4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
24 #include "qemu/cutils.h"
26 #include "exec/exec-all.h"
28 #include "hw/qdev-core.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
40 #else /* !CONFIG_USER_ONLY */
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
59 #include "migration/vmstate.h"
61 #include "qemu/range.h"
63 #include "qemu/mmap-alloc.h"
66 //#define DEBUG_SUBPAGE
68 #if !defined(CONFIG_USER_ONLY)
69 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
72 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
74 static MemoryRegion *system_memory;
75 static MemoryRegion *system_io;
77 AddressSpace address_space_io;
78 AddressSpace address_space_memory;
80 MemoryRegion io_mem_rom, io_mem_notdirty;
81 static MemoryRegion io_mem_unassigned;
83 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84 #define RAM_PREALLOC (1 << 0)
86 /* RAM is mmap-ed with MAP_SHARED */
87 #define RAM_SHARED (1 << 1)
89 /* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
92 #define RAM_RESIZEABLE (1 << 2)
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
105 #if !defined(CONFIG_USER_ONLY)
107 typedef struct PhysPageEntry PhysPageEntry;
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
122 #define P_L2_SIZE (1 << P_L2_BITS)
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
126 typedef PhysPageEntry Node[P_L2_SIZE];
128 typedef struct PhysPageMap {
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
134 unsigned nodes_nb_alloc;
136 MemoryRegionSection *sections;
139 struct AddressSpaceDispatch {
142 MemoryRegionSection *mru_section;
143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
146 PhysPageEntry phys_map;
151 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152 typedef struct subpage_t {
156 uint16_t sub_section[TARGET_PAGE_SIZE];
159 #define PHYS_SECTION_UNASSIGNED 0
160 #define PHYS_SECTION_NOTDIRTY 1
161 #define PHYS_SECTION_ROM 2
162 #define PHYS_SECTION_WATCH 3
164 static void io_mem_init(void);
165 static void memory_map_init(void);
166 static void tcg_commit(MemoryListener *listener);
168 static MemoryRegion io_mem_watch;
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
177 struct CPUAddressSpace {
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
186 #if !defined(CONFIG_USER_ONLY)
188 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
190 static unsigned alloc_hint = 16;
191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
195 alloc_hint = map->nodes_nb_alloc;
199 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
206 ret = map->nodes_nb++;
208 assert(ret != PHYS_MAP_NODE_NIL);
209 assert(ret != map->nodes_nb_alloc);
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
213 for (i = 0; i < P_L2_SIZE; ++i) {
214 memcpy(&p[i], &e, sizeof(e));
219 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
227 lp->ptr = phys_map_node_alloc(map, level == 0);
229 p = map->nodes[lp->ptr];
230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
232 while (*nb && lp < &p[P_L2_SIZE]) {
233 if ((*index & (step - 1)) == 0 && *nb >= step) {
239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
245 static void phys_page_set(AddressSpaceDispatch *d,
246 hwaddr index, hwaddr nb,
249 /* Wildly overreserve - it doesn't matter much. */
250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
255 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
258 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
260 unsigned valid_ptr = P_L2_SIZE;
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
278 phys_page_compact(&p[i], nodes, compacted);
282 /* We can only compress if there's only one child. */
287 assert(valid_ptr < P_L2_SIZE);
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
304 lp->skip += p[valid_ptr].skip;
308 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
310 DECLARE_BITMAP(compacted, nodes_nb);
312 if (d->phys_map.skip) {
313 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
317 static inline bool section_covers_addr(const MemoryRegionSection *section,
320 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
321 * the section must cover the entire address space.
323 return section->size.hi ||
324 range_covers_byte(section->offset_within_address_space,
325 section->size.lo, addr);
328 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
329 Node *nodes, MemoryRegionSection *sections)
332 hwaddr index = addr >> TARGET_PAGE_BITS;
335 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
336 if (lp.ptr == PHYS_MAP_NODE_NIL) {
337 return §ions[PHYS_SECTION_UNASSIGNED];
340 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
343 if (section_covers_addr(§ions[lp.ptr], addr)) {
344 return §ions[lp.ptr];
346 return §ions[PHYS_SECTION_UNASSIGNED];
350 bool memory_region_is_unassigned(MemoryRegion *mr)
352 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
353 && mr != &io_mem_watch;
356 /* Called from RCU critical section */
357 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
359 bool resolve_subpage)
361 MemoryRegionSection *section = atomic_read(&d->mru_section);
365 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
366 section_covers_addr(section, addr)) {
369 section = phys_page_find(d->phys_map, addr, d->map.nodes,
373 if (resolve_subpage && section->mr->subpage) {
374 subpage = container_of(section->mr, subpage_t, iomem);
375 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
378 atomic_set(&d->mru_section, section);
383 /* Called from RCU critical section */
384 static MemoryRegionSection *
385 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
386 hwaddr *plen, bool resolve_subpage)
388 MemoryRegionSection *section;
392 section = address_space_lookup_region(d, addr, resolve_subpage);
393 /* Compute offset within MemoryRegionSection */
394 addr -= section->offset_within_address_space;
396 /* Compute offset within MemoryRegion */
397 *xlat = addr + section->offset_within_region;
401 /* MMIO registers can be expected to perform full-width accesses based only
402 * on their address, without considering adjacent registers that could
403 * decode to completely different MemoryRegions. When such registers
404 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
405 * regions overlap wildly. For this reason we cannot clamp the accesses
408 * If the length is small (as is the case for address_space_ldl/stl),
409 * everything works fine. If the incoming length is large, however,
410 * the caller really has to do the clamping through memory_access_size.
412 if (memory_region_is_ram(mr)) {
413 diff = int128_sub(section->size, int128_make64(addr));
414 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
419 /* Called from RCU critical section */
420 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
421 hwaddr *xlat, hwaddr *plen,
425 MemoryRegionSection *section;
429 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
430 section = address_space_translate_internal(d, addr, &addr, plen, true);
433 if (!mr->iommu_ops) {
437 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
438 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
439 | (addr & iotlb.addr_mask));
440 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
441 if (!(iotlb.perm & (1 << is_write))) {
442 mr = &io_mem_unassigned;
446 as = iotlb.target_as;
449 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
450 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
451 *plen = MIN(page, *plen);
458 /* Called from RCU critical section */
459 MemoryRegionSection *
460 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
461 hwaddr *xlat, hwaddr *plen)
463 MemoryRegionSection *section;
464 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
466 section = address_space_translate_internal(d, addr, xlat, plen, false);
468 assert(!section->mr->iommu_ops);
473 #if !defined(CONFIG_USER_ONLY)
475 static int cpu_common_post_load(void *opaque, int version_id)
477 CPUState *cpu = opaque;
479 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
480 version_id is increased. */
481 cpu->interrupt_request &= ~0x01;
487 static int cpu_common_pre_load(void *opaque)
489 CPUState *cpu = opaque;
491 cpu->exception_index = -1;
496 static bool cpu_common_exception_index_needed(void *opaque)
498 CPUState *cpu = opaque;
500 return tcg_enabled() && cpu->exception_index != -1;
503 static const VMStateDescription vmstate_cpu_common_exception_index = {
504 .name = "cpu_common/exception_index",
506 .minimum_version_id = 1,
507 .needed = cpu_common_exception_index_needed,
508 .fields = (VMStateField[]) {
509 VMSTATE_INT32(exception_index, CPUState),
510 VMSTATE_END_OF_LIST()
514 static bool cpu_common_crash_occurred_needed(void *opaque)
516 CPUState *cpu = opaque;
518 return cpu->crash_occurred;
521 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
522 .name = "cpu_common/crash_occurred",
524 .minimum_version_id = 1,
525 .needed = cpu_common_crash_occurred_needed,
526 .fields = (VMStateField[]) {
527 VMSTATE_BOOL(crash_occurred, CPUState),
528 VMSTATE_END_OF_LIST()
532 const VMStateDescription vmstate_cpu_common = {
533 .name = "cpu_common",
535 .minimum_version_id = 1,
536 .pre_load = cpu_common_pre_load,
537 .post_load = cpu_common_post_load,
538 .fields = (VMStateField[]) {
539 VMSTATE_UINT32(halted, CPUState),
540 VMSTATE_UINT32(interrupt_request, CPUState),
541 VMSTATE_END_OF_LIST()
543 .subsections = (const VMStateDescription*[]) {
544 &vmstate_cpu_common_exception_index,
545 &vmstate_cpu_common_crash_occurred,
552 CPUState *qemu_get_cpu(int index)
557 if (cpu->cpu_index == index) {
565 #if !defined(CONFIG_USER_ONLY)
566 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
568 CPUAddressSpace *newas;
570 /* Target code should have set num_ases before calling us */
571 assert(asidx < cpu->num_ases);
574 /* address space 0 gets the convenience alias */
578 /* KVM cannot currently support multiple address spaces. */
579 assert(asidx == 0 || !kvm_enabled());
581 if (!cpu->cpu_ases) {
582 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
585 newas = &cpu->cpu_ases[asidx];
589 newas->tcg_as_listener.commit = tcg_commit;
590 memory_listener_register(&newas->tcg_as_listener, as);
594 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
596 /* Return the AddressSpace corresponding to the specified index */
597 return cpu->cpu_ases[asidx].as;
601 void cpu_exec_exit(CPUState *cpu)
603 CPUClass *cc = CPU_GET_CLASS(cpu);
605 cpu_list_remove(cpu);
607 if (cc->vmsd != NULL) {
608 vmstate_unregister(NULL, cc->vmsd, cpu);
610 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
611 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
615 void cpu_exec_init(CPUState *cpu, Error **errp)
617 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
618 Error *local_err ATTRIBUTE_UNUSED = NULL;
623 #ifndef CONFIG_USER_ONLY
624 cpu->thread_id = qemu_get_thread_id();
626 /* This is a softmmu CPU object, so create a property for it
627 * so users can wire up its memory. (This can't go in qom/cpu.c
628 * because that file is compiled only once for both user-mode
629 * and system builds.) The default if no link is set up is to use
630 * the system address space.
632 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
633 (Object **)&cpu->memory,
634 qdev_prop_allow_set_link_before_realize,
635 OBJ_PROP_LINK_UNREF_ON_RELEASE,
637 cpu->memory = system_memory;
638 object_ref(OBJECT(cpu->memory));
643 #ifndef CONFIG_USER_ONLY
644 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
645 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
647 if (cc->vmsd != NULL) {
648 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
653 #if defined(CONFIG_USER_ONLY)
654 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
656 tb_invalidate_phys_page_range(pc, pc + 1, 0);
659 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
662 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
663 int asidx = cpu_asidx_from_attrs(cpu, attrs);
665 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
666 phys | (pc & ~TARGET_PAGE_MASK));
671 #if defined(CONFIG_USER_ONLY)
672 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
677 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
683 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
687 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
688 int flags, CPUWatchpoint **watchpoint)
693 /* Add a watchpoint. */
694 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
695 int flags, CPUWatchpoint **watchpoint)
699 /* forbid ranges which are empty or run off the end of the address space */
700 if (len == 0 || (addr + len - 1) < addr) {
701 error_report("tried to set invalid watchpoint at %"
702 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
705 wp = g_malloc(sizeof(*wp));
711 /* keep all GDB-injected watchpoints in front */
712 if (flags & BP_GDB) {
713 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
715 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
718 tlb_flush_page(cpu, addr);
725 /* Remove a specific watchpoint. */
726 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
731 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
732 if (addr == wp->vaddr && len == wp->len
733 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
734 cpu_watchpoint_remove_by_ref(cpu, wp);
741 /* Remove a specific watchpoint by reference. */
742 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
744 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
746 tlb_flush_page(cpu, watchpoint->vaddr);
751 /* Remove all matching watchpoints. */
752 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
754 CPUWatchpoint *wp, *next;
756 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
757 if (wp->flags & mask) {
758 cpu_watchpoint_remove_by_ref(cpu, wp);
763 /* Return true if this watchpoint address matches the specified
764 * access (ie the address range covered by the watchpoint overlaps
765 * partially or completely with the address range covered by the
768 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
772 /* We know the lengths are non-zero, but a little caution is
773 * required to avoid errors in the case where the range ends
774 * exactly at the top of the address space and so addr + len
775 * wraps round to zero.
777 vaddr wpend = wp->vaddr + wp->len - 1;
778 vaddr addrend = addr + len - 1;
780 return !(addr > wpend || wp->vaddr > addrend);
785 /* Add a breakpoint. */
786 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
787 CPUBreakpoint **breakpoint)
791 bp = g_malloc(sizeof(*bp));
796 /* keep all GDB-injected breakpoints in front */
797 if (flags & BP_GDB) {
798 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
800 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
803 breakpoint_invalidate(cpu, pc);
811 /* Remove a specific breakpoint. */
812 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
816 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
817 if (bp->pc == pc && bp->flags == flags) {
818 cpu_breakpoint_remove_by_ref(cpu, bp);
825 /* Remove a specific breakpoint by reference. */
826 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
828 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
830 breakpoint_invalidate(cpu, breakpoint->pc);
835 /* Remove all matching breakpoints. */
836 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
838 CPUBreakpoint *bp, *next;
840 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
841 if (bp->flags & mask) {
842 cpu_breakpoint_remove_by_ref(cpu, bp);
847 /* enable or disable single step mode. EXCP_DEBUG is returned by the
848 CPU loop after each instruction */
849 void cpu_single_step(CPUState *cpu, int enabled)
851 if (cpu->singlestep_enabled != enabled) {
852 cpu->singlestep_enabled = enabled;
854 kvm_update_guest_debug(cpu, 0);
856 /* must flush all the translated code to avoid inconsistencies */
857 /* XXX: only flush what is necessary */
863 void cpu_abort(CPUState *cpu, const char *fmt, ...)
870 fprintf(stderr, "qemu: fatal: ");
871 vfprintf(stderr, fmt, ap);
872 fprintf(stderr, "\n");
873 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
874 if (qemu_log_separate()) {
875 qemu_log("qemu: fatal: ");
876 qemu_log_vprintf(fmt, ap2);
878 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
885 #if defined(CONFIG_USER_ONLY)
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
896 #if !defined(CONFIG_USER_ONLY)
897 /* Called from RCU critical section */
898 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
902 block = atomic_rcu_read(&ram_list.mru_block);
903 if (block && addr - block->offset < block->max_length) {
906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
907 if (addr - block->offset < block->max_length) {
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
916 /* It is safe to write mru_block outside the iothread lock. This
921 * xxx removed from list
925 * call_rcu(reclaim_ramblock, xxx);
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
932 ram_list.mru_block = block;
936 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
951 tlb_reset_dirty(cpu, start1, length);
956 /* Note: start and end must be within the same ram block. */
957 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
961 DirtyMemoryBlocks *blocks;
962 unsigned long end, page;
969 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
970 page = start >> TARGET_PAGE_BITS;
974 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
977 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
978 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
979 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
981 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
988 if (dirty && tcg_enabled()) {
989 tlb_reset_dirty_range_all(start, length);
995 /* Called from RCU critical section */
996 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
997 MemoryRegionSection *section,
999 hwaddr paddr, hwaddr xlat,
1001 target_ulong *address)
1006 if (memory_region_is_ram(section->mr)) {
1008 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1009 if (!section->readonly) {
1010 iotlb |= PHYS_SECTION_NOTDIRTY;
1012 iotlb |= PHYS_SECTION_ROM;
1015 AddressSpaceDispatch *d;
1017 d = atomic_rcu_read(§ion->address_space->dispatch);
1018 iotlb = section - d->map.sections;
1022 /* Make accesses to pages with watchpoints go via the
1023 watchpoint trap routines. */
1024 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1025 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1026 /* Avoid trapping reads of pages with a write breakpoint. */
1027 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1028 iotlb = PHYS_SECTION_WATCH + paddr;
1029 *address |= TLB_MMIO;
1037 #endif /* defined(CONFIG_USER_ONLY) */
1039 #if !defined(CONFIG_USER_ONLY)
1041 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1043 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1045 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1046 qemu_anon_ram_alloc;
1049 * Set a custom physical guest memory alloator.
1050 * Accelerators with unusual needs may need this. Hopefully, we can
1051 * get rid of it eventually.
1053 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1055 phys_mem_alloc = alloc;
1058 static uint16_t phys_section_add(PhysPageMap *map,
1059 MemoryRegionSection *section)
1061 /* The physical section number is ORed with a page-aligned
1062 * pointer to produce the iotlb entries. Thus it should
1063 * never overflow into the page-aligned value.
1065 assert(map->sections_nb < TARGET_PAGE_SIZE);
1067 if (map->sections_nb == map->sections_nb_alloc) {
1068 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1069 map->sections = g_renew(MemoryRegionSection, map->sections,
1070 map->sections_nb_alloc);
1072 map->sections[map->sections_nb] = *section;
1073 memory_region_ref(section->mr);
1074 return map->sections_nb++;
1077 static void phys_section_destroy(MemoryRegion *mr)
1079 bool have_sub_page = mr->subpage;
1081 memory_region_unref(mr);
1083 if (have_sub_page) {
1084 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1085 object_unref(OBJECT(&subpage->iomem));
1090 static void phys_sections_free(PhysPageMap *map)
1092 while (map->sections_nb > 0) {
1093 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1094 phys_section_destroy(section->mr);
1096 g_free(map->sections);
1100 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1103 hwaddr base = section->offset_within_address_space
1105 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1106 d->map.nodes, d->map.sections);
1107 MemoryRegionSection subsection = {
1108 .offset_within_address_space = base,
1109 .size = int128_make64(TARGET_PAGE_SIZE),
1113 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1115 if (!(existing->mr->subpage)) {
1116 subpage = subpage_init(d->as, base);
1117 subsection.address_space = d->as;
1118 subsection.mr = &subpage->iomem;
1119 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1120 phys_section_add(&d->map, &subsection));
1122 subpage = container_of(existing->mr, subpage_t, iomem);
1124 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1125 end = start + int128_get64(section->size) - 1;
1126 subpage_register(subpage, start, end,
1127 phys_section_add(&d->map, section));
1131 static void register_multipage(AddressSpaceDispatch *d,
1132 MemoryRegionSection *section)
1134 hwaddr start_addr = section->offset_within_address_space;
1135 uint16_t section_index = phys_section_add(&d->map, section);
1136 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1140 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1143 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1145 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1146 AddressSpaceDispatch *d = as->next_dispatch;
1147 MemoryRegionSection now = *section, remain = *section;
1148 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1150 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1152 - now.offset_within_address_space;
1154 now.size = int128_min(int128_make64(left), now.size);
1155 register_subpage(d, &now);
1157 now.size = int128_zero();
1159 while (int128_ne(remain.size, now.size)) {
1160 remain.size = int128_sub(remain.size, now.size);
1161 remain.offset_within_address_space += int128_get64(now.size);
1162 remain.offset_within_region += int128_get64(now.size);
1164 if (int128_lt(remain.size, page_size)) {
1165 register_subpage(d, &now);
1166 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1167 now.size = page_size;
1168 register_subpage(d, &now);
1170 now.size = int128_and(now.size, int128_neg(page_size));
1171 register_multipage(d, &now);
1176 void qemu_flush_coalesced_mmio_buffer(void)
1179 kvm_flush_coalesced_mmio_buffer();
1182 void qemu_mutex_lock_ramlist(void)
1184 qemu_mutex_lock(&ram_list.mutex);
1187 void qemu_mutex_unlock_ramlist(void)
1189 qemu_mutex_unlock(&ram_list.mutex);
1193 static void *file_ram_alloc(RAMBlock *block,
1198 bool unlink_on_error = false;
1200 char *sanitized_name;
1202 void *area = MAP_FAILED;
1206 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1208 "host lacks kvm mmu notifiers, -mem-path unsupported");
1213 fd = open(path, O_RDWR);
1215 /* @path names an existing file, use it */
1218 if (errno == ENOENT) {
1219 /* @path names a file that doesn't exist, create it */
1220 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1222 unlink_on_error = true;
1225 } else if (errno == EISDIR) {
1226 /* @path names a directory, create a file there */
1227 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1228 sanitized_name = g_strdup(memory_region_name(block->mr));
1229 for (c = sanitized_name; *c != '\0'; c++) {
1235 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1237 g_free(sanitized_name);
1239 fd = mkstemp(filename);
1247 if (errno != EEXIST && errno != EINTR) {
1248 error_setg_errno(errp, errno,
1249 "can't open backing store %s for guest RAM",
1254 * Try again on EINTR and EEXIST. The latter happens when
1255 * something else creates the file between our two open().
1259 page_size = qemu_fd_getpagesize(fd);
1260 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
1262 if (memory < page_size) {
1263 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1264 "or larger than page size 0x%" PRIx64,
1269 memory = ROUND_UP(memory, page_size);
1272 * ftruncate is not supported by hugetlbfs in older
1273 * hosts, so don't bother bailing out on errors.
1274 * If anything goes wrong with it under other filesystems,
1277 if (ftruncate(fd, memory)) {
1278 perror("ftruncate");
1281 area = qemu_ram_mmap(fd, memory, block->mr->align,
1282 block->flags & RAM_SHARED);
1283 if (area == MAP_FAILED) {
1284 error_setg_errno(errp, errno,
1285 "unable to map backing store for guest RAM");
1290 os_mem_prealloc(fd, area, memory, errp);
1291 if (errp && *errp) {
1300 if (area != MAP_FAILED) {
1301 qemu_ram_munmap(area, memory);
1303 if (unlink_on_error) {
1313 /* Called with the ramlist lock held. */
1314 static ram_addr_t find_ram_offset(ram_addr_t size)
1316 RAMBlock *block, *next_block;
1317 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1319 assert(size != 0); /* it would hand out same offset multiple times */
1321 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1325 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1326 ram_addr_t end, next = RAM_ADDR_MAX;
1328 end = block->offset + block->max_length;
1330 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1331 if (next_block->offset >= end) {
1332 next = MIN(next, next_block->offset);
1335 if (next - end >= size && next - end < mingap) {
1337 mingap = next - end;
1341 if (offset == RAM_ADDR_MAX) {
1342 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1350 ram_addr_t last_ram_offset(void)
1353 ram_addr_t last = 0;
1356 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1357 last = MAX(last, block->offset + block->max_length);
1363 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1367 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1368 if (!machine_dump_guest_core(current_machine)) {
1369 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1371 perror("qemu_madvise");
1372 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1373 "but dump_guest_core=off specified\n");
1378 const char *qemu_ram_get_idstr(RAMBlock *rb)
1383 /* Called with iothread lock held. */
1384 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1389 assert(!new_block->idstr[0]);
1392 char *id = qdev_get_dev_path(dev);
1394 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1398 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1401 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1402 if (block != new_block &&
1403 !strcmp(block->idstr, new_block->idstr)) {
1404 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1412 /* Called with iothread lock held. */
1413 void qemu_ram_unset_idstr(RAMBlock *block)
1415 /* FIXME: arch_init.c assumes that this is not called throughout
1416 * migration. Ignore the problem since hot-unplug during migration
1417 * does not work anyway.
1420 memset(block->idstr, 0, sizeof(block->idstr));
1424 static int memory_try_enable_merging(void *addr, size_t len)
1426 if (!machine_mem_merge(current_machine)) {
1427 /* disabled by the user */
1431 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1434 /* Only legal before guest might have detected the memory size: e.g. on
1435 * incoming migration, or right after reset.
1437 * As memory core doesn't know how is memory accessed, it is up to
1438 * resize callback to update device state and/or add assertions to detect
1439 * misuse, if necessary.
1441 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1445 newsize = HOST_PAGE_ALIGN(newsize);
1447 if (block->used_length == newsize) {
1451 if (!(block->flags & RAM_RESIZEABLE)) {
1452 error_setg_errno(errp, EINVAL,
1453 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1454 " in != 0x" RAM_ADDR_FMT, block->idstr,
1455 newsize, block->used_length);
1459 if (block->max_length < newsize) {
1460 error_setg_errno(errp, EINVAL,
1461 "Length too large: %s: 0x" RAM_ADDR_FMT
1462 " > 0x" RAM_ADDR_FMT, block->idstr,
1463 newsize, block->max_length);
1467 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1468 block->used_length = newsize;
1469 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1471 memory_region_set_size(block->mr, newsize);
1472 if (block->resized) {
1473 block->resized(block->idstr, newsize, block->host);
1478 /* Called with ram_list.mutex held */
1479 static void dirty_memory_extend(ram_addr_t old_ram_size,
1480 ram_addr_t new_ram_size)
1482 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1483 DIRTY_MEMORY_BLOCK_SIZE);
1484 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1485 DIRTY_MEMORY_BLOCK_SIZE);
1488 /* Only need to extend if block count increased */
1489 if (new_num_blocks <= old_num_blocks) {
1493 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1494 DirtyMemoryBlocks *old_blocks;
1495 DirtyMemoryBlocks *new_blocks;
1498 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1499 new_blocks = g_malloc(sizeof(*new_blocks) +
1500 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1502 if (old_num_blocks) {
1503 memcpy(new_blocks->blocks, old_blocks->blocks,
1504 old_num_blocks * sizeof(old_blocks->blocks[0]));
1507 for (j = old_num_blocks; j < new_num_blocks; j++) {
1508 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1511 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1514 g_free_rcu(old_blocks, rcu);
1519 static void ram_block_add(RAMBlock *new_block, Error **errp)
1522 RAMBlock *last_block = NULL;
1523 ram_addr_t old_ram_size, new_ram_size;
1526 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1528 qemu_mutex_lock_ramlist();
1529 new_block->offset = find_ram_offset(new_block->max_length);
1531 if (!new_block->host) {
1532 if (xen_enabled()) {
1533 xen_ram_alloc(new_block->offset, new_block->max_length,
1534 new_block->mr, &err);
1536 error_propagate(errp, err);
1537 qemu_mutex_unlock_ramlist();
1541 new_block->host = phys_mem_alloc(new_block->max_length,
1542 &new_block->mr->align);
1543 if (!new_block->host) {
1544 error_setg_errno(errp, errno,
1545 "cannot set up guest memory '%s'",
1546 memory_region_name(new_block->mr));
1547 qemu_mutex_unlock_ramlist();
1550 memory_try_enable_merging(new_block->host, new_block->max_length);
1554 new_ram_size = MAX(old_ram_size,
1555 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1556 if (new_ram_size > old_ram_size) {
1557 migration_bitmap_extend(old_ram_size, new_ram_size);
1558 dirty_memory_extend(old_ram_size, new_ram_size);
1560 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1561 * QLIST (which has an RCU-friendly variant) does not have insertion at
1562 * tail, so save the last element in last_block.
1564 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1566 if (block->max_length < new_block->max_length) {
1571 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1572 } else if (last_block) {
1573 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1574 } else { /* list is empty */
1575 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1577 ram_list.mru_block = NULL;
1579 /* Write list before version */
1582 qemu_mutex_unlock_ramlist();
1584 cpu_physical_memory_set_dirty_range(new_block->offset,
1585 new_block->used_length,
1588 if (new_block->host) {
1589 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1590 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1591 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
1592 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1597 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1598 bool share, const char *mem_path,
1601 RAMBlock *new_block;
1602 Error *local_err = NULL;
1604 if (xen_enabled()) {
1605 error_setg(errp, "-mem-path not supported with Xen");
1609 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1611 * file_ram_alloc() needs to allocate just like
1612 * phys_mem_alloc, but we haven't bothered to provide
1616 "-mem-path not supported with this accelerator");
1620 size = HOST_PAGE_ALIGN(size);
1621 new_block = g_malloc0(sizeof(*new_block));
1623 new_block->used_length = size;
1624 new_block->max_length = size;
1625 new_block->flags = share ? RAM_SHARED : 0;
1626 new_block->host = file_ram_alloc(new_block, size,
1628 if (!new_block->host) {
1633 ram_block_add(new_block, &local_err);
1636 error_propagate(errp, local_err);
1644 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1645 void (*resized)(const char*,
1648 void *host, bool resizeable,
1649 MemoryRegion *mr, Error **errp)
1651 RAMBlock *new_block;
1652 Error *local_err = NULL;
1654 size = HOST_PAGE_ALIGN(size);
1655 max_size = HOST_PAGE_ALIGN(max_size);
1656 new_block = g_malloc0(sizeof(*new_block));
1658 new_block->resized = resized;
1659 new_block->used_length = size;
1660 new_block->max_length = max_size;
1661 assert(max_size >= size);
1663 new_block->host = host;
1665 new_block->flags |= RAM_PREALLOC;
1668 new_block->flags |= RAM_RESIZEABLE;
1670 ram_block_add(new_block, &local_err);
1673 error_propagate(errp, local_err);
1679 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1680 MemoryRegion *mr, Error **errp)
1682 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1685 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1687 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1690 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1691 void (*resized)(const char*,
1694 MemoryRegion *mr, Error **errp)
1696 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1699 static void reclaim_ramblock(RAMBlock *block)
1701 if (block->flags & RAM_PREALLOC) {
1703 } else if (xen_enabled()) {
1704 xen_invalidate_map_cache_entry(block->host);
1706 } else if (block->fd >= 0) {
1707 qemu_ram_munmap(block->host, block->max_length);
1711 qemu_anon_ram_free(block->host, block->max_length);
1716 void qemu_ram_free(RAMBlock *block)
1722 qemu_mutex_lock_ramlist();
1723 QLIST_REMOVE_RCU(block, next);
1724 ram_list.mru_block = NULL;
1725 /* Write list before version */
1728 call_rcu(block, reclaim_ramblock, rcu);
1729 qemu_mutex_unlock_ramlist();
1733 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1740 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1741 offset = addr - block->offset;
1742 if (offset < block->max_length) {
1743 vaddr = ramblock_ptr(block, offset);
1744 if (block->flags & RAM_PREALLOC) {
1746 } else if (xen_enabled()) {
1750 if (block->fd >= 0) {
1751 flags |= (block->flags & RAM_SHARED ?
1752 MAP_SHARED : MAP_PRIVATE);
1753 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1754 flags, block->fd, offset);
1757 * Remap needs to match alloc. Accelerators that
1758 * set phys_mem_alloc never remap. If they did,
1759 * we'd need a remap hook here.
1761 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1763 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1764 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1767 if (area != vaddr) {
1768 fprintf(stderr, "Could not remap addr: "
1769 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1773 memory_try_enable_merging(vaddr, length);
1774 qemu_ram_setup_dump(vaddr, length);
1779 #endif /* !_WIN32 */
1781 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1782 * This should not be used for general purpose DMA. Use address_space_map
1783 * or address_space_rw instead. For local memory (e.g. video ram) that the
1784 * device owns, use memory_region_get_ram_ptr.
1786 * Called within RCU critical section.
1788 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1790 RAMBlock *block = ram_block;
1792 if (block == NULL) {
1793 block = qemu_get_ram_block(addr);
1794 addr -= block->offset;
1797 if (xen_enabled() && block->host == NULL) {
1798 /* We need to check if the requested address is in the RAM
1799 * because we don't want to map the entire memory in QEMU.
1800 * In that case just map until the end of the page.
1802 if (block->offset == 0) {
1803 return xen_map_cache(addr, 0, 0);
1806 block->host = xen_map_cache(block->offset, block->max_length, 1);
1808 return ramblock_ptr(block, addr);
1811 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
1812 * but takes a size argument.
1814 * Called within RCU critical section.
1816 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1819 RAMBlock *block = ram_block;
1824 if (block == NULL) {
1825 block = qemu_get_ram_block(addr);
1826 addr -= block->offset;
1828 *size = MIN(*size, block->max_length - addr);
1830 if (xen_enabled() && block->host == NULL) {
1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map the requested area.
1835 if (block->offset == 0) {
1836 return xen_map_cache(addr, *size, 1);
1839 block->host = xen_map_cache(block->offset, block->max_length, 1);
1842 return ramblock_ptr(block, addr);
1846 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1849 * ptr: Host pointer to look up
1850 * round_offset: If true round the result offset down to a page boundary
1851 * *ram_addr: set to result ram_addr
1852 * *offset: set to result offset within the RAMBlock
1854 * Returns: RAMBlock (or NULL if not found)
1856 * By the time this function returns, the returned pointer is not protected
1857 * by RCU anymore. If the caller is not within an RCU critical section and
1858 * does not hold the iothread lock, it must have other means of protecting the
1859 * pointer, such as a reference to the region that includes the incoming
1862 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1866 uint8_t *host = ptr;
1868 if (xen_enabled()) {
1869 ram_addr_t ram_addr;
1871 ram_addr = xen_ram_addr_from_mapcache(ptr);
1872 block = qemu_get_ram_block(ram_addr);
1874 *offset = ram_addr - block->offset;
1881 block = atomic_rcu_read(&ram_list.mru_block);
1882 if (block && block->host && host - block->host < block->max_length) {
1886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1887 /* This case append when the block is not mapped. */
1888 if (block->host == NULL) {
1891 if (host - block->host < block->max_length) {
1900 *offset = (host - block->host);
1902 *offset &= TARGET_PAGE_MASK;
1909 * Finds the named RAMBlock
1911 * name: The name of RAMBlock to find
1913 * Returns: RAMBlock (or NULL if not found)
1915 RAMBlock *qemu_ram_block_by_name(const char *name)
1919 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1920 if (!strcmp(name, block->idstr)) {
1928 /* Some of the softmmu routines need to translate from a host pointer
1929 (typically a TLB entry) back to a ram offset. */
1930 ram_addr_t qemu_ram_addr_from_host(void *ptr)
1935 block = qemu_ram_block_from_host(ptr, false, &offset);
1937 return RAM_ADDR_INVALID;
1940 return block->offset + offset;
1943 /* Called within RCU critical section. */
1944 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1945 uint64_t val, unsigned size)
1947 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1948 tb_invalidate_phys_page_fast(ram_addr, size);
1952 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1955 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1958 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1963 /* Set both VGA and migration bits for simplicity and to remove
1964 * the notdirty callback faster.
1966 cpu_physical_memory_set_dirty_range(ram_addr, size,
1967 DIRTY_CLIENTS_NOCODE);
1968 /* we remove the notdirty callback only if the code has been
1970 if (!cpu_physical_memory_is_clean(ram_addr)) {
1971 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1975 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1976 unsigned size, bool is_write)
1981 static const MemoryRegionOps notdirty_mem_ops = {
1982 .write = notdirty_mem_write,
1983 .valid.accepts = notdirty_mem_accepts,
1984 .endianness = DEVICE_NATIVE_ENDIAN,
1987 /* Generate a debug exception if a watchpoint has been hit. */
1988 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1990 CPUState *cpu = current_cpu;
1991 CPUClass *cc = CPU_GET_CLASS(cpu);
1992 CPUArchState *env = cpu->env_ptr;
1993 target_ulong pc, cs_base;
1998 if (cpu->watchpoint_hit) {
1999 /* We re-entered the check after replacing the TB. Now raise
2000 * the debug interrupt so that is will trigger after the
2001 * current instruction. */
2002 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2005 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2006 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2007 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2008 && (wp->flags & flags)) {
2009 if (flags == BP_MEM_READ) {
2010 wp->flags |= BP_WATCHPOINT_HIT_READ;
2012 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2014 wp->hitaddr = vaddr;
2015 wp->hitattrs = attrs;
2016 if (!cpu->watchpoint_hit) {
2017 if (wp->flags & BP_CPU &&
2018 !cc->debug_check_watchpoint(cpu, wp)) {
2019 wp->flags &= ~BP_WATCHPOINT_HIT;
2022 cpu->watchpoint_hit = wp;
2023 tb_check_watchpoint(cpu);
2024 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2025 cpu->exception_index = EXCP_DEBUG;
2028 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2029 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2030 cpu_loop_exit_noexc(cpu);
2034 wp->flags &= ~BP_WATCHPOINT_HIT;
2039 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2040 so these check for a hit then pass through to the normal out-of-line
2042 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2043 unsigned size, MemTxAttrs attrs)
2047 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2048 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2050 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2053 data = address_space_ldub(as, addr, attrs, &res);
2056 data = address_space_lduw(as, addr, attrs, &res);
2059 data = address_space_ldl(as, addr, attrs, &res);
2067 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2068 uint64_t val, unsigned size,
2072 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2073 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2075 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2078 address_space_stb(as, addr, val, attrs, &res);
2081 address_space_stw(as, addr, val, attrs, &res);
2084 address_space_stl(as, addr, val, attrs, &res);
2091 static const MemoryRegionOps watch_mem_ops = {
2092 .read_with_attrs = watch_mem_read,
2093 .write_with_attrs = watch_mem_write,
2094 .endianness = DEVICE_NATIVE_ENDIAN,
2097 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2098 unsigned len, MemTxAttrs attrs)
2100 subpage_t *subpage = opaque;
2104 #if defined(DEBUG_SUBPAGE)
2105 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2106 subpage, len, addr);
2108 res = address_space_read(subpage->as, addr + subpage->base,
2115 *data = ldub_p(buf);
2118 *data = lduw_p(buf);
2131 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2132 uint64_t value, unsigned len, MemTxAttrs attrs)
2134 subpage_t *subpage = opaque;
2137 #if defined(DEBUG_SUBPAGE)
2138 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2139 " value %"PRIx64"\n",
2140 __func__, subpage, len, addr, value);
2158 return address_space_write(subpage->as, addr + subpage->base,
2162 static bool subpage_accepts(void *opaque, hwaddr addr,
2163 unsigned len, bool is_write)
2165 subpage_t *subpage = opaque;
2166 #if defined(DEBUG_SUBPAGE)
2167 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2168 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2171 return address_space_access_valid(subpage->as, addr + subpage->base,
2175 static const MemoryRegionOps subpage_ops = {
2176 .read_with_attrs = subpage_read,
2177 .write_with_attrs = subpage_write,
2178 .impl.min_access_size = 1,
2179 .impl.max_access_size = 8,
2180 .valid.min_access_size = 1,
2181 .valid.max_access_size = 8,
2182 .valid.accepts = subpage_accepts,
2183 .endianness = DEVICE_NATIVE_ENDIAN,
2186 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2191 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2193 idx = SUBPAGE_IDX(start);
2194 eidx = SUBPAGE_IDX(end);
2195 #if defined(DEBUG_SUBPAGE)
2196 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2197 __func__, mmio, start, end, idx, eidx, section);
2199 for (; idx <= eidx; idx++) {
2200 mmio->sub_section[idx] = section;
2206 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2210 mmio = g_malloc0(sizeof(subpage_t));
2214 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2215 NULL, TARGET_PAGE_SIZE);
2216 mmio->iomem.subpage = true;
2217 #if defined(DEBUG_SUBPAGE)
2218 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2219 mmio, base, TARGET_PAGE_SIZE);
2221 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2226 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2230 MemoryRegionSection section = {
2231 .address_space = as,
2233 .offset_within_address_space = 0,
2234 .offset_within_region = 0,
2235 .size = int128_2_64(),
2238 return phys_section_add(map, §ion);
2241 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2243 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2244 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2245 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2246 MemoryRegionSection *sections = d->map.sections;
2248 return sections[index & ~TARGET_PAGE_MASK].mr;
2251 static void io_mem_init(void)
2253 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2254 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2256 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2258 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2262 static void mem_begin(MemoryListener *listener)
2264 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2265 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2268 n = dummy_section(&d->map, as, &io_mem_unassigned);
2269 assert(n == PHYS_SECTION_UNASSIGNED);
2270 n = dummy_section(&d->map, as, &io_mem_notdirty);
2271 assert(n == PHYS_SECTION_NOTDIRTY);
2272 n = dummy_section(&d->map, as, &io_mem_rom);
2273 assert(n == PHYS_SECTION_ROM);
2274 n = dummy_section(&d->map, as, &io_mem_watch);
2275 assert(n == PHYS_SECTION_WATCH);
2277 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2279 as->next_dispatch = d;
2282 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2284 phys_sections_free(&d->map);
2288 static void mem_commit(MemoryListener *listener)
2290 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2291 AddressSpaceDispatch *cur = as->dispatch;
2292 AddressSpaceDispatch *next = as->next_dispatch;
2294 phys_page_compact_all(next, next->map.nodes_nb);
2296 atomic_rcu_set(&as->dispatch, next);
2298 call_rcu(cur, address_space_dispatch_free, rcu);
2302 static void tcg_commit(MemoryListener *listener)
2304 CPUAddressSpace *cpuas;
2305 AddressSpaceDispatch *d;
2307 /* since each CPU stores ram addresses in its TLB cache, we must
2308 reset the modified entries */
2309 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2310 cpu_reloading_memory_map();
2311 /* The CPU and TLB are protected by the iothread lock.
2312 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2313 * may have split the RCU critical section.
2315 d = atomic_rcu_read(&cpuas->as->dispatch);
2316 cpuas->memory_dispatch = d;
2317 tlb_flush(cpuas->cpu, 1);
2320 void address_space_init_dispatch(AddressSpace *as)
2322 as->dispatch = NULL;
2323 as->dispatch_listener = (MemoryListener) {
2325 .commit = mem_commit,
2326 .region_add = mem_add,
2327 .region_nop = mem_add,
2330 memory_listener_register(&as->dispatch_listener, as);
2333 void address_space_unregister(AddressSpace *as)
2335 memory_listener_unregister(&as->dispatch_listener);
2338 void address_space_destroy_dispatch(AddressSpace *as)
2340 AddressSpaceDispatch *d = as->dispatch;
2342 atomic_rcu_set(&as->dispatch, NULL);
2344 call_rcu(d, address_space_dispatch_free, rcu);
2348 static void memory_map_init(void)
2350 system_memory = g_malloc(sizeof(*system_memory));
2352 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2353 address_space_init(&address_space_memory, system_memory, "memory");
2355 system_io = g_malloc(sizeof(*system_io));
2356 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2358 address_space_init(&address_space_io, system_io, "I/O");
2361 MemoryRegion *get_system_memory(void)
2363 return system_memory;
2366 MemoryRegion *get_system_io(void)
2371 #endif /* !defined(CONFIG_USER_ONLY) */
2373 /* physical memory access (slow version, mainly for debug) */
2374 #if defined(CONFIG_USER_ONLY)
2375 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2376 uint8_t *buf, int len, int is_write)
2383 page = addr & TARGET_PAGE_MASK;
2384 l = (page + TARGET_PAGE_SIZE) - addr;
2387 flags = page_get_flags(page);
2388 if (!(flags & PAGE_VALID))
2391 if (!(flags & PAGE_WRITE))
2393 /* XXX: this code should not depend on lock_user */
2394 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2397 unlock_user(p, addr, l);
2399 if (!(flags & PAGE_READ))
2401 /* XXX: this code should not depend on lock_user */
2402 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2405 unlock_user(p, addr, 0);
2416 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2419 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2420 addr += memory_region_get_ram_addr(mr);
2422 /* No early return if dirty_log_mask is or becomes 0, because
2423 * cpu_physical_memory_set_dirty_range will still call
2424 * xen_modified_memory.
2426 if (dirty_log_mask) {
2428 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2430 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2431 tb_invalidate_phys_range(addr, addr + length);
2432 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2434 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2437 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2439 unsigned access_size_max = mr->ops->valid.max_access_size;
2441 /* Regions are assumed to support 1-4 byte accesses unless
2442 otherwise specified. */
2443 if (access_size_max == 0) {
2444 access_size_max = 4;
2447 /* Bound the maximum access by the alignment of the address. */
2448 if (!mr->ops->impl.unaligned) {
2449 unsigned align_size_max = addr & -addr;
2450 if (align_size_max != 0 && align_size_max < access_size_max) {
2451 access_size_max = align_size_max;
2455 /* Don't attempt accesses larger than the maximum. */
2456 if (l > access_size_max) {
2457 l = access_size_max;
2464 static bool prepare_mmio_access(MemoryRegion *mr)
2466 bool unlocked = !qemu_mutex_iothread_locked();
2467 bool release_lock = false;
2469 if (unlocked && mr->global_locking) {
2470 qemu_mutex_lock_iothread();
2472 release_lock = true;
2474 if (mr->flush_coalesced_mmio) {
2476 qemu_mutex_lock_iothread();
2478 qemu_flush_coalesced_mmio_buffer();
2480 qemu_mutex_unlock_iothread();
2484 return release_lock;
2487 /* Called within RCU critical section. */
2488 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2491 int len, hwaddr addr1,
2492 hwaddr l, MemoryRegion *mr)
2496 MemTxResult result = MEMTX_OK;
2497 bool release_lock = false;
2500 if (!memory_access_is_direct(mr, true)) {
2501 release_lock |= prepare_mmio_access(mr);
2502 l = memory_access_size(mr, l, addr1);
2503 /* XXX: could force current_cpu to NULL to avoid
2507 /* 64 bit write access */
2509 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2513 /* 32 bit write access */
2515 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2519 /* 16 bit write access */
2521 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2525 /* 8 bit write access */
2527 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2535 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2536 memcpy(ptr, buf, l);
2537 invalidate_and_set_dirty(mr, addr1, l);
2541 qemu_mutex_unlock_iothread();
2542 release_lock = false;
2554 mr = address_space_translate(as, addr, &addr1, &l, true);
2560 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2561 const uint8_t *buf, int len)
2566 MemTxResult result = MEMTX_OK;
2571 mr = address_space_translate(as, addr, &addr1, &l, true);
2572 result = address_space_write_continue(as, addr, attrs, buf, len,
2580 /* Called within RCU critical section. */
2581 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2582 MemTxAttrs attrs, uint8_t *buf,
2583 int len, hwaddr addr1, hwaddr l,
2588 MemTxResult result = MEMTX_OK;
2589 bool release_lock = false;
2592 if (!memory_access_is_direct(mr, false)) {
2594 release_lock |= prepare_mmio_access(mr);
2595 l = memory_access_size(mr, l, addr1);
2598 /* 64 bit read access */
2599 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2604 /* 32 bit read access */
2605 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2610 /* 16 bit read access */
2611 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2616 /* 8 bit read access */
2617 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2626 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2627 memcpy(buf, ptr, l);
2631 qemu_mutex_unlock_iothread();
2632 release_lock = false;
2644 mr = address_space_translate(as, addr, &addr1, &l, false);
2650 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2651 MemTxAttrs attrs, uint8_t *buf, int len)
2656 MemTxResult result = MEMTX_OK;
2661 mr = address_space_translate(as, addr, &addr1, &l, false);
2662 result = address_space_read_continue(as, addr, attrs, buf, len,
2670 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2671 uint8_t *buf, int len, bool is_write)
2674 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2676 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2680 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2681 int len, int is_write)
2683 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2684 buf, len, is_write);
2687 enum write_rom_type {
2692 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2693 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2703 mr = address_space_translate(as, addr, &addr1, &l, true);
2705 if (!(memory_region_is_ram(mr) ||
2706 memory_region_is_romd(mr))) {
2707 l = memory_access_size(mr, l, addr1);
2710 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2713 memcpy(ptr, buf, l);
2714 invalidate_and_set_dirty(mr, addr1, l);
2717 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2728 /* used for ROM loading : can write in RAM and ROM */
2729 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2730 const uint8_t *buf, int len)
2732 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2735 void cpu_flush_icache_range(hwaddr start, int len)
2738 * This function should do the same thing as an icache flush that was
2739 * triggered from within the guest. For TCG we are always cache coherent,
2740 * so there is no need to flush anything. For KVM / Xen we need to flush
2741 * the host's instruction cache at least.
2743 if (tcg_enabled()) {
2747 cpu_physical_memory_write_rom_internal(&address_space_memory,
2748 start, NULL, len, FLUSH_CACHE);
2759 static BounceBuffer bounce;
2761 typedef struct MapClient {
2763 QLIST_ENTRY(MapClient) link;
2766 QemuMutex map_client_list_lock;
2767 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2768 = QLIST_HEAD_INITIALIZER(map_client_list);
2770 static void cpu_unregister_map_client_do(MapClient *client)
2772 QLIST_REMOVE(client, link);
2776 static void cpu_notify_map_clients_locked(void)
2780 while (!QLIST_EMPTY(&map_client_list)) {
2781 client = QLIST_FIRST(&map_client_list);
2782 qemu_bh_schedule(client->bh);
2783 cpu_unregister_map_client_do(client);
2787 void cpu_register_map_client(QEMUBH *bh)
2789 MapClient *client = g_malloc(sizeof(*client));
2791 qemu_mutex_lock(&map_client_list_lock);
2793 QLIST_INSERT_HEAD(&map_client_list, client, link);
2794 if (!atomic_read(&bounce.in_use)) {
2795 cpu_notify_map_clients_locked();
2797 qemu_mutex_unlock(&map_client_list_lock);
2800 void cpu_exec_init_all(void)
2802 qemu_mutex_init(&ram_list.mutex);
2805 qemu_mutex_init(&map_client_list_lock);
2808 void cpu_unregister_map_client(QEMUBH *bh)
2812 qemu_mutex_lock(&map_client_list_lock);
2813 QLIST_FOREACH(client, &map_client_list, link) {
2814 if (client->bh == bh) {
2815 cpu_unregister_map_client_do(client);
2819 qemu_mutex_unlock(&map_client_list_lock);
2822 static void cpu_notify_map_clients(void)
2824 qemu_mutex_lock(&map_client_list_lock);
2825 cpu_notify_map_clients_locked();
2826 qemu_mutex_unlock(&map_client_list_lock);
2829 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2837 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2838 if (!memory_access_is_direct(mr, is_write)) {
2839 l = memory_access_size(mr, l, addr);
2840 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2852 /* Map a physical memory region into a host virtual address.
2853 * May map a subset of the requested range, given by and returned in *plen.
2854 * May return NULL if resources needed to perform the mapping are exhausted.
2855 * Use only for reads OR writes - not for read-modify-write operations.
2856 * Use cpu_register_map_client() to know when retrying the map operation is
2857 * likely to succeed.
2859 void *address_space_map(AddressSpace *as,
2866 hwaddr l, xlat, base;
2867 MemoryRegion *mr, *this_mr;
2876 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2878 if (!memory_access_is_direct(mr, is_write)) {
2879 if (atomic_xchg(&bounce.in_use, true)) {
2883 /* Avoid unbounded allocations */
2884 l = MIN(l, TARGET_PAGE_SIZE);
2885 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2889 memory_region_ref(mr);
2892 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2898 return bounce.buffer;
2912 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2913 if (this_mr != mr || xlat != base + done) {
2918 memory_region_ref(mr);
2920 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
2926 /* Unmaps a memory region previously mapped by address_space_map().
2927 * Will also mark the memory as dirty if is_write == 1. access_len gives
2928 * the amount of memory that was actually read or written by the caller.
2930 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2931 int is_write, hwaddr access_len)
2933 if (buffer != bounce.buffer) {
2937 mr = memory_region_from_host(buffer, &addr1);
2940 invalidate_and_set_dirty(mr, addr1, access_len);
2942 if (xen_enabled()) {
2943 xen_invalidate_map_cache_entry(buffer);
2945 memory_region_unref(mr);
2949 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2950 bounce.buffer, access_len);
2952 qemu_vfree(bounce.buffer);
2953 bounce.buffer = NULL;
2954 memory_region_unref(bounce.mr);
2955 atomic_mb_set(&bounce.in_use, false);
2956 cpu_notify_map_clients();
2959 void *cpu_physical_memory_map(hwaddr addr,
2963 return address_space_map(&address_space_memory, addr, plen, is_write);
2966 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2967 int is_write, hwaddr access_len)
2969 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2972 /* warning: addr must be aligned */
2973 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2975 MemTxResult *result,
2976 enum device_endian endian)
2984 bool release_lock = false;
2987 mr = address_space_translate(as, addr, &addr1, &l, false);
2988 if (l < 4 || !memory_access_is_direct(mr, false)) {
2989 release_lock |= prepare_mmio_access(mr);
2992 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2993 #if defined(TARGET_WORDS_BIGENDIAN)
2994 if (endian == DEVICE_LITTLE_ENDIAN) {
2998 if (endian == DEVICE_BIG_ENDIAN) {
3004 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3006 case DEVICE_LITTLE_ENDIAN:
3007 val = ldl_le_p(ptr);
3009 case DEVICE_BIG_ENDIAN:
3010 val = ldl_be_p(ptr);
3022 qemu_mutex_unlock_iothread();
3028 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3029 MemTxAttrs attrs, MemTxResult *result)
3031 return address_space_ldl_internal(as, addr, attrs, result,
3032 DEVICE_NATIVE_ENDIAN);
3035 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3036 MemTxAttrs attrs, MemTxResult *result)
3038 return address_space_ldl_internal(as, addr, attrs, result,
3039 DEVICE_LITTLE_ENDIAN);
3042 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3043 MemTxAttrs attrs, MemTxResult *result)
3045 return address_space_ldl_internal(as, addr, attrs, result,
3049 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3051 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3054 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3056 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3059 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3061 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3064 /* warning: addr must be aligned */
3065 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3067 MemTxResult *result,
3068 enum device_endian endian)
3076 bool release_lock = false;
3079 mr = address_space_translate(as, addr, &addr1, &l,
3081 if (l < 8 || !memory_access_is_direct(mr, false)) {
3082 release_lock |= prepare_mmio_access(mr);
3085 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3086 #if defined(TARGET_WORDS_BIGENDIAN)
3087 if (endian == DEVICE_LITTLE_ENDIAN) {
3091 if (endian == DEVICE_BIG_ENDIAN) {
3097 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3099 case DEVICE_LITTLE_ENDIAN:
3100 val = ldq_le_p(ptr);
3102 case DEVICE_BIG_ENDIAN:
3103 val = ldq_be_p(ptr);
3115 qemu_mutex_unlock_iothread();
3121 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3122 MemTxAttrs attrs, MemTxResult *result)
3124 return address_space_ldq_internal(as, addr, attrs, result,
3125 DEVICE_NATIVE_ENDIAN);
3128 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs, MemTxResult *result)
3131 return address_space_ldq_internal(as, addr, attrs, result,
3132 DEVICE_LITTLE_ENDIAN);
3135 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3138 return address_space_ldq_internal(as, addr, attrs, result,
3142 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3144 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3147 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3149 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3152 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3154 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3158 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3159 MemTxAttrs attrs, MemTxResult *result)
3164 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3171 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3173 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3176 /* warning: addr must be aligned */
3177 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3180 MemTxResult *result,
3181 enum device_endian endian)
3189 bool release_lock = false;
3192 mr = address_space_translate(as, addr, &addr1, &l,
3194 if (l < 2 || !memory_access_is_direct(mr, false)) {
3195 release_lock |= prepare_mmio_access(mr);
3198 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3199 #if defined(TARGET_WORDS_BIGENDIAN)
3200 if (endian == DEVICE_LITTLE_ENDIAN) {
3204 if (endian == DEVICE_BIG_ENDIAN) {
3210 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3212 case DEVICE_LITTLE_ENDIAN:
3213 val = lduw_le_p(ptr);
3215 case DEVICE_BIG_ENDIAN:
3216 val = lduw_be_p(ptr);
3228 qemu_mutex_unlock_iothread();
3234 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3235 MemTxAttrs attrs, MemTxResult *result)
3237 return address_space_lduw_internal(as, addr, attrs, result,
3238 DEVICE_NATIVE_ENDIAN);
3241 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3244 return address_space_lduw_internal(as, addr, attrs, result,
3245 DEVICE_LITTLE_ENDIAN);
3248 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3249 MemTxAttrs attrs, MemTxResult *result)
3251 return address_space_lduw_internal(as, addr, attrs, result,
3255 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3257 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3260 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3262 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3265 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3267 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3270 /* warning: addr must be aligned. The ram page is not masked as dirty
3271 and the code inside is not invalidated. It is useful if the dirty
3272 bits are used to track modified PTEs */
3273 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3274 MemTxAttrs attrs, MemTxResult *result)
3281 uint8_t dirty_log_mask;
3282 bool release_lock = false;
3285 mr = address_space_translate(as, addr, &addr1, &l,
3287 if (l < 4 || !memory_access_is_direct(mr, true)) {
3288 release_lock |= prepare_mmio_access(mr);
3290 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3292 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3295 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3296 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3297 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3305 qemu_mutex_unlock_iothread();
3310 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3312 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3315 /* warning: addr must be aligned */
3316 static inline void address_space_stl_internal(AddressSpace *as,
3317 hwaddr addr, uint32_t val,
3319 MemTxResult *result,
3320 enum device_endian endian)
3327 bool release_lock = false;
3330 mr = address_space_translate(as, addr, &addr1, &l,
3332 if (l < 4 || !memory_access_is_direct(mr, true)) {
3333 release_lock |= prepare_mmio_access(mr);
3335 #if defined(TARGET_WORDS_BIGENDIAN)
3336 if (endian == DEVICE_LITTLE_ENDIAN) {
3340 if (endian == DEVICE_BIG_ENDIAN) {
3344 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3347 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3349 case DEVICE_LITTLE_ENDIAN:
3352 case DEVICE_BIG_ENDIAN:
3359 invalidate_and_set_dirty(mr, addr1, 4);
3366 qemu_mutex_unlock_iothread();
3371 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3372 MemTxAttrs attrs, MemTxResult *result)
3374 address_space_stl_internal(as, addr, val, attrs, result,
3375 DEVICE_NATIVE_ENDIAN);
3378 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3379 MemTxAttrs attrs, MemTxResult *result)
3381 address_space_stl_internal(as, addr, val, attrs, result,
3382 DEVICE_LITTLE_ENDIAN);
3385 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3388 address_space_stl_internal(as, addr, val, attrs, result,
3392 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3394 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3397 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3399 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3402 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3404 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3408 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3409 MemTxAttrs attrs, MemTxResult *result)
3414 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3420 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3422 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3425 /* warning: addr must be aligned */
3426 static inline void address_space_stw_internal(AddressSpace *as,
3427 hwaddr addr, uint32_t val,
3429 MemTxResult *result,
3430 enum device_endian endian)
3437 bool release_lock = false;
3440 mr = address_space_translate(as, addr, &addr1, &l, true);
3441 if (l < 2 || !memory_access_is_direct(mr, true)) {
3442 release_lock |= prepare_mmio_access(mr);
3444 #if defined(TARGET_WORDS_BIGENDIAN)
3445 if (endian == DEVICE_LITTLE_ENDIAN) {
3449 if (endian == DEVICE_BIG_ENDIAN) {
3453 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3456 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3458 case DEVICE_LITTLE_ENDIAN:
3461 case DEVICE_BIG_ENDIAN:
3468 invalidate_and_set_dirty(mr, addr1, 2);
3475 qemu_mutex_unlock_iothread();
3480 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3481 MemTxAttrs attrs, MemTxResult *result)
3483 address_space_stw_internal(as, addr, val, attrs, result,
3484 DEVICE_NATIVE_ENDIAN);
3487 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
3490 address_space_stw_internal(as, addr, val, attrs, result,
3491 DEVICE_LITTLE_ENDIAN);
3494 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3495 MemTxAttrs attrs, MemTxResult *result)
3497 address_space_stw_internal(as, addr, val, attrs, result,
3501 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3503 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3506 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3508 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3511 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3513 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3517 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3518 MemTxAttrs attrs, MemTxResult *result)
3522 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3528 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3529 MemTxAttrs attrs, MemTxResult *result)
3532 val = cpu_to_le64(val);
3533 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3538 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3539 MemTxAttrs attrs, MemTxResult *result)
3542 val = cpu_to_be64(val);
3543 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3549 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3551 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3554 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3556 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3559 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3561 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3564 /* virtual memory access for debug (includes writing to ROM) */
3565 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3566 uint8_t *buf, int len, int is_write)
3576 page = addr & TARGET_PAGE_MASK;
3577 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3578 asidx = cpu_asidx_from_attrs(cpu, attrs);
3579 /* if no physical page mapped, return an error */
3580 if (phys_addr == -1)
3582 l = (page + TARGET_PAGE_SIZE) - addr;
3585 phys_addr += (addr & ~TARGET_PAGE_MASK);
3587 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3590 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3591 MEMTXATTRS_UNSPECIFIED,
3602 * Allows code that needs to deal with migration bitmaps etc to still be built
3603 * target independent.
3605 size_t qemu_target_page_bits(void)
3607 return TARGET_PAGE_BITS;
3613 * A helper function for the _utterly broken_ virtio device model to find out if
3614 * it's running on a big endian machine. Don't do this at home kids!
3616 bool target_words_bigendian(void);
3617 bool target_words_bigendian(void)
3619 #if defined(TARGET_WORDS_BIGENDIAN)
3626 #ifndef CONFIG_USER_ONLY
3627 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3634 mr = address_space_translate(&address_space_memory,
3635 phys_addr, &phys_addr, &l, false);
3637 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3642 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3648 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3649 ret = func(block->idstr, block->host, block->offset,
3650 block->used_length, opaque);
projects / sdk / emulator / qemu.git / blob