4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
35 #include "qemu-timer.h"
36 #include "qemu-config.h"
37 #include "exec/memory.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "xen-mapcache.h"
47 #include "exec/cputlb.h"
48 #include "translate-all.h"
50 #include "exec/memory-internal.h"
52 //#define DEBUG_UNASSIGNED
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
68 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
69 static MemoryRegion io_mem_subpage_ram;
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 static MemoryRegionSection *phys_sections;
85 static unsigned phys_sections_nb, phys_sections_nb_alloc;
86 static uint16_t phys_section_unassigned;
87 static uint16_t phys_section_notdirty;
88 static uint16_t phys_section_rom;
89 static uint16_t phys_section_watch;
91 /* Simple allocator for PhysPageEntry nodes */
92 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
93 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
95 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
97 static void io_mem_init(void);
98 static void memory_map_init(void);
99 static void *qemu_safe_ram_ptr(ram_addr_t addr);
101 static MemoryRegion io_mem_watch;
104 #if !defined(CONFIG_USER_ONLY)
106 static void phys_map_node_reserve(unsigned nodes)
108 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
109 typedef PhysPageEntry Node[L2_SIZE];
110 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
112 phys_map_nodes_nb + nodes);
113 phys_map_nodes = g_renew(Node, phys_map_nodes,
114 phys_map_nodes_nb_alloc);
118 static uint16_t phys_map_node_alloc(void)
123 ret = phys_map_nodes_nb++;
124 assert(ret != PHYS_MAP_NODE_NIL);
125 assert(ret != phys_map_nodes_nb_alloc);
126 for (i = 0; i < L2_SIZE; ++i) {
127 phys_map_nodes[ret][i].is_leaf = 0;
128 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
133 static void phys_map_nodes_reset(void)
135 phys_map_nodes_nb = 0;
139 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
140 hwaddr *nb, uint16_t leaf,
145 hwaddr step = (hwaddr)1 << (level * L2_BITS);
147 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
148 lp->ptr = phys_map_node_alloc();
149 p = phys_map_nodes[lp->ptr];
151 for (i = 0; i < L2_SIZE; i++) {
153 p[i].ptr = phys_section_unassigned;
157 p = phys_map_nodes[lp->ptr];
159 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
161 while (*nb && lp < &p[L2_SIZE]) {
162 if ((*index & (step - 1)) == 0 && *nb >= step) {
168 phys_page_set_level(lp, index, nb, leaf, level - 1);
174 static void phys_page_set(AddressSpaceDispatch *d,
175 hwaddr index, hwaddr nb,
178 /* Wildly overreserve - it doesn't matter much. */
179 phys_map_node_reserve(3 * P_L2_LEVELS);
181 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
184 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
186 PhysPageEntry lp = d->phys_map;
189 uint16_t s_index = phys_section_unassigned;
191 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
192 if (lp.ptr == PHYS_MAP_NODE_NIL) {
195 p = phys_map_nodes[lp.ptr];
196 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
201 return &phys_sections[s_index];
204 bool memory_region_is_unassigned(MemoryRegion *mr)
206 return mr != &io_mem_ram && mr != &io_mem_rom
207 && mr != &io_mem_notdirty && !mr->rom_device
208 && mr != &io_mem_watch;
212 void cpu_exec_init_all(void)
214 #if !defined(CONFIG_USER_ONLY)
220 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
222 static int cpu_common_post_load(void *opaque, int version_id)
224 CPUArchState *env = opaque;
226 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
227 version_id is increased. */
228 env->interrupt_request &= ~0x01;
234 static const VMStateDescription vmstate_cpu_common = {
235 .name = "cpu_common",
237 .minimum_version_id = 1,
238 .minimum_version_id_old = 1,
239 .post_load = cpu_common_post_load,
240 .fields = (VMStateField []) {
241 VMSTATE_UINT32(halted, CPUArchState),
242 VMSTATE_UINT32(interrupt_request, CPUArchState),
243 VMSTATE_END_OF_LIST()
248 CPUArchState *qemu_get_cpu(int cpu)
250 CPUArchState *env = first_cpu;
253 if (env->cpu_index == cpu)
261 void cpu_exec_init(CPUArchState *env)
263 #ifndef CONFIG_USER_ONLY
264 CPUState *cpu = ENV_GET_CPU(env);
269 #if defined(CONFIG_USER_ONLY)
272 env->next_cpu = NULL;
275 while (*penv != NULL) {
276 penv = &(*penv)->next_cpu;
279 env->cpu_index = cpu_index;
281 QTAILQ_INIT(&env->breakpoints);
282 QTAILQ_INIT(&env->watchpoints);
283 #ifndef CONFIG_USER_ONLY
284 cpu->thread_id = qemu_get_thread_id();
287 #if defined(CONFIG_USER_ONLY)
290 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
291 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
292 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
293 cpu_save, cpu_load, env);
297 #if defined(TARGET_HAS_ICE)
298 #if defined(CONFIG_USER_ONLY)
299 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
301 tb_invalidate_phys_page_range(pc, pc + 1, 0);
304 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
306 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
307 (pc & ~TARGET_PAGE_MASK));
310 #endif /* TARGET_HAS_ICE */
312 #if defined(CONFIG_USER_ONLY)
313 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
318 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
319 int flags, CPUWatchpoint **watchpoint)
324 /* Add a watchpoint. */
325 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
326 int flags, CPUWatchpoint **watchpoint)
328 target_ulong len_mask = ~(len - 1);
331 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
332 if ((len & (len - 1)) || (addr & ~len_mask) ||
333 len == 0 || len > TARGET_PAGE_SIZE) {
334 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
335 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
338 wp = g_malloc(sizeof(*wp));
341 wp->len_mask = len_mask;
344 /* keep all GDB-injected watchpoints in front */
346 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
348 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
350 tlb_flush_page(env, addr);
357 /* Remove a specific watchpoint. */
358 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
361 target_ulong len_mask = ~(len - 1);
364 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
365 if (addr == wp->vaddr && len_mask == wp->len_mask
366 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
367 cpu_watchpoint_remove_by_ref(env, wp);
374 /* Remove a specific watchpoint by reference. */
375 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
377 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
379 tlb_flush_page(env, watchpoint->vaddr);
384 /* Remove all matching watchpoints. */
385 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
387 CPUWatchpoint *wp, *next;
389 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
390 if (wp->flags & mask)
391 cpu_watchpoint_remove_by_ref(env, wp);
396 /* Add a breakpoint. */
397 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
398 CPUBreakpoint **breakpoint)
400 #if defined(TARGET_HAS_ICE)
403 bp = g_malloc(sizeof(*bp));
408 /* keep all GDB-injected breakpoints in front */
410 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
412 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
414 breakpoint_invalidate(env, pc);
424 /* Remove a specific breakpoint. */
425 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
427 #if defined(TARGET_HAS_ICE)
430 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
431 if (bp->pc == pc && bp->flags == flags) {
432 cpu_breakpoint_remove_by_ref(env, bp);
442 /* Remove a specific breakpoint by reference. */
443 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
445 #if defined(TARGET_HAS_ICE)
446 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
448 breakpoint_invalidate(env, breakpoint->pc);
454 /* Remove all matching breakpoints. */
455 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
457 #if defined(TARGET_HAS_ICE)
458 CPUBreakpoint *bp, *next;
460 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
461 if (bp->flags & mask)
462 cpu_breakpoint_remove_by_ref(env, bp);
467 /* enable or disable single step mode. EXCP_DEBUG is returned by the
468 CPU loop after each instruction */
469 void cpu_single_step(CPUArchState *env, int enabled)
471 #if defined(TARGET_HAS_ICE)
472 if (env->singlestep_enabled != enabled) {
473 env->singlestep_enabled = enabled;
475 kvm_update_guest_debug(env, 0);
477 /* must flush all the translated code to avoid inconsistencies */
478 /* XXX: only flush what is necessary */
485 void cpu_reset_interrupt(CPUArchState *env, int mask)
487 env->interrupt_request &= ~mask;
490 void cpu_exit(CPUArchState *env)
492 env->exit_request = 1;
496 void cpu_abort(CPUArchState *env, const char *fmt, ...)
503 fprintf(stderr, "qemu: fatal: ");
504 vfprintf(stderr, fmt, ap);
505 fprintf(stderr, "\n");
506 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
507 if (qemu_log_enabled()) {
508 qemu_log("qemu: fatal: ");
509 qemu_log_vprintf(fmt, ap2);
511 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
517 #if defined(CONFIG_USER_ONLY)
519 struct sigaction act;
520 sigfillset(&act.sa_mask);
521 act.sa_handler = SIG_DFL;
522 sigaction(SIGABRT, &act, NULL);
528 CPUArchState *cpu_copy(CPUArchState *env)
530 CPUArchState *new_env = cpu_init(env->cpu_model_str);
531 CPUArchState *next_cpu = new_env->next_cpu;
532 int cpu_index = new_env->cpu_index;
533 #if defined(TARGET_HAS_ICE)
538 memcpy(new_env, env, sizeof(CPUArchState));
540 /* Preserve chaining and index. */
541 new_env->next_cpu = next_cpu;
542 new_env->cpu_index = cpu_index;
544 /* Clone all break/watchpoints.
545 Note: Once we support ptrace with hw-debug register access, make sure
546 BP_CPU break/watchpoints are handled correctly on clone. */
547 QTAILQ_INIT(&env->breakpoints);
548 QTAILQ_INIT(&env->watchpoints);
549 #if defined(TARGET_HAS_ICE)
550 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
551 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
553 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
554 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
562 #if !defined(CONFIG_USER_ONLY)
563 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
568 /* we modify the TLB cache so that the dirty bit will be set again
569 when accessing the range */
570 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
571 /* Check that we don't span multiple blocks - this breaks the
572 address comparisons below. */
573 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
574 != (end - 1) - start) {
577 cpu_tlb_reset_dirty_all(start1, length);
581 /* Note: start and end must be within the same ram block. */
582 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
587 start &= TARGET_PAGE_MASK;
588 end = TARGET_PAGE_ALIGN(end);
590 length = end - start;
593 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
596 tlb_reset_dirty_range_all(start, end, length);
600 static int cpu_physical_memory_set_dirty_tracking(int enable)
603 in_migration = enable;
607 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
608 MemoryRegionSection *section,
612 target_ulong *address)
617 if (memory_region_is_ram(section->mr)) {
619 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
620 + memory_region_section_addr(section, paddr);
621 if (!section->readonly) {
622 iotlb |= phys_section_notdirty;
624 iotlb |= phys_section_rom;
627 /* IO handlers are currently passed a physical address.
628 It would be nice to pass an offset from the base address
629 of that region. This would avoid having to special case RAM,
630 and avoid full address decoding in every device.
631 We can't use the high bits of pd for this because
632 IO_MEM_ROMD uses these as a ram address. */
633 iotlb = section - phys_sections;
634 iotlb += memory_region_section_addr(section, paddr);
637 /* Make accesses to pages with watchpoints go via the
638 watchpoint trap routines. */
639 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
640 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
641 /* Avoid trapping reads of pages with a write breakpoint. */
642 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
643 iotlb = phys_section_watch + paddr;
644 *address |= TLB_MMIO;
652 #endif /* defined(CONFIG_USER_ONLY) */
654 #if !defined(CONFIG_USER_ONLY)
656 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
657 typedef struct subpage_t {
660 uint16_t sub_section[TARGET_PAGE_SIZE];
663 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
665 static subpage_t *subpage_init(hwaddr base);
666 static void destroy_page_desc(uint16_t section_index)
668 MemoryRegionSection *section = &phys_sections[section_index];
669 MemoryRegion *mr = section->mr;
672 subpage_t *subpage = container_of(mr, subpage_t, iomem);
673 memory_region_destroy(&subpage->iomem);
678 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
683 if (lp->ptr == PHYS_MAP_NODE_NIL) {
687 p = phys_map_nodes[lp->ptr];
688 for (i = 0; i < L2_SIZE; ++i) {
690 destroy_l2_mapping(&p[i], level - 1);
692 destroy_page_desc(p[i].ptr);
696 lp->ptr = PHYS_MAP_NODE_NIL;
699 static void destroy_all_mappings(AddressSpaceDispatch *d)
701 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
702 phys_map_nodes_reset();
705 static uint16_t phys_section_add(MemoryRegionSection *section)
707 if (phys_sections_nb == phys_sections_nb_alloc) {
708 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
709 phys_sections = g_renew(MemoryRegionSection, phys_sections,
710 phys_sections_nb_alloc);
712 phys_sections[phys_sections_nb] = *section;
713 return phys_sections_nb++;
716 static void phys_sections_clear(void)
718 phys_sections_nb = 0;
721 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
724 hwaddr base = section->offset_within_address_space
726 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
727 MemoryRegionSection subsection = {
728 .offset_within_address_space = base,
729 .size = TARGET_PAGE_SIZE,
733 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
735 if (!(existing->mr->subpage)) {
736 subpage = subpage_init(base);
737 subsection.mr = &subpage->iomem;
738 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
739 phys_section_add(&subsection));
741 subpage = container_of(existing->mr, subpage_t, iomem);
743 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
744 end = start + section->size - 1;
745 subpage_register(subpage, start, end, phys_section_add(section));
749 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
751 hwaddr start_addr = section->offset_within_address_space;
752 ram_addr_t size = section->size;
754 uint16_t section_index = phys_section_add(section);
759 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
763 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
765 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
766 MemoryRegionSection now = *section, remain = *section;
768 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
769 || (now.size < TARGET_PAGE_SIZE)) {
770 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
771 - now.offset_within_address_space,
773 register_subpage(d, &now);
774 remain.size -= now.size;
775 remain.offset_within_address_space += now.size;
776 remain.offset_within_region += now.size;
778 while (remain.size >= TARGET_PAGE_SIZE) {
780 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
781 now.size = TARGET_PAGE_SIZE;
782 register_subpage(d, &now);
784 now.size &= TARGET_PAGE_MASK;
785 register_multipage(d, &now);
787 remain.size -= now.size;
788 remain.offset_within_address_space += now.size;
789 remain.offset_within_region += now.size;
793 register_subpage(d, &now);
797 void qemu_flush_coalesced_mmio_buffer(void)
800 kvm_flush_coalesced_mmio_buffer();
803 #if defined(__linux__) && !defined(TARGET_S390X)
807 #define HUGETLBFS_MAGIC 0x958458f6
809 static long gethugepagesize(const char *path)
815 ret = statfs(path, &fs);
816 } while (ret != 0 && errno == EINTR);
823 if (fs.f_type != HUGETLBFS_MAGIC)
824 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
829 static void *file_ram_alloc(RAMBlock *block,
839 unsigned long hpagesize;
841 hpagesize = gethugepagesize(path);
846 if (memory < hpagesize) {
850 if (kvm_enabled() && !kvm_has_sync_mmu()) {
851 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
855 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
859 fd = mkstemp(filename);
861 perror("unable to create backing store for hugepages");
868 memory = (memory+hpagesize-1) & ~(hpagesize-1);
871 * ftruncate is not supported by hugetlbfs in older
872 * hosts, so don't bother bailing out on errors.
873 * If anything goes wrong with it under other filesystems,
876 if (ftruncate(fd, memory))
880 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
881 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
882 * to sidestep this quirk.
884 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
885 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
887 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
889 if (area == MAP_FAILED) {
890 perror("file_ram_alloc: can't mmap RAM pages");
899 static ram_addr_t find_ram_offset(ram_addr_t size)
901 RAMBlock *block, *next_block;
902 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
904 if (QLIST_EMPTY(&ram_list.blocks))
907 QLIST_FOREACH(block, &ram_list.blocks, next) {
908 ram_addr_t end, next = RAM_ADDR_MAX;
910 end = block->offset + block->length;
912 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
913 if (next_block->offset >= end) {
914 next = MIN(next, next_block->offset);
917 if (next - end >= size && next - end < mingap) {
923 if (offset == RAM_ADDR_MAX) {
924 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
932 ram_addr_t last_ram_offset(void)
937 QLIST_FOREACH(block, &ram_list.blocks, next)
938 last = MAX(last, block->offset + block->length);
943 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
946 QemuOpts *machine_opts;
948 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
949 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
951 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
952 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
954 perror("qemu_madvise");
955 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
956 "but dump_guest_core=off specified\n");
961 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
963 RAMBlock *new_block, *block;
966 QLIST_FOREACH(block, &ram_list.blocks, next) {
967 if (block->offset == addr) {
973 assert(!new_block->idstr[0]);
976 char *id = qdev_get_dev_path(dev);
978 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
982 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
984 QLIST_FOREACH(block, &ram_list.blocks, next) {
985 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
986 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
993 static int memory_try_enable_merging(void *addr, size_t len)
997 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
998 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
999 /* disabled by the user */
1003 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1006 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1009 RAMBlock *new_block;
1011 size = TARGET_PAGE_ALIGN(size);
1012 new_block = g_malloc0(sizeof(*new_block));
1015 new_block->offset = find_ram_offset(size);
1017 new_block->host = host;
1018 new_block->flags |= RAM_PREALLOC_MASK;
1021 #if defined (__linux__) && !defined(TARGET_S390X)
1022 new_block->host = file_ram_alloc(new_block, size, mem_path);
1023 if (!new_block->host) {
1024 new_block->host = qemu_vmalloc(size);
1025 memory_try_enable_merging(new_block->host, size);
1028 fprintf(stderr, "-mem-path option unsupported\n");
1032 if (xen_enabled()) {
1033 xen_ram_alloc(new_block->offset, size, mr);
1034 } else if (kvm_enabled()) {
1035 /* some s390/kvm configurations have special constraints */
1036 new_block->host = kvm_vmalloc(size);
1038 new_block->host = qemu_vmalloc(size);
1040 memory_try_enable_merging(new_block->host, size);
1043 new_block->length = size;
1045 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
1047 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1048 last_ram_offset() >> TARGET_PAGE_BITS);
1049 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1050 0, size >> TARGET_PAGE_BITS);
1051 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1053 qemu_ram_setup_dump(new_block->host, size);
1054 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1057 kvm_setup_guest_memory(new_block->host, size);
1059 return new_block->offset;
1062 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1064 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1067 void qemu_ram_free_from_ptr(ram_addr_t addr)
1071 QLIST_FOREACH(block, &ram_list.blocks, next) {
1072 if (addr == block->offset) {
1073 QLIST_REMOVE(block, next);
1080 void qemu_ram_free(ram_addr_t addr)
1084 QLIST_FOREACH(block, &ram_list.blocks, next) {
1085 if (addr == block->offset) {
1086 QLIST_REMOVE(block, next);
1087 if (block->flags & RAM_PREALLOC_MASK) {
1089 } else if (mem_path) {
1090 #if defined (__linux__) && !defined(TARGET_S390X)
1092 munmap(block->host, block->length);
1095 qemu_vfree(block->host);
1101 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1102 munmap(block->host, block->length);
1104 if (xen_enabled()) {
1105 xen_invalidate_map_cache_entry(block->host);
1107 qemu_vfree(block->host);
1119 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1126 QLIST_FOREACH(block, &ram_list.blocks, next) {
1127 offset = addr - block->offset;
1128 if (offset < block->length) {
1129 vaddr = block->host + offset;
1130 if (block->flags & RAM_PREALLOC_MASK) {
1134 munmap(vaddr, length);
1136 #if defined(__linux__) && !defined(TARGET_S390X)
1139 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1142 flags |= MAP_PRIVATE;
1144 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1145 flags, block->fd, offset);
1147 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1148 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1155 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1156 flags |= MAP_SHARED | MAP_ANONYMOUS;
1157 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1160 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1161 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1165 if (area != vaddr) {
1166 fprintf(stderr, "Could not remap addr: "
1167 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1171 memory_try_enable_merging(vaddr, length);
1172 qemu_ram_setup_dump(vaddr, length);
1178 #endif /* !_WIN32 */
1180 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1181 With the exception of the softmmu code in this file, this should
1182 only be used for local memory (e.g. video ram) that the device owns,
1183 and knows it isn't going to access beyond the end of the block.
1185 It should not be used for general purpose DMA.
1186 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1188 void *qemu_get_ram_ptr(ram_addr_t addr)
1192 QLIST_FOREACH(block, &ram_list.blocks, next) {
1193 if (addr - block->offset < block->length) {
1194 /* Move this entry to to start of the list. */
1195 if (block != QLIST_FIRST(&ram_list.blocks)) {
1196 QLIST_REMOVE(block, next);
1197 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
1199 if (xen_enabled()) {
1200 /* We need to check if the requested address is in the RAM
1201 * because we don't want to map the entire memory in QEMU.
1202 * In that case just map until the end of the page.
1204 if (block->offset == 0) {
1205 return xen_map_cache(addr, 0, 0);
1206 } else if (block->host == NULL) {
1208 xen_map_cache(block->offset, block->length, 1);
1211 return block->host + (addr - block->offset);
1215 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1221 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1222 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
1224 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1228 QLIST_FOREACH(block, &ram_list.blocks, next) {
1229 if (addr - block->offset < block->length) {
1230 if (xen_enabled()) {
1231 /* We need to check if the requested address is in the RAM
1232 * because we don't want to map the entire memory in QEMU.
1233 * In that case just map until the end of the page.
1235 if (block->offset == 0) {
1236 return xen_map_cache(addr, 0, 0);
1237 } else if (block->host == NULL) {
1239 xen_map_cache(block->offset, block->length, 1);
1242 return block->host + (addr - block->offset);
1246 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1252 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1253 * but takes a size argument */
1254 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1259 if (xen_enabled()) {
1260 return xen_map_cache(addr, *size, 1);
1264 QLIST_FOREACH(block, &ram_list.blocks, next) {
1265 if (addr - block->offset < block->length) {
1266 if (addr - block->offset + *size > block->length)
1267 *size = block->length - addr + block->offset;
1268 return block->host + (addr - block->offset);
1272 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1277 void qemu_put_ram_ptr(void *addr)
1279 trace_qemu_put_ram_ptr(addr);
1282 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1285 uint8_t *host = ptr;
1287 if (xen_enabled()) {
1288 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1292 QLIST_FOREACH(block, &ram_list.blocks, next) {
1293 /* This case append when the block is not mapped. */
1294 if (block->host == NULL) {
1297 if (host - block->host < block->length) {
1298 *ram_addr = block->offset + (host - block->host);
1306 /* Some of the softmmu routines need to translate from a host pointer
1307 (typically a TLB entry) back to a ram offset. */
1308 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1310 ram_addr_t ram_addr;
1312 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1313 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1319 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1322 #ifdef DEBUG_UNASSIGNED
1323 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1325 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1326 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1331 static void unassigned_mem_write(void *opaque, hwaddr addr,
1332 uint64_t val, unsigned size)
1334 #ifdef DEBUG_UNASSIGNED
1335 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1337 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1338 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1342 static const MemoryRegionOps unassigned_mem_ops = {
1343 .read = unassigned_mem_read,
1344 .write = unassigned_mem_write,
1345 .endianness = DEVICE_NATIVE_ENDIAN,
1348 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1354 static void error_mem_write(void *opaque, hwaddr addr,
1355 uint64_t value, unsigned size)
1360 static const MemoryRegionOps error_mem_ops = {
1361 .read = error_mem_read,
1362 .write = error_mem_write,
1363 .endianness = DEVICE_NATIVE_ENDIAN,
1366 static const MemoryRegionOps rom_mem_ops = {
1367 .read = error_mem_read,
1368 .write = unassigned_mem_write,
1369 .endianness = DEVICE_NATIVE_ENDIAN,
1372 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1373 uint64_t val, unsigned size)
1376 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1377 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1378 #if !defined(CONFIG_USER_ONLY)
1379 tb_invalidate_phys_page_fast(ram_addr, size);
1380 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1385 stb_p(qemu_get_ram_ptr(ram_addr), val);
1388 stw_p(qemu_get_ram_ptr(ram_addr), val);
1391 stl_p(qemu_get_ram_ptr(ram_addr), val);
1396 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1397 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1398 /* we remove the notdirty callback only if the code has been
1400 if (dirty_flags == 0xff)
1401 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1404 static const MemoryRegionOps notdirty_mem_ops = {
1405 .read = error_mem_read,
1406 .write = notdirty_mem_write,
1407 .endianness = DEVICE_NATIVE_ENDIAN,
1410 /* Generate a debug exception if a watchpoint has been hit. */
1411 static void check_watchpoint(int offset, int len_mask, int flags)
1413 CPUArchState *env = cpu_single_env;
1414 target_ulong pc, cs_base;
1419 if (env->watchpoint_hit) {
1420 /* We re-entered the check after replacing the TB. Now raise
1421 * the debug interrupt so that is will trigger after the
1422 * current instruction. */
1423 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
1426 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1427 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1428 if ((vaddr == (wp->vaddr & len_mask) ||
1429 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1430 wp->flags |= BP_WATCHPOINT_HIT;
1431 if (!env->watchpoint_hit) {
1432 env->watchpoint_hit = wp;
1433 tb_check_watchpoint(env);
1434 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1435 env->exception_index = EXCP_DEBUG;
1438 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1439 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1440 cpu_resume_from_signal(env, NULL);
1444 wp->flags &= ~BP_WATCHPOINT_HIT;
1449 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1450 so these check for a hit then pass through to the normal out-of-line
1452 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1455 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1457 case 1: return ldub_phys(addr);
1458 case 2: return lduw_phys(addr);
1459 case 4: return ldl_phys(addr);
1464 static void watch_mem_write(void *opaque, hwaddr addr,
1465 uint64_t val, unsigned size)
1467 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1470 stb_phys(addr, val);
1473 stw_phys(addr, val);
1476 stl_phys(addr, val);
1482 static const MemoryRegionOps watch_mem_ops = {
1483 .read = watch_mem_read,
1484 .write = watch_mem_write,
1485 .endianness = DEVICE_NATIVE_ENDIAN,
1488 static uint64_t subpage_read(void *opaque, hwaddr addr,
1491 subpage_t *mmio = opaque;
1492 unsigned int idx = SUBPAGE_IDX(addr);
1493 MemoryRegionSection *section;
1494 #if defined(DEBUG_SUBPAGE)
1495 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1496 mmio, len, addr, idx);
1499 section = &phys_sections[mmio->sub_section[idx]];
1501 addr -= section->offset_within_address_space;
1502 addr += section->offset_within_region;
1503 return io_mem_read(section->mr, addr, len);
1506 static void subpage_write(void *opaque, hwaddr addr,
1507 uint64_t value, unsigned len)
1509 subpage_t *mmio = opaque;
1510 unsigned int idx = SUBPAGE_IDX(addr);
1511 MemoryRegionSection *section;
1512 #if defined(DEBUG_SUBPAGE)
1513 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1514 " idx %d value %"PRIx64"\n",
1515 __func__, mmio, len, addr, idx, value);
1518 section = &phys_sections[mmio->sub_section[idx]];
1520 addr -= section->offset_within_address_space;
1521 addr += section->offset_within_region;
1522 io_mem_write(section->mr, addr, value, len);
1525 static const MemoryRegionOps subpage_ops = {
1526 .read = subpage_read,
1527 .write = subpage_write,
1528 .endianness = DEVICE_NATIVE_ENDIAN,
1531 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1534 ram_addr_t raddr = addr;
1535 void *ptr = qemu_get_ram_ptr(raddr);
1537 case 1: return ldub_p(ptr);
1538 case 2: return lduw_p(ptr);
1539 case 4: return ldl_p(ptr);
1544 static void subpage_ram_write(void *opaque, hwaddr addr,
1545 uint64_t value, unsigned size)
1547 ram_addr_t raddr = addr;
1548 void *ptr = qemu_get_ram_ptr(raddr);
1550 case 1: return stb_p(ptr, value);
1551 case 2: return stw_p(ptr, value);
1552 case 4: return stl_p(ptr, value);
1557 static const MemoryRegionOps subpage_ram_ops = {
1558 .read = subpage_ram_read,
1559 .write = subpage_ram_write,
1560 .endianness = DEVICE_NATIVE_ENDIAN,
1563 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1568 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1570 idx = SUBPAGE_IDX(start);
1571 eidx = SUBPAGE_IDX(end);
1572 #if defined(DEBUG_SUBPAGE)
1573 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1574 mmio, start, end, idx, eidx, memory);
1576 if (memory_region_is_ram(phys_sections[section].mr)) {
1577 MemoryRegionSection new_section = phys_sections[section];
1578 new_section.mr = &io_mem_subpage_ram;
1579 section = phys_section_add(&new_section);
1581 for (; idx <= eidx; idx++) {
1582 mmio->sub_section[idx] = section;
1588 static subpage_t *subpage_init(hwaddr base)
1592 mmio = g_malloc0(sizeof(subpage_t));
1595 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1596 "subpage", TARGET_PAGE_SIZE);
1597 mmio->iomem.subpage = true;
1598 #if defined(DEBUG_SUBPAGE)
1599 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1600 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1602 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1607 static uint16_t dummy_section(MemoryRegion *mr)
1609 MemoryRegionSection section = {
1611 .offset_within_address_space = 0,
1612 .offset_within_region = 0,
1616 return phys_section_add(§ion);
1619 MemoryRegion *iotlb_to_region(hwaddr index)
1621 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1624 static void io_mem_init(void)
1626 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
1627 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1628 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1629 "unassigned", UINT64_MAX);
1630 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1631 "notdirty", UINT64_MAX);
1632 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1633 "subpage-ram", UINT64_MAX);
1634 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1635 "watch", UINT64_MAX);
1638 static void mem_begin(MemoryListener *listener)
1640 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1642 destroy_all_mappings(d);
1643 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1646 static void core_begin(MemoryListener *listener)
1648 phys_sections_clear();
1649 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1650 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1651 phys_section_rom = dummy_section(&io_mem_rom);
1652 phys_section_watch = dummy_section(&io_mem_watch);
1655 static void tcg_commit(MemoryListener *listener)
1659 /* since each CPU stores ram addresses in its TLB cache, we must
1660 reset the modified entries */
1662 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1667 static void core_log_global_start(MemoryListener *listener)
1669 cpu_physical_memory_set_dirty_tracking(1);
1672 static void core_log_global_stop(MemoryListener *listener)
1674 cpu_physical_memory_set_dirty_tracking(0);
1677 static void io_region_add(MemoryListener *listener,
1678 MemoryRegionSection *section)
1680 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1682 mrio->mr = section->mr;
1683 mrio->offset = section->offset_within_region;
1684 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1685 section->offset_within_address_space, section->size);
1686 ioport_register(&mrio->iorange);
1689 static void io_region_del(MemoryListener *listener,
1690 MemoryRegionSection *section)
1692 isa_unassign_ioport(section->offset_within_address_space, section->size);
1695 static MemoryListener core_memory_listener = {
1696 .begin = core_begin,
1697 .log_global_start = core_log_global_start,
1698 .log_global_stop = core_log_global_stop,
1702 static MemoryListener io_memory_listener = {
1703 .region_add = io_region_add,
1704 .region_del = io_region_del,
1708 static MemoryListener tcg_memory_listener = {
1709 .commit = tcg_commit,
1712 void address_space_init_dispatch(AddressSpace *as)
1714 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1716 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1717 d->listener = (MemoryListener) {
1719 .region_add = mem_add,
1720 .region_nop = mem_add,
1724 memory_listener_register(&d->listener, as);
1727 void address_space_destroy_dispatch(AddressSpace *as)
1729 AddressSpaceDispatch *d = as->dispatch;
1731 memory_listener_unregister(&d->listener);
1732 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1734 as->dispatch = NULL;
1737 static void memory_map_init(void)
1739 system_memory = g_malloc(sizeof(*system_memory));
1740 memory_region_init(system_memory, "system", INT64_MAX);
1741 address_space_init(&address_space_memory, system_memory);
1742 address_space_memory.name = "memory";
1744 system_io = g_malloc(sizeof(*system_io));
1745 memory_region_init(system_io, "io", 65536);
1746 address_space_init(&address_space_io, system_io);
1747 address_space_io.name = "I/O";
1749 memory_listener_register(&core_memory_listener, &address_space_memory);
1750 memory_listener_register(&io_memory_listener, &address_space_io);
1751 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1753 dma_context_init(&dma_context_memory, &address_space_memory,
1757 MemoryRegion *get_system_memory(void)
1759 return system_memory;
1762 MemoryRegion *get_system_io(void)
1767 #endif /* !defined(CONFIG_USER_ONLY) */
1769 /* physical memory access (slow version, mainly for debug) */
1770 #if defined(CONFIG_USER_ONLY)
1771 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1772 uint8_t *buf, int len, int is_write)
1779 page = addr & TARGET_PAGE_MASK;
1780 l = (page + TARGET_PAGE_SIZE) - addr;
1783 flags = page_get_flags(page);
1784 if (!(flags & PAGE_VALID))
1787 if (!(flags & PAGE_WRITE))
1789 /* XXX: this code should not depend on lock_user */
1790 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1793 unlock_user(p, addr, l);
1795 if (!(flags & PAGE_READ))
1797 /* XXX: this code should not depend on lock_user */
1798 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1801 unlock_user(p, addr, 0);
1812 static void invalidate_and_set_dirty(hwaddr addr,
1815 if (!cpu_physical_memory_is_dirty(addr)) {
1816 /* invalidate code */
1817 tb_invalidate_phys_page_range(addr, addr + length, 0);
1819 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1821 xen_modified_memory(addr, length);
1824 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1825 int len, bool is_write)
1827 AddressSpaceDispatch *d = as->dispatch;
1832 MemoryRegionSection *section;
1835 page = addr & TARGET_PAGE_MASK;
1836 l = (page + TARGET_PAGE_SIZE) - addr;
1839 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1842 if (!memory_region_is_ram(section->mr)) {
1844 addr1 = memory_region_section_addr(section, addr);
1845 /* XXX: could force cpu_single_env to NULL to avoid
1847 if (l >= 4 && ((addr1 & 3) == 0)) {
1848 /* 32 bit write access */
1850 io_mem_write(section->mr, addr1, val, 4);
1852 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1853 /* 16 bit write access */
1855 io_mem_write(section->mr, addr1, val, 2);
1858 /* 8 bit write access */
1860 io_mem_write(section->mr, addr1, val, 1);
1863 } else if (!section->readonly) {
1865 addr1 = memory_region_get_ram_addr(section->mr)
1866 + memory_region_section_addr(section, addr);
1868 ptr = qemu_get_ram_ptr(addr1);
1869 memcpy(ptr, buf, l);
1870 invalidate_and_set_dirty(addr1, l);
1871 qemu_put_ram_ptr(ptr);
1874 if (!(memory_region_is_ram(section->mr) ||
1875 memory_region_is_romd(section->mr))) {
1878 addr1 = memory_region_section_addr(section, addr);
1879 if (l >= 4 && ((addr1 & 3) == 0)) {
1880 /* 32 bit read access */
1881 val = io_mem_read(section->mr, addr1, 4);
1884 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1885 /* 16 bit read access */
1886 val = io_mem_read(section->mr, addr1, 2);
1890 /* 8 bit read access */
1891 val = io_mem_read(section->mr, addr1, 1);
1897 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1898 + memory_region_section_addr(section,
1900 memcpy(buf, ptr, l);
1901 qemu_put_ram_ptr(ptr);
1910 void address_space_write(AddressSpace *as, hwaddr addr,
1911 const uint8_t *buf, int len)
1913 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1917 * address_space_read: read from an address space.
1919 * @as: #AddressSpace to be accessed
1920 * @addr: address within that address space
1921 * @buf: buffer with the data transferred
1923 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1925 address_space_rw(as, addr, buf, len, false);
1929 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1930 int len, int is_write)
1932 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1935 /* used for ROM loading : can write in RAM and ROM */
1936 void cpu_physical_memory_write_rom(hwaddr addr,
1937 const uint8_t *buf, int len)
1939 AddressSpaceDispatch *d = address_space_memory.dispatch;
1943 MemoryRegionSection *section;
1946 page = addr & TARGET_PAGE_MASK;
1947 l = (page + TARGET_PAGE_SIZE) - addr;
1950 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1952 if (!(memory_region_is_ram(section->mr) ||
1953 memory_region_is_romd(section->mr))) {
1956 unsigned long addr1;
1957 addr1 = memory_region_get_ram_addr(section->mr)
1958 + memory_region_section_addr(section, addr);
1960 ptr = qemu_get_ram_ptr(addr1);
1961 memcpy(ptr, buf, l);
1962 invalidate_and_set_dirty(addr1, l);
1963 qemu_put_ram_ptr(ptr);
1977 static BounceBuffer bounce;
1979 typedef struct MapClient {
1981 void (*callback)(void *opaque);
1982 QLIST_ENTRY(MapClient) link;
1985 static QLIST_HEAD(map_client_list, MapClient) map_client_list
1986 = QLIST_HEAD_INITIALIZER(map_client_list);
1988 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
1990 MapClient *client = g_malloc(sizeof(*client));
1992 client->opaque = opaque;
1993 client->callback = callback;
1994 QLIST_INSERT_HEAD(&map_client_list, client, link);
1998 static void cpu_unregister_map_client(void *_client)
2000 MapClient *client = (MapClient *)_client;
2002 QLIST_REMOVE(client, link);
2006 static void cpu_notify_map_clients(void)
2010 while (!QLIST_EMPTY(&map_client_list)) {
2011 client = QLIST_FIRST(&map_client_list);
2012 client->callback(client->opaque);
2013 cpu_unregister_map_client(client);
2017 /* Map a physical memory region into a host virtual address.
2018 * May map a subset of the requested range, given by and returned in *plen.
2019 * May return NULL if resources needed to perform the mapping are exhausted.
2020 * Use only for reads OR writes - not for read-modify-write operations.
2021 * Use cpu_register_map_client() to know when retrying the map operation is
2022 * likely to succeed.
2024 void *address_space_map(AddressSpace *as,
2029 AddressSpaceDispatch *d = as->dispatch;
2034 MemoryRegionSection *section;
2035 ram_addr_t raddr = RAM_ADDR_MAX;
2040 page = addr & TARGET_PAGE_MASK;
2041 l = (page + TARGET_PAGE_SIZE) - addr;
2044 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2046 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2047 if (todo || bounce.buffer) {
2050 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2054 address_space_read(as, addr, bounce.buffer, l);
2058 return bounce.buffer;
2061 raddr = memory_region_get_ram_addr(section->mr)
2062 + memory_region_section_addr(section, addr);
2070 ret = qemu_ram_ptr_length(raddr, &rlen);
2075 /* Unmaps a memory region previously mapped by address_space_map().
2076 * Will also mark the memory as dirty if is_write == 1. access_len gives
2077 * the amount of memory that was actually read or written by the caller.
2079 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2080 int is_write, hwaddr access_len)
2082 if (buffer != bounce.buffer) {
2084 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2085 while (access_len) {
2087 l = TARGET_PAGE_SIZE;
2090 invalidate_and_set_dirty(addr1, l);
2095 if (xen_enabled()) {
2096 xen_invalidate_map_cache_entry(buffer);
2101 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2103 qemu_vfree(bounce.buffer);
2104 bounce.buffer = NULL;
2105 cpu_notify_map_clients();
2108 void *cpu_physical_memory_map(hwaddr addr,
2112 return address_space_map(&address_space_memory, addr, plen, is_write);
2115 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2116 int is_write, hwaddr access_len)
2118 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2121 /* warning: addr must be aligned */
2122 static inline uint32_t ldl_phys_internal(hwaddr addr,
2123 enum device_endian endian)
2127 MemoryRegionSection *section;
2129 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2131 if (!(memory_region_is_ram(section->mr) ||
2132 memory_region_is_romd(section->mr))) {
2134 addr = memory_region_section_addr(section, addr);
2135 val = io_mem_read(section->mr, addr, 4);
2136 #if defined(TARGET_WORDS_BIGENDIAN)
2137 if (endian == DEVICE_LITTLE_ENDIAN) {
2141 if (endian == DEVICE_BIG_ENDIAN) {
2147 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2149 + memory_region_section_addr(section, addr));
2151 case DEVICE_LITTLE_ENDIAN:
2152 val = ldl_le_p(ptr);
2154 case DEVICE_BIG_ENDIAN:
2155 val = ldl_be_p(ptr);
2165 uint32_t ldl_phys(hwaddr addr)
2167 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2170 uint32_t ldl_le_phys(hwaddr addr)
2172 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2175 uint32_t ldl_be_phys(hwaddr addr)
2177 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2180 /* warning: addr must be aligned */
2181 static inline uint64_t ldq_phys_internal(hwaddr addr,
2182 enum device_endian endian)
2186 MemoryRegionSection *section;
2188 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2190 if (!(memory_region_is_ram(section->mr) ||
2191 memory_region_is_romd(section->mr))) {
2193 addr = memory_region_section_addr(section, addr);
2195 /* XXX This is broken when device endian != cpu endian.
2196 Fix and add "endian" variable check */
2197 #ifdef TARGET_WORDS_BIGENDIAN
2198 val = io_mem_read(section->mr, addr, 4) << 32;
2199 val |= io_mem_read(section->mr, addr + 4, 4);
2201 val = io_mem_read(section->mr, addr, 4);
2202 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2206 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2208 + memory_region_section_addr(section, addr));
2210 case DEVICE_LITTLE_ENDIAN:
2211 val = ldq_le_p(ptr);
2213 case DEVICE_BIG_ENDIAN:
2214 val = ldq_be_p(ptr);
2224 uint64_t ldq_phys(hwaddr addr)
2226 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2229 uint64_t ldq_le_phys(hwaddr addr)
2231 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2234 uint64_t ldq_be_phys(hwaddr addr)
2236 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2240 uint32_t ldub_phys(hwaddr addr)
2243 cpu_physical_memory_read(addr, &val, 1);
2247 /* warning: addr must be aligned */
2248 static inline uint32_t lduw_phys_internal(hwaddr addr,
2249 enum device_endian endian)
2253 MemoryRegionSection *section;
2255 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2257 if (!(memory_region_is_ram(section->mr) ||
2258 memory_region_is_romd(section->mr))) {
2260 addr = memory_region_section_addr(section, addr);
2261 val = io_mem_read(section->mr, addr, 2);
2262 #if defined(TARGET_WORDS_BIGENDIAN)
2263 if (endian == DEVICE_LITTLE_ENDIAN) {
2267 if (endian == DEVICE_BIG_ENDIAN) {
2273 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2275 + memory_region_section_addr(section, addr));
2277 case DEVICE_LITTLE_ENDIAN:
2278 val = lduw_le_p(ptr);
2280 case DEVICE_BIG_ENDIAN:
2281 val = lduw_be_p(ptr);
2291 uint32_t lduw_phys(hwaddr addr)
2293 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2296 uint32_t lduw_le_phys(hwaddr addr)
2298 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2301 uint32_t lduw_be_phys(hwaddr addr)
2303 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2306 /* warning: addr must be aligned. The ram page is not masked as dirty
2307 and the code inside is not invalidated. It is useful if the dirty
2308 bits are used to track modified PTEs */
2309 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2312 MemoryRegionSection *section;
2314 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2316 if (!memory_region_is_ram(section->mr) || section->readonly) {
2317 addr = memory_region_section_addr(section, addr);
2318 if (memory_region_is_ram(section->mr)) {
2319 section = &phys_sections[phys_section_rom];
2321 io_mem_write(section->mr, addr, val, 4);
2323 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2325 + memory_region_section_addr(section, addr);
2326 ptr = qemu_get_ram_ptr(addr1);
2329 if (unlikely(in_migration)) {
2330 if (!cpu_physical_memory_is_dirty(addr1)) {
2331 /* invalidate code */
2332 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2334 cpu_physical_memory_set_dirty_flags(
2335 addr1, (0xff & ~CODE_DIRTY_FLAG));
2341 void stq_phys_notdirty(hwaddr addr, uint64_t val)
2344 MemoryRegionSection *section;
2346 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2348 if (!memory_region_is_ram(section->mr) || section->readonly) {
2349 addr = memory_region_section_addr(section, addr);
2350 if (memory_region_is_ram(section->mr)) {
2351 section = &phys_sections[phys_section_rom];
2353 #ifdef TARGET_WORDS_BIGENDIAN
2354 io_mem_write(section->mr, addr, val >> 32, 4);
2355 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
2357 io_mem_write(section->mr, addr, (uint32_t)val, 4);
2358 io_mem_write(section->mr, addr + 4, val >> 32, 4);
2361 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2363 + memory_region_section_addr(section, addr));
2368 /* warning: addr must be aligned */
2369 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2370 enum device_endian endian)
2373 MemoryRegionSection *section;
2375 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2377 if (!memory_region_is_ram(section->mr) || section->readonly) {
2378 addr = memory_region_section_addr(section, addr);
2379 if (memory_region_is_ram(section->mr)) {
2380 section = &phys_sections[phys_section_rom];
2382 #if defined(TARGET_WORDS_BIGENDIAN)
2383 if (endian == DEVICE_LITTLE_ENDIAN) {
2387 if (endian == DEVICE_BIG_ENDIAN) {
2391 io_mem_write(section->mr, addr, val, 4);
2393 unsigned long addr1;
2394 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2395 + memory_region_section_addr(section, addr);
2397 ptr = qemu_get_ram_ptr(addr1);
2399 case DEVICE_LITTLE_ENDIAN:
2402 case DEVICE_BIG_ENDIAN:
2409 invalidate_and_set_dirty(addr1, 4);
2413 void stl_phys(hwaddr addr, uint32_t val)
2415 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2418 void stl_le_phys(hwaddr addr, uint32_t val)
2420 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2423 void stl_be_phys(hwaddr addr, uint32_t val)
2425 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2429 void stb_phys(hwaddr addr, uint32_t val)
2432 cpu_physical_memory_write(addr, &v, 1);
2435 /* warning: addr must be aligned */
2436 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2437 enum device_endian endian)
2440 MemoryRegionSection *section;
2442 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2444 if (!memory_region_is_ram(section->mr) || section->readonly) {
2445 addr = memory_region_section_addr(section, addr);
2446 if (memory_region_is_ram(section->mr)) {
2447 section = &phys_sections[phys_section_rom];
2449 #if defined(TARGET_WORDS_BIGENDIAN)
2450 if (endian == DEVICE_LITTLE_ENDIAN) {
2454 if (endian == DEVICE_BIG_ENDIAN) {
2458 io_mem_write(section->mr, addr, val, 2);
2460 unsigned long addr1;
2461 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2462 + memory_region_section_addr(section, addr);
2464 ptr = qemu_get_ram_ptr(addr1);
2466 case DEVICE_LITTLE_ENDIAN:
2469 case DEVICE_BIG_ENDIAN:
2476 invalidate_and_set_dirty(addr1, 2);
2480 void stw_phys(hwaddr addr, uint32_t val)
2482 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2485 void stw_le_phys(hwaddr addr, uint32_t val)
2487 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2490 void stw_be_phys(hwaddr addr, uint32_t val)
2492 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2496 void stq_phys(hwaddr addr, uint64_t val)
2499 cpu_physical_memory_write(addr, &val, 8);
2502 void stq_le_phys(hwaddr addr, uint64_t val)
2504 val = cpu_to_le64(val);
2505 cpu_physical_memory_write(addr, &val, 8);
2508 void stq_be_phys(hwaddr addr, uint64_t val)
2510 val = cpu_to_be64(val);
2511 cpu_physical_memory_write(addr, &val, 8);
2514 /* virtual memory access for debug (includes writing to ROM) */
2515 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2516 uint8_t *buf, int len, int is_write)
2523 page = addr & TARGET_PAGE_MASK;
2524 phys_addr = cpu_get_phys_page_debug(env, page);
2525 /* if no physical page mapped, return an error */
2526 if (phys_addr == -1)
2528 l = (page + TARGET_PAGE_SIZE) - addr;
2531 phys_addr += (addr & ~TARGET_PAGE_MASK);
2533 cpu_physical_memory_write_rom(phys_addr, buf, l);
2535 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2544 #if !defined(CONFIG_USER_ONLY)
2547 * A helper function for the _utterly broken_ virtio device model to find out if
2548 * it's running on a big endian machine. Don't do this at home kids!
2550 bool virtio_is_big_endian(void);
2551 bool virtio_is_big_endian(void)
2553 #if defined(TARGET_WORDS_BIGENDIAN)
2562 #ifndef CONFIG_USER_ONLY
2563 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2565 MemoryRegionSection *section;
2567 section = phys_page_find(address_space_memory.dispatch,
2568 phys_addr >> TARGET_PAGE_BITS);
2570 return !(memory_region_is_ram(section->mr) ||
2571 memory_region_is_romd(section->mr));