4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/hax.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "exec/memory.h"
40 #include "sysemu/dma.h"
41 #include "exec/address-spaces.h"
42 #if defined(CONFIG_USER_ONLY)
44 #else /* !CONFIG_USER_ONLY */
45 #include "sysemu/xen-mapcache.h"
48 #include "exec/cpu-all.h"
50 #include "exec/cputlb.h"
51 #include "translate-all.h"
53 #include "exec/memory-internal.h"
55 //#define DEBUG_SUBPAGE
57 #if !defined(CONFIG_USER_ONLY)
58 static int in_migration;
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUState *, current_cpu);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 typedef struct PhysPageEntry PhysPageEntry;
86 struct PhysPageEntry {
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
92 typedef PhysPageEntry Node[L2_SIZE];
94 struct AddressSpaceDispatch {
95 /* This is a multi-level map on the physical address space.
96 * The bottom level has pointers to MemoryRegionSections.
98 PhysPageEntry phys_map;
100 MemoryRegionSection *sections;
104 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
105 typedef struct subpage_t {
109 uint16_t sub_section[TARGET_PAGE_SIZE];
112 #define PHYS_SECTION_UNASSIGNED 0
113 #define PHYS_SECTION_NOTDIRTY 1
114 #define PHYS_SECTION_ROM 2
115 #define PHYS_SECTION_WATCH 3
117 typedef struct PhysPageMap {
118 unsigned sections_nb;
119 unsigned sections_nb_alloc;
121 unsigned nodes_nb_alloc;
123 MemoryRegionSection *sections;
126 static PhysPageMap *prev_map;
127 static PhysPageMap next_map;
129 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
131 static void io_mem_init(void);
132 static void memory_map_init(void);
133 static void *qemu_safe_ram_ptr(ram_addr_t addr);
135 static MemoryRegion io_mem_watch;
138 #if !defined(CONFIG_USER_ONLY)
140 static void phys_map_node_reserve(unsigned nodes)
142 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
143 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
145 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
146 next_map.nodes_nb + nodes);
147 next_map.nodes = g_renew(Node, next_map.nodes,
148 next_map.nodes_nb_alloc);
152 static uint16_t phys_map_node_alloc(void)
157 ret = next_map.nodes_nb++;
158 assert(ret != PHYS_MAP_NODE_NIL);
159 assert(ret != next_map.nodes_nb_alloc);
160 for (i = 0; i < L2_SIZE; ++i) {
161 next_map.nodes[ret][i].is_leaf = 0;
162 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
167 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
168 hwaddr *nb, uint16_t leaf,
173 hwaddr step = (hwaddr)1 << (level * L2_BITS);
175 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
176 lp->ptr = phys_map_node_alloc();
177 p = next_map.nodes[lp->ptr];
179 for (i = 0; i < L2_SIZE; i++) {
181 p[i].ptr = PHYS_SECTION_UNASSIGNED;
185 p = next_map.nodes[lp->ptr];
187 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
189 while (*nb && lp < &p[L2_SIZE]) {
190 if ((*index & (step - 1)) == 0 && *nb >= step) {
196 phys_page_set_level(lp, index, nb, leaf, level - 1);
202 static void phys_page_set(AddressSpaceDispatch *d,
203 hwaddr index, hwaddr nb,
206 /* Wildly overreserve - it doesn't matter much. */
207 phys_map_node_reserve(3 * P_L2_LEVELS);
209 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
212 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
213 Node *nodes, MemoryRegionSection *sections)
218 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
219 if (lp.ptr == PHYS_MAP_NODE_NIL) {
220 return §ions[PHYS_SECTION_UNASSIGNED];
223 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
225 return §ions[lp.ptr];
228 bool memory_region_is_unassigned(MemoryRegion *mr)
230 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
231 && mr != &io_mem_watch;
234 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
236 bool resolve_subpage)
238 MemoryRegionSection *section;
241 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
242 d->nodes, d->sections);
243 if (resolve_subpage && section->mr->subpage) {
244 subpage = container_of(section->mr, subpage_t, iomem);
245 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
250 static MemoryRegionSection *
251 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
252 hwaddr *plen, bool resolve_subpage)
254 MemoryRegionSection *section;
257 section = address_space_lookup_region(d, addr, resolve_subpage);
258 /* Compute offset within MemoryRegionSection */
259 addr -= section->offset_within_address_space;
261 /* Compute offset within MemoryRegion */
262 *xlat = addr + section->offset_within_region;
264 diff = int128_sub(section->mr->size, int128_make64(addr));
265 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
269 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
270 hwaddr *xlat, hwaddr *plen,
274 MemoryRegionSection *section;
279 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
282 if (!mr->iommu_ops) {
286 iotlb = mr->iommu_ops->translate(mr, addr);
287 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
288 | (addr & iotlb.addr_mask));
289 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
290 if (!(iotlb.perm & (1 << is_write))) {
291 mr = &io_mem_unassigned;
295 as = iotlb.target_as;
303 MemoryRegionSection *
304 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
307 MemoryRegionSection *section;
308 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
310 assert(!section->mr->iommu_ops);
315 void cpu_exec_init_all(void)
317 #if !defined(CONFIG_USER_ONLY)
318 qemu_mutex_init(&ram_list.mutex);
324 #if !defined(CONFIG_USER_ONLY)
326 static int cpu_common_post_load(void *opaque, int version_id)
328 CPUState *cpu = opaque;
330 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
331 version_id is increased. */
332 cpu->interrupt_request &= ~0x01;
333 tlb_flush(cpu->env_ptr, 1);
338 const VMStateDescription vmstate_cpu_common = {
339 .name = "cpu_common",
341 .minimum_version_id = 1,
342 .minimum_version_id_old = 1,
343 .post_load = cpu_common_post_load,
344 .fields = (VMStateField []) {
345 VMSTATE_UINT32(halted, CPUState),
346 VMSTATE_UINT32(interrupt_request, CPUState),
347 VMSTATE_END_OF_LIST()
353 CPUState *qemu_get_cpu(int index)
355 CPUState *cpu = first_cpu;
358 if (cpu->cpu_index == index) {
367 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
378 void cpu_exec_init(CPUArchState *env)
380 CPUState *cpu = ENV_GET_CPU(env);
381 CPUClass *cc = CPU_GET_CLASS(cpu);
385 #if defined(CONFIG_USER_ONLY)
388 cpu->next_cpu = NULL;
391 while (*pcpu != NULL) {
392 pcpu = &(*pcpu)->next_cpu;
395 cpu->cpu_index = cpu_index;
397 QTAILQ_INIT(&env->breakpoints);
398 QTAILQ_INIT(&env->watchpoints);
399 #ifndef CONFIG_USER_ONLY
400 cpu->thread_id = qemu_get_thread_id();
403 #if defined(CONFIG_USER_ONLY)
406 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
407 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
409 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
410 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
411 cpu_save, cpu_load, env);
412 assert(cc->vmsd == NULL);
413 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
415 if (cc->vmsd != NULL) {
416 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
420 #if defined(TARGET_HAS_ICE)
421 #if defined(CONFIG_USER_ONLY)
422 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
424 tb_invalidate_phys_page_range(pc, pc + 1, 0);
427 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
429 tb_invalidate_phys_addr(cpu_get_phys_page_debug(cpu, pc) |
430 (pc & ~TARGET_PAGE_MASK));
433 #endif /* TARGET_HAS_ICE */
435 #if defined(CONFIG_USER_ONLY)
436 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
441 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
442 int flags, CPUWatchpoint **watchpoint)
447 /* Add a watchpoint. */
448 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
449 int flags, CPUWatchpoint **watchpoint)
451 target_ulong len_mask = ~(len - 1);
454 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
455 if ((len & (len - 1)) || (addr & ~len_mask) ||
456 len == 0 || len > TARGET_PAGE_SIZE) {
457 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
458 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
461 wp = g_malloc(sizeof(*wp));
464 wp->len_mask = len_mask;
467 /* keep all GDB-injected watchpoints in front */
469 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
471 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
473 tlb_flush_page(env, addr);
480 /* Remove a specific watchpoint. */
481 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
484 target_ulong len_mask = ~(len - 1);
487 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
488 if (addr == wp->vaddr && len_mask == wp->len_mask
489 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
490 cpu_watchpoint_remove_by_ref(env, wp);
497 /* Remove a specific watchpoint by reference. */
498 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
500 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
502 tlb_flush_page(env, watchpoint->vaddr);
507 /* Remove all matching watchpoints. */
508 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
510 CPUWatchpoint *wp, *next;
512 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
513 if (wp->flags & mask)
514 cpu_watchpoint_remove_by_ref(env, wp);
519 /* Add a breakpoint. */
520 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
521 CPUBreakpoint **breakpoint)
523 #if defined(TARGET_HAS_ICE)
526 bp = g_malloc(sizeof(*bp));
531 /* keep all GDB-injected breakpoints in front */
532 if (flags & BP_GDB) {
533 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
535 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
538 breakpoint_invalidate(ENV_GET_CPU(env), pc);
549 /* Remove a specific breakpoint. */
550 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
552 #if defined(TARGET_HAS_ICE)
555 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
556 if (bp->pc == pc && bp->flags == flags) {
557 cpu_breakpoint_remove_by_ref(env, bp);
567 /* Remove a specific breakpoint by reference. */
568 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
570 #if defined(TARGET_HAS_ICE)
571 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
573 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
579 /* Remove all matching breakpoints. */
580 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
582 #if defined(TARGET_HAS_ICE)
583 CPUBreakpoint *bp, *next;
585 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
586 if (bp->flags & mask)
587 cpu_breakpoint_remove_by_ref(env, bp);
592 /* enable or disable single step mode. EXCP_DEBUG is returned by the
593 CPU loop after each instruction */
594 void cpu_single_step(CPUState *cpu, int enabled)
596 #if defined(TARGET_HAS_ICE)
597 if (cpu->singlestep_enabled != enabled) {
598 cpu->singlestep_enabled = enabled;
600 kvm_update_guest_debug(cpu, 0);
602 /* must flush all the translated code to avoid inconsistencies */
603 /* XXX: only flush what is necessary */
604 CPUArchState *env = cpu->env_ptr;
611 void cpu_abort(CPUArchState *env, const char *fmt, ...)
613 CPUState *cpu = ENV_GET_CPU(env);
619 fprintf(stderr, "qemu: fatal: ");
620 vfprintf(stderr, fmt, ap);
621 fprintf(stderr, "\n");
622 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
623 if (qemu_log_enabled()) {
624 qemu_log("qemu: fatal: ");
625 qemu_log_vprintf(fmt, ap2);
627 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
633 #if defined(CONFIG_USER_ONLY)
635 struct sigaction act;
636 sigfillset(&act.sa_mask);
637 act.sa_handler = SIG_DFL;
638 sigaction(SIGABRT, &act, NULL);
644 CPUArchState *cpu_copy(CPUArchState *env)
646 CPUArchState *new_env = cpu_init(env->cpu_model_str);
647 #if defined(TARGET_HAS_ICE)
652 /* Reset non arch specific state */
653 cpu_reset(ENV_GET_CPU(new_env));
655 /* Copy arch specific state into the new CPU */
656 memcpy(new_env, env, sizeof(CPUArchState));
658 /* Clone all break/watchpoints.
659 Note: Once we support ptrace with hw-debug register access, make sure
660 BP_CPU break/watchpoints are handled correctly on clone. */
661 QTAILQ_INIT(&env->breakpoints);
662 QTAILQ_INIT(&env->watchpoints);
663 #if defined(TARGET_HAS_ICE)
664 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
665 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
667 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
668 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
676 #if !defined(CONFIG_USER_ONLY)
677 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
682 /* we modify the TLB cache so that the dirty bit will be set again
683 when accessing the range */
684 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
685 /* Check that we don't span multiple blocks - this breaks the
686 address comparisons below. */
687 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
688 != (end - 1) - start) {
691 cpu_tlb_reset_dirty_all(start1, length);
695 /* Note: start and end must be within the same ram block. */
696 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
701 start &= TARGET_PAGE_MASK;
702 end = TARGET_PAGE_ALIGN(end);
704 length = end - start;
707 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
710 tlb_reset_dirty_range_all(start, end, length);
714 static int cpu_physical_memory_set_dirty_tracking(int enable)
717 in_migration = enable;
721 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
722 MemoryRegionSection *section,
724 hwaddr paddr, hwaddr xlat,
726 target_ulong *address)
731 if (memory_region_is_ram(section->mr)) {
733 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
735 if (!section->readonly) {
736 iotlb |= PHYS_SECTION_NOTDIRTY;
738 iotlb |= PHYS_SECTION_ROM;
741 iotlb = section - address_space_memory.dispatch->sections;
745 /* Make accesses to pages with watchpoints go via the
746 watchpoint trap routines. */
747 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
748 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
749 /* Avoid trapping reads of pages with a write breakpoint. */
750 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
751 iotlb = PHYS_SECTION_WATCH + paddr;
752 *address |= TLB_MMIO;
760 #endif /* defined(CONFIG_USER_ONLY) */
762 #if !defined(CONFIG_USER_ONLY)
764 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
766 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
768 static uint16_t phys_section_add(MemoryRegionSection *section)
770 /* The physical section number is ORed with a page-aligned
771 * pointer to produce the iotlb entries. Thus it should
772 * never overflow into the page-aligned value.
774 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
776 if (next_map.sections_nb == next_map.sections_nb_alloc) {
777 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
779 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
780 next_map.sections_nb_alloc);
782 next_map.sections[next_map.sections_nb] = *section;
783 memory_region_ref(section->mr);
784 return next_map.sections_nb++;
787 static void phys_section_destroy(MemoryRegion *mr)
789 memory_region_unref(mr);
792 subpage_t *subpage = container_of(mr, subpage_t, iomem);
793 memory_region_destroy(&subpage->iomem);
798 static void phys_sections_free(PhysPageMap *map)
800 while (map->sections_nb > 0) {
801 MemoryRegionSection *section = &map->sections[--map->sections_nb];
802 phys_section_destroy(section->mr);
804 g_free(map->sections);
809 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
812 hwaddr base = section->offset_within_address_space
814 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
815 next_map.nodes, next_map.sections);
816 MemoryRegionSection subsection = {
817 .offset_within_address_space = base,
818 .size = int128_make64(TARGET_PAGE_SIZE),
822 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
824 if (!(existing->mr->subpage)) {
825 subpage = subpage_init(d->as, base);
826 subsection.mr = &subpage->iomem;
827 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
828 phys_section_add(&subsection));
830 subpage = container_of(existing->mr, subpage_t, iomem);
832 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
833 end = start + int128_get64(section->size) - 1;
834 subpage_register(subpage, start, end, phys_section_add(section));
838 static void register_multipage(AddressSpaceDispatch *d,
839 MemoryRegionSection *section)
841 hwaddr start_addr = section->offset_within_address_space;
842 uint16_t section_index = phys_section_add(section);
843 uint64_t num_pages = int128_get64(int128_rshift(section->size,
847 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
850 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
852 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
853 AddressSpaceDispatch *d = as->next_dispatch;
854 MemoryRegionSection now = *section, remain = *section;
855 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
857 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
858 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
859 - now.offset_within_address_space;
861 now.size = int128_min(int128_make64(left), now.size);
862 register_subpage(d, &now);
864 now.size = int128_zero();
866 while (int128_ne(remain.size, now.size)) {
867 remain.size = int128_sub(remain.size, now.size);
868 remain.offset_within_address_space += int128_get64(now.size);
869 remain.offset_within_region += int128_get64(now.size);
871 if (int128_lt(remain.size, page_size)) {
872 register_subpage(d, &now);
873 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
874 now.size = page_size;
875 register_subpage(d, &now);
877 now.size = int128_and(now.size, int128_neg(page_size));
878 register_multipage(d, &now);
883 void qemu_flush_coalesced_mmio_buffer(void)
886 kvm_flush_coalesced_mmio_buffer();
889 void qemu_mutex_lock_ramlist(void)
891 qemu_mutex_lock(&ram_list.mutex);
894 void qemu_mutex_unlock_ramlist(void)
896 qemu_mutex_unlock(&ram_list.mutex);
899 #if defined(__linux__) && !defined(TARGET_S390X)
903 #define HUGETLBFS_MAGIC 0x958458f6
905 static long gethugepagesize(const char *path)
911 ret = statfs(path, &fs);
912 } while (ret != 0 && errno == EINTR);
919 if (fs.f_type != HUGETLBFS_MAGIC)
920 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
925 static void *file_ram_alloc(RAMBlock *block,
930 char *sanitized_name;
937 unsigned long hpagesize;
939 hpagesize = gethugepagesize(path);
944 if (memory < hpagesize) {
948 if (kvm_enabled() && !kvm_has_sync_mmu()) {
949 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
953 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
954 sanitized_name = g_strdup(block->mr->name);
955 for (c = sanitized_name; *c != '\0'; c++) {
960 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
962 g_free(sanitized_name);
964 fd = mkstemp(filename);
966 perror("unable to create backing store for hugepages");
973 memory = (memory+hpagesize-1) & ~(hpagesize-1);
976 * ftruncate is not supported by hugetlbfs in older
977 * hosts, so don't bother bailing out on errors.
978 * If anything goes wrong with it under other filesystems,
981 if (ftruncate(fd, memory))
985 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
986 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
987 * to sidestep this quirk.
989 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
990 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
992 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
994 if (area == MAP_FAILED) {
995 perror("file_ram_alloc: can't mmap RAM pages");
1004 static ram_addr_t find_ram_offset(ram_addr_t size)
1006 RAMBlock *block, *next_block;
1007 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1009 assert(size != 0); /* it would hand out same offset multiple times */
1011 if (QTAILQ_EMPTY(&ram_list.blocks))
1014 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1015 ram_addr_t end, next = RAM_ADDR_MAX;
1017 end = block->offset + block->length;
1019 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1020 if (next_block->offset >= end) {
1021 next = MIN(next, next_block->offset);
1024 if (next - end >= size && next - end < mingap) {
1026 mingap = next - end;
1030 if (offset == RAM_ADDR_MAX) {
1031 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1039 ram_addr_t last_ram_offset(void)
1042 ram_addr_t last = 0;
1044 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1045 last = MAX(last, block->offset + block->length);
1050 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1054 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1055 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1056 "dump-guest-core", true)) {
1057 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1059 perror("qemu_madvise");
1060 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1061 "but dump_guest_core=off specified\n");
1066 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1068 RAMBlock *new_block, *block;
1071 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1072 if (block->offset == addr) {
1078 assert(!new_block->idstr[0]);
1081 char *id = qdev_get_dev_path(dev);
1083 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1087 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1089 /* This assumes the iothread lock is taken here too. */
1090 qemu_mutex_lock_ramlist();
1091 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1092 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1093 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1098 qemu_mutex_unlock_ramlist();
1101 static int memory_try_enable_merging(void *addr, size_t len)
1103 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1104 /* disabled by the user */
1108 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1111 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1114 RAMBlock *block, *new_block;
1116 size = TARGET_PAGE_ALIGN(size);
1117 new_block = g_malloc0(sizeof(*new_block));
1119 /* This assumes the iothread lock is taken here too. */
1120 qemu_mutex_lock_ramlist();
1122 new_block->offset = find_ram_offset(size);
1124 new_block->host = host;
1125 new_block->flags |= RAM_PREALLOC_MASK;
1128 #if defined (__linux__) && !defined(TARGET_S390X)
1129 new_block->host = file_ram_alloc(new_block, size, mem_path);
1130 if (!new_block->host) {
1131 new_block->host = qemu_anon_ram_alloc(size);
1132 memory_try_enable_merging(new_block->host, size);
1135 fprintf(stderr, "-mem-path option unsupported\n");
1139 if (xen_enabled()) {
1140 xen_ram_alloc(new_block->offset, size, mr);
1141 } else if (kvm_enabled()) {
1142 /* some s390/kvm configurations have special constraints */
1143 new_block->host = kvm_ram_alloc(size);
1145 new_block->host = qemu_anon_ram_alloc(size);
1148 * In Hax, the qemu allocate the virtual address, and HAX kernel
1149 * populate the memory with physical memory. Currently we have no
1150 * paging, so user should make sure enough free memory in advance
1152 if (hax_enabled()) {
1154 ret = hax_populate_ram((uint64_t)new_block->host, size);
1156 fprintf(stderr, "Hax failed to populate ram\n");
1162 memory_try_enable_merging(new_block->host, size);
1165 new_block->length = size;
1167 /* Keep the list sorted from biggest to smallest block. */
1168 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1169 if (block->length < new_block->length) {
1174 QTAILQ_INSERT_BEFORE(block, new_block, next);
1176 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1178 ram_list.mru_block = NULL;
1181 qemu_mutex_unlock_ramlist();
1183 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1184 last_ram_offset() >> TARGET_PAGE_BITS);
1185 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1186 0, size >> TARGET_PAGE_BITS);
1187 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1189 qemu_ram_setup_dump(new_block->host, size);
1190 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1191 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1194 kvm_setup_guest_memory(new_block->host, size);
1196 return new_block->offset;
1199 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1201 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1204 void qemu_ram_free_from_ptr(ram_addr_t addr)
1208 /* This assumes the iothread lock is taken here too. */
1209 qemu_mutex_lock_ramlist();
1210 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1211 if (addr == block->offset) {
1212 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1213 ram_list.mru_block = NULL;
1219 qemu_mutex_unlock_ramlist();
1222 void qemu_ram_free(ram_addr_t addr)
1226 /* This assumes the iothread lock is taken here too. */
1227 qemu_mutex_lock_ramlist();
1228 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1229 if (addr == block->offset) {
1230 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1231 ram_list.mru_block = NULL;
1233 if (block->flags & RAM_PREALLOC_MASK) {
1235 } else if (mem_path) {
1236 #if defined (__linux__) && !defined(TARGET_S390X)
1238 munmap(block->host, block->length);
1241 qemu_anon_ram_free(block->host, block->length);
1247 if (xen_enabled()) {
1248 xen_invalidate_map_cache_entry(block->host);
1250 qemu_anon_ram_free(block->host, block->length);
1257 qemu_mutex_unlock_ramlist();
1262 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1269 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1270 offset = addr - block->offset;
1271 if (offset < block->length) {
1272 vaddr = block->host + offset;
1273 if (block->flags & RAM_PREALLOC_MASK) {
1277 munmap(vaddr, length);
1279 #if defined(__linux__) && !defined(TARGET_S390X)
1282 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1285 flags |= MAP_PRIVATE;
1287 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1288 flags, block->fd, offset);
1290 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1291 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1298 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1299 flags |= MAP_SHARED | MAP_ANONYMOUS;
1300 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1303 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1304 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1308 if (area != vaddr) {
1309 fprintf(stderr, "Could not remap addr: "
1310 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1314 memory_try_enable_merging(vaddr, length);
1315 qemu_ram_setup_dump(vaddr, length);
1321 #endif /* !_WIN32 */
1323 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1327 /* The list is protected by the iothread lock here. */
1328 block = ram_list.mru_block;
1329 if (block && addr - block->offset < block->length) {
1332 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1333 if (addr - block->offset < block->length) {
1338 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1342 ram_list.mru_block = block;
1346 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1347 With the exception of the softmmu code in this file, this should
1348 only be used for local memory (e.g. video ram) that the device owns,
1349 and knows it isn't going to access beyond the end of the block.
1351 It should not be used for general purpose DMA.
1352 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1354 void *qemu_get_ram_ptr(ram_addr_t addr)
1356 RAMBlock *block = qemu_get_ram_block(addr);
1358 if (xen_enabled()) {
1359 /* We need to check if the requested address is in the RAM
1360 * because we don't want to map the entire memory in QEMU.
1361 * In that case just map until the end of the page.
1363 if (block->offset == 0) {
1364 return xen_map_cache(addr, 0, 0);
1365 } else if (block->host == NULL) {
1367 xen_map_cache(block->offset, block->length, 1);
1370 return block->host + (addr - block->offset);
1373 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1374 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1376 * ??? Is this still necessary?
1378 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1382 /* The list is protected by the iothread lock here. */
1383 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1384 if (addr - block->offset < block->length) {
1385 if (xen_enabled()) {
1386 /* We need to check if the requested address is in the RAM
1387 * because we don't want to map the entire memory in QEMU.
1388 * In that case just map until the end of the page.
1390 if (block->offset == 0) {
1391 return xen_map_cache(addr, 0, 0);
1392 } else if (block->host == NULL) {
1394 xen_map_cache(block->offset, block->length, 1);
1397 return block->host + (addr - block->offset);
1401 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1407 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1408 * but takes a size argument */
1409 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1414 if (xen_enabled()) {
1415 return xen_map_cache(addr, *size, 1);
1419 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1420 if (addr - block->offset < block->length) {
1421 if (addr - block->offset + *size > block->length)
1422 *size = block->length - addr + block->offset;
1423 return block->host + (addr - block->offset);
1427 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1432 /* Some of the softmmu routines need to translate from a host pointer
1433 (typically a TLB entry) back to a ram offset. */
1434 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1437 uint8_t *host = ptr;
1439 if (xen_enabled()) {
1440 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1441 return qemu_get_ram_block(*ram_addr)->mr;
1444 block = ram_list.mru_block;
1445 if (block && block->host && host - block->host < block->length) {
1449 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1450 /* This case append when the block is not mapped. */
1451 if (block->host == NULL) {
1454 if (host - block->host < block->length) {
1462 *ram_addr = block->offset + (host - block->host);
1466 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1467 uint64_t val, unsigned size)
1470 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1471 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1472 tb_invalidate_phys_page_fast(ram_addr, size);
1473 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1477 stb_p(qemu_get_ram_ptr(ram_addr), val);
1480 stw_p(qemu_get_ram_ptr(ram_addr), val);
1483 stl_p(qemu_get_ram_ptr(ram_addr), val);
1488 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1489 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1490 /* we remove the notdirty callback only if the code has been
1492 if (dirty_flags == 0xff) {
1493 CPUArchState *env = current_cpu->env_ptr;
1494 tlb_set_dirty(env, env->mem_io_vaddr);
1498 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1499 unsigned size, bool is_write)
1504 static const MemoryRegionOps notdirty_mem_ops = {
1505 .write = notdirty_mem_write,
1506 .valid.accepts = notdirty_mem_accepts,
1507 .endianness = DEVICE_NATIVE_ENDIAN,
1510 /* Generate a debug exception if a watchpoint has been hit. */
1511 static void check_watchpoint(int offset, int len_mask, int flags)
1513 CPUArchState *env = current_cpu->env_ptr;
1514 target_ulong pc, cs_base;
1519 if (env->watchpoint_hit) {
1520 /* We re-entered the check after replacing the TB. Now raise
1521 * the debug interrupt so that is will trigger after the
1522 * current instruction. */
1523 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1526 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1527 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1528 if ((vaddr == (wp->vaddr & len_mask) ||
1529 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1530 wp->flags |= BP_WATCHPOINT_HIT;
1531 if (!env->watchpoint_hit) {
1532 env->watchpoint_hit = wp;
1533 tb_check_watchpoint(env);
1534 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1535 env->exception_index = EXCP_DEBUG;
1538 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1539 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1540 cpu_resume_from_signal(env, NULL);
1544 wp->flags &= ~BP_WATCHPOINT_HIT;
1549 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1550 so these check for a hit then pass through to the normal out-of-line
1552 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1555 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1557 case 1: return ldub_phys(addr);
1558 case 2: return lduw_phys(addr);
1559 case 4: return ldl_phys(addr);
1564 static void watch_mem_write(void *opaque, hwaddr addr,
1565 uint64_t val, unsigned size)
1567 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1570 stb_phys(addr, val);
1573 stw_phys(addr, val);
1576 stl_phys(addr, val);
1582 static const MemoryRegionOps watch_mem_ops = {
1583 .read = watch_mem_read,
1584 .write = watch_mem_write,
1585 .endianness = DEVICE_NATIVE_ENDIAN,
1588 static uint64_t subpage_read(void *opaque, hwaddr addr,
1591 subpage_t *subpage = opaque;
1594 #if defined(DEBUG_SUBPAGE)
1595 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1596 subpage, len, addr);
1598 address_space_read(subpage->as, addr + subpage->base, buf, len);
1611 static void subpage_write(void *opaque, hwaddr addr,
1612 uint64_t value, unsigned len)
1614 subpage_t *subpage = opaque;
1617 #if defined(DEBUG_SUBPAGE)
1618 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1619 " value %"PRIx64"\n",
1620 __func__, subpage, len, addr, value);
1635 address_space_write(subpage->as, addr + subpage->base, buf, len);
1638 static bool subpage_accepts(void *opaque, hwaddr addr,
1639 unsigned size, bool is_write)
1641 subpage_t *subpage = opaque;
1642 #if defined(DEBUG_SUBPAGE)
1643 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1644 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1647 return address_space_access_valid(subpage->as, addr + subpage->base,
1651 static const MemoryRegionOps subpage_ops = {
1652 .read = subpage_read,
1653 .write = subpage_write,
1654 .valid.accepts = subpage_accepts,
1655 .endianness = DEVICE_NATIVE_ENDIAN,
1658 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1663 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1665 idx = SUBPAGE_IDX(start);
1666 eidx = SUBPAGE_IDX(end);
1667 #if defined(DEBUG_SUBPAGE)
1668 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1669 mmio, start, end, idx, eidx, memory);
1671 for (; idx <= eidx; idx++) {
1672 mmio->sub_section[idx] = section;
1678 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1682 mmio = g_malloc0(sizeof(subpage_t));
1686 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1687 "subpage", TARGET_PAGE_SIZE);
1688 mmio->iomem.subpage = true;
1689 #if defined(DEBUG_SUBPAGE)
1690 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1691 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1693 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1698 static uint16_t dummy_section(MemoryRegion *mr)
1700 MemoryRegionSection section = {
1702 .offset_within_address_space = 0,
1703 .offset_within_region = 0,
1704 .size = int128_2_64(),
1707 return phys_section_add(§ion);
1710 MemoryRegion *iotlb_to_region(hwaddr index)
1712 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1715 static void io_mem_init(void)
1717 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1718 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1719 "unassigned", UINT64_MAX);
1720 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1721 "notdirty", UINT64_MAX);
1722 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1723 "watch", UINT64_MAX);
1726 static void mem_begin(MemoryListener *listener)
1728 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1729 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1731 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1733 as->next_dispatch = d;
1736 static void mem_commit(MemoryListener *listener)
1738 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1739 AddressSpaceDispatch *cur = as->dispatch;
1740 AddressSpaceDispatch *next = as->next_dispatch;
1742 next->nodes = next_map.nodes;
1743 next->sections = next_map.sections;
1745 as->dispatch = next;
1749 static void core_begin(MemoryListener *listener)
1753 prev_map = g_new(PhysPageMap, 1);
1754 *prev_map = next_map;
1756 memset(&next_map, 0, sizeof(next_map));
1757 n = dummy_section(&io_mem_unassigned);
1758 assert(n == PHYS_SECTION_UNASSIGNED);
1759 n = dummy_section(&io_mem_notdirty);
1760 assert(n == PHYS_SECTION_NOTDIRTY);
1761 n = dummy_section(&io_mem_rom);
1762 assert(n == PHYS_SECTION_ROM);
1763 n = dummy_section(&io_mem_watch);
1764 assert(n == PHYS_SECTION_WATCH);
1767 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1768 * All AddressSpaceDispatch instances have switched to the next map.
1770 static void core_commit(MemoryListener *listener)
1772 phys_sections_free(prev_map);
1775 static void tcg_commit(MemoryListener *listener)
1779 /* since each CPU stores ram addresses in its TLB cache, we must
1780 reset the modified entries */
1782 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1783 CPUArchState *env = cpu->env_ptr;
1789 static void core_log_global_start(MemoryListener *listener)
1791 cpu_physical_memory_set_dirty_tracking(1);
1794 static void core_log_global_stop(MemoryListener *listener)
1796 cpu_physical_memory_set_dirty_tracking(0);
1799 static MemoryListener core_memory_listener = {
1800 .begin = core_begin,
1801 .commit = core_commit,
1802 .log_global_start = core_log_global_start,
1803 .log_global_stop = core_log_global_stop,
1807 static MemoryListener tcg_memory_listener = {
1808 .commit = tcg_commit,
1811 void address_space_init_dispatch(AddressSpace *as)
1813 as->dispatch = NULL;
1814 as->dispatch_listener = (MemoryListener) {
1816 .commit = mem_commit,
1817 .region_add = mem_add,
1818 .region_nop = mem_add,
1821 memory_listener_register(&as->dispatch_listener, as);
1824 void address_space_destroy_dispatch(AddressSpace *as)
1826 AddressSpaceDispatch *d = as->dispatch;
1828 memory_listener_unregister(&as->dispatch_listener);
1830 as->dispatch = NULL;
1833 static void memory_map_init(void)
1835 system_memory = g_malloc(sizeof(*system_memory));
1836 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1837 address_space_init(&address_space_memory, system_memory, "memory");
1839 system_io = g_malloc(sizeof(*system_io));
1840 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1842 address_space_init(&address_space_io, system_io, "I/O");
1844 memory_listener_register(&core_memory_listener, &address_space_memory);
1845 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1848 MemoryRegion *get_system_memory(void)
1850 return system_memory;
1853 MemoryRegion *get_system_io(void)
1858 #endif /* !defined(CONFIG_USER_ONLY) */
1860 /* physical memory access (slow version, mainly for debug) */
1861 #if defined(CONFIG_USER_ONLY)
1862 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1863 uint8_t *buf, int len, int is_write)
1870 page = addr & TARGET_PAGE_MASK;
1871 l = (page + TARGET_PAGE_SIZE) - addr;
1874 flags = page_get_flags(page);
1875 if (!(flags & PAGE_VALID))
1878 if (!(flags & PAGE_WRITE))
1880 /* XXX: this code should not depend on lock_user */
1881 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1884 unlock_user(p, addr, l);
1886 if (!(flags & PAGE_READ))
1888 /* XXX: this code should not depend on lock_user */
1889 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1892 unlock_user(p, addr, 0);
1903 static void invalidate_and_set_dirty(hwaddr addr,
1906 if (!cpu_physical_memory_is_dirty(addr)) {
1907 /* invalidate code */
1908 tb_invalidate_phys_page_range(addr, addr + length, 0);
1910 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1912 xen_modified_memory(addr, length);
1915 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1917 if (memory_region_is_ram(mr)) {
1918 return !(is_write && mr->readonly);
1920 if (memory_region_is_romd(mr)) {
1927 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1929 unsigned access_size_max = mr->ops->valid.max_access_size;
1931 /* Regions are assumed to support 1-4 byte accesses unless
1932 otherwise specified. */
1933 if (access_size_max == 0) {
1934 access_size_max = 4;
1937 /* Bound the maximum access by the alignment of the address. */
1938 if (!mr->ops->impl.unaligned) {
1939 unsigned align_size_max = addr & -addr;
1940 if (align_size_max != 0 && align_size_max < access_size_max) {
1941 access_size_max = align_size_max;
1945 /* Don't attempt accesses larger than the maximum. */
1946 if (l > access_size_max) {
1947 l = access_size_max;
1950 l = 1 << (qemu_fls(l) - 1);
1956 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1957 int len, bool is_write)
1968 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1971 if (!memory_access_is_direct(mr, is_write)) {
1972 l = memory_access_size(mr, l, addr1);
1973 /* XXX: could force current_cpu to NULL to avoid
1977 /* 64 bit write access */
1979 error |= io_mem_write(mr, addr1, val, 8);
1982 /* 32 bit write access */
1984 error |= io_mem_write(mr, addr1, val, 4);
1987 /* 16 bit write access */
1989 error |= io_mem_write(mr, addr1, val, 2);
1992 /* 8 bit write access */
1994 error |= io_mem_write(mr, addr1, val, 1);
2000 addr1 += memory_region_get_ram_addr(mr);
2002 ptr = qemu_get_ram_ptr(addr1);
2003 memcpy(ptr, buf, l);
2004 invalidate_and_set_dirty(addr1, l);
2007 if (!memory_access_is_direct(mr, is_write)) {
2009 l = memory_access_size(mr, l, addr1);
2012 /* 64 bit read access */
2013 error |= io_mem_read(mr, addr1, &val, 8);
2017 /* 32 bit read access */
2018 error |= io_mem_read(mr, addr1, &val, 4);
2022 /* 16 bit read access */
2023 error |= io_mem_read(mr, addr1, &val, 2);
2027 /* 8 bit read access */
2028 error |= io_mem_read(mr, addr1, &val, 1);
2036 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2037 memcpy(buf, ptr, l);
2048 bool address_space_write(AddressSpace *as, hwaddr addr,
2049 const uint8_t *buf, int len)
2051 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2054 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2056 return address_space_rw(as, addr, buf, len, false);
2060 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2061 int len, int is_write)
2063 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2066 /* used for ROM loading : can write in RAM and ROM */
2067 void cpu_physical_memory_write_rom(hwaddr addr,
2068 const uint8_t *buf, int len)
2077 mr = address_space_translate(&address_space_memory,
2078 addr, &addr1, &l, true);
2080 if (!(memory_region_is_ram(mr) ||
2081 memory_region_is_romd(mr))) {
2084 addr1 += memory_region_get_ram_addr(mr);
2086 ptr = qemu_get_ram_ptr(addr1);
2087 memcpy(ptr, buf, l);
2088 invalidate_and_set_dirty(addr1, l);
2103 static BounceBuffer bounce;
2105 typedef struct MapClient {
2107 void (*callback)(void *opaque);
2108 QLIST_ENTRY(MapClient) link;
2111 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2112 = QLIST_HEAD_INITIALIZER(map_client_list);
2114 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2116 MapClient *client = g_malloc(sizeof(*client));
2118 client->opaque = opaque;
2119 client->callback = callback;
2120 QLIST_INSERT_HEAD(&map_client_list, client, link);
2124 static void cpu_unregister_map_client(void *_client)
2126 MapClient *client = (MapClient *)_client;
2128 QLIST_REMOVE(client, link);
2132 static void cpu_notify_map_clients(void)
2136 while (!QLIST_EMPTY(&map_client_list)) {
2137 client = QLIST_FIRST(&map_client_list);
2138 client->callback(client->opaque);
2139 cpu_unregister_map_client(client);
2143 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2150 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2151 if (!memory_access_is_direct(mr, is_write)) {
2152 l = memory_access_size(mr, l, addr);
2153 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2164 /* Map a physical memory region into a host virtual address.
2165 * May map a subset of the requested range, given by and returned in *plen.
2166 * May return NULL if resources needed to perform the mapping are exhausted.
2167 * Use only for reads OR writes - not for read-modify-write operations.
2168 * Use cpu_register_map_client() to know when retrying the map operation is
2169 * likely to succeed.
2171 void *address_space_map(AddressSpace *as,
2178 hwaddr l, xlat, base;
2179 MemoryRegion *mr, *this_mr;
2187 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2188 if (!memory_access_is_direct(mr, is_write)) {
2189 if (bounce.buffer) {
2192 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2196 memory_region_ref(mr);
2199 address_space_read(as, addr, bounce.buffer, l);
2203 return bounce.buffer;
2207 raddr = memory_region_get_ram_addr(mr);
2218 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2219 if (this_mr != mr || xlat != base + done) {
2224 memory_region_ref(mr);
2226 return qemu_ram_ptr_length(raddr + base, plen);
2229 /* Unmaps a memory region previously mapped by address_space_map().
2230 * Will also mark the memory as dirty if is_write == 1. access_len gives
2231 * the amount of memory that was actually read or written by the caller.
2233 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2234 int is_write, hwaddr access_len)
2236 if (buffer != bounce.buffer) {
2240 mr = qemu_ram_addr_from_host(buffer, &addr1);
2243 while (access_len) {
2245 l = TARGET_PAGE_SIZE;
2248 invalidate_and_set_dirty(addr1, l);
2253 if (xen_enabled()) {
2254 xen_invalidate_map_cache_entry(buffer);
2256 memory_region_unref(mr);
2260 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2262 qemu_vfree(bounce.buffer);
2263 bounce.buffer = NULL;
2264 memory_region_unref(bounce.mr);
2265 cpu_notify_map_clients();
2268 void *cpu_physical_memory_map(hwaddr addr,
2272 return address_space_map(&address_space_memory, addr, plen, is_write);
2275 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2276 int is_write, hwaddr access_len)
2278 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2281 /* warning: addr must be aligned */
2282 static inline uint32_t ldl_phys_internal(hwaddr addr,
2283 enum device_endian endian)
2291 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2293 if (l < 4 || !memory_access_is_direct(mr, false)) {
2295 io_mem_read(mr, addr1, &val, 4);
2296 #if defined(TARGET_WORDS_BIGENDIAN)
2297 if (endian == DEVICE_LITTLE_ENDIAN) {
2301 if (endian == DEVICE_BIG_ENDIAN) {
2307 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2311 case DEVICE_LITTLE_ENDIAN:
2312 val = ldl_le_p(ptr);
2314 case DEVICE_BIG_ENDIAN:
2315 val = ldl_be_p(ptr);
2325 uint32_t ldl_phys(hwaddr addr)
2327 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2330 uint32_t ldl_le_phys(hwaddr addr)
2332 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2335 uint32_t ldl_be_phys(hwaddr addr)
2337 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2340 /* warning: addr must be aligned */
2341 static inline uint64_t ldq_phys_internal(hwaddr addr,
2342 enum device_endian endian)
2350 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2352 if (l < 8 || !memory_access_is_direct(mr, false)) {
2354 io_mem_read(mr, addr1, &val, 8);
2355 #if defined(TARGET_WORDS_BIGENDIAN)
2356 if (endian == DEVICE_LITTLE_ENDIAN) {
2360 if (endian == DEVICE_BIG_ENDIAN) {
2366 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2370 case DEVICE_LITTLE_ENDIAN:
2371 val = ldq_le_p(ptr);
2373 case DEVICE_BIG_ENDIAN:
2374 val = ldq_be_p(ptr);
2384 uint64_t ldq_phys(hwaddr addr)
2386 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2389 uint64_t ldq_le_phys(hwaddr addr)
2391 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2394 uint64_t ldq_be_phys(hwaddr addr)
2396 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2400 uint32_t ldub_phys(hwaddr addr)
2403 cpu_physical_memory_read(addr, &val, 1);
2407 /* warning: addr must be aligned */
2408 static inline uint32_t lduw_phys_internal(hwaddr addr,
2409 enum device_endian endian)
2417 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2419 if (l < 2 || !memory_access_is_direct(mr, false)) {
2421 io_mem_read(mr, addr1, &val, 2);
2422 #if defined(TARGET_WORDS_BIGENDIAN)
2423 if (endian == DEVICE_LITTLE_ENDIAN) {
2427 if (endian == DEVICE_BIG_ENDIAN) {
2433 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2437 case DEVICE_LITTLE_ENDIAN:
2438 val = lduw_le_p(ptr);
2440 case DEVICE_BIG_ENDIAN:
2441 val = lduw_be_p(ptr);
2451 uint32_t lduw_phys(hwaddr addr)
2453 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2456 uint32_t lduw_le_phys(hwaddr addr)
2458 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2461 uint32_t lduw_be_phys(hwaddr addr)
2463 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2466 /* warning: addr must be aligned. The ram page is not masked as dirty
2467 and the code inside is not invalidated. It is useful if the dirty
2468 bits are used to track modified PTEs */
2469 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2476 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2478 if (l < 4 || !memory_access_is_direct(mr, true)) {
2479 io_mem_write(mr, addr1, val, 4);
2481 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2482 ptr = qemu_get_ram_ptr(addr1);
2485 if (unlikely(in_migration)) {
2486 if (!cpu_physical_memory_is_dirty(addr1)) {
2487 /* invalidate code */
2488 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2490 cpu_physical_memory_set_dirty_flags(
2491 addr1, (0xff & ~CODE_DIRTY_FLAG));
2497 /* warning: addr must be aligned */
2498 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2499 enum device_endian endian)
2506 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2508 if (l < 4 || !memory_access_is_direct(mr, true)) {
2509 #if defined(TARGET_WORDS_BIGENDIAN)
2510 if (endian == DEVICE_LITTLE_ENDIAN) {
2514 if (endian == DEVICE_BIG_ENDIAN) {
2518 io_mem_write(mr, addr1, val, 4);
2521 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2522 ptr = qemu_get_ram_ptr(addr1);
2524 case DEVICE_LITTLE_ENDIAN:
2527 case DEVICE_BIG_ENDIAN:
2534 invalidate_and_set_dirty(addr1, 4);
2538 void stl_phys(hwaddr addr, uint32_t val)
2540 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2543 void stl_le_phys(hwaddr addr, uint32_t val)
2545 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2548 void stl_be_phys(hwaddr addr, uint32_t val)
2550 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2554 void stb_phys(hwaddr addr, uint32_t val)
2557 cpu_physical_memory_write(addr, &v, 1);
2560 /* warning: addr must be aligned */
2561 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2562 enum device_endian endian)
2569 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2571 if (l < 2 || !memory_access_is_direct(mr, true)) {
2572 #if defined(TARGET_WORDS_BIGENDIAN)
2573 if (endian == DEVICE_LITTLE_ENDIAN) {
2577 if (endian == DEVICE_BIG_ENDIAN) {
2581 io_mem_write(mr, addr1, val, 2);
2584 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2585 ptr = qemu_get_ram_ptr(addr1);
2587 case DEVICE_LITTLE_ENDIAN:
2590 case DEVICE_BIG_ENDIAN:
2597 invalidate_and_set_dirty(addr1, 2);
2601 void stw_phys(hwaddr addr, uint32_t val)
2603 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2606 void stw_le_phys(hwaddr addr, uint32_t val)
2608 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2611 void stw_be_phys(hwaddr addr, uint32_t val)
2613 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2617 void stq_phys(hwaddr addr, uint64_t val)
2620 cpu_physical_memory_write(addr, &val, 8);
2623 void stq_le_phys(hwaddr addr, uint64_t val)
2625 val = cpu_to_le64(val);
2626 cpu_physical_memory_write(addr, &val, 8);
2629 void stq_be_phys(hwaddr addr, uint64_t val)
2631 val = cpu_to_be64(val);
2632 cpu_physical_memory_write(addr, &val, 8);
2635 /* virtual memory access for debug (includes writing to ROM) */
2636 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2637 uint8_t *buf, int len, int is_write)
2644 page = addr & TARGET_PAGE_MASK;
2645 phys_addr = cpu_get_phys_page_debug(cpu, page);
2646 /* if no physical page mapped, return an error */
2647 if (phys_addr == -1)
2649 l = (page + TARGET_PAGE_SIZE) - addr;
2652 phys_addr += (addr & ~TARGET_PAGE_MASK);
2654 cpu_physical_memory_write_rom(phys_addr, buf, l);
2656 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2665 #if !defined(CONFIG_USER_ONLY)
2668 * A helper function for the _utterly broken_ virtio device model to find out if
2669 * it's running on a big endian machine. Don't do this at home kids!
2671 bool virtio_is_big_endian(void);
2672 bool virtio_is_big_endian(void)
2674 #if defined(TARGET_WORDS_BIGENDIAN)
2683 #ifndef CONFIG_USER_ONLY
2684 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2689 mr = address_space_translate(&address_space_memory,
2690 phys_addr, &phys_addr, &l, false);
2692 return !(memory_region_is_ram(mr) ||
2693 memory_region_is_romd(mr));
2696 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2700 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2701 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob