]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: Pass RAMBlock pointer to qemu_ram_free
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
777872e5 20#ifndef _WIN32
d5a8f07c
FB		 21#include <sys/mman.h>
22#endif
54936004 23
055403b2 24#include "qemu-common.h"
6180a181 25#include "cpu.h"
b67d9a52 26#include "tcg.h"
b3c7724c 27#include "hw/hw.h"
4485bd26 28#if !defined(CONFIG_USER_ONLY)
47c8ca53 29#include "hw/boards.h"
4485bd26 30#endif
cc9e98cb 31#include "hw/qdev.h"
9c17d615 32#include "sysemu/kvm.h"
2ff3de68 33#include "sysemu/sysemu.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
0dc3f44a 48#include "qemu/rcu_queue.h"
4840f10e 49#include "qemu/main-loop.h"
5b6dd868 50#include "translate-all.h"
7615936e 51#include "sysemu/replay.h"
0cac1b66 52
022c62cb 53#include "exec/memory-internal.h"
220c3ebd 54#include "exec/ram_addr.h"
508127e2 55#include "exec/log.h"
67d95c15 56
b35ba30f 57#include "qemu/range.h"
794e8f30
MT		 58#ifndef _WIN32
59#include "qemu/mmap-alloc.h"
60#endif
b35ba30f 61
db7b5426 62//#define DEBUG_SUBPAGE
1196be37 63
e2eef170 64#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 65/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
0d53d9fe 68RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 69
70static MemoryRegion *system_memory;
309cb471 71static MemoryRegion *system_io;
62152b8a 72
f6790af6
AK		 73AddressSpace address_space_io;
74AddressSpace address_space_memory;
2673a5da 75
0844e007 76MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 77static MemoryRegion io_mem_unassigned;
0e0df1e2 78
7bd4f430
PB		 79/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80#define RAM_PREALLOC (1 << 0)
81
dbcb8981
PB		 82/* RAM is mmap-ed with MAP_SHARED */
83#define RAM_SHARED (1 << 1)
84
62be4e3a
MT		 85/* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88#define RAM_RESIZEABLE (1 << 2)
89
e2eef170 90#endif
9fa3e853 91
bdc44640 92struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 93/* current CPU in the current thread. It is only valid inside
94 cpu_exec() */
f240eb6f 95__thread CPUState *current_cpu;
2e70f6ef 96/* 0 = Do not count executed instructions.
bf20dc07 97 1 = Precise instruction counting.
2e70f6ef 98 2 = Adaptive rate instruction counting. */
5708fc66 99int use_icount;
6a00d601 100
e2eef170 101#if !defined(CONFIG_USER_ONLY)
4346ae3e 102
1db8abb1
PB		 103typedef struct PhysPageEntry PhysPageEntry;
104
105struct PhysPageEntry {
9736e55b 106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 107 uint32_t skip : 6;
9736e55b 108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 109 uint32_t ptr : 26;
1db8abb1
PB		 110};
111
8b795765
MT		 112#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113
03f49957 114/* Size of the L2 (and L3, etc) page tables. */
57271d63 115#define ADDR_SPACE_BITS 64
03f49957 116
026736ce 117#define P_L2_BITS 9
03f49957
PB		 118#define P_L2_SIZE (1 << P_L2_BITS)
119
120#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121
122typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 123
53cb28cb 124typedef struct PhysPageMap {
79e2b9ae
PB		 125 struct rcu_head rcu;
126
53cb28cb
MA		 127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
129 unsigned nodes_nb;
130 unsigned nodes_nb_alloc;
131 Node *nodes;
132 MemoryRegionSection *sections;
133} PhysPageMap;
134
1db8abb1 135struct AddressSpaceDispatch {
79e2b9ae
PB		 136 struct rcu_head rcu;
137
1db8abb1
PB		 138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
140 */
141 PhysPageEntry phys_map;
53cb28cb 142 PhysPageMap map;
acc9d80b 143 AddressSpace *as;
1db8abb1
PB		 144};
145
90260c6c
JK		 146#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147typedef struct subpage_t {
148 MemoryRegion iomem;
acc9d80b 149 AddressSpace *as;
90260c6c
JK		 150 hwaddr base;
151 uint16_t sub_section[TARGET_PAGE_SIZE];
152} subpage_t;
153
b41aac4f
LPF		 154#define PHYS_SECTION_UNASSIGNED 0
155#define PHYS_SECTION_NOTDIRTY 1
156#define PHYS_SECTION_ROM 2
157#define PHYS_SECTION_WATCH 3
5312bd8b 158
e2eef170 159static void io_mem_init(void);
62152b8a 160static void memory_map_init(void);
09daed84 161static void tcg_commit(MemoryListener *listener);
e2eef170 162
1ec9b909 163static MemoryRegion io_mem_watch;
32857f4d
PM		 164
165/**
166 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
167 * @cpu: the CPU whose AddressSpace this is
168 * @as: the AddressSpace itself
169 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
170 * @tcg_as_listener: listener for tracking changes to the AddressSpace
171 */
172struct CPUAddressSpace {
173 CPUState *cpu;
174 AddressSpace *as;
175 struct AddressSpaceDispatch *memory_dispatch;
176 MemoryListener tcg_as_listener;
177};
178
6658ffb8 179#endif
fd6ce8f6 180
6d9a1304 181#if !defined(CONFIG_USER_ONLY)
d6f2ea22 182
53cb28cb 183static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 184{
53cb28cb
MA		 185 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
186 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
188 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 189 }
f7bf5461
AK		 190}
191
db94604b 192static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 193{
194 unsigned i;
8b795765 195 uint32_t ret;
db94604b
PB		 196 PhysPageEntry e;
197 PhysPageEntry *p;
f7bf5461 198
53cb28cb 199 ret = map->nodes_nb++;
db94604b 200 p = map->nodes[ret];
f7bf5461 201 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 202 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 203
204 e.skip = leaf ? 0 : 1;
205 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 206 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 207 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 208 }
f7bf5461 209 return ret;
d6f2ea22
AK		 210}
211
53cb28cb
MA		 212static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
213 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 214 int level)
f7bf5461
AK		 215{
216 PhysPageEntry *p;
03f49957 217 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 218
9736e55b 219 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 220 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 221 }
db94604b 222 p = map->nodes[lp->ptr];
03f49957 223 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 224
03f49957 225 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 226 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 227 lp->skip = 0;
c19e8800 228 lp->ptr = leaf;
07f07b31
AK		 229 *index += step;
230 *nb -= step;
2999097b 231 } else {
53cb28cb 232 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 233 }
234 ++lp;
f7bf5461
AK		 235 }
236}
237
ac1970fb 238static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 239 hwaddr index, hwaddr nb,
2999097b 240 uint16_t leaf)
f7bf5461 241{
2999097b 242 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 243 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 244
53cb28cb 245 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 246}
247
b35ba30f
MT		 248/* Compact a non leaf page entry. Simply detect that the entry has a single child,
249 * and update our entry so we can skip it and go directly to the destination.
250 */
251static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
252{
253 unsigned valid_ptr = P_L2_SIZE;
254 int valid = 0;
255 PhysPageEntry *p;
256 int i;
257
258 if (lp->ptr == PHYS_MAP_NODE_NIL) {
259 return;
260 }
261
262 p = nodes[lp->ptr];
263 for (i = 0; i < P_L2_SIZE; i++) {
264 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
265 continue;
266 }
267
268 valid_ptr = i;
269 valid++;
270 if (p[i].skip) {
271 phys_page_compact(&p[i], nodes, compacted);
272 }
273 }
274
275 /* We can only compress if there's only one child. */
276 if (valid != 1) {
277 return;
278 }
279
280 assert(valid_ptr < P_L2_SIZE);
281
282 /* Don't compress if it won't fit in the # of bits we have. */
283 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
284 return;
285 }
286
287 lp->ptr = p[valid_ptr].ptr;
288 if (!p[valid_ptr].skip) {
289 /* If our only child is a leaf, make this a leaf. */
290 /* By design, we should have made this node a leaf to begin with so we
291 * should never reach here.
292 * But since it's so simple to handle this, let's do it just in case we
293 * change this rule.
294 */
295 lp->skip = 0;
296 } else {
297 lp->skip += p[valid_ptr].skip;
298 }
299}
300
301static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
302{
303 DECLARE_BITMAP(compacted, nodes_nb);
304
305 if (d->phys_map.skip) {
53cb28cb 306 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 307 }
308}
309
97115a8d 310static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 311 Node *nodes, MemoryRegionSection *sections)
92e873b9 312{
31ab2b4a 313 PhysPageEntry *p;
97115a8d 314 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 315 int i;
f1f6e3b8 316
9736e55b 317 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 318 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 319 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 320 }
9affd6fc 321 p = nodes[lp.ptr];
03f49957 322 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 323 }
b35ba30f
MT		 324
325 if (sections[lp.ptr].size.hi ||
326 range_covers_byte(sections[lp.ptr].offset_within_address_space,
327 sections[lp.ptr].size.lo, addr)) {
328 return &sections[lp.ptr];
329 } else {
330 return &sections[PHYS_SECTION_UNASSIGNED];
331 }
f3705d53
AK		 332}
333
e5548617
BS		 334bool memory_region_is_unassigned(MemoryRegion *mr)
335{
2a8e7499 336 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 337 && mr != &io_mem_watch;
fd6ce8f6 338}
149f54b5 339
79e2b9ae 340/* Called from RCU critical section */
c7086b4a 341static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 342 hwaddr addr,
343 bool resolve_subpage)
9f029603 344{
90260c6c
JK		 345 MemoryRegionSection *section;
346 subpage_t *subpage;
347
53cb28cb 348 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 349 if (resolve_subpage && section->mr->subpage) {
350 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 351 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 352 }
353 return section;
9f029603
JK		 354}
355
79e2b9ae 356/* Called from RCU critical section */
90260c6c 357static MemoryRegionSection *
c7086b4a 358address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 359 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 360{
361 MemoryRegionSection *section;
965eb2fc 362 MemoryRegion *mr;
a87f3954 363 Int128 diff;
149f54b5 364
c7086b4a 365 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 366 /* Compute offset within MemoryRegionSection */
367 addr -= section->offset_within_address_space;
368
369 /* Compute offset within MemoryRegion */
370 *xlat = addr + section->offset_within_region;
371
965eb2fc 372 mr = section->mr;
b242e0e0
PB		 373
374 /* MMIO registers can be expected to perform full-width accesses based only
375 * on their address, without considering adjacent registers that could
376 * decode to completely different MemoryRegions. When such registers
377 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
378 * regions overlap wildly. For this reason we cannot clamp the accesses
379 * here.
380 *
381 * If the length is small (as is the case for address_space_ldl/stl),
382 * everything works fine. If the incoming length is large, however,
383 * the caller really has to do the clamping through memory_access_size.
384 */
965eb2fc 385 if (memory_region_is_ram(mr)) {
e4a511f8 386 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 387 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
388 }
149f54b5
PB		 389 return section;
390}
90260c6c 391
41063e1e 392/* Called from RCU critical section */
5c8a00ce
PB		 393MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
394 hwaddr *xlat, hwaddr *plen,
395 bool is_write)
90260c6c 396{
30951157
AK		 397 IOMMUTLBEntry iotlb;
398 MemoryRegionSection *section;
399 MemoryRegion *mr;
30951157
AK		 400
401 for (;;) {
79e2b9ae
PB		 402 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
403 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 404 mr = section->mr;
405
406 if (!mr->iommu_ops) {
407 break;
408 }
409
8d7b8cb9 410 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 411 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
412 | (addr & iotlb.addr_mask));
23820dbf 413 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 414 if (!(iotlb.perm & (1 << is_write))) {
415 mr = &io_mem_unassigned;
416 break;
417 }
418
419 as = iotlb.target_as;
420 }
421
fe680d0d 422 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 423 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 424 *plen = MIN(page, *plen);
a87f3954
PB		 425 }
426
30951157
AK		 427 *xlat = addr;
428 return mr;
90260c6c
JK		 429}
430
79e2b9ae 431/* Called from RCU critical section */
90260c6c 432MemoryRegionSection *
d7898cda 433address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 434 hwaddr *xlat, hwaddr *plen)
90260c6c 435{
30951157 436 MemoryRegionSection *section;
d7898cda
PM		 437 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
438
439 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 440
441 assert(!section->mr->iommu_ops);
442 return section;
90260c6c 443}
5b6dd868 444#endif
fd6ce8f6 445
b170fce3 446#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 447
448static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 449{
259186a7 450 CPUState *cpu = opaque;
a513fe19 451
5b6dd868
BS		 452 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
453 version_id is increased. */
259186a7 454 cpu->interrupt_request &= ~0x01;
c01a71c1 455 tlb_flush(cpu, 1);
5b6dd868
BS		 456
457 return 0;
a513fe19 458}
7501267e 459
6c3bff0e
PD		 460static int cpu_common_pre_load(void *opaque)
461{
462 CPUState *cpu = opaque;
463
adee6424 464 cpu->exception_index = -1;
6c3bff0e
PD		 465
466 return 0;
467}
468
469static bool cpu_common_exception_index_needed(void *opaque)
470{
471 CPUState *cpu = opaque;
472
adee6424 473 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 474}
475
476static const VMStateDescription vmstate_cpu_common_exception_index = {
477 .name = "cpu_common/exception_index",
478 .version_id = 1,
479 .minimum_version_id = 1,
5cd8cada 480 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 481 .fields = (VMStateField[]) {
482 VMSTATE_INT32(exception_index, CPUState),
483 VMSTATE_END_OF_LIST()
484 }
485};
486
bac05aa9
AS		 487static bool cpu_common_crash_occurred_needed(void *opaque)
488{
489 CPUState *cpu = opaque;
490
491 return cpu->crash_occurred;
492}
493
494static const VMStateDescription vmstate_cpu_common_crash_occurred = {
495 .name = "cpu_common/crash_occurred",
496 .version_id = 1,
497 .minimum_version_id = 1,
498 .needed = cpu_common_crash_occurred_needed,
499 .fields = (VMStateField[]) {
500 VMSTATE_BOOL(crash_occurred, CPUState),
501 VMSTATE_END_OF_LIST()
502 }
503};
504
1a1562f5 505const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 506 .name = "cpu_common",
507 .version_id = 1,
508 .minimum_version_id = 1,
6c3bff0e 509 .pre_load = cpu_common_pre_load,
5b6dd868 510 .post_load = cpu_common_post_load,
35d08458 511 .fields = (VMStateField[]) {
259186a7
AF		 512 VMSTATE_UINT32(halted, CPUState),
513 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 514 VMSTATE_END_OF_LIST()
6c3bff0e 515 },
5cd8cada
JQ		 516 .subsections = (const VMStateDescription*[]) {
517 &vmstate_cpu_common_exception_index,
bac05aa9 518 &vmstate_cpu_common_crash_occurred,
5cd8cada 519 NULL
5b6dd868
BS		 520 }
521};
1a1562f5 522
5b6dd868 523#endif
ea041c0e 524
38d8f5c8 525CPUState *qemu_get_cpu(int index)
ea041c0e 526{
bdc44640 527 CPUState *cpu;
ea041c0e 528
bdc44640 529 CPU_FOREACH(cpu) {
55e5c285 530 if (cpu->cpu_index == index) {
bdc44640 531 return cpu;
55e5c285 532 }
ea041c0e 533 }
5b6dd868 534
bdc44640 535 return NULL;
ea041c0e
FB		 536}
537
09daed84 538#if !defined(CONFIG_USER_ONLY)
56943e8c 539void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 540{
12ebc9a7
PM		 541 CPUAddressSpace *newas;
542
543 /* Target code should have set num_ases before calling us */
544 assert(asidx < cpu->num_ases);
545
56943e8c
PM		 546 if (asidx == 0) {
547 /* address space 0 gets the convenience alias */
548 cpu->as = as;
549 }
550
12ebc9a7
PM		 551 /* KVM cannot currently support multiple address spaces. */
552 assert(asidx == 0 || !kvm_enabled());
09daed84 553
12ebc9a7
PM		 554 if (!cpu->cpu_ases) {
555 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 556 }
32857f4d 557
12ebc9a7
PM		 558 newas = &cpu->cpu_ases[asidx];
559 newas->cpu = cpu;
560 newas->as = as;
56943e8c 561 if (tcg_enabled()) {
12ebc9a7
PM		 562 newas->tcg_as_listener.commit = tcg_commit;
563 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 564 }
09daed84 565}
651a5bc0
PM		 566
567AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
568{
569 /* Return the AddressSpace corresponding to the specified index */
570 return cpu->cpu_ases[asidx].as;
571}
09daed84
EI		 572#endif
573
b7bca733
BR		 574#ifndef CONFIG_USER_ONLY
575static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
576
577static int cpu_get_free_index(Error **errp)
578{
579 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
580
581 if (cpu >= MAX_CPUMASK_BITS) {
582 error_setg(errp, "Trying to use more CPUs than max of %d",
583 MAX_CPUMASK_BITS);
584 return -1;
585 }
586
587 bitmap_set(cpu_index_map, cpu, 1);
588 return cpu;
589}
590
591void cpu_exec_exit(CPUState *cpu)
592{
593 if (cpu->cpu_index == -1) {
594 /* cpu_index was never allocated by this @cpu or was already freed. */
595 return;
596 }
597
598 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
599 cpu->cpu_index = -1;
600}
601#else
602
603static int cpu_get_free_index(Error **errp)
604{
605 CPUState *some_cpu;
606 int cpu_index = 0;
607
608 CPU_FOREACH(some_cpu) {
609 cpu_index++;
610 }
611 return cpu_index;
612}
613
614void cpu_exec_exit(CPUState *cpu)
615{
616}
617#endif
618
4bad9e39 619void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 620{
b170fce3 621 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 622 int cpu_index;
b7bca733 623 Error *local_err = NULL;
5b6dd868 624
56943e8c 625 cpu->as = NULL;
12ebc9a7 626 cpu->num_ases = 0;
56943e8c 627
291135b5 628#ifndef CONFIG_USER_ONLY
291135b5 629 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 630
631 /* This is a softmmu CPU object, so create a property for it
632 * so users can wire up its memory. (This can't go in qom/cpu.c
633 * because that file is compiled only once for both user-mode
634 * and system builds.) The default if no link is set up is to use
635 * the system address space.
636 */
637 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
638 (Object **)&cpu->memory,
639 qdev_prop_allow_set_link_before_realize,
640 OBJ_PROP_LINK_UNREF_ON_RELEASE,
641 &error_abort);
642 cpu->memory = system_memory;
643 object_ref(OBJECT(cpu->memory));
291135b5
EH		 644#endif
645
5b6dd868
BS		 646#if defined(CONFIG_USER_ONLY)
647 cpu_list_lock();
648#endif
b7bca733
BR		 649 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
650 if (local_err) {
651 error_propagate(errp, local_err);
652#if defined(CONFIG_USER_ONLY)
653 cpu_list_unlock();
654#endif
655 return;
5b6dd868 656 }
bdc44640 657 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 658#if defined(CONFIG_USER_ONLY)
659 cpu_list_unlock();
660#endif
e0d47944
AF		 661 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
662 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
663 }
b170fce3
AF		 664 if (cc->vmsd != NULL) {
665 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
666 }
ea041c0e
FB		 667}
668
94df27fd 669#if defined(CONFIG_USER_ONLY)
00b941e5 670static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 671{
672 tb_invalidate_phys_page_range(pc, pc + 1, 0);
673}
674#else
00b941e5 675static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 676{
5232e4c7
PM		 677 MemTxAttrs attrs;
678 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
679 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 680 if (phys != -1) {
5232e4c7 681 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 682 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 683 }
1e7855a5 684}
c27004ec 685#endif
d720b93d 686
c527ee8f 687#if defined(CONFIG_USER_ONLY)
75a34036 688void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 689
690{
691}
692
3ee887e8
PM		 693int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
694 int flags)
695{
696 return -ENOSYS;
697}
698
699void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
700{
701}
702
75a34036 703int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 704 int flags, CPUWatchpoint **watchpoint)
705{
706 return -ENOSYS;
707}
708#else
6658ffb8 709/* Add a watchpoint. */
75a34036 710int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 711 int flags, CPUWatchpoint **watchpoint)
6658ffb8 712{
c0ce998e 713 CPUWatchpoint *wp;
6658ffb8 714
05068c0d 715 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 716 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 717 error_report("tried to set invalid watchpoint at %"
718 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 719 return -EINVAL;
720 }
7267c094 721 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 722
723 wp->vaddr = addr;
05068c0d 724 wp->len = len;
a1d1bb31
AL		 725 wp->flags = flags;
726
2dc9f411 727 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 728 if (flags & BP_GDB) {
729 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
730 } else {
731 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
732 }
6658ffb8 733
31b030d4 734 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 735
736 if (watchpoint)
737 *watchpoint = wp;
738 return 0;
6658ffb8
PB		 739}
740
a1d1bb31 741/* Remove a specific watchpoint. */
75a34036 742int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 743 int flags)
6658ffb8 744{
a1d1bb31 745 CPUWatchpoint *wp;
6658ffb8 746
ff4700b0 747 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 748 if (addr == wp->vaddr && len == wp->len
6e140f28 749 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 750 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 751 return 0;
752 }
753 }
a1d1bb31 754 return -ENOENT;
6658ffb8
PB		 755}
756
a1d1bb31 757/* Remove a specific watchpoint by reference. */
75a34036 758void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 759{
ff4700b0 760 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 761
31b030d4 762 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 763
7267c094 764 g_free(watchpoint);
a1d1bb31
AL		 765}
766
767/* Remove all matching watchpoints. */
75a34036 768void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 769{
c0ce998e 770 CPUWatchpoint *wp, *next;
a1d1bb31 771
ff4700b0 772 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 773 if (wp->flags & mask) {
774 cpu_watchpoint_remove_by_ref(cpu, wp);
775 }
c0ce998e 776 }
7d03f82f 777}
05068c0d
PM		 778
779/* Return true if this watchpoint address matches the specified
780 * access (ie the address range covered by the watchpoint overlaps
781 * partially or completely with the address range covered by the
782 * access).
783 */
784static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
785 vaddr addr,
786 vaddr len)
787{
788 /* We know the lengths are non-zero, but a little caution is
789 * required to avoid errors in the case where the range ends
790 * exactly at the top of the address space and so addr + len
791 * wraps round to zero.
792 */
793 vaddr wpend = wp->vaddr + wp->len - 1;
794 vaddr addrend = addr + len - 1;
795
796 return !(addr > wpend || wp->vaddr > addrend);
797}
798
c527ee8f 799#endif
7d03f82f 800
a1d1bb31 801/* Add a breakpoint. */
b3310ab3 802int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 803 CPUBreakpoint **breakpoint)
4c3a88a2 804{
c0ce998e 805 CPUBreakpoint *bp;
3b46e624 806
7267c094 807 bp = g_malloc(sizeof(*bp));
4c3a88a2 808
a1d1bb31
AL		 809 bp->pc = pc;
810 bp->flags = flags;
811
2dc9f411 812 /* keep all GDB-injected breakpoints in front */
00b941e5 813 if (flags & BP_GDB) {
f0c3c505 814 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 815 } else {
f0c3c505 816 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 817 }
3b46e624 818
f0c3c505 819 breakpoint_invalidate(cpu, pc);
a1d1bb31 820
00b941e5 821 if (breakpoint) {
a1d1bb31 822 *breakpoint = bp;
00b941e5 823 }
4c3a88a2 824 return 0;
4c3a88a2
FB		 825}
826
a1d1bb31 827/* Remove a specific breakpoint. */
b3310ab3 828int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 829{
a1d1bb31
AL		 830 CPUBreakpoint *bp;
831
f0c3c505 832 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 833 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 834 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 835 return 0;
836 }
7d03f82f 837 }
a1d1bb31 838 return -ENOENT;
7d03f82f
EI		 839}
840
a1d1bb31 841/* Remove a specific breakpoint by reference. */
b3310ab3 842void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 843{
f0c3c505
AF		 844 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
845
846 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 847
7267c094 848 g_free(breakpoint);
a1d1bb31
AL		 849}
850
851/* Remove all matching breakpoints. */
b3310ab3 852void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 853{
c0ce998e 854 CPUBreakpoint *bp, *next;
a1d1bb31 855
f0c3c505 856 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 857 if (bp->flags & mask) {
858 cpu_breakpoint_remove_by_ref(cpu, bp);
859 }
c0ce998e 860 }
4c3a88a2
FB		 861}
862
c33a346e
FB		 863/* enable or disable single step mode. EXCP_DEBUG is returned by the
864 CPU loop after each instruction */
3825b28f 865void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 866{
ed2803da
AF		 867 if (cpu->singlestep_enabled != enabled) {
868 cpu->singlestep_enabled = enabled;
869 if (kvm_enabled()) {
38e478ec 870 kvm_update_guest_debug(cpu, 0);
ed2803da 871 } else {
ccbb4d44 872 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 873 /* XXX: only flush what is necessary */
bbd77c18 874 tb_flush(cpu);
e22a25c9 875 }
c33a346e 876 }
c33a346e
FB		 877}
878
a47dddd7 879void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 880{
881 va_list ap;
493ae1f0 882 va_list ap2;
7501267e
FB		 883
884 va_start(ap, fmt);
493ae1f0 885 va_copy(ap2, ap);
7501267e
FB		 886 fprintf(stderr, "qemu: fatal: ");
887 vfprintf(stderr, fmt, ap);
888 fprintf(stderr, "\n");
878096ee 889 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 890 if (qemu_log_separate()) {
93fcfe39
AL		 891 qemu_log("qemu: fatal: ");
892 qemu_log_vprintf(fmt, ap2);
893 qemu_log("\n");
a0762859 894 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 895 qemu_log_flush();
93fcfe39 896 qemu_log_close();
924edcae 897 }
493ae1f0 898 va_end(ap2);
f9373291 899 va_end(ap);
7615936e 900 replay_finish();
fd052bf6
RV		 901#if defined(CONFIG_USER_ONLY)
902 {
903 struct sigaction act;
904 sigfillset(&act.sa_mask);
905 act.sa_handler = SIG_DFL;
906 sigaction(SIGABRT, &act, NULL);
907 }
908#endif
7501267e
FB		 909 abort();
910}
911
0124311e 912#if !defined(CONFIG_USER_ONLY)
0dc3f44a 913/* Called from RCU critical section */
041603fe
PB		 914static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
915{
916 RAMBlock *block;
917
43771539 918 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 919 if (block && addr - block->offset < block->max_length) {
68851b98 920 return block;
041603fe 921 }
0dc3f44a 922 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 923 if (addr - block->offset < block->max_length) {
041603fe
PB		 924 goto found;
925 }
926 }
927
928 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
929 abort();
930
931found:
43771539
PB		 932 /* It is safe to write mru_block outside the iothread lock. This
933 * is what happens:
934 *
935 * mru_block = xxx
936 * rcu_read_unlock()
937 * xxx removed from list
938 * rcu_read_lock()
939 * read mru_block
940 * mru_block = NULL;
941 * call_rcu(reclaim_ramblock, xxx);
942 * rcu_read_unlock()
943 *
944 * atomic_rcu_set is not needed here. The block was already published
945 * when it was placed into the list. Here we're just making an extra
946 * copy of the pointer.
947 */
041603fe
PB		 948 ram_list.mru_block = block;
949 return block;
950}
951
a2f4d5be 952static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 953{
9a13565d 954 CPUState *cpu;
041603fe 955 ram_addr_t start1;
a2f4d5be
JQ		 956 RAMBlock *block;
957 ram_addr_t end;
958
959 end = TARGET_PAGE_ALIGN(start + length);
960 start &= TARGET_PAGE_MASK;
d24981d3 961
0dc3f44a 962 rcu_read_lock();
041603fe
PB		 963 block = qemu_get_ram_block(start);
964 assert(block == qemu_get_ram_block(end - 1));
1240be24 965 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 966 CPU_FOREACH(cpu) {
967 tlb_reset_dirty(cpu, start1, length);
968 }
0dc3f44a 969 rcu_read_unlock();
d24981d3
JQ		 970}
971
5579c7f3 972/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 973bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
974 ram_addr_t length,
975 unsigned client)
1ccde1cb 976{
5b82b703 977 DirtyMemoryBlocks *blocks;
03eebc9e 978 unsigned long end, page;
5b82b703 979 bool dirty = false;
03eebc9e
SH		 980
981 if (length == 0) {
982 return false;
983 }
f23db169 984
03eebc9e
SH		 985 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
986 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 987
988 rcu_read_lock();
989
990 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
991
992 while (page < end) {
993 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
994 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
995 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
996
997 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
998 offset, num);
999 page += num;
1000 }
1001
1002 rcu_read_unlock();
03eebc9e
SH		 1003
1004 if (dirty && tcg_enabled()) {
a2f4d5be 1005 tlb_reset_dirty_range_all(start, length);
5579c7f3 1006 }
03eebc9e
SH		 1007
1008 return dirty;
1ccde1cb
FB		 1009}
1010
79e2b9ae 1011/* Called from RCU critical section */
bb0e627a 1012hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1013 MemoryRegionSection *section,
1014 target_ulong vaddr,
1015 hwaddr paddr, hwaddr xlat,
1016 int prot,
1017 target_ulong *address)
e5548617 1018{
a8170e5e 1019 hwaddr iotlb;
e5548617
BS		 1020 CPUWatchpoint *wp;
1021
cc5bea60 1022 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1023 /* Normal RAM. */
1024 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1025 + xlat;
e5548617 1026 if (!section->readonly) {
b41aac4f 1027 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1028 } else {
b41aac4f 1029 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1030 }
1031 } else {
0b8e2c10
PM		 1032 AddressSpaceDispatch *d;
1033
1034 d = atomic_rcu_read(&section->address_space->dispatch);
1035 iotlb = section - d->map.sections;
149f54b5 1036 iotlb += xlat;
e5548617
BS		 1037 }
1038
1039 /* Make accesses to pages with watchpoints go via the
1040 watchpoint trap routines. */
ff4700b0 1041 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1042 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1043 /* Avoid trapping reads of pages with a write breakpoint. */
1044 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1045 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1046 *address |= TLB_MMIO;
1047 break;
1048 }
1049 }
1050 }
1051
1052 return iotlb;
1053}
9fa3e853
FB		 1054#endif /* defined(CONFIG_USER_ONLY) */
1055
e2eef170 1056#if !defined(CONFIG_USER_ONLY)
8da3ff18 1057
c227f099 1058static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1059 uint16_t section);
acc9d80b 1060static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1061
a2b257d6
IM		 1062static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1063 qemu_anon_ram_alloc;
91138037
MA		 1064
1065/*
1066 * Set a custom physical guest memory alloator.
1067 * Accelerators with unusual needs may need this. Hopefully, we can
1068 * get rid of it eventually.
1069 */
a2b257d6 1070void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1071{
1072 phys_mem_alloc = alloc;
1073}
1074
53cb28cb
MA		 1075static uint16_t phys_section_add(PhysPageMap *map,
1076 MemoryRegionSection *section)
5312bd8b 1077{
68f3f65b
PB		 1078 /* The physical section number is ORed with a page-aligned
1079 * pointer to produce the iotlb entries. Thus it should
1080 * never overflow into the page-aligned value.
1081 */
53cb28cb 1082 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1083
53cb28cb
MA		 1084 if (map->sections_nb == map->sections_nb_alloc) {
1085 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1086 map->sections = g_renew(MemoryRegionSection, map->sections,
1087 map->sections_nb_alloc);
5312bd8b 1088 }
53cb28cb 1089 map->sections[map->sections_nb] = *section;
dfde4e6e 1090 memory_region_ref(section->mr);
53cb28cb 1091 return map->sections_nb++;
5312bd8b
AK		 1092}
1093
058bc4b5
PB		 1094static void phys_section_destroy(MemoryRegion *mr)
1095{
55b4e80b
DS		 1096 bool have_sub_page = mr->subpage;
1097
dfde4e6e
PB		 1098 memory_region_unref(mr);
1099
55b4e80b 1100 if (have_sub_page) {
058bc4b5 1101 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1102 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1103 g_free(subpage);
1104 }
1105}
1106
6092666e 1107static void phys_sections_free(PhysPageMap *map)
5312bd8b 1108{
9affd6fc
PB		 1109 while (map->sections_nb > 0) {
1110 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1111 phys_section_destroy(section->mr);
1112 }
9affd6fc
PB		 1113 g_free(map->sections);
1114 g_free(map->nodes);
5312bd8b
AK		 1115}
1116
ac1970fb 1117static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1118{
1119 subpage_t *subpage;
a8170e5e 1120 hwaddr base = section->offset_within_address_space
0f0cb164 1121 & TARGET_PAGE_MASK;
97115a8d 1122 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1123 d->map.nodes, d->map.sections);
0f0cb164
AK		 1124 MemoryRegionSection subsection = {
1125 .offset_within_address_space = base,
052e87b0 1126 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1127 };
a8170e5e 1128 hwaddr start, end;
0f0cb164 1129
f3705d53 1130 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1131
f3705d53 1132 if (!(existing->mr->subpage)) {
acc9d80b 1133 subpage = subpage_init(d->as, base);
3be91e86 1134 subsection.address_space = d->as;
0f0cb164 1135 subsection.mr = &subpage->iomem;
ac1970fb 1136 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1137 phys_section_add(&d->map, &subsection));
0f0cb164 1138 } else {
f3705d53 1139 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1140 }
1141 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1142 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1143 subpage_register(subpage, start, end,
1144 phys_section_add(&d->map, section));
0f0cb164
AK		 1145}
1146
1147
052e87b0
PB		 1148static void register_multipage(AddressSpaceDispatch *d,
1149 MemoryRegionSection *section)
33417e70 1150{
a8170e5e 1151 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1152 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1153 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1154 TARGET_PAGE_BITS));
dd81124b 1155
733d5ef5
PB		 1156 assert(num_pages);
1157 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1158}
1159
ac1970fb 1160static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1161{
89ae337a 1162 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1163 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1164 MemoryRegionSection now = *section, remain = *section;
052e87b0 1165 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1166
733d5ef5
PB		 1167 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1168 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1169 - now.offset_within_address_space;
1170
052e87b0 1171 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1172 register_subpage(d, &now);
733d5ef5 1173 } else {
052e87b0 1174 now.size = int128_zero();
733d5ef5 1175 }
052e87b0
PB		 1176 while (int128_ne(remain.size, now.size)) {
1177 remain.size = int128_sub(remain.size, now.size);
1178 remain.offset_within_address_space += int128_get64(now.size);
1179 remain.offset_within_region += int128_get64(now.size);
69b67646 1180 now = remain;
052e87b0 1181 if (int128_lt(remain.size, page_size)) {
733d5ef5 1182 register_subpage(d, &now);
88266249 1183 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1184 now.size = page_size;
ac1970fb 1185 register_subpage(d, &now);
69b67646 1186 } else {
052e87b0 1187 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1188 register_multipage(d, &now);
69b67646 1189 }
0f0cb164
AK		 1190 }
1191}
1192
62a2744c
SY		 1193void qemu_flush_coalesced_mmio_buffer(void)
1194{
1195 if (kvm_enabled())
1196 kvm_flush_coalesced_mmio_buffer();
1197}
1198
b2a8658e
UD		 1199void qemu_mutex_lock_ramlist(void)
1200{
1201 qemu_mutex_lock(&ram_list.mutex);
1202}
1203
1204void qemu_mutex_unlock_ramlist(void)
1205{
1206 qemu_mutex_unlock(&ram_list.mutex);
1207}
1208
e1e84ba0 1209#ifdef __linux__
c902760f
MT		 1210
1211#include <sys/vfs.h>
1212
1213#define HUGETLBFS_MAGIC 0x958458f6
1214
fc7a5800 1215static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1216{
1217 struct statfs fs;
1218 int ret;
1219
1220 do {
9742bf26 1221 ret = statfs(path, &fs);
c902760f
MT		 1222 } while (ret != 0 && errno == EINTR);
1223
1224 if (ret != 0) {
fc7a5800
HT		 1225 error_setg_errno(errp, errno, "failed to get page size of file %s",
1226 path);
9742bf26 1227 return 0;
c902760f
MT		 1228 }
1229
c902760f
MT		 1230 return fs.f_bsize;
1231}
1232
04b16653
AW		 1233static void *file_ram_alloc(RAMBlock *block,
1234 ram_addr_t memory,
7f56e740
PB		 1235 const char *path,
1236 Error **errp)
c902760f 1237{
8d31d6b6 1238 struct stat st;
c902760f 1239 char *filename;
8ca761f6
PF		 1240 char *sanitized_name;
1241 char *c;
794e8f30 1242 void *area;
c902760f 1243 int fd;
557529dd 1244 uint64_t hpagesize;
fc7a5800 1245 Error *local_err = NULL;
c902760f 1246
fc7a5800
HT		 1247 hpagesize = gethugepagesize(path, &local_err);
1248 if (local_err) {
1249 error_propagate(errp, local_err);
f9a49dfa 1250 goto error;
c902760f 1251 }
a2b257d6 1252 block->mr->align = hpagesize;
c902760f
MT		 1253
1254 if (memory < hpagesize) {
557529dd
HT		 1255 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1256 "or larger than huge page size 0x%" PRIx64,
1257 memory, hpagesize);
1258 goto error;
c902760f
MT		 1259 }
1260
1261 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1262 error_setg(errp,
1263 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1264 goto error;
c902760f
MT		 1265 }
1266
8d31d6b6
PF		 1267 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1268 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1269 sanitized_name = g_strdup(memory_region_name(block->mr));
1270 for (c = sanitized_name; *c != '\0'; c++) {
1271 if (*c == '/') {
1272 *c = '_';
1273 }
1274 }
8ca761f6 1275
8d31d6b6
PF		 1276 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1277 sanitized_name);
1278 g_free(sanitized_name);
1279
1280 fd = mkstemp(filename);
1281 if (fd >= 0) {
1282 unlink(filename);
1283 }
1284 g_free(filename);
1285 } else {
1286 fd = open(path, O_RDWR | O_CREAT, 0644);
1287 }
c902760f 1288
c902760f 1289 if (fd < 0) {
7f56e740
PB		 1290 error_setg_errno(errp, errno,
1291 "unable to create backing store for hugepages");
f9a49dfa 1292 goto error;
c902760f 1293 }
c902760f 1294
9284f319 1295 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1296
1297 /*
1298 * ftruncate is not supported by hugetlbfs in older
1299 * hosts, so don't bother bailing out on errors.
1300 * If anything goes wrong with it under other filesystems,
1301 * mmap will fail.
1302 */
7f56e740 1303 if (ftruncate(fd, memory)) {
9742bf26 1304 perror("ftruncate");
7f56e740 1305 }
c902760f 1306
794e8f30 1307 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1308 if (area == MAP_FAILED) {
7f56e740
PB		 1309 error_setg_errno(errp, errno,
1310 "unable to map backing store for hugepages");
9742bf26 1311 close(fd);
f9a49dfa 1312 goto error;
c902760f 1313 }
ef36fa14
MT		 1314
1315 if (mem_prealloc) {
38183310 1316 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1317 }
1318
04b16653 1319 block->fd = fd;
c902760f 1320 return area;
f9a49dfa
MT		 1321
1322error:
f9a49dfa 1323 return NULL;
c902760f
MT		 1324}
1325#endif
1326
0dc3f44a 1327/* Called with the ramlist lock held. */
d17b5288 1328static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1329{
1330 RAMBlock *block, *next_block;
3e837b2c 1331 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1332
49cd9ac6
SH		 1333 assert(size != 0); /* it would hand out same offset multiple times */
1334
0dc3f44a 1335 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1336 return 0;
0d53d9fe 1337 }
04b16653 1338
0dc3f44a 1339 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1340 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1341
62be4e3a 1342 end = block->offset + block->max_length;
04b16653 1343
0dc3f44a 1344 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1345 if (next_block->offset >= end) {
1346 next = MIN(next, next_block->offset);
1347 }
1348 }
1349 if (next - end >= size && next - end < mingap) {
3e837b2c 1350 offset = end;
04b16653
AW		 1351 mingap = next - end;
1352 }
1353 }
3e837b2c
AW		 1354
1355 if (offset == RAM_ADDR_MAX) {
1356 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1357 (uint64_t)size);
1358 abort();
1359 }
1360
04b16653
AW		 1361 return offset;
1362}
1363
652d7ec2 1364ram_addr_t last_ram_offset(void)
d17b5288
AW		 1365{
1366 RAMBlock *block;
1367 ram_addr_t last = 0;
1368
0dc3f44a
MD		 1369 rcu_read_lock();
1370 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1371 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1372 }
0dc3f44a 1373 rcu_read_unlock();
d17b5288
AW		 1374 return last;
1375}
1376
ddb97f1d
JB		 1377static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1378{
1379 int ret;
ddb97f1d
JB		 1380
1381 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1382 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1383 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1384 if (ret) {
1385 perror("qemu_madvise");
1386 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1387 "but dump_guest_core=off specified\n");
1388 }
1389 }
1390}
1391
0dc3f44a
MD		 1392/* Called within an RCU critical section, or while the ramlist lock
1393 * is held.
1394 */
20cfe881 1395static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1396{
20cfe881 1397 RAMBlock *block;
84b89d78 1398
0dc3f44a 1399 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1400 if (block->offset == addr) {
20cfe881 1401 return block;
c5705a77
AK		 1402 }
1403 }
20cfe881
HT		 1404
1405 return NULL;
1406}
1407
422148d3
DDAG		 1408const char *qemu_ram_get_idstr(RAMBlock *rb)
1409{
1410 return rb->idstr;
1411}
1412
ae3a7047 1413/* Called with iothread lock held. */
20cfe881
HT		 1414void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1415{
ae3a7047 1416 RAMBlock *new_block, *block;
20cfe881 1417
0dc3f44a 1418 rcu_read_lock();
ae3a7047 1419 new_block = find_ram_block(addr);
c5705a77
AK		 1420 assert(new_block);
1421 assert(!new_block->idstr[0]);
84b89d78 1422
09e5ab63
AL		 1423 if (dev) {
1424 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1425 if (id) {
1426 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1427 g_free(id);
84b89d78
CM		 1428 }
1429 }
1430 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1431
0dc3f44a 1432 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1433 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1434 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1435 new_block->idstr);
1436 abort();
1437 }
1438 }
0dc3f44a 1439 rcu_read_unlock();
c5705a77
AK		 1440}
1441
ae3a7047 1442/* Called with iothread lock held. */
20cfe881
HT		 1443void qemu_ram_unset_idstr(ram_addr_t addr)
1444{
ae3a7047 1445 RAMBlock *block;
20cfe881 1446
ae3a7047
MD		 1447 /* FIXME: arch_init.c assumes that this is not called throughout
1448 * migration. Ignore the problem since hot-unplug during migration
1449 * does not work anyway.
1450 */
1451
0dc3f44a 1452 rcu_read_lock();
ae3a7047 1453 block = find_ram_block(addr);
20cfe881
HT		 1454 if (block) {
1455 memset(block->idstr, 0, sizeof(block->idstr));
1456 }
0dc3f44a 1457 rcu_read_unlock();
20cfe881
HT		 1458}
1459
8490fc78
LC		 1460static int memory_try_enable_merging(void *addr, size_t len)
1461{
75cc7f01 1462 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1463 /* disabled by the user */
1464 return 0;
1465 }
1466
1467 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1468}
1469
62be4e3a
MT		 1470/* Only legal before guest might have detected the memory size: e.g. on
1471 * incoming migration, or right after reset.
1472 *
1473 * As memory core doesn't know how is memory accessed, it is up to
1474 * resize callback to update device state and/or add assertions to detect
1475 * misuse, if necessary.
1476 */
1477int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1478{
1479 RAMBlock *block = find_ram_block(base);
1480
1481 assert(block);
1482
4ed023ce 1483 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1484
62be4e3a
MT		 1485 if (block->used_length == newsize) {
1486 return 0;
1487 }
1488
1489 if (!(block->flags & RAM_RESIZEABLE)) {
1490 error_setg_errno(errp, EINVAL,
1491 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1492 " in != 0x" RAM_ADDR_FMT, block->idstr,
1493 newsize, block->used_length);
1494 return -EINVAL;
1495 }
1496
1497 if (block->max_length < newsize) {
1498 error_setg_errno(errp, EINVAL,
1499 "Length too large: %s: 0x" RAM_ADDR_FMT
1500 " > 0x" RAM_ADDR_FMT, block->idstr,
1501 newsize, block->max_length);
1502 return -EINVAL;
1503 }
1504
1505 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1506 block->used_length = newsize;
58d2707e
PB		 1507 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1508 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1509 memory_region_set_size(block->mr, newsize);
1510 if (block->resized) {
1511 block->resized(block->idstr, newsize, block->host);
1512 }
1513 return 0;
1514}
1515
5b82b703
SH		 1516/* Called with ram_list.mutex held */
1517static void dirty_memory_extend(ram_addr_t old_ram_size,
1518 ram_addr_t new_ram_size)
1519{
1520 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1521 DIRTY_MEMORY_BLOCK_SIZE);
1522 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1523 DIRTY_MEMORY_BLOCK_SIZE);
1524 int i;
1525
1526 /* Only need to extend if block count increased */
1527 if (new_num_blocks <= old_num_blocks) {
1528 return;
1529 }
1530
1531 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1532 DirtyMemoryBlocks *old_blocks;
1533 DirtyMemoryBlocks *new_blocks;
1534 int j;
1535
1536 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1537 new_blocks = g_malloc(sizeof(*new_blocks) +
1538 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1539
1540 if (old_num_blocks) {
1541 memcpy(new_blocks->blocks, old_blocks->blocks,
1542 old_num_blocks * sizeof(old_blocks->blocks[0]));
1543 }
1544
1545 for (j = old_num_blocks; j < new_num_blocks; j++) {
1546 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1547 }
1548
1549 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1550
1551 if (old_blocks) {
1552 g_free_rcu(old_blocks, rcu);
1553 }
1554 }
1555}
1556
528f46af 1557static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1558{
e1c57ab8 1559 RAMBlock *block;
0d53d9fe 1560 RAMBlock *last_block = NULL;
2152f5ca 1561 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1562 Error *err = NULL;
2152f5ca
JQ		 1563
1564 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1565
b2a8658e 1566 qemu_mutex_lock_ramlist();
9b8424d5 1567 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1568
1569 if (!new_block->host) {
1570 if (xen_enabled()) {
9b8424d5 1571 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1572 new_block->mr, &err);
1573 if (err) {
1574 error_propagate(errp, err);
1575 qemu_mutex_unlock_ramlist();
37aa7a0e 1576 }
e1c57ab8 1577 } else {
9b8424d5 1578 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1579 &new_block->mr->align);
39228250 1580 if (!new_block->host) {
ef701d7b
HT		 1581 error_setg_errno(errp, errno,
1582 "cannot set up guest memory '%s'",
1583 memory_region_name(new_block->mr));
1584 qemu_mutex_unlock_ramlist();
39228250 1585 }
9b8424d5 1586 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1587 }
c902760f 1588 }
94a6b54f 1589
dd631697
LZ		 1590 new_ram_size = MAX(old_ram_size,
1591 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1592 if (new_ram_size > old_ram_size) {
1593 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1594 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1595 }
0d53d9fe
MD		 1596 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1597 * QLIST (which has an RCU-friendly variant) does not have insertion at
1598 * tail, so save the last element in last_block.
1599 */
0dc3f44a 1600 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1601 last_block = block;
9b8424d5 1602 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1603 break;
1604 }
1605 }
1606 if (block) {
0dc3f44a 1607 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1608 } else if (last_block) {
0dc3f44a 1609 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1610 } else { /* list is empty */
0dc3f44a 1611 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1612 }
0d6d3c87 1613 ram_list.mru_block = NULL;
94a6b54f 1614
0dc3f44a
MD		 1615 /* Write list before version */
1616 smp_wmb();
f798b07f 1617 ram_list.version++;
b2a8658e 1618 qemu_mutex_unlock_ramlist();
f798b07f 1619
9b8424d5 1620 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1621 new_block->used_length,
1622 DIRTY_CLIENTS_ALL);
94a6b54f 1623
a904c911
PB		 1624 if (new_block->host) {
1625 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1626 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1627 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1628 if (kvm_enabled()) {
1629 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1630 }
e1c57ab8 1631 }
94a6b54f 1632}
e9a1ab19 1633
0b183fc8 1634#ifdef __linux__
528f46af
FZ		 1635RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1636 bool share, const char *mem_path,
1637 Error **errp)
e1c57ab8
PB		 1638{
1639 RAMBlock *new_block;
ef701d7b 1640 Error *local_err = NULL;
e1c57ab8
PB		 1641
1642 if (xen_enabled()) {
7f56e740 1643 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1644 return NULL;
e1c57ab8
PB		 1645 }
1646
1647 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1648 /*
1649 * file_ram_alloc() needs to allocate just like
1650 * phys_mem_alloc, but we haven't bothered to provide
1651 * a hook there.
1652 */
7f56e740
PB		 1653 error_setg(errp,
1654 "-mem-path not supported with this accelerator");
528f46af 1655 return NULL;
e1c57ab8
PB		 1656 }
1657
4ed023ce 1658 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1659 new_block = g_malloc0(sizeof(*new_block));
1660 new_block->mr = mr;
9b8424d5
MT		 1661 new_block->used_length = size;
1662 new_block->max_length = size;
dbcb8981 1663 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1664 new_block->host = file_ram_alloc(new_block, size,
1665 mem_path, errp);
1666 if (!new_block->host) {
1667 g_free(new_block);
528f46af 1668 return NULL;
7f56e740
PB		 1669 }
1670
528f46af 1671 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1672 if (local_err) {
1673 g_free(new_block);
1674 error_propagate(errp, local_err);
528f46af 1675 return NULL;
ef701d7b 1676 }
528f46af 1677 return new_block;
e1c57ab8 1678}
0b183fc8 1679#endif
e1c57ab8 1680
62be4e3a 1681static
528f46af
FZ		 1682RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1683 void (*resized)(const char*,
1684 uint64_t length,
1685 void *host),
1686 void *host, bool resizeable,
1687 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1688{
1689 RAMBlock *new_block;
ef701d7b 1690 Error *local_err = NULL;
e1c57ab8 1691
4ed023ce
DDAG		 1692 size = HOST_PAGE_ALIGN(size);
1693 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1694 new_block = g_malloc0(sizeof(*new_block));
1695 new_block->mr = mr;
62be4e3a 1696 new_block->resized = resized;
9b8424d5
MT		 1697 new_block->used_length = size;
1698 new_block->max_length = max_size;
62be4e3a 1699 assert(max_size >= size);
e1c57ab8
PB		 1700 new_block->fd = -1;
1701 new_block->host = host;
1702 if (host) {
7bd4f430 1703 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1704 }
62be4e3a
MT		 1705 if (resizeable) {
1706 new_block->flags |= RAM_RESIZEABLE;
1707 }
528f46af 1708 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1709 if (local_err) {
1710 g_free(new_block);
1711 error_propagate(errp, local_err);
528f46af 1712 return NULL;
ef701d7b 1713 }
528f46af 1714 return new_block;
e1c57ab8
PB		 1715}
1716
528f46af 1717RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1718 MemoryRegion *mr, Error **errp)
1719{
1720 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1721}
1722
528f46af 1723RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1724{
62be4e3a
MT		 1725 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1726}
1727
528f46af 1728RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1729 void (*resized)(const char*,
1730 uint64_t length,
1731 void *host),
1732 MemoryRegion *mr, Error **errp)
1733{
1734 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1735}
1736
43771539
PB		 1737static void reclaim_ramblock(RAMBlock *block)
1738{
1739 if (block->flags & RAM_PREALLOC) {
1740 ;
1741 } else if (xen_enabled()) {
1742 xen_invalidate_map_cache_entry(block->host);
1743#ifndef _WIN32
1744 } else if (block->fd >= 0) {
2f3a2bb1 1745 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1746 close(block->fd);
1747#endif
1748 } else {
1749 qemu_anon_ram_free(block->host, block->max_length);
1750 }
1751 g_free(block);
1752}
1753
f1060c55 1754void qemu_ram_free(RAMBlock *block)
e9a1ab19 1755{
b2a8658e 1756 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1757 QLIST_REMOVE_RCU(block, next);
1758 ram_list.mru_block = NULL;
1759 /* Write list before version */
1760 smp_wmb();
1761 ram_list.version++;
1762 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1763 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1764}
1765
cd19cfa2
HY		 1766#ifndef _WIN32
1767void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1768{
1769 RAMBlock *block;
1770 ram_addr_t offset;
1771 int flags;
1772 void *area, *vaddr;
1773
0dc3f44a 1774 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1775 offset = addr - block->offset;
9b8424d5 1776 if (offset < block->max_length) {
1240be24 1777 vaddr = ramblock_ptr(block, offset);
7bd4f430 1778 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1779 ;
dfeaf2ab
MA		 1780 } else if (xen_enabled()) {
1781 abort();
cd19cfa2
HY		 1782 } else {
1783 flags = MAP_FIXED;
3435f395 1784 if (block->fd >= 0) {
dbcb8981
PB		 1785 flags |= (block->flags & RAM_SHARED ?
1786 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1787 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1788 flags, block->fd, offset);
cd19cfa2 1789 } else {
2eb9fbaa
MA		 1790 /*
1791 * Remap needs to match alloc. Accelerators that
1792 * set phys_mem_alloc never remap. If they did,
1793 * we'd need a remap hook here.
1794 */
1795 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1796
cd19cfa2
HY		 1797 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1798 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1799 flags, -1, 0);
cd19cfa2
HY		 1800 }
1801 if (area != vaddr) {
f15fbc4b
AP		 1802 fprintf(stderr, "Could not remap addr: "
1803 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1804 length, addr);
1805 exit(1);
1806 }
8490fc78 1807 memory_try_enable_merging(vaddr, length);
ddb97f1d 1808 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1809 }
cd19cfa2
HY		 1810 }
1811 }
1812}
1813#endif /* !_WIN32 */
1814
a35ba7be
PB		 1815int qemu_get_ram_fd(ram_addr_t addr)
1816{
ae3a7047
MD		 1817 RAMBlock *block;
1818 int fd;
a35ba7be 1819
0dc3f44a 1820 rcu_read_lock();
ae3a7047
MD		 1821 block = qemu_get_ram_block(addr);
1822 fd = block->fd;
0dc3f44a 1823 rcu_read_unlock();
ae3a7047 1824 return fd;
a35ba7be
PB		 1825}
1826
56a571d9
TM		 1827void qemu_set_ram_fd(ram_addr_t addr, int fd)
1828{
1829 RAMBlock *block;
1830
1831 rcu_read_lock();
1832 block = qemu_get_ram_block(addr);
1833 block->fd = fd;
1834 rcu_read_unlock();
1835}
1836
3fd74b84
DM		 1837void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1838{
ae3a7047
MD		 1839 RAMBlock *block;
1840 void *ptr;
3fd74b84 1841
0dc3f44a 1842 rcu_read_lock();
ae3a7047
MD		 1843 block = qemu_get_ram_block(addr);
1844 ptr = ramblock_ptr(block, 0);
0dc3f44a 1845 rcu_read_unlock();
ae3a7047 1846 return ptr;
3fd74b84
DM		 1847}
1848
1b5ec234 1849/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1850 * This should not be used for general purpose DMA. Use address_space_map
1851 * or address_space_rw instead. For local memory (e.g. video ram) that the
1852 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1853 *
49b24afc 1854 * Called within RCU critical section.
1b5ec234 1855 */
3655cb9c 1856void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1857{
3655cb9c
GA		 1858 RAMBlock *block = ram_block;
1859
1860 if (block == NULL) {
1861 block = qemu_get_ram_block(addr);
1862 }
ae3a7047
MD		 1863
1864 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1865 /* We need to check if the requested address is in the RAM
1866 * because we don't want to map the entire memory in QEMU.
1867 * In that case just map until the end of the page.
1868 */
1869 if (block->offset == 0) {
49b24afc 1870 return xen_map_cache(addr, 0, 0);
0d6d3c87 1871 }
ae3a7047
MD		 1872
1873 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1874 }
49b24afc 1875 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1876}
1877
38bee5dc 1878/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1879 * but takes a size argument.
0dc3f44a 1880 *
e81bcda5 1881 * Called within RCU critical section.
ae3a7047 1882 */
3655cb9c
GA		 1883static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1884 hwaddr *size)
38bee5dc 1885{
3655cb9c 1886 RAMBlock *block = ram_block;
e81bcda5 1887 ram_addr_t offset_inside_block;
8ab934f9
SS		 1888 if (*size == 0) {
1889 return NULL;
1890 }
e81bcda5 1891
3655cb9c
GA		 1892 if (block == NULL) {
1893 block = qemu_get_ram_block(addr);
1894 }
e81bcda5
PB		 1895 offset_inside_block = addr - block->offset;
1896 *size = MIN(*size, block->max_length - offset_inside_block);
1897
1898 if (xen_enabled() && block->host == NULL) {
1899 /* We need to check if the requested address is in the RAM
1900 * because we don't want to map the entire memory in QEMU.
1901 * In that case just map the requested area.
1902 */
1903 if (block->offset == 0) {
1904 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1905 }
1906
e81bcda5 1907 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1908 }
e81bcda5
PB		 1909
1910 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1911}
1912
422148d3
DDAG		 1913/*
1914 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1915 * in that RAMBlock.
1916 *
1917 * ptr: Host pointer to look up
1918 * round_offset: If true round the result offset down to a page boundary
1919 * *ram_addr: set to result ram_addr
1920 * *offset: set to result offset within the RAMBlock
1921 *
1922 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1923 *
1924 * By the time this function returns, the returned pointer is not protected
1925 * by RCU anymore. If the caller is not within an RCU critical section and
1926 * does not hold the iothread lock, it must have other means of protecting the
1927 * pointer, such as a reference to the region that includes the incoming
1928 * ram_addr_t.
1929 */
422148d3
DDAG		 1930RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1931 ram_addr_t *ram_addr,
1932 ram_addr_t *offset)
5579c7f3 1933{
94a6b54f
PB		 1934 RAMBlock *block;
1935 uint8_t *host = ptr;
1936
868bb33f 1937 if (xen_enabled()) {
0dc3f44a 1938 rcu_read_lock();
e41d7c69 1939 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1940 block = qemu_get_ram_block(*ram_addr);
1941 if (block) {
1942 *offset = (host - block->host);
1943 }
0dc3f44a 1944 rcu_read_unlock();
422148d3 1945 return block;
712c2b41
SS		 1946 }
1947
0dc3f44a
MD		 1948 rcu_read_lock();
1949 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1950 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1951 goto found;
1952 }
1953
0dc3f44a 1954 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1955 /* This case append when the block is not mapped. */
1956 if (block->host == NULL) {
1957 continue;
1958 }
9b8424d5 1959 if (host - block->host < block->max_length) {
23887b79 1960 goto found;
f471a17e 1961 }
94a6b54f 1962 }
432d268c 1963
0dc3f44a 1964 rcu_read_unlock();
1b5ec234 1965 return NULL;
23887b79
PB		 1966
1967found:
422148d3
DDAG		 1968 *offset = (host - block->host);
1969 if (round_offset) {
1970 *offset &= TARGET_PAGE_MASK;
1971 }
1972 *ram_addr = block->offset + *offset;
0dc3f44a 1973 rcu_read_unlock();
422148d3
DDAG		 1974 return block;
1975}
1976
e3dd7493
DDAG		 1977/*
1978 * Finds the named RAMBlock
1979 *
1980 * name: The name of RAMBlock to find
1981 *
1982 * Returns: RAMBlock (or NULL if not found)
1983 */
1984RAMBlock *qemu_ram_block_by_name(const char *name)
1985{
1986 RAMBlock *block;
1987
1988 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1989 if (!strcmp(name, block->idstr)) {
1990 return block;
1991 }
1992 }
1993
1994 return NULL;
1995}
1996
422148d3
DDAG		 1997/* Some of the softmmu routines need to translate from a host pointer
1998 (typically a TLB entry) back to a ram offset. */
1999MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2000{
2001 RAMBlock *block;
2002 ram_addr_t offset; /* Not used */
2003
2004 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2005
2006 if (!block) {
2007 return NULL;
2008 }
2009
2010 return block->mr;
e890261f 2011}
f471a17e 2012
49b24afc 2013/* Called within RCU critical section. */
a8170e5e 2014static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2015 uint64_t val, unsigned size)
9fa3e853 2016{
52159192 2017 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2018 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2019 }
0e0df1e2
AK		 2020 switch (size) {
2021 case 1:
3655cb9c 2022 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2023 break;
2024 case 2:
3655cb9c 2025 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2026 break;
2027 case 4:
3655cb9c 2028 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2029 break;
2030 default:
2031 abort();
3a7d929e 2032 }
58d2707e
PB		 2033 /* Set both VGA and migration bits for simplicity and to remove
2034 * the notdirty callback faster.
2035 */
2036 cpu_physical_memory_set_dirty_range(ram_addr, size,
2037 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2038 /* we remove the notdirty callback only if the code has been
2039 flushed */
a2cd8c85 2040 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2041 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2042 }
9fa3e853
FB		 2043}
2044
b018ddf6
PB		 2045static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2046 unsigned size, bool is_write)
2047{
2048 return is_write;
2049}
2050
0e0df1e2 2051static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2052 .write = notdirty_mem_write,
b018ddf6 2053 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2054 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2055};
2056
0f459d16 2057/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2058static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2059{
93afeade 2060 CPUState *cpu = current_cpu;
568496c0 2061 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2062 CPUArchState *env = cpu->env_ptr;
06d55cc1 2063 target_ulong pc, cs_base;
0f459d16 2064 target_ulong vaddr;
a1d1bb31 2065 CPUWatchpoint *wp;
06d55cc1 2066 int cpu_flags;
0f459d16 2067
ff4700b0 2068 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2069 /* We re-entered the check after replacing the TB. Now raise
2070 * the debug interrupt so that is will trigger after the
2071 * current instruction. */
93afeade 2072 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2073 return;
2074 }
93afeade 2075 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2076 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2077 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2078 && (wp->flags & flags)) {
08225676
PM		 2079 if (flags == BP_MEM_READ) {
2080 wp->flags |= BP_WATCHPOINT_HIT_READ;
2081 } else {
2082 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2083 }
2084 wp->hitaddr = vaddr;
66b9b43c 2085 wp->hitattrs = attrs;
ff4700b0 2086 if (!cpu->watchpoint_hit) {
568496c0
SF		 2087 if (wp->flags & BP_CPU &&
2088 !cc->debug_check_watchpoint(cpu, wp)) {
2089 wp->flags &= ~BP_WATCHPOINT_HIT;
2090 continue;
2091 }
ff4700b0 2092 cpu->watchpoint_hit = wp;
239c51a5 2093 tb_check_watchpoint(cpu);
6e140f28 2094 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2095 cpu->exception_index = EXCP_DEBUG;
5638d180 2096 cpu_loop_exit(cpu);
6e140f28
AL		 2097 } else {
2098 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2099 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2100 cpu_resume_from_signal(cpu, NULL);
6e140f28 2101 }
06d55cc1 2102 }
6e140f28
AL		 2103 } else {
2104 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2105 }
2106 }
2107}
2108
6658ffb8
PB		 2109/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2110 so these check for a hit then pass through to the normal out-of-line
2111 phys routines. */
66b9b43c
PM		 2112static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2113 unsigned size, MemTxAttrs attrs)
6658ffb8 2114{
66b9b43c
PM		 2115 MemTxResult res;
2116 uint64_t data;
79ed0416
PM		 2117 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2118 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2119
2120 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2121 switch (size) {
66b9b43c 2122 case 1:
79ed0416 2123 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2124 break;
2125 case 2:
79ed0416 2126 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2127 break;
2128 case 4:
79ed0416 2129 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2130 break;
1ec9b909
AK		 2131 default: abort();
2132 }
66b9b43c
PM		 2133 *pdata = data;
2134 return res;
6658ffb8
PB		 2135}
2136
66b9b43c
PM		 2137static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2138 uint64_t val, unsigned size,
2139 MemTxAttrs attrs)
6658ffb8 2140{
66b9b43c 2141 MemTxResult res;
79ed0416
PM		 2142 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2143 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2144
2145 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2146 switch (size) {
67364150 2147 case 1:
79ed0416 2148 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2149 break;
2150 case 2:
79ed0416 2151 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2152 break;
2153 case 4:
79ed0416 2154 address_space_stl(as, addr, val, attrs, &res);
67364150 2155 break;
1ec9b909
AK		 2156 default: abort();
2157 }
66b9b43c 2158 return res;
6658ffb8
PB		 2159}
2160
1ec9b909 2161static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2162 .read_with_attrs = watch_mem_read,
2163 .write_with_attrs = watch_mem_write,
1ec9b909 2164 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2165};
6658ffb8 2166
f25a49e0
PM		 2167static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2168 unsigned len, MemTxAttrs attrs)
db7b5426 2169{
acc9d80b 2170 subpage_t *subpage = opaque;
ff6cff75 2171 uint8_t buf[8];
5c9eb028 2172 MemTxResult res;
791af8c8 2173
db7b5426 2174#if defined(DEBUG_SUBPAGE)
016e9d62 2175 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2176 subpage, len, addr);
db7b5426 2177#endif
5c9eb028
PM		 2178 res = address_space_read(subpage->as, addr + subpage->base,
2179 attrs, buf, len);
2180 if (res) {
2181 return res;
f25a49e0 2182 }
acc9d80b
JK		 2183 switch (len) {
2184 case 1:
f25a49e0
PM		 2185 *data = ldub_p(buf);
2186 return MEMTX_OK;
acc9d80b 2187 case 2:
f25a49e0
PM		 2188 *data = lduw_p(buf);
2189 return MEMTX_OK;
acc9d80b 2190 case 4:
f25a49e0
PM		 2191 *data = ldl_p(buf);
2192 return MEMTX_OK;
ff6cff75 2193 case 8:
f25a49e0
PM		 2194 *data = ldq_p(buf);
2195 return MEMTX_OK;
acc9d80b
JK		 2196 default:
2197 abort();
2198 }
db7b5426
BS		 2199}
2200
f25a49e0
PM		 2201static MemTxResult subpage_write(void *opaque, hwaddr addr,
2202 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2203{
acc9d80b 2204 subpage_t *subpage = opaque;
ff6cff75 2205 uint8_t buf[8];
acc9d80b 2206
db7b5426 2207#if defined(DEBUG_SUBPAGE)
016e9d62 2208 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2209 " value %"PRIx64"\n",
2210 __func__, subpage, len, addr, value);
db7b5426 2211#endif
acc9d80b
JK		 2212 switch (len) {
2213 case 1:
2214 stb_p(buf, value);
2215 break;
2216 case 2:
2217 stw_p(buf, value);
2218 break;
2219 case 4:
2220 stl_p(buf, value);
2221 break;
ff6cff75
PB		 2222 case 8:
2223 stq_p(buf, value);
2224 break;
acc9d80b
JK		 2225 default:
2226 abort();
2227 }
5c9eb028
PM		 2228 return address_space_write(subpage->as, addr + subpage->base,
2229 attrs, buf, len);
db7b5426
BS		 2230}
2231
c353e4cc 2232static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2233 unsigned len, bool is_write)
c353e4cc 2234{
acc9d80b 2235 subpage_t *subpage = opaque;
c353e4cc 2236#if defined(DEBUG_SUBPAGE)
016e9d62 2237 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2238 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2239#endif
2240
acc9d80b 2241 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2242 len, is_write);
c353e4cc
PB		 2243}
2244
70c68e44 2245static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2246 .read_with_attrs = subpage_read,
2247 .write_with_attrs = subpage_write,
ff6cff75
PB		 2248 .impl.min_access_size = 1,
2249 .impl.max_access_size = 8,
2250 .valid.min_access_size = 1,
2251 .valid.max_access_size = 8,
c353e4cc 2252 .valid.accepts = subpage_accepts,
70c68e44 2253 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2254};
2255
c227f099 2256static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2257 uint16_t section)
db7b5426
BS		 2258{
2259 int idx, eidx;
2260
2261 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2262 return -1;
2263 idx = SUBPAGE_IDX(start);
2264 eidx = SUBPAGE_IDX(end);
2265#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2266 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2267 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2268#endif
db7b5426 2269 for (; idx <= eidx; idx++) {
5312bd8b 2270 mmio->sub_section[idx] = section;
db7b5426
BS		 2271 }
2272
2273 return 0;
2274}
2275
acc9d80b 2276static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2277{
c227f099 2278 subpage_t *mmio;
db7b5426 2279
7267c094 2280 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2281
acc9d80b 2282 mmio->as = as;
1eec614b 2283 mmio->base = base;
2c9b15ca 2284 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2285 NULL, TARGET_PAGE_SIZE);
b3b00c78 2286 mmio->iomem.subpage = true;
db7b5426 2287#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2288 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2289 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2290#endif
b41aac4f 2291 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2292
2293 return mmio;
2294}
2295
a656e22f
PC		 2296static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2297 MemoryRegion *mr)
5312bd8b 2298{
a656e22f 2299 assert(as);
5312bd8b 2300 MemoryRegionSection section = {
a656e22f 2301 .address_space = as,
5312bd8b
AK		 2302 .mr = mr,
2303 .offset_within_address_space = 0,
2304 .offset_within_region = 0,
052e87b0 2305 .size = int128_2_64(),
5312bd8b
AK		 2306 };
2307
53cb28cb 2308 return phys_section_add(map, &section);
5312bd8b
AK		 2309}
2310
a54c87b6 2311MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2312{
a54c87b6
PM		 2313 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2314 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2315 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2316 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2317
2318 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2319}
2320
e9179ce1
AK		 2321static void io_mem_init(void)
2322{
1f6245e5 2323 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2324 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2325 NULL, UINT64_MAX);
2c9b15ca 2326 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2327 NULL, UINT64_MAX);
2c9b15ca 2328 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2329 NULL, UINT64_MAX);
e9179ce1
AK		 2330}
2331
ac1970fb 2332static void mem_begin(MemoryListener *listener)
00752703
PB		 2333{
2334 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2335 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2336 uint16_t n;
2337
a656e22f 2338 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2339 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2340 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2341 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2342 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2343 assert(n == PHYS_SECTION_ROM);
a656e22f 2344 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2345 assert(n == PHYS_SECTION_WATCH);
00752703 2346
9736e55b 2347 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2348 d->as = as;
2349 as->next_dispatch = d;
2350}
2351
79e2b9ae
PB		 2352static void address_space_dispatch_free(AddressSpaceDispatch *d)
2353{
2354 phys_sections_free(&d->map);
2355 g_free(d);
2356}
2357
00752703 2358static void mem_commit(MemoryListener *listener)
ac1970fb 2359{
89ae337a 2360 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2361 AddressSpaceDispatch *cur = as->dispatch;
2362 AddressSpaceDispatch *next = as->next_dispatch;
2363
53cb28cb 2364 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2365
79e2b9ae 2366 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2367 if (cur) {
79e2b9ae 2368 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2369 }
9affd6fc
PB		 2370}
2371
1d71148e 2372static void tcg_commit(MemoryListener *listener)
50c1e149 2373{
32857f4d
PM		 2374 CPUAddressSpace *cpuas;
2375 AddressSpaceDispatch *d;
117712c3
AK		 2376
2377 /* since each CPU stores ram addresses in its TLB cache, we must
2378 reset the modified entries */
32857f4d
PM		 2379 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2380 cpu_reloading_memory_map();
2381 /* The CPU and TLB are protected by the iothread lock.
2382 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2383 * may have split the RCU critical section.
2384 */
2385 d = atomic_rcu_read(&cpuas->as->dispatch);
2386 cpuas->memory_dispatch = d;
2387 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2388}
2389
ac1970fb
AK		 2390void address_space_init_dispatch(AddressSpace *as)
2391{
00752703 2392 as->dispatch = NULL;
89ae337a 2393 as->dispatch_listener = (MemoryListener) {
ac1970fb 2394 .begin = mem_begin,
00752703 2395 .commit = mem_commit,
ac1970fb
AK		 2396 .region_add = mem_add,
2397 .region_nop = mem_add,
2398 .priority = 0,
2399 };
89ae337a 2400 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2401}
2402
6e48e8f9
PB		 2403void address_space_unregister(AddressSpace *as)
2404{
2405 memory_listener_unregister(&as->dispatch_listener);
2406}
2407
83f3c251
AK		 2408void address_space_destroy_dispatch(AddressSpace *as)
2409{
2410 AddressSpaceDispatch *d = as->dispatch;
2411
79e2b9ae
PB		 2412 atomic_rcu_set(&as->dispatch, NULL);
2413 if (d) {
2414 call_rcu(d, address_space_dispatch_free, rcu);
2415 }
83f3c251
AK		 2416}
2417
62152b8a
AK		 2418static void memory_map_init(void)
2419{
7267c094 2420 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2421
57271d63 2422 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2423 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2424
7267c094 2425 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2426 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2427 65536);
7dca8043 2428 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2429}
2430
2431MemoryRegion *get_system_memory(void)
2432{
2433 return system_memory;
2434}
2435
309cb471
AK		 2436MemoryRegion *get_system_io(void)
2437{
2438 return system_io;
2439}
2440
e2eef170
PB		 2441#endif /* !defined(CONFIG_USER_ONLY) */
2442
13eb76e0
FB		 2443/* physical memory access (slow version, mainly for debug) */
2444#if defined(CONFIG_USER_ONLY)
f17ec444 2445int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2446 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2447{
2448 int l, flags;
2449 target_ulong page;
53a5960a 2450 void * p;
13eb76e0
FB		 2451
2452 while (len > 0) {
2453 page = addr & TARGET_PAGE_MASK;
2454 l = (page + TARGET_PAGE_SIZE) - addr;
2455 if (l > len)
2456 l = len;
2457 flags = page_get_flags(page);
2458 if (!(flags & PAGE_VALID))
a68fe89c 2459 return -1;
13eb76e0
FB		 2460 if (is_write) {
2461 if (!(flags & PAGE_WRITE))
a68fe89c 2462 return -1;
579a97f7 2463 /* XXX: this code should not depend on lock_user */
72fb7daa 2464 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2465 return -1;
72fb7daa
AJ		 2466 memcpy(p, buf, l);
2467 unlock_user(p, addr, l);
13eb76e0
FB		 2468 } else {
2469 if (!(flags & PAGE_READ))
a68fe89c 2470 return -1;
579a97f7 2471 /* XXX: this code should not depend on lock_user */
72fb7daa 2472 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2473 return -1;
72fb7daa 2474 memcpy(buf, p, l);
5b257578 2475 unlock_user(p, addr, 0);
13eb76e0
FB		 2476 }
2477 len -= l;
2478 buf += l;
2479 addr += l;
2480 }
a68fe89c 2481 return 0;
13eb76e0 2482}
8df1cd07 2483
13eb76e0 2484#else
51d7a9eb 2485
845b6214 2486static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2487 hwaddr length)
51d7a9eb 2488{
e87f7778
PB		 2489 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2490 /* No early return if dirty_log_mask is or becomes 0, because
2491 * cpu_physical_memory_set_dirty_range will still call
2492 * xen_modified_memory.
2493 */
2494 if (dirty_log_mask) {
2495 dirty_log_mask =
2496 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2497 }
2498 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2499 tb_invalidate_phys_range(addr, addr + length);
2500 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2501 }
e87f7778 2502 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2503}
2504
23326164 2505static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2506{
e1622f4b 2507 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2508
2509 /* Regions are assumed to support 1-4 byte accesses unless
2510 otherwise specified. */
23326164
RH		 2511 if (access_size_max == 0) {
2512 access_size_max = 4;
2513 }
2514
2515 /* Bound the maximum access by the alignment of the address. */
2516 if (!mr->ops->impl.unaligned) {
2517 unsigned align_size_max = addr & -addr;
2518 if (align_size_max != 0 && align_size_max < access_size_max) {
2519 access_size_max = align_size_max;
2520 }
82f2563f 2521 }
23326164
RH		 2522
2523 /* Don't attempt accesses larger than the maximum. */
2524 if (l > access_size_max) {
2525 l = access_size_max;
82f2563f 2526 }
6554f5c0 2527 l = pow2floor(l);
23326164
RH		 2528
2529 return l;
82f2563f
PB		 2530}
2531
4840f10e 2532static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2533{
4840f10e
JK		 2534 bool unlocked = !qemu_mutex_iothread_locked();
2535 bool release_lock = false;
2536
2537 if (unlocked && mr->global_locking) {
2538 qemu_mutex_lock_iothread();
2539 unlocked = false;
2540 release_lock = true;
2541 }
125b3806 2542 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2543 if (unlocked) {
2544 qemu_mutex_lock_iothread();
2545 }
125b3806 2546 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2547 if (unlocked) {
2548 qemu_mutex_unlock_iothread();
2549 }
125b3806 2550 }
4840f10e
JK		 2551
2552 return release_lock;
125b3806
PB		 2553}
2554
a203ac70
PB		 2555/* Called within RCU critical section. */
2556static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2557 MemTxAttrs attrs,
2558 const uint8_t *buf,
2559 int len, hwaddr addr1,
2560 hwaddr l, MemoryRegion *mr)
13eb76e0 2561{
13eb76e0 2562 uint8_t *ptr;
791af8c8 2563 uint64_t val;
3b643495 2564 MemTxResult result = MEMTX_OK;
4840f10e 2565 bool release_lock = false;
3b46e624 2566
a203ac70 2567 for (;;) {
eb7eeb88
PB		 2568 if (!memory_access_is_direct(mr, true)) {
2569 release_lock |= prepare_mmio_access(mr);
2570 l = memory_access_size(mr, l, addr1);
2571 /* XXX: could force current_cpu to NULL to avoid
2572 potential bugs */
2573 switch (l) {
2574 case 8:
2575 /* 64 bit write access */
2576 val = ldq_p(buf);
2577 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2578 attrs);
2579 break;
2580 case 4:
2581 /* 32 bit write access */
2582 val = ldl_p(buf);
2583 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2584 attrs);
2585 break;
2586 case 2:
2587 /* 16 bit write access */
2588 val = lduw_p(buf);
2589 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2590 attrs);
2591 break;
2592 case 1:
2593 /* 8 bit write access */
2594 val = ldub_p(buf);
2595 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2596 attrs);
2597 break;
2598 default:
2599 abort();
13eb76e0
FB		 2600 }
2601 } else {
eb7eeb88
PB		 2602 addr1 += memory_region_get_ram_addr(mr);
2603 /* RAM case */
3655cb9c 2604 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2605 memcpy(ptr, buf, l);
2606 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2607 }
4840f10e
JK		 2608
2609 if (release_lock) {
2610 qemu_mutex_unlock_iothread();
2611 release_lock = false;
2612 }
2613
13eb76e0
FB		 2614 len -= l;
2615 buf += l;
2616 addr += l;
a203ac70
PB		 2617
2618 if (!len) {
2619 break;
2620 }
2621
2622 l = len;
2623 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2624 }
fd8aaa76 2625
3b643495 2626 return result;
13eb76e0 2627}
8df1cd07 2628
a203ac70
PB		 2629MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2630 const uint8_t *buf, int len)
ac1970fb 2631{
eb7eeb88 2632 hwaddr l;
eb7eeb88
PB		 2633 hwaddr addr1;
2634 MemoryRegion *mr;
2635 MemTxResult result = MEMTX_OK;
eb7eeb88 2636
a203ac70
PB		 2637 if (len > 0) {
2638 rcu_read_lock();
eb7eeb88 2639 l = len;
a203ac70
PB		 2640 mr = address_space_translate(as, addr, &addr1, &l, true);
2641 result = address_space_write_continue(as, addr, attrs, buf, len,
2642 addr1, l, mr);
2643 rcu_read_unlock();
2644 }
2645
2646 return result;
2647}
2648
2649/* Called within RCU critical section. */
2650MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2651 MemTxAttrs attrs, uint8_t *buf,
2652 int len, hwaddr addr1, hwaddr l,
2653 MemoryRegion *mr)
2654{
2655 uint8_t *ptr;
2656 uint64_t val;
2657 MemTxResult result = MEMTX_OK;
2658 bool release_lock = false;
eb7eeb88 2659
a203ac70 2660 for (;;) {
eb7eeb88
PB		 2661 if (!memory_access_is_direct(mr, false)) {
2662 /* I/O case */
2663 release_lock |= prepare_mmio_access(mr);
2664 l = memory_access_size(mr, l, addr1);
2665 switch (l) {
2666 case 8:
2667 /* 64 bit read access */
2668 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2669 attrs);
2670 stq_p(buf, val);
2671 break;
2672 case 4:
2673 /* 32 bit read access */
2674 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2675 attrs);
2676 stl_p(buf, val);
2677 break;
2678 case 2:
2679 /* 16 bit read access */
2680 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2681 attrs);
2682 stw_p(buf, val);
2683 break;
2684 case 1:
2685 /* 8 bit read access */
2686 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2687 attrs);
2688 stb_p(buf, val);
2689 break;
2690 default:
2691 abort();
2692 }
2693 } else {
2694 /* RAM case */
8e41fb63
FZ		 2695 ptr = qemu_get_ram_ptr(mr->ram_block,
2696 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2697 memcpy(buf, ptr, l);
2698 }
2699
2700 if (release_lock) {
2701 qemu_mutex_unlock_iothread();
2702 release_lock = false;
2703 }
2704
2705 len -= l;
2706 buf += l;
2707 addr += l;
a203ac70
PB		 2708
2709 if (!len) {
2710 break;
2711 }
2712
2713 l = len;
2714 mr = address_space_translate(as, addr, &addr1, &l, false);
2715 }
2716
2717 return result;
2718}
2719
3cc8f884
PB		 2720MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2721 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2722{
2723 hwaddr l;
2724 hwaddr addr1;
2725 MemoryRegion *mr;
2726 MemTxResult result = MEMTX_OK;
2727
2728 if (len > 0) {
2729 rcu_read_lock();
2730 l = len;
2731 mr = address_space_translate(as, addr, &addr1, &l, false);
2732 result = address_space_read_continue(as, addr, attrs, buf, len,
2733 addr1, l, mr);
2734 rcu_read_unlock();
eb7eeb88 2735 }
eb7eeb88
PB		 2736
2737 return result;
ac1970fb
AK		 2738}
2739
eb7eeb88
PB		 2740MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2741 uint8_t *buf, int len, bool is_write)
2742{
2743 if (is_write) {
2744 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2745 } else {
2746 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2747 }
2748}
ac1970fb 2749
a8170e5e 2750void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2751 int len, int is_write)
2752{
5c9eb028
PM		 2753 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2754 buf, len, is_write);
ac1970fb
AK		 2755}
2756
582b55a9
AG		 2757enum write_rom_type {
2758 WRITE_DATA,
2759 FLUSH_CACHE,
2760};
2761
2a221651 2762static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2763 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2764{
149f54b5 2765 hwaddr l;
d0ecd2aa 2766 uint8_t *ptr;
149f54b5 2767 hwaddr addr1;
5c8a00ce 2768 MemoryRegion *mr;
3b46e624 2769
41063e1e 2770 rcu_read_lock();
d0ecd2aa 2771 while (len > 0) {
149f54b5 2772 l = len;
2a221651 2773 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2774
5c8a00ce
PB		 2775 if (!(memory_region_is_ram(mr) ||
2776 memory_region_is_romd(mr))) {
b242e0e0 2777 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2778 } else {
5c8a00ce 2779 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2780 /* ROM/RAM case */
3655cb9c 2781 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2782 switch (type) {
2783 case WRITE_DATA:
2784 memcpy(ptr, buf, l);
845b6214 2785 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2786 break;
2787 case FLUSH_CACHE:
2788 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2789 break;
2790 }
d0ecd2aa
FB		 2791 }
2792 len -= l;
2793 buf += l;
2794 addr += l;
2795 }
41063e1e 2796 rcu_read_unlock();
d0ecd2aa
FB		 2797}
2798
582b55a9 2799/* used for ROM loading : can write in RAM and ROM */
2a221651 2800void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2801 const uint8_t *buf, int len)
2802{
2a221651 2803 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2804}
2805
2806void cpu_flush_icache_range(hwaddr start, int len)
2807{
2808 /*
2809 * This function should do the same thing as an icache flush that was
2810 * triggered from within the guest. For TCG we are always cache coherent,
2811 * so there is no need to flush anything. For KVM / Xen we need to flush
2812 * the host's instruction cache at least.
2813 */
2814 if (tcg_enabled()) {
2815 return;
2816 }
2817
2a221651
EI		 2818 cpu_physical_memory_write_rom_internal(&address_space_memory,
2819 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2820}
2821
6d16c2f8 2822typedef struct {
d3e71559 2823 MemoryRegion *mr;
6d16c2f8 2824 void *buffer;
a8170e5e
AK		 2825 hwaddr addr;
2826 hwaddr len;
c2cba0ff 2827 bool in_use;
6d16c2f8
AL		 2828} BounceBuffer;
2829
2830static BounceBuffer bounce;
2831
ba223c29 2832typedef struct MapClient {
e95205e1 2833 QEMUBH *bh;
72cf2d4f 2834 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2835} MapClient;
2836
38e047b5 2837QemuMutex map_client_list_lock;
72cf2d4f
BS		 2838static QLIST_HEAD(map_client_list, MapClient) map_client_list
2839 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2840
e95205e1
FZ		 2841static void cpu_unregister_map_client_do(MapClient *client)
2842{
2843 QLIST_REMOVE(client, link);
2844 g_free(client);
2845}
2846
33b6c2ed
FZ		 2847static void cpu_notify_map_clients_locked(void)
2848{
2849 MapClient *client;
2850
2851 while (!QLIST_EMPTY(&map_client_list)) {
2852 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2853 qemu_bh_schedule(client->bh);
2854 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2855 }
2856}
2857
e95205e1 2858void cpu_register_map_client(QEMUBH *bh)
ba223c29 2859{
7267c094 2860 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2861
38e047b5 2862 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2863 client->bh = bh;
72cf2d4f 2864 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2865 if (!atomic_read(&bounce.in_use)) {
2866 cpu_notify_map_clients_locked();
2867 }
38e047b5 2868 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2869}
2870
38e047b5 2871void cpu_exec_init_all(void)
ba223c29 2872{
38e047b5 2873 qemu_mutex_init(&ram_list.mutex);
38e047b5 2874 io_mem_init();
680a4783 2875 memory_map_init();
38e047b5 2876 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2877}
2878
e95205e1 2879void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2880{
2881 MapClient *client;
2882
e95205e1
FZ		 2883 qemu_mutex_lock(&map_client_list_lock);
2884 QLIST_FOREACH(client, &map_client_list, link) {
2885 if (client->bh == bh) {
2886 cpu_unregister_map_client_do(client);
2887 break;
2888 }
ba223c29 2889 }
e95205e1 2890 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2891}
2892
2893static void cpu_notify_map_clients(void)
2894{
38e047b5 2895 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2896 cpu_notify_map_clients_locked();
38e047b5 2897 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2898}
2899
51644ab7
PB		 2900bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2901{
5c8a00ce 2902 MemoryRegion *mr;
51644ab7
PB		 2903 hwaddr l, xlat;
2904
41063e1e 2905 rcu_read_lock();
51644ab7
PB		 2906 while (len > 0) {
2907 l = len;
5c8a00ce
PB		 2908 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2909 if (!memory_access_is_direct(mr, is_write)) {
2910 l = memory_access_size(mr, l, addr);
2911 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2912 return false;
2913 }
2914 }
2915
2916 len -= l;
2917 addr += l;
2918 }
41063e1e 2919 rcu_read_unlock();
51644ab7
PB		 2920 return true;
2921}
2922
6d16c2f8
AL		 2923/* Map a physical memory region into a host virtual address.
2924 * May map a subset of the requested range, given by and returned in *plen.
2925 * May return NULL if resources needed to perform the mapping are exhausted.
2926 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2927 * Use cpu_register_map_client() to know when retrying the map operation is
2928 * likely to succeed.
6d16c2f8 2929 */
ac1970fb 2930void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2931 hwaddr addr,
2932 hwaddr *plen,
ac1970fb 2933 bool is_write)
6d16c2f8 2934{
a8170e5e 2935 hwaddr len = *plen;
e3127ae0
PB		 2936 hwaddr done = 0;
2937 hwaddr l, xlat, base;
2938 MemoryRegion *mr, *this_mr;
2939 ram_addr_t raddr;
e81bcda5 2940 void *ptr;
6d16c2f8 2941
e3127ae0
PB		 2942 if (len == 0) {
2943 return NULL;
2944 }
38bee5dc 2945
e3127ae0 2946 l = len;
41063e1e 2947 rcu_read_lock();
e3127ae0 2948 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2949
e3127ae0 2950 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2951 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2952 rcu_read_unlock();
e3127ae0 2953 return NULL;
6d16c2f8 2954 }
e85d9db5
KW		 2955 /* Avoid unbounded allocations */
2956 l = MIN(l, TARGET_PAGE_SIZE);
2957 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2958 bounce.addr = addr;
2959 bounce.len = l;
d3e71559
PB		 2960
2961 memory_region_ref(mr);
2962 bounce.mr = mr;
e3127ae0 2963 if (!is_write) {
5c9eb028
PM		 2964 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2965 bounce.buffer, l);
8ab934f9 2966 }
6d16c2f8 2967
41063e1e 2968 rcu_read_unlock();
e3127ae0
PB		 2969 *plen = l;
2970 return bounce.buffer;
2971 }
2972
2973 base = xlat;
2974 raddr = memory_region_get_ram_addr(mr);
2975
2976 for (;;) {
6d16c2f8
AL		 2977 len -= l;
2978 addr += l;
e3127ae0
PB		 2979 done += l;
2980 if (len == 0) {
2981 break;
2982 }
2983
2984 l = len;
2985 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2986 if (this_mr != mr || xlat != base + done) {
2987 break;
2988 }
6d16c2f8 2989 }
e3127ae0 2990
d3e71559 2991 memory_region_ref(mr);
e3127ae0 2992 *plen = done;
3655cb9c 2993 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 2994 rcu_read_unlock();
2995
2996 return ptr;
6d16c2f8
AL		 2997}
2998
ac1970fb 2999/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3000 * Will also mark the memory as dirty if is_write == 1. access_len gives
3001 * the amount of memory that was actually read or written by the caller.
3002 */
a8170e5e
AK		 3003void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3004 int is_write, hwaddr access_len)
6d16c2f8
AL		 3005{
3006 if (buffer != bounce.buffer) {
d3e71559
PB		 3007 MemoryRegion *mr;
3008 ram_addr_t addr1;
3009
3010 mr = qemu_ram_addr_from_host(buffer, &addr1);
3011 assert(mr != NULL);
6d16c2f8 3012 if (is_write) {
845b6214 3013 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3014 }
868bb33f 3015 if (xen_enabled()) {
e41d7c69 3016 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3017 }
d3e71559 3018 memory_region_unref(mr);
6d16c2f8
AL		 3019 return;
3020 }
3021 if (is_write) {
5c9eb028
PM		 3022 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3023 bounce.buffer, access_len);
6d16c2f8 3024 }
f8a83245 3025 qemu_vfree(bounce.buffer);
6d16c2f8 3026 bounce.buffer = NULL;
d3e71559 3027 memory_region_unref(bounce.mr);
c2cba0ff 3028 atomic_mb_set(&bounce.in_use, false);
ba223c29 3029 cpu_notify_map_clients();
6d16c2f8 3030}
d0ecd2aa 3031
a8170e5e
AK		 3032void *cpu_physical_memory_map(hwaddr addr,
3033 hwaddr *plen,
ac1970fb
AK		 3034 int is_write)
3035{
3036 return address_space_map(&address_space_memory, addr, plen, is_write);
3037}
3038
a8170e5e
AK		 3039void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3040 int is_write, hwaddr access_len)
ac1970fb
AK		 3041{
3042 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3043}
3044
8df1cd07 3045/* warning: addr must be aligned */
50013115
PM		 3046static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3047 MemTxAttrs attrs,
3048 MemTxResult *result,
3049 enum device_endian endian)
8df1cd07 3050{
8df1cd07 3051 uint8_t *ptr;
791af8c8 3052 uint64_t val;
5c8a00ce 3053 MemoryRegion *mr;
149f54b5
PB		 3054 hwaddr l = 4;
3055 hwaddr addr1;
50013115 3056 MemTxResult r;
4840f10e 3057 bool release_lock = false;
8df1cd07 3058
41063e1e 3059 rcu_read_lock();
fdfba1a2 3060 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3061 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3062 release_lock |= prepare_mmio_access(mr);
125b3806 3063
8df1cd07 3064 /* I/O case */
50013115 3065 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3066#if defined(TARGET_WORDS_BIGENDIAN)
3067 if (endian == DEVICE_LITTLE_ENDIAN) {
3068 val = bswap32(val);
3069 }
3070#else
3071 if (endian == DEVICE_BIG_ENDIAN) {
3072 val = bswap32(val);
3073 }
3074#endif
8df1cd07
FB		 3075 } else {
3076 /* RAM case */
3655cb9c
GA		 3077 ptr = qemu_get_ram_ptr(mr->ram_block,
3078 (memory_region_get_ram_addr(mr)
06ef3525 3079 & TARGET_PAGE_MASK)
149f54b5 3080 + addr1);
1e78bcc1
AG		 3081 switch (endian) {
3082 case DEVICE_LITTLE_ENDIAN:
3083 val = ldl_le_p(ptr);
3084 break;
3085 case DEVICE_BIG_ENDIAN:
3086 val = ldl_be_p(ptr);
3087 break;
3088 default:
3089 val = ldl_p(ptr);
3090 break;
3091 }
50013115
PM		 3092 r = MEMTX_OK;
3093 }
3094 if (result) {
3095 *result = r;
8df1cd07 3096 }
4840f10e
JK		 3097 if (release_lock) {
3098 qemu_mutex_unlock_iothread();
3099 }
41063e1e 3100 rcu_read_unlock();
8df1cd07
FB		 3101 return val;
3102}
3103
50013115
PM		 3104uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3105 MemTxAttrs attrs, MemTxResult *result)
3106{
3107 return address_space_ldl_internal(as, addr, attrs, result,
3108 DEVICE_NATIVE_ENDIAN);
3109}
3110
3111uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3112 MemTxAttrs attrs, MemTxResult *result)
3113{
3114 return address_space_ldl_internal(as, addr, attrs, result,
3115 DEVICE_LITTLE_ENDIAN);
3116}
3117
3118uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3119 MemTxAttrs attrs, MemTxResult *result)
3120{
3121 return address_space_ldl_internal(as, addr, attrs, result,
3122 DEVICE_BIG_ENDIAN);
3123}
3124
fdfba1a2 3125uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3126{
50013115 3127 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3128}
3129
fdfba1a2 3130uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3131{
50013115 3132 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3133}
3134
fdfba1a2 3135uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3136{
50013115 3137 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3138}
3139
84b7b8e7 3140/* warning: addr must be aligned */
50013115
PM		 3141static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3142 MemTxAttrs attrs,
3143 MemTxResult *result,
3144 enum device_endian endian)
84b7b8e7 3145{
84b7b8e7
FB		 3146 uint8_t *ptr;
3147 uint64_t val;
5c8a00ce 3148 MemoryRegion *mr;
149f54b5
PB		 3149 hwaddr l = 8;
3150 hwaddr addr1;
50013115 3151 MemTxResult r;
4840f10e 3152 bool release_lock = false;
84b7b8e7 3153
41063e1e 3154 rcu_read_lock();
2c17449b 3155 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3156 false);
3157 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3158 release_lock |= prepare_mmio_access(mr);
125b3806 3159
84b7b8e7 3160 /* I/O case */
50013115 3161 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3162#if defined(TARGET_WORDS_BIGENDIAN)
3163 if (endian == DEVICE_LITTLE_ENDIAN) {
3164 val = bswap64(val);
3165 }
3166#else
3167 if (endian == DEVICE_BIG_ENDIAN) {
3168 val = bswap64(val);
3169 }
84b7b8e7
FB		 3170#endif
3171 } else {
3172 /* RAM case */
3655cb9c
GA		 3173 ptr = qemu_get_ram_ptr(mr->ram_block,
3174 (memory_region_get_ram_addr(mr)
06ef3525 3175 & TARGET_PAGE_MASK)
149f54b5 3176 + addr1);
1e78bcc1
AG		 3177 switch (endian) {
3178 case DEVICE_LITTLE_ENDIAN:
3179 val = ldq_le_p(ptr);
3180 break;
3181 case DEVICE_BIG_ENDIAN:
3182 val = ldq_be_p(ptr);
3183 break;
3184 default:
3185 val = ldq_p(ptr);
3186 break;
3187 }
50013115
PM		 3188 r = MEMTX_OK;
3189 }
3190 if (result) {
3191 *result = r;
84b7b8e7 3192 }
4840f10e
JK		 3193 if (release_lock) {
3194 qemu_mutex_unlock_iothread();
3195 }
41063e1e 3196 rcu_read_unlock();
84b7b8e7
FB		 3197 return val;
3198}
3199
50013115
PM		 3200uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3201 MemTxAttrs attrs, MemTxResult *result)
3202{
3203 return address_space_ldq_internal(as, addr, attrs, result,
3204 DEVICE_NATIVE_ENDIAN);
3205}
3206
3207uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3208 MemTxAttrs attrs, MemTxResult *result)
3209{
3210 return address_space_ldq_internal(as, addr, attrs, result,
3211 DEVICE_LITTLE_ENDIAN);
3212}
3213
3214uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3215 MemTxAttrs attrs, MemTxResult *result)
3216{
3217 return address_space_ldq_internal(as, addr, attrs, result,
3218 DEVICE_BIG_ENDIAN);
3219}
3220
2c17449b 3221uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3222{
50013115 3223 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3224}
3225
2c17449b 3226uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3227{
50013115 3228 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3229}
3230
2c17449b 3231uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3232{
50013115 3233 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3234}
3235
aab33094 3236/* XXX: optimize */
50013115
PM		 3237uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3238 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3239{
3240 uint8_t val;
50013115
PM		 3241 MemTxResult r;
3242
3243 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3244 if (result) {
3245 *result = r;
3246 }
aab33094
FB		 3247 return val;
3248}
3249
50013115
PM		 3250uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3251{
3252 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3253}
3254
733f0b02 3255/* warning: addr must be aligned */
50013115
PM		 3256static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3257 hwaddr addr,
3258 MemTxAttrs attrs,
3259 MemTxResult *result,
3260 enum device_endian endian)
aab33094 3261{
733f0b02
MT		 3262 uint8_t *ptr;
3263 uint64_t val;
5c8a00ce 3264 MemoryRegion *mr;
149f54b5
PB		 3265 hwaddr l = 2;
3266 hwaddr addr1;
50013115 3267 MemTxResult r;
4840f10e 3268 bool release_lock = false;
733f0b02 3269
41063e1e 3270 rcu_read_lock();
41701aa4 3271 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3272 false);
3273 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3274 release_lock |= prepare_mmio_access(mr);
125b3806 3275
733f0b02 3276 /* I/O case */
50013115 3277 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3278#if defined(TARGET_WORDS_BIGENDIAN)
3279 if (endian == DEVICE_LITTLE_ENDIAN) {
3280 val = bswap16(val);
3281 }
3282#else
3283 if (endian == DEVICE_BIG_ENDIAN) {
3284 val = bswap16(val);
3285 }
3286#endif
733f0b02
MT		 3287 } else {
3288 /* RAM case */
3655cb9c
GA		 3289 ptr = qemu_get_ram_ptr(mr->ram_block,
3290 (memory_region_get_ram_addr(mr)
06ef3525 3291 & TARGET_PAGE_MASK)
149f54b5 3292 + addr1);
1e78bcc1
AG		 3293 switch (endian) {
3294 case DEVICE_LITTLE_ENDIAN:
3295 val = lduw_le_p(ptr);
3296 break;
3297 case DEVICE_BIG_ENDIAN:
3298 val = lduw_be_p(ptr);
3299 break;
3300 default:
3301 val = lduw_p(ptr);
3302 break;
3303 }
50013115
PM		 3304 r = MEMTX_OK;
3305 }
3306 if (result) {
3307 *result = r;
733f0b02 3308 }
4840f10e
JK		 3309 if (release_lock) {
3310 qemu_mutex_unlock_iothread();
3311 }
41063e1e 3312 rcu_read_unlock();
733f0b02 3313 return val;
aab33094
FB		 3314}
3315
50013115
PM		 3316uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3317 MemTxAttrs attrs, MemTxResult *result)
3318{
3319 return address_space_lduw_internal(as, addr, attrs, result,
3320 DEVICE_NATIVE_ENDIAN);
3321}
3322
3323uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3324 MemTxAttrs attrs, MemTxResult *result)
3325{
3326 return address_space_lduw_internal(as, addr, attrs, result,
3327 DEVICE_LITTLE_ENDIAN);
3328}
3329
3330uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3331 MemTxAttrs attrs, MemTxResult *result)
3332{
3333 return address_space_lduw_internal(as, addr, attrs, result,
3334 DEVICE_BIG_ENDIAN);
3335}
3336
41701aa4 3337uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3338{
50013115 3339 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3340}
3341
41701aa4 3342uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3343{
50013115 3344 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3345}
3346
41701aa4 3347uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3348{
50013115 3349 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3350}
3351
8df1cd07
FB		 3352/* warning: addr must be aligned. The ram page is not masked as dirty
3353 and the code inside is not invalidated. It is useful if the dirty
3354 bits are used to track modified PTEs */
50013115
PM		 3355void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3356 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3357{
8df1cd07 3358 uint8_t *ptr;
5c8a00ce 3359 MemoryRegion *mr;
149f54b5
PB		 3360 hwaddr l = 4;
3361 hwaddr addr1;
50013115 3362 MemTxResult r;
845b6214 3363 uint8_t dirty_log_mask;
4840f10e 3364 bool release_lock = false;
8df1cd07 3365
41063e1e 3366 rcu_read_lock();
2198a121 3367 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3368 true);
3369 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3370 release_lock |= prepare_mmio_access(mr);
125b3806 3371
50013115 3372 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3373 } else {
5c8a00ce 3374 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3375 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3376 stl_p(ptr, val);
74576198 3377
845b6214
PB		 3378 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3379 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3380 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3381 r = MEMTX_OK;
3382 }
3383 if (result) {
3384 *result = r;
8df1cd07 3385 }
4840f10e
JK		 3386 if (release_lock) {
3387 qemu_mutex_unlock_iothread();
3388 }
41063e1e 3389 rcu_read_unlock();
8df1cd07
FB		 3390}
3391
50013115
PM		 3392void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3393{
3394 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3395}
3396
8df1cd07 3397/* warning: addr must be aligned */
50013115
PM		 3398static inline void address_space_stl_internal(AddressSpace *as,
3399 hwaddr addr, uint32_t val,
3400 MemTxAttrs attrs,
3401 MemTxResult *result,
3402 enum device_endian endian)
8df1cd07 3403{
8df1cd07 3404 uint8_t *ptr;
5c8a00ce 3405 MemoryRegion *mr;
149f54b5
PB		 3406 hwaddr l = 4;
3407 hwaddr addr1;
50013115 3408 MemTxResult r;
4840f10e 3409 bool release_lock = false;
8df1cd07 3410
41063e1e 3411 rcu_read_lock();
ab1da857 3412 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3413 true);
3414 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3415 release_lock |= prepare_mmio_access(mr);
125b3806 3416
1e78bcc1
AG		 3417#if defined(TARGET_WORDS_BIGENDIAN)
3418 if (endian == DEVICE_LITTLE_ENDIAN) {
3419 val = bswap32(val);
3420 }
3421#else
3422 if (endian == DEVICE_BIG_ENDIAN) {
3423 val = bswap32(val);
3424 }
3425#endif
50013115 3426 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3427 } else {
8df1cd07 3428 /* RAM case */
5c8a00ce 3429 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3430 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3431 switch (endian) {
3432 case DEVICE_LITTLE_ENDIAN:
3433 stl_le_p(ptr, val);
3434 break;
3435 case DEVICE_BIG_ENDIAN:
3436 stl_be_p(ptr, val);
3437 break;
3438 default:
3439 stl_p(ptr, val);
3440 break;
3441 }
845b6214 3442 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3443 r = MEMTX_OK;
3444 }
3445 if (result) {
3446 *result = r;
8df1cd07 3447 }
4840f10e
JK		 3448 if (release_lock) {
3449 qemu_mutex_unlock_iothread();
3450 }
41063e1e 3451 rcu_read_unlock();
8df1cd07
FB		 3452}
3453
50013115
PM		 3454void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3455 MemTxAttrs attrs, MemTxResult *result)
3456{
3457 address_space_stl_internal(as, addr, val, attrs, result,
3458 DEVICE_NATIVE_ENDIAN);
3459}
3460
3461void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3462 MemTxAttrs attrs, MemTxResult *result)
3463{
3464 address_space_stl_internal(as, addr, val, attrs, result,
3465 DEVICE_LITTLE_ENDIAN);
3466}
3467
3468void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3469 MemTxAttrs attrs, MemTxResult *result)
3470{
3471 address_space_stl_internal(as, addr, val, attrs, result,
3472 DEVICE_BIG_ENDIAN);
3473}
3474
ab1da857 3475void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3476{
50013115 3477 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3478}
3479
ab1da857 3480void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3481{
50013115 3482 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3483}
3484
ab1da857 3485void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3486{
50013115 3487 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3488}
3489
aab33094 3490/* XXX: optimize */
50013115
PM		 3491void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3492 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3493{
3494 uint8_t v = val;
50013115
PM		 3495 MemTxResult r;
3496
3497 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3498 if (result) {
3499 *result = r;
3500 }
3501}
3502
3503void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3504{
3505 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3506}
3507
733f0b02 3508/* warning: addr must be aligned */
50013115
PM		 3509static inline void address_space_stw_internal(AddressSpace *as,
3510 hwaddr addr, uint32_t val,
3511 MemTxAttrs attrs,
3512 MemTxResult *result,
3513 enum device_endian endian)
aab33094 3514{
733f0b02 3515 uint8_t *ptr;
5c8a00ce 3516 MemoryRegion *mr;
149f54b5
PB		 3517 hwaddr l = 2;
3518 hwaddr addr1;
50013115 3519 MemTxResult r;
4840f10e 3520 bool release_lock = false;
733f0b02 3521
41063e1e 3522 rcu_read_lock();
5ce5944d 3523 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3524 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3525 release_lock |= prepare_mmio_access(mr);
125b3806 3526
1e78bcc1
AG		 3527#if defined(TARGET_WORDS_BIGENDIAN)
3528 if (endian == DEVICE_LITTLE_ENDIAN) {
3529 val = bswap16(val);
3530 }
3531#else
3532 if (endian == DEVICE_BIG_ENDIAN) {
3533 val = bswap16(val);
3534 }
3535#endif
50013115 3536 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3537 } else {
733f0b02 3538 /* RAM case */
5c8a00ce 3539 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3540 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3541 switch (endian) {
3542 case DEVICE_LITTLE_ENDIAN:
3543 stw_le_p(ptr, val);
3544 break;
3545 case DEVICE_BIG_ENDIAN:
3546 stw_be_p(ptr, val);
3547 break;
3548 default:
3549 stw_p(ptr, val);
3550 break;
3551 }
845b6214 3552 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3553 r = MEMTX_OK;
3554 }
3555 if (result) {
3556 *result = r;
733f0b02 3557 }
4840f10e
JK		 3558 if (release_lock) {
3559 qemu_mutex_unlock_iothread();
3560 }
41063e1e 3561 rcu_read_unlock();
aab33094
FB		 3562}
3563
50013115
PM		 3564void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3565 MemTxAttrs attrs, MemTxResult *result)
3566{
3567 address_space_stw_internal(as, addr, val, attrs, result,
3568 DEVICE_NATIVE_ENDIAN);
3569}
3570
3571void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3572 MemTxAttrs attrs, MemTxResult *result)
3573{
3574 address_space_stw_internal(as, addr, val, attrs, result,
3575 DEVICE_LITTLE_ENDIAN);
3576}
3577
3578void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3579 MemTxAttrs attrs, MemTxResult *result)
3580{
3581 address_space_stw_internal(as, addr, val, attrs, result,
3582 DEVICE_BIG_ENDIAN);
3583}
3584
5ce5944d 3585void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3586{
50013115 3587 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3588}
3589
5ce5944d 3590void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3591{
50013115 3592 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3593}
3594
5ce5944d 3595void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3596{
50013115 3597 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3598}
3599
aab33094 3600/* XXX: optimize */
50013115
PM		 3601void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3602 MemTxAttrs attrs, MemTxResult *result)
aab33094 3603{
50013115 3604 MemTxResult r;
aab33094 3605 val = tswap64(val);
50013115
PM		 3606 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3607 if (result) {
3608 *result = r;
3609 }
aab33094
FB		 3610}
3611
50013115
PM		 3612void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3613 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3614{
50013115 3615 MemTxResult r;
1e78bcc1 3616 val = cpu_to_le64(val);
50013115
PM		 3617 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3618 if (result) {
3619 *result = r;
3620 }
3621}
3622void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3623 MemTxAttrs attrs, MemTxResult *result)
3624{
3625 MemTxResult r;
3626 val = cpu_to_be64(val);
3627 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3628 if (result) {
3629 *result = r;
3630 }
3631}
3632
3633void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3634{
3635 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3636}
3637
3638void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3639{
3640 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3641}
3642
f606604f 3643void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3644{
50013115 3645 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3646}
3647
5e2972fd 3648/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3649int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3650 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3651{
3652 int l;
a8170e5e 3653 hwaddr phys_addr;
9b3c35e0 3654 target_ulong page;
13eb76e0
FB		 3655
3656 while (len > 0) {
5232e4c7
PM		 3657 int asidx;
3658 MemTxAttrs attrs;
3659
13eb76e0 3660 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3661 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3662 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3663 /* if no physical page mapped, return an error */
3664 if (phys_addr == -1)
3665 return -1;
3666 l = (page + TARGET_PAGE_SIZE) - addr;
3667 if (l > len)
3668 l = len;
5e2972fd 3669 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3670 if (is_write) {
5232e4c7
PM		 3671 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3672 phys_addr, buf, l);
2e38847b 3673 } else {
5232e4c7
PM		 3674 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3675 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3676 buf, l, 0);
2e38847b 3677 }
13eb76e0
FB		 3678 len -= l;
3679 buf += l;
3680 addr += l;
3681 }
3682 return 0;
3683}
038629a6
DDAG		 3684
3685/*
3686 * Allows code that needs to deal with migration bitmaps etc to still be built
3687 * target independent.
3688 */
3689size_t qemu_target_page_bits(void)
3690{
3691 return TARGET_PAGE_BITS;
3692}
3693
a68fe89c 3694#endif
13eb76e0 3695
8e4a424b
BS		 3696/*
3697 * A helper function for the _utterly broken_ virtio device model to find out if
3698 * it's running on a big endian machine. Don't do this at home kids!
3699 */
98ed8ecf
GK		 3700bool target_words_bigendian(void);
3701bool target_words_bigendian(void)
8e4a424b
BS		 3702{
3703#if defined(TARGET_WORDS_BIGENDIAN)
3704 return true;
3705#else
3706 return false;
3707#endif
3708}
3709
76f35538 3710#ifndef CONFIG_USER_ONLY
a8170e5e 3711bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3712{
5c8a00ce 3713 MemoryRegion*mr;
149f54b5 3714 hwaddr l = 1;
41063e1e 3715 bool res;
76f35538 3716
41063e1e 3717 rcu_read_lock();
5c8a00ce
PB		 3718 mr = address_space_translate(&address_space_memory,
3719 phys_addr, &phys_addr, &l, false);
76f35538 3720
41063e1e
PB		 3721 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3722 rcu_read_unlock();
3723 return res;
76f35538 3724}
bd2fa51f 3725
e3807054 3726int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3727{
3728 RAMBlock *block;
e3807054 3729 int ret = 0;
bd2fa51f 3730
0dc3f44a
MD		 3731 rcu_read_lock();
3732 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3733 ret = func(block->idstr, block->host, block->offset,
3734 block->used_length, opaque);
3735 if (ret) {
3736 break;
3737 }
bd2fa51f 3738 }
0dc3f44a 3739 rcu_read_unlock();
e3807054 3740 return ret;
bd2fa51f 3741}
ec3f8c99 3742#endif
Mirror of https://git.qemu.org/git/qemu.git