3179{
50013115 3180 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3181}
3182
2c17449b 3183uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3184{
50013115 3185 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3186}
3187
2c17449b 3188uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3189{
50013115 3190 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3191}
3192
aab33094 3193/* XXX: optimize */
50013115
PM		 3194uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3195 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3196{
3197 uint8_t val;
50013115
PM		 3198 MemTxResult r;
3199
3200 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3201 if (result) {
3202 *result = r;
3203 }
aab33094
FB		 3204 return val;
3205}
3206
50013115
PM		 3207uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3208{
3209 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3210}
3211
733f0b02 3212/* warning: addr must be aligned */
50013115
PM		 3213static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3214 hwaddr addr,
3215 MemTxAttrs attrs,
3216 MemTxResult *result,
3217 enum device_endian endian)
aab33094 3218{
733f0b02
MT		 3219 uint8_t *ptr;
3220 uint64_t val;
5c8a00ce 3221 MemoryRegion *mr;
149f54b5
PB		 3222 hwaddr l = 2;
3223 hwaddr addr1;
50013115 3224 MemTxResult r;
4840f10e 3225 bool release_lock = false;
733f0b02 3226
41063e1e 3227 rcu_read_lock();
41701aa4 3228 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3229 false);
3230 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3231 release_lock |= prepare_mmio_access(mr);
125b3806 3232
733f0b02 3233 /* I/O case */
50013115 3234 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3235#if defined(TARGET_WORDS_BIGENDIAN)
3236 if (endian == DEVICE_LITTLE_ENDIAN) {
3237 val = bswap16(val);
3238 }
3239#else
3240 if (endian == DEVICE_BIG_ENDIAN) {
3241 val = bswap16(val);
3242 }
3243#endif
733f0b02
MT		 3244 } else {
3245 /* RAM case */
5c8a00ce 3246 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3247 & TARGET_PAGE_MASK)
149f54b5 3248 + addr1);
1e78bcc1
AG		 3249 switch (endian) {
3250 case DEVICE_LITTLE_ENDIAN:
3251 val = lduw_le_p(ptr);
3252 break;
3253 case DEVICE_BIG_ENDIAN:
3254 val = lduw_be_p(ptr);
3255 break;
3256 default:
3257 val = lduw_p(ptr);
3258 break;
3259 }
50013115
PM		 3260 r = MEMTX_OK;
3261 }
3262 if (result) {
3263 *result = r;
733f0b02 3264 }
4840f10e
JK		 3265 if (release_lock) {
3266 qemu_mutex_unlock_iothread();
3267 }
41063e1e 3268 rcu_read_unlock();
733f0b02 3269 return val;
aab33094
FB		 3270}
3271
50013115
PM		 3272uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3273 MemTxAttrs attrs, MemTxResult *result)
3274{
3275 return address_space_lduw_internal(as, addr, attrs, result,
3276 DEVICE_NATIVE_ENDIAN);
3277}
3278
3279uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3280 MemTxAttrs attrs, MemTxResult *result)
3281{
3282 return address_space_lduw_internal(as, addr, attrs, result,
3283 DEVICE_LITTLE_ENDIAN);
3284}
3285
3286uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3287 MemTxAttrs attrs, MemTxResult *result)
3288{
3289 return address_space_lduw_internal(as, addr, attrs, result,
3290 DEVICE_BIG_ENDIAN);
3291}
3292
41701aa4 3293uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3294{
50013115 3295 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3296}
3297
41701aa4 3298uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3299{
50013115 3300 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3301}
3302
41701aa4 3303uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3304{
50013115 3305 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3306}
3307
8df1cd07
FB		 3308/* warning: addr must be aligned. The ram page is not masked as dirty
3309 and the code inside is not invalidated. It is useful if the dirty
3310 bits are used to track modified PTEs */
50013115
PM		 3311void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3312 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3313{
8df1cd07 3314 uint8_t *ptr;
5c8a00ce 3315 MemoryRegion *mr;
149f54b5
PB		 3316 hwaddr l = 4;
3317 hwaddr addr1;
50013115 3318 MemTxResult r;
845b6214 3319 uint8_t dirty_log_mask;
4840f10e 3320 bool release_lock = false;
8df1cd07 3321
41063e1e 3322 rcu_read_lock();
2198a121 3323 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3324 true);
3325 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3326 release_lock |= prepare_mmio_access(mr);
125b3806 3327
50013115 3328 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3329 } else {
5c8a00ce 3330 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3331 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3332 stl_p(ptr, val);
74576198 3333
845b6214
PB		 3334 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3335 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3336 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3337 r = MEMTX_OK;
3338 }
3339 if (result) {
3340 *result = r;
8df1cd07 3341 }
4840f10e
JK		 3342 if (release_lock) {
3343 qemu_mutex_unlock_iothread();
3344 }
41063e1e 3345 rcu_read_unlock();
8df1cd07
FB		 3346}
3347
50013115
PM		 3348void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3349{
3350 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3351}
3352
8df1cd07 3353/* warning: addr must be aligned */
50013115
PM		 3354static inline void address_space_stl_internal(AddressSpace *as,
3355 hwaddr addr, uint32_t val,
3356 MemTxAttrs attrs,
3357 MemTxResult *result,
3358 enum device_endian endian)
8df1cd07 3359{
8df1cd07 3360 uint8_t *ptr;
5c8a00ce 3361 MemoryRegion *mr;
149f54b5
PB		 3362 hwaddr l = 4;
3363 hwaddr addr1;
50013115 3364 MemTxResult r;
4840f10e 3365 bool release_lock = false;
8df1cd07 3366
41063e1e 3367 rcu_read_lock();
ab1da857 3368 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3369 true);
3370 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3371 release_lock |= prepare_mmio_access(mr);
125b3806 3372
1e78bcc1
AG		 3373#if defined(TARGET_WORDS_BIGENDIAN)
3374 if (endian == DEVICE_LITTLE_ENDIAN) {
3375 val = bswap32(val);
3376 }
3377#else
3378 if (endian == DEVICE_BIG_ENDIAN) {
3379 val = bswap32(val);
3380 }
3381#endif
50013115 3382 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3383 } else {
8df1cd07 3384 /* RAM case */
5c8a00ce 3385 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3386 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3387 switch (endian) {
3388 case DEVICE_LITTLE_ENDIAN:
3389 stl_le_p(ptr, val);
3390 break;
3391 case DEVICE_BIG_ENDIAN:
3392 stl_be_p(ptr, val);
3393 break;
3394 default:
3395 stl_p(ptr, val);
3396 break;
3397 }
845b6214 3398 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3399 r = MEMTX_OK;
3400 }
3401 if (result) {
3402 *result = r;
8df1cd07 3403 }
4840f10e
JK		 3404 if (release_lock) {
3405 qemu_mutex_unlock_iothread();
3406 }
41063e1e 3407 rcu_read_unlock();
8df1cd07
FB		 3408}
3409
50013115
PM		 3410void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3411 MemTxAttrs attrs, MemTxResult *result)
3412{
3413 address_space_stl_internal(as, addr, val, attrs, result,
3414 DEVICE_NATIVE_ENDIAN);
3415}
3416
3417void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3418 MemTxAttrs attrs, MemTxResult *result)
3419{
3420 address_space_stl_internal(as, addr, val, attrs, result,
3421 DEVICE_LITTLE_ENDIAN);
3422}
3423
3424void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3425 MemTxAttrs attrs, MemTxResult *result)
3426{
3427 address_space_stl_internal(as, addr, val, attrs, result,
3428 DEVICE_BIG_ENDIAN);
3429}
3430
ab1da857 3431void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3432{
50013115 3433 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3434}
3435
ab1da857 3436void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3437{
50013115 3438 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3439}
3440
ab1da857 3441void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3442{
50013115 3443 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3444}
3445
aab33094 3446/* XXX: optimize */
50013115
PM		 3447void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3448 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3449{
3450 uint8_t v = val;
50013115
PM		 3451 MemTxResult r;
3452
3453 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3454 if (result) {
3455 *result = r;
3456 }
3457}
3458
3459void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3460{
3461 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3462}
3463
733f0b02 3464/* warning: addr must be aligned */
50013115
PM		 3465static inline void address_space_stw_internal(AddressSpace *as,
3466 hwaddr addr, uint32_t val,
3467 MemTxAttrs attrs,
3468 MemTxResult *result,
3469 enum device_endian endian)
aab33094 3470{
733f0b02 3471 uint8_t *ptr;
5c8a00ce 3472 MemoryRegion *mr;
149f54b5
PB		 3473 hwaddr l = 2;
3474 hwaddr addr1;
50013115 3475 MemTxResult r;
4840f10e 3476 bool release_lock = false;
733f0b02 3477
41063e1e 3478 rcu_read_lock();
5ce5944d 3479 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3480 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3481 release_lock |= prepare_mmio_access(mr);
125b3806 3482
1e78bcc1
AG		 3483#if defined(TARGET_WORDS_BIGENDIAN)
3484 if (endian == DEVICE_LITTLE_ENDIAN) {
3485 val = bswap16(val);
3486 }
3487#else
3488 if (endian == DEVICE_BIG_ENDIAN) {
3489 val = bswap16(val);
3490 }
3491#endif
50013115 3492 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3493 } else {
733f0b02 3494 /* RAM case */
5c8a00ce 3495 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3496 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3497 switch (endian) {
3498 case DEVICE_LITTLE_ENDIAN:
3499 stw_le_p(ptr, val);
3500 break;
3501 case DEVICE_BIG_ENDIAN:
3502 stw_be_p(ptr, val);
3503 break;
3504 default:
3505 stw_p(ptr, val);
3506 break;
3507 }
845b6214 3508 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3509 r = MEMTX_OK;
3510 }
3511 if (result) {
3512 *result = r;
733f0b02 3513 }
4840f10e
JK		 3514 if (release_lock) {
3515 qemu_mutex_unlock_iothread();
3516 }
41063e1e 3517 rcu_read_unlock();
aab33094
FB		 3518}
3519
50013115
PM		 3520void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3521 MemTxAttrs attrs, MemTxResult *result)
3522{
3523 address_space_stw_internal(as, addr, val, attrs, result,
3524 DEVICE_NATIVE_ENDIAN);
3525}
3526
3527void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3528 MemTxAttrs attrs, MemTxResult *result)
3529{
3530 address_space_stw_internal(as, addr, val, attrs, result,
3531 DEVICE_LITTLE_ENDIAN);
3532}
3533
3534void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3535 MemTxAttrs attrs, MemTxResult *result)
3536{
3537 address_space_stw_internal(as, addr, val, attrs, result,
3538 DEVICE_BIG_ENDIAN);
3539}
3540
5ce5944d 3541void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3542{
50013115 3543 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3544}
3545
5ce5944d 3546void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3547{
50013115 3548 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3549}
3550
5ce5944d 3551void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3552{
50013115 3553 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3554}
3555
aab33094 3556/* XXX: optimize */
50013115
PM		 3557void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3558 MemTxAttrs attrs, MemTxResult *result)
aab33094 3559{
50013115 3560 MemTxResult r;
aab33094 3561 val = tswap64(val);
50013115
PM		 3562 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3563 if (result) {
3564 *result = r;
3565 }
aab33094
FB		 3566}
3567
50013115
PM		 3568void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3569 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3570{
50013115 3571 MemTxResult r;
1e78bcc1 3572 val = cpu_to_le64(val);
50013115
PM		 3573 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3574 if (result) {
3575 *result = r;
3576 }
3577}
3578void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3579 MemTxAttrs attrs, MemTxResult *result)
3580{
3581 MemTxResult r;
3582 val = cpu_to_be64(val);
3583 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3584 if (result) {
3585 *result = r;
3586 }
3587}
3588
3589void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3590{
3591 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3592}
3593
3594void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3595{
3596 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3597}
3598
f606604f 3599void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3600{
50013115 3601 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3602}
3603
5e2972fd 3604/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3605int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3606 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3607{
3608 int l;
a8170e5e 3609 hwaddr phys_addr;
9b3c35e0 3610 target_ulong page;
13eb76e0
FB		 3611
3612 while (len > 0) {
5232e4c7
PM		 3613 int asidx;
3614 MemTxAttrs attrs;
3615
13eb76e0 3616 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3617 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3618 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3619 /* if no physical page mapped, return an error */
3620 if (phys_addr == -1)
3621 return -1;
3622 l = (page + TARGET_PAGE_SIZE) - addr;
3623 if (l > len)
3624 l = len;
5e2972fd 3625 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3626 if (is_write) {
5232e4c7
PM		 3627 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3628 phys_addr, buf, l);
2e38847b 3629 } else {
5232e4c7
PM		 3630 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3631 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3632 buf, l, 0);
2e38847b 3633 }
13eb76e0
FB		 3634 len -= l;
3635 buf += l;
3636 addr += l;
3637 }
3638 return 0;
3639}
038629a6
DDAG		 3640
3641/*
3642 * Allows code that needs to deal with migration bitmaps etc to still be built
3643 * target independent.
3644 */
3645size_t qemu_target_page_bits(void)
3646{
3647 return TARGET_PAGE_BITS;
3648}
3649
a68fe89c 3650#endif
13eb76e0 3651
8e4a424b
BS		 3652/*
3653 * A helper function for the _utterly broken_ virtio device model to find out if
3654 * it's running on a big endian machine. Don't do this at home kids!
3655 */
98ed8ecf
GK		 3656bool target_words_bigendian(void);
3657bool target_words_bigendian(void)
8e4a424b
BS		 3658{
3659#if defined(TARGET_WORDS_BIGENDIAN)
3660 return true;
3661#else
3662 return false;
3663#endif
3664}
3665
76f35538 3666#ifndef CONFIG_USER_ONLY
a8170e5e 3667bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3668{
5c8a00ce 3669 MemoryRegion*mr;
149f54b5 3670 hwaddr l = 1;
41063e1e 3671 bool res;
76f35538 3672
41063e1e 3673 rcu_read_lock();
5c8a00ce
PB		 3674 mr = address_space_translate(&address_space_memory,
3675 phys_addr, &phys_addr, &l, false);
76f35538 3676
41063e1e
PB		 3677 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3678 rcu_read_unlock();
3679 return res;
76f35538 3680}
bd2fa51f 3681
e3807054 3682int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3683{
3684 RAMBlock *block;
e3807054 3685 int ret = 0;
bd2fa51f 3686
0dc3f44a
MD		 3687 rcu_read_lock();
3688 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3689 ret = func(block->idstr, block->host, block->offset,
3690 block->used_length, opaque);
3691 if (ret) {
3692 break;
3693 }
bd2fa51f 3694 }
0dc3f44a 3695 rcu_read_unlock();
e3807054 3696 return ret;
bd2fa51f 3697}
ec3f8c99 3698#endif
Mirror of https://git.qemu.org/git/qemu.git