]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: make phys_page_find() return an unadjusted section
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 189typedef struct PhysPageEntry PhysPageEntry;
190
5312bd8b
AK		 191static MemoryRegionSection *phys_sections;
192static unsigned phys_sections_nb, phys_sections_nb_alloc;
193static uint16_t phys_section_unassigned;
194
4346ae3e 195struct PhysPageEntry {
07f07b31
AK		 196 uint16_t is_leaf : 1;
197 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
198 uint16_t ptr : 15;
4346ae3e
AK		 199};
200
d6f2ea22
AK		 201/* Simple allocator for PhysPageEntry nodes */
202static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
203static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
204
07f07b31 205#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 206
5cd2c5b6 207/* This is a multi-level map on the physical address space.
06ef3525 208 The bottom level has pointers to MemoryRegionSections. */
07f07b31 209static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 210
e2eef170 211static void io_mem_init(void);
62152b8a 212static void memory_map_init(void);
e2eef170 213
33417e70 214/* io memory support */
a621f38d 215MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 216static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 217static MemoryRegion io_mem_watch;
6658ffb8 218#endif
33417e70 219
34865134 220/* log support */
1e8b27ca
JR		 221#ifdef WIN32
222static const char *logfilename = "qemu.log";
223#else
d9b630fd 224static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 225#endif
34865134
FB		 226FILE *logfile;
227int loglevel;
e735b91c 228static int log_append = 0;
34865134 229
e3db7226 230/* statistics */
b3755a91 231#if !defined(CONFIG_USER_ONLY)
e3db7226 232static int tlb_flush_count;
b3755a91 233#endif
e3db7226
FB		 234static int tb_flush_count;
235static int tb_phys_invalidate_count;
236
7cb69cae
FB		 237#ifdef _WIN32
238static void map_exec(void *addr, long size)
239{
240 DWORD old_protect;
241 VirtualProtect(addr, size,
242 PAGE_EXECUTE_READWRITE, &old_protect);
243
244}
245#else
246static void map_exec(void *addr, long size)
247{
4369415f 248 unsigned long start, end, page_size;
7cb69cae 249
4369415f 250 page_size = getpagesize();
7cb69cae 251 start = (unsigned long)addr;
4369415f 252 start &= ~(page_size - 1);
7cb69cae
FB		 253
254 end = (unsigned long)addr + size;
4369415f
FB		 255 end += page_size - 1;
256 end &= ~(page_size - 1);
7cb69cae
FB		 257
258 mprotect((void *)start, end - start,
259 PROT_READ | PROT_WRITE | PROT_EXEC);
260}
261#endif
262
b346ff46 263static void page_init(void)
54936004 264{
83fb7adf 265 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 266 TARGET_PAGE_SIZE */
c2b48b69
AL		 267#ifdef _WIN32
268 {
269 SYSTEM_INFO system_info;
270
271 GetSystemInfo(&system_info);
272 qemu_real_host_page_size = system_info.dwPageSize;
273 }
274#else
275 qemu_real_host_page_size = getpagesize();
276#endif
83fb7adf
FB		 277 if (qemu_host_page_size == 0)
278 qemu_host_page_size = qemu_real_host_page_size;
279 if (qemu_host_page_size < TARGET_PAGE_SIZE)
280 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 281 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 282
2e9a5713 283#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 284 {
f01576f1
JL		 285#ifdef HAVE_KINFO_GETVMMAP
286 struct kinfo_vmentry *freep;
287 int i, cnt;
288
289 freep = kinfo_getvmmap(getpid(), &cnt);
290 if (freep) {
291 mmap_lock();
292 for (i = 0; i < cnt; i++) {
293 unsigned long startaddr, endaddr;
294
295 startaddr = freep[i].kve_start;
296 endaddr = freep[i].kve_end;
297 if (h2g_valid(startaddr)) {
298 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
299
300 if (h2g_valid(endaddr)) {
301 endaddr = h2g(endaddr);
fd436907 302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 303 } else {
304#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
305 endaddr = ~0ul;
fd436907 306 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 307#endif
308 }
309 }
310 }
311 free(freep);
312 mmap_unlock();
313 }
314#else
50a9569b 315 FILE *f;
50a9569b 316
0776590d 317 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 318
fd436907 319 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 320 if (f) {
5cd2c5b6
RH		 321 mmap_lock();
322
50a9569b 323 do {
5cd2c5b6
RH		 324 unsigned long startaddr, endaddr;
325 int n;
326
327 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
328
329 if (n == 2 && h2g_valid(startaddr)) {
330 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
331
332 if (h2g_valid(endaddr)) {
333 endaddr = h2g(endaddr);
334 } else {
335 endaddr = ~0ul;
336 }
337 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 338 }
339 } while (!feof(f));
5cd2c5b6 340
50a9569b 341 fclose(f);
5cd2c5b6 342 mmap_unlock();
50a9569b 343 }
f01576f1 344#endif
50a9569b
AZ		 345 }
346#endif
54936004
FB		 347}
348
41c1b1c9 349static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 350{
41c1b1c9
PB		 351 PageDesc *pd;
352 void **lp;
353 int i;
354
5cd2c5b6 355#if defined(CONFIG_USER_ONLY)
7267c094 356 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 357# define ALLOC(P, SIZE) \
358 do { \
359 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
360 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 361 } while (0)
362#else
363# define ALLOC(P, SIZE) \
7267c094 364 do { P = g_malloc0(SIZE); } while (0)
17e2377a 365#endif
434929bf 366
5cd2c5b6
RH		 367 /* Level 1. Always allocated. */
368 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
369
370 /* Level 2..N-1. */
371 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
372 void **p = *lp;
373
374 if (p == NULL) {
375 if (!alloc) {
376 return NULL;
377 }
378 ALLOC(p, sizeof(void *) * L2_SIZE);
379 *lp = p;
17e2377a 380 }
5cd2c5b6
RH		 381
382 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
383 }
384
385 pd = *lp;
386 if (pd == NULL) {
387 if (!alloc) {
388 return NULL;
389 }
390 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
391 *lp = pd;
54936004 392 }
5cd2c5b6
RH		 393
394#undef ALLOC
5cd2c5b6
RH		 395
396 return pd + (index & (L2_SIZE - 1));
54936004
FB		 397}
398
41c1b1c9 399static inline PageDesc *page_find(tb_page_addr_t index)
54936004 400{
5cd2c5b6 401 return page_find_alloc(index, 0);
fd6ce8f6
FB		 402}
403
6d9a1304 404#if !defined(CONFIG_USER_ONLY)
d6f2ea22 405
f7bf5461 406static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 407{
f7bf5461 408 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 409 typedef PhysPageEntry Node[L2_SIZE];
410 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 411 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
412 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 413 phys_map_nodes = g_renew(Node, phys_map_nodes,
414 phys_map_nodes_nb_alloc);
415 }
f7bf5461
AK		 416}
417
418static uint16_t phys_map_node_alloc(void)
419{
420 unsigned i;
421 uint16_t ret;
422
423 ret = phys_map_nodes_nb++;
424 assert(ret != PHYS_MAP_NODE_NIL);
425 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 426 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 427 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 428 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 429 }
f7bf5461 430 return ret;
d6f2ea22
AK		 431}
432
433static void phys_map_nodes_reset(void)
434{
435 phys_map_nodes_nb = 0;
436}
437
92e873b9 438
2999097b
AK		 439static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
440 target_phys_addr_t *nb, uint16_t leaf,
441 int level)
f7bf5461
AK		 442{
443 PhysPageEntry *p;
444 int i;
07f07b31 445 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 446
07f07b31 447 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 448 lp->ptr = phys_map_node_alloc();
449 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 450 if (level == 0) {
451 for (i = 0; i < L2_SIZE; i++) {
07f07b31 452 p[i].is_leaf = 1;
c19e8800 453 p[i].ptr = phys_section_unassigned;
4346ae3e 454 }
67c4d23c 455 }
f7bf5461 456 } else {
c19e8800 457 p = phys_map_nodes[lp->ptr];
92e873b9 458 }
2999097b 459 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 460
2999097b 461 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 462 if ((*index & (step - 1)) == 0 && *nb >= step) {
463 lp->is_leaf = true;
c19e8800 464 lp->ptr = leaf;
07f07b31
AK		 465 *index += step;
466 *nb -= step;
2999097b
AK		 467 } else {
468 phys_page_set_level(lp, index, nb, leaf, level - 1);
469 }
470 ++lp;
f7bf5461
AK		 471 }
472}
473
2999097b
AK		 474static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
475 uint16_t leaf)
f7bf5461 476{
2999097b 477 /* Wildly overreserve - it doesn't matter much. */
07f07b31 478 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 479
2999097b 480 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 481}
482
f3705d53 483static MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 484{
31ab2b4a
AK		 485 PhysPageEntry lp = phys_map;
486 PhysPageEntry *p;
487 int i;
31ab2b4a 488 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 489
07f07b31 490 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 491 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 492 goto not_found;
493 }
c19e8800 494 p = phys_map_nodes[lp.ptr];
31ab2b4a 495 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 496 }
31ab2b4a 497
c19e8800 498 s_index = lp.ptr;
31ab2b4a 499not_found:
f3705d53
AK		 500 return &phys_sections[s_index];
501}
502
503static target_phys_addr_t section_addr(MemoryRegionSection *section,
504 target_phys_addr_t addr)
505{
506 addr -= section->offset_within_address_space;
507 addr += section->offset_within_region;
508 return addr;
92e873b9
FB		 509}
510
c227f099
AL		 511static void tlb_protect_code(ram_addr_t ram_addr);
512static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 513 target_ulong vaddr);
c8a706fe
PB		 514#define mmap_lock() do { } while(0)
515#define mmap_unlock() do { } while(0)
9fa3e853 516#endif
fd6ce8f6 517
4369415f
FB		 518#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
519
520#if defined(CONFIG_USER_ONLY)
ccbb4d44 521/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 522 user mode. It will change when a dedicated libc will be used */
523#define USE_STATIC_CODE_GEN_BUFFER
524#endif
525
526#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 527static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
528 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 529#endif
530
8fcd3692 531static void code_gen_alloc(unsigned long tb_size)
26a5f13b 532{
4369415f
FB		 533#ifdef USE_STATIC_CODE_GEN_BUFFER
534 code_gen_buffer = static_code_gen_buffer;
535 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
536 map_exec(code_gen_buffer, code_gen_buffer_size);
537#else
26a5f13b
FB		 538 code_gen_buffer_size = tb_size;
539 if (code_gen_buffer_size == 0) {
4369415f 540#if defined(CONFIG_USER_ONLY)
4369415f
FB		 541 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
542#else
ccbb4d44 543 /* XXX: needs adjustments */
94a6b54f 544 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 545#endif
26a5f13b
FB		 546 }
547 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
548 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
549 /* The code gen buffer location may have constraints depending on
550 the host cpu and OS */
551#if defined(__linux__)
552 {
553 int flags;
141ac468
BS		 554 void *start = NULL;
555
26a5f13b
FB		 556 flags = MAP_PRIVATE | MAP_ANONYMOUS;
557#if defined(__x86_64__)
558 flags |= MAP_32BIT;
559 /* Cannot map more than that */
560 if (code_gen_buffer_size > (800 * 1024 * 1024))
561 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 562#elif defined(__sparc_v9__)
563 // Map the buffer below 2G, so we can use direct calls and branches
564 flags |= MAP_FIXED;
565 start = (void *) 0x60000000UL;
566 if (code_gen_buffer_size > (512 * 1024 * 1024))
567 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 568#elif defined(__arm__)
5c84bd90 569 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 570 if (code_gen_buffer_size > 16 * 1024 * 1024)
571 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 572#elif defined(__s390x__)
573 /* Map the buffer so that we can use direct calls and branches. */
574 /* We have a +- 4GB range on the branches; leave some slop. */
575 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
576 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
577 }
578 start = (void *)0x90000000UL;
26a5f13b 579#endif
141ac468
BS		 580 code_gen_buffer = mmap(start, code_gen_buffer_size,
581 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 582 flags, -1, 0);
583 if (code_gen_buffer == MAP_FAILED) {
584 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
585 exit(1);
586 }
587 }
cbb608a5 588#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 589 || defined(__DragonFly__) || defined(__OpenBSD__) \
590 || defined(__NetBSD__)
06e67a82
AL		 591 {
592 int flags;
593 void *addr = NULL;
594 flags = MAP_PRIVATE | MAP_ANONYMOUS;
595#if defined(__x86_64__)
596 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
597 * 0x40000000 is free */
598 flags |= MAP_FIXED;
599 addr = (void *)0x40000000;
600 /* Cannot map more than that */
601 if (code_gen_buffer_size > (800 * 1024 * 1024))
602 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 603#elif defined(__sparc_v9__)
604 // Map the buffer below 2G, so we can use direct calls and branches
605 flags |= MAP_FIXED;
606 addr = (void *) 0x60000000UL;
607 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
608 code_gen_buffer_size = (512 * 1024 * 1024);
609 }
06e67a82
AL		 610#endif
611 code_gen_buffer = mmap(addr, code_gen_buffer_size,
612 PROT_WRITE | PROT_READ | PROT_EXEC,
613 flags, -1, 0);
614 if (code_gen_buffer == MAP_FAILED) {
615 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
616 exit(1);
617 }
618 }
26a5f13b 619#else
7267c094 620 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 621 map_exec(code_gen_buffer, code_gen_buffer_size);
622#endif
4369415f 623#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 624 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 625 code_gen_buffer_max_size = code_gen_buffer_size -
626 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 627 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 628 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 629}
630
631/* Must be called before using the QEMU cpus. 'tb_size' is the size
632 (in bytes) allocated to the translation buffer. Zero means default
633 size. */
d5ab9713 634void tcg_exec_init(unsigned long tb_size)
26a5f13b 635{
26a5f13b
FB		 636 cpu_gen_init();
637 code_gen_alloc(tb_size);
638 code_gen_ptr = code_gen_buffer;
4369415f 639 page_init();
9002ec79
RH		 640#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
641 /* There's no guest base to take into account, so go ahead and
642 initialize the prologue now. */
643 tcg_prologue_init(&tcg_ctx);
644#endif
26a5f13b
FB		 645}
646
d5ab9713
JK		 647bool tcg_enabled(void)
648{
649 return code_gen_buffer != NULL;
650}
651
652void cpu_exec_init_all(void)
653{
654#if !defined(CONFIG_USER_ONLY)
655 memory_map_init();
656 io_mem_init();
657#endif
658}
659
9656f324
PB		 660#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
661
e59fb374 662static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 663{
664 CPUState *env = opaque;
9656f324 665
3098dba0
AJ		 666 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
667 version_id is increased. */
668 env->interrupt_request &= ~0x01;
9656f324
PB		 669 tlb_flush(env, 1);
670
671 return 0;
672}
e7f4eff7
JQ		 673
674static const VMStateDescription vmstate_cpu_common = {
675 .name = "cpu_common",
676 .version_id = 1,
677 .minimum_version_id = 1,
678 .minimum_version_id_old = 1,
e7f4eff7
JQ		 679 .post_load = cpu_common_post_load,
680 .fields = (VMStateField []) {
681 VMSTATE_UINT32(halted, CPUState),
682 VMSTATE_UINT32(interrupt_request, CPUState),
683 VMSTATE_END_OF_LIST()
684 }
685};
9656f324
PB		 686#endif
687
950f1472
GC		 688CPUState *qemu_get_cpu(int cpu)
689{
690 CPUState *env = first_cpu;
691
692 while (env) {
693 if (env->cpu_index == cpu)
694 break;
695 env = env->next_cpu;
696 }
697
698 return env;
699}
700
6a00d601 701void cpu_exec_init(CPUState *env)
fd6ce8f6 702{
6a00d601
FB		 703 CPUState **penv;
704 int cpu_index;
705
c2764719
PB		 706#if defined(CONFIG_USER_ONLY)
707 cpu_list_lock();
708#endif
6a00d601
FB		 709 env->next_cpu = NULL;
710 penv = &first_cpu;
711 cpu_index = 0;
712 while (*penv != NULL) {
1e9fa730 713 penv = &(*penv)->next_cpu;
6a00d601
FB		 714 cpu_index++;
715 }
716 env->cpu_index = cpu_index;
268a362c 717 env->numa_node = 0;
72cf2d4f
BS		 718 QTAILQ_INIT(&env->breakpoints);
719 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 720#ifndef CONFIG_USER_ONLY
721 env->thread_id = qemu_get_thread_id();
722#endif
6a00d601 723 *penv = env;
c2764719
PB		 724#if defined(CONFIG_USER_ONLY)
725 cpu_list_unlock();
726#endif
b3c7724c 727#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 728 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
729 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 730 cpu_save, cpu_load, env);
731#endif
fd6ce8f6
FB		 732}
733
d1a1eb74
TG		 734/* Allocate a new translation block. Flush the translation buffer if
735 too many translation blocks or too much generated code. */
736static TranslationBlock *tb_alloc(target_ulong pc)
737{
738 TranslationBlock *tb;
739
740 if (nb_tbs >= code_gen_max_blocks ||
741 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
742 return NULL;
743 tb = &tbs[nb_tbs++];
744 tb->pc = pc;
745 tb->cflags = 0;
746 return tb;
747}
748
749void tb_free(TranslationBlock *tb)
750{
751 /* In practice this is mostly used for single use temporary TB
752 Ignore the hard cases and just back up if this TB happens to
753 be the last one generated. */
754 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
755 code_gen_ptr = tb->tc_ptr;
756 nb_tbs--;
757 }
758}
759
9fa3e853
FB		 760static inline void invalidate_page_bitmap(PageDesc *p)
761{
762 if (p->code_bitmap) {
7267c094 763 g_free(p->code_bitmap);
9fa3e853
FB		 764 p->code_bitmap = NULL;
765 }
766 p->code_write_count = 0;
767}
768
5cd2c5b6
RH		 769/* Set to NULL all the 'first_tb' fields in all PageDescs. */
770
771static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 772{
5cd2c5b6 773 int i;
fd6ce8f6 774
5cd2c5b6
RH		 775 if (*lp == NULL) {
776 return;
777 }
778 if (level == 0) {
779 PageDesc *pd = *lp;
7296abac 780 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 781 pd[i].first_tb = NULL;
782 invalidate_page_bitmap(pd + i);
fd6ce8f6 783 }
5cd2c5b6
RH		 784 } else {
785 void **pp = *lp;
7296abac 786 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 787 page_flush_tb_1 (level - 1, pp + i);
788 }
789 }
790}
791
792static void page_flush_tb(void)
793{
794 int i;
795 for (i = 0; i < V_L1_SIZE; i++) {
796 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 797 }
798}
799
800/* flush all the translation blocks */
d4e8164f 801/* XXX: tb_flush is currently not thread safe */
6a00d601 802void tb_flush(CPUState *env1)
fd6ce8f6 803{
6a00d601 804 CPUState *env;
0124311e 805#if defined(DEBUG_FLUSH)
ab3d1727
BS		 806 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
807 (unsigned long)(code_gen_ptr - code_gen_buffer),
808 nb_tbs, nb_tbs > 0 ?
809 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 810#endif
26a5f13b 811 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 812 cpu_abort(env1, "Internal error: code buffer overflow\n");
813
fd6ce8f6 814 nb_tbs = 0;
3b46e624 815
6a00d601
FB		 816 for(env = first_cpu; env != NULL; env = env->next_cpu) {
817 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
818 }
9fa3e853 819
8a8a608f 820 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 821 page_flush_tb();
9fa3e853 822
fd6ce8f6 823 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 824 /* XXX: flush processor icache at this point if cache flush is
825 expensive */
e3db7226 826 tb_flush_count++;
fd6ce8f6
FB		 827}
828
829#ifdef DEBUG_TB_CHECK
830
bc98a7ef 831static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 832{
833 TranslationBlock *tb;
834 int i;
835 address &= TARGET_PAGE_MASK;
99773bd4
PB		 836 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
837 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 838 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
839 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 840 printf("ERROR invalidate: address=" TARGET_FMT_lx
841 " PC=%08lx size=%04x\n",
99773bd4 842 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 843 }
844 }
845 }
846}
847
848/* verify that all the pages have correct rights for code */
849static void tb_page_check(void)
850{
851 TranslationBlock *tb;
852 int i, flags1, flags2;
3b46e624 853
99773bd4
PB		 854 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
855 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 856 flags1 = page_get_flags(tb->pc);
857 flags2 = page_get_flags(tb->pc + tb->size - 1);
858 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
859 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 860 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 861 }
862 }
863 }
864}
865
866#endif
867
868/* invalidate one TB */
869static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
870 int next_offset)
871{
872 TranslationBlock *tb1;
873 for(;;) {
874 tb1 = *ptb;
875 if (tb1 == tb) {
876 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
877 break;
878 }
879 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
880 }
881}
882
9fa3e853
FB		 883static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
884{
885 TranslationBlock *tb1;
886 unsigned int n1;
887
888 for(;;) {
889 tb1 = *ptb;
890 n1 = (long)tb1 & 3;
891 tb1 = (TranslationBlock *)((long)tb1 & ~3);
892 if (tb1 == tb) {
893 *ptb = tb1->page_next[n1];
894 break;
895 }
896 ptb = &tb1->page_next[n1];
897 }
898}
899
d4e8164f
FB		 900static inline void tb_jmp_remove(TranslationBlock *tb, int n)
901{
902 TranslationBlock *tb1, **ptb;
903 unsigned int n1;
904
905 ptb = &tb->jmp_next[n];
906 tb1 = *ptb;
907 if (tb1) {
908 /* find tb(n) in circular list */
909 for(;;) {
910 tb1 = *ptb;
911 n1 = (long)tb1 & 3;
912 tb1 = (TranslationBlock *)((long)tb1 & ~3);
913 if (n1 == n && tb1 == tb)
914 break;
915 if (n1 == 2) {
916 ptb = &tb1->jmp_first;
917 } else {
918 ptb = &tb1->jmp_next[n1];
919 }
920 }
921 /* now we can suppress tb(n) from the list */
922 *ptb = tb->jmp_next[n];
923
924 tb->jmp_next[n] = NULL;
925 }
926}
927
928/* reset the jump entry 'n' of a TB so that it is not chained to
929 another TB */
930static inline void tb_reset_jump(TranslationBlock *tb, int n)
931{
932 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
933}
934
41c1b1c9 935void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 936{
6a00d601 937 CPUState *env;
8a40a180 938 PageDesc *p;
d4e8164f 939 unsigned int h, n1;
41c1b1c9 940 tb_page_addr_t phys_pc;
8a40a180 941 TranslationBlock *tb1, *tb2;
3b46e624 942
8a40a180
FB		 943 /* remove the TB from the hash list */
944 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
945 h = tb_phys_hash_func(phys_pc);
5fafdf24 946 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 947 offsetof(TranslationBlock, phys_hash_next));
948
949 /* remove the TB from the page list */
950 if (tb->page_addr[0] != page_addr) {
951 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
952 tb_page_remove(&p->first_tb, tb);
953 invalidate_page_bitmap(p);
954 }
955 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
956 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
957 tb_page_remove(&p->first_tb, tb);
958 invalidate_page_bitmap(p);
959 }
960
36bdbe54 961 tb_invalidated_flag = 1;
59817ccb 962
fd6ce8f6 963 /* remove the TB from the hash list */
8a40a180 964 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 965 for(env = first_cpu; env != NULL; env = env->next_cpu) {
966 if (env->tb_jmp_cache[h] == tb)
967 env->tb_jmp_cache[h] = NULL;
968 }
d4e8164f
FB		 969
970 /* suppress this TB from the two jump lists */
971 tb_jmp_remove(tb, 0);
972 tb_jmp_remove(tb, 1);
973
974 /* suppress any remaining jumps to this TB */
975 tb1 = tb->jmp_first;
976 for(;;) {
977 n1 = (long)tb1 & 3;
978 if (n1 == 2)
979 break;
980 tb1 = (TranslationBlock *)((long)tb1 & ~3);
981 tb2 = tb1->jmp_next[n1];
982 tb_reset_jump(tb1, n1);
983 tb1->jmp_next[n1] = NULL;
984 tb1 = tb2;
985 }
986 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 987
e3db7226 988 tb_phys_invalidate_count++;
9fa3e853
FB		 989}
990
991static inline void set_bits(uint8_t *tab, int start, int len)
992{
993 int end, mask, end1;
994
995 end = start + len;
996 tab += start >> 3;
997 mask = 0xff << (start & 7);
998 if ((start & ~7) == (end & ~7)) {
999 if (start < end) {
1000 mask &= ~(0xff << (end & 7));
1001 *tab |= mask;
1002 }
1003 } else {
1004 *tab++ |= mask;
1005 start = (start + 8) & ~7;
1006 end1 = end & ~7;
1007 while (start < end1) {
1008 *tab++ = 0xff;
1009 start += 8;
1010 }
1011 if (start < end) {
1012 mask = ~(0xff << (end & 7));
1013 *tab |= mask;
1014 }
1015 }
1016}
1017
1018static void build_page_bitmap(PageDesc *p)
1019{
1020 int n, tb_start, tb_end;
1021 TranslationBlock *tb;
3b46e624 1022
7267c094 1023 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1024
1025 tb = p->first_tb;
1026 while (tb != NULL) {
1027 n = (long)tb & 3;
1028 tb = (TranslationBlock *)((long)tb & ~3);
1029 /* NOTE: this is subtle as a TB may span two physical pages */
1030 if (n == 0) {
1031 /* NOTE: tb_end may be after the end of the page, but
1032 it is not a problem */
1033 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1034 tb_end = tb_start + tb->size;
1035 if (tb_end > TARGET_PAGE_SIZE)
1036 tb_end = TARGET_PAGE_SIZE;
1037 } else {
1038 tb_start = 0;
1039 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1040 }
1041 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1042 tb = tb->page_next[n];
1043 }
1044}
1045
2e70f6ef
PB		 1046TranslationBlock *tb_gen_code(CPUState *env,
1047 target_ulong pc, target_ulong cs_base,
1048 int flags, int cflags)
d720b93d
FB		 1049{
1050 TranslationBlock *tb;
1051 uint8_t *tc_ptr;
41c1b1c9
PB		 1052 tb_page_addr_t phys_pc, phys_page2;
1053 target_ulong virt_page2;
d720b93d
FB		 1054 int code_gen_size;
1055
41c1b1c9 1056 phys_pc = get_page_addr_code(env, pc);
c27004ec 1057 tb = tb_alloc(pc);
d720b93d
FB		 1058 if (!tb) {
1059 /* flush must be done */
1060 tb_flush(env);
1061 /* cannot fail at this point */
c27004ec 1062 tb = tb_alloc(pc);
2e70f6ef
PB		 1063 /* Don't forget to invalidate previous TB info. */
1064 tb_invalidated_flag = 1;
d720b93d
FB		 1065 }
1066 tc_ptr = code_gen_ptr;
1067 tb->tc_ptr = tc_ptr;
1068 tb->cs_base = cs_base;
1069 tb->flags = flags;
1070 tb->cflags = cflags;
d07bde88 1071 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1072 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1073
d720b93d 1074 /* check next page if needed */
c27004ec 1075 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1076 phys_page2 = -1;
c27004ec 1077 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1078 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1079 }
41c1b1c9 1080 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1081 return tb;
d720b93d 1082}
3b46e624 1083
9fa3e853
FB		 1084/* invalidate all TBs which intersect with the target physical page
1085 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1086 the same physical page. 'is_cpu_write_access' should be true if called
1087 from a real cpu write access: the virtual CPU will exit the current
1088 TB if code is modified inside this TB. */
41c1b1c9 1089void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1090 int is_cpu_write_access)
1091{
6b917547 1092 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1093 CPUState *env = cpu_single_env;
41c1b1c9 1094 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1095 PageDesc *p;
1096 int n;
1097#ifdef TARGET_HAS_PRECISE_SMC
1098 int current_tb_not_found = is_cpu_write_access;
1099 TranslationBlock *current_tb = NULL;
1100 int current_tb_modified = 0;
1101 target_ulong current_pc = 0;
1102 target_ulong current_cs_base = 0;
1103 int current_flags = 0;
1104#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1105
1106 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1107 if (!p)
9fa3e853 1108 return;
5fafdf24 1109 if (!p->code_bitmap &&
d720b93d
FB		 1110 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1111 is_cpu_write_access) {
9fa3e853
FB		 1112 /* build code bitmap */
1113 build_page_bitmap(p);
1114 }
1115
1116 /* we remove all the TBs in the range [start, end[ */
1117 /* XXX: see if in some cases it could be faster to invalidate all the code */
1118 tb = p->first_tb;
1119 while (tb != NULL) {
1120 n = (long)tb & 3;
1121 tb = (TranslationBlock *)((long)tb & ~3);
1122 tb_next = tb->page_next[n];
1123 /* NOTE: this is subtle as a TB may span two physical pages */
1124 if (n == 0) {
1125 /* NOTE: tb_end may be after the end of the page, but
1126 it is not a problem */
1127 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1128 tb_end = tb_start + tb->size;
1129 } else {
1130 tb_start = tb->page_addr[1];
1131 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1132 }
1133 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1134#ifdef TARGET_HAS_PRECISE_SMC
1135 if (current_tb_not_found) {
1136 current_tb_not_found = 0;
1137 current_tb = NULL;
2e70f6ef 1138 if (env->mem_io_pc) {
d720b93d 1139 /* now we have a real cpu fault */
2e70f6ef 1140 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1141 }
1142 }
1143 if (current_tb == tb &&
2e70f6ef 1144 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1145 /* If we are modifying the current TB, we must stop
1146 its execution. We could be more precise by checking
1147 that the modification is after the current PC, but it
1148 would require a specialized function to partially
1149 restore the CPU state */
3b46e624 1150
d720b93d 1151 current_tb_modified = 1;
618ba8e6 1152 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1153 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1154 &current_flags);
d720b93d
FB		 1155 }
1156#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1157 /* we need to do that to handle the case where a signal
1158 occurs while doing tb_phys_invalidate() */
1159 saved_tb = NULL;
1160 if (env) {
1161 saved_tb = env->current_tb;
1162 env->current_tb = NULL;
1163 }
9fa3e853 1164 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1165 if (env) {
1166 env->current_tb = saved_tb;
1167 if (env->interrupt_request && env->current_tb)
1168 cpu_interrupt(env, env->interrupt_request);
1169 }
9fa3e853
FB		 1170 }
1171 tb = tb_next;
1172 }
1173#if !defined(CONFIG_USER_ONLY)
1174 /* if no code remaining, no need to continue to use slow writes */
1175 if (!p->first_tb) {
1176 invalidate_page_bitmap(p);
d720b93d 1177 if (is_cpu_write_access) {
2e70f6ef 1178 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1179 }
1180 }
1181#endif
1182#ifdef TARGET_HAS_PRECISE_SMC
1183 if (current_tb_modified) {
1184 /* we generate a block containing just the instruction
1185 modifying the memory. It will ensure that it cannot modify
1186 itself */
ea1c1802 1187 env->current_tb = NULL;
2e70f6ef 1188 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1189 cpu_resume_from_signal(env, NULL);
9fa3e853 1190 }
fd6ce8f6 1191#endif
9fa3e853 1192}
fd6ce8f6 1193
9fa3e853 1194/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1195static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1196{
1197 PageDesc *p;
1198 int offset, b;
59817ccb 1199#if 0
a4193c8a 1200 if (1) {
93fcfe39
AL		 1201 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1202 cpu_single_env->mem_io_vaddr, len,
1203 cpu_single_env->eip,
1204 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1205 }
1206#endif
9fa3e853 1207 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1208 if (!p)
9fa3e853
FB		 1209 return;
1210 if (p->code_bitmap) {
1211 offset = start & ~TARGET_PAGE_MASK;
1212 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1213 if (b & ((1 << len) - 1))
1214 goto do_invalidate;
1215 } else {
1216 do_invalidate:
d720b93d 1217 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1218 }
1219}
1220
9fa3e853 1221#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1222static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1223 unsigned long pc, void *puc)
9fa3e853 1224{
6b917547 1225 TranslationBlock *tb;
9fa3e853 1226 PageDesc *p;
6b917547 1227 int n;
d720b93d 1228#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1229 TranslationBlock *current_tb = NULL;
d720b93d 1230 CPUState *env = cpu_single_env;
6b917547
AL		 1231 int current_tb_modified = 0;
1232 target_ulong current_pc = 0;
1233 target_ulong current_cs_base = 0;
1234 int current_flags = 0;
d720b93d 1235#endif
9fa3e853
FB		 1236
1237 addr &= TARGET_PAGE_MASK;
1238 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1239 if (!p)
9fa3e853
FB		 1240 return;
1241 tb = p->first_tb;
d720b93d
FB		 1242#ifdef TARGET_HAS_PRECISE_SMC
1243 if (tb && pc != 0) {
1244 current_tb = tb_find_pc(pc);
1245 }
1246#endif
9fa3e853
FB		 1247 while (tb != NULL) {
1248 n = (long)tb & 3;
1249 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1250#ifdef TARGET_HAS_PRECISE_SMC
1251 if (current_tb == tb &&
2e70f6ef 1252 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1253 /* If we are modifying the current TB, we must stop
1254 its execution. We could be more precise by checking
1255 that the modification is after the current PC, but it
1256 would require a specialized function to partially
1257 restore the CPU state */
3b46e624 1258
d720b93d 1259 current_tb_modified = 1;
618ba8e6 1260 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1261 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1262 &current_flags);
d720b93d
FB		 1263 }
1264#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1265 tb_phys_invalidate(tb, addr);
1266 tb = tb->page_next[n];
1267 }
fd6ce8f6 1268 p->first_tb = NULL;
d720b93d
FB		 1269#ifdef TARGET_HAS_PRECISE_SMC
1270 if (current_tb_modified) {
1271 /* we generate a block containing just the instruction
1272 modifying the memory. It will ensure that it cannot modify
1273 itself */
ea1c1802 1274 env->current_tb = NULL;
2e70f6ef 1275 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1276 cpu_resume_from_signal(env, puc);
1277 }
1278#endif
fd6ce8f6 1279}
9fa3e853 1280#endif
fd6ce8f6
FB		 1281
1282/* add the tb in the target page and protect it if necessary */
5fafdf24 1283static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1284 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1285{
1286 PageDesc *p;
4429ab44
JQ		 1287#ifndef CONFIG_USER_ONLY
1288 bool page_already_protected;
1289#endif
9fa3e853
FB		 1290
1291 tb->page_addr[n] = page_addr;
5cd2c5b6 1292 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1293 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1294#ifndef CONFIG_USER_ONLY
1295 page_already_protected = p->first_tb != NULL;
1296#endif
9fa3e853
FB		 1297 p->first_tb = (TranslationBlock *)((long)tb | n);
1298 invalidate_page_bitmap(p);
fd6ce8f6 1299
107db443 1300#if defined(TARGET_HAS_SMC) || 1
d720b93d 1301
9fa3e853 1302#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1303 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1304 target_ulong addr;
1305 PageDesc *p2;
9fa3e853
FB		 1306 int prot;
1307
fd6ce8f6
FB		 1308 /* force the host page as non writable (writes will have a
1309 page fault + mprotect overhead) */
53a5960a 1310 page_addr &= qemu_host_page_mask;
fd6ce8f6 1311 prot = 0;
53a5960a
PB		 1312 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1313 addr += TARGET_PAGE_SIZE) {
1314
1315 p2 = page_find (addr >> TARGET_PAGE_BITS);
1316 if (!p2)
1317 continue;
1318 prot |= p2->flags;
1319 p2->flags &= ~PAGE_WRITE;
53a5960a 1320 }
5fafdf24 1321 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1322 (prot & PAGE_BITS) & ~PAGE_WRITE);
1323#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1324 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1325 page_addr);
fd6ce8f6 1326#endif
fd6ce8f6 1327 }
9fa3e853
FB		 1328#else
1329 /* if some code is already present, then the pages are already
1330 protected. So we handle the case where only the first TB is
1331 allocated in a physical page */
4429ab44 1332 if (!page_already_protected) {
6a00d601 1333 tlb_protect_code(page_addr);
9fa3e853
FB		 1334 }
1335#endif
d720b93d
FB		 1336
1337#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1338}
1339
9fa3e853
FB		 1340/* add a new TB and link it to the physical page tables. phys_page2 is
1341 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1342void tb_link_page(TranslationBlock *tb,
1343 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1344{
9fa3e853
FB		 1345 unsigned int h;
1346 TranslationBlock **ptb;
1347
c8a706fe
PB		 1348 /* Grab the mmap lock to stop another thread invalidating this TB
1349 before we are done. */
1350 mmap_lock();
9fa3e853
FB		 1351 /* add in the physical hash table */
1352 h = tb_phys_hash_func(phys_pc);
1353 ptb = &tb_phys_hash[h];
1354 tb->phys_hash_next = *ptb;
1355 *ptb = tb;
fd6ce8f6
FB		 1356
1357 /* add in the page list */
9fa3e853
FB		 1358 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1359 if (phys_page2 != -1)
1360 tb_alloc_page(tb, 1, phys_page2);
1361 else
1362 tb->page_addr[1] = -1;
9fa3e853 1363
d4e8164f
FB		 1364 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1365 tb->jmp_next[0] = NULL;
1366 tb->jmp_next[1] = NULL;
1367
1368 /* init original jump addresses */
1369 if (tb->tb_next_offset[0] != 0xffff)
1370 tb_reset_jump(tb, 0);
1371 if (tb->tb_next_offset[1] != 0xffff)
1372 tb_reset_jump(tb, 1);
8a40a180
FB		 1373
1374#ifdef DEBUG_TB_CHECK
1375 tb_page_check();
1376#endif
c8a706fe 1377 mmap_unlock();
fd6ce8f6
FB		 1378}
1379
9fa3e853
FB		 1380/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1381 tb[1].tc_ptr. Return NULL if not found */
1382TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1383{
9fa3e853
FB		 1384 int m_min, m_max, m;
1385 unsigned long v;
1386 TranslationBlock *tb;
a513fe19
FB		 1387
1388 if (nb_tbs <= 0)
1389 return NULL;
1390 if (tc_ptr < (unsigned long)code_gen_buffer ||
1391 tc_ptr >= (unsigned long)code_gen_ptr)
1392 return NULL;
1393 /* binary search (cf Knuth) */
1394 m_min = 0;
1395 m_max = nb_tbs - 1;
1396 while (m_min <= m_max) {
1397 m = (m_min + m_max) >> 1;
1398 tb = &tbs[m];
1399 v = (unsigned long)tb->tc_ptr;
1400 if (v == tc_ptr)
1401 return tb;
1402 else if (tc_ptr < v) {
1403 m_max = m - 1;
1404 } else {
1405 m_min = m + 1;
1406 }
5fafdf24 1407 }
a513fe19
FB		 1408 return &tbs[m_max];
1409}
7501267e 1410
ea041c0e
FB		 1411static void tb_reset_jump_recursive(TranslationBlock *tb);
1412
1413static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1414{
1415 TranslationBlock *tb1, *tb_next, **ptb;
1416 unsigned int n1;
1417
1418 tb1 = tb->jmp_next[n];
1419 if (tb1 != NULL) {
1420 /* find head of list */
1421 for(;;) {
1422 n1 = (long)tb1 & 3;
1423 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1424 if (n1 == 2)
1425 break;
1426 tb1 = tb1->jmp_next[n1];
1427 }
1428 /* we are now sure now that tb jumps to tb1 */
1429 tb_next = tb1;
1430
1431 /* remove tb from the jmp_first list */
1432 ptb = &tb_next->jmp_first;
1433 for(;;) {
1434 tb1 = *ptb;
1435 n1 = (long)tb1 & 3;
1436 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1437 if (n1 == n && tb1 == tb)
1438 break;
1439 ptb = &tb1->jmp_next[n1];
1440 }
1441 *ptb = tb->jmp_next[n];
1442 tb->jmp_next[n] = NULL;
3b46e624 1443
ea041c0e
FB		 1444 /* suppress the jump to next tb in generated code */
1445 tb_reset_jump(tb, n);
1446
0124311e 1447 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1448 tb_reset_jump_recursive(tb_next);
1449 }
1450}
1451
1452static void tb_reset_jump_recursive(TranslationBlock *tb)
1453{
1454 tb_reset_jump_recursive2(tb, 0);
1455 tb_reset_jump_recursive2(tb, 1);
1456}
1457
1fddef4b 1458#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1459#if defined(CONFIG_USER_ONLY)
1460static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1461{
1462 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1463}
1464#else
d720b93d
FB		 1465static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1466{
c227f099 1467 target_phys_addr_t addr;
c227f099 1468 ram_addr_t ram_addr;
f3705d53 1469 MemoryRegionSection *section;
d720b93d 1470
c2f07f81 1471 addr = cpu_get_phys_page_debug(env, pc);
06ef3525 1472 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1473 if (!(memory_region_is_ram(section->mr)
1474 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1475 return;
1476 }
f3705d53
AK		 1477 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1478 + section_addr(section, addr);
706cd4b5 1479 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1480}
c27004ec 1481#endif
94df27fd 1482#endif /* TARGET_HAS_ICE */
d720b93d 1483
c527ee8f
PB		 1484#if defined(CONFIG_USER_ONLY)
1485void cpu_watchpoint_remove_all(CPUState *env, int mask)
1486
1487{
1488}
1489
1490int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1491 int flags, CPUWatchpoint **watchpoint)
1492{
1493 return -ENOSYS;
1494}
1495#else
6658ffb8 1496/* Add a watchpoint. */
a1d1bb31
AL		 1497int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1498 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1499{
b4051334 1500 target_ulong len_mask = ~(len - 1);
c0ce998e 1501 CPUWatchpoint *wp;
6658ffb8 1502
b4051334 1503 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1504 if ((len & (len - 1)) || (addr & ~len_mask) ||
1505 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1506 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1507 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1508 return -EINVAL;
1509 }
7267c094 1510 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1511
1512 wp->vaddr = addr;
b4051334 1513 wp->len_mask = len_mask;
a1d1bb31
AL		 1514 wp->flags = flags;
1515
2dc9f411 1516 /* keep all GDB-injected watchpoints in front */
c0ce998e 1517 if (flags & BP_GDB)
72cf2d4f 1518 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1519 else
72cf2d4f 1520 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1521
6658ffb8 1522 tlb_flush_page(env, addr);
a1d1bb31
AL		 1523
1524 if (watchpoint)
1525 *watchpoint = wp;
1526 return 0;
6658ffb8
PB		 1527}
1528
a1d1bb31
AL		 1529/* Remove a specific watchpoint. */
1530int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1531 int flags)
6658ffb8 1532{
b4051334 1533 target_ulong len_mask = ~(len - 1);
a1d1bb31 1534 CPUWatchpoint *wp;
6658ffb8 1535
72cf2d4f 1536 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1537 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1538 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1539 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1540 return 0;
1541 }
1542 }
a1d1bb31 1543 return -ENOENT;
6658ffb8
PB		 1544}
1545
a1d1bb31
AL		 1546/* Remove a specific watchpoint by reference. */
1547void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1548{
72cf2d4f 1549 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1550
a1d1bb31
AL		 1551 tlb_flush_page(env, watchpoint->vaddr);
1552
7267c094 1553 g_free(watchpoint);
a1d1bb31
AL		 1554}
1555
1556/* Remove all matching watchpoints. */
1557void cpu_watchpoint_remove_all(CPUState *env, int mask)
1558{
c0ce998e 1559 CPUWatchpoint *wp, *next;
a1d1bb31 1560
72cf2d4f 1561 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1562 if (wp->flags & mask)
1563 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1564 }
7d03f82f 1565}
c527ee8f 1566#endif
7d03f82f 1567
a1d1bb31
AL		 1568/* Add a breakpoint. */
1569int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1570 CPUBreakpoint **breakpoint)
4c3a88a2 1571{
1fddef4b 1572#if defined(TARGET_HAS_ICE)
c0ce998e 1573 CPUBreakpoint *bp;
3b46e624 1574
7267c094 1575 bp = g_malloc(sizeof(*bp));
4c3a88a2 1576
a1d1bb31
AL		 1577 bp->pc = pc;
1578 bp->flags = flags;
1579
2dc9f411 1580 /* keep all GDB-injected breakpoints in front */
c0ce998e 1581 if (flags & BP_GDB)
72cf2d4f 1582 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1583 else
72cf2d4f 1584 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1585
d720b93d 1586 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1587
1588 if (breakpoint)
1589 *breakpoint = bp;
4c3a88a2
FB		 1590 return 0;
1591#else
a1d1bb31 1592 return -ENOSYS;
4c3a88a2
FB		 1593#endif
1594}
1595
a1d1bb31
AL		 1596/* Remove a specific breakpoint. */
1597int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1598{
7d03f82f 1599#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1600 CPUBreakpoint *bp;
1601
72cf2d4f 1602 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1603 if (bp->pc == pc && bp->flags == flags) {
1604 cpu_breakpoint_remove_by_ref(env, bp);
1605 return 0;
1606 }
7d03f82f 1607 }
a1d1bb31
AL		 1608 return -ENOENT;
1609#else
1610 return -ENOSYS;
7d03f82f
EI		 1611#endif
1612}
1613
a1d1bb31
AL		 1614/* Remove a specific breakpoint by reference. */
1615void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1616{
1fddef4b 1617#if defined(TARGET_HAS_ICE)
72cf2d4f 1618 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1619
a1d1bb31
AL		 1620 breakpoint_invalidate(env, breakpoint->pc);
1621
7267c094 1622 g_free(breakpoint);
a1d1bb31
AL		 1623#endif
1624}
1625
1626/* Remove all matching breakpoints. */
1627void cpu_breakpoint_remove_all(CPUState *env, int mask)
1628{
1629#if defined(TARGET_HAS_ICE)
c0ce998e 1630 CPUBreakpoint *bp, *next;
a1d1bb31 1631
72cf2d4f 1632 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1633 if (bp->flags & mask)
1634 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1635 }
4c3a88a2
FB		 1636#endif
1637}
1638
c33a346e
FB		 1639/* enable or disable single step mode. EXCP_DEBUG is returned by the
1640 CPU loop after each instruction */
1641void cpu_single_step(CPUState *env, int enabled)
1642{
1fddef4b 1643#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1644 if (env->singlestep_enabled != enabled) {
1645 env->singlestep_enabled = enabled;
e22a25c9
AL		 1646 if (kvm_enabled())
1647 kvm_update_guest_debug(env, 0);
1648 else {
ccbb4d44 1649 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1650 /* XXX: only flush what is necessary */
1651 tb_flush(env);
1652 }
c33a346e
FB		 1653 }
1654#endif
1655}
1656
34865134
FB		 1657/* enable or disable low levels log */
1658void cpu_set_log(int log_flags)
1659{
1660 loglevel = log_flags;
1661 if (loglevel && !logfile) {
11fcfab4 1662 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1663 if (!logfile) {
1664 perror(logfilename);
1665 _exit(1);
1666 }
9fa3e853
FB		 1667#if !defined(CONFIG_SOFTMMU)
1668 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1669 {
b55266b5 1670 static char logfile_buf[4096];
9fa3e853
FB		 1671 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1672 }
daf767b1
SW		 1673#elif defined(_WIN32)
1674 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1675 setvbuf(logfile, NULL, _IONBF, 0);
1676#else
34865134 1677 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1678#endif
e735b91c
PB		 1679 log_append = 1;
1680 }
1681 if (!loglevel && logfile) {
1682 fclose(logfile);
1683 logfile = NULL;
34865134
FB		 1684 }
1685}
1686
1687void cpu_set_log_filename(const char *filename)
1688{
1689 logfilename = strdup(filename);
e735b91c
PB		 1690 if (logfile) {
1691 fclose(logfile);
1692 logfile = NULL;
1693 }
1694 cpu_set_log(loglevel);
34865134 1695}
c33a346e 1696
3098dba0 1697static void cpu_unlink_tb(CPUState *env)
ea041c0e 1698{
3098dba0
AJ		 1699 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1700 problem and hope the cpu will stop of its own accord. For userspace
1701 emulation this often isn't actually as bad as it sounds. Often
1702 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1703 TranslationBlock *tb;
c227f099 1704 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1705
cab1b4bd 1706 spin_lock(&interrupt_lock);
3098dba0
AJ		 1707 tb = env->current_tb;
1708 /* if the cpu is currently executing code, we must unlink it and
1709 all the potentially executing TB */
f76cfe56 1710 if (tb) {
3098dba0
AJ		 1711 env->current_tb = NULL;
1712 tb_reset_jump_recursive(tb);
be214e6c 1713 }
cab1b4bd 1714 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1715}
1716
97ffbd8d 1717#ifndef CONFIG_USER_ONLY
3098dba0 1718/* mask must never be zero, except for A20 change call */
ec6959d0 1719static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1720{
1721 int old_mask;
be214e6c 1722
2e70f6ef 1723 old_mask = env->interrupt_request;
68a79315 1724 env->interrupt_request |= mask;
3098dba0 1725
8edac960
AL		 1726 /*
1727 * If called from iothread context, wake the target cpu in
1728 * case its halted.
1729 */
b7680cb6 1730 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1731 qemu_cpu_kick(env);
1732 return;
1733 }
8edac960 1734
2e70f6ef 1735 if (use_icount) {
266910c4 1736 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1737 if (!can_do_io(env)
be214e6c 1738 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1739 cpu_abort(env, "Raised interrupt while not in I/O function");
1740 }
2e70f6ef 1741 } else {
3098dba0 1742 cpu_unlink_tb(env);
ea041c0e
FB		 1743 }
1744}
1745
ec6959d0
JK		 1746CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1747
97ffbd8d
JK		 1748#else /* CONFIG_USER_ONLY */
1749
1750void cpu_interrupt(CPUState *env, int mask)
1751{
1752 env->interrupt_request |= mask;
1753 cpu_unlink_tb(env);
1754}
1755#endif /* CONFIG_USER_ONLY */
1756
b54ad049
FB		 1757void cpu_reset_interrupt(CPUState *env, int mask)
1758{
1759 env->interrupt_request &= ~mask;
1760}
1761
3098dba0
AJ		 1762void cpu_exit(CPUState *env)
1763{
1764 env->exit_request = 1;
1765 cpu_unlink_tb(env);
1766}
1767
c7cd6a37 1768const CPULogItem cpu_log_items[] = {
5fafdf24 1769 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1770 "show generated host assembly code for each compiled TB" },
1771 { CPU_LOG_TB_IN_ASM, "in_asm",
1772 "show target assembly code for each compiled TB" },
5fafdf24 1773 { CPU_LOG_TB_OP, "op",
57fec1fe 1774 "show micro ops for each compiled TB" },
f193c797 1775 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1776 "show micro ops "
1777#ifdef TARGET_I386
1778 "before eflags optimization and "
f193c797 1779#endif
e01a1157 1780 "after liveness analysis" },
f193c797
FB		 1781 { CPU_LOG_INT, "int",
1782 "show interrupts/exceptions in short format" },
1783 { CPU_LOG_EXEC, "exec",
1784 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1785 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1786 "show CPU state before block translation" },
f193c797
FB		 1787#ifdef TARGET_I386
1788 { CPU_LOG_PCALL, "pcall",
1789 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1790 { CPU_LOG_RESET, "cpu_reset",
1791 "show CPU state before CPU resets" },
f193c797 1792#endif
8e3a9fd2 1793#ifdef DEBUG_IOPORT
fd872598
FB		 1794 { CPU_LOG_IOPORT, "ioport",
1795 "show all i/o ports accesses" },
8e3a9fd2 1796#endif
f193c797
FB		 1797 { 0, NULL, NULL },
1798};
1799
1800static int cmp1(const char *s1, int n, const char *s2)
1801{
1802 if (strlen(s2) != n)
1803 return 0;
1804 return memcmp(s1, s2, n) == 0;
1805}
3b46e624 1806
f193c797
FB		 1807/* takes a comma separated list of log masks. Return 0 if error. */
1808int cpu_str_to_log_mask(const char *str)
1809{
c7cd6a37 1810 const CPULogItem *item;
f193c797
FB		 1811 int mask;
1812 const char *p, *p1;
1813
1814 p = str;
1815 mask = 0;
1816 for(;;) {
1817 p1 = strchr(p, ',');
1818 if (!p1)
1819 p1 = p + strlen(p);
9742bf26
YT		 1820 if(cmp1(p,p1-p,"all")) {
1821 for(item = cpu_log_items; item->mask != 0; item++) {
1822 mask |= item->mask;
1823 }
1824 } else {
1825 for(item = cpu_log_items; item->mask != 0; item++) {
1826 if (cmp1(p, p1 - p, item->name))
1827 goto found;
1828 }
1829 return 0;
f193c797 1830 }
f193c797
FB		 1831 found:
1832 mask |= item->mask;
1833 if (*p1 != ',')
1834 break;
1835 p = p1 + 1;
1836 }
1837 return mask;
1838}
ea041c0e 1839
7501267e
FB		 1840void cpu_abort(CPUState *env, const char *fmt, ...)
1841{
1842 va_list ap;
493ae1f0 1843 va_list ap2;
7501267e
FB		 1844
1845 va_start(ap, fmt);
493ae1f0 1846 va_copy(ap2, ap);
7501267e
FB		 1847 fprintf(stderr, "qemu: fatal: ");
1848 vfprintf(stderr, fmt, ap);
1849 fprintf(stderr, "\n");
1850#ifdef TARGET_I386
7fe48483
FB		 1851 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1852#else
1853 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1854#endif
93fcfe39
AL		 1855 if (qemu_log_enabled()) {
1856 qemu_log("qemu: fatal: ");
1857 qemu_log_vprintf(fmt, ap2);
1858 qemu_log("\n");
f9373291 1859#ifdef TARGET_I386
93fcfe39 1860 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1861#else
93fcfe39 1862 log_cpu_state(env, 0);
f9373291 1863#endif
31b1a7b4 1864 qemu_log_flush();
93fcfe39 1865 qemu_log_close();
924edcae 1866 }
493ae1f0 1867 va_end(ap2);
f9373291 1868 va_end(ap);
fd052bf6
RV		 1869#if defined(CONFIG_USER_ONLY)
1870 {
1871 struct sigaction act;
1872 sigfillset(&act.sa_mask);
1873 act.sa_handler = SIG_DFL;
1874 sigaction(SIGABRT, &act, NULL);
1875 }
1876#endif
7501267e
FB		 1877 abort();
1878}
1879
c5be9f08
TS		 1880CPUState *cpu_copy(CPUState *env)
1881{
01ba9816 1882 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1883 CPUState *next_cpu = new_env->next_cpu;
1884 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1885#if defined(TARGET_HAS_ICE)
1886 CPUBreakpoint *bp;
1887 CPUWatchpoint *wp;
1888#endif
1889
c5be9f08 1890 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1891
1892 /* Preserve chaining and index. */
c5be9f08
TS		 1893 new_env->next_cpu = next_cpu;
1894 new_env->cpu_index = cpu_index;
5a38f081
AL		 1895
1896 /* Clone all break/watchpoints.
1897 Note: Once we support ptrace with hw-debug register access, make sure
1898 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1899 QTAILQ_INIT(&env->breakpoints);
1900 QTAILQ_INIT(&env->watchpoints);
5a38f081 1901#if defined(TARGET_HAS_ICE)
72cf2d4f 1902 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1903 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1904 }
72cf2d4f 1905 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1906 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1907 wp->flags, NULL);
1908 }
1909#endif
1910
c5be9f08
TS		 1911 return new_env;
1912}
1913
0124311e
FB		 1914#if !defined(CONFIG_USER_ONLY)
1915
5c751e99
EI		 1916static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1917{
1918 unsigned int i;
1919
1920 /* Discard jump cache entries for any tb which might potentially
1921 overlap the flushed page. */
1922 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1923 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1924 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1925
1926 i = tb_jmp_cache_hash_page(addr);
1927 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1928 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1929}
1930
08738984
IK		 1931static CPUTLBEntry s_cputlb_empty_entry = {
1932 .addr_read = -1,
1933 .addr_write = -1,
1934 .addr_code = -1,
1935 .addend = -1,
1936};
1937
771124e1
PM		 1938/* NOTE:
1939 * If flush_global is true (the usual case), flush all tlb entries.
1940 * If flush_global is false, flush (at least) all tlb entries not
1941 * marked global.
1942 *
1943 * Since QEMU doesn't currently implement a global/not-global flag
1944 * for tlb entries, at the moment tlb_flush() will also flush all
1945 * tlb entries in the flush_global == false case. This is OK because
1946 * CPU architectures generally permit an implementation to drop
1947 * entries from the TLB at any time, so flushing more entries than
1948 * required is only an efficiency issue, not a correctness issue.
1949 */
ee8b7021 1950void tlb_flush(CPUState *env, int flush_global)
33417e70 1951{
33417e70 1952 int i;
0124311e 1953
9fa3e853
FB		 1954#if defined(DEBUG_TLB)
1955 printf("tlb_flush:\n");
1956#endif
0124311e
FB		 1957 /* must reset current TB so that interrupts cannot modify the
1958 links while we are modifying them */
1959 env->current_tb = NULL;
1960
33417e70 1961 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1962 int mmu_idx;
1963 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1964 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1965 }
33417e70 1966 }
9fa3e853 1967
8a40a180 1968 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1969
d4c430a8
PB		 1970 env->tlb_flush_addr = -1;
1971 env->tlb_flush_mask = 0;
e3db7226 1972 tlb_flush_count++;
33417e70
FB		 1973}
1974
274da6b2 1975static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1976{
5fafdf24 1977 if (addr == (tlb_entry->addr_read &
84b7b8e7 1978 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1979 addr == (tlb_entry->addr_write &
84b7b8e7 1980 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1981 addr == (tlb_entry->addr_code &
84b7b8e7 1982 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1983 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1984 }
61382a50
FB		 1985}
1986
2e12669a 1987void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1988{
8a40a180 1989 int i;
cfde4bd9 1990 int mmu_idx;
0124311e 1991
9fa3e853 1992#if defined(DEBUG_TLB)
108c49b8 1993 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1994#endif
d4c430a8
PB		 1995 /* Check if we need to flush due to large pages. */
1996 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1997#if defined(DEBUG_TLB)
1998 printf("tlb_flush_page: forced full flush ("
1999 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2000 env->tlb_flush_addr, env->tlb_flush_mask);
2001#endif
2002 tlb_flush(env, 1);
2003 return;
2004 }
0124311e
FB		 2005 /* must reset current TB so that interrupts cannot modify the
2006 links while we are modifying them */
2007 env->current_tb = NULL;
61382a50
FB		 2008
2009 addr &= TARGET_PAGE_MASK;
2010 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2011 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2012 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 2013
5c751e99 2014 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 2015}
2016
9fa3e853
FB		 2017/* update the TLBs so that writes to code in the virtual page 'addr'
2018 can be detected */
c227f099 2019static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 2020{
5fafdf24 2021 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 2022 ram_addr + TARGET_PAGE_SIZE,
2023 CODE_DIRTY_FLAG);
9fa3e853
FB		 2024}
2025
9fa3e853 2026/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 2027 tested for self modifying code */
c227f099 2028static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 2029 target_ulong vaddr)
9fa3e853 2030{
f7c11b53 2031 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 2032}
2033
5fafdf24 2034static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 2035 unsigned long start, unsigned long length)
2036{
2037 unsigned long addr;
0e0df1e2 2038 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 2039 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 2040 if ((addr - start) < length) {
0f459d16 2041 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 2042 }
2043 }
2044}
2045
5579c7f3 2046/* Note: start and end must be within the same ram block. */
c227f099 2047void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 2048 int dirty_flags)
1ccde1cb
FB		 2049{
2050 CPUState *env;
4f2ac237 2051 unsigned long length, start1;
f7c11b53 2052 int i;
1ccde1cb
FB		 2053
2054 start &= TARGET_PAGE_MASK;
2055 end = TARGET_PAGE_ALIGN(end);
2056
2057 length = end - start;
2058 if (length == 0)
2059 return;
f7c11b53 2060 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2061
1ccde1cb
FB		 2062 /* we modify the TLB cache so that the dirty bit will be set again
2063 when accessing the range */
b2e0a138 2064 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2065 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2066 address comparisons below. */
b2e0a138 2067 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2068 != (end - 1) - start) {
2069 abort();
2070 }
2071
6a00d601 2072 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2073 int mmu_idx;
2074 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2075 for(i = 0; i < CPU_TLB_SIZE; i++)
2076 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2077 start1, length);
2078 }
6a00d601 2079 }
1ccde1cb
FB		 2080}
2081
74576198
AL		 2082int cpu_physical_memory_set_dirty_tracking(int enable)
2083{
f6f3fbca 2084 int ret = 0;
74576198 2085 in_migration = enable;
f6f3fbca 2086 return ret;
74576198
AL		 2087}
2088
3a7d929e
FB		 2089static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2090{
c227f099 2091 ram_addr_t ram_addr;
5579c7f3 2092 void *p;
3a7d929e 2093
0e0df1e2 2094 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2095 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2096 + tlb_entry->addend);
e890261f 2097 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2098 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2099 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2100 }
2101 }
2102}
2103
2104/* update the TLB according to the current state of the dirty bits */
2105void cpu_tlb_update_dirty(CPUState *env)
2106{
2107 int i;
cfde4bd9
IY		 2108 int mmu_idx;
2109 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2110 for(i = 0; i < CPU_TLB_SIZE; i++)
2111 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2112 }
3a7d929e
FB		 2113}
2114
0f459d16 2115static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2116{
0f459d16
PB		 2117 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2118 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2119}
2120
0f459d16
PB		 2121/* update the TLB corresponding to virtual page vaddr
2122 so that it is no longer dirty */
2123static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2124{
1ccde1cb 2125 int i;
cfde4bd9 2126 int mmu_idx;
1ccde1cb 2127
0f459d16 2128 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2129 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2130 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2131 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2132}
2133
d4c430a8
PB		 2134/* Our TLB does not support large pages, so remember the area covered by
2135 large pages and trigger a full TLB flush if these are invalidated. */
2136static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2137 target_ulong size)
2138{
2139 target_ulong mask = ~(size - 1);
2140
2141 if (env->tlb_flush_addr == (target_ulong)-1) {
2142 env->tlb_flush_addr = vaddr & mask;
2143 env->tlb_flush_mask = mask;
2144 return;
2145 }
2146 /* Extend the existing region to include the new page.
2147 This is a compromise between unnecessary flushes and the cost
2148 of maintaining a full variable size TLB. */
2149 mask &= env->tlb_flush_mask;
2150 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2151 mask <<= 1;
2152 }
2153 env->tlb_flush_addr &= mask;
2154 env->tlb_flush_mask = mask;
2155}
2156
06ef3525 2157static bool is_ram_rom(MemoryRegionSection *s)
1d393fa2 2158{
06ef3525 2159 return memory_region_is_ram(s->mr);
1d393fa2
AK		 2160}
2161
06ef3525 2162static bool is_romd(MemoryRegionSection *s)
75c578dc 2163{
06ef3525 2164 MemoryRegion *mr = s->mr;
75c578dc 2165
75c578dc
AK		 2166 return mr->rom_device && mr->readable;
2167}
2168
06ef3525 2169static bool is_ram_rom_romd(MemoryRegionSection *s)
1d393fa2 2170{
06ef3525 2171 return is_ram_rom(s) || is_romd(s);
1d393fa2
AK		 2172}
2173
d4c430a8
PB		 2174/* Add a new TLB entry. At most one entry for a given virtual address
2175 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2176 supplied size is only used by tlb_flush_page. */
2177void tlb_set_page(CPUState *env, target_ulong vaddr,
2178 target_phys_addr_t paddr, int prot,
2179 int mmu_idx, target_ulong size)
9fa3e853 2180{
f3705d53 2181 MemoryRegionSection *section;
9fa3e853 2182 unsigned int index;
4f2ac237 2183 target_ulong address;
0f459d16 2184 target_ulong code_address;
355b1943 2185 unsigned long addend;
84b7b8e7 2186 CPUTLBEntry *te;
a1d1bb31 2187 CPUWatchpoint *wp;
c227f099 2188 target_phys_addr_t iotlb;
9fa3e853 2189
d4c430a8
PB		 2190 assert(size >= TARGET_PAGE_SIZE);
2191 if (size != TARGET_PAGE_SIZE) {
2192 tlb_add_large_page(env, vaddr, size);
2193 }
06ef3525 2194 section = phys_page_find(paddr >> TARGET_PAGE_BITS);
9fa3e853 2195#if defined(DEBUG_TLB)
7fd3f494
SW		 2196 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2197 " prot=%x idx=%d pd=0x%08lx\n",
2198 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2199#endif
2200
0f459d16 2201 address = vaddr;
f3705d53 2202 if (!is_ram_rom_romd(section)) {
0f459d16
PB		 2203 /* IO memory case (romd handled later) */
2204 address |= TLB_MMIO;
2205 }
f3705d53
AK		 2206 if (is_ram_rom_romd(section)) {
2207 addend = (unsigned long)memory_region_get_ram_ptr(section->mr)
2208 + section_addr(section, paddr);
06ef3525
AK		 2209 } else {
2210 addend = 0;
2211 }
f3705d53 2212 if (is_ram_rom(section)) {
0f459d16 2213 /* Normal RAM. */
f3705d53
AK		 2214 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2215 + section_addr(section, paddr);
2216 if (!section->readonly)
0e0df1e2 2217 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2218 else
0e0df1e2 2219 iotlb |= io_mem_rom.ram_addr;
0f459d16 2220 } else {
ccbb4d44 2221 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2222 It would be nice to pass an offset from the base address
2223 of that region. This would avoid having to special case RAM,
2224 and avoid full address decoding in every device.
2225 We can't use the high bits of pd for this because
2226 IO_MEM_ROMD uses these as a ram address. */
f3705d53
AK		 2227 iotlb = memory_region_get_ram_addr(section->mr) & ~TARGET_PAGE_MASK;
2228 iotlb += section_addr(section, paddr);
0f459d16
PB		 2229 }
2230
2231 code_address = address;
2232 /* Make accesses to pages with watchpoints go via the
2233 watchpoint trap routines. */
72cf2d4f 2234 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2235 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2236 /* Avoid trapping reads of pages with a write breakpoint. */
2237 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2238 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2239 address |= TLB_MMIO;
2240 break;
2241 }
6658ffb8 2242 }
0f459d16 2243 }
d79acba4 2244
0f459d16
PB		 2245 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2246 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2247 te = &env->tlb_table[mmu_idx][index];
2248 te->addend = addend - vaddr;
2249 if (prot & PAGE_READ) {
2250 te->addr_read = address;
2251 } else {
2252 te->addr_read = -1;
2253 }
5c751e99 2254
0f459d16
PB		 2255 if (prot & PAGE_EXEC) {
2256 te->addr_code = code_address;
2257 } else {
2258 te->addr_code = -1;
2259 }
2260 if (prot & PAGE_WRITE) {
f3705d53
AK		 2261 if ((memory_region_is_ram(section->mr) && section->readonly)
2262 || is_romd(section)) {
0f459d16
PB		 2263 /* Write access calls the I/O callback. */
2264 te->addr_write = address | TLB_MMIO;
f3705d53 2265 } else if (memory_region_is_ram(section->mr)
06ef3525 2266 && !cpu_physical_memory_is_dirty(
f3705d53
AK		 2267 section->mr->ram_addr
2268 + section_addr(section, paddr))) {
0f459d16 2269 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2270 } else {
0f459d16 2271 te->addr_write = address;
9fa3e853 2272 }
0f459d16
PB		 2273 } else {
2274 te->addr_write = -1;
9fa3e853 2275 }
9fa3e853
FB		 2276}
2277
0124311e
FB		 2278#else
2279
ee8b7021 2280void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2281{
2282}
2283
2e12669a 2284void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2285{
2286}
2287
edf8e2af
MW		 2288/*
2289 * Walks guest process memory "regions" one by one
2290 * and calls callback function 'fn' for each region.
2291 */
5cd2c5b6
RH		 2292
2293struct walk_memory_regions_data
2294{
2295 walk_memory_regions_fn fn;
2296 void *priv;
2297 unsigned long start;
2298 int prot;
2299};
2300
2301static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2302 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2303{
2304 if (data->start != -1ul) {
2305 int rc = data->fn(data->priv, data->start, end, data->prot);
2306 if (rc != 0) {
2307 return rc;
2308 }
2309 }
2310
2311 data->start = (new_prot ? end : -1ul);
2312 data->prot = new_prot;
2313
2314 return 0;
2315}
2316
2317static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2318 abi_ulong base, int level, void **lp)
5cd2c5b6 2319{
b480d9b7 2320 abi_ulong pa;
5cd2c5b6
RH		 2321 int i, rc;
2322
2323 if (*lp == NULL) {
2324 return walk_memory_regions_end(data, base, 0);
2325 }
2326
2327 if (level == 0) {
2328 PageDesc *pd = *lp;
7296abac 2329 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2330 int prot = pd[i].flags;
2331
2332 pa = base | (i << TARGET_PAGE_BITS);
2333 if (prot != data->prot) {
2334 rc = walk_memory_regions_end(data, pa, prot);
2335 if (rc != 0) {
2336 return rc;
9fa3e853 2337 }
9fa3e853 2338 }
5cd2c5b6
RH		 2339 }
2340 } else {
2341 void **pp = *lp;
7296abac 2342 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2343 pa = base | ((abi_ulong)i <<
2344 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2345 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2346 if (rc != 0) {
2347 return rc;
2348 }
2349 }
2350 }
2351
2352 return 0;
2353}
2354
2355int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2356{
2357 struct walk_memory_regions_data data;
2358 unsigned long i;
2359
2360 data.fn = fn;
2361 data.priv = priv;
2362 data.start = -1ul;
2363 data.prot = 0;
2364
2365 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2366 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2367 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2368 if (rc != 0) {
2369 return rc;
9fa3e853 2370 }
33417e70 2371 }
5cd2c5b6
RH		 2372
2373 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2374}
2375
b480d9b7
PB		 2376static int dump_region(void *priv, abi_ulong start,
2377 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2378{
2379 FILE *f = (FILE *)priv;
2380
b480d9b7
PB		 2381 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2382 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2383 start, end, end - start,
2384 ((prot & PAGE_READ) ? 'r' : '-'),
2385 ((prot & PAGE_WRITE) ? 'w' : '-'),
2386 ((prot & PAGE_EXEC) ? 'x' : '-'));
2387
2388 return (0);
2389}
2390
2391/* dump memory mappings */
2392void page_dump(FILE *f)
2393{
2394 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2395 "start", "end", "size", "prot");
2396 walk_memory_regions(f, dump_region);
33417e70
FB		 2397}
2398
53a5960a 2399int page_get_flags(target_ulong address)
33417e70 2400{
9fa3e853
FB		 2401 PageDesc *p;
2402
2403 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2404 if (!p)
9fa3e853
FB		 2405 return 0;
2406 return p->flags;
2407}
2408
376a7909
RH		 2409/* Modify the flags of a page and invalidate the code if necessary.
2410 The flag PAGE_WRITE_ORG is positioned automatically depending
2411 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2412void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2413{
376a7909
RH		 2414 target_ulong addr, len;
2415
2416 /* This function should never be called with addresses outside the
2417 guest address space. If this assert fires, it probably indicates
2418 a missing call to h2g_valid. */
b480d9b7
PB		 2419#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2420 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2421#endif
2422 assert(start < end);
9fa3e853
FB		 2423
2424 start = start & TARGET_PAGE_MASK;
2425 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2426
2427 if (flags & PAGE_WRITE) {
9fa3e853 2428 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2429 }
2430
2431 for (addr = start, len = end - start;
2432 len != 0;
2433 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2434 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2435
2436 /* If the write protection bit is set, then we invalidate
2437 the code inside. */
5fafdf24 2438 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2439 (flags & PAGE_WRITE) &&
2440 p->first_tb) {
d720b93d 2441 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2442 }
2443 p->flags = flags;
2444 }
33417e70
FB		 2445}
2446
3d97b40b
TS		 2447int page_check_range(target_ulong start, target_ulong len, int flags)
2448{
2449 PageDesc *p;
2450 target_ulong end;
2451 target_ulong addr;
2452
376a7909
RH		 2453 /* This function should never be called with addresses outside the
2454 guest address space. If this assert fires, it probably indicates
2455 a missing call to h2g_valid. */
338e9e6c
BS		 2456#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2457 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2458#endif
2459
3e0650a9
RH		 2460 if (len == 0) {
2461 return 0;
2462 }
376a7909
RH		 2463 if (start + len - 1 < start) {
2464 /* We've wrapped around. */
55f280c9 2465 return -1;
376a7909 2466 }
55f280c9 2467
3d97b40b
TS		 2468 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2469 start = start & TARGET_PAGE_MASK;
2470
376a7909
RH		 2471 for (addr = start, len = end - start;
2472 len != 0;
2473 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2474 p = page_find(addr >> TARGET_PAGE_BITS);
2475 if( !p )
2476 return -1;
2477 if( !(p->flags & PAGE_VALID) )
2478 return -1;
2479
dae3270c 2480 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2481 return -1;
dae3270c
FB		 2482 if (flags & PAGE_WRITE) {
2483 if (!(p->flags & PAGE_WRITE_ORG))
2484 return -1;
2485 /* unprotect the page if it was put read-only because it
2486 contains translated code */
2487 if (!(p->flags & PAGE_WRITE)) {
2488 if (!page_unprotect(addr, 0, NULL))
2489 return -1;
2490 }
2491 return 0;
2492 }
3d97b40b
TS		 2493 }
2494 return 0;
2495}
2496
9fa3e853 2497/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2498 page. Return TRUE if the fault was successfully handled. */
53a5960a 2499int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2500{
45d679d6
AJ		 2501 unsigned int prot;
2502 PageDesc *p;
53a5960a 2503 target_ulong host_start, host_end, addr;
9fa3e853 2504
c8a706fe
PB		 2505 /* Technically this isn't safe inside a signal handler. However we
2506 know this only ever happens in a synchronous SEGV handler, so in
2507 practice it seems to be ok. */
2508 mmap_lock();
2509
45d679d6
AJ		 2510 p = page_find(address >> TARGET_PAGE_BITS);
2511 if (!p) {
c8a706fe 2512 mmap_unlock();
9fa3e853 2513 return 0;
c8a706fe 2514 }
45d679d6 2515
9fa3e853
FB		 2516 /* if the page was really writable, then we change its
2517 protection back to writable */
45d679d6
AJ		 2518 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2519 host_start = address & qemu_host_page_mask;
2520 host_end = host_start + qemu_host_page_size;
2521
2522 prot = 0;
2523 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2524 p = page_find(addr >> TARGET_PAGE_BITS);
2525 p->flags |= PAGE_WRITE;
2526 prot |= p->flags;
2527
9fa3e853
FB		 2528 /* and since the content will be modified, we must invalidate
2529 the corresponding translated code. */
45d679d6 2530 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2531#ifdef DEBUG_TB_CHECK
45d679d6 2532 tb_invalidate_check(addr);
9fa3e853 2533#endif
9fa3e853 2534 }
45d679d6
AJ		 2535 mprotect((void *)g2h(host_start), qemu_host_page_size,
2536 prot & PAGE_BITS);
2537
2538 mmap_unlock();
2539 return 1;
9fa3e853 2540 }
c8a706fe 2541 mmap_unlock();
9fa3e853
FB		 2542 return 0;
2543}
2544
6a00d601
FB		 2545static inline void tlb_set_dirty(CPUState *env,
2546 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2547{
2548}
9fa3e853
FB		 2549#endif /* defined(CONFIG_USER_ONLY) */
2550
e2eef170 2551#if !defined(CONFIG_USER_ONLY)
8da3ff18 2552
c04b2b78
PB		 2553#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2554typedef struct subpage_t {
70c68e44 2555 MemoryRegion iomem;
c04b2b78 2556 target_phys_addr_t base;
5312bd8b 2557 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2558} subpage_t;
2559
c227f099 2560static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2561 uint16_t section);
0f0cb164 2562static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2563static void destroy_page_desc(uint16_t section_index)
54688b1e 2564{
5312bd8b
AK		 2565 MemoryRegionSection *section = &phys_sections[section_index];
2566 MemoryRegion *mr = section->mr;
54688b1e
AK		 2567
2568 if (mr->subpage) {
2569 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2570 memory_region_destroy(&subpage->iomem);
2571 g_free(subpage);
2572 }
2573}
2574
4346ae3e 2575static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2576{
2577 unsigned i;
d6f2ea22 2578 PhysPageEntry *p;
54688b1e 2579
c19e8800 2580 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2581 return;
2582 }
2583
c19e8800 2584 p = phys_map_nodes[lp->ptr];
4346ae3e 2585 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2586 if (!p[i].is_leaf) {
54688b1e 2587 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2588 } else {
c19e8800 2589 destroy_page_desc(p[i].ptr);
54688b1e 2590 }
54688b1e 2591 }
07f07b31 2592 lp->is_leaf = 0;
c19e8800 2593 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2594}
2595
2596static void destroy_all_mappings(void)
2597{
3eef53df 2598 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2599 phys_map_nodes_reset();
54688b1e
AK		 2600}
2601
5312bd8b
AK		 2602static uint16_t phys_section_add(MemoryRegionSection *section)
2603{
2604 if (phys_sections_nb == phys_sections_nb_alloc) {
2605 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2606 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2607 phys_sections_nb_alloc);
2608 }
2609 phys_sections[phys_sections_nb] = *section;
2610 return phys_sections_nb++;
2611}
2612
2613static void phys_sections_clear(void)
2614{
2615 phys_sections_nb = 0;
2616}
2617
8f2498f9
MT		 2618/* register physical memory.
2619 For RAM, 'size' must be a multiple of the target page size.
2620 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2621 io memory page. The address used when calling the IO function is
2622 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2623 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2624 before calculating this offset. This should not be a problem unless
2625 the low bits of start_addr and region_offset differ. */
0f0cb164
AK		 2626static void register_subpage(MemoryRegionSection *section)
2627{
2628 subpage_t *subpage;
2629 target_phys_addr_t base = section->offset_within_address_space
2630 & TARGET_PAGE_MASK;
f3705d53 2631 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2632 MemoryRegionSection subsection = {
2633 .offset_within_address_space = base,
2634 .size = TARGET_PAGE_SIZE,
2635 };
0f0cb164
AK		 2636 target_phys_addr_t start, end;
2637
f3705d53 2638 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2639
f3705d53 2640 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2641 subpage = subpage_init(base);
2642 subsection.mr = &subpage->iomem;
2999097b
AK		 2643 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2644 phys_section_add(&subsection));
0f0cb164 2645 } else {
f3705d53 2646 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2647 }
2648 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2649 end = start + section->size;
2650 subpage_register(subpage, start, end, phys_section_add(section));
2651}
2652
2653
2654static void register_multipage(MemoryRegionSection *section)
33417e70 2655{
dd81124b
AK		 2656 target_phys_addr_t start_addr = section->offset_within_address_space;
2657 ram_addr_t size = section->size;
2999097b 2658 target_phys_addr_t addr;
5312bd8b 2659 uint16_t section_index = phys_section_add(section);
dd81124b 2660
3b8e6a2d 2661 assert(size);
f6f3fbca 2662
3b8e6a2d 2663 addr = start_addr;
2999097b
AK		 2664 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2665 section_index);
33417e70
FB		 2666}
2667
0f0cb164
AK		 2668void cpu_register_physical_memory_log(MemoryRegionSection *section,
2669 bool readonly)
2670{
2671 MemoryRegionSection now = *section, remain = *section;
2672
2673 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2674 || (now.size < TARGET_PAGE_SIZE)) {
2675 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2676 - now.offset_within_address_space,
2677 now.size);
2678 register_subpage(&now);
2679 remain.size -= now.size;
2680 remain.offset_within_address_space += now.size;
2681 remain.offset_within_region += now.size;
2682 }
2683 now = remain;
2684 now.size &= TARGET_PAGE_MASK;
2685 if (now.size) {
2686 register_multipage(&now);
2687 remain.size -= now.size;
2688 remain.offset_within_address_space += now.size;
2689 remain.offset_within_region += now.size;
2690 }
2691 now = remain;
2692 if (now.size) {
2693 register_subpage(&now);
2694 }
2695}
2696
2697
c227f099 2698void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2699{
2700 if (kvm_enabled())
2701 kvm_coalesce_mmio_region(addr, size);
2702}
2703
c227f099 2704void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2705{
2706 if (kvm_enabled())
2707 kvm_uncoalesce_mmio_region(addr, size);
2708}
2709
62a2744c
SY		 2710void qemu_flush_coalesced_mmio_buffer(void)
2711{
2712 if (kvm_enabled())
2713 kvm_flush_coalesced_mmio_buffer();
2714}
2715
c902760f
MT		 2716#if defined(__linux__) && !defined(TARGET_S390X)
2717
2718#include <sys/vfs.h>
2719
2720#define HUGETLBFS_MAGIC 0x958458f6
2721
2722static long gethugepagesize(const char *path)
2723{
2724 struct statfs fs;
2725 int ret;
2726
2727 do {
9742bf26 2728 ret = statfs(path, &fs);
c902760f
MT		 2729 } while (ret != 0 && errno == EINTR);
2730
2731 if (ret != 0) {
9742bf26
YT		 2732 perror(path);
2733 return 0;
c902760f
MT		 2734 }
2735
2736 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2737 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2738
2739 return fs.f_bsize;
2740}
2741
04b16653
AW		 2742static void *file_ram_alloc(RAMBlock *block,
2743 ram_addr_t memory,
2744 const char *path)
c902760f
MT		 2745{
2746 char *filename;
2747 void *area;
2748 int fd;
2749#ifdef MAP_POPULATE
2750 int flags;
2751#endif
2752 unsigned long hpagesize;
2753
2754 hpagesize = gethugepagesize(path);
2755 if (!hpagesize) {
9742bf26 2756 return NULL;
c902760f
MT		 2757 }
2758
2759 if (memory < hpagesize) {
2760 return NULL;
2761 }
2762
2763 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2764 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2765 return NULL;
2766 }
2767
2768 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2769 return NULL;
c902760f
MT		 2770 }
2771
2772 fd = mkstemp(filename);
2773 if (fd < 0) {
9742bf26
YT		 2774 perror("unable to create backing store for hugepages");
2775 free(filename);
2776 return NULL;
c902760f
MT		 2777 }
2778 unlink(filename);
2779 free(filename);
2780
2781 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2782
2783 /*
2784 * ftruncate is not supported by hugetlbfs in older
2785 * hosts, so don't bother bailing out on errors.
2786 * If anything goes wrong with it under other filesystems,
2787 * mmap will fail.
2788 */
2789 if (ftruncate(fd, memory))
9742bf26 2790 perror("ftruncate");
c902760f
MT		 2791
2792#ifdef MAP_POPULATE
2793 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2794 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2795 * to sidestep this quirk.
2796 */
2797 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2798 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2799#else
2800 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2801#endif
2802 if (area == MAP_FAILED) {
9742bf26
YT		 2803 perror("file_ram_alloc: can't mmap RAM pages");
2804 close(fd);
2805 return (NULL);
c902760f 2806 }
04b16653 2807 block->fd = fd;
c902760f
MT		 2808 return area;
2809}
2810#endif
2811
d17b5288 2812static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2813{
2814 RAMBlock *block, *next_block;
3e837b2c 2815 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2816
2817 if (QLIST_EMPTY(&ram_list.blocks))
2818 return 0;
2819
2820 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2821 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2822
2823 end = block->offset + block->length;
2824
2825 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2826 if (next_block->offset >= end) {
2827 next = MIN(next, next_block->offset);
2828 }
2829 }
2830 if (next - end >= size && next - end < mingap) {
3e837b2c 2831 offset = end;
04b16653
AW		 2832 mingap = next - end;
2833 }
2834 }
3e837b2c
AW		 2835
2836 if (offset == RAM_ADDR_MAX) {
2837 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2838 (uint64_t)size);
2839 abort();
2840 }
2841
04b16653
AW		 2842 return offset;
2843}
2844
2845static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2846{
2847 RAMBlock *block;
2848 ram_addr_t last = 0;
2849
2850 QLIST_FOREACH(block, &ram_list.blocks, next)
2851 last = MAX(last, block->offset + block->length);
2852
2853 return last;
2854}
2855
c5705a77 2856void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2857{
2858 RAMBlock *new_block, *block;
2859
c5705a77
AK		 2860 new_block = NULL;
2861 QLIST_FOREACH(block, &ram_list.blocks, next) {
2862 if (block->offset == addr) {
2863 new_block = block;
2864 break;
2865 }
2866 }
2867 assert(new_block);
2868 assert(!new_block->idstr[0]);
84b89d78
CM		 2869
2870 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2871 char *id = dev->parent_bus->info->get_dev_path(dev);
2872 if (id) {
2873 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2874 g_free(id);
84b89d78
CM		 2875 }
2876 }
2877 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2878
2879 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2880 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2881 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2882 new_block->idstr);
2883 abort();
2884 }
2885 }
c5705a77
AK		 2886}
2887
2888ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2889 MemoryRegion *mr)
2890{
2891 RAMBlock *new_block;
2892
2893 size = TARGET_PAGE_ALIGN(size);
2894 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2895
7c637366 2896 new_block->mr = mr;
432d268c 2897 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2898 if (host) {
2899 new_block->host = host;
cd19cfa2 2900 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2901 } else {
2902 if (mem_path) {
c902760f 2903#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2904 new_block->host = file_ram_alloc(new_block, size, mem_path);
2905 if (!new_block->host) {
2906 new_block->host = qemu_vmalloc(size);
e78815a5 2907 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2908 }
c902760f 2909#else
6977dfe6
YT		 2910 fprintf(stderr, "-mem-path option unsupported\n");
2911 exit(1);
c902760f 2912#endif
6977dfe6 2913 } else {
6b02494d 2914#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2915 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2916 an system defined value, which is at least 256GB. Larger systems
2917 have larger values. We put the guest between the end of data
2918 segment (system break) and this value. We use 32GB as a base to
2919 have enough room for the system break to grow. */
2920 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2921 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2922 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2923 if (new_block->host == MAP_FAILED) {
2924 fprintf(stderr, "Allocating RAM failed\n");
2925 abort();
2926 }
6b02494d 2927#else
868bb33f 2928 if (xen_enabled()) {
fce537d4 2929 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2930 } else {
2931 new_block->host = qemu_vmalloc(size);
2932 }
6b02494d 2933#endif
e78815a5 2934 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2935 }
c902760f 2936 }
94a6b54f
PB		 2937 new_block->length = size;
2938
f471a17e 2939 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2940
7267c094 2941 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2942 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2943 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2944 0xff, size >> TARGET_PAGE_BITS);
2945
6f0437e8
JK		 2946 if (kvm_enabled())
2947 kvm_setup_guest_memory(new_block->host, size);
2948
94a6b54f
PB		 2949 return new_block->offset;
2950}
e9a1ab19 2951
c5705a77 2952ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2953{
c5705a77 2954 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2955}
2956
1f2e98b6
AW		 2957void qemu_ram_free_from_ptr(ram_addr_t addr)
2958{
2959 RAMBlock *block;
2960
2961 QLIST_FOREACH(block, &ram_list.blocks, next) {
2962 if (addr == block->offset) {
2963 QLIST_REMOVE(block, next);
7267c094 2964 g_free(block);
1f2e98b6
AW		 2965 return;
2966 }
2967 }
2968}
2969
c227f099 2970void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2971{
04b16653
AW		 2972 RAMBlock *block;
2973
2974 QLIST_FOREACH(block, &ram_list.blocks, next) {
2975 if (addr == block->offset) {
2976 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2977 if (block->flags & RAM_PREALLOC_MASK) {
2978 ;
2979 } else if (mem_path) {
04b16653
AW		 2980#if defined (__linux__) && !defined(TARGET_S390X)
2981 if (block->fd) {
2982 munmap(block->host, block->length);
2983 close(block->fd);
2984 } else {
2985 qemu_vfree(block->host);
2986 }
fd28aa13
JK		 2987#else
2988 abort();
04b16653
AW		 2989#endif
2990 } else {
2991#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2992 munmap(block->host, block->length);
2993#else
868bb33f 2994 if (xen_enabled()) {
e41d7c69 2995 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2996 } else {
2997 qemu_vfree(block->host);
2998 }
04b16653
AW		 2999#endif
3000 }
7267c094 3001 g_free(block);
04b16653
AW		 3002 return;
3003 }
3004 }
3005
e9a1ab19
FB		 3006}
3007
cd19cfa2
HY		 3008#ifndef _WIN32
3009void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3010{
3011 RAMBlock *block;
3012 ram_addr_t offset;
3013 int flags;
3014 void *area, *vaddr;
3015
3016 QLIST_FOREACH(block, &ram_list.blocks, next) {
3017 offset = addr - block->offset;
3018 if (offset < block->length) {
3019 vaddr = block->host + offset;
3020 if (block->flags & RAM_PREALLOC_MASK) {
3021 ;
3022 } else {
3023 flags = MAP_FIXED;
3024 munmap(vaddr, length);
3025 if (mem_path) {
3026#if defined(__linux__) && !defined(TARGET_S390X)
3027 if (block->fd) {
3028#ifdef MAP_POPULATE
3029 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3030 MAP_PRIVATE;
3031#else
3032 flags |= MAP_PRIVATE;
3033#endif
3034 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3035 flags, block->fd, offset);
3036 } else {
3037 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3038 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3039 flags, -1, 0);
3040 }
fd28aa13
JK		 3041#else
3042 abort();
cd19cfa2
HY		 3043#endif
3044 } else {
3045#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3046 flags |= MAP_SHARED | MAP_ANONYMOUS;
3047 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3048 flags, -1, 0);
3049#else
3050 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3051 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3052 flags, -1, 0);
3053#endif
3054 }
3055 if (area != vaddr) {
f15fbc4b
AP		 3056 fprintf(stderr, "Could not remap addr: "
3057 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3058 length, addr);
3059 exit(1);
3060 }
3061 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3062 }
3063 return;
3064 }
3065 }
3066}
3067#endif /* !_WIN32 */
3068
dc828ca1 3069/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3070 With the exception of the softmmu code in this file, this should
3071 only be used for local memory (e.g. video ram) that the device owns,
3072 and knows it isn't going to access beyond the end of the block.
3073
3074 It should not be used for general purpose DMA.
3075 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3076 */
c227f099 3077void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3078{
94a6b54f
PB		 3079 RAMBlock *block;
3080
f471a17e
AW		 3081 QLIST_FOREACH(block, &ram_list.blocks, next) {
3082 if (addr - block->offset < block->length) {
7d82af38
VP		 3083 /* Move this entry to to start of the list. */
3084 if (block != QLIST_FIRST(&ram_list.blocks)) {
3085 QLIST_REMOVE(block, next);
3086 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3087 }
868bb33f 3088 if (xen_enabled()) {
432d268c
JN		 3089 /* We need to check if the requested address is in the RAM
3090 * because we don't want to map the entire memory in QEMU.
712c2b41 3091 * In that case just map until the end of the page.
432d268c
JN		 3092 */
3093 if (block->offset == 0) {
e41d7c69 3094 return xen_map_cache(addr, 0, 0);
432d268c 3095 } else if (block->host == NULL) {
e41d7c69
JK		 3096 block->host =
3097 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3098 }
3099 }
f471a17e
AW		 3100 return block->host + (addr - block->offset);
3101 }
94a6b54f 3102 }
f471a17e
AW		 3103
3104 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3105 abort();
3106
3107 return NULL;
dc828ca1
PB		 3108}
3109
b2e0a138
MT		 3110/* Return a host pointer to ram allocated with qemu_ram_alloc.
3111 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3112 */
3113void *qemu_safe_ram_ptr(ram_addr_t addr)
3114{
3115 RAMBlock *block;
3116
3117 QLIST_FOREACH(block, &ram_list.blocks, next) {
3118 if (addr - block->offset < block->length) {
868bb33f 3119 if (xen_enabled()) {
432d268c
JN		 3120 /* We need to check if the requested address is in the RAM
3121 * because we don't want to map the entire memory in QEMU.
712c2b41 3122 * In that case just map until the end of the page.
432d268c
JN		 3123 */
3124 if (block->offset == 0) {
e41d7c69 3125 return xen_map_cache(addr, 0, 0);
432d268c 3126 } else if (block->host == NULL) {
e41d7c69
JK		 3127 block->host =
3128 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3129 }
3130 }
b2e0a138
MT		 3131 return block->host + (addr - block->offset);
3132 }
3133 }
3134
3135 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3136 abort();
3137
3138 return NULL;
3139}
3140
38bee5dc
SS		 3141/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3142 * but takes a size argument */
8ab934f9 3143void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3144{
8ab934f9
SS		 3145 if (*size == 0) {
3146 return NULL;
3147 }
868bb33f 3148 if (xen_enabled()) {
e41d7c69 3149 return xen_map_cache(addr, *size, 1);
868bb33f 3150 } else {
38bee5dc
SS		 3151 RAMBlock *block;
3152
3153 QLIST_FOREACH(block, &ram_list.blocks, next) {
3154 if (addr - block->offset < block->length) {
3155 if (addr - block->offset + *size > block->length)
3156 *size = block->length - addr + block->offset;
3157 return block->host + (addr - block->offset);
3158 }
3159 }
3160
3161 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3162 abort();
38bee5dc
SS		 3163 }
3164}
3165
050a0ddf
AP		 3166void qemu_put_ram_ptr(void *addr)
3167{
3168 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3169}
3170
e890261f 3171int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3172{
94a6b54f
PB		 3173 RAMBlock *block;
3174 uint8_t *host = ptr;
3175
868bb33f 3176 if (xen_enabled()) {
e41d7c69 3177 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3178 return 0;
3179 }
3180
f471a17e 3181 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3182 /* This case append when the block is not mapped. */
3183 if (block->host == NULL) {
3184 continue;
3185 }
f471a17e 3186 if (host - block->host < block->length) {
e890261f
MT		 3187 *ram_addr = block->offset + (host - block->host);
3188 return 0;
f471a17e 3189 }
94a6b54f 3190 }
432d268c 3191
e890261f
MT		 3192 return -1;
3193}
f471a17e 3194
e890261f
MT		 3195/* Some of the softmmu routines need to translate from a host pointer
3196 (typically a TLB entry) back to a ram offset. */
3197ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3198{
3199 ram_addr_t ram_addr;
f471a17e 3200
e890261f
MT		 3201 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3202 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3203 abort();
3204 }
3205 return ram_addr;
5579c7f3
PB		 3206}
3207
0e0df1e2
AK		 3208static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3209 unsigned size)
e18231a3
BS		 3210{
3211#ifdef DEBUG_UNASSIGNED
3212 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3213#endif
5b450407 3214#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3215 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3216#endif
3217 return 0;
3218}
3219
0e0df1e2
AK		 3220static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3221 uint64_t val, unsigned size)
e18231a3
BS		 3222{
3223#ifdef DEBUG_UNASSIGNED
0e0df1e2 3224 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3225#endif
5b450407 3226#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3227 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3228#endif
33417e70
FB		 3229}
3230
0e0df1e2
AK		 3231static const MemoryRegionOps unassigned_mem_ops = {
3232 .read = unassigned_mem_read,
3233 .write = unassigned_mem_write,
3234 .endianness = DEVICE_NATIVE_ENDIAN,
3235};
e18231a3 3236
0e0df1e2
AK		 3237static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3238 unsigned size)
e18231a3 3239{
0e0df1e2 3240 abort();
e18231a3
BS		 3241}
3242
0e0df1e2
AK		 3243static void error_mem_write(void *opaque, target_phys_addr_t addr,
3244 uint64_t value, unsigned size)
e18231a3 3245{
0e0df1e2 3246 abort();
33417e70
FB		 3247}
3248
0e0df1e2
AK		 3249static const MemoryRegionOps error_mem_ops = {
3250 .read = error_mem_read,
3251 .write = error_mem_write,
3252 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3253};
3254
0e0df1e2
AK		 3255static const MemoryRegionOps rom_mem_ops = {
3256 .read = error_mem_read,
3257 .write = unassigned_mem_write,
3258 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3259};
3260
0e0df1e2
AK		 3261static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3262 uint64_t val, unsigned size)
9fa3e853 3263{
3a7d929e 3264 int dirty_flags;
f7c11b53 3265 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3266 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3267#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3268 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3269 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3270#endif
3a7d929e 3271 }
0e0df1e2
AK		 3272 switch (size) {
3273 case 1:
3274 stb_p(qemu_get_ram_ptr(ram_addr), val);
3275 break;
3276 case 2:
3277 stw_p(qemu_get_ram_ptr(ram_addr), val);
3278 break;
3279 case 4:
3280 stl_p(qemu_get_ram_ptr(ram_addr), val);
3281 break;
3282 default:
3283 abort();
3a7d929e 3284 }
f23db169 3285 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3286 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3287 /* we remove the notdirty callback only if the code has been
3288 flushed */
3289 if (dirty_flags == 0xff)
2e70f6ef 3290 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3291}
3292
0e0df1e2
AK		 3293static const MemoryRegionOps notdirty_mem_ops = {
3294 .read = error_mem_read,
3295 .write = notdirty_mem_write,
3296 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3297};
3298
0f459d16 3299/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3300static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3301{
3302 CPUState *env = cpu_single_env;
06d55cc1
AL		 3303 target_ulong pc, cs_base;
3304 TranslationBlock *tb;
0f459d16 3305 target_ulong vaddr;
a1d1bb31 3306 CPUWatchpoint *wp;
06d55cc1 3307 int cpu_flags;
0f459d16 3308
06d55cc1
AL		 3309 if (env->watchpoint_hit) {
3310 /* We re-entered the check after replacing the TB. Now raise
3311 * the debug interrupt so that is will trigger after the
3312 * current instruction. */
3313 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3314 return;
3315 }
2e70f6ef 3316 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3317 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3318 if ((vaddr == (wp->vaddr & len_mask) ||
3319 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3320 wp->flags |= BP_WATCHPOINT_HIT;
3321 if (!env->watchpoint_hit) {
3322 env->watchpoint_hit = wp;
3323 tb = tb_find_pc(env->mem_io_pc);
3324 if (!tb) {
3325 cpu_abort(env, "check_watchpoint: could not find TB for "
3326 "pc=%p", (void *)env->mem_io_pc);
3327 }
618ba8e6 3328 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3329 tb_phys_invalidate(tb, -1);
3330 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3331 env->exception_index = EXCP_DEBUG;
488d6577 3332 cpu_loop_exit(env);
6e140f28
AL		 3333 } else {
3334 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3335 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 3336 cpu_resume_from_signal(env, NULL);
6e140f28 3337 }
06d55cc1 3338 }
6e140f28
AL		 3339 } else {
3340 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3341 }
3342 }
3343}
3344
6658ffb8
PB		 3345/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3346 so these check for a hit then pass through to the normal out-of-line
3347 phys routines. */
1ec9b909
AK		 3348static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3349 unsigned size)
6658ffb8 3350{
1ec9b909
AK		 3351 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3352 switch (size) {
3353 case 1: return ldub_phys(addr);
3354 case 2: return lduw_phys(addr);
3355 case 4: return ldl_phys(addr);
3356 default: abort();
3357 }
6658ffb8
PB		 3358}
3359
1ec9b909
AK		 3360static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3361 uint64_t val, unsigned size)
6658ffb8 3362{
1ec9b909
AK		 3363 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3364 switch (size) {
67364150
MF		 3365 case 1:
3366 stb_phys(addr, val);
3367 break;
3368 case 2:
3369 stw_phys(addr, val);
3370 break;
3371 case 4:
3372 stl_phys(addr, val);
3373 break;
1ec9b909
AK		 3374 default: abort();
3375 }
6658ffb8
PB		 3376}
3377
1ec9b909
AK		 3378static const MemoryRegionOps watch_mem_ops = {
3379 .read = watch_mem_read,
3380 .write = watch_mem_write,
3381 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3382};
6658ffb8 3383
70c68e44
AK		 3384static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3385 unsigned len)
db7b5426 3386{
70c68e44 3387 subpage_t *mmio = opaque;
f6405247 3388 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3389 MemoryRegionSection *section;
db7b5426
BS		 3390#if defined(DEBUG_SUBPAGE)
3391 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3392 mmio, len, addr, idx);
3393#endif
db7b5426 3394
5312bd8b
AK		 3395 section = &phys_sections[mmio->sub_section[idx]];
3396 addr += mmio->base;
3397 addr -= section->offset_within_address_space;
3398 addr += section->offset_within_region;
3399 return io_mem_read(section->mr->ram_addr, addr, len);
db7b5426
BS		 3400}
3401
70c68e44
AK		 3402static void subpage_write(void *opaque, target_phys_addr_t addr,
3403 uint64_t value, unsigned len)
db7b5426 3404{
70c68e44 3405 subpage_t *mmio = opaque;
f6405247 3406 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3407 MemoryRegionSection *section;
db7b5426 3408#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3409 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3410 " idx %d value %"PRIx64"\n",
f6405247 3411 __func__, mmio, len, addr, idx, value);
db7b5426 3412#endif
f6405247 3413
5312bd8b
AK		 3414 section = &phys_sections[mmio->sub_section[idx]];
3415 addr += mmio->base;
3416 addr -= section->offset_within_address_space;
3417 addr += section->offset_within_region;
3418 io_mem_write(section->mr->ram_addr, addr, value, len);
db7b5426
BS		 3419}
3420
70c68e44
AK		 3421static const MemoryRegionOps subpage_ops = {
3422 .read = subpage_read,
3423 .write = subpage_write,
3424 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3425};
3426
de712f94
AK		 3427static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3428 unsigned size)
56384e8b
AF		 3429{
3430 ram_addr_t raddr = addr;
3431 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3432 switch (size) {
3433 case 1: return ldub_p(ptr);
3434 case 2: return lduw_p(ptr);
3435 case 4: return ldl_p(ptr);
3436 default: abort();
3437 }
56384e8b
AF		 3438}
3439
de712f94
AK		 3440static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3441 uint64_t value, unsigned size)
56384e8b
AF		 3442{
3443 ram_addr_t raddr = addr;
3444 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3445 switch (size) {
3446 case 1: return stb_p(ptr, value);
3447 case 2: return stw_p(ptr, value);
3448 case 4: return stl_p(ptr, value);
3449 default: abort();
3450 }
56384e8b
AF		 3451}
3452
de712f94
AK		 3453static const MemoryRegionOps subpage_ram_ops = {
3454 .read = subpage_ram_read,
3455 .write = subpage_ram_write,
3456 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3457};
3458
c227f099 3459static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3460 uint16_t section)
db7b5426
BS		 3461{
3462 int idx, eidx;
3463
3464 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3465 return -1;
3466 idx = SUBPAGE_IDX(start);
3467 eidx = SUBPAGE_IDX(end);
3468#if defined(DEBUG_SUBPAGE)
0bf9e31a 3469 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3470 mmio, start, end, idx, eidx, memory);
3471#endif
5312bd8b
AK		 3472 if (memory_region_is_ram(phys_sections[section].mr)) {
3473 MemoryRegionSection new_section = phys_sections[section];
3474 new_section.mr = &io_mem_subpage_ram;
3475 section = phys_section_add(&new_section);
56384e8b 3476 }
db7b5426 3477 for (; idx <= eidx; idx++) {
5312bd8b 3478 mmio->sub_section[idx] = section;
db7b5426
BS		 3479 }
3480
3481 return 0;
3482}
3483
0f0cb164 3484static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3485{
c227f099 3486 subpage_t *mmio;
db7b5426 3487
7267c094 3488 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3489
3490 mmio->base = base;
70c68e44
AK		 3491 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3492 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3493 mmio->iomem.subpage = true;
db7b5426 3494#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3495 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3496 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3497#endif
0f0cb164 3498 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3499
3500 return mmio;
3501}
3502
88715657
AL		 3503static int get_free_io_mem_idx(void)
3504{
3505 int i;
3506
3507 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3508 if (!io_mem_used[i]) {
3509 io_mem_used[i] = 1;
3510 return i;
3511 }
c6703b47 3512 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3513 return -1;
3514}
3515
33417e70
FB		 3516/* mem_read and mem_write are arrays of functions containing the
3517 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3518 2). Functions can be omitted with a NULL function pointer.
3ee89922 3519 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3520 modified. If it is zero, a new io zone is allocated. The return
3521 value can be used with cpu_register_physical_memory(). (-1) is
3522 returned if error. */
a621f38d 3523static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3524{
33417e70 3525 if (io_index <= 0) {
88715657
AL		 3526 io_index = get_free_io_mem_idx();
3527 if (io_index == -1)
3528 return io_index;
33417e70
FB		 3529 } else {
3530 if (io_index >= IO_MEM_NB_ENTRIES)
3531 return -1;
3532 }
b5ff1b31 3533
a621f38d 3534 io_mem_region[io_index] = mr;
f6405247 3535
11c7ef0c 3536 return io_index;
33417e70 3537}
61382a50 3538
a621f38d 3539int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3540{
a621f38d 3541 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3542}
3543
11c7ef0c 3544void cpu_unregister_io_memory(int io_index)
88715657 3545{
a621f38d 3546 io_mem_region[io_index] = NULL;
88715657
AL		 3547 io_mem_used[io_index] = 0;
3548}
3549
5312bd8b
AK		 3550static uint16_t dummy_section(MemoryRegion *mr)
3551{
3552 MemoryRegionSection section = {
3553 .mr = mr,
3554 .offset_within_address_space = 0,
3555 .offset_within_region = 0,
3556 .size = UINT64_MAX,
3557 };
3558
3559 return phys_section_add(&section);
3560}
3561
e9179ce1
AK		 3562static void io_mem_init(void)
3563{
3564 int i;
3565
0e0df1e2
AK		 3566 /* Must be first: */
3567 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3568 assert(io_mem_ram.ram_addr == 0);
3569 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3570 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3571 "unassigned", UINT64_MAX);
3572 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3573 "notdirty", UINT64_MAX);
de712f94
AK		 3574 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3575 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3576 for (i=0; i<5; i++)
3577 io_mem_used[i] = 1;
3578
1ec9b909
AK		 3579 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3580 "watch", UINT64_MAX);
e9179ce1
AK		 3581}
3582
50c1e149
AK		 3583static void core_begin(MemoryListener *listener)
3584{
54688b1e 3585 destroy_all_mappings();
5312bd8b 3586 phys_sections_clear();
c19e8800 3587 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3588 phys_section_unassigned = dummy_section(&io_mem_unassigned);
50c1e149
AK		 3589}
3590
3591static void core_commit(MemoryListener *listener)
3592{
117712c3
AK		 3593 CPUState *env;
3594
3595 /* since each CPU stores ram addresses in its TLB cache, we must
3596 reset the modified entries */
3597 /* XXX: slow ! */
3598 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3599 tlb_flush(env, 1);
3600 }
50c1e149
AK		 3601}
3602
93632747
AK		 3603static void core_region_add(MemoryListener *listener,
3604 MemoryRegionSection *section)
3605{
4855d41a 3606 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3607}
3608
3609static void core_region_del(MemoryListener *listener,
3610 MemoryRegionSection *section)
3611{
93632747
AK		 3612}
3613
50c1e149
AK		 3614static void core_region_nop(MemoryListener *listener,
3615 MemoryRegionSection *section)
3616{
54688b1e 3617 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3618}
3619
93632747
AK		 3620static void core_log_start(MemoryListener *listener,
3621 MemoryRegionSection *section)
3622{
3623}
3624
3625static void core_log_stop(MemoryListener *listener,
3626 MemoryRegionSection *section)
3627{
3628}
3629
3630static void core_log_sync(MemoryListener *listener,
3631 MemoryRegionSection *section)
3632{
3633}
3634
3635static void core_log_global_start(MemoryListener *listener)
3636{
3637 cpu_physical_memory_set_dirty_tracking(1);
3638}
3639
3640static void core_log_global_stop(MemoryListener *listener)
3641{
3642 cpu_physical_memory_set_dirty_tracking(0);
3643}
3644
3645static void core_eventfd_add(MemoryListener *listener,
3646 MemoryRegionSection *section,
3647 bool match_data, uint64_t data, int fd)
3648{
3649}
3650
3651static void core_eventfd_del(MemoryListener *listener,
3652 MemoryRegionSection *section,
3653 bool match_data, uint64_t data, int fd)
3654{
3655}
3656
50c1e149
AK		 3657static void io_begin(MemoryListener *listener)
3658{
3659}
3660
3661static void io_commit(MemoryListener *listener)
3662{
3663}
3664
4855d41a
AK		 3665static void io_region_add(MemoryListener *listener,
3666 MemoryRegionSection *section)
3667{
a2d33521
AK		 3668 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3669
3670 mrio->mr = section->mr;
3671 mrio->offset = section->offset_within_region;
3672 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3673 section->offset_within_address_space, section->size);
a2d33521 3674 ioport_register(&mrio->iorange);
4855d41a
AK		 3675}
3676
3677static void io_region_del(MemoryListener *listener,
3678 MemoryRegionSection *section)
3679{
3680 isa_unassign_ioport(section->offset_within_address_space, section->size);
3681}
3682
50c1e149
AK		 3683static void io_region_nop(MemoryListener *listener,
3684 MemoryRegionSection *section)
3685{
3686}
3687
4855d41a
AK		 3688static void io_log_start(MemoryListener *listener,
3689 MemoryRegionSection *section)
3690{
3691}
3692
3693static void io_log_stop(MemoryListener *listener,
3694 MemoryRegionSection *section)
3695{
3696}
3697
3698static void io_log_sync(MemoryListener *listener,
3699 MemoryRegionSection *section)
3700{
3701}
3702
3703static void io_log_global_start(MemoryListener *listener)
3704{
3705}
3706
3707static void io_log_global_stop(MemoryListener *listener)
3708{
3709}
3710
3711static void io_eventfd_add(MemoryListener *listener,
3712 MemoryRegionSection *section,
3713 bool match_data, uint64_t data, int fd)
3714{
3715}
3716
3717static void io_eventfd_del(MemoryListener *listener,
3718 MemoryRegionSection *section,
3719 bool match_data, uint64_t data, int fd)
3720{
3721}
3722
93632747 3723static MemoryListener core_memory_listener = {
50c1e149
AK		 3724 .begin = core_begin,
3725 .commit = core_commit,
93632747
AK		 3726 .region_add = core_region_add,
3727 .region_del = core_region_del,
50c1e149 3728 .region_nop = core_region_nop,
93632747
AK		 3729 .log_start = core_log_start,
3730 .log_stop = core_log_stop,
3731 .log_sync = core_log_sync,
3732 .log_global_start = core_log_global_start,
3733 .log_global_stop = core_log_global_stop,
3734 .eventfd_add = core_eventfd_add,
3735 .eventfd_del = core_eventfd_del,
3736 .priority = 0,
3737};
3738
4855d41a 3739static MemoryListener io_memory_listener = {
50c1e149
AK		 3740 .begin = io_begin,
3741 .commit = io_commit,
4855d41a
AK		 3742 .region_add = io_region_add,
3743 .region_del = io_region_del,
50c1e149 3744 .region_nop = io_region_nop,
4855d41a
AK		 3745 .log_start = io_log_start,
3746 .log_stop = io_log_stop,
3747 .log_sync = io_log_sync,
3748 .log_global_start = io_log_global_start,
3749 .log_global_stop = io_log_global_stop,
3750 .eventfd_add = io_eventfd_add,
3751 .eventfd_del = io_eventfd_del,
3752 .priority = 0,
3753};
3754
62152b8a
AK		 3755static void memory_map_init(void)
3756{
7267c094 3757 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3758 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3759 set_system_memory_map(system_memory);
309cb471 3760
7267c094 3761 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3762 memory_region_init(system_io, "io", 65536);
3763 set_system_io_map(system_io);
93632747 3764
4855d41a
AK		 3765 memory_listener_register(&core_memory_listener, system_memory);
3766 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3767}
3768
3769MemoryRegion *get_system_memory(void)
3770{
3771 return system_memory;
3772}
3773
309cb471
AK		 3774MemoryRegion *get_system_io(void)
3775{
3776 return system_io;
3777}
3778
e2eef170
PB		 3779#endif /* !defined(CONFIG_USER_ONLY) */
3780
13eb76e0
FB		 3781/* physical memory access (slow version, mainly for debug) */
3782#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3783int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3784 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3785{
3786 int l, flags;
3787 target_ulong page;
53a5960a 3788 void * p;
13eb76e0
FB		 3789
3790 while (len > 0) {
3791 page = addr & TARGET_PAGE_MASK;
3792 l = (page + TARGET_PAGE_SIZE) - addr;
3793 if (l > len)
3794 l = len;
3795 flags = page_get_flags(page);
3796 if (!(flags & PAGE_VALID))
a68fe89c 3797 return -1;
13eb76e0
FB		 3798 if (is_write) {
3799 if (!(flags & PAGE_WRITE))
a68fe89c 3800 return -1;
579a97f7 3801 /* XXX: this code should not depend on lock_user */
72fb7daa 3802 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3803 return -1;
72fb7daa
AJ		 3804 memcpy(p, buf, l);
3805 unlock_user(p, addr, l);
13eb76e0
FB		 3806 } else {
3807 if (!(flags & PAGE_READ))
a68fe89c 3808 return -1;
579a97f7 3809 /* XXX: this code should not depend on lock_user */
72fb7daa 3810 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3811 return -1;
72fb7daa 3812 memcpy(buf, p, l);
5b257578 3813 unlock_user(p, addr, 0);
13eb76e0
FB		 3814 }
3815 len -= l;
3816 buf += l;
3817 addr += l;
3818 }
a68fe89c 3819 return 0;
13eb76e0 3820}
8df1cd07 3821
13eb76e0 3822#else
c227f099 3823void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3824 int len, int is_write)
3825{
3826 int l, io_index;
3827 uint8_t *ptr;
3828 uint32_t val;
c227f099 3829 target_phys_addr_t page;
f3705d53 3830 MemoryRegionSection *section;
3b46e624 3831
13eb76e0
FB		 3832 while (len > 0) {
3833 page = addr & TARGET_PAGE_MASK;
3834 l = (page + TARGET_PAGE_SIZE) - addr;
3835 if (l > len)
3836 l = len;
06ef3525 3837 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3838
13eb76e0 3839 if (is_write) {
f3705d53 3840 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3841 target_phys_addr_t addr1;
f3705d53 3842 io_index = memory_region_get_ram_addr(section->mr)
06ef3525 3843 & (IO_MEM_NB_ENTRIES - 1);
f3705d53 3844 addr1 = section_addr(section, addr);
6a00d601
FB		 3845 /* XXX: could force cpu_single_env to NULL to avoid
3846 potential bugs */
6c2934db 3847 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3848 /* 32 bit write access */
c27004ec 3849 val = ldl_p(buf);
acbbec5d 3850 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3851 l = 4;
6c2934db 3852 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3853 /* 16 bit write access */
c27004ec 3854 val = lduw_p(buf);
acbbec5d 3855 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3856 l = 2;
3857 } else {
1c213d19 3858 /* 8 bit write access */
c27004ec 3859 val = ldub_p(buf);
acbbec5d 3860 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3861 l = 1;
3862 }
f3705d53 3863 } else if (!section->readonly) {
8ca5692d 3864 ram_addr_t addr1;
f3705d53
AK		 3865 addr1 = memory_region_get_ram_addr(section->mr)
3866 + section_addr(section, addr);
13eb76e0 3867 /* RAM case */
5579c7f3 3868 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3869 memcpy(ptr, buf, l);
3a7d929e
FB		 3870 if (!cpu_physical_memory_is_dirty(addr1)) {
3871 /* invalidate code */
3872 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3873 /* set dirty bit */
f7c11b53
YT		 3874 cpu_physical_memory_set_dirty_flags(
3875 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3876 }
050a0ddf 3877 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3878 }
3879 } else {
f3705d53 3880 if (!is_ram_rom_romd(section)) {
f1f6e3b8 3881 target_phys_addr_t addr1;
13eb76e0 3882 /* I/O case */
f3705d53 3883 io_index = memory_region_get_ram_addr(section->mr)
06ef3525 3884 & (IO_MEM_NB_ENTRIES - 1);
f3705d53 3885 addr1 = section_addr(section, addr);
6c2934db 3886 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3887 /* 32 bit read access */
acbbec5d 3888 val = io_mem_read(io_index, addr1, 4);
c27004ec 3889 stl_p(buf, val);
13eb76e0 3890 l = 4;
6c2934db 3891 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3892 /* 16 bit read access */
acbbec5d 3893 val = io_mem_read(io_index, addr1, 2);
c27004ec 3894 stw_p(buf, val);
13eb76e0
FB		 3895 l = 2;
3896 } else {
1c213d19 3897 /* 8 bit read access */
acbbec5d 3898 val = io_mem_read(io_index, addr1, 1);
c27004ec 3899 stb_p(buf, val);
13eb76e0
FB		 3900 l = 1;
3901 }
3902 } else {
3903 /* RAM case */
f3705d53
AK		 3904 ptr = qemu_get_ram_ptr(section->mr->ram_addr)
3905 + section_addr(section, addr);
3906 memcpy(buf, ptr, l);
050a0ddf 3907 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3908 }
3909 }
3910 len -= l;
3911 buf += l;
3912 addr += l;
3913 }
3914}
8df1cd07 3915
d0ecd2aa 3916/* used for ROM loading : can write in RAM and ROM */
c227f099 3917void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3918 const uint8_t *buf, int len)
3919{
3920 int l;
3921 uint8_t *ptr;
c227f099 3922 target_phys_addr_t page;
f3705d53 3923 MemoryRegionSection *section;
3b46e624 3924
d0ecd2aa
FB		 3925 while (len > 0) {
3926 page = addr & TARGET_PAGE_MASK;
3927 l = (page + TARGET_PAGE_SIZE) - addr;
3928 if (l > len)
3929 l = len;
06ef3525 3930 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3931
f3705d53 3932 if (!is_ram_rom_romd(section)) {
d0ecd2aa
FB		 3933 /* do nothing */
3934 } else {
3935 unsigned long addr1;
f3705d53
AK		 3936 addr1 = memory_region_get_ram_addr(section->mr)
3937 + section_addr(section, addr);
d0ecd2aa 3938 /* ROM/RAM case */
5579c7f3 3939 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3940 memcpy(ptr, buf, l);
050a0ddf 3941 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3942 }
3943 len -= l;
3944 buf += l;
3945 addr += l;
3946 }
3947}
3948
6d16c2f8
AL		 3949typedef struct {
3950 void *buffer;
c227f099
AL		 3951 target_phys_addr_t addr;
3952 target_phys_addr_t len;
6d16c2f8
AL		 3953} BounceBuffer;
3954
3955static BounceBuffer bounce;
3956
ba223c29
AL		 3957typedef struct MapClient {
3958 void *opaque;
3959 void (*callback)(void *opaque);
72cf2d4f 3960 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3961} MapClient;
3962
72cf2d4f
BS		 3963static QLIST_HEAD(map_client_list, MapClient) map_client_list
3964 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3965
3966void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3967{
7267c094 3968 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3969
3970 client->opaque = opaque;
3971 client->callback = callback;
72cf2d4f 3972 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3973 return client;
3974}
3975
3976void cpu_unregister_map_client(void *_client)
3977{
3978 MapClient *client = (MapClient *)_client;
3979
72cf2d4f 3980 QLIST_REMOVE(client, link);
7267c094 3981 g_free(client);
ba223c29
AL		 3982}
3983
3984static void cpu_notify_map_clients(void)
3985{
3986 MapClient *client;
3987
72cf2d4f
BS		 3988 while (!QLIST_EMPTY(&map_client_list)) {
3989 client = QLIST_FIRST(&map_client_list);
ba223c29 3990 client->callback(client->opaque);
34d5e948 3991 cpu_unregister_map_client(client);
ba223c29
AL		 3992 }
3993}
3994
6d16c2f8
AL		 3995/* Map a physical memory region into a host virtual address.
3996 * May map a subset of the requested range, given by and returned in *plen.
3997 * May return NULL if resources needed to perform the mapping are exhausted.
3998 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3999 * Use cpu_register_map_client() to know when retrying the map operation is
4000 * likely to succeed.
6d16c2f8 4001 */
c227f099
AL		 4002void *cpu_physical_memory_map(target_phys_addr_t addr,
4003 target_phys_addr_t *plen,
6d16c2f8
AL		 4004 int is_write)
4005{
c227f099 4006 target_phys_addr_t len = *plen;
38bee5dc 4007 target_phys_addr_t todo = 0;
6d16c2f8 4008 int l;
c227f099 4009 target_phys_addr_t page;
f3705d53 4010 MemoryRegionSection *section;
f15fbc4b 4011 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 4012 ram_addr_t rlen;
4013 void *ret;
6d16c2f8
AL		 4014
4015 while (len > 0) {
4016 page = addr & TARGET_PAGE_MASK;
4017 l = (page + TARGET_PAGE_SIZE) - addr;
4018 if (l > len)
4019 l = len;
06ef3525 4020 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 4021
f3705d53 4022 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 4023 if (todo || bounce.buffer) {
6d16c2f8
AL		 4024 break;
4025 }
4026 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4027 bounce.addr = addr;
4028 bounce.len = l;
4029 if (!is_write) {
54f7b4a3 4030 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 4031 }
38bee5dc
SS		 4032
4033 *plen = l;
4034 return bounce.buffer;
6d16c2f8 4035 }
8ab934f9 4036 if (!todo) {
f3705d53
AK		 4037 raddr = memory_region_get_ram_addr(section->mr)
4038 + section_addr(section, addr);
8ab934f9 4039 }
6d16c2f8
AL		 4040
4041 len -= l;
4042 addr += l;
38bee5dc 4043 todo += l;
6d16c2f8 4044 }
8ab934f9
SS		 4045 rlen = todo;
4046 ret = qemu_ram_ptr_length(raddr, &rlen);
4047 *plen = rlen;
4048 return ret;
6d16c2f8
AL		 4049}
4050
4051/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4052 * Will also mark the memory as dirty if is_write == 1. access_len gives
4053 * the amount of memory that was actually read or written by the caller.
4054 */
c227f099
AL		 4055void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4056 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4057{
4058 if (buffer != bounce.buffer) {
4059 if (is_write) {
e890261f 4060 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4061 while (access_len) {
4062 unsigned l;
4063 l = TARGET_PAGE_SIZE;
4064 if (l > access_len)
4065 l = access_len;
4066 if (!cpu_physical_memory_is_dirty(addr1)) {
4067 /* invalidate code */
4068 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4069 /* set dirty bit */
f7c11b53
YT		 4070 cpu_physical_memory_set_dirty_flags(
4071 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4072 }
4073 addr1 += l;
4074 access_len -= l;
4075 }
4076 }
868bb33f 4077 if (xen_enabled()) {
e41d7c69 4078 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4079 }
6d16c2f8
AL		 4080 return;
4081 }
4082 if (is_write) {
4083 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4084 }
f8a83245 4085 qemu_vfree(bounce.buffer);
6d16c2f8 4086 bounce.buffer = NULL;
ba223c29 4087 cpu_notify_map_clients();
6d16c2f8 4088}
d0ecd2aa 4089
8df1cd07 4090/* warning: addr must be aligned */
1e78bcc1
AG		 4091static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4092 enum device_endian endian)
8df1cd07
FB		 4093{
4094 int io_index;
4095 uint8_t *ptr;
4096 uint32_t val;
f3705d53 4097 MemoryRegionSection *section;
8df1cd07 4098
06ef3525 4099 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4100
f3705d53 4101 if (!is_ram_rom_romd(section)) {
8df1cd07 4102 /* I/O case */
f3705d53 4103 io_index = memory_region_get_ram_addr(section->mr)
06ef3525 4104 & (IO_MEM_NB_ENTRIES - 1);
f3705d53 4105 addr = section_addr(section, addr);
acbbec5d 4106 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4107#if defined(TARGET_WORDS_BIGENDIAN)
4108 if (endian == DEVICE_LITTLE_ENDIAN) {
4109 val = bswap32(val);
4110 }
4111#else
4112 if (endian == DEVICE_BIG_ENDIAN) {
4113 val = bswap32(val);
4114 }
4115#endif
8df1cd07
FB		 4116 } else {
4117 /* RAM case */
f3705d53 4118 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 4119 & TARGET_PAGE_MASK)
f3705d53 4120 + section_addr(section, addr));
1e78bcc1
AG		 4121 switch (endian) {
4122 case DEVICE_LITTLE_ENDIAN:
4123 val = ldl_le_p(ptr);
4124 break;
4125 case DEVICE_BIG_ENDIAN:
4126 val = ldl_be_p(ptr);
4127 break;
4128 default:
4129 val = ldl_p(ptr);
4130 break;
4131 }
8df1cd07
FB		 4132 }
4133 return val;
4134}
4135
1e78bcc1
AG		 4136uint32_t ldl_phys(target_phys_addr_t addr)
4137{
4138 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4139}
4140
4141uint32_t ldl_le_phys(target_phys_addr_t addr)
4142{
4143 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4144}
4145
4146uint32_t ldl_be_phys(target_phys_addr_t addr)
4147{
4148 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4149}
4150
84b7b8e7 4151/* warning: addr must be aligned */
1e78bcc1
AG		 4152static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4153 enum device_endian endian)
84b7b8e7
FB		 4154{
4155 int io_index;
4156 uint8_t *ptr;
4157 uint64_t val;
f3705d53 4158 MemoryRegionSection *section;
84b7b8e7 4159
06ef3525 4160 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4161
f3705d53 4162 if (!is_ram_rom_romd(section)) {
84b7b8e7 4163 /* I/O case */
f3705d53 4164 io_index = memory_region_get_ram_addr(section->mr)
06ef3525 4165 & (IO_MEM_NB_ENTRIES - 1);
f3705d53 4166 addr = section_addr(section, addr);
1e78bcc1
AG		 4167
4168 /* XXX This is broken when device endian != cpu endian.
4169 Fix and add "endian" variable check */
84b7b8e7 4170#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4171 val = io_mem_read(io_index, addr, 4) << 32;
4172 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4173#else
acbbec5d
AK		 4174 val = io_mem_read(io_index, addr, 4);
4175 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4176#endif
4177 } else {
4178 /* RAM case */
f3705d53 4179 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 4180 & TARGET_PAGE_MASK)
f3705d53 4181 + section_addr(section, addr));
1e78bcc1
AG		 4182 switch (endian) {
4183 case DEVICE_LITTLE_ENDIAN:
4184 val = ldq_le_p(ptr);
4185 break;
4186 case DEVICE_BIG_ENDIAN:
4187 val = ldq_be_p(ptr);
4188 break;
4189 default:
4190 val = ldq_p(ptr);
4191 break;
4192 }
84b7b8e7
FB		 4193 }
4194 return val;
4195}
4196
1e78bcc1
AG		 4197uint64_t ldq_phys(target_phys_addr_t addr)
4198{
4199 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4200}
4201
4202uint64_t ldq_le_phys(target_phys_addr_t addr)
4203{
4204 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4205}
4206
4207uint64_t ldq_be_phys(target_phys_addr_t addr)
4208{
4209 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4210}
4211
aab33094 4212/* XXX: optimize */
c227f099 4213uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4214{
4215 uint8_t val;
4216 cpu_physical_memory_read(addr, &val, 1);
4217 return val;
4218}
4219
733f0b02 4220/* warning: addr must be aligned */
1e78bcc1
AG		 4221static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4222 enum device_endian endian)
aab33094 4223{
733f0b02
MT		 4224 int io_index;
4225 uint8_t *ptr;
4226 uint64_t val;
f3705d53 4227 MemoryRegionSection *section;
733f0b02 4228
06ef3525 4229 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4230
f3705d53 4231 if (!is_ram_rom_romd(section)) {
733f0b02 4232 /* I/O case */
f3705d53 4233 io_index = memory_region_get_ram_addr(section->mr)
06ef3525 4234 & (IO_MEM_NB_ENTRIES - 1);
f3705d53 4235 addr = section_addr(section, addr);
acbbec5d 4236 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4237#if defined(TARGET_WORDS_BIGENDIAN)
4238 if (endian == DEVICE_LITTLE_ENDIAN) {
4239 val = bswap16(val);
4240 }
4241#else
4242 if (endian == DEVICE_BIG_ENDIAN) {
4243 val = bswap16(val);
4244 }
4245#endif
733f0b02
MT		 4246 } else {
4247 /* RAM case */
f3705d53 4248 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 4249 & TARGET_PAGE_MASK)
f3705d53 4250 + section_addr(section, addr));
1e78bcc1
AG		 4251 switch (endian) {
4252 case DEVICE_LITTLE_ENDIAN:
4253 val = lduw_le_p(ptr);
4254 break;
4255 case DEVICE_BIG_ENDIAN:
4256 val = lduw_be_p(ptr);
4257 break;
4258 default:
4259 val = lduw_p(ptr);
4260 break;
4261 }
733f0b02
MT		 4262 }
4263 return val;
aab33094
FB		 4264}
4265
1e78bcc1
AG		 4266uint32_t lduw_phys(target_phys_addr_t addr)
4267{
4268 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4269}
4270
4271uint32_t lduw_le_phys(target_phys_addr_t addr)
4272{
4273 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4274}
4275
4276uint32_t lduw_be_phys(target_phys_addr_t addr)
4277{
4278 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4279}
4280
8df1cd07
FB		 4281/* warning: addr must be aligned. The ram page is not masked as dirty
4282 and the code inside is not invalidated. It is useful if the dirty
4283 bits are used to track modified PTEs */
c227f099 4284void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4285{
4286 int io_index;
4287 uint8_t *ptr;
f3705d53 4288 MemoryRegionSection *section;
8df1cd07 4289
06ef3525 4290 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4291
f3705d53
AK		 4292 if (!memory_region_is_ram(section->mr) || section->readonly) {
4293 if (memory_region_is_ram(section->mr)) {
06ef3525
AK		 4294 io_index = io_mem_rom.ram_addr;
4295 } else {
f3705d53 4296 io_index = memory_region_get_ram_addr(section->mr);
06ef3525 4297 }
f3705d53 4298 addr = section_addr(section, addr);
acbbec5d 4299 io_mem_write(io_index, addr, val, 4);
8df1cd07 4300 } else {
f3705d53 4301 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 4302 & TARGET_PAGE_MASK)
f3705d53 4303 + section_addr(section, addr);
5579c7f3 4304 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4305 stl_p(ptr, val);
74576198
AL		 4306
4307 if (unlikely(in_migration)) {
4308 if (!cpu_physical_memory_is_dirty(addr1)) {
4309 /* invalidate code */
4310 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4311 /* set dirty bit */
f7c11b53
YT		 4312 cpu_physical_memory_set_dirty_flags(
4313 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4314 }
4315 }
8df1cd07
FB		 4316 }
4317}
4318
c227f099 4319void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4320{
4321 int io_index;
4322 uint8_t *ptr;
f3705d53 4323 MemoryRegionSection *section;
bc98a7ef 4324
06ef3525 4325 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4326
f3705d53
AK		 4327 if (!memory_region_is_ram(section->mr) || section->readonly) {
4328 if (memory_region_is_ram(section->mr)) {
06ef3525
AK		 4329 io_index = io_mem_rom.ram_addr;
4330 } else {
f3705d53 4331 io_index = memory_region_get_ram_addr(section->mr)
06ef3525
AK		 4332 & (IO_MEM_NB_ENTRIES - 1);
4333 }
f3705d53 4334 addr = section_addr(section, addr);
bc98a7ef 4335#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4336 io_mem_write(io_index, addr, val >> 32, 4);
4337 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4338#else
acbbec5d
AK		 4339 io_mem_write(io_index, addr, (uint32_t)val, 4);
4340 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4341#endif
4342 } else {
f3705d53 4343 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 4344 & TARGET_PAGE_MASK)
f3705d53 4345 + section_addr(section, addr));
bc98a7ef
JM		 4346 stq_p(ptr, val);
4347 }
4348}
4349
8df1cd07 4350/* warning: addr must be aligned */
1e78bcc1
AG		 4351static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4352 enum device_endian endian)
8df1cd07
FB		 4353{
4354 int io_index;
4355 uint8_t *ptr;
f3705d53 4356 MemoryRegionSection *section;
8df1cd07 4357
06ef3525 4358 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4359
f3705d53
AK		 4360 if (!memory_region_is_ram(section->mr) || section->readonly) {
4361 if (memory_region_is_ram(section->mr)) {
06ef3525
AK		 4362 io_index = io_mem_rom.ram_addr;
4363 } else {
f3705d53 4364 io_index = memory_region_get_ram_addr(section->mr)
06ef3525
AK		 4365 & (IO_MEM_NB_ENTRIES - 1);
4366 }
f3705d53 4367 addr = section_addr(section, addr);
1e78bcc1
AG		 4368#if defined(TARGET_WORDS_BIGENDIAN)
4369 if (endian == DEVICE_LITTLE_ENDIAN) {
4370 val = bswap32(val);
4371 }
4372#else
4373 if (endian == DEVICE_BIG_ENDIAN) {
4374 val = bswap32(val);
4375 }
4376#endif
acbbec5d 4377 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4378 } else {
4379 unsigned long addr1;
f3705d53
AK		 4380 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4381 + section_addr(section, addr);
8df1cd07 4382 /* RAM case */
5579c7f3 4383 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4384 switch (endian) {
4385 case DEVICE_LITTLE_ENDIAN:
4386 stl_le_p(ptr, val);
4387 break;
4388 case DEVICE_BIG_ENDIAN:
4389 stl_be_p(ptr, val);
4390 break;
4391 default:
4392 stl_p(ptr, val);
4393 break;
4394 }
3a7d929e
FB		 4395 if (!cpu_physical_memory_is_dirty(addr1)) {
4396 /* invalidate code */
4397 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4398 /* set dirty bit */
f7c11b53
YT		 4399 cpu_physical_memory_set_dirty_flags(addr1,
4400 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4401 }
8df1cd07
FB		 4402 }
4403}
4404
1e78bcc1
AG		 4405void stl_phys(target_phys_addr_t addr, uint32_t val)
4406{
4407 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4408}
4409
4410void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4411{
4412 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4413}
4414
4415void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4416{
4417 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4418}
4419
aab33094 4420/* XXX: optimize */
c227f099 4421void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4422{
4423 uint8_t v = val;
4424 cpu_physical_memory_write(addr, &v, 1);
4425}
4426
733f0b02 4427/* warning: addr must be aligned */
1e78bcc1
AG		 4428static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4429 enum device_endian endian)
aab33094 4430{
733f0b02
MT		 4431 int io_index;
4432 uint8_t *ptr;
f3705d53 4433 MemoryRegionSection *section;
733f0b02 4434
06ef3525 4435 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4436
f3705d53
AK		 4437 if (!memory_region_is_ram(section->mr) || section->readonly) {
4438 if (memory_region_is_ram(section->mr)) {
06ef3525
AK		 4439 io_index = io_mem_rom.ram_addr;
4440 } else {
f3705d53 4441 io_index = memory_region_get_ram_addr(section->mr)
06ef3525
AK		 4442 & (IO_MEM_NB_ENTRIES - 1);
4443 }
f3705d53 4444 addr = section_addr(section, addr);
1e78bcc1
AG		 4445#if defined(TARGET_WORDS_BIGENDIAN)
4446 if (endian == DEVICE_LITTLE_ENDIAN) {
4447 val = bswap16(val);
4448 }
4449#else
4450 if (endian == DEVICE_BIG_ENDIAN) {
4451 val = bswap16(val);
4452 }
4453#endif
acbbec5d 4454 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4455 } else {
4456 unsigned long addr1;
f3705d53
AK		 4457 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4458 + section_addr(section, addr);
733f0b02
MT		 4459 /* RAM case */
4460 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4461 switch (endian) {
4462 case DEVICE_LITTLE_ENDIAN:
4463 stw_le_p(ptr, val);
4464 break;
4465 case DEVICE_BIG_ENDIAN:
4466 stw_be_p(ptr, val);
4467 break;
4468 default:
4469 stw_p(ptr, val);
4470 break;
4471 }
733f0b02
MT		 4472 if (!cpu_physical_memory_is_dirty(addr1)) {
4473 /* invalidate code */
4474 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4475 /* set dirty bit */
4476 cpu_physical_memory_set_dirty_flags(addr1,
4477 (0xff & ~CODE_DIRTY_FLAG));
4478 }
4479 }
aab33094
FB		 4480}
4481
1e78bcc1
AG		 4482void stw_phys(target_phys_addr_t addr, uint32_t val)
4483{
4484 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4485}
4486
4487void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4488{
4489 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4490}
4491
4492void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4493{
4494 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4495}
4496
aab33094 4497/* XXX: optimize */
c227f099 4498void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4499{
4500 val = tswap64(val);
71d2b725 4501 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4502}
4503
1e78bcc1
AG		 4504void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4505{
4506 val = cpu_to_le64(val);
4507 cpu_physical_memory_write(addr, &val, 8);
4508}
4509
4510void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4511{
4512 val = cpu_to_be64(val);
4513 cpu_physical_memory_write(addr, &val, 8);
4514}
4515
5e2972fd 4516/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4517int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4518 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4519{
4520 int l;
c227f099 4521 target_phys_addr_t phys_addr;
9b3c35e0 4522 target_ulong page;
13eb76e0
FB		 4523
4524 while (len > 0) {
4525 page = addr & TARGET_PAGE_MASK;
4526 phys_addr = cpu_get_phys_page_debug(env, page);
4527 /* if no physical page mapped, return an error */
4528 if (phys_addr == -1)
4529 return -1;
4530 l = (page + TARGET_PAGE_SIZE) - addr;
4531 if (l > len)
4532 l = len;
5e2972fd 4533 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4534 if (is_write)
4535 cpu_physical_memory_write_rom(phys_addr, buf, l);
4536 else
5e2972fd 4537 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4538 len -= l;
4539 buf += l;
4540 addr += l;
4541 }
4542 return 0;
4543}
a68fe89c 4544#endif
13eb76e0 4545
2e70f6ef
PB		 4546/* in deterministic execution mode, instructions doing device I/Os
4547 must be at the end of the TB */
4548void cpu_io_recompile(CPUState *env, void *retaddr)
4549{
4550 TranslationBlock *tb;
4551 uint32_t n, cflags;
4552 target_ulong pc, cs_base;
4553 uint64_t flags;
4554
4555 tb = tb_find_pc((unsigned long)retaddr);
4556 if (!tb) {
4557 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4558 retaddr);
4559 }
4560 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4561 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4562 /* Calculate how many instructions had been executed before the fault
bf20dc07 4563 occurred. */
2e70f6ef
PB		 4564 n = n - env->icount_decr.u16.low;
4565 /* Generate a new TB ending on the I/O insn. */
4566 n++;
4567 /* On MIPS and SH, delay slot instructions can only be restarted if
4568 they were already the first instruction in the TB. If this is not
bf20dc07 4569 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4570 branch. */
4571#if defined(TARGET_MIPS)
4572 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4573 env->active_tc.PC -= 4;
4574 env->icount_decr.u16.low++;
4575 env->hflags &= ~MIPS_HFLAG_BMASK;
4576 }
4577#elif defined(TARGET_SH4)
4578 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4579 && n > 1) {
4580 env->pc -= 2;
4581 env->icount_decr.u16.low++;
4582 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4583 }
4584#endif
4585 /* This should never happen. */
4586 if (n > CF_COUNT_MASK)
4587 cpu_abort(env, "TB too big during recompile");
4588
4589 cflags = n | CF_LAST_IO;
4590 pc = tb->pc;
4591 cs_base = tb->cs_base;
4592 flags = tb->flags;
4593 tb_phys_invalidate(tb, -1);
4594 /* FIXME: In theory this could raise an exception. In practice
4595 we have already translated the block once so it's probably ok. */
4596 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4597 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4598 the first in the TB) then we end up generating a whole new TB and
4599 repeating the fault, which is horribly inefficient.
4600 Better would be to execute just this insn uncached, or generate a
4601 second new TB. */
4602 cpu_resume_from_signal(env, NULL);
4603}
4604
b3755a91
PB		 4605#if !defined(CONFIG_USER_ONLY)
4606
055403b2 4607void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4608{
4609 int i, target_code_size, max_target_code_size;
4610 int direct_jmp_count, direct_jmp2_count, cross_page;
4611 TranslationBlock *tb;
3b46e624 4612
e3db7226
FB		 4613 target_code_size = 0;
4614 max_target_code_size = 0;
4615 cross_page = 0;
4616 direct_jmp_count = 0;
4617 direct_jmp2_count = 0;
4618 for(i = 0; i < nb_tbs; i++) {
4619 tb = &tbs[i];
4620 target_code_size += tb->size;
4621 if (tb->size > max_target_code_size)
4622 max_target_code_size = tb->size;
4623 if (tb->page_addr[1] != -1)
4624 cross_page++;
4625 if (tb->tb_next_offset[0] != 0xffff) {
4626 direct_jmp_count++;
4627 if (tb->tb_next_offset[1] != 0xffff) {
4628 direct_jmp2_count++;
4629 }
4630 }
4631 }
4632 /* XXX: avoid using doubles ? */
57fec1fe 4633 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4634 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4635 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4636 cpu_fprintf(f, "TB count %d/%d\n",
4637 nb_tbs, code_gen_max_blocks);
5fafdf24 4638 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4639 nb_tbs ? target_code_size / nb_tbs : 0,
4640 max_target_code_size);
055403b2 4641 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4642 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4643 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4644 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4645 cross_page,
e3db7226
FB		 4646 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4647 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4648 direct_jmp_count,
e3db7226
FB		 4649 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4650 direct_jmp2_count,
4651 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4652 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4653 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4654 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4655 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4656 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4657}
4658
d39e8222
AK		 4659/* NOTE: this function can trigger an exception */
4660/* NOTE2: the returned address is not exactly the physical address: it
4661 is the offset relative to phys_ram_base */
4662tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4663{
4664 int mmu_idx, page_index, pd;
4665 void *p;
4666
4667 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4668 mmu_idx = cpu_mmu_index(env1);
4669 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4670 (addr & TARGET_PAGE_MASK))) {
4671 ldub_code(addr);
4672 }
4673 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4674 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
06ef3525 4675 && !io_mem_region[pd]->rom_device) {
d39e8222
AK		 4676#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4677 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4678#else
4679 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4680#endif
4681 }
4682 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4683 return qemu_ram_addr_from_host_nofail(p);
4684}
4685
82afa586
BH		 4686/*
4687 * A helper function for the _utterly broken_ virtio device model to find out if
4688 * it's running on a big endian machine. Don't do this at home kids!
4689 */
4690bool virtio_is_big_endian(void);
4691bool virtio_is_big_endian(void)
4692{
4693#if defined(TARGET_WORDS_BIGENDIAN)
4694 return true;
4695#else
4696 return false;
4697#endif
4698}
4699
61382a50 4700#define MMUSUFFIX _cmmu
3917149d 4701#undef GETPC
61382a50
FB		 4702#define GETPC() NULL
4703#define env cpu_single_env
b769d8fe 4704#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4705
4706#define SHIFT 0
4707#include "softmmu_template.h"
4708
4709#define SHIFT 1
4710#include "softmmu_template.h"
4711
4712#define SHIFT 2
4713#include "softmmu_template.h"
4714
4715#define SHIFT 3
4716#include "softmmu_template.h"
4717
4718#undef env
4719
4720#endif
Mirror of https://git.qemu.org/git/qemu.git