]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: remove first level of l1_phys_map
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 189typedef struct PhysPageDesc {
190 /* offset in host memory of the page + io_index in the low bits */
191 ram_addr_t phys_offset;
192 ram_addr_t region_offset;
193} PhysPageDesc;
194
5cd2c5b6
RH		 195/* This is a multi-level map on the physical address space.
196 The bottom level has pointers to PhysPageDesc. */
3eef53df 197static void *phys_map;
6d9a1304 198
e2eef170 199static void io_mem_init(void);
62152b8a 200static void memory_map_init(void);
e2eef170 201
33417e70 202/* io memory support */
a621f38d 203MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 204static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 205static MemoryRegion io_mem_watch;
6658ffb8 206#endif
33417e70 207
34865134 208/* log support */
1e8b27ca
JR		 209#ifdef WIN32
210static const char *logfilename = "qemu.log";
211#else
d9b630fd 212static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 213#endif
34865134
FB		 214FILE *logfile;
215int loglevel;
e735b91c 216static int log_append = 0;
34865134 217
e3db7226 218/* statistics */
b3755a91 219#if !defined(CONFIG_USER_ONLY)
e3db7226 220static int tlb_flush_count;
b3755a91 221#endif
e3db7226
FB		 222static int tb_flush_count;
223static int tb_phys_invalidate_count;
224
7cb69cae
FB		 225#ifdef _WIN32
226static void map_exec(void *addr, long size)
227{
228 DWORD old_protect;
229 VirtualProtect(addr, size,
230 PAGE_EXECUTE_READWRITE, &old_protect);
231
232}
233#else
234static void map_exec(void *addr, long size)
235{
4369415f 236 unsigned long start, end, page_size;
7cb69cae 237
4369415f 238 page_size = getpagesize();
7cb69cae 239 start = (unsigned long)addr;
4369415f 240 start &= ~(page_size - 1);
7cb69cae
FB		 241
242 end = (unsigned long)addr + size;
4369415f
FB		 243 end += page_size - 1;
244 end &= ~(page_size - 1);
7cb69cae
FB		 245
246 mprotect((void *)start, end - start,
247 PROT_READ | PROT_WRITE | PROT_EXEC);
248}
249#endif
250
b346ff46 251static void page_init(void)
54936004 252{
83fb7adf 253 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 254 TARGET_PAGE_SIZE */
c2b48b69
AL		 255#ifdef _WIN32
256 {
257 SYSTEM_INFO system_info;
258
259 GetSystemInfo(&system_info);
260 qemu_real_host_page_size = system_info.dwPageSize;
261 }
262#else
263 qemu_real_host_page_size = getpagesize();
264#endif
83fb7adf
FB		 265 if (qemu_host_page_size == 0)
266 qemu_host_page_size = qemu_real_host_page_size;
267 if (qemu_host_page_size < TARGET_PAGE_SIZE)
268 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 269 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 270
2e9a5713 271#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 272 {
f01576f1
JL		 273#ifdef HAVE_KINFO_GETVMMAP
274 struct kinfo_vmentry *freep;
275 int i, cnt;
276
277 freep = kinfo_getvmmap(getpid(), &cnt);
278 if (freep) {
279 mmap_lock();
280 for (i = 0; i < cnt; i++) {
281 unsigned long startaddr, endaddr;
282
283 startaddr = freep[i].kve_start;
284 endaddr = freep[i].kve_end;
285 if (h2g_valid(startaddr)) {
286 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
287
288 if (h2g_valid(endaddr)) {
289 endaddr = h2g(endaddr);
fd436907 290 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 291 } else {
292#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
293 endaddr = ~0ul;
fd436907 294 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 295#endif
296 }
297 }
298 }
299 free(freep);
300 mmap_unlock();
301 }
302#else
50a9569b 303 FILE *f;
50a9569b 304
0776590d 305 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 306
fd436907 307 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 308 if (f) {
5cd2c5b6
RH		 309 mmap_lock();
310
50a9569b 311 do {
5cd2c5b6
RH		 312 unsigned long startaddr, endaddr;
313 int n;
314
315 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
316
317 if (n == 2 && h2g_valid(startaddr)) {
318 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
319
320 if (h2g_valid(endaddr)) {
321 endaddr = h2g(endaddr);
322 } else {
323 endaddr = ~0ul;
324 }
325 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 326 }
327 } while (!feof(f));
5cd2c5b6 328
50a9569b 329 fclose(f);
5cd2c5b6 330 mmap_unlock();
50a9569b 331 }
f01576f1 332#endif
50a9569b
AZ		 333 }
334#endif
54936004
FB		 335}
336
41c1b1c9 337static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 338{
41c1b1c9
PB		 339 PageDesc *pd;
340 void **lp;
341 int i;
342
5cd2c5b6 343#if defined(CONFIG_USER_ONLY)
7267c094 344 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 345# define ALLOC(P, SIZE) \
346 do { \
347 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
348 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 349 } while (0)
350#else
351# define ALLOC(P, SIZE) \
7267c094 352 do { P = g_malloc0(SIZE); } while (0)
17e2377a 353#endif
434929bf 354
5cd2c5b6
RH		 355 /* Level 1. Always allocated. */
356 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
357
358 /* Level 2..N-1. */
359 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
360 void **p = *lp;
361
362 if (p == NULL) {
363 if (!alloc) {
364 return NULL;
365 }
366 ALLOC(p, sizeof(void *) * L2_SIZE);
367 *lp = p;
17e2377a 368 }
5cd2c5b6
RH		 369
370 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
371 }
372
373 pd = *lp;
374 if (pd == NULL) {
375 if (!alloc) {
376 return NULL;
377 }
378 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
379 *lp = pd;
54936004 380 }
5cd2c5b6
RH		 381
382#undef ALLOC
5cd2c5b6
RH		 383
384 return pd + (index & (L2_SIZE - 1));
54936004
FB		 385}
386
41c1b1c9 387static inline PageDesc *page_find(tb_page_addr_t index)
54936004 388{
5cd2c5b6 389 return page_find_alloc(index, 0);
fd6ce8f6
FB		 390}
391
6d9a1304 392#if !defined(CONFIG_USER_ONLY)
c227f099 393static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 394{
e3f4e2a4 395 PhysPageDesc *pd;
5cd2c5b6
RH		 396 void **lp;
397 int i;
92e873b9 398
3eef53df 399 lp = &phys_map;
108c49b8 400
3eef53df
AK		 401 /* Level 1..N-1. */
402 for (i = P_L2_LEVELS - 1; i > 0; i--) {
5cd2c5b6
RH		 403 void **p = *lp;
404 if (p == NULL) {
405 if (!alloc) {
406 return NULL;
407 }
7267c094 408 *lp = p = g_malloc0(sizeof(void *) * L2_SIZE);
5cd2c5b6
RH		 409 }
410 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
108c49b8 411 }
5cd2c5b6 412
e3f4e2a4 413 pd = *lp;
5cd2c5b6 414 if (pd == NULL) {
e3f4e2a4 415 int i;
5ab97b7f 416 int first_index = index & ~(L2_SIZE - 1);
5cd2c5b6
RH		 417
418 if (!alloc) {
108c49b8 419 return NULL;
5cd2c5b6
RH		 420 }
421
7267c094 422 *lp = pd = g_malloc(sizeof(PhysPageDesc) * L2_SIZE);
5cd2c5b6 423
67c4d23c 424 for (i = 0; i < L2_SIZE; i++) {
0e0df1e2 425 pd[i].phys_offset = io_mem_unassigned.ram_addr;
5ab97b7f 426 pd[i].region_offset = (first_index + i) << TARGET_PAGE_BITS;
67c4d23c 427 }
92e873b9 428 }
5cd2c5b6
RH		 429
430 return pd + (index & (L2_SIZE - 1));
92e873b9
FB		 431}
432
f1f6e3b8 433static inline PhysPageDesc phys_page_find(target_phys_addr_t index)
92e873b9 434{
f1f6e3b8
AK		 435 PhysPageDesc *p = phys_page_find_alloc(index, 0);
436
437 if (p) {
438 return *p;
439 } else {
440 return (PhysPageDesc) {
0e0df1e2 441 .phys_offset = io_mem_unassigned.ram_addr,
f1f6e3b8
AK		 442 .region_offset = index << TARGET_PAGE_BITS,
443 };
444 }
92e873b9
FB		 445}
446
c227f099
AL		 447static void tlb_protect_code(ram_addr_t ram_addr);
448static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 449 target_ulong vaddr);
c8a706fe
PB		 450#define mmap_lock() do { } while(0)
451#define mmap_unlock() do { } while(0)
9fa3e853 452#endif
fd6ce8f6 453
4369415f
FB		 454#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
455
456#if defined(CONFIG_USER_ONLY)
ccbb4d44 457/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 458 user mode. It will change when a dedicated libc will be used */
459#define USE_STATIC_CODE_GEN_BUFFER
460#endif
461
462#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 463static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
464 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 465#endif
466
8fcd3692 467static void code_gen_alloc(unsigned long tb_size)
26a5f13b 468{
4369415f
FB		 469#ifdef USE_STATIC_CODE_GEN_BUFFER
470 code_gen_buffer = static_code_gen_buffer;
471 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
472 map_exec(code_gen_buffer, code_gen_buffer_size);
473#else
26a5f13b
FB		 474 code_gen_buffer_size = tb_size;
475 if (code_gen_buffer_size == 0) {
4369415f 476#if defined(CONFIG_USER_ONLY)
4369415f
FB		 477 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
478#else
ccbb4d44 479 /* XXX: needs adjustments */
94a6b54f 480 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 481#endif
26a5f13b
FB		 482 }
483 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
484 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
485 /* The code gen buffer location may have constraints depending on
486 the host cpu and OS */
487#if defined(__linux__)
488 {
489 int flags;
141ac468
BS		 490 void *start = NULL;
491
26a5f13b
FB		 492 flags = MAP_PRIVATE | MAP_ANONYMOUS;
493#if defined(__x86_64__)
494 flags |= MAP_32BIT;
495 /* Cannot map more than that */
496 if (code_gen_buffer_size > (800 * 1024 * 1024))
497 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 498#elif defined(__sparc_v9__)
499 // Map the buffer below 2G, so we can use direct calls and branches
500 flags |= MAP_FIXED;
501 start = (void *) 0x60000000UL;
502 if (code_gen_buffer_size > (512 * 1024 * 1024))
503 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 504#elif defined(__arm__)
5c84bd90 505 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 506 if (code_gen_buffer_size > 16 * 1024 * 1024)
507 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 508#elif defined(__s390x__)
509 /* Map the buffer so that we can use direct calls and branches. */
510 /* We have a +- 4GB range on the branches; leave some slop. */
511 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
512 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
513 }
514 start = (void *)0x90000000UL;
26a5f13b 515#endif
141ac468
BS		 516 code_gen_buffer = mmap(start, code_gen_buffer_size,
517 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 518 flags, -1, 0);
519 if (code_gen_buffer == MAP_FAILED) {
520 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
521 exit(1);
522 }
523 }
cbb608a5 524#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 525 || defined(__DragonFly__) || defined(__OpenBSD__) \
526 || defined(__NetBSD__)
06e67a82
AL		 527 {
528 int flags;
529 void *addr = NULL;
530 flags = MAP_PRIVATE | MAP_ANONYMOUS;
531#if defined(__x86_64__)
532 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
533 * 0x40000000 is free */
534 flags |= MAP_FIXED;
535 addr = (void *)0x40000000;
536 /* Cannot map more than that */
537 if (code_gen_buffer_size > (800 * 1024 * 1024))
538 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 539#elif defined(__sparc_v9__)
540 // Map the buffer below 2G, so we can use direct calls and branches
541 flags |= MAP_FIXED;
542 addr = (void *) 0x60000000UL;
543 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
544 code_gen_buffer_size = (512 * 1024 * 1024);
545 }
06e67a82
AL		 546#endif
547 code_gen_buffer = mmap(addr, code_gen_buffer_size,
548 PROT_WRITE | PROT_READ | PROT_EXEC,
549 flags, -1, 0);
550 if (code_gen_buffer == MAP_FAILED) {
551 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
552 exit(1);
553 }
554 }
26a5f13b 555#else
7267c094 556 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 557 map_exec(code_gen_buffer, code_gen_buffer_size);
558#endif
4369415f 559#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 560 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 561 code_gen_buffer_max_size = code_gen_buffer_size -
562 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 563 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 564 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 565}
566
567/* Must be called before using the QEMU cpus. 'tb_size' is the size
568 (in bytes) allocated to the translation buffer. Zero means default
569 size. */
d5ab9713 570void tcg_exec_init(unsigned long tb_size)
26a5f13b 571{
26a5f13b
FB		 572 cpu_gen_init();
573 code_gen_alloc(tb_size);
574 code_gen_ptr = code_gen_buffer;
4369415f 575 page_init();
9002ec79
RH		 576#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
577 /* There's no guest base to take into account, so go ahead and
578 initialize the prologue now. */
579 tcg_prologue_init(&tcg_ctx);
580#endif
26a5f13b
FB		 581}
582
d5ab9713
JK		 583bool tcg_enabled(void)
584{
585 return code_gen_buffer != NULL;
586}
587
588void cpu_exec_init_all(void)
589{
590#if !defined(CONFIG_USER_ONLY)
591 memory_map_init();
592 io_mem_init();
593#endif
594}
595
9656f324
PB		 596#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
597
e59fb374 598static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 599{
600 CPUState *env = opaque;
9656f324 601
3098dba0
AJ		 602 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
603 version_id is increased. */
604 env->interrupt_request &= ~0x01;
9656f324
PB		 605 tlb_flush(env, 1);
606
607 return 0;
608}
e7f4eff7
JQ		 609
610static const VMStateDescription vmstate_cpu_common = {
611 .name = "cpu_common",
612 .version_id = 1,
613 .minimum_version_id = 1,
614 .minimum_version_id_old = 1,
e7f4eff7
JQ		 615 .post_load = cpu_common_post_load,
616 .fields = (VMStateField []) {
617 VMSTATE_UINT32(halted, CPUState),
618 VMSTATE_UINT32(interrupt_request, CPUState),
619 VMSTATE_END_OF_LIST()
620 }
621};
9656f324
PB		 622#endif
623
950f1472
GC		 624CPUState *qemu_get_cpu(int cpu)
625{
626 CPUState *env = first_cpu;
627
628 while (env) {
629 if (env->cpu_index == cpu)
630 break;
631 env = env->next_cpu;
632 }
633
634 return env;
635}
636
6a00d601 637void cpu_exec_init(CPUState *env)
fd6ce8f6 638{
6a00d601
FB		 639 CPUState **penv;
640 int cpu_index;
641
c2764719
PB		 642#if defined(CONFIG_USER_ONLY)
643 cpu_list_lock();
644#endif
6a00d601
FB		 645 env->next_cpu = NULL;
646 penv = &first_cpu;
647 cpu_index = 0;
648 while (*penv != NULL) {
1e9fa730 649 penv = &(*penv)->next_cpu;
6a00d601
FB		 650 cpu_index++;
651 }
652 env->cpu_index = cpu_index;
268a362c 653 env->numa_node = 0;
72cf2d4f
BS		 654 QTAILQ_INIT(&env->breakpoints);
655 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 656#ifndef CONFIG_USER_ONLY
657 env->thread_id = qemu_get_thread_id();
658#endif
6a00d601 659 *penv = env;
c2764719
PB		 660#if defined(CONFIG_USER_ONLY)
661 cpu_list_unlock();
662#endif
b3c7724c 663#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 664 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
665 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 666 cpu_save, cpu_load, env);
667#endif
fd6ce8f6
FB		 668}
669
d1a1eb74
TG		 670/* Allocate a new translation block. Flush the translation buffer if
671 too many translation blocks or too much generated code. */
672static TranslationBlock *tb_alloc(target_ulong pc)
673{
674 TranslationBlock *tb;
675
676 if (nb_tbs >= code_gen_max_blocks ||
677 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
678 return NULL;
679 tb = &tbs[nb_tbs++];
680 tb->pc = pc;
681 tb->cflags = 0;
682 return tb;
683}
684
685void tb_free(TranslationBlock *tb)
686{
687 /* In practice this is mostly used for single use temporary TB
688 Ignore the hard cases and just back up if this TB happens to
689 be the last one generated. */
690 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
691 code_gen_ptr = tb->tc_ptr;
692 nb_tbs--;
693 }
694}
695
9fa3e853
FB		 696static inline void invalidate_page_bitmap(PageDesc *p)
697{
698 if (p->code_bitmap) {
7267c094 699 g_free(p->code_bitmap);
9fa3e853
FB		 700 p->code_bitmap = NULL;
701 }
702 p->code_write_count = 0;
703}
704
5cd2c5b6
RH		 705/* Set to NULL all the 'first_tb' fields in all PageDescs. */
706
707static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 708{
5cd2c5b6 709 int i;
fd6ce8f6 710
5cd2c5b6
RH		 711 if (*lp == NULL) {
712 return;
713 }
714 if (level == 0) {
715 PageDesc *pd = *lp;
7296abac 716 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 717 pd[i].first_tb = NULL;
718 invalidate_page_bitmap(pd + i);
fd6ce8f6 719 }
5cd2c5b6
RH		 720 } else {
721 void **pp = *lp;
7296abac 722 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 723 page_flush_tb_1 (level - 1, pp + i);
724 }
725 }
726}
727
728static void page_flush_tb(void)
729{
730 int i;
731 for (i = 0; i < V_L1_SIZE; i++) {
732 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 733 }
734}
735
736/* flush all the translation blocks */
d4e8164f 737/* XXX: tb_flush is currently not thread safe */
6a00d601 738void tb_flush(CPUState *env1)
fd6ce8f6 739{
6a00d601 740 CPUState *env;
0124311e 741#if defined(DEBUG_FLUSH)
ab3d1727
BS		 742 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
743 (unsigned long)(code_gen_ptr - code_gen_buffer),
744 nb_tbs, nb_tbs > 0 ?
745 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 746#endif
26a5f13b 747 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 748 cpu_abort(env1, "Internal error: code buffer overflow\n");
749
fd6ce8f6 750 nb_tbs = 0;
3b46e624 751
6a00d601
FB		 752 for(env = first_cpu; env != NULL; env = env->next_cpu) {
753 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
754 }
9fa3e853 755
8a8a608f 756 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 757 page_flush_tb();
9fa3e853 758
fd6ce8f6 759 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 760 /* XXX: flush processor icache at this point if cache flush is
761 expensive */
e3db7226 762 tb_flush_count++;
fd6ce8f6
FB		 763}
764
765#ifdef DEBUG_TB_CHECK
766
bc98a7ef 767static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 768{
769 TranslationBlock *tb;
770 int i;
771 address &= TARGET_PAGE_MASK;
99773bd4
PB		 772 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
773 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 774 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
775 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 776 printf("ERROR invalidate: address=" TARGET_FMT_lx
777 " PC=%08lx size=%04x\n",
99773bd4 778 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 779 }
780 }
781 }
782}
783
784/* verify that all the pages have correct rights for code */
785static void tb_page_check(void)
786{
787 TranslationBlock *tb;
788 int i, flags1, flags2;
3b46e624 789
99773bd4
PB		 790 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
791 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 792 flags1 = page_get_flags(tb->pc);
793 flags2 = page_get_flags(tb->pc + tb->size - 1);
794 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
795 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 796 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 797 }
798 }
799 }
800}
801
802#endif
803
804/* invalidate one TB */
805static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
806 int next_offset)
807{
808 TranslationBlock *tb1;
809 for(;;) {
810 tb1 = *ptb;
811 if (tb1 == tb) {
812 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
813 break;
814 }
815 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
816 }
817}
818
9fa3e853
FB		 819static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
820{
821 TranslationBlock *tb1;
822 unsigned int n1;
823
824 for(;;) {
825 tb1 = *ptb;
826 n1 = (long)tb1 & 3;
827 tb1 = (TranslationBlock *)((long)tb1 & ~3);
828 if (tb1 == tb) {
829 *ptb = tb1->page_next[n1];
830 break;
831 }
832 ptb = &tb1->page_next[n1];
833 }
834}
835
d4e8164f
FB		 836static inline void tb_jmp_remove(TranslationBlock *tb, int n)
837{
838 TranslationBlock *tb1, **ptb;
839 unsigned int n1;
840
841 ptb = &tb->jmp_next[n];
842 tb1 = *ptb;
843 if (tb1) {
844 /* find tb(n) in circular list */
845 for(;;) {
846 tb1 = *ptb;
847 n1 = (long)tb1 & 3;
848 tb1 = (TranslationBlock *)((long)tb1 & ~3);
849 if (n1 == n && tb1 == tb)
850 break;
851 if (n1 == 2) {
852 ptb = &tb1->jmp_first;
853 } else {
854 ptb = &tb1->jmp_next[n1];
855 }
856 }
857 /* now we can suppress tb(n) from the list */
858 *ptb = tb->jmp_next[n];
859
860 tb->jmp_next[n] = NULL;
861 }
862}
863
864/* reset the jump entry 'n' of a TB so that it is not chained to
865 another TB */
866static inline void tb_reset_jump(TranslationBlock *tb, int n)
867{
868 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
869}
870
41c1b1c9 871void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 872{
6a00d601 873 CPUState *env;
8a40a180 874 PageDesc *p;
d4e8164f 875 unsigned int h, n1;
41c1b1c9 876 tb_page_addr_t phys_pc;
8a40a180 877 TranslationBlock *tb1, *tb2;
3b46e624 878
8a40a180
FB		 879 /* remove the TB from the hash list */
880 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
881 h = tb_phys_hash_func(phys_pc);
5fafdf24 882 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 883 offsetof(TranslationBlock, phys_hash_next));
884
885 /* remove the TB from the page list */
886 if (tb->page_addr[0] != page_addr) {
887 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
888 tb_page_remove(&p->first_tb, tb);
889 invalidate_page_bitmap(p);
890 }
891 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
892 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
893 tb_page_remove(&p->first_tb, tb);
894 invalidate_page_bitmap(p);
895 }
896
36bdbe54 897 tb_invalidated_flag = 1;
59817ccb 898
fd6ce8f6 899 /* remove the TB from the hash list */
8a40a180 900 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 901 for(env = first_cpu; env != NULL; env = env->next_cpu) {
902 if (env->tb_jmp_cache[h] == tb)
903 env->tb_jmp_cache[h] = NULL;
904 }
d4e8164f
FB		 905
906 /* suppress this TB from the two jump lists */
907 tb_jmp_remove(tb, 0);
908 tb_jmp_remove(tb, 1);
909
910 /* suppress any remaining jumps to this TB */
911 tb1 = tb->jmp_first;
912 for(;;) {
913 n1 = (long)tb1 & 3;
914 if (n1 == 2)
915 break;
916 tb1 = (TranslationBlock *)((long)tb1 & ~3);
917 tb2 = tb1->jmp_next[n1];
918 tb_reset_jump(tb1, n1);
919 tb1->jmp_next[n1] = NULL;
920 tb1 = tb2;
921 }
922 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 923
e3db7226 924 tb_phys_invalidate_count++;
9fa3e853
FB		 925}
926
927static inline void set_bits(uint8_t *tab, int start, int len)
928{
929 int end, mask, end1;
930
931 end = start + len;
932 tab += start >> 3;
933 mask = 0xff << (start & 7);
934 if ((start & ~7) == (end & ~7)) {
935 if (start < end) {
936 mask &= ~(0xff << (end & 7));
937 *tab |= mask;
938 }
939 } else {
940 *tab++ |= mask;
941 start = (start + 8) & ~7;
942 end1 = end & ~7;
943 while (start < end1) {
944 *tab++ = 0xff;
945 start += 8;
946 }
947 if (start < end) {
948 mask = ~(0xff << (end & 7));
949 *tab |= mask;
950 }
951 }
952}
953
954static void build_page_bitmap(PageDesc *p)
955{
956 int n, tb_start, tb_end;
957 TranslationBlock *tb;
3b46e624 958
7267c094 959 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 960
961 tb = p->first_tb;
962 while (tb != NULL) {
963 n = (long)tb & 3;
964 tb = (TranslationBlock *)((long)tb & ~3);
965 /* NOTE: this is subtle as a TB may span two physical pages */
966 if (n == 0) {
967 /* NOTE: tb_end may be after the end of the page, but
968 it is not a problem */
969 tb_start = tb->pc & ~TARGET_PAGE_MASK;
970 tb_end = tb_start + tb->size;
971 if (tb_end > TARGET_PAGE_SIZE)
972 tb_end = TARGET_PAGE_SIZE;
973 } else {
974 tb_start = 0;
975 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
976 }
977 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
978 tb = tb->page_next[n];
979 }
980}
981
2e70f6ef
PB		 982TranslationBlock *tb_gen_code(CPUState *env,
983 target_ulong pc, target_ulong cs_base,
984 int flags, int cflags)
d720b93d
FB		 985{
986 TranslationBlock *tb;
987 uint8_t *tc_ptr;
41c1b1c9
PB		 988 tb_page_addr_t phys_pc, phys_page2;
989 target_ulong virt_page2;
d720b93d
FB		 990 int code_gen_size;
991
41c1b1c9 992 phys_pc = get_page_addr_code(env, pc);
c27004ec 993 tb = tb_alloc(pc);
d720b93d
FB		 994 if (!tb) {
995 /* flush must be done */
996 tb_flush(env);
997 /* cannot fail at this point */
c27004ec 998 tb = tb_alloc(pc);
2e70f6ef
PB		 999 /* Don't forget to invalidate previous TB info. */
1000 tb_invalidated_flag = 1;
d720b93d
FB		 1001 }
1002 tc_ptr = code_gen_ptr;
1003 tb->tc_ptr = tc_ptr;
1004 tb->cs_base = cs_base;
1005 tb->flags = flags;
1006 tb->cflags = cflags;
d07bde88 1007 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1008 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1009
d720b93d 1010 /* check next page if needed */
c27004ec 1011 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1012 phys_page2 = -1;
c27004ec 1013 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1014 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1015 }
41c1b1c9 1016 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1017 return tb;
d720b93d 1018}
3b46e624 1019
9fa3e853
FB		 1020/* invalidate all TBs which intersect with the target physical page
1021 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1022 the same physical page. 'is_cpu_write_access' should be true if called
1023 from a real cpu write access: the virtual CPU will exit the current
1024 TB if code is modified inside this TB. */
41c1b1c9 1025void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1026 int is_cpu_write_access)
1027{
6b917547 1028 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1029 CPUState *env = cpu_single_env;
41c1b1c9 1030 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1031 PageDesc *p;
1032 int n;
1033#ifdef TARGET_HAS_PRECISE_SMC
1034 int current_tb_not_found = is_cpu_write_access;
1035 TranslationBlock *current_tb = NULL;
1036 int current_tb_modified = 0;
1037 target_ulong current_pc = 0;
1038 target_ulong current_cs_base = 0;
1039 int current_flags = 0;
1040#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1041
1042 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1043 if (!p)
9fa3e853 1044 return;
5fafdf24 1045 if (!p->code_bitmap &&
d720b93d
FB		 1046 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1047 is_cpu_write_access) {
9fa3e853
FB		 1048 /* build code bitmap */
1049 build_page_bitmap(p);
1050 }
1051
1052 /* we remove all the TBs in the range [start, end[ */
1053 /* XXX: see if in some cases it could be faster to invalidate all the code */
1054 tb = p->first_tb;
1055 while (tb != NULL) {
1056 n = (long)tb & 3;
1057 tb = (TranslationBlock *)((long)tb & ~3);
1058 tb_next = tb->page_next[n];
1059 /* NOTE: this is subtle as a TB may span two physical pages */
1060 if (n == 0) {
1061 /* NOTE: tb_end may be after the end of the page, but
1062 it is not a problem */
1063 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1064 tb_end = tb_start + tb->size;
1065 } else {
1066 tb_start = tb->page_addr[1];
1067 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1068 }
1069 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1070#ifdef TARGET_HAS_PRECISE_SMC
1071 if (current_tb_not_found) {
1072 current_tb_not_found = 0;
1073 current_tb = NULL;
2e70f6ef 1074 if (env->mem_io_pc) {
d720b93d 1075 /* now we have a real cpu fault */
2e70f6ef 1076 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1077 }
1078 }
1079 if (current_tb == tb &&
2e70f6ef 1080 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1081 /* If we are modifying the current TB, we must stop
1082 its execution. We could be more precise by checking
1083 that the modification is after the current PC, but it
1084 would require a specialized function to partially
1085 restore the CPU state */
3b46e624 1086
d720b93d 1087 current_tb_modified = 1;
618ba8e6 1088 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1089 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1090 &current_flags);
d720b93d
FB		 1091 }
1092#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1093 /* we need to do that to handle the case where a signal
1094 occurs while doing tb_phys_invalidate() */
1095 saved_tb = NULL;
1096 if (env) {
1097 saved_tb = env->current_tb;
1098 env->current_tb = NULL;
1099 }
9fa3e853 1100 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1101 if (env) {
1102 env->current_tb = saved_tb;
1103 if (env->interrupt_request && env->current_tb)
1104 cpu_interrupt(env, env->interrupt_request);
1105 }
9fa3e853
FB		 1106 }
1107 tb = tb_next;
1108 }
1109#if !defined(CONFIG_USER_ONLY)
1110 /* if no code remaining, no need to continue to use slow writes */
1111 if (!p->first_tb) {
1112 invalidate_page_bitmap(p);
d720b93d 1113 if (is_cpu_write_access) {
2e70f6ef 1114 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1115 }
1116 }
1117#endif
1118#ifdef TARGET_HAS_PRECISE_SMC
1119 if (current_tb_modified) {
1120 /* we generate a block containing just the instruction
1121 modifying the memory. It will ensure that it cannot modify
1122 itself */
ea1c1802 1123 env->current_tb = NULL;
2e70f6ef 1124 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1125 cpu_resume_from_signal(env, NULL);
9fa3e853 1126 }
fd6ce8f6 1127#endif
9fa3e853 1128}
fd6ce8f6 1129
9fa3e853 1130/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1131static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1132{
1133 PageDesc *p;
1134 int offset, b;
59817ccb 1135#if 0
a4193c8a 1136 if (1) {
93fcfe39
AL		 1137 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1138 cpu_single_env->mem_io_vaddr, len,
1139 cpu_single_env->eip,
1140 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1141 }
1142#endif
9fa3e853 1143 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1144 if (!p)
9fa3e853
FB		 1145 return;
1146 if (p->code_bitmap) {
1147 offset = start & ~TARGET_PAGE_MASK;
1148 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1149 if (b & ((1 << len) - 1))
1150 goto do_invalidate;
1151 } else {
1152 do_invalidate:
d720b93d 1153 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1154 }
1155}
1156
9fa3e853 1157#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1158static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1159 unsigned long pc, void *puc)
9fa3e853 1160{
6b917547 1161 TranslationBlock *tb;
9fa3e853 1162 PageDesc *p;
6b917547 1163 int n;
d720b93d 1164#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1165 TranslationBlock *current_tb = NULL;
d720b93d 1166 CPUState *env = cpu_single_env;
6b917547
AL		 1167 int current_tb_modified = 0;
1168 target_ulong current_pc = 0;
1169 target_ulong current_cs_base = 0;
1170 int current_flags = 0;
d720b93d 1171#endif
9fa3e853
FB		 1172
1173 addr &= TARGET_PAGE_MASK;
1174 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1175 if (!p)
9fa3e853
FB		 1176 return;
1177 tb = p->first_tb;
d720b93d
FB		 1178#ifdef TARGET_HAS_PRECISE_SMC
1179 if (tb && pc != 0) {
1180 current_tb = tb_find_pc(pc);
1181 }
1182#endif
9fa3e853
FB		 1183 while (tb != NULL) {
1184 n = (long)tb & 3;
1185 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1186#ifdef TARGET_HAS_PRECISE_SMC
1187 if (current_tb == tb &&
2e70f6ef 1188 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1189 /* If we are modifying the current TB, we must stop
1190 its execution. We could be more precise by checking
1191 that the modification is after the current PC, but it
1192 would require a specialized function to partially
1193 restore the CPU state */
3b46e624 1194
d720b93d 1195 current_tb_modified = 1;
618ba8e6 1196 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1197 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1198 &current_flags);
d720b93d
FB		 1199 }
1200#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1201 tb_phys_invalidate(tb, addr);
1202 tb = tb->page_next[n];
1203 }
fd6ce8f6 1204 p->first_tb = NULL;
d720b93d
FB		 1205#ifdef TARGET_HAS_PRECISE_SMC
1206 if (current_tb_modified) {
1207 /* we generate a block containing just the instruction
1208 modifying the memory. It will ensure that it cannot modify
1209 itself */
ea1c1802 1210 env->current_tb = NULL;
2e70f6ef 1211 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1212 cpu_resume_from_signal(env, puc);
1213 }
1214#endif
fd6ce8f6 1215}
9fa3e853 1216#endif
fd6ce8f6
FB		 1217
1218/* add the tb in the target page and protect it if necessary */
5fafdf24 1219static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1220 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1221{
1222 PageDesc *p;
4429ab44
JQ		 1223#ifndef CONFIG_USER_ONLY
1224 bool page_already_protected;
1225#endif
9fa3e853
FB		 1226
1227 tb->page_addr[n] = page_addr;
5cd2c5b6 1228 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1229 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1230#ifndef CONFIG_USER_ONLY
1231 page_already_protected = p->first_tb != NULL;
1232#endif
9fa3e853
FB		 1233 p->first_tb = (TranslationBlock *)((long)tb | n);
1234 invalidate_page_bitmap(p);
fd6ce8f6 1235
107db443 1236#if defined(TARGET_HAS_SMC) || 1
d720b93d 1237
9fa3e853 1238#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1239 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1240 target_ulong addr;
1241 PageDesc *p2;
9fa3e853
FB		 1242 int prot;
1243
fd6ce8f6
FB		 1244 /* force the host page as non writable (writes will have a
1245 page fault + mprotect overhead) */
53a5960a 1246 page_addr &= qemu_host_page_mask;
fd6ce8f6 1247 prot = 0;
53a5960a
PB		 1248 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1249 addr += TARGET_PAGE_SIZE) {
1250
1251 p2 = page_find (addr >> TARGET_PAGE_BITS);
1252 if (!p2)
1253 continue;
1254 prot |= p2->flags;
1255 p2->flags &= ~PAGE_WRITE;
53a5960a 1256 }
5fafdf24 1257 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1258 (prot & PAGE_BITS) & ~PAGE_WRITE);
1259#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1260 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1261 page_addr);
fd6ce8f6 1262#endif
fd6ce8f6 1263 }
9fa3e853
FB		 1264#else
1265 /* if some code is already present, then the pages are already
1266 protected. So we handle the case where only the first TB is
1267 allocated in a physical page */
4429ab44 1268 if (!page_already_protected) {
6a00d601 1269 tlb_protect_code(page_addr);
9fa3e853
FB		 1270 }
1271#endif
d720b93d
FB		 1272
1273#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1274}
1275
9fa3e853
FB		 1276/* add a new TB and link it to the physical page tables. phys_page2 is
1277 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1278void tb_link_page(TranslationBlock *tb,
1279 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1280{
9fa3e853
FB		 1281 unsigned int h;
1282 TranslationBlock **ptb;
1283
c8a706fe
PB		 1284 /* Grab the mmap lock to stop another thread invalidating this TB
1285 before we are done. */
1286 mmap_lock();
9fa3e853
FB		 1287 /* add in the physical hash table */
1288 h = tb_phys_hash_func(phys_pc);
1289 ptb = &tb_phys_hash[h];
1290 tb->phys_hash_next = *ptb;
1291 *ptb = tb;
fd6ce8f6
FB		 1292
1293 /* add in the page list */
9fa3e853
FB		 1294 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1295 if (phys_page2 != -1)
1296 tb_alloc_page(tb, 1, phys_page2);
1297 else
1298 tb->page_addr[1] = -1;
9fa3e853 1299
d4e8164f
FB		 1300 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1301 tb->jmp_next[0] = NULL;
1302 tb->jmp_next[1] = NULL;
1303
1304 /* init original jump addresses */
1305 if (tb->tb_next_offset[0] != 0xffff)
1306 tb_reset_jump(tb, 0);
1307 if (tb->tb_next_offset[1] != 0xffff)
1308 tb_reset_jump(tb, 1);
8a40a180
FB		 1309
1310#ifdef DEBUG_TB_CHECK
1311 tb_page_check();
1312#endif
c8a706fe 1313 mmap_unlock();
fd6ce8f6
FB		 1314}
1315
9fa3e853
FB		 1316/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1317 tb[1].tc_ptr. Return NULL if not found */
1318TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1319{
9fa3e853
FB		 1320 int m_min, m_max, m;
1321 unsigned long v;
1322 TranslationBlock *tb;
a513fe19
FB		 1323
1324 if (nb_tbs <= 0)
1325 return NULL;
1326 if (tc_ptr < (unsigned long)code_gen_buffer ||
1327 tc_ptr >= (unsigned long)code_gen_ptr)
1328 return NULL;
1329 /* binary search (cf Knuth) */
1330 m_min = 0;
1331 m_max = nb_tbs - 1;
1332 while (m_min <= m_max) {
1333 m = (m_min + m_max) >> 1;
1334 tb = &tbs[m];
1335 v = (unsigned long)tb->tc_ptr;
1336 if (v == tc_ptr)
1337 return tb;
1338 else if (tc_ptr < v) {
1339 m_max = m - 1;
1340 } else {
1341 m_min = m + 1;
1342 }
5fafdf24 1343 }
a513fe19
FB		 1344 return &tbs[m_max];
1345}
7501267e 1346
ea041c0e
FB		 1347static void tb_reset_jump_recursive(TranslationBlock *tb);
1348
1349static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1350{
1351 TranslationBlock *tb1, *tb_next, **ptb;
1352 unsigned int n1;
1353
1354 tb1 = tb->jmp_next[n];
1355 if (tb1 != NULL) {
1356 /* find head of list */
1357 for(;;) {
1358 n1 = (long)tb1 & 3;
1359 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1360 if (n1 == 2)
1361 break;
1362 tb1 = tb1->jmp_next[n1];
1363 }
1364 /* we are now sure now that tb jumps to tb1 */
1365 tb_next = tb1;
1366
1367 /* remove tb from the jmp_first list */
1368 ptb = &tb_next->jmp_first;
1369 for(;;) {
1370 tb1 = *ptb;
1371 n1 = (long)tb1 & 3;
1372 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1373 if (n1 == n && tb1 == tb)
1374 break;
1375 ptb = &tb1->jmp_next[n1];
1376 }
1377 *ptb = tb->jmp_next[n];
1378 tb->jmp_next[n] = NULL;
3b46e624 1379
ea041c0e
FB		 1380 /* suppress the jump to next tb in generated code */
1381 tb_reset_jump(tb, n);
1382
0124311e 1383 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1384 tb_reset_jump_recursive(tb_next);
1385 }
1386}
1387
1388static void tb_reset_jump_recursive(TranslationBlock *tb)
1389{
1390 tb_reset_jump_recursive2(tb, 0);
1391 tb_reset_jump_recursive2(tb, 1);
1392}
1393
1fddef4b 1394#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1395#if defined(CONFIG_USER_ONLY)
1396static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1397{
1398 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1399}
1400#else
d720b93d
FB		 1401static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1402{
c227f099 1403 target_phys_addr_t addr;
9b3c35e0 1404 target_ulong pd;
c227f099 1405 ram_addr_t ram_addr;
f1f6e3b8 1406 PhysPageDesc p;
d720b93d 1407
c2f07f81
PB		 1408 addr = cpu_get_phys_page_debug(env, pc);
1409 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 1410 pd = p.phys_offset;
c2f07f81 1411 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1412 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1413}
c27004ec 1414#endif
94df27fd 1415#endif /* TARGET_HAS_ICE */
d720b93d 1416
c527ee8f
PB		 1417#if defined(CONFIG_USER_ONLY)
1418void cpu_watchpoint_remove_all(CPUState *env, int mask)
1419
1420{
1421}
1422
1423int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1424 int flags, CPUWatchpoint **watchpoint)
1425{
1426 return -ENOSYS;
1427}
1428#else
6658ffb8 1429/* Add a watchpoint. */
a1d1bb31
AL		 1430int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1431 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1432{
b4051334 1433 target_ulong len_mask = ~(len - 1);
c0ce998e 1434 CPUWatchpoint *wp;
6658ffb8 1435
b4051334
AL		 1436 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1437 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1438 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1439 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1440 return -EINVAL;
1441 }
7267c094 1442 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1443
1444 wp->vaddr = addr;
b4051334 1445 wp->len_mask = len_mask;
a1d1bb31
AL		 1446 wp->flags = flags;
1447
2dc9f411 1448 /* keep all GDB-injected watchpoints in front */
c0ce998e 1449 if (flags & BP_GDB)
72cf2d4f 1450 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1451 else
72cf2d4f 1452 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1453
6658ffb8 1454 tlb_flush_page(env, addr);
a1d1bb31
AL		 1455
1456 if (watchpoint)
1457 *watchpoint = wp;
1458 return 0;
6658ffb8
PB		 1459}
1460
a1d1bb31
AL		 1461/* Remove a specific watchpoint. */
1462int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1463 int flags)
6658ffb8 1464{
b4051334 1465 target_ulong len_mask = ~(len - 1);
a1d1bb31 1466 CPUWatchpoint *wp;
6658ffb8 1467
72cf2d4f 1468 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1469 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1470 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1471 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1472 return 0;
1473 }
1474 }
a1d1bb31 1475 return -ENOENT;
6658ffb8
PB		 1476}
1477
a1d1bb31
AL		 1478/* Remove a specific watchpoint by reference. */
1479void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1480{
72cf2d4f 1481 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1482
a1d1bb31
AL		 1483 tlb_flush_page(env, watchpoint->vaddr);
1484
7267c094 1485 g_free(watchpoint);
a1d1bb31
AL		 1486}
1487
1488/* Remove all matching watchpoints. */
1489void cpu_watchpoint_remove_all(CPUState *env, int mask)
1490{
c0ce998e 1491 CPUWatchpoint *wp, *next;
a1d1bb31 1492
72cf2d4f 1493 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1494 if (wp->flags & mask)
1495 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1496 }
7d03f82f 1497}
c527ee8f 1498#endif
7d03f82f 1499
a1d1bb31
AL		 1500/* Add a breakpoint. */
1501int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1502 CPUBreakpoint **breakpoint)
4c3a88a2 1503{
1fddef4b 1504#if defined(TARGET_HAS_ICE)
c0ce998e 1505 CPUBreakpoint *bp;
3b46e624 1506
7267c094 1507 bp = g_malloc(sizeof(*bp));
4c3a88a2 1508
a1d1bb31
AL		 1509 bp->pc = pc;
1510 bp->flags = flags;
1511
2dc9f411 1512 /* keep all GDB-injected breakpoints in front */
c0ce998e 1513 if (flags & BP_GDB)
72cf2d4f 1514 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1515 else
72cf2d4f 1516 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1517
d720b93d 1518 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1519
1520 if (breakpoint)
1521 *breakpoint = bp;
4c3a88a2
FB		 1522 return 0;
1523#else
a1d1bb31 1524 return -ENOSYS;
4c3a88a2
FB		 1525#endif
1526}
1527
a1d1bb31
AL		 1528/* Remove a specific breakpoint. */
1529int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1530{
7d03f82f 1531#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1532 CPUBreakpoint *bp;
1533
72cf2d4f 1534 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1535 if (bp->pc == pc && bp->flags == flags) {
1536 cpu_breakpoint_remove_by_ref(env, bp);
1537 return 0;
1538 }
7d03f82f 1539 }
a1d1bb31
AL		 1540 return -ENOENT;
1541#else
1542 return -ENOSYS;
7d03f82f
EI		 1543#endif
1544}
1545
a1d1bb31
AL		 1546/* Remove a specific breakpoint by reference. */
1547void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1548{
1fddef4b 1549#if defined(TARGET_HAS_ICE)
72cf2d4f 1550 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1551
a1d1bb31
AL		 1552 breakpoint_invalidate(env, breakpoint->pc);
1553
7267c094 1554 g_free(breakpoint);
a1d1bb31
AL		 1555#endif
1556}
1557
1558/* Remove all matching breakpoints. */
1559void cpu_breakpoint_remove_all(CPUState *env, int mask)
1560{
1561#if defined(TARGET_HAS_ICE)
c0ce998e 1562 CPUBreakpoint *bp, *next;
a1d1bb31 1563
72cf2d4f 1564 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1565 if (bp->flags & mask)
1566 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1567 }
4c3a88a2
FB		 1568#endif
1569}
1570
c33a346e
FB		 1571/* enable or disable single step mode. EXCP_DEBUG is returned by the
1572 CPU loop after each instruction */
1573void cpu_single_step(CPUState *env, int enabled)
1574{
1fddef4b 1575#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1576 if (env->singlestep_enabled != enabled) {
1577 env->singlestep_enabled = enabled;
e22a25c9
AL		 1578 if (kvm_enabled())
1579 kvm_update_guest_debug(env, 0);
1580 else {
ccbb4d44 1581 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1582 /* XXX: only flush what is necessary */
1583 tb_flush(env);
1584 }
c33a346e
FB		 1585 }
1586#endif
1587}
1588
34865134
FB		 1589/* enable or disable low levels log */
1590void cpu_set_log(int log_flags)
1591{
1592 loglevel = log_flags;
1593 if (loglevel && !logfile) {
11fcfab4 1594 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1595 if (!logfile) {
1596 perror(logfilename);
1597 _exit(1);
1598 }
9fa3e853
FB		 1599#if !defined(CONFIG_SOFTMMU)
1600 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1601 {
b55266b5 1602 static char logfile_buf[4096];
9fa3e853
FB		 1603 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1604 }
daf767b1
SW		 1605#elif defined(_WIN32)
1606 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1607 setvbuf(logfile, NULL, _IONBF, 0);
1608#else
34865134 1609 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1610#endif
e735b91c
PB		 1611 log_append = 1;
1612 }
1613 if (!loglevel && logfile) {
1614 fclose(logfile);
1615 logfile = NULL;
34865134
FB		 1616 }
1617}
1618
1619void cpu_set_log_filename(const char *filename)
1620{
1621 logfilename = strdup(filename);
e735b91c
PB		 1622 if (logfile) {
1623 fclose(logfile);
1624 logfile = NULL;
1625 }
1626 cpu_set_log(loglevel);
34865134 1627}
c33a346e 1628
3098dba0 1629static void cpu_unlink_tb(CPUState *env)
ea041c0e 1630{
3098dba0
AJ		 1631 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1632 problem and hope the cpu will stop of its own accord. For userspace
1633 emulation this often isn't actually as bad as it sounds. Often
1634 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1635 TranslationBlock *tb;
c227f099 1636 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1637
cab1b4bd 1638 spin_lock(&interrupt_lock);
3098dba0
AJ		 1639 tb = env->current_tb;
1640 /* if the cpu is currently executing code, we must unlink it and
1641 all the potentially executing TB */
f76cfe56 1642 if (tb) {
3098dba0
AJ		 1643 env->current_tb = NULL;
1644 tb_reset_jump_recursive(tb);
be214e6c 1645 }
cab1b4bd 1646 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1647}
1648
97ffbd8d 1649#ifndef CONFIG_USER_ONLY
3098dba0 1650/* mask must never be zero, except for A20 change call */
ec6959d0 1651static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1652{
1653 int old_mask;
be214e6c 1654
2e70f6ef 1655 old_mask = env->interrupt_request;
68a79315 1656 env->interrupt_request |= mask;
3098dba0 1657
8edac960
AL		 1658 /*
1659 * If called from iothread context, wake the target cpu in
1660 * case its halted.
1661 */
b7680cb6 1662 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1663 qemu_cpu_kick(env);
1664 return;
1665 }
8edac960 1666
2e70f6ef 1667 if (use_icount) {
266910c4 1668 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1669 if (!can_do_io(env)
be214e6c 1670 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1671 cpu_abort(env, "Raised interrupt while not in I/O function");
1672 }
2e70f6ef 1673 } else {
3098dba0 1674 cpu_unlink_tb(env);
ea041c0e
FB		 1675 }
1676}
1677
ec6959d0
JK		 1678CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1679
97ffbd8d
JK		 1680#else /* CONFIG_USER_ONLY */
1681
1682void cpu_interrupt(CPUState *env, int mask)
1683{
1684 env->interrupt_request |= mask;
1685 cpu_unlink_tb(env);
1686}
1687#endif /* CONFIG_USER_ONLY */
1688
b54ad049
FB		 1689void cpu_reset_interrupt(CPUState *env, int mask)
1690{
1691 env->interrupt_request &= ~mask;
1692}
1693
3098dba0
AJ		 1694void cpu_exit(CPUState *env)
1695{
1696 env->exit_request = 1;
1697 cpu_unlink_tb(env);
1698}
1699
c7cd6a37 1700const CPULogItem cpu_log_items[] = {
5fafdf24 1701 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1702 "show generated host assembly code for each compiled TB" },
1703 { CPU_LOG_TB_IN_ASM, "in_asm",
1704 "show target assembly code for each compiled TB" },
5fafdf24 1705 { CPU_LOG_TB_OP, "op",
57fec1fe 1706 "show micro ops for each compiled TB" },
f193c797 1707 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1708 "show micro ops "
1709#ifdef TARGET_I386
1710 "before eflags optimization and "
f193c797 1711#endif
e01a1157 1712 "after liveness analysis" },
f193c797
FB		 1713 { CPU_LOG_INT, "int",
1714 "show interrupts/exceptions in short format" },
1715 { CPU_LOG_EXEC, "exec",
1716 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1717 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1718 "show CPU state before block translation" },
f193c797
FB		 1719#ifdef TARGET_I386
1720 { CPU_LOG_PCALL, "pcall",
1721 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1722 { CPU_LOG_RESET, "cpu_reset",
1723 "show CPU state before CPU resets" },
f193c797 1724#endif
8e3a9fd2 1725#ifdef DEBUG_IOPORT
fd872598
FB		 1726 { CPU_LOG_IOPORT, "ioport",
1727 "show all i/o ports accesses" },
8e3a9fd2 1728#endif
f193c797
FB		 1729 { 0, NULL, NULL },
1730};
1731
1732static int cmp1(const char *s1, int n, const char *s2)
1733{
1734 if (strlen(s2) != n)
1735 return 0;
1736 return memcmp(s1, s2, n) == 0;
1737}
3b46e624 1738
f193c797
FB		 1739/* takes a comma separated list of log masks. Return 0 if error. */
1740int cpu_str_to_log_mask(const char *str)
1741{
c7cd6a37 1742 const CPULogItem *item;
f193c797
FB		 1743 int mask;
1744 const char *p, *p1;
1745
1746 p = str;
1747 mask = 0;
1748 for(;;) {
1749 p1 = strchr(p, ',');
1750 if (!p1)
1751 p1 = p + strlen(p);
9742bf26
YT		 1752 if(cmp1(p,p1-p,"all")) {
1753 for(item = cpu_log_items; item->mask != 0; item++) {
1754 mask |= item->mask;
1755 }
1756 } else {
1757 for(item = cpu_log_items; item->mask != 0; item++) {
1758 if (cmp1(p, p1 - p, item->name))
1759 goto found;
1760 }
1761 return 0;
f193c797 1762 }
f193c797
FB		 1763 found:
1764 mask |= item->mask;
1765 if (*p1 != ',')
1766 break;
1767 p = p1 + 1;
1768 }
1769 return mask;
1770}
ea041c0e 1771
7501267e
FB		 1772void cpu_abort(CPUState *env, const char *fmt, ...)
1773{
1774 va_list ap;
493ae1f0 1775 va_list ap2;
7501267e
FB		 1776
1777 va_start(ap, fmt);
493ae1f0 1778 va_copy(ap2, ap);
7501267e
FB		 1779 fprintf(stderr, "qemu: fatal: ");
1780 vfprintf(stderr, fmt, ap);
1781 fprintf(stderr, "\n");
1782#ifdef TARGET_I386
7fe48483
FB		 1783 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1784#else
1785 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1786#endif
93fcfe39
AL		 1787 if (qemu_log_enabled()) {
1788 qemu_log("qemu: fatal: ");
1789 qemu_log_vprintf(fmt, ap2);
1790 qemu_log("\n");
f9373291 1791#ifdef TARGET_I386
93fcfe39 1792 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1793#else
93fcfe39 1794 log_cpu_state(env, 0);
f9373291 1795#endif
31b1a7b4 1796 qemu_log_flush();
93fcfe39 1797 qemu_log_close();
924edcae 1798 }
493ae1f0 1799 va_end(ap2);
f9373291 1800 va_end(ap);
fd052bf6
RV		 1801#if defined(CONFIG_USER_ONLY)
1802 {
1803 struct sigaction act;
1804 sigfillset(&act.sa_mask);
1805 act.sa_handler = SIG_DFL;
1806 sigaction(SIGABRT, &act, NULL);
1807 }
1808#endif
7501267e
FB		 1809 abort();
1810}
1811
c5be9f08
TS		 1812CPUState *cpu_copy(CPUState *env)
1813{
01ba9816 1814 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1815 CPUState *next_cpu = new_env->next_cpu;
1816 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1817#if defined(TARGET_HAS_ICE)
1818 CPUBreakpoint *bp;
1819 CPUWatchpoint *wp;
1820#endif
1821
c5be9f08 1822 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1823
1824 /* Preserve chaining and index. */
c5be9f08
TS		 1825 new_env->next_cpu = next_cpu;
1826 new_env->cpu_index = cpu_index;
5a38f081
AL		 1827
1828 /* Clone all break/watchpoints.
1829 Note: Once we support ptrace with hw-debug register access, make sure
1830 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1831 QTAILQ_INIT(&env->breakpoints);
1832 QTAILQ_INIT(&env->watchpoints);
5a38f081 1833#if defined(TARGET_HAS_ICE)
72cf2d4f 1834 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1835 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1836 }
72cf2d4f 1837 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1838 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1839 wp->flags, NULL);
1840 }
1841#endif
1842
c5be9f08
TS		 1843 return new_env;
1844}
1845
0124311e
FB		 1846#if !defined(CONFIG_USER_ONLY)
1847
5c751e99
EI		 1848static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1849{
1850 unsigned int i;
1851
1852 /* Discard jump cache entries for any tb which might potentially
1853 overlap the flushed page. */
1854 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1855 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1856 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1857
1858 i = tb_jmp_cache_hash_page(addr);
1859 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1860 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1861}
1862
08738984
IK		 1863static CPUTLBEntry s_cputlb_empty_entry = {
1864 .addr_read = -1,
1865 .addr_write = -1,
1866 .addr_code = -1,
1867 .addend = -1,
1868};
1869
771124e1
PM		 1870/* NOTE:
1871 * If flush_global is true (the usual case), flush all tlb entries.
1872 * If flush_global is false, flush (at least) all tlb entries not
1873 * marked global.
1874 *
1875 * Since QEMU doesn't currently implement a global/not-global flag
1876 * for tlb entries, at the moment tlb_flush() will also flush all
1877 * tlb entries in the flush_global == false case. This is OK because
1878 * CPU architectures generally permit an implementation to drop
1879 * entries from the TLB at any time, so flushing more entries than
1880 * required is only an efficiency issue, not a correctness issue.
1881 */
ee8b7021 1882void tlb_flush(CPUState *env, int flush_global)
33417e70 1883{
33417e70 1884 int i;
0124311e 1885
9fa3e853
FB		 1886#if defined(DEBUG_TLB)
1887 printf("tlb_flush:\n");
1888#endif
0124311e
FB		 1889 /* must reset current TB so that interrupts cannot modify the
1890 links while we are modifying them */
1891 env->current_tb = NULL;
1892
33417e70 1893 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1894 int mmu_idx;
1895 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1896 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1897 }
33417e70 1898 }
9fa3e853 1899
8a40a180 1900 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1901
d4c430a8
PB		 1902 env->tlb_flush_addr = -1;
1903 env->tlb_flush_mask = 0;
e3db7226 1904 tlb_flush_count++;
33417e70
FB		 1905}
1906
274da6b2 1907static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1908{
5fafdf24 1909 if (addr == (tlb_entry->addr_read &
84b7b8e7 1910 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1911 addr == (tlb_entry->addr_write &
84b7b8e7 1912 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1913 addr == (tlb_entry->addr_code &
84b7b8e7 1914 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1915 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1916 }
61382a50
FB		 1917}
1918
2e12669a 1919void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1920{
8a40a180 1921 int i;
cfde4bd9 1922 int mmu_idx;
0124311e 1923
9fa3e853 1924#if defined(DEBUG_TLB)
108c49b8 1925 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1926#endif
d4c430a8
PB		 1927 /* Check if we need to flush due to large pages. */
1928 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1929#if defined(DEBUG_TLB)
1930 printf("tlb_flush_page: forced full flush ("
1931 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1932 env->tlb_flush_addr, env->tlb_flush_mask);
1933#endif
1934 tlb_flush(env, 1);
1935 return;
1936 }
0124311e
FB		 1937 /* must reset current TB so that interrupts cannot modify the
1938 links while we are modifying them */
1939 env->current_tb = NULL;
61382a50
FB		 1940
1941 addr &= TARGET_PAGE_MASK;
1942 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 1943 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1944 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 1945
5c751e99 1946 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 1947}
1948
9fa3e853
FB		 1949/* update the TLBs so that writes to code in the virtual page 'addr'
1950 can be detected */
c227f099 1951static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 1952{
5fafdf24 1953 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 1954 ram_addr + TARGET_PAGE_SIZE,
1955 CODE_DIRTY_FLAG);
9fa3e853
FB		 1956}
1957
9fa3e853 1958/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 1959 tested for self modifying code */
c227f099 1960static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 1961 target_ulong vaddr)
9fa3e853 1962{
f7c11b53 1963 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 1964}
1965
5fafdf24 1966static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 1967 unsigned long start, unsigned long length)
1968{
1969 unsigned long addr;
0e0df1e2 1970 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 1971 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 1972 if ((addr - start) < length) {
0f459d16 1973 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 1974 }
1975 }
1976}
1977
5579c7f3 1978/* Note: start and end must be within the same ram block. */
c227f099 1979void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1980 int dirty_flags)
1ccde1cb
FB		 1981{
1982 CPUState *env;
4f2ac237 1983 unsigned long length, start1;
f7c11b53 1984 int i;
1ccde1cb
FB		 1985
1986 start &= TARGET_PAGE_MASK;
1987 end = TARGET_PAGE_ALIGN(end);
1988
1989 length = end - start;
1990 if (length == 0)
1991 return;
f7c11b53 1992 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1993
1ccde1cb
FB		 1994 /* we modify the TLB cache so that the dirty bit will be set again
1995 when accessing the range */
b2e0a138 1996 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 1997 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 1998 address comparisons below. */
b2e0a138 1999 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2000 != (end - 1) - start) {
2001 abort();
2002 }
2003
6a00d601 2004 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2005 int mmu_idx;
2006 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2007 for(i = 0; i < CPU_TLB_SIZE; i++)
2008 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2009 start1, length);
2010 }
6a00d601 2011 }
1ccde1cb
FB		 2012}
2013
74576198
AL		 2014int cpu_physical_memory_set_dirty_tracking(int enable)
2015{
f6f3fbca 2016 int ret = 0;
74576198 2017 in_migration = enable;
f6f3fbca 2018 return ret;
74576198
AL		 2019}
2020
3a7d929e
FB		 2021static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2022{
c227f099 2023 ram_addr_t ram_addr;
5579c7f3 2024 void *p;
3a7d929e 2025
0e0df1e2 2026 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2027 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2028 + tlb_entry->addend);
e890261f 2029 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2030 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2031 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2032 }
2033 }
2034}
2035
2036/* update the TLB according to the current state of the dirty bits */
2037void cpu_tlb_update_dirty(CPUState *env)
2038{
2039 int i;
cfde4bd9
IY		 2040 int mmu_idx;
2041 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2042 for(i = 0; i < CPU_TLB_SIZE; i++)
2043 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2044 }
3a7d929e
FB		 2045}
2046
0f459d16 2047static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2048{
0f459d16
PB		 2049 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2050 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2051}
2052
0f459d16
PB		 2053/* update the TLB corresponding to virtual page vaddr
2054 so that it is no longer dirty */
2055static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2056{
1ccde1cb 2057 int i;
cfde4bd9 2058 int mmu_idx;
1ccde1cb 2059
0f459d16 2060 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2061 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2062 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2063 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2064}
2065
d4c430a8
PB		 2066/* Our TLB does not support large pages, so remember the area covered by
2067 large pages and trigger a full TLB flush if these are invalidated. */
2068static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2069 target_ulong size)
2070{
2071 target_ulong mask = ~(size - 1);
2072
2073 if (env->tlb_flush_addr == (target_ulong)-1) {
2074 env->tlb_flush_addr = vaddr & mask;
2075 env->tlb_flush_mask = mask;
2076 return;
2077 }
2078 /* Extend the existing region to include the new page.
2079 This is a compromise between unnecessary flushes and the cost
2080 of maintaining a full variable size TLB. */
2081 mask &= env->tlb_flush_mask;
2082 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2083 mask <<= 1;
2084 }
2085 env->tlb_flush_addr &= mask;
2086 env->tlb_flush_mask = mask;
2087}
2088
1d393fa2
AK		 2089static bool is_ram_rom(ram_addr_t pd)
2090{
2091 pd &= ~TARGET_PAGE_MASK;
0e0df1e2 2092 return pd == io_mem_ram.ram_addr || pd == io_mem_rom.ram_addr;
1d393fa2
AK		 2093}
2094
75c578dc
AK		 2095static bool is_romd(ram_addr_t pd)
2096{
2097 MemoryRegion *mr;
2098
2099 pd &= ~TARGET_PAGE_MASK;
11c7ef0c 2100 mr = io_mem_region[pd];
75c578dc
AK		 2101 return mr->rom_device && mr->readable;
2102}
2103
1d393fa2
AK		 2104static bool is_ram_rom_romd(ram_addr_t pd)
2105{
75c578dc 2106 return is_ram_rom(pd) || is_romd(pd);
1d393fa2
AK		 2107}
2108
d4c430a8
PB		 2109/* Add a new TLB entry. At most one entry for a given virtual address
2110 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2111 supplied size is only used by tlb_flush_page. */
2112void tlb_set_page(CPUState *env, target_ulong vaddr,
2113 target_phys_addr_t paddr, int prot,
2114 int mmu_idx, target_ulong size)
9fa3e853 2115{
f1f6e3b8 2116 PhysPageDesc p;
4f2ac237 2117 unsigned long pd;
9fa3e853 2118 unsigned int index;
4f2ac237 2119 target_ulong address;
0f459d16 2120 target_ulong code_address;
355b1943 2121 unsigned long addend;
84b7b8e7 2122 CPUTLBEntry *te;
a1d1bb31 2123 CPUWatchpoint *wp;
c227f099 2124 target_phys_addr_t iotlb;
9fa3e853 2125
d4c430a8
PB		 2126 assert(size >= TARGET_PAGE_SIZE);
2127 if (size != TARGET_PAGE_SIZE) {
2128 tlb_add_large_page(env, vaddr, size);
2129 }
92e873b9 2130 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
f1f6e3b8 2131 pd = p.phys_offset;
9fa3e853 2132#if defined(DEBUG_TLB)
7fd3f494
SW		 2133 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2134 " prot=%x idx=%d pd=0x%08lx\n",
2135 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2136#endif
2137
0f459d16 2138 address = vaddr;
1d393fa2 2139 if (!is_ram_rom_romd(pd)) {
0f459d16
PB		 2140 /* IO memory case (romd handled later) */
2141 address |= TLB_MMIO;
2142 }
5579c7f3 2143 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
1d393fa2 2144 if (is_ram_rom(pd)) {
0f459d16
PB		 2145 /* Normal RAM. */
2146 iotlb = pd & TARGET_PAGE_MASK;
0e0df1e2
AK		 2147 if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr)
2148 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2149 else
0e0df1e2 2150 iotlb |= io_mem_rom.ram_addr;
0f459d16 2151 } else {
ccbb4d44 2152 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2153 It would be nice to pass an offset from the base address
2154 of that region. This would avoid having to special case RAM,
2155 and avoid full address decoding in every device.
2156 We can't use the high bits of pd for this because
2157 IO_MEM_ROMD uses these as a ram address. */
8da3ff18 2158 iotlb = (pd & ~TARGET_PAGE_MASK);
f1f6e3b8 2159 iotlb += p.region_offset;
0f459d16
PB		 2160 }
2161
2162 code_address = address;
2163 /* Make accesses to pages with watchpoints go via the
2164 watchpoint trap routines. */
72cf2d4f 2165 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2166 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2167 /* Avoid trapping reads of pages with a write breakpoint. */
2168 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2169 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2170 address |= TLB_MMIO;
2171 break;
2172 }
6658ffb8 2173 }
0f459d16 2174 }
d79acba4 2175
0f459d16
PB		 2176 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2177 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2178 te = &env->tlb_table[mmu_idx][index];
2179 te->addend = addend - vaddr;
2180 if (prot & PAGE_READ) {
2181 te->addr_read = address;
2182 } else {
2183 te->addr_read = -1;
2184 }
5c751e99 2185
0f459d16
PB		 2186 if (prot & PAGE_EXEC) {
2187 te->addr_code = code_address;
2188 } else {
2189 te->addr_code = -1;
2190 }
2191 if (prot & PAGE_WRITE) {
75c578dc 2192 if ((pd & ~TARGET_PAGE_MASK) == io_mem_rom.ram_addr || is_romd(pd)) {
0f459d16
PB		 2193 /* Write access calls the I/O callback. */
2194 te->addr_write = address | TLB_MMIO;
0e0df1e2 2195 } else if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr &&
0f459d16
PB		 2196 !cpu_physical_memory_is_dirty(pd)) {
2197 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2198 } else {
0f459d16 2199 te->addr_write = address;
9fa3e853 2200 }
0f459d16
PB		 2201 } else {
2202 te->addr_write = -1;
9fa3e853 2203 }
9fa3e853
FB		 2204}
2205
0124311e
FB		 2206#else
2207
ee8b7021 2208void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2209{
2210}
2211
2e12669a 2212void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2213{
2214}
2215
edf8e2af
MW		 2216/*
2217 * Walks guest process memory "regions" one by one
2218 * and calls callback function 'fn' for each region.
2219 */
5cd2c5b6
RH		 2220
2221struct walk_memory_regions_data
2222{
2223 walk_memory_regions_fn fn;
2224 void *priv;
2225 unsigned long start;
2226 int prot;
2227};
2228
2229static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2230 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2231{
2232 if (data->start != -1ul) {
2233 int rc = data->fn(data->priv, data->start, end, data->prot);
2234 if (rc != 0) {
2235 return rc;
2236 }
2237 }
2238
2239 data->start = (new_prot ? end : -1ul);
2240 data->prot = new_prot;
2241
2242 return 0;
2243}
2244
2245static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2246 abi_ulong base, int level, void **lp)
5cd2c5b6 2247{
b480d9b7 2248 abi_ulong pa;
5cd2c5b6
RH		 2249 int i, rc;
2250
2251 if (*lp == NULL) {
2252 return walk_memory_regions_end(data, base, 0);
2253 }
2254
2255 if (level == 0) {
2256 PageDesc *pd = *lp;
7296abac 2257 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2258 int prot = pd[i].flags;
2259
2260 pa = base | (i << TARGET_PAGE_BITS);
2261 if (prot != data->prot) {
2262 rc = walk_memory_regions_end(data, pa, prot);
2263 if (rc != 0) {
2264 return rc;
9fa3e853 2265 }
9fa3e853 2266 }
5cd2c5b6
RH		 2267 }
2268 } else {
2269 void **pp = *lp;
7296abac 2270 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2271 pa = base | ((abi_ulong)i <<
2272 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2273 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2274 if (rc != 0) {
2275 return rc;
2276 }
2277 }
2278 }
2279
2280 return 0;
2281}
2282
2283int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2284{
2285 struct walk_memory_regions_data data;
2286 unsigned long i;
2287
2288 data.fn = fn;
2289 data.priv = priv;
2290 data.start = -1ul;
2291 data.prot = 0;
2292
2293 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2294 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2295 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2296 if (rc != 0) {
2297 return rc;
9fa3e853 2298 }
33417e70 2299 }
5cd2c5b6
RH		 2300
2301 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2302}
2303
b480d9b7
PB		 2304static int dump_region(void *priv, abi_ulong start,
2305 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2306{
2307 FILE *f = (FILE *)priv;
2308
b480d9b7
PB		 2309 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2310 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2311 start, end, end - start,
2312 ((prot & PAGE_READ) ? 'r' : '-'),
2313 ((prot & PAGE_WRITE) ? 'w' : '-'),
2314 ((prot & PAGE_EXEC) ? 'x' : '-'));
2315
2316 return (0);
2317}
2318
2319/* dump memory mappings */
2320void page_dump(FILE *f)
2321{
2322 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2323 "start", "end", "size", "prot");
2324 walk_memory_regions(f, dump_region);
33417e70
FB		 2325}
2326
53a5960a 2327int page_get_flags(target_ulong address)
33417e70 2328{
9fa3e853
FB		 2329 PageDesc *p;
2330
2331 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2332 if (!p)
9fa3e853
FB		 2333 return 0;
2334 return p->flags;
2335}
2336
376a7909
RH		 2337/* Modify the flags of a page and invalidate the code if necessary.
2338 The flag PAGE_WRITE_ORG is positioned automatically depending
2339 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2340void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2341{
376a7909
RH		 2342 target_ulong addr, len;
2343
2344 /* This function should never be called with addresses outside the
2345 guest address space. If this assert fires, it probably indicates
2346 a missing call to h2g_valid. */
b480d9b7
PB		 2347#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2348 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2349#endif
2350 assert(start < end);
9fa3e853
FB		 2351
2352 start = start & TARGET_PAGE_MASK;
2353 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2354
2355 if (flags & PAGE_WRITE) {
9fa3e853 2356 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2357 }
2358
2359 for (addr = start, len = end - start;
2360 len != 0;
2361 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2362 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2363
2364 /* If the write protection bit is set, then we invalidate
2365 the code inside. */
5fafdf24 2366 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2367 (flags & PAGE_WRITE) &&
2368 p->first_tb) {
d720b93d 2369 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2370 }
2371 p->flags = flags;
2372 }
33417e70
FB		 2373}
2374
3d97b40b
TS		 2375int page_check_range(target_ulong start, target_ulong len, int flags)
2376{
2377 PageDesc *p;
2378 target_ulong end;
2379 target_ulong addr;
2380
376a7909
RH		 2381 /* This function should never be called with addresses outside the
2382 guest address space. If this assert fires, it probably indicates
2383 a missing call to h2g_valid. */
338e9e6c
BS		 2384#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2385 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2386#endif
2387
3e0650a9
RH		 2388 if (len == 0) {
2389 return 0;
2390 }
376a7909
RH		 2391 if (start + len - 1 < start) {
2392 /* We've wrapped around. */
55f280c9 2393 return -1;
376a7909 2394 }
55f280c9 2395
3d97b40b
TS		 2396 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2397 start = start & TARGET_PAGE_MASK;
2398
376a7909
RH		 2399 for (addr = start, len = end - start;
2400 len != 0;
2401 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2402 p = page_find(addr >> TARGET_PAGE_BITS);
2403 if( !p )
2404 return -1;
2405 if( !(p->flags & PAGE_VALID) )
2406 return -1;
2407
dae3270c 2408 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2409 return -1;
dae3270c
FB		 2410 if (flags & PAGE_WRITE) {
2411 if (!(p->flags & PAGE_WRITE_ORG))
2412 return -1;
2413 /* unprotect the page if it was put read-only because it
2414 contains translated code */
2415 if (!(p->flags & PAGE_WRITE)) {
2416 if (!page_unprotect(addr, 0, NULL))
2417 return -1;
2418 }
2419 return 0;
2420 }
3d97b40b
TS		 2421 }
2422 return 0;
2423}
2424
9fa3e853 2425/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2426 page. Return TRUE if the fault was successfully handled. */
53a5960a 2427int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2428{
45d679d6
AJ		 2429 unsigned int prot;
2430 PageDesc *p;
53a5960a 2431 target_ulong host_start, host_end, addr;
9fa3e853 2432
c8a706fe
PB		 2433 /* Technically this isn't safe inside a signal handler. However we
2434 know this only ever happens in a synchronous SEGV handler, so in
2435 practice it seems to be ok. */
2436 mmap_lock();
2437
45d679d6
AJ		 2438 p = page_find(address >> TARGET_PAGE_BITS);
2439 if (!p) {
c8a706fe 2440 mmap_unlock();
9fa3e853 2441 return 0;
c8a706fe 2442 }
45d679d6 2443
9fa3e853
FB		 2444 /* if the page was really writable, then we change its
2445 protection back to writable */
45d679d6
AJ		 2446 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2447 host_start = address & qemu_host_page_mask;
2448 host_end = host_start + qemu_host_page_size;
2449
2450 prot = 0;
2451 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2452 p = page_find(addr >> TARGET_PAGE_BITS);
2453 p->flags |= PAGE_WRITE;
2454 prot |= p->flags;
2455
9fa3e853
FB		 2456 /* and since the content will be modified, we must invalidate
2457 the corresponding translated code. */
45d679d6 2458 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2459#ifdef DEBUG_TB_CHECK
45d679d6 2460 tb_invalidate_check(addr);
9fa3e853 2461#endif
9fa3e853 2462 }
45d679d6
AJ		 2463 mprotect((void *)g2h(host_start), qemu_host_page_size,
2464 prot & PAGE_BITS);
2465
2466 mmap_unlock();
2467 return 1;
9fa3e853 2468 }
c8a706fe 2469 mmap_unlock();
9fa3e853
FB		 2470 return 0;
2471}
2472
6a00d601
FB		 2473static inline void tlb_set_dirty(CPUState *env,
2474 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2475{
2476}
9fa3e853
FB		 2477#endif /* defined(CONFIG_USER_ONLY) */
2478
e2eef170 2479#if !defined(CONFIG_USER_ONLY)
8da3ff18 2480
c04b2b78
PB		 2481#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2482typedef struct subpage_t {
70c68e44 2483 MemoryRegion iomem;
c04b2b78 2484 target_phys_addr_t base;
f6405247
RH		 2485 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2486 ram_addr_t region_offset[TARGET_PAGE_SIZE];
c04b2b78
PB		 2487} subpage_t;
2488
c227f099
AL		 2489static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2490 ram_addr_t memory, ram_addr_t region_offset);
f6405247
RH		 2491static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2492 ram_addr_t orig_memory,
2493 ram_addr_t region_offset);
db7b5426
BS		 2494#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2495 need_subpage) \
2496 do { \
2497 if (addr > start_addr) \
2498 start_addr2 = 0; \
2499 else { \
2500 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2501 if (start_addr2 > 0) \
2502 need_subpage = 1; \
2503 } \
2504 \
49e9fba2 2505 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2506 end_addr2 = TARGET_PAGE_SIZE - 1; \
2507 else { \
2508 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2509 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2510 need_subpage = 1; \
2511 } \
2512 } while (0)
2513
54688b1e
AK		 2514static void destroy_page_desc(PhysPageDesc pd)
2515{
2516 unsigned io_index = pd.phys_offset & ~TARGET_PAGE_MASK;
2517 MemoryRegion *mr = io_mem_region[io_index];
2518
2519 if (mr->subpage) {
2520 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2521 memory_region_destroy(&subpage->iomem);
2522 g_free(subpage);
2523 }
2524}
2525
2526static void destroy_l2_mapping(void **lp, unsigned level)
2527{
2528 unsigned i;
2529 void **p;
2530 PhysPageDesc *pd;
2531
2532 if (!*lp) {
2533 return;
2534 }
2535
2536 if (level > 0) {
2537 p = *lp;
2538 for (i = 0; i < L2_SIZE; ++i) {
2539 destroy_l2_mapping(&p[i], level - 1);
2540 }
2541 g_free(p);
2542 } else {
2543 pd = *lp;
2544 for (i = 0; i < L2_SIZE; ++i) {
2545 destroy_page_desc(pd[i]);
2546 }
2547 g_free(pd);
2548 }
2549 *lp = NULL;
2550}
2551
2552static void destroy_all_mappings(void)
2553{
3eef53df 2554 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
54688b1e
AK		 2555}
2556
8f2498f9
MT		 2557/* register physical memory.
2558 For RAM, 'size' must be a multiple of the target page size.
2559 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2560 io memory page. The address used when calling the IO function is
2561 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2562 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2563 before calculating this offset. This should not be a problem unless
2564 the low bits of start_addr and region_offset differ. */
dd81124b 2565void cpu_register_physical_memory_log(MemoryRegionSection *section,
d7ec83e6 2566 bool readonly)
33417e70 2567{
dd81124b
AK		 2568 target_phys_addr_t start_addr = section->offset_within_address_space;
2569 ram_addr_t size = section->size;
2570 ram_addr_t phys_offset = section->mr->ram_addr;
2571 ram_addr_t region_offset = section->offset_within_region;
c227f099 2572 target_phys_addr_t addr, end_addr;
92e873b9 2573 PhysPageDesc *p;
9d42037b 2574 CPUState *env;
c227f099 2575 ram_addr_t orig_size = size;
f6405247 2576 subpage_t *subpage;
33417e70 2577
dd81124b
AK		 2578 if (memory_region_is_ram(section->mr)) {
2579 phys_offset += region_offset;
2580 region_offset = 0;
2581 }
2582
dd81124b
AK		 2583 if (readonly) {
2584 phys_offset |= io_mem_rom.ram_addr;
2585 }
2586
3b8e6a2d 2587 assert(size);
f6f3fbca 2588
0e0df1e2 2589 if (phys_offset == io_mem_unassigned.ram_addr) {
67c4d23c
PB		 2590 region_offset = start_addr;
2591 }
8da3ff18 2592 region_offset &= TARGET_PAGE_MASK;
5fd386f6 2593 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2594 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2595
2596 addr = start_addr;
2597 do {
f1f6e3b8 2598 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 0);
0e0df1e2 2599 if (p && p->phys_offset != io_mem_unassigned.ram_addr) {
c227f099
AL		 2600 ram_addr_t orig_memory = p->phys_offset;
2601 target_phys_addr_t start_addr2, end_addr2;
db7b5426 2602 int need_subpage = 0;
11c7ef0c 2603 MemoryRegion *mr = io_mem_region[orig_memory & ~TARGET_PAGE_MASK];
db7b5426
BS		 2604
2605 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2606 need_subpage);
f6405247 2607 if (need_subpage) {
b3b00c78 2608 if (!(mr->subpage)) {
db7b5426 2609 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18
PB		 2610 &p->phys_offset, orig_memory,
2611 p->region_offset);
db7b5426 2612 } else {
a621f38d 2613 subpage = container_of(mr, subpage_t, iomem);
db7b5426 2614 }
8da3ff18
PB		 2615 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2616 region_offset);
2617 p->region_offset = 0;
db7b5426
BS		 2618 } else {
2619 p->phys_offset = phys_offset;
2774c6d0 2620 p->region_offset = region_offset;
1d393fa2 2621 if (is_ram_rom_romd(phys_offset))
db7b5426
BS		 2622 phys_offset += TARGET_PAGE_SIZE;
2623 }
2624 } else {
2625 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2626 p->phys_offset = phys_offset;
8da3ff18 2627 p->region_offset = region_offset;
1d393fa2 2628 if (is_ram_rom_romd(phys_offset)) {
db7b5426 2629 phys_offset += TARGET_PAGE_SIZE;
0e8f0967 2630 } else {
c227f099 2631 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2632 int need_subpage = 0;
2633
2634 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2635 end_addr2, need_subpage);
2636
f6405247 2637 if (need_subpage) {
db7b5426 2638 subpage = subpage_init((addr & TARGET_PAGE_MASK),
0e0df1e2
AK		 2639 &p->phys_offset,
2640 io_mem_unassigned.ram_addr,
67c4d23c 2641 addr & TARGET_PAGE_MASK);
db7b5426 2642 subpage_register(subpage, start_addr2, end_addr2,
8da3ff18
PB		 2643 phys_offset, region_offset);
2644 p->region_offset = 0;
db7b5426
BS		 2645 }
2646 }
2647 }
8da3ff18 2648 region_offset += TARGET_PAGE_SIZE;
3b8e6a2d
EI		 2649 addr += TARGET_PAGE_SIZE;
2650 } while (addr != end_addr);
3b46e624 2651
9d42037b
FB		 2652 /* since each CPU stores ram addresses in its TLB cache, we must
2653 reset the modified entries */
2654 /* XXX: slow ! */
2655 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2656 tlb_flush(env, 1);
2657 }
33417e70
FB		 2658}
2659
c227f099 2660void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2661{
2662 if (kvm_enabled())
2663 kvm_coalesce_mmio_region(addr, size);
2664}
2665
c227f099 2666void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2667{
2668 if (kvm_enabled())
2669 kvm_uncoalesce_mmio_region(addr, size);
2670}
2671
62a2744c
SY		 2672void qemu_flush_coalesced_mmio_buffer(void)
2673{
2674 if (kvm_enabled())
2675 kvm_flush_coalesced_mmio_buffer();
2676}
2677
c902760f
MT		 2678#if defined(__linux__) && !defined(TARGET_S390X)
2679
2680#include <sys/vfs.h>
2681
2682#define HUGETLBFS_MAGIC 0x958458f6
2683
2684static long gethugepagesize(const char *path)
2685{
2686 struct statfs fs;
2687 int ret;
2688
2689 do {
9742bf26 2690 ret = statfs(path, &fs);
c902760f
MT		 2691 } while (ret != 0 && errno == EINTR);
2692
2693 if (ret != 0) {
9742bf26
YT		 2694 perror(path);
2695 return 0;
c902760f
MT		 2696 }
2697
2698 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2699 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2700
2701 return fs.f_bsize;
2702}
2703
04b16653
AW		 2704static void *file_ram_alloc(RAMBlock *block,
2705 ram_addr_t memory,
2706 const char *path)
c902760f
MT		 2707{
2708 char *filename;
2709 void *area;
2710 int fd;
2711#ifdef MAP_POPULATE
2712 int flags;
2713#endif
2714 unsigned long hpagesize;
2715
2716 hpagesize = gethugepagesize(path);
2717 if (!hpagesize) {
9742bf26 2718 return NULL;
c902760f
MT		 2719 }
2720
2721 if (memory < hpagesize) {
2722 return NULL;
2723 }
2724
2725 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2726 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2727 return NULL;
2728 }
2729
2730 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2731 return NULL;
c902760f
MT		 2732 }
2733
2734 fd = mkstemp(filename);
2735 if (fd < 0) {
9742bf26
YT		 2736 perror("unable to create backing store for hugepages");
2737 free(filename);
2738 return NULL;
c902760f
MT		 2739 }
2740 unlink(filename);
2741 free(filename);
2742
2743 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2744
2745 /*
2746 * ftruncate is not supported by hugetlbfs in older
2747 * hosts, so don't bother bailing out on errors.
2748 * If anything goes wrong with it under other filesystems,
2749 * mmap will fail.
2750 */
2751 if (ftruncate(fd, memory))
9742bf26 2752 perror("ftruncate");
c902760f
MT		 2753
2754#ifdef MAP_POPULATE
2755 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2756 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2757 * to sidestep this quirk.
2758 */
2759 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2760 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2761#else
2762 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2763#endif
2764 if (area == MAP_FAILED) {
9742bf26
YT		 2765 perror("file_ram_alloc: can't mmap RAM pages");
2766 close(fd);
2767 return (NULL);
c902760f 2768 }
04b16653 2769 block->fd = fd;
c902760f
MT		 2770 return area;
2771}
2772#endif
2773
d17b5288 2774static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2775{
2776 RAMBlock *block, *next_block;
3e837b2c 2777 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2778
2779 if (QLIST_EMPTY(&ram_list.blocks))
2780 return 0;
2781
2782 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2783 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2784
2785 end = block->offset + block->length;
2786
2787 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2788 if (next_block->offset >= end) {
2789 next = MIN(next, next_block->offset);
2790 }
2791 }
2792 if (next - end >= size && next - end < mingap) {
3e837b2c 2793 offset = end;
04b16653
AW		 2794 mingap = next - end;
2795 }
2796 }
3e837b2c
AW		 2797
2798 if (offset == RAM_ADDR_MAX) {
2799 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2800 (uint64_t)size);
2801 abort();
2802 }
2803
04b16653
AW		 2804 return offset;
2805}
2806
2807static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2808{
2809 RAMBlock *block;
2810 ram_addr_t last = 0;
2811
2812 QLIST_FOREACH(block, &ram_list.blocks, next)
2813 last = MAX(last, block->offset + block->length);
2814
2815 return last;
2816}
2817
c5705a77 2818void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2819{
2820 RAMBlock *new_block, *block;
2821
c5705a77
AK		 2822 new_block = NULL;
2823 QLIST_FOREACH(block, &ram_list.blocks, next) {
2824 if (block->offset == addr) {
2825 new_block = block;
2826 break;
2827 }
2828 }
2829 assert(new_block);
2830 assert(!new_block->idstr[0]);
84b89d78
CM		 2831
2832 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2833 char *id = dev->parent_bus->info->get_dev_path(dev);
2834 if (id) {
2835 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2836 g_free(id);
84b89d78
CM		 2837 }
2838 }
2839 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2840
2841 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2842 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2843 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2844 new_block->idstr);
2845 abort();
2846 }
2847 }
c5705a77
AK		 2848}
2849
2850ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2851 MemoryRegion *mr)
2852{
2853 RAMBlock *new_block;
2854
2855 size = TARGET_PAGE_ALIGN(size);
2856 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2857
7c637366 2858 new_block->mr = mr;
432d268c 2859 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2860 if (host) {
2861 new_block->host = host;
cd19cfa2 2862 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2863 } else {
2864 if (mem_path) {
c902760f 2865#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2866 new_block->host = file_ram_alloc(new_block, size, mem_path);
2867 if (!new_block->host) {
2868 new_block->host = qemu_vmalloc(size);
e78815a5 2869 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2870 }
c902760f 2871#else
6977dfe6
YT		 2872 fprintf(stderr, "-mem-path option unsupported\n");
2873 exit(1);
c902760f 2874#endif
6977dfe6 2875 } else {
6b02494d 2876#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2877 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2878 an system defined value, which is at least 256GB. Larger systems
2879 have larger values. We put the guest between the end of data
2880 segment (system break) and this value. We use 32GB as a base to
2881 have enough room for the system break to grow. */
2882 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2883 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2884 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2885 if (new_block->host == MAP_FAILED) {
2886 fprintf(stderr, "Allocating RAM failed\n");
2887 abort();
2888 }
6b02494d 2889#else
868bb33f 2890 if (xen_enabled()) {
fce537d4 2891 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2892 } else {
2893 new_block->host = qemu_vmalloc(size);
2894 }
6b02494d 2895#endif
e78815a5 2896 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2897 }
c902760f 2898 }
94a6b54f
PB		 2899 new_block->length = size;
2900
f471a17e 2901 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2902
7267c094 2903 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2904 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2905 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2906 0xff, size >> TARGET_PAGE_BITS);
2907
6f0437e8
JK		 2908 if (kvm_enabled())
2909 kvm_setup_guest_memory(new_block->host, size);
2910
94a6b54f
PB		 2911 return new_block->offset;
2912}
e9a1ab19 2913
c5705a77 2914ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2915{
c5705a77 2916 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2917}
2918
1f2e98b6
AW		 2919void qemu_ram_free_from_ptr(ram_addr_t addr)
2920{
2921 RAMBlock *block;
2922
2923 QLIST_FOREACH(block, &ram_list.blocks, next) {
2924 if (addr == block->offset) {
2925 QLIST_REMOVE(block, next);
7267c094 2926 g_free(block);
1f2e98b6
AW		 2927 return;
2928 }
2929 }
2930}
2931
c227f099 2932void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2933{
04b16653
AW		 2934 RAMBlock *block;
2935
2936 QLIST_FOREACH(block, &ram_list.blocks, next) {
2937 if (addr == block->offset) {
2938 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2939 if (block->flags & RAM_PREALLOC_MASK) {
2940 ;
2941 } else if (mem_path) {
04b16653
AW		 2942#if defined (__linux__) && !defined(TARGET_S390X)
2943 if (block->fd) {
2944 munmap(block->host, block->length);
2945 close(block->fd);
2946 } else {
2947 qemu_vfree(block->host);
2948 }
fd28aa13
JK		 2949#else
2950 abort();
04b16653
AW		 2951#endif
2952 } else {
2953#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2954 munmap(block->host, block->length);
2955#else
868bb33f 2956 if (xen_enabled()) {
e41d7c69 2957 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2958 } else {
2959 qemu_vfree(block->host);
2960 }
04b16653
AW		 2961#endif
2962 }
7267c094 2963 g_free(block);
04b16653
AW		 2964 return;
2965 }
2966 }
2967
e9a1ab19
FB		 2968}
2969
cd19cfa2
HY		 2970#ifndef _WIN32
2971void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2972{
2973 RAMBlock *block;
2974 ram_addr_t offset;
2975 int flags;
2976 void *area, *vaddr;
2977
2978 QLIST_FOREACH(block, &ram_list.blocks, next) {
2979 offset = addr - block->offset;
2980 if (offset < block->length) {
2981 vaddr = block->host + offset;
2982 if (block->flags & RAM_PREALLOC_MASK) {
2983 ;
2984 } else {
2985 flags = MAP_FIXED;
2986 munmap(vaddr, length);
2987 if (mem_path) {
2988#if defined(__linux__) && !defined(TARGET_S390X)
2989 if (block->fd) {
2990#ifdef MAP_POPULATE
2991 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2992 MAP_PRIVATE;
2993#else
2994 flags |= MAP_PRIVATE;
2995#endif
2996 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2997 flags, block->fd, offset);
2998 } else {
2999 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3000 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3001 flags, -1, 0);
3002 }
fd28aa13
JK		 3003#else
3004 abort();
cd19cfa2
HY		 3005#endif
3006 } else {
3007#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3008 flags |= MAP_SHARED | MAP_ANONYMOUS;
3009 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3010 flags, -1, 0);
3011#else
3012 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3013 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3014 flags, -1, 0);
3015#endif
3016 }
3017 if (area != vaddr) {
f15fbc4b
AP		 3018 fprintf(stderr, "Could not remap addr: "
3019 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3020 length, addr);
3021 exit(1);
3022 }
3023 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3024 }
3025 return;
3026 }
3027 }
3028}
3029#endif /* !_WIN32 */
3030
dc828ca1 3031/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3032 With the exception of the softmmu code in this file, this should
3033 only be used for local memory (e.g. video ram) that the device owns,
3034 and knows it isn't going to access beyond the end of the block.
3035
3036 It should not be used for general purpose DMA.
3037 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3038 */
c227f099 3039void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3040{
94a6b54f
PB		 3041 RAMBlock *block;
3042
f471a17e
AW		 3043 QLIST_FOREACH(block, &ram_list.blocks, next) {
3044 if (addr - block->offset < block->length) {
7d82af38
VP		 3045 /* Move this entry to to start of the list. */
3046 if (block != QLIST_FIRST(&ram_list.blocks)) {
3047 QLIST_REMOVE(block, next);
3048 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3049 }
868bb33f 3050 if (xen_enabled()) {
432d268c
JN		 3051 /* We need to check if the requested address is in the RAM
3052 * because we don't want to map the entire memory in QEMU.
712c2b41 3053 * In that case just map until the end of the page.
432d268c
JN		 3054 */
3055 if (block->offset == 0) {
e41d7c69 3056 return xen_map_cache(addr, 0, 0);
432d268c 3057 } else if (block->host == NULL) {
e41d7c69
JK		 3058 block->host =
3059 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3060 }
3061 }
f471a17e
AW		 3062 return block->host + (addr - block->offset);
3063 }
94a6b54f 3064 }
f471a17e
AW		 3065
3066 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3067 abort();
3068
3069 return NULL;
dc828ca1
PB		 3070}
3071
b2e0a138
MT		 3072/* Return a host pointer to ram allocated with qemu_ram_alloc.
3073 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3074 */
3075void *qemu_safe_ram_ptr(ram_addr_t addr)
3076{
3077 RAMBlock *block;
3078
3079 QLIST_FOREACH(block, &ram_list.blocks, next) {
3080 if (addr - block->offset < block->length) {
868bb33f 3081 if (xen_enabled()) {
432d268c
JN		 3082 /* We need to check if the requested address is in the RAM
3083 * because we don't want to map the entire memory in QEMU.
712c2b41 3084 * In that case just map until the end of the page.
432d268c
JN		 3085 */
3086 if (block->offset == 0) {
e41d7c69 3087 return xen_map_cache(addr, 0, 0);
432d268c 3088 } else if (block->host == NULL) {
e41d7c69
JK		 3089 block->host =
3090 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3091 }
3092 }
b2e0a138
MT		 3093 return block->host + (addr - block->offset);
3094 }
3095 }
3096
3097 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3098 abort();
3099
3100 return NULL;
3101}
3102
38bee5dc
SS		 3103/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3104 * but takes a size argument */
8ab934f9 3105void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3106{
8ab934f9
SS		 3107 if (*size == 0) {
3108 return NULL;
3109 }
868bb33f 3110 if (xen_enabled()) {
e41d7c69 3111 return xen_map_cache(addr, *size, 1);
868bb33f 3112 } else {
38bee5dc
SS		 3113 RAMBlock *block;
3114
3115 QLIST_FOREACH(block, &ram_list.blocks, next) {
3116 if (addr - block->offset < block->length) {
3117 if (addr - block->offset + *size > block->length)
3118 *size = block->length - addr + block->offset;
3119 return block->host + (addr - block->offset);
3120 }
3121 }
3122
3123 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3124 abort();
38bee5dc
SS		 3125 }
3126}
3127
050a0ddf
AP		 3128void qemu_put_ram_ptr(void *addr)
3129{
3130 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3131}
3132
e890261f 3133int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3134{
94a6b54f
PB		 3135 RAMBlock *block;
3136 uint8_t *host = ptr;
3137
868bb33f 3138 if (xen_enabled()) {
e41d7c69 3139 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3140 return 0;
3141 }
3142
f471a17e 3143 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3144 /* This case append when the block is not mapped. */
3145 if (block->host == NULL) {
3146 continue;
3147 }
f471a17e 3148 if (host - block->host < block->length) {
e890261f
MT		 3149 *ram_addr = block->offset + (host - block->host);
3150 return 0;
f471a17e 3151 }
94a6b54f 3152 }
432d268c 3153
e890261f
MT		 3154 return -1;
3155}
f471a17e 3156
e890261f
MT		 3157/* Some of the softmmu routines need to translate from a host pointer
3158 (typically a TLB entry) back to a ram offset. */
3159ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3160{
3161 ram_addr_t ram_addr;
f471a17e 3162
e890261f
MT		 3163 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3164 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3165 abort();
3166 }
3167 return ram_addr;
5579c7f3
PB		 3168}
3169
0e0df1e2
AK		 3170static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3171 unsigned size)
e18231a3
BS		 3172{
3173#ifdef DEBUG_UNASSIGNED
3174 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3175#endif
5b450407 3176#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3177 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3178#endif
3179 return 0;
3180}
3181
0e0df1e2
AK		 3182static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3183 uint64_t val, unsigned size)
e18231a3
BS		 3184{
3185#ifdef DEBUG_UNASSIGNED
0e0df1e2 3186 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3187#endif
5b450407 3188#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3189 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3190#endif
33417e70
FB		 3191}
3192
0e0df1e2
AK		 3193static const MemoryRegionOps unassigned_mem_ops = {
3194 .read = unassigned_mem_read,
3195 .write = unassigned_mem_write,
3196 .endianness = DEVICE_NATIVE_ENDIAN,
3197};
e18231a3 3198
0e0df1e2
AK		 3199static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3200 unsigned size)
e18231a3 3201{
0e0df1e2 3202 abort();
e18231a3
BS		 3203}
3204
0e0df1e2
AK		 3205static void error_mem_write(void *opaque, target_phys_addr_t addr,
3206 uint64_t value, unsigned size)
e18231a3 3207{
0e0df1e2 3208 abort();
33417e70
FB		 3209}
3210
0e0df1e2
AK		 3211static const MemoryRegionOps error_mem_ops = {
3212 .read = error_mem_read,
3213 .write = error_mem_write,
3214 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3215};
3216
0e0df1e2
AK		 3217static const MemoryRegionOps rom_mem_ops = {
3218 .read = error_mem_read,
3219 .write = unassigned_mem_write,
3220 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3221};
3222
0e0df1e2
AK		 3223static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3224 uint64_t val, unsigned size)
9fa3e853 3225{
3a7d929e 3226 int dirty_flags;
f7c11b53 3227 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3228 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3229#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3230 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3231 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3232#endif
3a7d929e 3233 }
0e0df1e2
AK		 3234 switch (size) {
3235 case 1:
3236 stb_p(qemu_get_ram_ptr(ram_addr), val);
3237 break;
3238 case 2:
3239 stw_p(qemu_get_ram_ptr(ram_addr), val);
3240 break;
3241 case 4:
3242 stl_p(qemu_get_ram_ptr(ram_addr), val);
3243 break;
3244 default:
3245 abort();
3a7d929e 3246 }
f23db169 3247 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3248 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3249 /* we remove the notdirty callback only if the code has been
3250 flushed */
3251 if (dirty_flags == 0xff)
2e70f6ef 3252 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3253}
3254
0e0df1e2
AK		 3255static const MemoryRegionOps notdirty_mem_ops = {
3256 .read = error_mem_read,
3257 .write = notdirty_mem_write,
3258 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3259};
3260
0f459d16 3261/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3262static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3263{
3264 CPUState *env = cpu_single_env;
06d55cc1
AL		 3265 target_ulong pc, cs_base;
3266 TranslationBlock *tb;
0f459d16 3267 target_ulong vaddr;
a1d1bb31 3268 CPUWatchpoint *wp;
06d55cc1 3269 int cpu_flags;
0f459d16 3270
06d55cc1
AL		 3271 if (env->watchpoint_hit) {
3272 /* We re-entered the check after replacing the TB. Now raise
3273 * the debug interrupt so that is will trigger after the
3274 * current instruction. */
3275 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3276 return;
3277 }
2e70f6ef 3278 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3279 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3280 if ((vaddr == (wp->vaddr & len_mask) ||
3281 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3282 wp->flags |= BP_WATCHPOINT_HIT;
3283 if (!env->watchpoint_hit) {
3284 env->watchpoint_hit = wp;
3285 tb = tb_find_pc(env->mem_io_pc);
3286 if (!tb) {
3287 cpu_abort(env, "check_watchpoint: could not find TB for "
3288 "pc=%p", (void *)env->mem_io_pc);
3289 }
618ba8e6 3290 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3291 tb_phys_invalidate(tb, -1);
3292 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3293 env->exception_index = EXCP_DEBUG;
3294 } else {
3295 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3296 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3297 }
3298 cpu_resume_from_signal(env, NULL);
06d55cc1 3299 }
6e140f28
AL		 3300 } else {
3301 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3302 }
3303 }
3304}
3305
6658ffb8
PB		 3306/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3307 so these check for a hit then pass through to the normal out-of-line
3308 phys routines. */
1ec9b909
AK		 3309static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3310 unsigned size)
6658ffb8 3311{
1ec9b909
AK		 3312 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3313 switch (size) {
3314 case 1: return ldub_phys(addr);
3315 case 2: return lduw_phys(addr);
3316 case 4: return ldl_phys(addr);
3317 default: abort();
3318 }
6658ffb8
PB		 3319}
3320
1ec9b909
AK		 3321static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3322 uint64_t val, unsigned size)
6658ffb8 3323{
1ec9b909
AK		 3324 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3325 switch (size) {
3326 case 1: stb_phys(addr, val);
3327 case 2: stw_phys(addr, val);
3328 case 4: stl_phys(addr, val);
3329 default: abort();
3330 }
6658ffb8
PB		 3331}
3332
1ec9b909
AK		 3333static const MemoryRegionOps watch_mem_ops = {
3334 .read = watch_mem_read,
3335 .write = watch_mem_write,
3336 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3337};
6658ffb8 3338
70c68e44
AK		 3339static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3340 unsigned len)
db7b5426 3341{
70c68e44 3342 subpage_t *mmio = opaque;
f6405247 3343 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426
BS		 3344#if defined(DEBUG_SUBPAGE)
3345 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3346 mmio, len, addr, idx);
3347#endif
db7b5426 3348
f6405247
RH		 3349 addr += mmio->region_offset[idx];
3350 idx = mmio->sub_io_index[idx];
70c68e44 3351 return io_mem_read(idx, addr, len);
db7b5426
BS		 3352}
3353
70c68e44
AK		 3354static void subpage_write(void *opaque, target_phys_addr_t addr,
3355 uint64_t value, unsigned len)
db7b5426 3356{
70c68e44 3357 subpage_t *mmio = opaque;
f6405247 3358 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426 3359#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3360 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3361 " idx %d value %"PRIx64"\n",
f6405247 3362 __func__, mmio, len, addr, idx, value);
db7b5426 3363#endif
f6405247
RH		 3364
3365 addr += mmio->region_offset[idx];
3366 idx = mmio->sub_io_index[idx];
70c68e44 3367 io_mem_write(idx, addr, value, len);
db7b5426
BS		 3368}
3369
70c68e44
AK		 3370static const MemoryRegionOps subpage_ops = {
3371 .read = subpage_read,
3372 .write = subpage_write,
3373 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3374};
3375
de712f94
AK		 3376static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3377 unsigned size)
56384e8b
AF		 3378{
3379 ram_addr_t raddr = addr;
3380 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3381 switch (size) {
3382 case 1: return ldub_p(ptr);
3383 case 2: return lduw_p(ptr);
3384 case 4: return ldl_p(ptr);
3385 default: abort();
3386 }
56384e8b
AF		 3387}
3388
de712f94
AK		 3389static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3390 uint64_t value, unsigned size)
56384e8b
AF		 3391{
3392 ram_addr_t raddr = addr;
3393 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3394 switch (size) {
3395 case 1: return stb_p(ptr, value);
3396 case 2: return stw_p(ptr, value);
3397 case 4: return stl_p(ptr, value);
3398 default: abort();
3399 }
56384e8b
AF		 3400}
3401
de712f94
AK		 3402static const MemoryRegionOps subpage_ram_ops = {
3403 .read = subpage_ram_read,
3404 .write = subpage_ram_write,
3405 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3406};
3407
c227f099
AL		 3408static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3409 ram_addr_t memory, ram_addr_t region_offset)
db7b5426
BS		 3410{
3411 int idx, eidx;
3412
3413 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3414 return -1;
3415 idx = SUBPAGE_IDX(start);
3416 eidx = SUBPAGE_IDX(end);
3417#if defined(DEBUG_SUBPAGE)
0bf9e31a 3418 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3419 mmio, start, end, idx, eidx, memory);
3420#endif
0e0df1e2 3421 if ((memory & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
de712f94 3422 memory = io_mem_subpage_ram.ram_addr;
56384e8b 3423 }
11c7ef0c 3424 memory &= IO_MEM_NB_ENTRIES - 1;
db7b5426 3425 for (; idx <= eidx; idx++) {
f6405247
RH		 3426 mmio->sub_io_index[idx] = memory;
3427 mmio->region_offset[idx] = region_offset;
db7b5426
BS		 3428 }
3429
3430 return 0;
3431}
3432
f6405247
RH		 3433static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3434 ram_addr_t orig_memory,
3435 ram_addr_t region_offset)
db7b5426 3436{
c227f099 3437 subpage_t *mmio;
db7b5426
BS		 3438 int subpage_memory;
3439
7267c094 3440 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3441
3442 mmio->base = base;
70c68e44
AK		 3443 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3444 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3445 mmio->iomem.subpage = true;
70c68e44 3446 subpage_memory = mmio->iomem.ram_addr;
db7b5426 3447#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3448 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3449 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3450#endif
b3b00c78 3451 *phys = subpage_memory;
f6405247 3452 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
db7b5426
BS		 3453
3454 return mmio;
3455}
3456
88715657
AL		 3457static int get_free_io_mem_idx(void)
3458{
3459 int i;
3460
3461 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3462 if (!io_mem_used[i]) {
3463 io_mem_used[i] = 1;
3464 return i;
3465 }
c6703b47 3466 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3467 return -1;
3468}
3469
33417e70
FB		 3470/* mem_read and mem_write are arrays of functions containing the
3471 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3472 2). Functions can be omitted with a NULL function pointer.
3ee89922 3473 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3474 modified. If it is zero, a new io zone is allocated. The return
3475 value can be used with cpu_register_physical_memory(). (-1) is
3476 returned if error. */
a621f38d 3477static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3478{
33417e70 3479 if (io_index <= 0) {
88715657
AL		 3480 io_index = get_free_io_mem_idx();
3481 if (io_index == -1)
3482 return io_index;
33417e70
FB		 3483 } else {
3484 if (io_index >= IO_MEM_NB_ENTRIES)
3485 return -1;
3486 }
b5ff1b31 3487
a621f38d 3488 io_mem_region[io_index] = mr;
f6405247 3489
11c7ef0c 3490 return io_index;
33417e70 3491}
61382a50 3492
a621f38d 3493int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3494{
a621f38d 3495 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3496}
3497
11c7ef0c 3498void cpu_unregister_io_memory(int io_index)
88715657 3499{
a621f38d 3500 io_mem_region[io_index] = NULL;
88715657
AL		 3501 io_mem_used[io_index] = 0;
3502}
3503
e9179ce1
AK		 3504static void io_mem_init(void)
3505{
3506 int i;
3507
0e0df1e2
AK		 3508 /* Must be first: */
3509 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3510 assert(io_mem_ram.ram_addr == 0);
3511 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3512 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3513 "unassigned", UINT64_MAX);
3514 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3515 "notdirty", UINT64_MAX);
de712f94
AK		 3516 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3517 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3518 for (i=0; i<5; i++)
3519 io_mem_used[i] = 1;
3520
1ec9b909
AK		 3521 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3522 "watch", UINT64_MAX);
e9179ce1
AK		 3523}
3524
50c1e149
AK		 3525static void core_begin(MemoryListener *listener)
3526{
54688b1e 3527 destroy_all_mappings();
50c1e149
AK		 3528}
3529
3530static void core_commit(MemoryListener *listener)
3531{
3532}
3533
93632747
AK		 3534static void core_region_add(MemoryListener *listener,
3535 MemoryRegionSection *section)
3536{
4855d41a 3537 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3538}
3539
3540static void core_region_del(MemoryListener *listener,
3541 MemoryRegionSection *section)
3542{
93632747
AK		 3543}
3544
50c1e149
AK		 3545static void core_region_nop(MemoryListener *listener,
3546 MemoryRegionSection *section)
3547{
54688b1e 3548 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3549}
3550
93632747
AK		 3551static void core_log_start(MemoryListener *listener,
3552 MemoryRegionSection *section)
3553{
3554}
3555
3556static void core_log_stop(MemoryListener *listener,
3557 MemoryRegionSection *section)
3558{
3559}
3560
3561static void core_log_sync(MemoryListener *listener,
3562 MemoryRegionSection *section)
3563{
3564}
3565
3566static void core_log_global_start(MemoryListener *listener)
3567{
3568 cpu_physical_memory_set_dirty_tracking(1);
3569}
3570
3571static void core_log_global_stop(MemoryListener *listener)
3572{
3573 cpu_physical_memory_set_dirty_tracking(0);
3574}
3575
3576static void core_eventfd_add(MemoryListener *listener,
3577 MemoryRegionSection *section,
3578 bool match_data, uint64_t data, int fd)
3579{
3580}
3581
3582static void core_eventfd_del(MemoryListener *listener,
3583 MemoryRegionSection *section,
3584 bool match_data, uint64_t data, int fd)
3585{
3586}
3587
50c1e149
AK		 3588static void io_begin(MemoryListener *listener)
3589{
3590}
3591
3592static void io_commit(MemoryListener *listener)
3593{
3594}
3595
4855d41a
AK		 3596static void io_region_add(MemoryListener *listener,
3597 MemoryRegionSection *section)
3598{
3599 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3600 section->offset_within_address_space, section->size);
3601 ioport_register(&section->mr->iorange);
3602}
3603
3604static void io_region_del(MemoryListener *listener,
3605 MemoryRegionSection *section)
3606{
3607 isa_unassign_ioport(section->offset_within_address_space, section->size);
3608}
3609
50c1e149
AK		 3610static void io_region_nop(MemoryListener *listener,
3611 MemoryRegionSection *section)
3612{
3613}
3614
4855d41a
AK		 3615static void io_log_start(MemoryListener *listener,
3616 MemoryRegionSection *section)
3617{
3618}
3619
3620static void io_log_stop(MemoryListener *listener,
3621 MemoryRegionSection *section)
3622{
3623}
3624
3625static void io_log_sync(MemoryListener *listener,
3626 MemoryRegionSection *section)
3627{
3628}
3629
3630static void io_log_global_start(MemoryListener *listener)
3631{
3632}
3633
3634static void io_log_global_stop(MemoryListener *listener)
3635{
3636}
3637
3638static void io_eventfd_add(MemoryListener *listener,
3639 MemoryRegionSection *section,
3640 bool match_data, uint64_t data, int fd)
3641{
3642}
3643
3644static void io_eventfd_del(MemoryListener *listener,
3645 MemoryRegionSection *section,
3646 bool match_data, uint64_t data, int fd)
3647{
3648}
3649
93632747 3650static MemoryListener core_memory_listener = {
50c1e149
AK		 3651 .begin = core_begin,
3652 .commit = core_commit,
93632747
AK		 3653 .region_add = core_region_add,
3654 .region_del = core_region_del,
50c1e149 3655 .region_nop = core_region_nop,
93632747
AK		 3656 .log_start = core_log_start,
3657 .log_stop = core_log_stop,
3658 .log_sync = core_log_sync,
3659 .log_global_start = core_log_global_start,
3660 .log_global_stop = core_log_global_stop,
3661 .eventfd_add = core_eventfd_add,
3662 .eventfd_del = core_eventfd_del,
3663 .priority = 0,
3664};
3665
4855d41a 3666static MemoryListener io_memory_listener = {
50c1e149
AK		 3667 .begin = io_begin,
3668 .commit = io_commit,
4855d41a
AK		 3669 .region_add = io_region_add,
3670 .region_del = io_region_del,
50c1e149 3671 .region_nop = io_region_nop,
4855d41a
AK		 3672 .log_start = io_log_start,
3673 .log_stop = io_log_stop,
3674 .log_sync = io_log_sync,
3675 .log_global_start = io_log_global_start,
3676 .log_global_stop = io_log_global_stop,
3677 .eventfd_add = io_eventfd_add,
3678 .eventfd_del = io_eventfd_del,
3679 .priority = 0,
3680};
3681
62152b8a
AK		 3682static void memory_map_init(void)
3683{
7267c094 3684 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3685 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3686 set_system_memory_map(system_memory);
309cb471 3687
7267c094 3688 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3689 memory_region_init(system_io, "io", 65536);
3690 set_system_io_map(system_io);
93632747 3691
4855d41a
AK		 3692 memory_listener_register(&core_memory_listener, system_memory);
3693 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3694}
3695
3696MemoryRegion *get_system_memory(void)
3697{
3698 return system_memory;
3699}
3700
309cb471
AK		 3701MemoryRegion *get_system_io(void)
3702{
3703 return system_io;
3704}
3705
e2eef170
PB		 3706#endif /* !defined(CONFIG_USER_ONLY) */
3707
13eb76e0
FB		 3708/* physical memory access (slow version, mainly for debug) */
3709#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3710int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3711 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3712{
3713 int l, flags;
3714 target_ulong page;
53a5960a 3715 void * p;
13eb76e0
FB		 3716
3717 while (len > 0) {
3718 page = addr & TARGET_PAGE_MASK;
3719 l = (page + TARGET_PAGE_SIZE) - addr;
3720 if (l > len)
3721 l = len;
3722 flags = page_get_flags(page);
3723 if (!(flags & PAGE_VALID))
a68fe89c 3724 return -1;
13eb76e0
FB		 3725 if (is_write) {
3726 if (!(flags & PAGE_WRITE))
a68fe89c 3727 return -1;
579a97f7 3728 /* XXX: this code should not depend on lock_user */
72fb7daa 3729 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3730 return -1;
72fb7daa
AJ		 3731 memcpy(p, buf, l);
3732 unlock_user(p, addr, l);
13eb76e0
FB		 3733 } else {
3734 if (!(flags & PAGE_READ))
a68fe89c 3735 return -1;
579a97f7 3736 /* XXX: this code should not depend on lock_user */
72fb7daa 3737 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3738 return -1;
72fb7daa 3739 memcpy(buf, p, l);
5b257578 3740 unlock_user(p, addr, 0);
13eb76e0
FB		 3741 }
3742 len -= l;
3743 buf += l;
3744 addr += l;
3745 }
a68fe89c 3746 return 0;
13eb76e0 3747}
8df1cd07 3748
13eb76e0 3749#else
c227f099 3750void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3751 int len, int is_write)
3752{
3753 int l, io_index;
3754 uint8_t *ptr;
3755 uint32_t val;
c227f099 3756 target_phys_addr_t page;
8ca5692d 3757 ram_addr_t pd;
f1f6e3b8 3758 PhysPageDesc p;
3b46e624 3759
13eb76e0
FB		 3760 while (len > 0) {
3761 page = addr & TARGET_PAGE_MASK;
3762 l = (page + TARGET_PAGE_SIZE) - addr;
3763 if (l > len)
3764 l = len;
92e873b9 3765 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3766 pd = p.phys_offset;
3b46e624 3767
13eb76e0 3768 if (is_write) {
0e0df1e2 3769 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
f1f6e3b8 3770 target_phys_addr_t addr1;
11c7ef0c 3771 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3772 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6a00d601
FB		 3773 /* XXX: could force cpu_single_env to NULL to avoid
3774 potential bugs */
6c2934db 3775 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3776 /* 32 bit write access */
c27004ec 3777 val = ldl_p(buf);
acbbec5d 3778 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3779 l = 4;
6c2934db 3780 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3781 /* 16 bit write access */
c27004ec 3782 val = lduw_p(buf);
acbbec5d 3783 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3784 l = 2;
3785 } else {
1c213d19 3786 /* 8 bit write access */
c27004ec 3787 val = ldub_p(buf);
acbbec5d 3788 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3789 l = 1;
3790 }
3791 } else {
8ca5692d 3792 ram_addr_t addr1;
b448f2f3 3793 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3794 /* RAM case */
5579c7f3 3795 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3796 memcpy(ptr, buf, l);
3a7d929e
FB		 3797 if (!cpu_physical_memory_is_dirty(addr1)) {
3798 /* invalidate code */
3799 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3800 /* set dirty bit */
f7c11b53
YT		 3801 cpu_physical_memory_set_dirty_flags(
3802 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3803 }
050a0ddf 3804 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3805 }
3806 } else {
1d393fa2 3807 if (!is_ram_rom_romd(pd)) {
f1f6e3b8 3808 target_phys_addr_t addr1;
13eb76e0 3809 /* I/O case */
11c7ef0c 3810 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3811 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6c2934db 3812 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3813 /* 32 bit read access */
acbbec5d 3814 val = io_mem_read(io_index, addr1, 4);
c27004ec 3815 stl_p(buf, val);
13eb76e0 3816 l = 4;
6c2934db 3817 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3818 /* 16 bit read access */
acbbec5d 3819 val = io_mem_read(io_index, addr1, 2);
c27004ec 3820 stw_p(buf, val);
13eb76e0
FB		 3821 l = 2;
3822 } else {
1c213d19 3823 /* 8 bit read access */
acbbec5d 3824 val = io_mem_read(io_index, addr1, 1);
c27004ec 3825 stb_p(buf, val);
13eb76e0
FB		 3826 l = 1;
3827 }
3828 } else {
3829 /* RAM case */
050a0ddf
AP		 3830 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3831 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3832 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3833 }
3834 }
3835 len -= l;
3836 buf += l;
3837 addr += l;
3838 }
3839}
8df1cd07 3840
d0ecd2aa 3841/* used for ROM loading : can write in RAM and ROM */
c227f099 3842void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3843 const uint8_t *buf, int len)
3844{
3845 int l;
3846 uint8_t *ptr;
c227f099 3847 target_phys_addr_t page;
d0ecd2aa 3848 unsigned long pd;
f1f6e3b8 3849 PhysPageDesc p;
3b46e624 3850
d0ecd2aa
FB		 3851 while (len > 0) {
3852 page = addr & TARGET_PAGE_MASK;
3853 l = (page + TARGET_PAGE_SIZE) - addr;
3854 if (l > len)
3855 l = len;
3856 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3857 pd = p.phys_offset;
3b46e624 3858
1d393fa2 3859 if (!is_ram_rom_romd(pd)) {
d0ecd2aa
FB		 3860 /* do nothing */
3861 } else {
3862 unsigned long addr1;
3863 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3864 /* ROM/RAM case */
5579c7f3 3865 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3866 memcpy(ptr, buf, l);
050a0ddf 3867 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3868 }
3869 len -= l;
3870 buf += l;
3871 addr += l;
3872 }
3873}
3874
6d16c2f8
AL		 3875typedef struct {
3876 void *buffer;
c227f099
AL		 3877 target_phys_addr_t addr;
3878 target_phys_addr_t len;
6d16c2f8
AL		 3879} BounceBuffer;
3880
3881static BounceBuffer bounce;
3882
ba223c29
AL		 3883typedef struct MapClient {
3884 void *opaque;
3885 void (*callback)(void *opaque);
72cf2d4f 3886 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3887} MapClient;
3888
72cf2d4f
BS		 3889static QLIST_HEAD(map_client_list, MapClient) map_client_list
3890 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3891
3892void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3893{
7267c094 3894 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3895
3896 client->opaque = opaque;
3897 client->callback = callback;
72cf2d4f 3898 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3899 return client;
3900}
3901
3902void cpu_unregister_map_client(void *_client)
3903{
3904 MapClient *client = (MapClient *)_client;
3905
72cf2d4f 3906 QLIST_REMOVE(client, link);
7267c094 3907 g_free(client);
ba223c29
AL		 3908}
3909
3910static void cpu_notify_map_clients(void)
3911{
3912 MapClient *client;
3913
72cf2d4f
BS		 3914 while (!QLIST_EMPTY(&map_client_list)) {
3915 client = QLIST_FIRST(&map_client_list);
ba223c29 3916 client->callback(client->opaque);
34d5e948 3917 cpu_unregister_map_client(client);
ba223c29
AL		 3918 }
3919}
3920
6d16c2f8
AL		 3921/* Map a physical memory region into a host virtual address.
3922 * May map a subset of the requested range, given by and returned in *plen.
3923 * May return NULL if resources needed to perform the mapping are exhausted.
3924 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3925 * Use cpu_register_map_client() to know when retrying the map operation is
3926 * likely to succeed.
6d16c2f8 3927 */
c227f099
AL		 3928void *cpu_physical_memory_map(target_phys_addr_t addr,
3929 target_phys_addr_t *plen,
6d16c2f8
AL		 3930 int is_write)
3931{
c227f099 3932 target_phys_addr_t len = *plen;
38bee5dc 3933 target_phys_addr_t todo = 0;
6d16c2f8 3934 int l;
c227f099 3935 target_phys_addr_t page;
6d16c2f8 3936 unsigned long pd;
f1f6e3b8 3937 PhysPageDesc p;
f15fbc4b 3938 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3939 ram_addr_t rlen;
3940 void *ret;
6d16c2f8
AL		 3941
3942 while (len > 0) {
3943 page = addr & TARGET_PAGE_MASK;
3944 l = (page + TARGET_PAGE_SIZE) - addr;
3945 if (l > len)
3946 l = len;
3947 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3948 pd = p.phys_offset;
6d16c2f8 3949
0e0df1e2 3950 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
38bee5dc 3951 if (todo || bounce.buffer) {
6d16c2f8
AL		 3952 break;
3953 }
3954 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3955 bounce.addr = addr;
3956 bounce.len = l;
3957 if (!is_write) {
54f7b4a3 3958 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3959 }
38bee5dc
SS		 3960
3961 *plen = l;
3962 return bounce.buffer;
6d16c2f8 3963 }
8ab934f9
SS		 3964 if (!todo) {
3965 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3966 }
6d16c2f8
AL		 3967
3968 len -= l;
3969 addr += l;
38bee5dc 3970 todo += l;
6d16c2f8 3971 }
8ab934f9
SS		 3972 rlen = todo;
3973 ret = qemu_ram_ptr_length(raddr, &rlen);
3974 *plen = rlen;
3975 return ret;
6d16c2f8
AL		 3976}
3977
3978/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3979 * Will also mark the memory as dirty if is_write == 1. access_len gives
3980 * the amount of memory that was actually read or written by the caller.
3981 */
c227f099
AL		 3982void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3983 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3984{
3985 if (buffer != bounce.buffer) {
3986 if (is_write) {
e890261f 3987 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3988 while (access_len) {
3989 unsigned l;
3990 l = TARGET_PAGE_SIZE;
3991 if (l > access_len)
3992 l = access_len;
3993 if (!cpu_physical_memory_is_dirty(addr1)) {
3994 /* invalidate code */
3995 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3996 /* set dirty bit */
f7c11b53
YT		 3997 cpu_physical_memory_set_dirty_flags(
3998 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 3999 }
4000 addr1 += l;
4001 access_len -= l;
4002 }
4003 }
868bb33f 4004 if (xen_enabled()) {
e41d7c69 4005 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4006 }
6d16c2f8
AL		 4007 return;
4008 }
4009 if (is_write) {
4010 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4011 }
f8a83245 4012 qemu_vfree(bounce.buffer);
6d16c2f8 4013 bounce.buffer = NULL;
ba223c29 4014 cpu_notify_map_clients();
6d16c2f8 4015}
d0ecd2aa 4016
8df1cd07 4017/* warning: addr must be aligned */
1e78bcc1
AG		 4018static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4019 enum device_endian endian)
8df1cd07
FB		 4020{
4021 int io_index;
4022 uint8_t *ptr;
4023 uint32_t val;
4024 unsigned long pd;
f1f6e3b8 4025 PhysPageDesc p;
8df1cd07
FB		 4026
4027 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4028 pd = p.phys_offset;
3b46e624 4029
1d393fa2 4030 if (!is_ram_rom_romd(pd)) {
8df1cd07 4031 /* I/O case */
11c7ef0c 4032 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4033 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4034 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4035#if defined(TARGET_WORDS_BIGENDIAN)
4036 if (endian == DEVICE_LITTLE_ENDIAN) {
4037 val = bswap32(val);
4038 }
4039#else
4040 if (endian == DEVICE_BIG_ENDIAN) {
4041 val = bswap32(val);
4042 }
4043#endif
8df1cd07
FB		 4044 } else {
4045 /* RAM case */
5579c7f3 4046 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4047 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4048 switch (endian) {
4049 case DEVICE_LITTLE_ENDIAN:
4050 val = ldl_le_p(ptr);
4051 break;
4052 case DEVICE_BIG_ENDIAN:
4053 val = ldl_be_p(ptr);
4054 break;
4055 default:
4056 val = ldl_p(ptr);
4057 break;
4058 }
8df1cd07
FB		 4059 }
4060 return val;
4061}
4062
1e78bcc1
AG		 4063uint32_t ldl_phys(target_phys_addr_t addr)
4064{
4065 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4066}
4067
4068uint32_t ldl_le_phys(target_phys_addr_t addr)
4069{
4070 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4071}
4072
4073uint32_t ldl_be_phys(target_phys_addr_t addr)
4074{
4075 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4076}
4077
84b7b8e7 4078/* warning: addr must be aligned */
1e78bcc1
AG		 4079static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4080 enum device_endian endian)
84b7b8e7
FB		 4081{
4082 int io_index;
4083 uint8_t *ptr;
4084 uint64_t val;
4085 unsigned long pd;
f1f6e3b8 4086 PhysPageDesc p;
84b7b8e7
FB		 4087
4088 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4089 pd = p.phys_offset;
3b46e624 4090
1d393fa2 4091 if (!is_ram_rom_romd(pd)) {
84b7b8e7 4092 /* I/O case */
11c7ef0c 4093 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4094 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4095
4096 /* XXX This is broken when device endian != cpu endian.
4097 Fix and add "endian" variable check */
84b7b8e7 4098#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4099 val = io_mem_read(io_index, addr, 4) << 32;
4100 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4101#else
acbbec5d
AK		 4102 val = io_mem_read(io_index, addr, 4);
4103 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4104#endif
4105 } else {
4106 /* RAM case */
5579c7f3 4107 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4108 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4109 switch (endian) {
4110 case DEVICE_LITTLE_ENDIAN:
4111 val = ldq_le_p(ptr);
4112 break;
4113 case DEVICE_BIG_ENDIAN:
4114 val = ldq_be_p(ptr);
4115 break;
4116 default:
4117 val = ldq_p(ptr);
4118 break;
4119 }
84b7b8e7
FB		 4120 }
4121 return val;
4122}
4123
1e78bcc1
AG		 4124uint64_t ldq_phys(target_phys_addr_t addr)
4125{
4126 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4127}
4128
4129uint64_t ldq_le_phys(target_phys_addr_t addr)
4130{
4131 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4132}
4133
4134uint64_t ldq_be_phys(target_phys_addr_t addr)
4135{
4136 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4137}
4138
aab33094 4139/* XXX: optimize */
c227f099 4140uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4141{
4142 uint8_t val;
4143 cpu_physical_memory_read(addr, &val, 1);
4144 return val;
4145}
4146
733f0b02 4147/* warning: addr must be aligned */
1e78bcc1
AG		 4148static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4149 enum device_endian endian)
aab33094 4150{
733f0b02
MT		 4151 int io_index;
4152 uint8_t *ptr;
4153 uint64_t val;
4154 unsigned long pd;
f1f6e3b8 4155 PhysPageDesc p;
733f0b02
MT		 4156
4157 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4158 pd = p.phys_offset;
733f0b02 4159
1d393fa2 4160 if (!is_ram_rom_romd(pd)) {
733f0b02 4161 /* I/O case */
11c7ef0c 4162 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4163 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4164 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4165#if defined(TARGET_WORDS_BIGENDIAN)
4166 if (endian == DEVICE_LITTLE_ENDIAN) {
4167 val = bswap16(val);
4168 }
4169#else
4170 if (endian == DEVICE_BIG_ENDIAN) {
4171 val = bswap16(val);
4172 }
4173#endif
733f0b02
MT		 4174 } else {
4175 /* RAM case */
4176 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4177 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4178 switch (endian) {
4179 case DEVICE_LITTLE_ENDIAN:
4180 val = lduw_le_p(ptr);
4181 break;
4182 case DEVICE_BIG_ENDIAN:
4183 val = lduw_be_p(ptr);
4184 break;
4185 default:
4186 val = lduw_p(ptr);
4187 break;
4188 }
733f0b02
MT		 4189 }
4190 return val;
aab33094
FB		 4191}
4192
1e78bcc1
AG		 4193uint32_t lduw_phys(target_phys_addr_t addr)
4194{
4195 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4196}
4197
4198uint32_t lduw_le_phys(target_phys_addr_t addr)
4199{
4200 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4201}
4202
4203uint32_t lduw_be_phys(target_phys_addr_t addr)
4204{
4205 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4206}
4207
8df1cd07
FB		 4208/* warning: addr must be aligned. The ram page is not masked as dirty
4209 and the code inside is not invalidated. It is useful if the dirty
4210 bits are used to track modified PTEs */
c227f099 4211void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4212{
4213 int io_index;
4214 uint8_t *ptr;
4215 unsigned long pd;
f1f6e3b8 4216 PhysPageDesc p;
8df1cd07
FB		 4217
4218 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4219 pd = p.phys_offset;
3b46e624 4220
0e0df1e2 4221 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4222 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4223 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4224 io_mem_write(io_index, addr, val, 4);
8df1cd07 4225 } else {
74576198 4226 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4227 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4228 stl_p(ptr, val);
74576198
AL		 4229
4230 if (unlikely(in_migration)) {
4231 if (!cpu_physical_memory_is_dirty(addr1)) {
4232 /* invalidate code */
4233 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4234 /* set dirty bit */
f7c11b53
YT		 4235 cpu_physical_memory_set_dirty_flags(
4236 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4237 }
4238 }
8df1cd07
FB		 4239 }
4240}
4241
c227f099 4242void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4243{
4244 int io_index;
4245 uint8_t *ptr;
4246 unsigned long pd;
f1f6e3b8 4247 PhysPageDesc p;
bc98a7ef
JM		 4248
4249 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4250 pd = p.phys_offset;
3b46e624 4251
0e0df1e2 4252 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4253 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4254 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
bc98a7ef 4255#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4256 io_mem_write(io_index, addr, val >> 32, 4);
4257 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4258#else
acbbec5d
AK		 4259 io_mem_write(io_index, addr, (uint32_t)val, 4);
4260 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4261#endif
4262 } else {
5579c7f3 4263 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4264 (addr & ~TARGET_PAGE_MASK);
4265 stq_p(ptr, val);
4266 }
4267}
4268
8df1cd07 4269/* warning: addr must be aligned */
1e78bcc1
AG		 4270static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4271 enum device_endian endian)
8df1cd07
FB		 4272{
4273 int io_index;
4274 uint8_t *ptr;
4275 unsigned long pd;
f1f6e3b8 4276 PhysPageDesc p;
8df1cd07
FB		 4277
4278 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4279 pd = p.phys_offset;
3b46e624 4280
0e0df1e2 4281 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4282 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4283 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4284#if defined(TARGET_WORDS_BIGENDIAN)
4285 if (endian == DEVICE_LITTLE_ENDIAN) {
4286 val = bswap32(val);
4287 }
4288#else
4289 if (endian == DEVICE_BIG_ENDIAN) {
4290 val = bswap32(val);
4291 }
4292#endif
acbbec5d 4293 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4294 } else {
4295 unsigned long addr1;
4296 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4297 /* RAM case */
5579c7f3 4298 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4299 switch (endian) {
4300 case DEVICE_LITTLE_ENDIAN:
4301 stl_le_p(ptr, val);
4302 break;
4303 case DEVICE_BIG_ENDIAN:
4304 stl_be_p(ptr, val);
4305 break;
4306 default:
4307 stl_p(ptr, val);
4308 break;
4309 }
3a7d929e
FB		 4310 if (!cpu_physical_memory_is_dirty(addr1)) {
4311 /* invalidate code */
4312 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4313 /* set dirty bit */
f7c11b53
YT		 4314 cpu_physical_memory_set_dirty_flags(addr1,
4315 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4316 }
8df1cd07
FB		 4317 }
4318}
4319
1e78bcc1
AG		 4320void stl_phys(target_phys_addr_t addr, uint32_t val)
4321{
4322 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4323}
4324
4325void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4326{
4327 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4328}
4329
4330void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4331{
4332 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4333}
4334
aab33094 4335/* XXX: optimize */
c227f099 4336void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4337{
4338 uint8_t v = val;
4339 cpu_physical_memory_write(addr, &v, 1);
4340}
4341
733f0b02 4342/* warning: addr must be aligned */
1e78bcc1
AG		 4343static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4344 enum device_endian endian)
aab33094 4345{
733f0b02
MT		 4346 int io_index;
4347 uint8_t *ptr;
4348 unsigned long pd;
f1f6e3b8 4349 PhysPageDesc p;
733f0b02
MT		 4350
4351 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4352 pd = p.phys_offset;
733f0b02 4353
0e0df1e2 4354 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4355 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4356 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4357#if defined(TARGET_WORDS_BIGENDIAN)
4358 if (endian == DEVICE_LITTLE_ENDIAN) {
4359 val = bswap16(val);
4360 }
4361#else
4362 if (endian == DEVICE_BIG_ENDIAN) {
4363 val = bswap16(val);
4364 }
4365#endif
acbbec5d 4366 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4367 } else {
4368 unsigned long addr1;
4369 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4370 /* RAM case */
4371 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4372 switch (endian) {
4373 case DEVICE_LITTLE_ENDIAN:
4374 stw_le_p(ptr, val);
4375 break;
4376 case DEVICE_BIG_ENDIAN:
4377 stw_be_p(ptr, val);
4378 break;
4379 default:
4380 stw_p(ptr, val);
4381 break;
4382 }
733f0b02
MT		 4383 if (!cpu_physical_memory_is_dirty(addr1)) {
4384 /* invalidate code */
4385 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4386 /* set dirty bit */
4387 cpu_physical_memory_set_dirty_flags(addr1,
4388 (0xff & ~CODE_DIRTY_FLAG));
4389 }
4390 }
aab33094
FB		 4391}
4392
1e78bcc1
AG		 4393void stw_phys(target_phys_addr_t addr, uint32_t val)
4394{
4395 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4396}
4397
4398void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4399{
4400 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4401}
4402
4403void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4404{
4405 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4406}
4407
aab33094 4408/* XXX: optimize */
c227f099 4409void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4410{
4411 val = tswap64(val);
71d2b725 4412 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4413}
4414
1e78bcc1
AG		 4415void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4416{
4417 val = cpu_to_le64(val);
4418 cpu_physical_memory_write(addr, &val, 8);
4419}
4420
4421void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4422{
4423 val = cpu_to_be64(val);
4424 cpu_physical_memory_write(addr, &val, 8);
4425}
4426
5e2972fd 4427/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4428int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4429 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4430{
4431 int l;
c227f099 4432 target_phys_addr_t phys_addr;
9b3c35e0 4433 target_ulong page;
13eb76e0
FB		 4434
4435 while (len > 0) {
4436 page = addr & TARGET_PAGE_MASK;
4437 phys_addr = cpu_get_phys_page_debug(env, page);
4438 /* if no physical page mapped, return an error */
4439 if (phys_addr == -1)
4440 return -1;
4441 l = (page + TARGET_PAGE_SIZE) - addr;
4442 if (l > len)
4443 l = len;
5e2972fd 4444 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4445 if (is_write)
4446 cpu_physical_memory_write_rom(phys_addr, buf, l);
4447 else
5e2972fd 4448 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4449 len -= l;
4450 buf += l;
4451 addr += l;
4452 }
4453 return 0;
4454}
a68fe89c 4455#endif
13eb76e0 4456
2e70f6ef
PB		 4457/* in deterministic execution mode, instructions doing device I/Os
4458 must be at the end of the TB */
4459void cpu_io_recompile(CPUState *env, void *retaddr)
4460{
4461 TranslationBlock *tb;
4462 uint32_t n, cflags;
4463 target_ulong pc, cs_base;
4464 uint64_t flags;
4465
4466 tb = tb_find_pc((unsigned long)retaddr);
4467 if (!tb) {
4468 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4469 retaddr);
4470 }
4471 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4472 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4473 /* Calculate how many instructions had been executed before the fault
bf20dc07 4474 occurred. */
2e70f6ef
PB		 4475 n = n - env->icount_decr.u16.low;
4476 /* Generate a new TB ending on the I/O insn. */
4477 n++;
4478 /* On MIPS and SH, delay slot instructions can only be restarted if
4479 they were already the first instruction in the TB. If this is not
bf20dc07 4480 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4481 branch. */
4482#if defined(TARGET_MIPS)
4483 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4484 env->active_tc.PC -= 4;
4485 env->icount_decr.u16.low++;
4486 env->hflags &= ~MIPS_HFLAG_BMASK;
4487 }
4488#elif defined(TARGET_SH4)
4489 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4490 && n > 1) {
4491 env->pc -= 2;
4492 env->icount_decr.u16.low++;
4493 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4494 }
4495#endif
4496 /* This should never happen. */
4497 if (n > CF_COUNT_MASK)
4498 cpu_abort(env, "TB too big during recompile");
4499
4500 cflags = n | CF_LAST_IO;
4501 pc = tb->pc;
4502 cs_base = tb->cs_base;
4503 flags = tb->flags;
4504 tb_phys_invalidate(tb, -1);
4505 /* FIXME: In theory this could raise an exception. In practice
4506 we have already translated the block once so it's probably ok. */
4507 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4508 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4509 the first in the TB) then we end up generating a whole new TB and
4510 repeating the fault, which is horribly inefficient.
4511 Better would be to execute just this insn uncached, or generate a
4512 second new TB. */
4513 cpu_resume_from_signal(env, NULL);
4514}
4515
b3755a91
PB		 4516#if !defined(CONFIG_USER_ONLY)
4517
055403b2 4518void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4519{
4520 int i, target_code_size, max_target_code_size;
4521 int direct_jmp_count, direct_jmp2_count, cross_page;
4522 TranslationBlock *tb;
3b46e624 4523
e3db7226
FB		 4524 target_code_size = 0;
4525 max_target_code_size = 0;
4526 cross_page = 0;
4527 direct_jmp_count = 0;
4528 direct_jmp2_count = 0;
4529 for(i = 0; i < nb_tbs; i++) {
4530 tb = &tbs[i];
4531 target_code_size += tb->size;
4532 if (tb->size > max_target_code_size)
4533 max_target_code_size = tb->size;
4534 if (tb->page_addr[1] != -1)
4535 cross_page++;
4536 if (tb->tb_next_offset[0] != 0xffff) {
4537 direct_jmp_count++;
4538 if (tb->tb_next_offset[1] != 0xffff) {
4539 direct_jmp2_count++;
4540 }
4541 }
4542 }
4543 /* XXX: avoid using doubles ? */
57fec1fe 4544 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4545 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4546 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4547 cpu_fprintf(f, "TB count %d/%d\n",
4548 nb_tbs, code_gen_max_blocks);
5fafdf24 4549 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4550 nb_tbs ? target_code_size / nb_tbs : 0,
4551 max_target_code_size);
055403b2 4552 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4553 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4554 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4555 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4556 cross_page,
e3db7226
FB		 4557 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4558 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4559 direct_jmp_count,
e3db7226
FB		 4560 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4561 direct_jmp2_count,
4562 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4563 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4564 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4565 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4566 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4567 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4568}
4569
d39e8222
AK		 4570/* NOTE: this function can trigger an exception */
4571/* NOTE2: the returned address is not exactly the physical address: it
4572 is the offset relative to phys_ram_base */
4573tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4574{
4575 int mmu_idx, page_index, pd;
4576 void *p;
4577
4578 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4579 mmu_idx = cpu_mmu_index(env1);
4580 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4581 (addr & TARGET_PAGE_MASK))) {
4582 ldub_code(addr);
4583 }
4584 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4585 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
75c578dc 4586 && !is_romd(pd)) {
d39e8222
AK		 4587#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4588 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4589#else
4590 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4591#endif
4592 }
4593 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4594 return qemu_ram_addr_from_host_nofail(p);
4595}
4596
82afa586
BH		 4597/*
4598 * A helper function for the _utterly broken_ virtio device model to find out if
4599 * it's running on a big endian machine. Don't do this at home kids!
4600 */
4601bool virtio_is_big_endian(void);
4602bool virtio_is_big_endian(void)
4603{
4604#if defined(TARGET_WORDS_BIGENDIAN)
4605 return true;
4606#else
4607 return false;
4608#endif
4609}
4610
61382a50 4611#define MMUSUFFIX _cmmu
3917149d 4612#undef GETPC
61382a50
FB		 4613#define GETPC() NULL
4614#define env cpu_single_env
b769d8fe 4615#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4616
4617#define SHIFT 0
4618#include "softmmu_template.h"
4619
4620#define SHIFT 1
4621#include "softmmu_template.h"
4622
4623#define SHIFT 2
4624#include "softmmu_template.h"
4625
4626#define SHIFT 3
4627#include "softmmu_template.h"
4628
4629#undef env
4630
4631#endif
Mirror of https://git.qemu.org/git/qemu.git