4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
85 #define RAM_RESIZEABLE (1 << 2)
87 /* An extra page is mapped on top of this RAM.
89 #define RAM_EXTRA (1 << 3)
92 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
93 /* current CPU in the current thread. It is only valid inside
95 __thread CPUState *current_cpu;
96 /* 0 = Do not count executed instructions.
97 1 = Precise instruction counting.
98 2 = Adaptive rate instruction counting. */
101 #if !defined(CONFIG_USER_ONLY)
103 typedef struct PhysPageEntry PhysPageEntry;
105 struct PhysPageEntry {
106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
112 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114 /* Size of the L2 (and L3, etc) page tables. */
115 #define ADDR_SPACE_BITS 64
118 #define P_L2_SIZE (1 << P_L2_BITS)
120 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122 typedef PhysPageEntry Node[P_L2_SIZE];
124 typedef struct PhysPageMap {
127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
130 unsigned nodes_nb_alloc;
132 MemoryRegionSection *sections;
135 struct AddressSpaceDispatch {
138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
141 PhysPageEntry phys_map;
146 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147 typedef struct subpage_t {
151 uint16_t sub_section[TARGET_PAGE_SIZE];
154 #define PHYS_SECTION_UNASSIGNED 0
155 #define PHYS_SECTION_NOTDIRTY 1
156 #define PHYS_SECTION_ROM 2
157 #define PHYS_SECTION_WATCH 3
159 static void io_mem_init(void);
160 static void memory_map_init(void);
161 static void tcg_commit(MemoryListener *listener);
163 static MemoryRegion io_mem_watch;
166 #if !defined(CONFIG_USER_ONLY)
168 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
170 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
171 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
172 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
173 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
177 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
184 ret = map->nodes_nb++;
186 assert(ret != PHYS_MAP_NODE_NIL);
187 assert(ret != map->nodes_nb_alloc);
189 e.skip = leaf ? 0 : 1;
190 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
191 for (i = 0; i < P_L2_SIZE; ++i) {
192 memcpy(&p[i], &e, sizeof(e));
197 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
198 hwaddr *index, hwaddr *nb, uint16_t leaf,
202 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
204 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
205 lp->ptr = phys_map_node_alloc(map, level == 0);
207 p = map->nodes[lp->ptr];
208 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
210 while (*nb && lp < &p[P_L2_SIZE]) {
211 if ((*index & (step - 1)) == 0 && *nb >= step) {
217 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
223 static void phys_page_set(AddressSpaceDispatch *d,
224 hwaddr index, hwaddr nb,
227 /* Wildly overreserve - it doesn't matter much. */
228 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
230 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
233 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
234 * and update our entry so we can skip it and go directly to the destination.
236 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
238 unsigned valid_ptr = P_L2_SIZE;
243 if (lp->ptr == PHYS_MAP_NODE_NIL) {
248 for (i = 0; i < P_L2_SIZE; i++) {
249 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
256 phys_page_compact(&p[i], nodes, compacted);
260 /* We can only compress if there's only one child. */
265 assert(valid_ptr < P_L2_SIZE);
267 /* Don't compress if it won't fit in the # of bits we have. */
268 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
272 lp->ptr = p[valid_ptr].ptr;
273 if (!p[valid_ptr].skip) {
274 /* If our only child is a leaf, make this a leaf. */
275 /* By design, we should have made this node a leaf to begin with so we
276 * should never reach here.
277 * But since it's so simple to handle this, let's do it just in case we
282 lp->skip += p[valid_ptr].skip;
286 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
288 DECLARE_BITMAP(compacted, nodes_nb);
290 if (d->phys_map.skip) {
291 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
295 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
296 Node *nodes, MemoryRegionSection *sections)
299 hwaddr index = addr >> TARGET_PAGE_BITS;
302 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
303 if (lp.ptr == PHYS_MAP_NODE_NIL) {
304 return §ions[PHYS_SECTION_UNASSIGNED];
307 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
310 if (sections[lp.ptr].size.hi ||
311 range_covers_byte(sections[lp.ptr].offset_within_address_space,
312 sections[lp.ptr].size.lo, addr)) {
313 return §ions[lp.ptr];
315 return §ions[PHYS_SECTION_UNASSIGNED];
319 bool memory_region_is_unassigned(MemoryRegion *mr)
321 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
322 && mr != &io_mem_watch;
325 /* Called from RCU critical section */
326 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
328 bool resolve_subpage)
330 MemoryRegionSection *section;
333 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
334 if (resolve_subpage && section->mr->subpage) {
335 subpage = container_of(section->mr, subpage_t, iomem);
336 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
341 /* Called from RCU critical section */
342 static MemoryRegionSection *
343 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
344 hwaddr *plen, bool resolve_subpage)
346 MemoryRegionSection *section;
350 section = address_space_lookup_region(d, addr, resolve_subpage);
351 /* Compute offset within MemoryRegionSection */
352 addr -= section->offset_within_address_space;
354 /* Compute offset within MemoryRegion */
355 *xlat = addr + section->offset_within_region;
359 /* MMIO registers can be expected to perform full-width accesses based only
360 * on their address, without considering adjacent registers that could
361 * decode to completely different MemoryRegions. When such registers
362 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
363 * regions overlap wildly. For this reason we cannot clamp the accesses
366 * If the length is small (as is the case for address_space_ldl/stl),
367 * everything works fine. If the incoming length is large, however,
368 * the caller really has to do the clamping through memory_access_size.
370 if (memory_region_is_ram(mr)) {
371 diff = int128_sub(section->size, int128_make64(addr));
372 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
377 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
379 if (memory_region_is_ram(mr)) {
380 return !(is_write && mr->readonly);
382 if (memory_region_is_romd(mr)) {
389 /* Called from RCU critical section */
390 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
391 hwaddr *xlat, hwaddr *plen,
395 MemoryRegionSection *section;
399 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
400 section = address_space_translate_internal(d, addr, &addr, plen, true);
403 if (!mr->iommu_ops) {
407 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
408 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
409 | (addr & iotlb.addr_mask));
410 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
411 if (!(iotlb.perm & (1 << is_write))) {
412 mr = &io_mem_unassigned;
416 as = iotlb.target_as;
419 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
420 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
421 *plen = MIN(page, *plen);
428 /* Called from RCU critical section */
429 MemoryRegionSection *
430 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
431 hwaddr *xlat, hwaddr *plen)
433 MemoryRegionSection *section;
434 section = address_space_translate_internal(cpu->memory_dispatch,
435 addr, xlat, plen, false);
437 assert(!section->mr->iommu_ops);
442 #if !defined(CONFIG_USER_ONLY)
444 static int cpu_common_post_load(void *opaque, int version_id)
446 CPUState *cpu = opaque;
448 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
449 version_id is increased. */
450 cpu->interrupt_request &= ~0x01;
456 static int cpu_common_pre_load(void *opaque)
458 CPUState *cpu = opaque;
460 cpu->exception_index = -1;
465 static bool cpu_common_exception_index_needed(void *opaque)
467 CPUState *cpu = opaque;
469 return tcg_enabled() && cpu->exception_index != -1;
472 static const VMStateDescription vmstate_cpu_common_exception_index = {
473 .name = "cpu_common/exception_index",
475 .minimum_version_id = 1,
476 .needed = cpu_common_exception_index_needed,
477 .fields = (VMStateField[]) {
478 VMSTATE_INT32(exception_index, CPUState),
479 VMSTATE_END_OF_LIST()
483 static bool cpu_common_crash_occurred_needed(void *opaque)
485 CPUState *cpu = opaque;
487 return cpu->crash_occurred;
490 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
491 .name = "cpu_common/crash_occurred",
493 .minimum_version_id = 1,
494 .needed = cpu_common_crash_occurred_needed,
495 .fields = (VMStateField[]) {
496 VMSTATE_BOOL(crash_occurred, CPUState),
497 VMSTATE_END_OF_LIST()
501 const VMStateDescription vmstate_cpu_common = {
502 .name = "cpu_common",
504 .minimum_version_id = 1,
505 .pre_load = cpu_common_pre_load,
506 .post_load = cpu_common_post_load,
507 .fields = (VMStateField[]) {
508 VMSTATE_UINT32(halted, CPUState),
509 VMSTATE_UINT32(interrupt_request, CPUState),
510 VMSTATE_END_OF_LIST()
512 .subsections = (const VMStateDescription*[]) {
513 &vmstate_cpu_common_exception_index,
514 &vmstate_cpu_common_crash_occurred,
521 CPUState *qemu_get_cpu(int index)
526 if (cpu->cpu_index == index) {
534 #if !defined(CONFIG_USER_ONLY)
535 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
537 /* We only support one address space per cpu at the moment. */
538 assert(cpu->as == as);
540 if (cpu->tcg_as_listener) {
541 memory_listener_unregister(cpu->tcg_as_listener);
543 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
545 cpu->tcg_as_listener->commit = tcg_commit;
546 memory_listener_register(cpu->tcg_as_listener, as);
550 #ifndef CONFIG_USER_ONLY
551 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
553 static int cpu_get_free_index(Error **errp)
555 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
557 if (cpu >= MAX_CPUMASK_BITS) {
558 error_setg(errp, "Trying to use more CPUs than max of %d",
563 bitmap_set(cpu_index_map, cpu, 1);
567 void cpu_exec_exit(CPUState *cpu)
569 if (cpu->cpu_index == -1) {
570 /* cpu_index was never allocated by this @cpu or was already freed. */
574 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
579 static int cpu_get_free_index(Error **errp)
584 CPU_FOREACH(some_cpu) {
590 void cpu_exec_exit(CPUState *cpu)
595 void cpu_exec_init(CPUState *cpu, Error **errp)
597 CPUClass *cc = CPU_GET_CLASS(cpu);
599 Error *local_err = NULL;
601 #ifndef CONFIG_USER_ONLY
602 cpu->as = &address_space_memory;
603 cpu->thread_id = qemu_get_thread_id();
606 #if defined(CONFIG_USER_ONLY)
609 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
611 error_propagate(errp, local_err);
612 #if defined(CONFIG_USER_ONLY)
617 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
618 #if defined(CONFIG_USER_ONLY)
621 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
622 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
624 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
625 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
626 cpu_save, cpu_load, cpu->env_ptr);
627 assert(cc->vmsd == NULL);
628 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
630 if (cc->vmsd != NULL) {
631 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
635 #if defined(CONFIG_USER_ONLY)
636 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
638 tb_invalidate_phys_page_range(pc, pc + 1, 0);
641 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
643 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
645 tb_invalidate_phys_addr(cpu->as,
646 phys | (pc & ~TARGET_PAGE_MASK));
651 #if defined(CONFIG_USER_ONLY)
652 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
657 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
663 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
667 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
668 int flags, CPUWatchpoint **watchpoint)
673 /* Add a watchpoint. */
674 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
675 int flags, CPUWatchpoint **watchpoint)
679 /* forbid ranges which are empty or run off the end of the address space */
680 if (len == 0 || (addr + len - 1) < addr) {
681 error_report("tried to set invalid watchpoint at %"
682 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
685 wp = g_malloc(sizeof(*wp));
691 /* keep all GDB-injected watchpoints in front */
692 if (flags & BP_GDB) {
693 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
695 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
698 tlb_flush_page(cpu, addr);
705 /* Remove a specific watchpoint. */
706 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
711 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
712 if (addr == wp->vaddr && len == wp->len
713 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
714 cpu_watchpoint_remove_by_ref(cpu, wp);
721 /* Remove a specific watchpoint by reference. */
722 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
724 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
726 tlb_flush_page(cpu, watchpoint->vaddr);
731 /* Remove all matching watchpoints. */
732 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
734 CPUWatchpoint *wp, *next;
736 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
737 if (wp->flags & mask) {
738 cpu_watchpoint_remove_by_ref(cpu, wp);
743 /* Return true if this watchpoint address matches the specified
744 * access (ie the address range covered by the watchpoint overlaps
745 * partially or completely with the address range covered by the
748 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
752 /* We know the lengths are non-zero, but a little caution is
753 * required to avoid errors in the case where the range ends
754 * exactly at the top of the address space and so addr + len
755 * wraps round to zero.
757 vaddr wpend = wp->vaddr + wp->len - 1;
758 vaddr addrend = addr + len - 1;
760 return !(addr > wpend || wp->vaddr > addrend);
765 /* Add a breakpoint. */
766 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
767 CPUBreakpoint **breakpoint)
771 bp = g_malloc(sizeof(*bp));
776 /* keep all GDB-injected breakpoints in front */
777 if (flags & BP_GDB) {
778 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
780 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
783 breakpoint_invalidate(cpu, pc);
791 /* Remove a specific breakpoint. */
792 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
796 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
797 if (bp->pc == pc && bp->flags == flags) {
798 cpu_breakpoint_remove_by_ref(cpu, bp);
805 /* Remove a specific breakpoint by reference. */
806 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
808 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
810 breakpoint_invalidate(cpu, breakpoint->pc);
815 /* Remove all matching breakpoints. */
816 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
818 CPUBreakpoint *bp, *next;
820 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
821 if (bp->flags & mask) {
822 cpu_breakpoint_remove_by_ref(cpu, bp);
827 /* enable or disable single step mode. EXCP_DEBUG is returned by the
828 CPU loop after each instruction */
829 void cpu_single_step(CPUState *cpu, int enabled)
831 if (cpu->singlestep_enabled != enabled) {
832 cpu->singlestep_enabled = enabled;
834 kvm_update_guest_debug(cpu, 0);
836 /* must flush all the translated code to avoid inconsistencies */
837 /* XXX: only flush what is necessary */
843 void cpu_abort(CPUState *cpu, const char *fmt, ...)
850 fprintf(stderr, "qemu: fatal: ");
851 vfprintf(stderr, fmt, ap);
852 fprintf(stderr, "\n");
853 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
854 if (qemu_log_enabled()) {
855 qemu_log("qemu: fatal: ");
856 qemu_log_vprintf(fmt, ap2);
858 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
864 #if defined(CONFIG_USER_ONLY)
866 struct sigaction act;
867 sigfillset(&act.sa_mask);
868 act.sa_handler = SIG_DFL;
869 sigaction(SIGABRT, &act, NULL);
875 #if !defined(CONFIG_USER_ONLY)
876 /* Called from RCU critical section */
877 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
881 block = atomic_rcu_read(&ram_list.mru_block);
882 if (block && addr - block->offset < block->max_length) {
885 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
886 if (addr - block->offset < block->max_length) {
891 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
895 /* It is safe to write mru_block outside the iothread lock. This
900 * xxx removed from list
904 * call_rcu(reclaim_ramblock, xxx);
907 * atomic_rcu_set is not needed here. The block was already published
908 * when it was placed into the list. Here we're just making an extra
909 * copy of the pointer.
911 ram_list.mru_block = block;
915 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
922 end = TARGET_PAGE_ALIGN(start + length);
923 start &= TARGET_PAGE_MASK;
926 block = qemu_get_ram_block(start);
927 assert(block == qemu_get_ram_block(end - 1));
928 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
930 tlb_reset_dirty(cpu, start1, length);
935 /* Note: start and end must be within the same ram block. */
936 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
940 unsigned long end, page;
947 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
948 page = start >> TARGET_PAGE_BITS;
949 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
952 if (dirty && tcg_enabled()) {
953 tlb_reset_dirty_range_all(start, length);
959 /* Called from RCU critical section */
960 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
961 MemoryRegionSection *section,
963 hwaddr paddr, hwaddr xlat,
965 target_ulong *address)
970 if (memory_region_is_ram(section->mr)) {
972 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
974 if (!section->readonly) {
975 iotlb |= PHYS_SECTION_NOTDIRTY;
977 iotlb |= PHYS_SECTION_ROM;
980 AddressSpaceDispatch *d;
982 d = atomic_rcu_read(§ion->address_space->dispatch);
983 iotlb = section - d->map.sections;
987 /* Make accesses to pages with watchpoints go via the
988 watchpoint trap routines. */
989 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
990 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
991 /* Avoid trapping reads of pages with a write breakpoint. */
992 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
993 iotlb = PHYS_SECTION_WATCH + paddr;
994 *address |= TLB_MMIO;
1002 #endif /* defined(CONFIG_USER_ONLY) */
1004 #if !defined(CONFIG_USER_ONLY)
1006 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1008 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1010 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1011 qemu_anon_ram_alloc;
1014 * Set a custom physical guest memory alloator.
1015 * Accelerators with unusual needs may need this. Hopefully, we can
1016 * get rid of it eventually.
1018 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1020 phys_mem_alloc = alloc;
1023 static uint16_t phys_section_add(PhysPageMap *map,
1024 MemoryRegionSection *section)
1026 /* The physical section number is ORed with a page-aligned
1027 * pointer to produce the iotlb entries. Thus it should
1028 * never overflow into the page-aligned value.
1030 assert(map->sections_nb < TARGET_PAGE_SIZE);
1032 if (map->sections_nb == map->sections_nb_alloc) {
1033 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1034 map->sections = g_renew(MemoryRegionSection, map->sections,
1035 map->sections_nb_alloc);
1037 map->sections[map->sections_nb] = *section;
1038 memory_region_ref(section->mr);
1039 return map->sections_nb++;
1042 static void phys_section_destroy(MemoryRegion *mr)
1044 memory_region_unref(mr);
1047 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1048 object_unref(OBJECT(&subpage->iomem));
1053 static void phys_sections_free(PhysPageMap *map)
1055 while (map->sections_nb > 0) {
1056 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1057 phys_section_destroy(section->mr);
1059 g_free(map->sections);
1063 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1066 hwaddr base = section->offset_within_address_space
1068 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1069 d->map.nodes, d->map.sections);
1070 MemoryRegionSection subsection = {
1071 .offset_within_address_space = base,
1072 .size = int128_make64(TARGET_PAGE_SIZE),
1076 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1078 if (!(existing->mr->subpage)) {
1079 subpage = subpage_init(d->as, base);
1080 subsection.address_space = d->as;
1081 subsection.mr = &subpage->iomem;
1082 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1083 phys_section_add(&d->map, &subsection));
1085 subpage = container_of(existing->mr, subpage_t, iomem);
1087 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1088 end = start + int128_get64(section->size) - 1;
1089 subpage_register(subpage, start, end,
1090 phys_section_add(&d->map, section));
1094 static void register_multipage(AddressSpaceDispatch *d,
1095 MemoryRegionSection *section)
1097 hwaddr start_addr = section->offset_within_address_space;
1098 uint16_t section_index = phys_section_add(&d->map, section);
1099 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1103 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1106 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1108 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1109 AddressSpaceDispatch *d = as->next_dispatch;
1110 MemoryRegionSection now = *section, remain = *section;
1111 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1113 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1114 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1115 - now.offset_within_address_space;
1117 now.size = int128_min(int128_make64(left), now.size);
1118 register_subpage(d, &now);
1120 now.size = int128_zero();
1122 while (int128_ne(remain.size, now.size)) {
1123 remain.size = int128_sub(remain.size, now.size);
1124 remain.offset_within_address_space += int128_get64(now.size);
1125 remain.offset_within_region += int128_get64(now.size);
1127 if (int128_lt(remain.size, page_size)) {
1128 register_subpage(d, &now);
1129 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1130 now.size = page_size;
1131 register_subpage(d, &now);
1133 now.size = int128_and(now.size, int128_neg(page_size));
1134 register_multipage(d, &now);
1139 void qemu_flush_coalesced_mmio_buffer(void)
1142 kvm_flush_coalesced_mmio_buffer();
1145 void qemu_mutex_lock_ramlist(void)
1147 qemu_mutex_lock(&ram_list.mutex);
1150 void qemu_mutex_unlock_ramlist(void)
1152 qemu_mutex_unlock(&ram_list.mutex);
1157 #include <sys/vfs.h>
1159 #define HUGETLBFS_MAGIC 0x958458f6
1161 static long gethugepagesize(const char *path, Error **errp)
1167 ret = statfs(path, &fs);
1168 } while (ret != 0 && errno == EINTR);
1171 error_setg_errno(errp, errno, "failed to get page size of file %s",
1176 if (fs.f_type != HUGETLBFS_MAGIC)
1177 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1182 static void *file_ram_alloc(RAMBlock *block,
1188 char *sanitized_name;
1195 Error *local_err = NULL;
1198 hpagesize = gethugepagesize(path, &local_err);
1200 error_propagate(errp, local_err);
1203 block->mr->align = hpagesize;
1205 if (memory < hpagesize) {
1206 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1207 "or larger than huge page size 0x%" PRIx64,
1212 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1214 "host lacks kvm mmu notifiers, -mem-path unsupported");
1218 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1219 sanitized_name = g_strdup(memory_region_name(block->mr));
1220 for (c = sanitized_name; *c != '\0'; c++) {
1225 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1227 g_free(sanitized_name);
1229 fd = mkstemp(filename);
1231 error_setg_errno(errp, errno,
1232 "unable to create backing store for hugepages");
1239 memory = ROUND_UP(memory, hpagesize);
1240 total = memory + hpagesize;
1243 * ftruncate is not supported by hugetlbfs in older
1244 * hosts, so don't bother bailing out on errors.
1245 * If anything goes wrong with it under other filesystems,
1248 if (ftruncate(fd, memory)) {
1249 perror("ftruncate");
1252 ptr = mmap(0, total, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS,
1254 if (ptr == MAP_FAILED) {
1255 error_setg_errno(errp, errno,
1256 "unable to allocate memory range for hugepages");
1261 offset = QEMU_ALIGN_UP((uintptr_t)ptr, hpagesize) - (uintptr_t)ptr;
1263 area = mmap(ptr + offset, memory, PROT_READ | PROT_WRITE,
1264 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE) |
1267 if (area == MAP_FAILED) {
1268 error_setg_errno(errp, errno,
1269 "unable to map backing store for hugepages");
1276 munmap(ptr, offset);
1281 if (total > memory + getpagesize()) {
1282 munmap(ptr + memory + getpagesize(),
1283 total - memory - getpagesize());
1287 os_mem_prealloc(fd, area, memory);
1295 error_report("%s", error_get_pretty(*errp));
1302 /* Called with the ramlist lock held. */
1303 static ram_addr_t find_ram_offset(ram_addr_t size)
1305 RAMBlock *block, *next_block;
1306 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1308 assert(size != 0); /* it would hand out same offset multiple times */
1310 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1314 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1315 ram_addr_t end, next = RAM_ADDR_MAX;
1317 end = block->offset + block->max_length;
1319 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1320 if (next_block->offset >= end) {
1321 next = MIN(next, next_block->offset);
1324 if (next - end >= size && next - end < mingap) {
1326 mingap = next - end;
1330 if (offset == RAM_ADDR_MAX) {
1331 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1339 ram_addr_t last_ram_offset(void)
1342 ram_addr_t last = 0;
1345 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1346 last = MAX(last, block->offset + block->max_length);
1352 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1356 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1357 if (!machine_dump_guest_core(current_machine)) {
1358 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1360 perror("qemu_madvise");
1361 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1362 "but dump_guest_core=off specified\n");
1367 /* Called within an RCU critical section, or while the ramlist lock
1370 static RAMBlock *find_ram_block(ram_addr_t addr)
1374 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1375 if (block->offset == addr) {
1383 /* Called with iothread lock held. */
1384 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1386 RAMBlock *new_block, *block;
1389 new_block = find_ram_block(addr);
1391 assert(!new_block->idstr[0]);
1394 char *id = qdev_get_dev_path(dev);
1396 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1400 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1402 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1403 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1404 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1412 /* Called with iothread lock held. */
1413 void qemu_ram_unset_idstr(ram_addr_t addr)
1417 /* FIXME: arch_init.c assumes that this is not called throughout
1418 * migration. Ignore the problem since hot-unplug during migration
1419 * does not work anyway.
1423 block = find_ram_block(addr);
1425 memset(block->idstr, 0, sizeof(block->idstr));
1430 static int memory_try_enable_merging(void *addr, size_t len)
1432 if (!machine_mem_merge(current_machine)) {
1433 /* disabled by the user */
1437 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1440 /* Only legal before guest might have detected the memory size: e.g. on
1441 * incoming migration, or right after reset.
1443 * As memory core doesn't know how is memory accessed, it is up to
1444 * resize callback to update device state and/or add assertions to detect
1445 * misuse, if necessary.
1447 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1449 RAMBlock *block = find_ram_block(base);
1453 newsize = TARGET_PAGE_ALIGN(newsize);
1455 if (block->used_length == newsize) {
1459 if (!(block->flags & RAM_RESIZEABLE)) {
1460 error_setg_errno(errp, EINVAL,
1461 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1462 " in != 0x" RAM_ADDR_FMT, block->idstr,
1463 newsize, block->used_length);
1467 if (block->max_length < newsize) {
1468 error_setg_errno(errp, EINVAL,
1469 "Length too large: %s: 0x" RAM_ADDR_FMT
1470 " > 0x" RAM_ADDR_FMT, block->idstr,
1471 newsize, block->max_length);
1475 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1476 block->used_length = newsize;
1477 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1479 memory_region_set_size(block->mr, newsize);
1480 if (block->resized) {
1481 block->resized(block->idstr, newsize, block->host);
1486 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1489 RAMBlock *last_block = NULL;
1490 ram_addr_t old_ram_size, new_ram_size;
1492 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1494 qemu_mutex_lock_ramlist();
1495 new_block->offset = find_ram_offset(new_block->max_length);
1497 if (!new_block->host) {
1498 if (xen_enabled()) {
1499 xen_ram_alloc(new_block->offset, new_block->max_length,
1502 new_block->host = phys_mem_alloc(new_block->max_length,
1503 &new_block->mr->align);
1504 if (!new_block->host) {
1505 error_setg_errno(errp, errno,
1506 "cannot set up guest memory '%s'",
1507 memory_region_name(new_block->mr));
1508 qemu_mutex_unlock_ramlist();
1511 memory_try_enable_merging(new_block->host, new_block->max_length);
1515 new_ram_size = MAX(old_ram_size,
1516 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1517 if (new_ram_size > old_ram_size) {
1518 migration_bitmap_extend(old_ram_size, new_ram_size);
1520 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1521 * QLIST (which has an RCU-friendly variant) does not have insertion at
1522 * tail, so save the last element in last_block.
1524 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1526 if (block->max_length < new_block->max_length) {
1531 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1532 } else if (last_block) {
1533 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1534 } else { /* list is empty */
1535 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1537 ram_list.mru_block = NULL;
1539 /* Write list before version */
1542 qemu_mutex_unlock_ramlist();
1544 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1546 if (new_ram_size > old_ram_size) {
1549 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1550 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1551 ram_list.dirty_memory[i] =
1552 bitmap_zero_extend(ram_list.dirty_memory[i],
1553 old_ram_size, new_ram_size);
1556 cpu_physical_memory_set_dirty_range(new_block->offset,
1557 new_block->used_length,
1560 if (new_block->host) {
1561 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1562 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1563 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1564 if (kvm_enabled()) {
1565 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1569 return new_block->offset;
1573 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1574 bool share, const char *mem_path,
1577 RAMBlock *new_block;
1579 Error *local_err = NULL;
1581 if (xen_enabled()) {
1582 error_setg(errp, "-mem-path not supported with Xen");
1586 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1588 * file_ram_alloc() needs to allocate just like
1589 * phys_mem_alloc, but we haven't bothered to provide
1593 "-mem-path not supported with this accelerator");
1597 size = TARGET_PAGE_ALIGN(size);
1598 new_block = g_malloc0(sizeof(*new_block));
1600 new_block->used_length = size;
1601 new_block->max_length = size;
1602 new_block->flags = share ? RAM_SHARED : 0;
1603 new_block->flags |= RAM_EXTRA;
1604 new_block->host = file_ram_alloc(new_block, size,
1606 if (!new_block->host) {
1611 addr = ram_block_add(new_block, &local_err);
1614 error_propagate(errp, local_err);
1622 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1623 void (*resized)(const char*,
1626 void *host, bool resizeable,
1627 MemoryRegion *mr, Error **errp)
1629 RAMBlock *new_block;
1631 Error *local_err = NULL;
1633 size = TARGET_PAGE_ALIGN(size);
1634 max_size = TARGET_PAGE_ALIGN(max_size);
1635 new_block = g_malloc0(sizeof(*new_block));
1637 new_block->resized = resized;
1638 new_block->used_length = size;
1639 new_block->max_length = max_size;
1640 assert(max_size >= size);
1642 new_block->host = host;
1644 new_block->flags |= RAM_PREALLOC;
1647 new_block->flags |= RAM_RESIZEABLE;
1649 addr = ram_block_add(new_block, &local_err);
1652 error_propagate(errp, local_err);
1658 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1659 MemoryRegion *mr, Error **errp)
1661 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1664 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1666 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1669 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1670 void (*resized)(const char*,
1673 MemoryRegion *mr, Error **errp)
1675 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1678 void qemu_ram_free_from_ptr(ram_addr_t addr)
1682 qemu_mutex_lock_ramlist();
1683 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1684 if (addr == block->offset) {
1685 QLIST_REMOVE_RCU(block, next);
1686 ram_list.mru_block = NULL;
1687 /* Write list before version */
1690 g_free_rcu(block, rcu);
1694 qemu_mutex_unlock_ramlist();
1697 static void reclaim_ramblock(RAMBlock *block)
1699 if (block->flags & RAM_PREALLOC) {
1701 } else if (xen_enabled()) {
1702 xen_invalidate_map_cache_entry(block->host);
1704 } else if (block->fd >= 0) {
1705 if (block->flags & RAM_EXTRA) {
1706 munmap(block->host, block->max_length + getpagesize());
1708 munmap(block->host, block->max_length);
1713 qemu_anon_ram_free(block->host, block->max_length);
1718 void qemu_ram_free(ram_addr_t addr)
1722 qemu_mutex_lock_ramlist();
1723 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1724 if (addr == block->offset) {
1725 QLIST_REMOVE_RCU(block, next);
1726 ram_list.mru_block = NULL;
1727 /* Write list before version */
1730 call_rcu(block, reclaim_ramblock, rcu);
1734 qemu_mutex_unlock_ramlist();
1738 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1745 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1746 offset = addr - block->offset;
1747 if (offset < block->max_length) {
1748 vaddr = ramblock_ptr(block, offset);
1749 if (block->flags & RAM_PREALLOC) {
1751 } else if (xen_enabled()) {
1755 if (block->fd >= 0) {
1756 flags |= (block->flags & RAM_SHARED ?
1757 MAP_SHARED : MAP_PRIVATE);
1758 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1759 flags, block->fd, offset);
1762 * Remap needs to match alloc. Accelerators that
1763 * set phys_mem_alloc never remap. If they did,
1764 * we'd need a remap hook here.
1766 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1768 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1769 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1772 if (area != vaddr) {
1773 fprintf(stderr, "Could not remap addr: "
1774 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1778 memory_try_enable_merging(vaddr, length);
1779 qemu_ram_setup_dump(vaddr, length);
1784 #endif /* !_WIN32 */
1786 int qemu_get_ram_fd(ram_addr_t addr)
1792 block = qemu_get_ram_block(addr);
1798 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1804 block = qemu_get_ram_block(addr);
1805 ptr = ramblock_ptr(block, 0);
1810 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1811 * This should not be used for general purpose DMA. Use address_space_map
1812 * or address_space_rw instead. For local memory (e.g. video ram) that the
1813 * device owns, use memory_region_get_ram_ptr.
1815 * By the time this function returns, the returned pointer is not protected
1816 * by RCU anymore. If the caller is not within an RCU critical section and
1817 * does not hold the iothread lock, it must have other means of protecting the
1818 * pointer, such as a reference to the region that includes the incoming
1821 void *qemu_get_ram_ptr(ram_addr_t addr)
1827 block = qemu_get_ram_block(addr);
1829 if (xen_enabled() && block->host == NULL) {
1830 /* We need to check if the requested address is in the RAM
1831 * because we don't want to map the entire memory in QEMU.
1832 * In that case just map until the end of the page.
1834 if (block->offset == 0) {
1835 ptr = xen_map_cache(addr, 0, 0);
1839 block->host = xen_map_cache(block->offset, block->max_length, 1);
1841 ptr = ramblock_ptr(block, addr - block->offset);
1848 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1849 * but takes a size argument.
1851 * By the time this function returns, the returned pointer is not protected
1852 * by RCU anymore. If the caller is not within an RCU critical section and
1853 * does not hold the iothread lock, it must have other means of protecting the
1854 * pointer, such as a reference to the region that includes the incoming
1857 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1863 if (xen_enabled()) {
1864 return xen_map_cache(addr, *size, 1);
1868 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1869 if (addr - block->offset < block->max_length) {
1870 if (addr - block->offset + *size > block->max_length)
1871 *size = block->max_length - addr + block->offset;
1872 ptr = ramblock_ptr(block, addr - block->offset);
1878 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1883 /* Some of the softmmu routines need to translate from a host pointer
1884 * (typically a TLB entry) back to a ram offset.
1886 * By the time this function returns, the returned pointer is not protected
1887 * by RCU anymore. If the caller is not within an RCU critical section and
1888 * does not hold the iothread lock, it must have other means of protecting the
1889 * pointer, such as a reference to the region that includes the incoming
1892 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1895 uint8_t *host = ptr;
1898 if (xen_enabled()) {
1900 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1901 mr = qemu_get_ram_block(*ram_addr)->mr;
1907 block = atomic_rcu_read(&ram_list.mru_block);
1908 if (block && block->host && host - block->host < block->max_length) {
1912 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1913 /* This case append when the block is not mapped. */
1914 if (block->host == NULL) {
1917 if (host - block->host < block->max_length) {
1926 *ram_addr = block->offset + (host - block->host);
1932 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1933 uint64_t val, unsigned size)
1935 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1936 tb_invalidate_phys_page_fast(ram_addr, size);
1940 stb_p(qemu_get_ram_ptr(ram_addr), val);
1943 stw_p(qemu_get_ram_ptr(ram_addr), val);
1946 stl_p(qemu_get_ram_ptr(ram_addr), val);
1951 /* Set both VGA and migration bits for simplicity and to remove
1952 * the notdirty callback faster.
1954 cpu_physical_memory_set_dirty_range(ram_addr, size,
1955 DIRTY_CLIENTS_NOCODE);
1956 /* we remove the notdirty callback only if the code has been
1958 if (!cpu_physical_memory_is_clean(ram_addr)) {
1959 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1963 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1964 unsigned size, bool is_write)
1969 static const MemoryRegionOps notdirty_mem_ops = {
1970 .write = notdirty_mem_write,
1971 .valid.accepts = notdirty_mem_accepts,
1972 .endianness = DEVICE_NATIVE_ENDIAN,
1975 /* Generate a debug exception if a watchpoint has been hit. */
1976 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1978 CPUState *cpu = current_cpu;
1979 CPUArchState *env = cpu->env_ptr;
1980 target_ulong pc, cs_base;
1985 if (cpu->watchpoint_hit) {
1986 /* We re-entered the check after replacing the TB. Now raise
1987 * the debug interrupt so that is will trigger after the
1988 * current instruction. */
1989 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1992 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1993 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1994 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1995 && (wp->flags & flags)) {
1996 if (flags == BP_MEM_READ) {
1997 wp->flags |= BP_WATCHPOINT_HIT_READ;
1999 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2001 wp->hitaddr = vaddr;
2002 wp->hitattrs = attrs;
2003 if (!cpu->watchpoint_hit) {
2004 cpu->watchpoint_hit = wp;
2005 tb_check_watchpoint(cpu);
2006 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2007 cpu->exception_index = EXCP_DEBUG;
2010 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2011 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2012 cpu_resume_from_signal(cpu, NULL);
2016 wp->flags &= ~BP_WATCHPOINT_HIT;
2021 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2022 so these check for a hit then pass through to the normal out-of-line
2024 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2025 unsigned size, MemTxAttrs attrs)
2030 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2033 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2036 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2039 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2047 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2048 uint64_t val, unsigned size,
2053 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2056 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2059 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2062 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2069 static const MemoryRegionOps watch_mem_ops = {
2070 .read_with_attrs = watch_mem_read,
2071 .write_with_attrs = watch_mem_write,
2072 .endianness = DEVICE_NATIVE_ENDIAN,
2075 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2076 unsigned len, MemTxAttrs attrs)
2078 subpage_t *subpage = opaque;
2082 #if defined(DEBUG_SUBPAGE)
2083 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2084 subpage, len, addr);
2086 res = address_space_read(subpage->as, addr + subpage->base,
2093 *data = ldub_p(buf);
2096 *data = lduw_p(buf);
2109 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2110 uint64_t value, unsigned len, MemTxAttrs attrs)
2112 subpage_t *subpage = opaque;
2115 #if defined(DEBUG_SUBPAGE)
2116 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2117 " value %"PRIx64"\n",
2118 __func__, subpage, len, addr, value);
2136 return address_space_write(subpage->as, addr + subpage->base,
2140 static bool subpage_accepts(void *opaque, hwaddr addr,
2141 unsigned len, bool is_write)
2143 subpage_t *subpage = opaque;
2144 #if defined(DEBUG_SUBPAGE)
2145 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2146 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2149 return address_space_access_valid(subpage->as, addr + subpage->base,
2153 static const MemoryRegionOps subpage_ops = {
2154 .read_with_attrs = subpage_read,
2155 .write_with_attrs = subpage_write,
2156 .impl.min_access_size = 1,
2157 .impl.max_access_size = 8,
2158 .valid.min_access_size = 1,
2159 .valid.max_access_size = 8,
2160 .valid.accepts = subpage_accepts,
2161 .endianness = DEVICE_NATIVE_ENDIAN,
2164 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2169 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2171 idx = SUBPAGE_IDX(start);
2172 eidx = SUBPAGE_IDX(end);
2173 #if defined(DEBUG_SUBPAGE)
2174 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2175 __func__, mmio, start, end, idx, eidx, section);
2177 for (; idx <= eidx; idx++) {
2178 mmio->sub_section[idx] = section;
2184 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2188 mmio = g_malloc0(sizeof(subpage_t));
2192 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2193 NULL, TARGET_PAGE_SIZE);
2194 mmio->iomem.subpage = true;
2195 #if defined(DEBUG_SUBPAGE)
2196 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2197 mmio, base, TARGET_PAGE_SIZE);
2199 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2204 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2208 MemoryRegionSection section = {
2209 .address_space = as,
2211 .offset_within_address_space = 0,
2212 .offset_within_region = 0,
2213 .size = int128_2_64(),
2216 return phys_section_add(map, §ion);
2219 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2221 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2222 MemoryRegionSection *sections = d->map.sections;
2224 return sections[index & ~TARGET_PAGE_MASK].mr;
2227 static void io_mem_init(void)
2229 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2230 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2232 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2234 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2238 static void mem_begin(MemoryListener *listener)
2240 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2241 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2244 n = dummy_section(&d->map, as, &io_mem_unassigned);
2245 assert(n == PHYS_SECTION_UNASSIGNED);
2246 n = dummy_section(&d->map, as, &io_mem_notdirty);
2247 assert(n == PHYS_SECTION_NOTDIRTY);
2248 n = dummy_section(&d->map, as, &io_mem_rom);
2249 assert(n == PHYS_SECTION_ROM);
2250 n = dummy_section(&d->map, as, &io_mem_watch);
2251 assert(n == PHYS_SECTION_WATCH);
2253 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2255 as->next_dispatch = d;
2258 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2260 phys_sections_free(&d->map);
2264 static void mem_commit(MemoryListener *listener)
2266 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2267 AddressSpaceDispatch *cur = as->dispatch;
2268 AddressSpaceDispatch *next = as->next_dispatch;
2270 phys_page_compact_all(next, next->map.nodes_nb);
2272 atomic_rcu_set(&as->dispatch, next);
2274 call_rcu(cur, address_space_dispatch_free, rcu);
2278 static void tcg_commit(MemoryListener *listener)
2282 /* since each CPU stores ram addresses in its TLB cache, we must
2283 reset the modified entries */
2286 /* FIXME: Disentangle the cpu.h circular files deps so we can
2287 directly get the right CPU from listener. */
2288 if (cpu->tcg_as_listener != listener) {
2291 cpu_reload_memory_map(cpu);
2295 void address_space_init_dispatch(AddressSpace *as)
2297 as->dispatch = NULL;
2298 as->dispatch_listener = (MemoryListener) {
2300 .commit = mem_commit,
2301 .region_add = mem_add,
2302 .region_nop = mem_add,
2305 memory_listener_register(&as->dispatch_listener, as);
2308 void address_space_unregister(AddressSpace *as)
2310 memory_listener_unregister(&as->dispatch_listener);
2313 void address_space_destroy_dispatch(AddressSpace *as)
2315 AddressSpaceDispatch *d = as->dispatch;
2317 atomic_rcu_set(&as->dispatch, NULL);
2319 call_rcu(d, address_space_dispatch_free, rcu);
2323 static void memory_map_init(void)
2325 system_memory = g_malloc(sizeof(*system_memory));
2327 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2328 address_space_init(&address_space_memory, system_memory, "memory");
2330 system_io = g_malloc(sizeof(*system_io));
2331 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2333 address_space_init(&address_space_io, system_io, "I/O");
2336 MemoryRegion *get_system_memory(void)
2338 return system_memory;
2341 MemoryRegion *get_system_io(void)
2346 #endif /* !defined(CONFIG_USER_ONLY) */
2348 /* physical memory access (slow version, mainly for debug) */
2349 #if defined(CONFIG_USER_ONLY)
2350 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2351 uint8_t *buf, int len, int is_write)
2358 page = addr & TARGET_PAGE_MASK;
2359 l = (page + TARGET_PAGE_SIZE) - addr;
2362 flags = page_get_flags(page);
2363 if (!(flags & PAGE_VALID))
2366 if (!(flags & PAGE_WRITE))
2368 /* XXX: this code should not depend on lock_user */
2369 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2372 unlock_user(p, addr, l);
2374 if (!(flags & PAGE_READ))
2376 /* XXX: this code should not depend on lock_user */
2377 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2380 unlock_user(p, addr, 0);
2391 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2394 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2395 /* No early return if dirty_log_mask is or becomes 0, because
2396 * cpu_physical_memory_set_dirty_range will still call
2397 * xen_modified_memory.
2399 if (dirty_log_mask) {
2401 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2403 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2404 tb_invalidate_phys_range(addr, addr + length);
2405 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2407 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2410 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2412 unsigned access_size_max = mr->ops->valid.max_access_size;
2414 /* Regions are assumed to support 1-4 byte accesses unless
2415 otherwise specified. */
2416 if (access_size_max == 0) {
2417 access_size_max = 4;
2420 /* Bound the maximum access by the alignment of the address. */
2421 if (!mr->ops->impl.unaligned) {
2422 unsigned align_size_max = addr & -addr;
2423 if (align_size_max != 0 && align_size_max < access_size_max) {
2424 access_size_max = align_size_max;
2428 /* Don't attempt accesses larger than the maximum. */
2429 if (l > access_size_max) {
2430 l = access_size_max;
2437 static bool prepare_mmio_access(MemoryRegion *mr)
2439 bool unlocked = !qemu_mutex_iothread_locked();
2440 bool release_lock = false;
2442 if (unlocked && mr->global_locking) {
2443 qemu_mutex_lock_iothread();
2445 release_lock = true;
2447 if (mr->flush_coalesced_mmio) {
2449 qemu_mutex_lock_iothread();
2451 qemu_flush_coalesced_mmio_buffer();
2453 qemu_mutex_unlock_iothread();
2457 return release_lock;
2460 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2461 uint8_t *buf, int len, bool is_write)
2468 MemTxResult result = MEMTX_OK;
2469 bool release_lock = false;
2474 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2477 if (!memory_access_is_direct(mr, is_write)) {
2478 release_lock |= prepare_mmio_access(mr);
2479 l = memory_access_size(mr, l, addr1);
2480 /* XXX: could force current_cpu to NULL to avoid
2484 /* 64 bit write access */
2486 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2490 /* 32 bit write access */
2492 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2496 /* 16 bit write access */
2498 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2502 /* 8 bit write access */
2504 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2511 addr1 += memory_region_get_ram_addr(mr);
2513 ptr = qemu_get_ram_ptr(addr1);
2514 memcpy(ptr, buf, l);
2515 invalidate_and_set_dirty(mr, addr1, l);
2518 if (!memory_access_is_direct(mr, is_write)) {
2520 release_lock |= prepare_mmio_access(mr);
2521 l = memory_access_size(mr, l, addr1);
2524 /* 64 bit read access */
2525 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2530 /* 32 bit read access */
2531 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2536 /* 16 bit read access */
2537 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2542 /* 8 bit read access */
2543 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2552 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2553 memcpy(buf, ptr, l);
2558 qemu_mutex_unlock_iothread();
2559 release_lock = false;
2571 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2572 const uint8_t *buf, int len)
2574 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2577 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2578 uint8_t *buf, int len)
2580 return address_space_rw(as, addr, attrs, buf, len, false);
2584 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2585 int len, int is_write)
2587 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2588 buf, len, is_write);
2591 enum write_rom_type {
2596 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2597 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2607 mr = address_space_translate(as, addr, &addr1, &l, true);
2609 if (!(memory_region_is_ram(mr) ||
2610 memory_region_is_romd(mr))) {
2611 l = memory_access_size(mr, l, addr1);
2613 addr1 += memory_region_get_ram_addr(mr);
2615 ptr = qemu_get_ram_ptr(addr1);
2618 memcpy(ptr, buf, l);
2619 invalidate_and_set_dirty(mr, addr1, l);
2622 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2633 /* used for ROM loading : can write in RAM and ROM */
2634 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2635 const uint8_t *buf, int len)
2637 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2640 void cpu_flush_icache_range(hwaddr start, int len)
2643 * This function should do the same thing as an icache flush that was
2644 * triggered from within the guest. For TCG we are always cache coherent,
2645 * so there is no need to flush anything. For KVM / Xen we need to flush
2646 * the host's instruction cache at least.
2648 if (tcg_enabled()) {
2652 cpu_physical_memory_write_rom_internal(&address_space_memory,
2653 start, NULL, len, FLUSH_CACHE);
2664 static BounceBuffer bounce;
2666 typedef struct MapClient {
2668 QLIST_ENTRY(MapClient) link;
2671 QemuMutex map_client_list_lock;
2672 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2673 = QLIST_HEAD_INITIALIZER(map_client_list);
2675 static void cpu_unregister_map_client_do(MapClient *client)
2677 QLIST_REMOVE(client, link);
2681 static void cpu_notify_map_clients_locked(void)
2685 while (!QLIST_EMPTY(&map_client_list)) {
2686 client = QLIST_FIRST(&map_client_list);
2687 qemu_bh_schedule(client->bh);
2688 cpu_unregister_map_client_do(client);
2692 void cpu_register_map_client(QEMUBH *bh)
2694 MapClient *client = g_malloc(sizeof(*client));
2696 qemu_mutex_lock(&map_client_list_lock);
2698 QLIST_INSERT_HEAD(&map_client_list, client, link);
2699 if (!atomic_read(&bounce.in_use)) {
2700 cpu_notify_map_clients_locked();
2702 qemu_mutex_unlock(&map_client_list_lock);
2705 void cpu_exec_init_all(void)
2707 qemu_mutex_init(&ram_list.mutex);
2710 qemu_mutex_init(&map_client_list_lock);
2713 void cpu_unregister_map_client(QEMUBH *bh)
2717 qemu_mutex_lock(&map_client_list_lock);
2718 QLIST_FOREACH(client, &map_client_list, link) {
2719 if (client->bh == bh) {
2720 cpu_unregister_map_client_do(client);
2724 qemu_mutex_unlock(&map_client_list_lock);
2727 static void cpu_notify_map_clients(void)
2729 qemu_mutex_lock(&map_client_list_lock);
2730 cpu_notify_map_clients_locked();
2731 qemu_mutex_unlock(&map_client_list_lock);
2734 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2742 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2743 if (!memory_access_is_direct(mr, is_write)) {
2744 l = memory_access_size(mr, l, addr);
2745 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2757 /* Map a physical memory region into a host virtual address.
2758 * May map a subset of the requested range, given by and returned in *plen.
2759 * May return NULL if resources needed to perform the mapping are exhausted.
2760 * Use only for reads OR writes - not for read-modify-write operations.
2761 * Use cpu_register_map_client() to know when retrying the map operation is
2762 * likely to succeed.
2764 void *address_space_map(AddressSpace *as,
2771 hwaddr l, xlat, base;
2772 MemoryRegion *mr, *this_mr;
2781 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2783 if (!memory_access_is_direct(mr, is_write)) {
2784 if (atomic_xchg(&bounce.in_use, true)) {
2788 /* Avoid unbounded allocations */
2789 l = MIN(l, TARGET_PAGE_SIZE);
2790 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2794 memory_region_ref(mr);
2797 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2803 return bounce.buffer;
2807 raddr = memory_region_get_ram_addr(mr);
2818 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2819 if (this_mr != mr || xlat != base + done) {
2824 memory_region_ref(mr);
2827 return qemu_ram_ptr_length(raddr + base, plen);
2830 /* Unmaps a memory region previously mapped by address_space_map().
2831 * Will also mark the memory as dirty if is_write == 1. access_len gives
2832 * the amount of memory that was actually read or written by the caller.
2834 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2835 int is_write, hwaddr access_len)
2837 if (buffer != bounce.buffer) {
2841 mr = qemu_ram_addr_from_host(buffer, &addr1);
2844 invalidate_and_set_dirty(mr, addr1, access_len);
2846 if (xen_enabled()) {
2847 xen_invalidate_map_cache_entry(buffer);
2849 memory_region_unref(mr);
2853 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2854 bounce.buffer, access_len);
2856 qemu_vfree(bounce.buffer);
2857 bounce.buffer = NULL;
2858 memory_region_unref(bounce.mr);
2859 atomic_mb_set(&bounce.in_use, false);
2860 cpu_notify_map_clients();
2863 void *cpu_physical_memory_map(hwaddr addr,
2867 return address_space_map(&address_space_memory, addr, plen, is_write);
2870 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2871 int is_write, hwaddr access_len)
2873 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2876 /* warning: addr must be aligned */
2877 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2879 MemTxResult *result,
2880 enum device_endian endian)
2888 bool release_lock = false;
2891 mr = address_space_translate(as, addr, &addr1, &l, false);
2892 if (l < 4 || !memory_access_is_direct(mr, false)) {
2893 release_lock |= prepare_mmio_access(mr);
2896 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2897 #if defined(TARGET_WORDS_BIGENDIAN)
2898 if (endian == DEVICE_LITTLE_ENDIAN) {
2902 if (endian == DEVICE_BIG_ENDIAN) {
2908 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2912 case DEVICE_LITTLE_ENDIAN:
2913 val = ldl_le_p(ptr);
2915 case DEVICE_BIG_ENDIAN:
2916 val = ldl_be_p(ptr);
2928 qemu_mutex_unlock_iothread();
2934 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2935 MemTxAttrs attrs, MemTxResult *result)
2937 return address_space_ldl_internal(as, addr, attrs, result,
2938 DEVICE_NATIVE_ENDIAN);
2941 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2942 MemTxAttrs attrs, MemTxResult *result)
2944 return address_space_ldl_internal(as, addr, attrs, result,
2945 DEVICE_LITTLE_ENDIAN);
2948 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2949 MemTxAttrs attrs, MemTxResult *result)
2951 return address_space_ldl_internal(as, addr, attrs, result,
2955 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2957 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2960 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2962 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2965 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2967 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2970 /* warning: addr must be aligned */
2971 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2973 MemTxResult *result,
2974 enum device_endian endian)
2982 bool release_lock = false;
2985 mr = address_space_translate(as, addr, &addr1, &l,
2987 if (l < 8 || !memory_access_is_direct(mr, false)) {
2988 release_lock |= prepare_mmio_access(mr);
2991 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2992 #if defined(TARGET_WORDS_BIGENDIAN)
2993 if (endian == DEVICE_LITTLE_ENDIAN) {
2997 if (endian == DEVICE_BIG_ENDIAN) {
3003 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3007 case DEVICE_LITTLE_ENDIAN:
3008 val = ldq_le_p(ptr);
3010 case DEVICE_BIG_ENDIAN:
3011 val = ldq_be_p(ptr);
3023 qemu_mutex_unlock_iothread();
3029 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3030 MemTxAttrs attrs, MemTxResult *result)
3032 return address_space_ldq_internal(as, addr, attrs, result,
3033 DEVICE_NATIVE_ENDIAN);
3036 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3037 MemTxAttrs attrs, MemTxResult *result)
3039 return address_space_ldq_internal(as, addr, attrs, result,
3040 DEVICE_LITTLE_ENDIAN);
3043 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3044 MemTxAttrs attrs, MemTxResult *result)
3046 return address_space_ldq_internal(as, addr, attrs, result,
3050 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3052 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3055 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3057 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3060 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3062 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3066 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3067 MemTxAttrs attrs, MemTxResult *result)
3072 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3079 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3081 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3084 /* warning: addr must be aligned */
3085 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3088 MemTxResult *result,
3089 enum device_endian endian)
3097 bool release_lock = false;
3100 mr = address_space_translate(as, addr, &addr1, &l,
3102 if (l < 2 || !memory_access_is_direct(mr, false)) {
3103 release_lock |= prepare_mmio_access(mr);
3106 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3107 #if defined(TARGET_WORDS_BIGENDIAN)
3108 if (endian == DEVICE_LITTLE_ENDIAN) {
3112 if (endian == DEVICE_BIG_ENDIAN) {
3118 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3122 case DEVICE_LITTLE_ENDIAN:
3123 val = lduw_le_p(ptr);
3125 case DEVICE_BIG_ENDIAN:
3126 val = lduw_be_p(ptr);
3138 qemu_mutex_unlock_iothread();
3144 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3145 MemTxAttrs attrs, MemTxResult *result)
3147 return address_space_lduw_internal(as, addr, attrs, result,
3148 DEVICE_NATIVE_ENDIAN);
3151 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3152 MemTxAttrs attrs, MemTxResult *result)
3154 return address_space_lduw_internal(as, addr, attrs, result,
3155 DEVICE_LITTLE_ENDIAN);
3158 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3159 MemTxAttrs attrs, MemTxResult *result)
3161 return address_space_lduw_internal(as, addr, attrs, result,
3165 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3167 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3170 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3172 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3175 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3177 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3180 /* warning: addr must be aligned. The ram page is not masked as dirty
3181 and the code inside is not invalidated. It is useful if the dirty
3182 bits are used to track modified PTEs */
3183 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3184 MemTxAttrs attrs, MemTxResult *result)
3191 uint8_t dirty_log_mask;
3192 bool release_lock = false;
3195 mr = address_space_translate(as, addr, &addr1, &l,
3197 if (l < 4 || !memory_access_is_direct(mr, true)) {
3198 release_lock |= prepare_mmio_access(mr);
3200 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3202 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3203 ptr = qemu_get_ram_ptr(addr1);
3206 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3207 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3208 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3215 qemu_mutex_unlock_iothread();
3220 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3222 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3225 /* warning: addr must be aligned */
3226 static inline void address_space_stl_internal(AddressSpace *as,
3227 hwaddr addr, uint32_t val,
3229 MemTxResult *result,
3230 enum device_endian endian)
3237 bool release_lock = false;
3240 mr = address_space_translate(as, addr, &addr1, &l,
3242 if (l < 4 || !memory_access_is_direct(mr, true)) {
3243 release_lock |= prepare_mmio_access(mr);
3245 #if defined(TARGET_WORDS_BIGENDIAN)
3246 if (endian == DEVICE_LITTLE_ENDIAN) {
3250 if (endian == DEVICE_BIG_ENDIAN) {
3254 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3257 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3258 ptr = qemu_get_ram_ptr(addr1);
3260 case DEVICE_LITTLE_ENDIAN:
3263 case DEVICE_BIG_ENDIAN:
3270 invalidate_and_set_dirty(mr, addr1, 4);
3277 qemu_mutex_unlock_iothread();
3282 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs, MemTxResult *result)
3285 address_space_stl_internal(as, addr, val, attrs, result,
3286 DEVICE_NATIVE_ENDIAN);
3289 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
3292 address_space_stl_internal(as, addr, val, attrs, result,
3293 DEVICE_LITTLE_ENDIAN);
3296 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3297 MemTxAttrs attrs, MemTxResult *result)
3299 address_space_stl_internal(as, addr, val, attrs, result,
3303 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3305 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3308 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3310 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3313 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3315 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3319 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3320 MemTxAttrs attrs, MemTxResult *result)
3325 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3331 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3333 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3336 /* warning: addr must be aligned */
3337 static inline void address_space_stw_internal(AddressSpace *as,
3338 hwaddr addr, uint32_t val,
3340 MemTxResult *result,
3341 enum device_endian endian)
3348 bool release_lock = false;
3351 mr = address_space_translate(as, addr, &addr1, &l, true);
3352 if (l < 2 || !memory_access_is_direct(mr, true)) {
3353 release_lock |= prepare_mmio_access(mr);
3355 #if defined(TARGET_WORDS_BIGENDIAN)
3356 if (endian == DEVICE_LITTLE_ENDIAN) {
3360 if (endian == DEVICE_BIG_ENDIAN) {
3364 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3367 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3368 ptr = qemu_get_ram_ptr(addr1);
3370 case DEVICE_LITTLE_ENDIAN:
3373 case DEVICE_BIG_ENDIAN:
3380 invalidate_and_set_dirty(mr, addr1, 2);
3387 qemu_mutex_unlock_iothread();
3392 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3393 MemTxAttrs attrs, MemTxResult *result)
3395 address_space_stw_internal(as, addr, val, attrs, result,
3396 DEVICE_NATIVE_ENDIAN);
3399 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3400 MemTxAttrs attrs, MemTxResult *result)
3402 address_space_stw_internal(as, addr, val, attrs, result,
3403 DEVICE_LITTLE_ENDIAN);
3406 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3407 MemTxAttrs attrs, MemTxResult *result)
3409 address_space_stw_internal(as, addr, val, attrs, result,
3413 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3415 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3418 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3420 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3423 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3425 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3429 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3430 MemTxAttrs attrs, MemTxResult *result)
3434 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3440 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3441 MemTxAttrs attrs, MemTxResult *result)
3444 val = cpu_to_le64(val);
3445 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3450 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3451 MemTxAttrs attrs, MemTxResult *result)
3454 val = cpu_to_be64(val);
3455 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3461 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3463 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3466 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3468 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3471 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3473 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3476 /* virtual memory access for debug (includes writing to ROM) */
3477 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3478 uint8_t *buf, int len, int is_write)
3485 page = addr & TARGET_PAGE_MASK;
3486 phys_addr = cpu_get_phys_page_debug(cpu, page);
3487 /* if no physical page mapped, return an error */
3488 if (phys_addr == -1)
3490 l = (page + TARGET_PAGE_SIZE) - addr;
3493 phys_addr += (addr & ~TARGET_PAGE_MASK);
3495 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3497 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3509 * A helper function for the _utterly broken_ virtio device model to find out if
3510 * it's running on a big endian machine. Don't do this at home kids!
3512 bool target_words_bigendian(void);
3513 bool target_words_bigendian(void)
3515 #if defined(TARGET_WORDS_BIGENDIAN)
3522 #ifndef CONFIG_USER_ONLY
3523 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3530 mr = address_space_translate(&address_space_memory,
3531 phys_addr, &phys_addr, &l, false);
3533 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3538 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3544 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3545 ret = func(block->idstr, block->host, block->offset,
3546 block->used_length, opaque);
projects / sdk / emulator / qemu.git / blob