]> git.ipfire.org Git - thirdparty/qemu.git/blame - exec.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
megasas: Use qemu_hw_version() instead of QEMU_VERSION
[thirdparty/qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
0cac1b66 53
022c62cb 54#include "exec/memory-internal.h"
220c3ebd 55#include "exec/ram_addr.h"
67d95c15 56
b35ba30f 57#include "qemu/range.h"
794e8f30
MT		 58#ifndef _WIN32
59#include "qemu/mmap-alloc.h"
60#endif
b35ba30f 61
db7b5426 62//#define DEBUG_SUBPAGE
1196be37 63
e2eef170 64#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 65/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
0d53d9fe 68RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 69
70static MemoryRegion *system_memory;
309cb471 71static MemoryRegion *system_io;
62152b8a 72
f6790af6
AK		 73AddressSpace address_space_io;
74AddressSpace address_space_memory;
2673a5da 75
0844e007 76MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 77static MemoryRegion io_mem_unassigned;
0e0df1e2 78
7bd4f430
PB		 79/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80#define RAM_PREALLOC (1 << 0)
81
dbcb8981
PB		 82/* RAM is mmap-ed with MAP_SHARED */
83#define RAM_SHARED (1 << 1)
84
62be4e3a
MT		 85/* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88#define RAM_RESIZEABLE (1 << 2)
89
794e8f30 90/* RAM is backed by an mmapped file.
8561c924 91 */
794e8f30 92#define RAM_FILE (1 << 3)
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
1db8abb1
PB		 141 /* This is a multi-level map on the physical address space.
142 * The bottom level has pointers to MemoryRegionSections.
143 */
144 PhysPageEntry phys_map;
53cb28cb 145 PhysPageMap map;
acc9d80b 146 AddressSpace *as;
1db8abb1
PB		 147};
148
90260c6c
JK		 149#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
150typedef struct subpage_t {
151 MemoryRegion iomem;
acc9d80b 152 AddressSpace *as;
90260c6c
JK		 153 hwaddr base;
154 uint16_t sub_section[TARGET_PAGE_SIZE];
155} subpage_t;
156
b41aac4f
LPF		 157#define PHYS_SECTION_UNASSIGNED 0
158#define PHYS_SECTION_NOTDIRTY 1
159#define PHYS_SECTION_ROM 2
160#define PHYS_SECTION_WATCH 3
5312bd8b 161
e2eef170 162static void io_mem_init(void);
62152b8a 163static void memory_map_init(void);
09daed84 164static void tcg_commit(MemoryListener *listener);
e2eef170 165
1ec9b909 166static MemoryRegion io_mem_watch;
32857f4d
PM		 167
168/**
169 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
170 * @cpu: the CPU whose AddressSpace this is
171 * @as: the AddressSpace itself
172 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
173 * @tcg_as_listener: listener for tracking changes to the AddressSpace
174 */
175struct CPUAddressSpace {
176 CPUState *cpu;
177 AddressSpace *as;
178 struct AddressSpaceDispatch *memory_dispatch;
179 MemoryListener tcg_as_listener;
180};
181
6658ffb8 182#endif
fd6ce8f6 183
6d9a1304 184#if !defined(CONFIG_USER_ONLY)
d6f2ea22 185
53cb28cb 186static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 187{
53cb28cb
MA		 188 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
189 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
191 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 192 }
f7bf5461
AK		 193}
194
db94604b 195static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 196{
197 unsigned i;
8b795765 198 uint32_t ret;
db94604b
PB		 199 PhysPageEntry e;
200 PhysPageEntry *p;
f7bf5461 201
53cb28cb 202 ret = map->nodes_nb++;
db94604b 203 p = map->nodes[ret];
f7bf5461 204 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 205 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 206
207 e.skip = leaf ? 0 : 1;
208 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 209 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 210 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 211 }
f7bf5461 212 return ret;
d6f2ea22
AK		 213}
214
53cb28cb
MA		 215static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
216 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 217 int level)
f7bf5461
AK		 218{
219 PhysPageEntry *p;
03f49957 220 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 221
9736e55b 222 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 223 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 224 }
db94604b 225 p = map->nodes[lp->ptr];
03f49957 226 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 227
03f49957 228 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 229 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 230 lp->skip = 0;
c19e8800 231 lp->ptr = leaf;
07f07b31
AK		 232 *index += step;
233 *nb -= step;
2999097b 234 } else {
53cb28cb 235 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 236 }
237 ++lp;
f7bf5461
AK		 238 }
239}
240
ac1970fb 241static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 242 hwaddr index, hwaddr nb,
2999097b 243 uint16_t leaf)
f7bf5461 244{
2999097b 245 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 246 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 247
53cb28cb 248 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 249}
250
b35ba30f
MT		 251/* Compact a non leaf page entry. Simply detect that the entry has a single child,
252 * and update our entry so we can skip it and go directly to the destination.
253 */
254static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
255{
256 unsigned valid_ptr = P_L2_SIZE;
257 int valid = 0;
258 PhysPageEntry *p;
259 int i;
260
261 if (lp->ptr == PHYS_MAP_NODE_NIL) {
262 return;
263 }
264
265 p = nodes[lp->ptr];
266 for (i = 0; i < P_L2_SIZE; i++) {
267 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
268 continue;
269 }
270
271 valid_ptr = i;
272 valid++;
273 if (p[i].skip) {
274 phys_page_compact(&p[i], nodes, compacted);
275 }
276 }
277
278 /* We can only compress if there's only one child. */
279 if (valid != 1) {
280 return;
281 }
282
283 assert(valid_ptr < P_L2_SIZE);
284
285 /* Don't compress if it won't fit in the # of bits we have. */
286 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
287 return;
288 }
289
290 lp->ptr = p[valid_ptr].ptr;
291 if (!p[valid_ptr].skip) {
292 /* If our only child is a leaf, make this a leaf. */
293 /* By design, we should have made this node a leaf to begin with so we
294 * should never reach here.
295 * But since it's so simple to handle this, let's do it just in case we
296 * change this rule.
297 */
298 lp->skip = 0;
299 } else {
300 lp->skip += p[valid_ptr].skip;
301 }
302}
303
304static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
305{
306 DECLARE_BITMAP(compacted, nodes_nb);
307
308 if (d->phys_map.skip) {
53cb28cb 309 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 310 }
311}
312
97115a8d 313static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 314 Node *nodes, MemoryRegionSection *sections)
92e873b9 315{
31ab2b4a 316 PhysPageEntry *p;
97115a8d 317 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 318 int i;
f1f6e3b8 319
9736e55b 320 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 321 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 322 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 323 }
9affd6fc 324 p = nodes[lp.ptr];
03f49957 325 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 326 }
b35ba30f
MT		 327
328 if (sections[lp.ptr].size.hi ||
329 range_covers_byte(sections[lp.ptr].offset_within_address_space,
330 sections[lp.ptr].size.lo, addr)) {
331 return &sections[lp.ptr];
332 } else {
333 return &sections[PHYS_SECTION_UNASSIGNED];
334 }
f3705d53
AK		 335}
336
e5548617
BS		 337bool memory_region_is_unassigned(MemoryRegion *mr)
338{
2a8e7499 339 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 340 && mr != &io_mem_watch;
fd6ce8f6 341}
149f54b5 342
79e2b9ae 343/* Called from RCU critical section */
c7086b4a 344static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 345 hwaddr addr,
346 bool resolve_subpage)
9f029603 347{
90260c6c
JK		 348 MemoryRegionSection *section;
349 subpage_t *subpage;
350
53cb28cb 351 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 352 if (resolve_subpage && section->mr->subpage) {
353 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 354 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 355 }
356 return section;
9f029603
JK		 357}
358
79e2b9ae 359/* Called from RCU critical section */
90260c6c 360static MemoryRegionSection *
c7086b4a 361address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 362 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 363{
364 MemoryRegionSection *section;
965eb2fc 365 MemoryRegion *mr;
a87f3954 366 Int128 diff;
149f54b5 367
c7086b4a 368 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 369 /* Compute offset within MemoryRegionSection */
370 addr -= section->offset_within_address_space;
371
372 /* Compute offset within MemoryRegion */
373 *xlat = addr + section->offset_within_region;
374
965eb2fc 375 mr = section->mr;
b242e0e0
PB		 376
377 /* MMIO registers can be expected to perform full-width accesses based only
378 * on their address, without considering adjacent registers that could
379 * decode to completely different MemoryRegions. When such registers
380 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
381 * regions overlap wildly. For this reason we cannot clamp the accesses
382 * here.
383 *
384 * If the length is small (as is the case for address_space_ldl/stl),
385 * everything works fine. If the incoming length is large, however,
386 * the caller really has to do the clamping through memory_access_size.
387 */
965eb2fc 388 if (memory_region_is_ram(mr)) {
e4a511f8 389 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 390 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
391 }
149f54b5
PB		 392 return section;
393}
90260c6c 394
a87f3954
PB		 395static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
396{
397 if (memory_region_is_ram(mr)) {
398 return !(is_write && mr->readonly);
399 }
400 if (memory_region_is_romd(mr)) {
401 return !is_write;
402 }
403
404 return false;
405}
406
41063e1e 407/* Called from RCU critical section */
5c8a00ce
PB		 408MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
409 hwaddr *xlat, hwaddr *plen,
410 bool is_write)
90260c6c 411{
30951157
AK		 412 IOMMUTLBEntry iotlb;
413 MemoryRegionSection *section;
414 MemoryRegion *mr;
30951157
AK		 415
416 for (;;) {
79e2b9ae
PB		 417 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
418 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 419 mr = section->mr;
420
421 if (!mr->iommu_ops) {
422 break;
423 }
424
8d7b8cb9 425 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 426 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
427 | (addr & iotlb.addr_mask));
23820dbf 428 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 429 if (!(iotlb.perm & (1 << is_write))) {
430 mr = &io_mem_unassigned;
431 break;
432 }
433
434 as = iotlb.target_as;
435 }
436
fe680d0d 437 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 438 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 439 *plen = MIN(page, *plen);
a87f3954
PB		 440 }
441
30951157
AK		 442 *xlat = addr;
443 return mr;
90260c6c
JK		 444}
445
79e2b9ae 446/* Called from RCU critical section */
90260c6c 447MemoryRegionSection *
9d82b5a7
PB		 448address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
449 hwaddr *xlat, hwaddr *plen)
90260c6c 450{
30951157 451 MemoryRegionSection *section;
32857f4d 452 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 453 addr, xlat, plen, false);
30951157
AK		 454
455 assert(!section->mr->iommu_ops);
456 return section;
90260c6c 457}
5b6dd868 458#endif
fd6ce8f6 459
b170fce3 460#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 461
462static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 463{
259186a7 464 CPUState *cpu = opaque;
a513fe19 465
5b6dd868
BS		 466 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
467 version_id is increased. */
259186a7 468 cpu->interrupt_request &= ~0x01;
c01a71c1 469 tlb_flush(cpu, 1);
5b6dd868
BS		 470
471 return 0;
a513fe19 472}
7501267e 473
6c3bff0e
PD		 474static int cpu_common_pre_load(void *opaque)
475{
476 CPUState *cpu = opaque;
477
adee6424 478 cpu->exception_index = -1;
6c3bff0e
PD		 479
480 return 0;
481}
482
483static bool cpu_common_exception_index_needed(void *opaque)
484{
485 CPUState *cpu = opaque;
486
adee6424 487 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 488}
489
490static const VMStateDescription vmstate_cpu_common_exception_index = {
491 .name = "cpu_common/exception_index",
492 .version_id = 1,
493 .minimum_version_id = 1,
5cd8cada 494 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 495 .fields = (VMStateField[]) {
496 VMSTATE_INT32(exception_index, CPUState),
497 VMSTATE_END_OF_LIST()
498 }
499};
500
bac05aa9
AS		 501static bool cpu_common_crash_occurred_needed(void *opaque)
502{
503 CPUState *cpu = opaque;
504
505 return cpu->crash_occurred;
506}
507
508static const VMStateDescription vmstate_cpu_common_crash_occurred = {
509 .name = "cpu_common/crash_occurred",
510 .version_id = 1,
511 .minimum_version_id = 1,
512 .needed = cpu_common_crash_occurred_needed,
513 .fields = (VMStateField[]) {
514 VMSTATE_BOOL(crash_occurred, CPUState),
515 VMSTATE_END_OF_LIST()
516 }
517};
518
1a1562f5 519const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 520 .name = "cpu_common",
521 .version_id = 1,
522 .minimum_version_id = 1,
6c3bff0e 523 .pre_load = cpu_common_pre_load,
5b6dd868 524 .post_load = cpu_common_post_load,
35d08458 525 .fields = (VMStateField[]) {
259186a7
AF		 526 VMSTATE_UINT32(halted, CPUState),
527 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 528 VMSTATE_END_OF_LIST()
6c3bff0e 529 },
5cd8cada
JQ		 530 .subsections = (const VMStateDescription*[]) {
531 &vmstate_cpu_common_exception_index,
bac05aa9 532 &vmstate_cpu_common_crash_occurred,
5cd8cada 533 NULL
5b6dd868
BS		 534 }
535};
1a1562f5 536
5b6dd868 537#endif
ea041c0e 538
38d8f5c8 539CPUState *qemu_get_cpu(int index)
ea041c0e 540{
bdc44640 541 CPUState *cpu;
ea041c0e 542
bdc44640 543 CPU_FOREACH(cpu) {
55e5c285 544 if (cpu->cpu_index == index) {
bdc44640 545 return cpu;
55e5c285 546 }
ea041c0e 547 }
5b6dd868 548
bdc44640 549 return NULL;
ea041c0e
FB		 550}
551
09daed84
EI		 552#if !defined(CONFIG_USER_ONLY)
553void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
554{
555 /* We only support one address space per cpu at the moment. */
556 assert(cpu->as == as);
557
32857f4d
PM		 558 if (cpu->cpu_ases) {
559 /* We've already registered the listener for our only AS */
560 return;
09daed84 561 }
32857f4d
PM		 562
563 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
564 cpu->cpu_ases[0].cpu = cpu;
565 cpu->cpu_ases[0].as = as;
566 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
567 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 568}
569#endif
570
b7bca733
BR		 571#ifndef CONFIG_USER_ONLY
572static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
573
574static int cpu_get_free_index(Error **errp)
575{
576 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
577
578 if (cpu >= MAX_CPUMASK_BITS) {
579 error_setg(errp, "Trying to use more CPUs than max of %d",
580 MAX_CPUMASK_BITS);
581 return -1;
582 }
583
584 bitmap_set(cpu_index_map, cpu, 1);
585 return cpu;
586}
587
588void cpu_exec_exit(CPUState *cpu)
589{
590 if (cpu->cpu_index == -1) {
591 /* cpu_index was never allocated by this @cpu or was already freed. */
592 return;
593 }
594
595 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
596 cpu->cpu_index = -1;
597}
598#else
599
600static int cpu_get_free_index(Error **errp)
601{
602 CPUState *some_cpu;
603 int cpu_index = 0;
604
605 CPU_FOREACH(some_cpu) {
606 cpu_index++;
607 }
608 return cpu_index;
609}
610
611void cpu_exec_exit(CPUState *cpu)
612{
613}
614#endif
615
4bad9e39 616void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 617{
b170fce3 618 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 619 int cpu_index;
b7bca733 620 Error *local_err = NULL;
5b6dd868 621
291135b5
EH		 622#ifndef CONFIG_USER_ONLY
623 cpu->as = &address_space_memory;
624 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 625#endif
626
5b6dd868
BS		 627#if defined(CONFIG_USER_ONLY)
628 cpu_list_lock();
629#endif
b7bca733
BR		 630 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
631 if (local_err) {
632 error_propagate(errp, local_err);
633#if defined(CONFIG_USER_ONLY)
634 cpu_list_unlock();
635#endif
636 return;
5b6dd868 637 }
bdc44640 638 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 639#if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641#endif
e0d47944
AF		 642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
644 }
5b6dd868 645#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 647 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 648 assert(cc->vmsd == NULL);
e0d47944 649 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 650#endif
b170fce3
AF		 651 if (cc->vmsd != NULL) {
652 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
653 }
ea041c0e
FB		 654}
655
94df27fd 656#if defined(CONFIG_USER_ONLY)
00b941e5 657static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 658{
659 tb_invalidate_phys_page_range(pc, pc + 1, 0);
660}
661#else
00b941e5 662static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 663{
e8262a1b
MF		 664 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
665 if (phys != -1) {
09daed84 666 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 667 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 668 }
1e7855a5 669}
c27004ec 670#endif
d720b93d 671
c527ee8f 672#if defined(CONFIG_USER_ONLY)
75a34036 673void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 674
675{
676}
677
3ee887e8
PM		 678int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
679 int flags)
680{
681 return -ENOSYS;
682}
683
684void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
685{
686}
687
75a34036 688int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 689 int flags, CPUWatchpoint **watchpoint)
690{
691 return -ENOSYS;
692}
693#else
6658ffb8 694/* Add a watchpoint. */
75a34036 695int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 696 int flags, CPUWatchpoint **watchpoint)
6658ffb8 697{
c0ce998e 698 CPUWatchpoint *wp;
6658ffb8 699
05068c0d 700 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 701 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 702 error_report("tried to set invalid watchpoint at %"
703 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 704 return -EINVAL;
705 }
7267c094 706 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 707
708 wp->vaddr = addr;
05068c0d 709 wp->len = len;
a1d1bb31
AL		 710 wp->flags = flags;
711
2dc9f411 712 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 713 if (flags & BP_GDB) {
714 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
715 } else {
716 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
717 }
6658ffb8 718
31b030d4 719 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 720
721 if (watchpoint)
722 *watchpoint = wp;
723 return 0;
6658ffb8
PB		 724}
725
a1d1bb31 726/* Remove a specific watchpoint. */
75a34036 727int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 728 int flags)
6658ffb8 729{
a1d1bb31 730 CPUWatchpoint *wp;
6658ffb8 731
ff4700b0 732 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 733 if (addr == wp->vaddr && len == wp->len
6e140f28 734 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 735 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 736 return 0;
737 }
738 }
a1d1bb31 739 return -ENOENT;
6658ffb8
PB		 740}
741
a1d1bb31 742/* Remove a specific watchpoint by reference. */
75a34036 743void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 744{
ff4700b0 745 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 746
31b030d4 747 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 748
7267c094 749 g_free(watchpoint);
a1d1bb31
AL		 750}
751
752/* Remove all matching watchpoints. */
75a34036 753void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 754{
c0ce998e 755 CPUWatchpoint *wp, *next;
a1d1bb31 756
ff4700b0 757 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 758 if (wp->flags & mask) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
760 }
c0ce998e 761 }
7d03f82f 762}
05068c0d
PM		 763
764/* Return true if this watchpoint address matches the specified
765 * access (ie the address range covered by the watchpoint overlaps
766 * partially or completely with the address range covered by the
767 * access).
768 */
769static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
770 vaddr addr,
771 vaddr len)
772{
773 /* We know the lengths are non-zero, but a little caution is
774 * required to avoid errors in the case where the range ends
775 * exactly at the top of the address space and so addr + len
776 * wraps round to zero.
777 */
778 vaddr wpend = wp->vaddr + wp->len - 1;
779 vaddr addrend = addr + len - 1;
780
781 return !(addr > wpend || wp->vaddr > addrend);
782}
783
c527ee8f 784#endif
7d03f82f 785
a1d1bb31 786/* Add a breakpoint. */
b3310ab3 787int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 788 CPUBreakpoint **breakpoint)
4c3a88a2 789{
c0ce998e 790 CPUBreakpoint *bp;
3b46e624 791
7267c094 792 bp = g_malloc(sizeof(*bp));
4c3a88a2 793
a1d1bb31
AL		 794 bp->pc = pc;
795 bp->flags = flags;
796
2dc9f411 797 /* keep all GDB-injected breakpoints in front */
00b941e5 798 if (flags & BP_GDB) {
f0c3c505 799 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 800 } else {
f0c3c505 801 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 802 }
3b46e624 803
f0c3c505 804 breakpoint_invalidate(cpu, pc);
a1d1bb31 805
00b941e5 806 if (breakpoint) {
a1d1bb31 807 *breakpoint = bp;
00b941e5 808 }
4c3a88a2 809 return 0;
4c3a88a2
FB		 810}
811
a1d1bb31 812/* Remove a specific breakpoint. */
b3310ab3 813int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 814{
a1d1bb31
AL		 815 CPUBreakpoint *bp;
816
f0c3c505 817 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 818 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 819 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 820 return 0;
821 }
7d03f82f 822 }
a1d1bb31 823 return -ENOENT;
7d03f82f
EI		 824}
825
a1d1bb31 826/* Remove a specific breakpoint by reference. */
b3310ab3 827void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 828{
f0c3c505
AF		 829 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
830
831 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 832
7267c094 833 g_free(breakpoint);
a1d1bb31
AL		 834}
835
836/* Remove all matching breakpoints. */
b3310ab3 837void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 838{
c0ce998e 839 CPUBreakpoint *bp, *next;
a1d1bb31 840
f0c3c505 841 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 842 if (bp->flags & mask) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
844 }
c0ce998e 845 }
4c3a88a2
FB		 846}
847
c33a346e
FB		 848/* enable or disable single step mode. EXCP_DEBUG is returned by the
849 CPU loop after each instruction */
3825b28f 850void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 851{
ed2803da
AF		 852 if (cpu->singlestep_enabled != enabled) {
853 cpu->singlestep_enabled = enabled;
854 if (kvm_enabled()) {
38e478ec 855 kvm_update_guest_debug(cpu, 0);
ed2803da 856 } else {
ccbb4d44 857 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 858 /* XXX: only flush what is necessary */
bbd77c18 859 tb_flush(cpu);
e22a25c9 860 }
c33a346e 861 }
c33a346e
FB		 862}
863
a47dddd7 864void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 865{
866 va_list ap;
493ae1f0 867 va_list ap2;
7501267e
FB		 868
869 va_start(ap, fmt);
493ae1f0 870 va_copy(ap2, ap);
7501267e
FB		 871 fprintf(stderr, "qemu: fatal: ");
872 vfprintf(stderr, fmt, ap);
873 fprintf(stderr, "\n");
878096ee 874 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 875 if (qemu_log_enabled()) {
876 qemu_log("qemu: fatal: ");
877 qemu_log_vprintf(fmt, ap2);
878 qemu_log("\n");
a0762859 879 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 880 qemu_log_flush();
93fcfe39 881 qemu_log_close();
924edcae 882 }
493ae1f0 883 va_end(ap2);
f9373291 884 va_end(ap);
fd052bf6
RV		 885#if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892#endif
7501267e
FB		 893 abort();
894}
895
0124311e 896#if !defined(CONFIG_USER_ONLY)
0dc3f44a 897/* Called from RCU critical section */
041603fe
PB		 898static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899{
900 RAMBlock *block;
901
43771539 902 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 903 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 904 goto found;
905 }
0dc3f44a 906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 907 if (addr - block->offset < block->max_length) {
041603fe
PB		 908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915found:
43771539
PB		 916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
041603fe
PB		 932 ram_list.mru_block = block;
933 return block;
934}
935
a2f4d5be 936static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 937{
9a13565d 938 CPUState *cpu;
041603fe 939 ram_addr_t start1;
a2f4d5be
JQ		 940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
d24981d3 945
0dc3f44a 946 rcu_read_lock();
041603fe
PB		 947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
1240be24 949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
0dc3f44a 953 rcu_read_unlock();
d24981d3
JQ		 954}
955
5579c7f3 956/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 957bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
1ccde1cb 960{
03eebc9e
SH		 961 unsigned long end, page;
962 bool dirty;
963
964 if (length == 0) {
965 return false;
966 }
f23db169 967
03eebc9e
SH		 968 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
969 page = start >> TARGET_PAGE_BITS;
970 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
971 page, end - page);
972
973 if (dirty && tcg_enabled()) {
a2f4d5be 974 tlb_reset_dirty_range_all(start, length);
5579c7f3 975 }
03eebc9e
SH		 976
977 return dirty;
1ccde1cb
FB		 978}
979
79e2b9ae 980/* Called from RCU critical section */
bb0e627a 981hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 982 MemoryRegionSection *section,
983 target_ulong vaddr,
984 hwaddr paddr, hwaddr xlat,
985 int prot,
986 target_ulong *address)
e5548617 987{
a8170e5e 988 hwaddr iotlb;
e5548617
BS		 989 CPUWatchpoint *wp;
990
cc5bea60 991 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 992 /* Normal RAM. */
993 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 994 + xlat;
e5548617 995 if (!section->readonly) {
b41aac4f 996 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 997 } else {
b41aac4f 998 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 999 }
1000 } else {
0b8e2c10
PM		 1001 AddressSpaceDispatch *d;
1002
1003 d = atomic_rcu_read(&section->address_space->dispatch);
1004 iotlb = section - d->map.sections;
149f54b5 1005 iotlb += xlat;
e5548617
BS		 1006 }
1007
1008 /* Make accesses to pages with watchpoints go via the
1009 watchpoint trap routines. */
ff4700b0 1010 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1011 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1012 /* Avoid trapping reads of pages with a write breakpoint. */
1013 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1014 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1015 *address |= TLB_MMIO;
1016 break;
1017 }
1018 }
1019 }
1020
1021 return iotlb;
1022}
9fa3e853
FB		 1023#endif /* defined(CONFIG_USER_ONLY) */
1024
e2eef170 1025#if !defined(CONFIG_USER_ONLY)
8da3ff18 1026
c227f099 1027static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1028 uint16_t section);
acc9d80b 1029static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1030
a2b257d6
IM		 1031static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1032 qemu_anon_ram_alloc;
91138037
MA		 1033
1034/*
1035 * Set a custom physical guest memory alloator.
1036 * Accelerators with unusual needs may need this. Hopefully, we can
1037 * get rid of it eventually.
1038 */
a2b257d6 1039void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1040{
1041 phys_mem_alloc = alloc;
1042}
1043
53cb28cb
MA		 1044static uint16_t phys_section_add(PhysPageMap *map,
1045 MemoryRegionSection *section)
5312bd8b 1046{
68f3f65b
PB		 1047 /* The physical section number is ORed with a page-aligned
1048 * pointer to produce the iotlb entries. Thus it should
1049 * never overflow into the page-aligned value.
1050 */
53cb28cb 1051 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1052
53cb28cb
MA		 1053 if (map->sections_nb == map->sections_nb_alloc) {
1054 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1055 map->sections = g_renew(MemoryRegionSection, map->sections,
1056 map->sections_nb_alloc);
5312bd8b 1057 }
53cb28cb 1058 map->sections[map->sections_nb] = *section;
dfde4e6e 1059 memory_region_ref(section->mr);
53cb28cb 1060 return map->sections_nb++;
5312bd8b
AK		 1061}
1062
058bc4b5
PB		 1063static void phys_section_destroy(MemoryRegion *mr)
1064{
dfde4e6e
PB		 1065 memory_region_unref(mr);
1066
058bc4b5
PB		 1067 if (mr->subpage) {
1068 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1069 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1070 g_free(subpage);
1071 }
1072}
1073
6092666e 1074static void phys_sections_free(PhysPageMap *map)
5312bd8b 1075{
9affd6fc
PB		 1076 while (map->sections_nb > 0) {
1077 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1078 phys_section_destroy(section->mr);
1079 }
9affd6fc
PB		 1080 g_free(map->sections);
1081 g_free(map->nodes);
5312bd8b
AK		 1082}
1083
ac1970fb 1084static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1085{
1086 subpage_t *subpage;
a8170e5e 1087 hwaddr base = section->offset_within_address_space
0f0cb164 1088 & TARGET_PAGE_MASK;
97115a8d 1089 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1090 d->map.nodes, d->map.sections);
0f0cb164
AK		 1091 MemoryRegionSection subsection = {
1092 .offset_within_address_space = base,
052e87b0 1093 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1094 };
a8170e5e 1095 hwaddr start, end;
0f0cb164 1096
f3705d53 1097 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1098
f3705d53 1099 if (!(existing->mr->subpage)) {
acc9d80b 1100 subpage = subpage_init(d->as, base);
3be91e86 1101 subsection.address_space = d->as;
0f0cb164 1102 subsection.mr = &subpage->iomem;
ac1970fb 1103 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1104 phys_section_add(&d->map, &subsection));
0f0cb164 1105 } else {
f3705d53 1106 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1107 }
1108 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1109 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1110 subpage_register(subpage, start, end,
1111 phys_section_add(&d->map, section));
0f0cb164
AK		 1112}
1113
1114
052e87b0
PB		 1115static void register_multipage(AddressSpaceDispatch *d,
1116 MemoryRegionSection *section)
33417e70 1117{
a8170e5e 1118 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1119 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1120 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1121 TARGET_PAGE_BITS));
dd81124b 1122
733d5ef5
PB		 1123 assert(num_pages);
1124 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1125}
1126
ac1970fb 1127static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1128{
89ae337a 1129 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1130 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1131 MemoryRegionSection now = *section, remain = *section;
052e87b0 1132 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1133
733d5ef5
PB		 1134 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1135 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1136 - now.offset_within_address_space;
1137
052e87b0 1138 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1139 register_subpage(d, &now);
733d5ef5 1140 } else {
052e87b0 1141 now.size = int128_zero();
733d5ef5 1142 }
052e87b0
PB		 1143 while (int128_ne(remain.size, now.size)) {
1144 remain.size = int128_sub(remain.size, now.size);
1145 remain.offset_within_address_space += int128_get64(now.size);
1146 remain.offset_within_region += int128_get64(now.size);
69b67646 1147 now = remain;
052e87b0 1148 if (int128_lt(remain.size, page_size)) {
733d5ef5 1149 register_subpage(d, &now);
88266249 1150 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1151 now.size = page_size;
ac1970fb 1152 register_subpage(d, &now);
69b67646 1153 } else {
052e87b0 1154 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1155 register_multipage(d, &now);
69b67646 1156 }
0f0cb164
AK		 1157 }
1158}
1159
62a2744c
SY		 1160void qemu_flush_coalesced_mmio_buffer(void)
1161{
1162 if (kvm_enabled())
1163 kvm_flush_coalesced_mmio_buffer();
1164}
1165
b2a8658e
UD		 1166void qemu_mutex_lock_ramlist(void)
1167{
1168 qemu_mutex_lock(&ram_list.mutex);
1169}
1170
1171void qemu_mutex_unlock_ramlist(void)
1172{
1173 qemu_mutex_unlock(&ram_list.mutex);
1174}
1175
e1e84ba0 1176#ifdef __linux__
c902760f
MT		 1177
1178#include <sys/vfs.h>
1179
1180#define HUGETLBFS_MAGIC 0x958458f6
1181
fc7a5800 1182static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1183{
1184 struct statfs fs;
1185 int ret;
1186
1187 do {
9742bf26 1188 ret = statfs(path, &fs);
c902760f
MT		 1189 } while (ret != 0 && errno == EINTR);
1190
1191 if (ret != 0) {
fc7a5800
HT		 1192 error_setg_errno(errp, errno, "failed to get page size of file %s",
1193 path);
9742bf26 1194 return 0;
c902760f
MT		 1195 }
1196
1197 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1198 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1199
1200 return fs.f_bsize;
1201}
1202
04b16653
AW		 1203static void *file_ram_alloc(RAMBlock *block,
1204 ram_addr_t memory,
7f56e740
PB		 1205 const char *path,
1206 Error **errp)
c902760f
MT		 1207{
1208 char *filename;
8ca761f6
PF		 1209 char *sanitized_name;
1210 char *c;
794e8f30 1211 void *area;
c902760f 1212 int fd;
557529dd 1213 uint64_t hpagesize;
fc7a5800 1214 Error *local_err = NULL;
c902760f 1215
fc7a5800
HT		 1216 hpagesize = gethugepagesize(path, &local_err);
1217 if (local_err) {
1218 error_propagate(errp, local_err);
f9a49dfa 1219 goto error;
c902760f 1220 }
a2b257d6 1221 block->mr->align = hpagesize;
c902760f
MT		 1222
1223 if (memory < hpagesize) {
557529dd
HT		 1224 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1225 "or larger than huge page size 0x%" PRIx64,
1226 memory, hpagesize);
1227 goto error;
c902760f
MT		 1228 }
1229
1230 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1231 error_setg(errp,
1232 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1233 goto error;
c902760f
MT		 1234 }
1235
8ca761f6 1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1237 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/')
1240 *c = '_';
1241 }
1242
1243 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1244 sanitized_name);
1245 g_free(sanitized_name);
c902760f
MT		 1246
1247 fd = mkstemp(filename);
1248 if (fd < 0) {
7f56e740
PB		 1249 error_setg_errno(errp, errno,
1250 "unable to create backing store for hugepages");
e4ada482 1251 g_free(filename);
f9a49dfa 1252 goto error;
c902760f
MT		 1253 }
1254 unlink(filename);
e4ada482 1255 g_free(filename);
c902760f 1256
9284f319 1257 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1258
1259 /*
1260 * ftruncate is not supported by hugetlbfs in older
1261 * hosts, so don't bother bailing out on errors.
1262 * If anything goes wrong with it under other filesystems,
1263 * mmap will fail.
1264 */
7f56e740 1265 if (ftruncate(fd, memory)) {
9742bf26 1266 perror("ftruncate");
7f56e740 1267 }
c902760f 1268
794e8f30 1269 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1270 if (area == MAP_FAILED) {
7f56e740
PB		 1271 error_setg_errno(errp, errno,
1272 "unable to map backing store for hugepages");
9742bf26 1273 close(fd);
f9a49dfa 1274 goto error;
c902760f 1275 }
ef36fa14
MT		 1276
1277 if (mem_prealloc) {
38183310 1278 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1279 }
1280
04b16653 1281 block->fd = fd;
c902760f 1282 return area;
f9a49dfa
MT		 1283
1284error:
f9a49dfa 1285 return NULL;
c902760f
MT		 1286}
1287#endif
1288
0dc3f44a 1289/* Called with the ramlist lock held. */
d17b5288 1290static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1291{
1292 RAMBlock *block, *next_block;
3e837b2c 1293 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1294
49cd9ac6
SH		 1295 assert(size != 0); /* it would hand out same offset multiple times */
1296
0dc3f44a 1297 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1298 return 0;
0d53d9fe 1299 }
04b16653 1300
0dc3f44a 1301 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1302 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1303
62be4e3a 1304 end = block->offset + block->max_length;
04b16653 1305
0dc3f44a 1306 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1307 if (next_block->offset >= end) {
1308 next = MIN(next, next_block->offset);
1309 }
1310 }
1311 if (next - end >= size && next - end < mingap) {
3e837b2c 1312 offset = end;
04b16653
AW		 1313 mingap = next - end;
1314 }
1315 }
3e837b2c
AW		 1316
1317 if (offset == RAM_ADDR_MAX) {
1318 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1319 (uint64_t)size);
1320 abort();
1321 }
1322
04b16653
AW		 1323 return offset;
1324}
1325
652d7ec2 1326ram_addr_t last_ram_offset(void)
d17b5288
AW		 1327{
1328 RAMBlock *block;
1329 ram_addr_t last = 0;
1330
0dc3f44a
MD		 1331 rcu_read_lock();
1332 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1333 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1334 }
0dc3f44a 1335 rcu_read_unlock();
d17b5288
AW		 1336 return last;
1337}
1338
ddb97f1d
JB		 1339static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1340{
1341 int ret;
ddb97f1d
JB		 1342
1343 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1344 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1345 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1346 if (ret) {
1347 perror("qemu_madvise");
1348 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1349 "but dump_guest_core=off specified\n");
1350 }
1351 }
1352}
1353
0dc3f44a
MD		 1354/* Called within an RCU critical section, or while the ramlist lock
1355 * is held.
1356 */
20cfe881 1357static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1358{
20cfe881 1359 RAMBlock *block;
84b89d78 1360
0dc3f44a 1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1362 if (block->offset == addr) {
20cfe881 1363 return block;
c5705a77
AK		 1364 }
1365 }
20cfe881
HT		 1366
1367 return NULL;
1368}
1369
ae3a7047 1370/* Called with iothread lock held. */
20cfe881
HT		 1371void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1372{
ae3a7047 1373 RAMBlock *new_block, *block;
20cfe881 1374
0dc3f44a 1375 rcu_read_lock();
ae3a7047 1376 new_block = find_ram_block(addr);
c5705a77
AK		 1377 assert(new_block);
1378 assert(!new_block->idstr[0]);
84b89d78 1379
09e5ab63
AL		 1380 if (dev) {
1381 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1382 if (id) {
1383 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1384 g_free(id);
84b89d78
CM		 1385 }
1386 }
1387 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1388
0dc3f44a 1389 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1390 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1391 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1392 new_block->idstr);
1393 abort();
1394 }
1395 }
0dc3f44a 1396 rcu_read_unlock();
c5705a77
AK		 1397}
1398
ae3a7047 1399/* Called with iothread lock held. */
20cfe881
HT		 1400void qemu_ram_unset_idstr(ram_addr_t addr)
1401{
ae3a7047 1402 RAMBlock *block;
20cfe881 1403
ae3a7047
MD		 1404 /* FIXME: arch_init.c assumes that this is not called throughout
1405 * migration. Ignore the problem since hot-unplug during migration
1406 * does not work anyway.
1407 */
1408
0dc3f44a 1409 rcu_read_lock();
ae3a7047 1410 block = find_ram_block(addr);
20cfe881
HT		 1411 if (block) {
1412 memset(block->idstr, 0, sizeof(block->idstr));
1413 }
0dc3f44a 1414 rcu_read_unlock();
20cfe881
HT		 1415}
1416
8490fc78
LC		 1417static int memory_try_enable_merging(void *addr, size_t len)
1418{
75cc7f01 1419 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1420 /* disabled by the user */
1421 return 0;
1422 }
1423
1424 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1425}
1426
62be4e3a
MT		 1427/* Only legal before guest might have detected the memory size: e.g. on
1428 * incoming migration, or right after reset.
1429 *
1430 * As memory core doesn't know how is memory accessed, it is up to
1431 * resize callback to update device state and/or add assertions to detect
1432 * misuse, if necessary.
1433 */
1434int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1435{
1436 RAMBlock *block = find_ram_block(base);
1437
1438 assert(block);
1439
129ddaf3
MT		 1440 newsize = TARGET_PAGE_ALIGN(newsize);
1441
62be4e3a
MT		 1442 if (block->used_length == newsize) {
1443 return 0;
1444 }
1445
1446 if (!(block->flags & RAM_RESIZEABLE)) {
1447 error_setg_errno(errp, EINVAL,
1448 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1449 " in != 0x" RAM_ADDR_FMT, block->idstr,
1450 newsize, block->used_length);
1451 return -EINVAL;
1452 }
1453
1454 if (block->max_length < newsize) {
1455 error_setg_errno(errp, EINVAL,
1456 "Length too large: %s: 0x" RAM_ADDR_FMT
1457 " > 0x" RAM_ADDR_FMT, block->idstr,
1458 newsize, block->max_length);
1459 return -EINVAL;
1460 }
1461
1462 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1463 block->used_length = newsize;
58d2707e
PB		 1464 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1465 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1466 memory_region_set_size(block->mr, newsize);
1467 if (block->resized) {
1468 block->resized(block->idstr, newsize, block->host);
1469 }
1470 return 0;
1471}
1472
ef701d7b 1473static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1474{
e1c57ab8 1475 RAMBlock *block;
0d53d9fe 1476 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1477 ram_addr_t old_ram_size, new_ram_size;
1478
1479 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1480
b2a8658e 1481 qemu_mutex_lock_ramlist();
9b8424d5 1482 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1483
1484 if (!new_block->host) {
1485 if (xen_enabled()) {
9b8424d5
MT		 1486 xen_ram_alloc(new_block->offset, new_block->max_length,
1487 new_block->mr);
e1c57ab8 1488 } else {
9b8424d5 1489 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1490 &new_block->mr->align);
39228250 1491 if (!new_block->host) {
ef701d7b
HT		 1492 error_setg_errno(errp, errno,
1493 "cannot set up guest memory '%s'",
1494 memory_region_name(new_block->mr));
1495 qemu_mutex_unlock_ramlist();
1496 return -1;
39228250 1497 }
9b8424d5 1498 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1499 }
c902760f 1500 }
94a6b54f 1501
dd631697
LZ		 1502 new_ram_size = MAX(old_ram_size,
1503 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1504 if (new_ram_size > old_ram_size) {
1505 migration_bitmap_extend(old_ram_size, new_ram_size);
1506 }
0d53d9fe
MD		 1507 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1508 * QLIST (which has an RCU-friendly variant) does not have insertion at
1509 * tail, so save the last element in last_block.
1510 */
0dc3f44a 1511 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1512 last_block = block;
9b8424d5 1513 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1514 break;
1515 }
1516 }
1517 if (block) {
0dc3f44a 1518 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1519 } else if (last_block) {
0dc3f44a 1520 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1521 } else { /* list is empty */
0dc3f44a 1522 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1523 }
0d6d3c87 1524 ram_list.mru_block = NULL;
94a6b54f 1525
0dc3f44a
MD		 1526 /* Write list before version */
1527 smp_wmb();
f798b07f 1528 ram_list.version++;
b2a8658e 1529 qemu_mutex_unlock_ramlist();
f798b07f 1530
2152f5ca
JQ		 1531 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1532
1533 if (new_ram_size > old_ram_size) {
1ab4c8ce 1534 int i;
ae3a7047
MD		 1535
1536 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1537 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1538 ram_list.dirty_memory[i] =
1539 bitmap_zero_extend(ram_list.dirty_memory[i],
1540 old_ram_size, new_ram_size);
1541 }
2152f5ca 1542 }
9b8424d5 1543 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1544 new_block->used_length,
1545 DIRTY_CLIENTS_ALL);
94a6b54f 1546
a904c911
PB		 1547 if (new_block->host) {
1548 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1549 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1550 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1551 if (kvm_enabled()) {
1552 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1553 }
e1c57ab8 1554 }
6f0437e8 1555
94a6b54f
PB		 1556 return new_block->offset;
1557}
e9a1ab19 1558
0b183fc8 1559#ifdef __linux__
e1c57ab8 1560ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1561 bool share, const char *mem_path,
7f56e740 1562 Error **errp)
e1c57ab8
PB		 1563{
1564 RAMBlock *new_block;
ef701d7b
HT		 1565 ram_addr_t addr;
1566 Error *local_err = NULL;
e1c57ab8
PB		 1567
1568 if (xen_enabled()) {
7f56e740
PB		 1569 error_setg(errp, "-mem-path not supported with Xen");
1570 return -1;
e1c57ab8
PB		 1571 }
1572
1573 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1574 /*
1575 * file_ram_alloc() needs to allocate just like
1576 * phys_mem_alloc, but we haven't bothered to provide
1577 * a hook there.
1578 */
7f56e740
PB		 1579 error_setg(errp,
1580 "-mem-path not supported with this accelerator");
1581 return -1;
e1c57ab8
PB		 1582 }
1583
1584 size = TARGET_PAGE_ALIGN(size);
1585 new_block = g_malloc0(sizeof(*new_block));
1586 new_block->mr = mr;
9b8424d5
MT		 1587 new_block->used_length = size;
1588 new_block->max_length = size;
dbcb8981 1589 new_block->flags = share ? RAM_SHARED : 0;
794e8f30 1590 new_block->flags |= RAM_FILE;
7f56e740
PB		 1591 new_block->host = file_ram_alloc(new_block, size,
1592 mem_path, errp);
1593 if (!new_block->host) {
1594 g_free(new_block);
1595 return -1;
1596 }
1597
ef701d7b
HT		 1598 addr = ram_block_add(new_block, &local_err);
1599 if (local_err) {
1600 g_free(new_block);
1601 error_propagate(errp, local_err);
1602 return -1;
1603 }
1604 return addr;
e1c57ab8 1605}
0b183fc8 1606#endif
e1c57ab8 1607
62be4e3a
MT		 1608static
1609ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1610 void (*resized)(const char*,
1611 uint64_t length,
1612 void *host),
1613 void *host, bool resizeable,
ef701d7b 1614 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1615{
1616 RAMBlock *new_block;
ef701d7b
HT		 1617 ram_addr_t addr;
1618 Error *local_err = NULL;
e1c57ab8
PB		 1619
1620 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1621 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1622 new_block = g_malloc0(sizeof(*new_block));
1623 new_block->mr = mr;
62be4e3a 1624 new_block->resized = resized;
9b8424d5
MT		 1625 new_block->used_length = size;
1626 new_block->max_length = max_size;
62be4e3a 1627 assert(max_size >= size);
e1c57ab8
PB		 1628 new_block->fd = -1;
1629 new_block->host = host;
1630 if (host) {
7bd4f430 1631 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1632 }
62be4e3a
MT		 1633 if (resizeable) {
1634 new_block->flags |= RAM_RESIZEABLE;
1635 }
ef701d7b
HT		 1636 addr = ram_block_add(new_block, &local_err);
1637 if (local_err) {
1638 g_free(new_block);
1639 error_propagate(errp, local_err);
1640 return -1;
1641 }
1642 return addr;
e1c57ab8
PB		 1643}
1644
62be4e3a
MT		 1645ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1646 MemoryRegion *mr, Error **errp)
1647{
1648 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1649}
1650
ef701d7b 1651ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1652{
62be4e3a
MT		 1653 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1654}
1655
1656ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1657 void (*resized)(const char*,
1658 uint64_t length,
1659 void *host),
1660 MemoryRegion *mr, Error **errp)
1661{
1662 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1663}
1664
1f2e98b6
AW		 1665void qemu_ram_free_from_ptr(ram_addr_t addr)
1666{
1667 RAMBlock *block;
1668
b2a8658e 1669 qemu_mutex_lock_ramlist();
0dc3f44a 1670 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1671 if (addr == block->offset) {
0dc3f44a 1672 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1673 ram_list.mru_block = NULL;
0dc3f44a
MD		 1674 /* Write list before version */
1675 smp_wmb();
f798b07f 1676 ram_list.version++;
43771539 1677 g_free_rcu(block, rcu);
b2a8658e 1678 break;
1f2e98b6
AW		 1679 }
1680 }
b2a8658e 1681 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1682}
1683
43771539
PB		 1684static void reclaim_ramblock(RAMBlock *block)
1685{
1686 if (block->flags & RAM_PREALLOC) {
1687 ;
1688 } else if (xen_enabled()) {
1689 xen_invalidate_map_cache_entry(block->host);
1690#ifndef _WIN32
1691 } else if (block->fd >= 0) {
794e8f30
MT		 1692 if (block->flags & RAM_FILE) {
1693 qemu_ram_munmap(block->host, block->max_length);
8561c924
MT		 1694 } else {
1695 munmap(block->host, block->max_length);
1696 }
43771539
PB		 1697 close(block->fd);
1698#endif
1699 } else {
1700 qemu_anon_ram_free(block->host, block->max_length);
1701 }
1702 g_free(block);
1703}
1704
c227f099 1705void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1706{
04b16653
AW		 1707 RAMBlock *block;
1708
b2a8658e 1709 qemu_mutex_lock_ramlist();
0dc3f44a 1710 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1711 if (addr == block->offset) {
0dc3f44a 1712 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1713 ram_list.mru_block = NULL;
0dc3f44a
MD		 1714 /* Write list before version */
1715 smp_wmb();
f798b07f 1716 ram_list.version++;
43771539 1717 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1718 break;
04b16653
AW		 1719 }
1720 }
b2a8658e 1721 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1722}
1723
cd19cfa2
HY		 1724#ifndef _WIN32
1725void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1726{
1727 RAMBlock *block;
1728 ram_addr_t offset;
1729 int flags;
1730 void *area, *vaddr;
1731
0dc3f44a 1732 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1733 offset = addr - block->offset;
9b8424d5 1734 if (offset < block->max_length) {
1240be24 1735 vaddr = ramblock_ptr(block, offset);
7bd4f430 1736 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1737 ;
dfeaf2ab
MA		 1738 } else if (xen_enabled()) {
1739 abort();
cd19cfa2
HY		 1740 } else {
1741 flags = MAP_FIXED;
3435f395 1742 if (block->fd >= 0) {
dbcb8981
PB		 1743 flags |= (block->flags & RAM_SHARED ?
1744 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1745 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1746 flags, block->fd, offset);
cd19cfa2 1747 } else {
2eb9fbaa
MA		 1748 /*
1749 * Remap needs to match alloc. Accelerators that
1750 * set phys_mem_alloc never remap. If they did,
1751 * we'd need a remap hook here.
1752 */
1753 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1754
cd19cfa2
HY		 1755 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1756 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1757 flags, -1, 0);
cd19cfa2
HY		 1758 }
1759 if (area != vaddr) {
f15fbc4b
AP		 1760 fprintf(stderr, "Could not remap addr: "
1761 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1762 length, addr);
1763 exit(1);
1764 }
8490fc78 1765 memory_try_enable_merging(vaddr, length);
ddb97f1d 1766 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1767 }
cd19cfa2
HY		 1768 }
1769 }
1770}
1771#endif /* !_WIN32 */
1772
a35ba7be
PB		 1773int qemu_get_ram_fd(ram_addr_t addr)
1774{
ae3a7047
MD		 1775 RAMBlock *block;
1776 int fd;
a35ba7be 1777
0dc3f44a 1778 rcu_read_lock();
ae3a7047
MD		 1779 block = qemu_get_ram_block(addr);
1780 fd = block->fd;
0dc3f44a 1781 rcu_read_unlock();
ae3a7047 1782 return fd;
a35ba7be
PB		 1783}
1784
3fd74b84
DM		 1785void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1786{
ae3a7047
MD		 1787 RAMBlock *block;
1788 void *ptr;
3fd74b84 1789
0dc3f44a 1790 rcu_read_lock();
ae3a7047
MD		 1791 block = qemu_get_ram_block(addr);
1792 ptr = ramblock_ptr(block, 0);
0dc3f44a 1793 rcu_read_unlock();
ae3a7047 1794 return ptr;
3fd74b84
DM		 1795}
1796
1b5ec234 1797/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1798 * This should not be used for general purpose DMA. Use address_space_map
1799 * or address_space_rw instead. For local memory (e.g. video ram) that the
1800 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1801 *
1802 * By the time this function returns, the returned pointer is not protected
1803 * by RCU anymore. If the caller is not within an RCU critical section and
1804 * does not hold the iothread lock, it must have other means of protecting the
1805 * pointer, such as a reference to the region that includes the incoming
1806 * ram_addr_t.
1b5ec234
PB		 1807 */
1808void *qemu_get_ram_ptr(ram_addr_t addr)
1809{
ae3a7047
MD		 1810 RAMBlock *block;
1811 void *ptr;
1b5ec234 1812
0dc3f44a 1813 rcu_read_lock();
ae3a7047
MD		 1814 block = qemu_get_ram_block(addr);
1815
1816 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1817 /* We need to check if the requested address is in the RAM
1818 * because we don't want to map the entire memory in QEMU.
1819 * In that case just map until the end of the page.
1820 */
1821 if (block->offset == 0) {
ae3a7047 1822 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1823 goto unlock;
0d6d3c87 1824 }
ae3a7047
MD		 1825
1826 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1827 }
ae3a7047
MD		 1828 ptr = ramblock_ptr(block, addr - block->offset);
1829
0dc3f44a
MD		 1830unlock:
1831 rcu_read_unlock();
ae3a7047 1832 return ptr;
dc828ca1
PB		 1833}
1834
38bee5dc 1835/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1836 * but takes a size argument.
0dc3f44a
MD		 1837 *
1838 * By the time this function returns, the returned pointer is not protected
1839 * by RCU anymore. If the caller is not within an RCU critical section and
1840 * does not hold the iothread lock, it must have other means of protecting the
1841 * pointer, such as a reference to the region that includes the incoming
1842 * ram_addr_t.
ae3a7047 1843 */
cb85f7ab 1844static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1845{
ae3a7047 1846 void *ptr;
8ab934f9
SS		 1847 if (*size == 0) {
1848 return NULL;
1849 }
868bb33f 1850 if (xen_enabled()) {
e41d7c69 1851 return xen_map_cache(addr, *size, 1);
868bb33f 1852 } else {
38bee5dc 1853 RAMBlock *block;
0dc3f44a
MD		 1854 rcu_read_lock();
1855 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1856 if (addr - block->offset < block->max_length) {
1857 if (addr - block->offset + *size > block->max_length)
1858 *size = block->max_length - addr + block->offset;
ae3a7047 1859 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1860 rcu_read_unlock();
ae3a7047 1861 return ptr;
38bee5dc
SS		 1862 }
1863 }
1864
1865 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1866 abort();
38bee5dc
SS		 1867 }
1868}
1869
7443b437 1870/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1871 * (typically a TLB entry) back to a ram offset.
1872 *
1873 * By the time this function returns, the returned pointer is not protected
1874 * by RCU anymore. If the caller is not within an RCU critical section and
1875 * does not hold the iothread lock, it must have other means of protecting the
1876 * pointer, such as a reference to the region that includes the incoming
1877 * ram_addr_t.
1878 */
1b5ec234 1879MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1880{
94a6b54f
PB		 1881 RAMBlock *block;
1882 uint8_t *host = ptr;
ae3a7047 1883 MemoryRegion *mr;
94a6b54f 1884
868bb33f 1885 if (xen_enabled()) {
0dc3f44a 1886 rcu_read_lock();
e41d7c69 1887 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1888 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1889 rcu_read_unlock();
ae3a7047 1890 return mr;
712c2b41
SS		 1891 }
1892
0dc3f44a
MD		 1893 rcu_read_lock();
1894 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1895 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1896 goto found;
1897 }
1898
0dc3f44a 1899 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1900 /* This case append when the block is not mapped. */
1901 if (block->host == NULL) {
1902 continue;
1903 }
9b8424d5 1904 if (host - block->host < block->max_length) {
23887b79 1905 goto found;
f471a17e 1906 }
94a6b54f 1907 }
432d268c 1908
0dc3f44a 1909 rcu_read_unlock();
1b5ec234 1910 return NULL;
23887b79
PB		 1911
1912found:
1913 *ram_addr = block->offset + (host - block->host);
ae3a7047 1914 mr = block->mr;
0dc3f44a 1915 rcu_read_unlock();
ae3a7047 1916 return mr;
e890261f 1917}
f471a17e 1918
a8170e5e 1919static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1920 uint64_t val, unsigned size)
9fa3e853 1921{
52159192 1922 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1923 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1924 }
0e0df1e2
AK		 1925 switch (size) {
1926 case 1:
1927 stb_p(qemu_get_ram_ptr(ram_addr), val);
1928 break;
1929 case 2:
1930 stw_p(qemu_get_ram_ptr(ram_addr), val);
1931 break;
1932 case 4:
1933 stl_p(qemu_get_ram_ptr(ram_addr), val);
1934 break;
1935 default:
1936 abort();
3a7d929e 1937 }
58d2707e
PB		 1938 /* Set both VGA and migration bits for simplicity and to remove
1939 * the notdirty callback faster.
1940 */
1941 cpu_physical_memory_set_dirty_range(ram_addr, size,
1942 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1943 /* we remove the notdirty callback only if the code has been
1944 flushed */
a2cd8c85 1945 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1946 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1947 }
9fa3e853
FB		 1948}
1949
b018ddf6
PB		 1950static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1951 unsigned size, bool is_write)
1952{
1953 return is_write;
1954}
1955
0e0df1e2 1956static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1957 .write = notdirty_mem_write,
b018ddf6 1958 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1959 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1960};
1961
0f459d16 1962/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1963static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1964{
93afeade
AF		 1965 CPUState *cpu = current_cpu;
1966 CPUArchState *env = cpu->env_ptr;
06d55cc1 1967 target_ulong pc, cs_base;
0f459d16 1968 target_ulong vaddr;
a1d1bb31 1969 CPUWatchpoint *wp;
06d55cc1 1970 int cpu_flags;
0f459d16 1971
ff4700b0 1972 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1973 /* We re-entered the check after replacing the TB. Now raise
1974 * the debug interrupt so that is will trigger after the
1975 * current instruction. */
93afeade 1976 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1977 return;
1978 }
93afeade 1979 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1980 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1981 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1982 && (wp->flags & flags)) {
08225676
PM		 1983 if (flags == BP_MEM_READ) {
1984 wp->flags |= BP_WATCHPOINT_HIT_READ;
1985 } else {
1986 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1987 }
1988 wp->hitaddr = vaddr;
66b9b43c 1989 wp->hitattrs = attrs;
ff4700b0
AF		 1990 if (!cpu->watchpoint_hit) {
1991 cpu->watchpoint_hit = wp;
239c51a5 1992 tb_check_watchpoint(cpu);
6e140f28 1993 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1994 cpu->exception_index = EXCP_DEBUG;
5638d180 1995 cpu_loop_exit(cpu);
6e140f28
AL		 1996 } else {
1997 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 1998 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 1999 cpu_resume_from_signal(cpu, NULL);
6e140f28 2000 }
06d55cc1 2001 }
6e140f28
AL		 2002 } else {
2003 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2004 }
2005 }
2006}
2007
6658ffb8
PB		 2008/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2009 so these check for a hit then pass through to the normal out-of-line
2010 phys routines. */
66b9b43c
PM		 2011static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2012 unsigned size, MemTxAttrs attrs)
6658ffb8 2013{
66b9b43c
PM		 2014 MemTxResult res;
2015 uint64_t data;
2016
2017 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2018 switch (size) {
66b9b43c
PM		 2019 case 1:
2020 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2021 break;
2022 case 2:
2023 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2024 break;
2025 case 4:
2026 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2027 break;
1ec9b909
AK		 2028 default: abort();
2029 }
66b9b43c
PM		 2030 *pdata = data;
2031 return res;
6658ffb8
PB		 2032}
2033
66b9b43c
PM		 2034static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2035 uint64_t val, unsigned size,
2036 MemTxAttrs attrs)
6658ffb8 2037{
66b9b43c
PM		 2038 MemTxResult res;
2039
2040 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2041 switch (size) {
67364150 2042 case 1:
66b9b43c 2043 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2044 break;
2045 case 2:
66b9b43c 2046 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2047 break;
2048 case 4:
66b9b43c 2049 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2050 break;
1ec9b909
AK		 2051 default: abort();
2052 }
66b9b43c 2053 return res;
6658ffb8
PB		 2054}
2055
1ec9b909 2056static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2057 .read_with_attrs = watch_mem_read,
2058 .write_with_attrs = watch_mem_write,
1ec9b909 2059 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2060};
6658ffb8 2061
f25a49e0
PM		 2062static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2063 unsigned len, MemTxAttrs attrs)
db7b5426 2064{
acc9d80b 2065 subpage_t *subpage = opaque;
ff6cff75 2066 uint8_t buf[8];
5c9eb028 2067 MemTxResult res;
791af8c8 2068
db7b5426 2069#if defined(DEBUG_SUBPAGE)
016e9d62 2070 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2071 subpage, len, addr);
db7b5426 2072#endif
5c9eb028
PM		 2073 res = address_space_read(subpage->as, addr + subpage->base,
2074 attrs, buf, len);
2075 if (res) {
2076 return res;
f25a49e0 2077 }
acc9d80b
JK		 2078 switch (len) {
2079 case 1:
f25a49e0
PM		 2080 *data = ldub_p(buf);
2081 return MEMTX_OK;
acc9d80b 2082 case 2:
f25a49e0
PM		 2083 *data = lduw_p(buf);
2084 return MEMTX_OK;
acc9d80b 2085 case 4:
f25a49e0
PM		 2086 *data = ldl_p(buf);
2087 return MEMTX_OK;
ff6cff75 2088 case 8:
f25a49e0
PM		 2089 *data = ldq_p(buf);
2090 return MEMTX_OK;
acc9d80b
JK		 2091 default:
2092 abort();
2093 }
db7b5426
BS		 2094}
2095
f25a49e0
PM		 2096static MemTxResult subpage_write(void *opaque, hwaddr addr,
2097 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2098{
acc9d80b 2099 subpage_t *subpage = opaque;
ff6cff75 2100 uint8_t buf[8];
acc9d80b 2101
db7b5426 2102#if defined(DEBUG_SUBPAGE)
016e9d62 2103 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2104 " value %"PRIx64"\n",
2105 __func__, subpage, len, addr, value);
db7b5426 2106#endif
acc9d80b
JK		 2107 switch (len) {
2108 case 1:
2109 stb_p(buf, value);
2110 break;
2111 case 2:
2112 stw_p(buf, value);
2113 break;
2114 case 4:
2115 stl_p(buf, value);
2116 break;
ff6cff75
PB		 2117 case 8:
2118 stq_p(buf, value);
2119 break;
acc9d80b
JK		 2120 default:
2121 abort();
2122 }
5c9eb028
PM		 2123 return address_space_write(subpage->as, addr + subpage->base,
2124 attrs, buf, len);
db7b5426
BS		 2125}
2126
c353e4cc 2127static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2128 unsigned len, bool is_write)
c353e4cc 2129{
acc9d80b 2130 subpage_t *subpage = opaque;
c353e4cc 2131#if defined(DEBUG_SUBPAGE)
016e9d62 2132 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2133 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2134#endif
2135
acc9d80b 2136 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2137 len, is_write);
c353e4cc
PB		 2138}
2139
70c68e44 2140static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2141 .read_with_attrs = subpage_read,
2142 .write_with_attrs = subpage_write,
ff6cff75
PB		 2143 .impl.min_access_size = 1,
2144 .impl.max_access_size = 8,
2145 .valid.min_access_size = 1,
2146 .valid.max_access_size = 8,
c353e4cc 2147 .valid.accepts = subpage_accepts,
70c68e44 2148 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2149};
2150
c227f099 2151static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2152 uint16_t section)
db7b5426
BS		 2153{
2154 int idx, eidx;
2155
2156 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2157 return -1;
2158 idx = SUBPAGE_IDX(start);
2159 eidx = SUBPAGE_IDX(end);
2160#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2161 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2162 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2163#endif
db7b5426 2164 for (; idx <= eidx; idx++) {
5312bd8b 2165 mmio->sub_section[idx] = section;
db7b5426
BS		 2166 }
2167
2168 return 0;
2169}
2170
acc9d80b 2171static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2172{
c227f099 2173 subpage_t *mmio;
db7b5426 2174
7267c094 2175 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2176
acc9d80b 2177 mmio->as = as;
1eec614b 2178 mmio->base = base;
2c9b15ca 2179 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2180 NULL, TARGET_PAGE_SIZE);
b3b00c78 2181 mmio->iomem.subpage = true;
db7b5426 2182#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2183 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2184 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2185#endif
b41aac4f 2186 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2187
2188 return mmio;
2189}
2190
a656e22f
PC		 2191static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2192 MemoryRegion *mr)
5312bd8b 2193{
a656e22f 2194 assert(as);
5312bd8b 2195 MemoryRegionSection section = {
a656e22f 2196 .address_space = as,
5312bd8b
AK		 2197 .mr = mr,
2198 .offset_within_address_space = 0,
2199 .offset_within_region = 0,
052e87b0 2200 .size = int128_2_64(),
5312bd8b
AK		 2201 };
2202
53cb28cb 2203 return phys_section_add(map, &section);
5312bd8b
AK		 2204}
2205
9d82b5a7 2206MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2207{
32857f4d
PM		 2208 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2209 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2210 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2211
2212 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2213}
2214
e9179ce1
AK		 2215static void io_mem_init(void)
2216{
1f6245e5 2217 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2218 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2219 NULL, UINT64_MAX);
2c9b15ca 2220 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2221 NULL, UINT64_MAX);
2c9b15ca 2222 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2223 NULL, UINT64_MAX);
e9179ce1
AK		 2224}
2225
ac1970fb 2226static void mem_begin(MemoryListener *listener)
00752703
PB		 2227{
2228 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2229 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2230 uint16_t n;
2231
a656e22f 2232 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2233 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2234 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2235 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2236 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2237 assert(n == PHYS_SECTION_ROM);
a656e22f 2238 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2239 assert(n == PHYS_SECTION_WATCH);
00752703 2240
9736e55b 2241 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2242 d->as = as;
2243 as->next_dispatch = d;
2244}
2245
79e2b9ae
PB		 2246static void address_space_dispatch_free(AddressSpaceDispatch *d)
2247{
2248 phys_sections_free(&d->map);
2249 g_free(d);
2250}
2251
00752703 2252static void mem_commit(MemoryListener *listener)
ac1970fb 2253{
89ae337a 2254 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2255 AddressSpaceDispatch *cur = as->dispatch;
2256 AddressSpaceDispatch *next = as->next_dispatch;
2257
53cb28cb 2258 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2259
79e2b9ae 2260 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2261 if (cur) {
79e2b9ae 2262 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2263 }
9affd6fc
PB		 2264}
2265
1d71148e 2266static void tcg_commit(MemoryListener *listener)
50c1e149 2267{
32857f4d
PM		 2268 CPUAddressSpace *cpuas;
2269 AddressSpaceDispatch *d;
117712c3
AK		 2270
2271 /* since each CPU stores ram addresses in its TLB cache, we must
2272 reset the modified entries */
32857f4d
PM		 2273 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2274 cpu_reloading_memory_map();
2275 /* The CPU and TLB are protected by the iothread lock.
2276 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2277 * may have split the RCU critical section.
2278 */
2279 d = atomic_rcu_read(&cpuas->as->dispatch);
2280 cpuas->memory_dispatch = d;
2281 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2282}
2283
ac1970fb
AK		 2284void address_space_init_dispatch(AddressSpace *as)
2285{
00752703 2286 as->dispatch = NULL;
89ae337a 2287 as->dispatch_listener = (MemoryListener) {
ac1970fb 2288 .begin = mem_begin,
00752703 2289 .commit = mem_commit,
ac1970fb
AK		 2290 .region_add = mem_add,
2291 .region_nop = mem_add,
2292 .priority = 0,
2293 };
89ae337a 2294 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2295}
2296
6e48e8f9
PB		 2297void address_space_unregister(AddressSpace *as)
2298{
2299 memory_listener_unregister(&as->dispatch_listener);
2300}
2301
83f3c251
AK		 2302void address_space_destroy_dispatch(AddressSpace *as)
2303{
2304 AddressSpaceDispatch *d = as->dispatch;
2305
79e2b9ae
PB		 2306 atomic_rcu_set(&as->dispatch, NULL);
2307 if (d) {
2308 call_rcu(d, address_space_dispatch_free, rcu);
2309 }
83f3c251
AK		 2310}
2311
62152b8a
AK		 2312static void memory_map_init(void)
2313{
7267c094 2314 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2315
57271d63 2316 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2317 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2318
7267c094 2319 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2320 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2321 65536);
7dca8043 2322 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2323}
2324
2325MemoryRegion *get_system_memory(void)
2326{
2327 return system_memory;
2328}
2329
309cb471
AK		 2330MemoryRegion *get_system_io(void)
2331{
2332 return system_io;
2333}
2334
e2eef170
PB		 2335#endif /* !defined(CONFIG_USER_ONLY) */
2336
13eb76e0
FB		 2337/* physical memory access (slow version, mainly for debug) */
2338#if defined(CONFIG_USER_ONLY)
f17ec444 2339int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2340 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2341{
2342 int l, flags;
2343 target_ulong page;
53a5960a 2344 void * p;
13eb76e0
FB		 2345
2346 while (len > 0) {
2347 page = addr & TARGET_PAGE_MASK;
2348 l = (page + TARGET_PAGE_SIZE) - addr;
2349 if (l > len)
2350 l = len;
2351 flags = page_get_flags(page);
2352 if (!(flags & PAGE_VALID))
a68fe89c 2353 return -1;
13eb76e0
FB		 2354 if (is_write) {
2355 if (!(flags & PAGE_WRITE))
a68fe89c 2356 return -1;
579a97f7 2357 /* XXX: this code should not depend on lock_user */
72fb7daa 2358 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2359 return -1;
72fb7daa
AJ		 2360 memcpy(p, buf, l);
2361 unlock_user(p, addr, l);
13eb76e0
FB		 2362 } else {
2363 if (!(flags & PAGE_READ))
a68fe89c 2364 return -1;
579a97f7 2365 /* XXX: this code should not depend on lock_user */
72fb7daa 2366 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2367 return -1;
72fb7daa 2368 memcpy(buf, p, l);
5b257578 2369 unlock_user(p, addr, 0);
13eb76e0
FB		 2370 }
2371 len -= l;
2372 buf += l;
2373 addr += l;
2374 }
a68fe89c 2375 return 0;
13eb76e0 2376}
8df1cd07 2377
13eb76e0 2378#else
51d7a9eb 2379
845b6214 2380static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2381 hwaddr length)
51d7a9eb 2382{
e87f7778
PB		 2383 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2384 /* No early return if dirty_log_mask is or becomes 0, because
2385 * cpu_physical_memory_set_dirty_range will still call
2386 * xen_modified_memory.
2387 */
2388 if (dirty_log_mask) {
2389 dirty_log_mask =
2390 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2391 }
2392 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2393 tb_invalidate_phys_range(addr, addr + length);
2394 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2395 }
e87f7778 2396 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2397}
2398
23326164 2399static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2400{
e1622f4b 2401 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2402
2403 /* Regions are assumed to support 1-4 byte accesses unless
2404 otherwise specified. */
23326164
RH		 2405 if (access_size_max == 0) {
2406 access_size_max = 4;
2407 }
2408
2409 /* Bound the maximum access by the alignment of the address. */
2410 if (!mr->ops->impl.unaligned) {
2411 unsigned align_size_max = addr & -addr;
2412 if (align_size_max != 0 && align_size_max < access_size_max) {
2413 access_size_max = align_size_max;
2414 }
82f2563f 2415 }
23326164
RH		 2416
2417 /* Don't attempt accesses larger than the maximum. */
2418 if (l > access_size_max) {
2419 l = access_size_max;
82f2563f 2420 }
6554f5c0 2421 l = pow2floor(l);
23326164
RH		 2422
2423 return l;
82f2563f
PB		 2424}
2425
4840f10e 2426static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2427{
4840f10e
JK		 2428 bool unlocked = !qemu_mutex_iothread_locked();
2429 bool release_lock = false;
2430
2431 if (unlocked && mr->global_locking) {
2432 qemu_mutex_lock_iothread();
2433 unlocked = false;
2434 release_lock = true;
2435 }
125b3806 2436 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2437 if (unlocked) {
2438 qemu_mutex_lock_iothread();
2439 }
125b3806 2440 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2441 if (unlocked) {
2442 qemu_mutex_unlock_iothread();
2443 }
125b3806 2444 }
4840f10e
JK		 2445
2446 return release_lock;
125b3806
PB		 2447}
2448
5c9eb028
PM		 2449MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2450 uint8_t *buf, int len, bool is_write)
13eb76e0 2451{
149f54b5 2452 hwaddr l;
13eb76e0 2453 uint8_t *ptr;
791af8c8 2454 uint64_t val;
149f54b5 2455 hwaddr addr1;
5c8a00ce 2456 MemoryRegion *mr;
3b643495 2457 MemTxResult result = MEMTX_OK;
4840f10e 2458 bool release_lock = false;
3b46e624 2459
41063e1e 2460 rcu_read_lock();
13eb76e0 2461 while (len > 0) {
149f54b5 2462 l = len;
5c8a00ce 2463 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2464
13eb76e0 2465 if (is_write) {
5c8a00ce 2466 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2467 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2468 l = memory_access_size(mr, l, addr1);
4917cf44 2469 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2470 potential bugs */
23326164
RH		 2471 switch (l) {
2472 case 8:
2473 /* 64 bit write access */
2474 val = ldq_p(buf);
3b643495
PM		 2475 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2476 attrs);
23326164
RH		 2477 break;
2478 case 4:
1c213d19 2479 /* 32 bit write access */
c27004ec 2480 val = ldl_p(buf);
3b643495
PM		 2481 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2482 attrs);
23326164
RH		 2483 break;
2484 case 2:
1c213d19 2485 /* 16 bit write access */
c27004ec 2486 val = lduw_p(buf);
3b643495
PM		 2487 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2488 attrs);
23326164
RH		 2489 break;
2490 case 1:
1c213d19 2491 /* 8 bit write access */
c27004ec 2492 val = ldub_p(buf);
3b643495
PM		 2493 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2494 attrs);
23326164
RH		 2495 break;
2496 default:
2497 abort();
13eb76e0 2498 }
2bbfa05d 2499 } else {
5c8a00ce 2500 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2501 /* RAM case */
5579c7f3 2502 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2503 memcpy(ptr, buf, l);
845b6214 2504 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2505 }
2506 } else {
5c8a00ce 2507 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2508 /* I/O case */
4840f10e 2509 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2510 l = memory_access_size(mr, l, addr1);
23326164
RH		 2511 switch (l) {
2512 case 8:
2513 /* 64 bit read access */
3b643495
PM		 2514 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2515 attrs);
23326164
RH		 2516 stq_p(buf, val);
2517 break;
2518 case 4:
13eb76e0 2519 /* 32 bit read access */
3b643495
PM		 2520 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2521 attrs);
c27004ec 2522 stl_p(buf, val);
23326164
RH		 2523 break;
2524 case 2:
13eb76e0 2525 /* 16 bit read access */
3b643495
PM		 2526 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2527 attrs);
c27004ec 2528 stw_p(buf, val);
23326164
RH		 2529 break;
2530 case 1:
1c213d19 2531 /* 8 bit read access */
3b643495
PM		 2532 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2533 attrs);
c27004ec 2534 stb_p(buf, val);
23326164
RH		 2535 break;
2536 default:
2537 abort();
13eb76e0
FB		 2538 }
2539 } else {
2540 /* RAM case */
5c8a00ce 2541 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2542 memcpy(buf, ptr, l);
13eb76e0
FB		 2543 }
2544 }
4840f10e
JK		 2545
2546 if (release_lock) {
2547 qemu_mutex_unlock_iothread();
2548 release_lock = false;
2549 }
2550
13eb76e0
FB		 2551 len -= l;
2552 buf += l;
2553 addr += l;
2554 }
41063e1e 2555 rcu_read_unlock();
fd8aaa76 2556
3b643495 2557 return result;
13eb76e0 2558}
8df1cd07 2559
5c9eb028
PM		 2560MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2561 const uint8_t *buf, int len)
ac1970fb 2562{
5c9eb028 2563 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2564}
2565
5c9eb028
PM		 2566MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2567 uint8_t *buf, int len)
ac1970fb 2568{
5c9eb028 2569 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2570}
2571
2572
a8170e5e 2573void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2574 int len, int is_write)
2575{
5c9eb028
PM		 2576 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2577 buf, len, is_write);
ac1970fb
AK		 2578}
2579
582b55a9
AG		 2580enum write_rom_type {
2581 WRITE_DATA,
2582 FLUSH_CACHE,
2583};
2584
2a221651 2585static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2586 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2587{
149f54b5 2588 hwaddr l;
d0ecd2aa 2589 uint8_t *ptr;
149f54b5 2590 hwaddr addr1;
5c8a00ce 2591 MemoryRegion *mr;
3b46e624 2592
41063e1e 2593 rcu_read_lock();
d0ecd2aa 2594 while (len > 0) {
149f54b5 2595 l = len;
2a221651 2596 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2597
5c8a00ce
PB		 2598 if (!(memory_region_is_ram(mr) ||
2599 memory_region_is_romd(mr))) {
b242e0e0 2600 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2601 } else {
5c8a00ce 2602 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2603 /* ROM/RAM case */
5579c7f3 2604 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2605 switch (type) {
2606 case WRITE_DATA:
2607 memcpy(ptr, buf, l);
845b6214 2608 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2609 break;
2610 case FLUSH_CACHE:
2611 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2612 break;
2613 }
d0ecd2aa
FB		 2614 }
2615 len -= l;
2616 buf += l;
2617 addr += l;
2618 }
41063e1e 2619 rcu_read_unlock();
d0ecd2aa
FB		 2620}
2621
582b55a9 2622/* used for ROM loading : can write in RAM and ROM */
2a221651 2623void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2624 const uint8_t *buf, int len)
2625{
2a221651 2626 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2627}
2628
2629void cpu_flush_icache_range(hwaddr start, int len)
2630{
2631 /*
2632 * This function should do the same thing as an icache flush that was
2633 * triggered from within the guest. For TCG we are always cache coherent,
2634 * so there is no need to flush anything. For KVM / Xen we need to flush
2635 * the host's instruction cache at least.
2636 */
2637 if (tcg_enabled()) {
2638 return;
2639 }
2640
2a221651
EI		 2641 cpu_physical_memory_write_rom_internal(&address_space_memory,
2642 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2643}
2644
6d16c2f8 2645typedef struct {
d3e71559 2646 MemoryRegion *mr;
6d16c2f8 2647 void *buffer;
a8170e5e
AK		 2648 hwaddr addr;
2649 hwaddr len;
c2cba0ff 2650 bool in_use;
6d16c2f8
AL		 2651} BounceBuffer;
2652
2653static BounceBuffer bounce;
2654
ba223c29 2655typedef struct MapClient {
e95205e1 2656 QEMUBH *bh;
72cf2d4f 2657 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2658} MapClient;
2659
38e047b5 2660QemuMutex map_client_list_lock;
72cf2d4f
BS		 2661static QLIST_HEAD(map_client_list, MapClient) map_client_list
2662 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2663
e95205e1
FZ		 2664static void cpu_unregister_map_client_do(MapClient *client)
2665{
2666 QLIST_REMOVE(client, link);
2667 g_free(client);
2668}
2669
33b6c2ed
FZ		 2670static void cpu_notify_map_clients_locked(void)
2671{
2672 MapClient *client;
2673
2674 while (!QLIST_EMPTY(&map_client_list)) {
2675 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2676 qemu_bh_schedule(client->bh);
2677 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2678 }
2679}
2680
e95205e1 2681void cpu_register_map_client(QEMUBH *bh)
ba223c29 2682{
7267c094 2683 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2684
38e047b5 2685 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2686 client->bh = bh;
72cf2d4f 2687 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2688 if (!atomic_read(&bounce.in_use)) {
2689 cpu_notify_map_clients_locked();
2690 }
38e047b5 2691 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2692}
2693
38e047b5 2694void cpu_exec_init_all(void)
ba223c29 2695{
38e047b5
FZ		 2696 qemu_mutex_init(&ram_list.mutex);
2697 memory_map_init();
2698 io_mem_init();
2699 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2700}
2701
e95205e1 2702void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2703{
2704 MapClient *client;
2705
e95205e1
FZ		 2706 qemu_mutex_lock(&map_client_list_lock);
2707 QLIST_FOREACH(client, &map_client_list, link) {
2708 if (client->bh == bh) {
2709 cpu_unregister_map_client_do(client);
2710 break;
2711 }
ba223c29 2712 }
e95205e1 2713 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2714}
2715
2716static void cpu_notify_map_clients(void)
2717{
38e047b5 2718 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2719 cpu_notify_map_clients_locked();
38e047b5 2720 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2721}
2722
51644ab7
PB		 2723bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2724{
5c8a00ce 2725 MemoryRegion *mr;
51644ab7
PB		 2726 hwaddr l, xlat;
2727
41063e1e 2728 rcu_read_lock();
51644ab7
PB		 2729 while (len > 0) {
2730 l = len;
5c8a00ce
PB		 2731 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2732 if (!memory_access_is_direct(mr, is_write)) {
2733 l = memory_access_size(mr, l, addr);
2734 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2735 return false;
2736 }
2737 }
2738
2739 len -= l;
2740 addr += l;
2741 }
41063e1e 2742 rcu_read_unlock();
51644ab7
PB		 2743 return true;
2744}
2745
6d16c2f8
AL		 2746/* Map a physical memory region into a host virtual address.
2747 * May map a subset of the requested range, given by and returned in *plen.
2748 * May return NULL if resources needed to perform the mapping are exhausted.
2749 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2750 * Use cpu_register_map_client() to know when retrying the map operation is
2751 * likely to succeed.
6d16c2f8 2752 */
ac1970fb 2753void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2754 hwaddr addr,
2755 hwaddr *plen,
ac1970fb 2756 bool is_write)
6d16c2f8 2757{
a8170e5e 2758 hwaddr len = *plen;
e3127ae0
PB		 2759 hwaddr done = 0;
2760 hwaddr l, xlat, base;
2761 MemoryRegion *mr, *this_mr;
2762 ram_addr_t raddr;
6d16c2f8 2763
e3127ae0
PB		 2764 if (len == 0) {
2765 return NULL;
2766 }
38bee5dc 2767
e3127ae0 2768 l = len;
41063e1e 2769 rcu_read_lock();
e3127ae0 2770 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2771
e3127ae0 2772 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2773 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2774 rcu_read_unlock();
e3127ae0 2775 return NULL;
6d16c2f8 2776 }
e85d9db5
KW		 2777 /* Avoid unbounded allocations */
2778 l = MIN(l, TARGET_PAGE_SIZE);
2779 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2780 bounce.addr = addr;
2781 bounce.len = l;
d3e71559
PB		 2782
2783 memory_region_ref(mr);
2784 bounce.mr = mr;
e3127ae0 2785 if (!is_write) {
5c9eb028
PM		 2786 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2787 bounce.buffer, l);
8ab934f9 2788 }
6d16c2f8 2789
41063e1e 2790 rcu_read_unlock();
e3127ae0
PB		 2791 *plen = l;
2792 return bounce.buffer;
2793 }
2794
2795 base = xlat;
2796 raddr = memory_region_get_ram_addr(mr);
2797
2798 for (;;) {
6d16c2f8
AL		 2799 len -= l;
2800 addr += l;
e3127ae0
PB		 2801 done += l;
2802 if (len == 0) {
2803 break;
2804 }
2805
2806 l = len;
2807 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2808 if (this_mr != mr || xlat != base + done) {
2809 break;
2810 }
6d16c2f8 2811 }
e3127ae0 2812
d3e71559 2813 memory_region_ref(mr);
41063e1e 2814 rcu_read_unlock();
e3127ae0
PB		 2815 *plen = done;
2816 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2817}
2818
ac1970fb 2819/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2820 * Will also mark the memory as dirty if is_write == 1. access_len gives
2821 * the amount of memory that was actually read or written by the caller.
2822 */
a8170e5e
AK		 2823void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2824 int is_write, hwaddr access_len)
6d16c2f8
AL		 2825{
2826 if (buffer != bounce.buffer) {
d3e71559
PB		 2827 MemoryRegion *mr;
2828 ram_addr_t addr1;
2829
2830 mr = qemu_ram_addr_from_host(buffer, &addr1);
2831 assert(mr != NULL);
6d16c2f8 2832 if (is_write) {
845b6214 2833 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2834 }
868bb33f 2835 if (xen_enabled()) {
e41d7c69 2836 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2837 }
d3e71559 2838 memory_region_unref(mr);
6d16c2f8
AL		 2839 return;
2840 }
2841 if (is_write) {
5c9eb028
PM		 2842 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2843 bounce.buffer, access_len);
6d16c2f8 2844 }
f8a83245 2845 qemu_vfree(bounce.buffer);
6d16c2f8 2846 bounce.buffer = NULL;
d3e71559 2847 memory_region_unref(bounce.mr);
c2cba0ff 2848 atomic_mb_set(&bounce.in_use, false);
ba223c29 2849 cpu_notify_map_clients();
6d16c2f8 2850}
d0ecd2aa 2851
a8170e5e
AK		 2852void *cpu_physical_memory_map(hwaddr addr,
2853 hwaddr *plen,
ac1970fb
AK		 2854 int is_write)
2855{
2856 return address_space_map(&address_space_memory, addr, plen, is_write);
2857}
2858
a8170e5e
AK		 2859void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2860 int is_write, hwaddr access_len)
ac1970fb
AK		 2861{
2862 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2863}
2864
8df1cd07 2865/* warning: addr must be aligned */
50013115
PM		 2866static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2867 MemTxAttrs attrs,
2868 MemTxResult *result,
2869 enum device_endian endian)
8df1cd07 2870{
8df1cd07 2871 uint8_t *ptr;
791af8c8 2872 uint64_t val;
5c8a00ce 2873 MemoryRegion *mr;
149f54b5
PB		 2874 hwaddr l = 4;
2875 hwaddr addr1;
50013115 2876 MemTxResult r;
4840f10e 2877 bool release_lock = false;
8df1cd07 2878
41063e1e 2879 rcu_read_lock();
fdfba1a2 2880 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2881 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2882 release_lock |= prepare_mmio_access(mr);
125b3806 2883
8df1cd07 2884 /* I/O case */
50013115 2885 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2886#if defined(TARGET_WORDS_BIGENDIAN)
2887 if (endian == DEVICE_LITTLE_ENDIAN) {
2888 val = bswap32(val);
2889 }
2890#else
2891 if (endian == DEVICE_BIG_ENDIAN) {
2892 val = bswap32(val);
2893 }
2894#endif
8df1cd07
FB		 2895 } else {
2896 /* RAM case */
5c8a00ce 2897 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2898 & TARGET_PAGE_MASK)
149f54b5 2899 + addr1);
1e78bcc1
AG		 2900 switch (endian) {
2901 case DEVICE_LITTLE_ENDIAN:
2902 val = ldl_le_p(ptr);
2903 break;
2904 case DEVICE_BIG_ENDIAN:
2905 val = ldl_be_p(ptr);
2906 break;
2907 default:
2908 val = ldl_p(ptr);
2909 break;
2910 }
50013115
PM		 2911 r = MEMTX_OK;
2912 }
2913 if (result) {
2914 *result = r;
8df1cd07 2915 }
4840f10e
JK		 2916 if (release_lock) {
2917 qemu_mutex_unlock_iothread();
2918 }
41063e1e 2919 rcu_read_unlock();
8df1cd07
FB		 2920 return val;
2921}
2922
50013115
PM		 2923uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2924 MemTxAttrs attrs, MemTxResult *result)
2925{
2926 return address_space_ldl_internal(as, addr, attrs, result,
2927 DEVICE_NATIVE_ENDIAN);
2928}
2929
2930uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2931 MemTxAttrs attrs, MemTxResult *result)
2932{
2933 return address_space_ldl_internal(as, addr, attrs, result,
2934 DEVICE_LITTLE_ENDIAN);
2935}
2936
2937uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2938 MemTxAttrs attrs, MemTxResult *result)
2939{
2940 return address_space_ldl_internal(as, addr, attrs, result,
2941 DEVICE_BIG_ENDIAN);
2942}
2943
fdfba1a2 2944uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2945{
50013115 2946 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2947}
2948
fdfba1a2 2949uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2950{
50013115 2951 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2952}
2953
fdfba1a2 2954uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2955{
50013115 2956 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2957}
2958
84b7b8e7 2959/* warning: addr must be aligned */
50013115
PM		 2960static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2961 MemTxAttrs attrs,
2962 MemTxResult *result,
2963 enum device_endian endian)
84b7b8e7 2964{
84b7b8e7
FB		 2965 uint8_t *ptr;
2966 uint64_t val;
5c8a00ce 2967 MemoryRegion *mr;
149f54b5
PB		 2968 hwaddr l = 8;
2969 hwaddr addr1;
50013115 2970 MemTxResult r;
4840f10e 2971 bool release_lock = false;
84b7b8e7 2972
41063e1e 2973 rcu_read_lock();
2c17449b 2974 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2975 false);
2976 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 2977 release_lock |= prepare_mmio_access(mr);
125b3806 2978
84b7b8e7 2979 /* I/O case */
50013115 2980 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 2981#if defined(TARGET_WORDS_BIGENDIAN)
2982 if (endian == DEVICE_LITTLE_ENDIAN) {
2983 val = bswap64(val);
2984 }
2985#else
2986 if (endian == DEVICE_BIG_ENDIAN) {
2987 val = bswap64(val);
2988 }
84b7b8e7
FB		 2989#endif
2990 } else {
2991 /* RAM case */
5c8a00ce 2992 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2993 & TARGET_PAGE_MASK)
149f54b5 2994 + addr1);
1e78bcc1
AG		 2995 switch (endian) {
2996 case DEVICE_LITTLE_ENDIAN:
2997 val = ldq_le_p(ptr);
2998 break;
2999 case DEVICE_BIG_ENDIAN:
3000 val = ldq_be_p(ptr);
3001 break;
3002 default:
3003 val = ldq_p(ptr);
3004 break;
3005 }
50013115
PM		 3006 r = MEMTX_OK;
3007 }
3008 if (result) {
3009 *result = r;
84b7b8e7 3010 }
4840f10e
JK		 3011 if (release_lock) {
3012 qemu_mutex_unlock_iothread();
3013 }
41063e1e 3014 rcu_read_unlock();
84b7b8e7
FB		 3015 return val;
3016}
3017
50013115
PM		 3018uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3019 MemTxAttrs attrs, MemTxResult *result)
3020{
3021 return address_space_ldq_internal(as, addr, attrs, result,
3022 DEVICE_NATIVE_ENDIAN);
3023}
3024
3025uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3026 MemTxAttrs attrs, MemTxResult *result)
3027{
3028 return address_space_ldq_internal(as, addr, attrs, result,
3029 DEVICE_LITTLE_ENDIAN);
3030}
3031
3032uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3033 MemTxAttrs attrs, MemTxResult *result)
3034{
3035 return address_space_ldq_internal(as, addr, attrs, result,
3036 DEVICE_BIG_ENDIAN);
3037}
3038
2c17449b 3039uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3040{
50013115 3041 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3042}
3043
2c17449b 3044uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3045{
50013115 3046 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3047}
3048
2c17449b 3049uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3050{
50013115 3051 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3052}
3053
aab33094 3054/* XXX: optimize */
50013115
PM		 3055uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3056 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3057{
3058 uint8_t val;
50013115
PM		 3059 MemTxResult r;
3060
3061 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3062 if (result) {
3063 *result = r;
3064 }
aab33094
FB		 3065 return val;
3066}
3067
50013115
PM		 3068uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3069{
3070 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3071}
3072
733f0b02 3073/* warning: addr must be aligned */
50013115
PM		 3074static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3075 hwaddr addr,
3076 MemTxAttrs attrs,
3077 MemTxResult *result,
3078 enum device_endian endian)
aab33094 3079{
733f0b02
MT		 3080 uint8_t *ptr;
3081 uint64_t val;
5c8a00ce 3082 MemoryRegion *mr;
149f54b5
PB		 3083 hwaddr l = 2;
3084 hwaddr addr1;
50013115 3085 MemTxResult r;
4840f10e 3086 bool release_lock = false;
733f0b02 3087
41063e1e 3088 rcu_read_lock();
41701aa4 3089 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3090 false);
3091 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3092 release_lock |= prepare_mmio_access(mr);
125b3806 3093
733f0b02 3094 /* I/O case */
50013115 3095 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3096#if defined(TARGET_WORDS_BIGENDIAN)
3097 if (endian == DEVICE_LITTLE_ENDIAN) {
3098 val = bswap16(val);
3099 }
3100#else
3101 if (endian == DEVICE_BIG_ENDIAN) {
3102 val = bswap16(val);
3103 }
3104#endif
733f0b02
MT		 3105 } else {
3106 /* RAM case */
5c8a00ce 3107 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3108 & TARGET_PAGE_MASK)
149f54b5 3109 + addr1);
1e78bcc1
AG		 3110 switch (endian) {
3111 case DEVICE_LITTLE_ENDIAN:
3112 val = lduw_le_p(ptr);
3113 break;
3114 case DEVICE_BIG_ENDIAN:
3115 val = lduw_be_p(ptr);
3116 break;
3117 default:
3118 val = lduw_p(ptr);
3119 break;
3120 }
50013115
PM		 3121 r = MEMTX_OK;
3122 }
3123 if (result) {
3124 *result = r;
733f0b02 3125 }
4840f10e
JK		 3126 if (release_lock) {
3127 qemu_mutex_unlock_iothread();
3128 }
41063e1e 3129 rcu_read_unlock();
733f0b02 3130 return val;
aab33094
FB		 3131}
3132
50013115
PM		 3133uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3134 MemTxAttrs attrs, MemTxResult *result)
3135{
3136 return address_space_lduw_internal(as, addr, attrs, result,
3137 DEVICE_NATIVE_ENDIAN);
3138}
3139
3140uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3141 MemTxAttrs attrs, MemTxResult *result)
3142{
3143 return address_space_lduw_internal(as, addr, attrs, result,
3144 DEVICE_LITTLE_ENDIAN);
3145}
3146
3147uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3148 MemTxAttrs attrs, MemTxResult *result)
3149{
3150 return address_space_lduw_internal(as, addr, attrs, result,
3151 DEVICE_BIG_ENDIAN);
3152}
3153
41701aa4 3154uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3155{
50013115 3156 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3157}
3158
41701aa4 3159uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3160{
50013115 3161 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3162}
3163
41701aa4 3164uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3165{
50013115 3166 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3167}
3168
8df1cd07
FB		 3169/* warning: addr must be aligned. The ram page is not masked as dirty
3170 and the code inside is not invalidated. It is useful if the dirty
3171 bits are used to track modified PTEs */
50013115
PM		 3172void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3173 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3174{
8df1cd07 3175 uint8_t *ptr;
5c8a00ce 3176 MemoryRegion *mr;
149f54b5
PB		 3177 hwaddr l = 4;
3178 hwaddr addr1;
50013115 3179 MemTxResult r;
845b6214 3180 uint8_t dirty_log_mask;
4840f10e 3181 bool release_lock = false;
8df1cd07 3182
41063e1e 3183 rcu_read_lock();
2198a121 3184 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3185 true);
3186 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3187 release_lock |= prepare_mmio_access(mr);
125b3806 3188
50013115 3189 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3190 } else {
5c8a00ce 3191 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3192 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3193 stl_p(ptr, val);
74576198 3194
845b6214
PB		 3195 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3196 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3197 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3198 r = MEMTX_OK;
3199 }
3200 if (result) {
3201 *result = r;
8df1cd07 3202 }
4840f10e
JK		 3203 if (release_lock) {
3204 qemu_mutex_unlock_iothread();
3205 }
41063e1e 3206 rcu_read_unlock();
8df1cd07
FB		 3207}
3208
50013115
PM		 3209void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3210{
3211 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3212}
3213
8df1cd07 3214/* warning: addr must be aligned */
50013115
PM		 3215static inline void address_space_stl_internal(AddressSpace *as,
3216 hwaddr addr, uint32_t val,
3217 MemTxAttrs attrs,
3218 MemTxResult *result,
3219 enum device_endian endian)
8df1cd07 3220{
8df1cd07 3221 uint8_t *ptr;
5c8a00ce 3222 MemoryRegion *mr;
149f54b5
PB		 3223 hwaddr l = 4;
3224 hwaddr addr1;
50013115 3225 MemTxResult r;
4840f10e 3226 bool release_lock = false;
8df1cd07 3227
41063e1e 3228 rcu_read_lock();
ab1da857 3229 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3230 true);
3231 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3232 release_lock |= prepare_mmio_access(mr);
125b3806 3233
1e78bcc1
AG		 3234#if defined(TARGET_WORDS_BIGENDIAN)
3235 if (endian == DEVICE_LITTLE_ENDIAN) {
3236 val = bswap32(val);
3237 }
3238#else
3239 if (endian == DEVICE_BIG_ENDIAN) {
3240 val = bswap32(val);
3241 }
3242#endif
50013115 3243 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3244 } else {
8df1cd07 3245 /* RAM case */
5c8a00ce 3246 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3247 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3248 switch (endian) {
3249 case DEVICE_LITTLE_ENDIAN:
3250 stl_le_p(ptr, val);
3251 break;
3252 case DEVICE_BIG_ENDIAN:
3253 stl_be_p(ptr, val);
3254 break;
3255 default:
3256 stl_p(ptr, val);
3257 break;
3258 }
845b6214 3259 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3260 r = MEMTX_OK;
3261 }
3262 if (result) {
3263 *result = r;
8df1cd07 3264 }
4840f10e
JK		 3265 if (release_lock) {
3266 qemu_mutex_unlock_iothread();
3267 }
41063e1e 3268 rcu_read_unlock();
8df1cd07
FB		 3269}
3270
50013115
PM		 3271void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3272 MemTxAttrs attrs, MemTxResult *result)
3273{
3274 address_space_stl_internal(as, addr, val, attrs, result,
3275 DEVICE_NATIVE_ENDIAN);
3276}
3277
3278void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3279 MemTxAttrs attrs, MemTxResult *result)
3280{
3281 address_space_stl_internal(as, addr, val, attrs, result,
3282 DEVICE_LITTLE_ENDIAN);
3283}
3284
3285void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3286 MemTxAttrs attrs, MemTxResult *result)
3287{
3288 address_space_stl_internal(as, addr, val, attrs, result,
3289 DEVICE_BIG_ENDIAN);
3290}
3291
ab1da857 3292void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3293{
50013115 3294 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3295}
3296
ab1da857 3297void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3298{
50013115 3299 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3300}
3301
ab1da857 3302void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3303{
50013115 3304 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3305}
3306
aab33094 3307/* XXX: optimize */
50013115
PM		 3308void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3309 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3310{
3311 uint8_t v = val;
50013115
PM		 3312 MemTxResult r;
3313
3314 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3315 if (result) {
3316 *result = r;
3317 }
3318}
3319
3320void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3321{
3322 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3323}
3324
733f0b02 3325/* warning: addr must be aligned */
50013115
PM		 3326static inline void address_space_stw_internal(AddressSpace *as,
3327 hwaddr addr, uint32_t val,
3328 MemTxAttrs attrs,
3329 MemTxResult *result,
3330 enum device_endian endian)
aab33094 3331{
733f0b02 3332 uint8_t *ptr;
5c8a00ce 3333 MemoryRegion *mr;
149f54b5
PB		 3334 hwaddr l = 2;
3335 hwaddr addr1;
50013115 3336 MemTxResult r;
4840f10e 3337 bool release_lock = false;
733f0b02 3338
41063e1e 3339 rcu_read_lock();
5ce5944d 3340 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3341 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3342 release_lock |= prepare_mmio_access(mr);
125b3806 3343
1e78bcc1
AG		 3344#if defined(TARGET_WORDS_BIGENDIAN)
3345 if (endian == DEVICE_LITTLE_ENDIAN) {
3346 val = bswap16(val);
3347 }
3348#else
3349 if (endian == DEVICE_BIG_ENDIAN) {
3350 val = bswap16(val);
3351 }
3352#endif
50013115 3353 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3354 } else {
733f0b02 3355 /* RAM case */
5c8a00ce 3356 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3357 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3358 switch (endian) {
3359 case DEVICE_LITTLE_ENDIAN:
3360 stw_le_p(ptr, val);
3361 break;
3362 case DEVICE_BIG_ENDIAN:
3363 stw_be_p(ptr, val);
3364 break;
3365 default:
3366 stw_p(ptr, val);
3367 break;
3368 }
845b6214 3369 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3370 r = MEMTX_OK;
3371 }
3372 if (result) {
3373 *result = r;
733f0b02 3374 }
4840f10e
JK		 3375 if (release_lock) {
3376 qemu_mutex_unlock_iothread();
3377 }
41063e1e 3378 rcu_read_unlock();
aab33094
FB		 3379}
3380
50013115
PM		 3381void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3382 MemTxAttrs attrs, MemTxResult *result)
3383{
3384 address_space_stw_internal(as, addr, val, attrs, result,
3385 DEVICE_NATIVE_ENDIAN);
3386}
3387
3388void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3389 MemTxAttrs attrs, MemTxResult *result)
3390{
3391 address_space_stw_internal(as, addr, val, attrs, result,
3392 DEVICE_LITTLE_ENDIAN);
3393}
3394
3395void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3397{
3398 address_space_stw_internal(as, addr, val, attrs, result,
3399 DEVICE_BIG_ENDIAN);
3400}
3401
5ce5944d 3402void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3403{
50013115 3404 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3405}
3406
5ce5944d 3407void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3408{
50013115 3409 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3410}
3411
5ce5944d 3412void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3413{
50013115 3414 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3415}
3416
aab33094 3417/* XXX: optimize */
50013115
PM		 3418void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3419 MemTxAttrs attrs, MemTxResult *result)
aab33094 3420{
50013115 3421 MemTxResult r;
aab33094 3422 val = tswap64(val);
50013115
PM		 3423 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3424 if (result) {
3425 *result = r;
3426 }
aab33094
FB		 3427}
3428
50013115
PM		 3429void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3430 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3431{
50013115 3432 MemTxResult r;
1e78bcc1 3433 val = cpu_to_le64(val);
50013115
PM		 3434 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3435 if (result) {
3436 *result = r;
3437 }
3438}
3439void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3440 MemTxAttrs attrs, MemTxResult *result)
3441{
3442 MemTxResult r;
3443 val = cpu_to_be64(val);
3444 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3445 if (result) {
3446 *result = r;
3447 }
3448}
3449
3450void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3451{
3452 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3453}
3454
3455void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3456{
3457 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3458}
3459
f606604f 3460void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3461{
50013115 3462 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3463}
3464
5e2972fd 3465/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3466int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3467 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3468{
3469 int l;
a8170e5e 3470 hwaddr phys_addr;
9b3c35e0 3471 target_ulong page;
13eb76e0
FB		 3472
3473 while (len > 0) {
3474 page = addr & TARGET_PAGE_MASK;
f17ec444 3475 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3476 /* if no physical page mapped, return an error */
3477 if (phys_addr == -1)
3478 return -1;
3479 l = (page + TARGET_PAGE_SIZE) - addr;
3480 if (l > len)
3481 l = len;
5e2972fd 3482 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3483 if (is_write) {
3484 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3485 } else {
5c9eb028
PM		 3486 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3487 buf, l, 0);
2e38847b 3488 }
13eb76e0
FB		 3489 len -= l;
3490 buf += l;
3491 addr += l;
3492 }
3493 return 0;
3494}
a68fe89c 3495#endif
13eb76e0 3496
8e4a424b
BS		 3497/*
3498 * A helper function for the _utterly broken_ virtio device model to find out if
3499 * it's running on a big endian machine. Don't do this at home kids!
3500 */
98ed8ecf
GK		 3501bool target_words_bigendian(void);
3502bool target_words_bigendian(void)
8e4a424b
BS		 3503{
3504#if defined(TARGET_WORDS_BIGENDIAN)
3505 return true;
3506#else
3507 return false;
3508#endif
3509}
3510
76f35538 3511#ifndef CONFIG_USER_ONLY
a8170e5e 3512bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3513{
5c8a00ce 3514 MemoryRegion*mr;
149f54b5 3515 hwaddr l = 1;
41063e1e 3516 bool res;
76f35538 3517
41063e1e 3518 rcu_read_lock();
5c8a00ce
PB		 3519 mr = address_space_translate(&address_space_memory,
3520 phys_addr, &phys_addr, &l, false);
76f35538 3521
41063e1e
PB		 3522 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3523 rcu_read_unlock();
3524 return res;
76f35538 3525}
bd2fa51f 3526
e3807054 3527int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3528{
3529 RAMBlock *block;
e3807054 3530 int ret = 0;
bd2fa51f 3531
0dc3f44a
MD		 3532 rcu_read_lock();
3533 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3534 ret = func(block->idstr, block->host, block->offset,
3535 block->used_length, opaque);
3536 if (ret) {
3537 break;
3538 }
bd2fa51f 3539 }
0dc3f44a 3540 rcu_read_unlock();
e3807054 3541 return ret;
bd2fa51f 3542}
ec3f8c99 3543#endif
Mirror of https://git.qemu.org/git/qemu.git