4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
56 static int in_migration;
58 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
60 static MemoryRegion *system_memory;
61 static MemoryRegion *system_io;
63 AddressSpace address_space_io;
64 AddressSpace address_space_memory;
66 MemoryRegion io_mem_rom, io_mem_notdirty;
67 static MemoryRegion io_mem_unassigned;
71 CPUArchState *first_cpu;
72 /* current CPU in the current thread. It is only valid inside
74 DEFINE_TLS(CPUArchState *,cpu_single_env);
75 /* 0 = Do not count executed instructions.
76 1 = Precise instruction counting.
77 2 = Adaptive rate instruction counting. */
80 #if !defined(CONFIG_USER_ONLY)
82 typedef struct PhysPageEntry PhysPageEntry;
84 struct PhysPageEntry {
86 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
90 typedef PhysPageEntry Node[L2_SIZE];
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
96 PhysPageEntry phys_map;
98 MemoryRegionSection *sections;
102 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
103 typedef struct subpage_t {
107 uint16_t sub_section[TARGET_PAGE_SIZE];
110 #define PHYS_SECTION_UNASSIGNED 0
111 #define PHYS_SECTION_NOTDIRTY 1
112 #define PHYS_SECTION_ROM 2
113 #define PHYS_SECTION_WATCH 3
115 typedef struct PhysPageMap {
116 unsigned sections_nb;
117 unsigned sections_nb_alloc;
119 unsigned nodes_nb_alloc;
121 MemoryRegionSection *sections;
124 static PhysPageMap *prev_map;
125 static PhysPageMap next_map;
127 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
129 static void io_mem_init(void);
130 static void memory_map_init(void);
131 static void *qemu_safe_ram_ptr(ram_addr_t addr);
133 static MemoryRegion io_mem_watch;
136 #if !defined(CONFIG_USER_ONLY)
138 static void phys_map_node_reserve(unsigned nodes)
140 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
141 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
143 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
144 next_map.nodes_nb + nodes);
145 next_map.nodes = g_renew(Node, next_map.nodes,
146 next_map.nodes_nb_alloc);
150 static uint16_t phys_map_node_alloc(void)
155 ret = next_map.nodes_nb++;
156 assert(ret != PHYS_MAP_NODE_NIL);
157 assert(ret != next_map.nodes_nb_alloc);
158 for (i = 0; i < L2_SIZE; ++i) {
159 next_map.nodes[ret][i].is_leaf = 0;
160 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
165 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
166 hwaddr *nb, uint16_t leaf,
171 hwaddr step = (hwaddr)1 << (level * L2_BITS);
173 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
174 lp->ptr = phys_map_node_alloc();
175 p = next_map.nodes[lp->ptr];
177 for (i = 0; i < L2_SIZE; i++) {
179 p[i].ptr = PHYS_SECTION_UNASSIGNED;
183 p = next_map.nodes[lp->ptr];
185 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
187 while (*nb && lp < &p[L2_SIZE]) {
188 if ((*index & (step - 1)) == 0 && *nb >= step) {
194 phys_page_set_level(lp, index, nb, leaf, level - 1);
200 static void phys_page_set(AddressSpaceDispatch *d,
201 hwaddr index, hwaddr nb,
204 /* Wildly overreserve - it doesn't matter much. */
205 phys_map_node_reserve(3 * P_L2_LEVELS);
207 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
210 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
211 Node *nodes, MemoryRegionSection *sections)
216 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
217 if (lp.ptr == PHYS_MAP_NODE_NIL) {
218 return §ions[PHYS_SECTION_UNASSIGNED];
221 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
223 return §ions[lp.ptr];
226 bool memory_region_is_unassigned(MemoryRegion *mr)
228 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
229 && mr != &io_mem_watch;
232 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
234 bool resolve_subpage)
236 MemoryRegionSection *section;
239 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
240 d->nodes, d->sections);
241 if (resolve_subpage && section->mr->subpage) {
242 subpage = container_of(section->mr, subpage_t, iomem);
243 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
248 static MemoryRegionSection *
249 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
250 hwaddr *plen, bool resolve_subpage)
252 MemoryRegionSection *section;
255 section = address_space_lookup_region(d, addr, resolve_subpage);
256 /* Compute offset within MemoryRegionSection */
257 addr -= section->offset_within_address_space;
259 /* Compute offset within MemoryRegion */
260 *xlat = addr + section->offset_within_region;
262 diff = int128_sub(section->mr->size, int128_make64(addr));
263 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
267 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
268 hwaddr *xlat, hwaddr *plen,
272 MemoryRegionSection *section;
277 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
280 if (!mr->iommu_ops) {
284 iotlb = mr->iommu_ops->translate(mr, addr);
285 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
286 | (addr & iotlb.addr_mask));
287 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
288 if (!(iotlb.perm & (1 << is_write))) {
289 mr = &io_mem_unassigned;
293 as = iotlb.target_as;
301 MemoryRegionSection *
302 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
305 MemoryRegionSection *section;
306 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
308 assert(!section->mr->iommu_ops);
313 void cpu_exec_init_all(void)
315 #if !defined(CONFIG_USER_ONLY)
316 qemu_mutex_init(&ram_list.mutex);
322 #if !defined(CONFIG_USER_ONLY)
324 static int cpu_common_post_load(void *opaque, int version_id)
326 CPUState *cpu = opaque;
328 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
329 version_id is increased. */
330 cpu->interrupt_request &= ~0x01;
331 tlb_flush(cpu->env_ptr, 1);
336 const VMStateDescription vmstate_cpu_common = {
337 .name = "cpu_common",
339 .minimum_version_id = 1,
340 .minimum_version_id_old = 1,
341 .post_load = cpu_common_post_load,
342 .fields = (VMStateField []) {
343 VMSTATE_UINT32(halted, CPUState),
344 VMSTATE_UINT32(interrupt_request, CPUState),
345 VMSTATE_END_OF_LIST()
351 CPUState *qemu_get_cpu(int index)
353 CPUArchState *env = first_cpu;
354 CPUState *cpu = NULL;
357 cpu = ENV_GET_CPU(env);
358 if (cpu->cpu_index == index) {
364 return env ? cpu : NULL;
367 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
369 CPUArchState *env = first_cpu;
372 func(ENV_GET_CPU(env), data);
377 void cpu_exec_init(CPUArchState *env)
379 CPUState *cpu = ENV_GET_CPU(env);
380 CPUClass *cc = CPU_GET_CLASS(cpu);
384 #if defined(CONFIG_USER_ONLY)
387 env->next_cpu = NULL;
390 while (*penv != NULL) {
391 penv = &(*penv)->next_cpu;
394 cpu->cpu_index = cpu_index;
396 QTAILQ_INIT(&env->breakpoints);
397 QTAILQ_INIT(&env->watchpoints);
398 #ifndef CONFIG_USER_ONLY
399 cpu->thread_id = qemu_get_thread_id();
402 #if defined(CONFIG_USER_ONLY)
405 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
406 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
407 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
408 cpu_save, cpu_load, env);
409 assert(cc->vmsd == NULL);
411 if (cc->vmsd != NULL) {
412 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
416 #if defined(TARGET_HAS_ICE)
417 #if defined(CONFIG_USER_ONLY)
418 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
420 tb_invalidate_phys_page_range(pc, pc + 1, 0);
423 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
425 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
426 (pc & ~TARGET_PAGE_MASK));
429 #endif /* TARGET_HAS_ICE */
431 #if defined(CONFIG_USER_ONLY)
432 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
437 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
438 int flags, CPUWatchpoint **watchpoint)
443 /* Add a watchpoint. */
444 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
445 int flags, CPUWatchpoint **watchpoint)
447 target_ulong len_mask = ~(len - 1);
450 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
451 if ((len & (len - 1)) || (addr & ~len_mask) ||
452 len == 0 || len > TARGET_PAGE_SIZE) {
453 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
454 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
457 wp = g_malloc(sizeof(*wp));
460 wp->len_mask = len_mask;
463 /* keep all GDB-injected watchpoints in front */
465 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
467 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
469 tlb_flush_page(env, addr);
476 /* Remove a specific watchpoint. */
477 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
480 target_ulong len_mask = ~(len - 1);
483 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
484 if (addr == wp->vaddr && len_mask == wp->len_mask
485 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
486 cpu_watchpoint_remove_by_ref(env, wp);
493 /* Remove a specific watchpoint by reference. */
494 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
496 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
498 tlb_flush_page(env, watchpoint->vaddr);
503 /* Remove all matching watchpoints. */
504 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
506 CPUWatchpoint *wp, *next;
508 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
509 if (wp->flags & mask)
510 cpu_watchpoint_remove_by_ref(env, wp);
515 /* Add a breakpoint. */
516 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
517 CPUBreakpoint **breakpoint)
519 #if defined(TARGET_HAS_ICE)
522 bp = g_malloc(sizeof(*bp));
527 /* keep all GDB-injected breakpoints in front */
529 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
531 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
533 breakpoint_invalidate(env, pc);
543 /* Remove a specific breakpoint. */
544 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
546 #if defined(TARGET_HAS_ICE)
549 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
550 if (bp->pc == pc && bp->flags == flags) {
551 cpu_breakpoint_remove_by_ref(env, bp);
561 /* Remove a specific breakpoint by reference. */
562 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
564 #if defined(TARGET_HAS_ICE)
565 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
567 breakpoint_invalidate(env, breakpoint->pc);
573 /* Remove all matching breakpoints. */
574 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
576 #if defined(TARGET_HAS_ICE)
577 CPUBreakpoint *bp, *next;
579 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
580 if (bp->flags & mask)
581 cpu_breakpoint_remove_by_ref(env, bp);
586 /* enable or disable single step mode. EXCP_DEBUG is returned by the
587 CPU loop after each instruction */
588 void cpu_single_step(CPUArchState *env, int enabled)
590 #if defined(TARGET_HAS_ICE)
591 if (env->singlestep_enabled != enabled) {
592 env->singlestep_enabled = enabled;
594 kvm_update_guest_debug(env, 0);
596 /* must flush all the translated code to avoid inconsistencies */
597 /* XXX: only flush what is necessary */
604 void cpu_abort(CPUArchState *env, const char *fmt, ...)
606 CPUState *cpu = ENV_GET_CPU(env);
612 fprintf(stderr, "qemu: fatal: ");
613 vfprintf(stderr, fmt, ap);
614 fprintf(stderr, "\n");
615 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
616 if (qemu_log_enabled()) {
617 qemu_log("qemu: fatal: ");
618 qemu_log_vprintf(fmt, ap2);
620 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
626 #if defined(CONFIG_USER_ONLY)
628 struct sigaction act;
629 sigfillset(&act.sa_mask);
630 act.sa_handler = SIG_DFL;
631 sigaction(SIGABRT, &act, NULL);
637 CPUArchState *cpu_copy(CPUArchState *env)
639 CPUArchState *new_env = cpu_init(env->cpu_model_str);
640 CPUArchState *next_cpu = new_env->next_cpu;
641 #if defined(TARGET_HAS_ICE)
646 memcpy(new_env, env, sizeof(CPUArchState));
648 /* Preserve chaining. */
649 new_env->next_cpu = next_cpu;
651 /* Clone all break/watchpoints.
652 Note: Once we support ptrace with hw-debug register access, make sure
653 BP_CPU break/watchpoints are handled correctly on clone. */
654 QTAILQ_INIT(&env->breakpoints);
655 QTAILQ_INIT(&env->watchpoints);
656 #if defined(TARGET_HAS_ICE)
657 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
658 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
660 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
661 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
669 #if !defined(CONFIG_USER_ONLY)
670 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
675 /* we modify the TLB cache so that the dirty bit will be set again
676 when accessing the range */
677 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
678 /* Check that we don't span multiple blocks - this breaks the
679 address comparisons below. */
680 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
681 != (end - 1) - start) {
684 cpu_tlb_reset_dirty_all(start1, length);
688 /* Note: start and end must be within the same ram block. */
689 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
694 start &= TARGET_PAGE_MASK;
695 end = TARGET_PAGE_ALIGN(end);
697 length = end - start;
700 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
703 tlb_reset_dirty_range_all(start, end, length);
707 static int cpu_physical_memory_set_dirty_tracking(int enable)
710 in_migration = enable;
714 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
715 MemoryRegionSection *section,
717 hwaddr paddr, hwaddr xlat,
719 target_ulong *address)
724 if (memory_region_is_ram(section->mr)) {
726 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
728 if (!section->readonly) {
729 iotlb |= PHYS_SECTION_NOTDIRTY;
731 iotlb |= PHYS_SECTION_ROM;
734 iotlb = section - address_space_memory.dispatch->sections;
738 /* Make accesses to pages with watchpoints go via the
739 watchpoint trap routines. */
740 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
741 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
742 /* Avoid trapping reads of pages with a write breakpoint. */
743 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
744 iotlb = PHYS_SECTION_WATCH + paddr;
745 *address |= TLB_MMIO;
753 #endif /* defined(CONFIG_USER_ONLY) */
755 #if !defined(CONFIG_USER_ONLY)
757 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
759 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
761 static uint16_t phys_section_add(MemoryRegionSection *section)
763 /* The physical section number is ORed with a page-aligned
764 * pointer to produce the iotlb entries. Thus it should
765 * never overflow into the page-aligned value.
767 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
769 if (next_map.sections_nb == next_map.sections_nb_alloc) {
770 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
772 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
773 next_map.sections_nb_alloc);
775 next_map.sections[next_map.sections_nb] = *section;
776 memory_region_ref(section->mr);
777 return next_map.sections_nb++;
780 static void phys_section_destroy(MemoryRegion *mr)
782 memory_region_unref(mr);
785 subpage_t *subpage = container_of(mr, subpage_t, iomem);
786 memory_region_destroy(&subpage->iomem);
791 static void phys_sections_free(PhysPageMap *map)
793 while (map->sections_nb > 0) {
794 MemoryRegionSection *section = &map->sections[--map->sections_nb];
795 phys_section_destroy(section->mr);
797 g_free(map->sections);
802 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
805 hwaddr base = section->offset_within_address_space
807 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
808 next_map.nodes, next_map.sections);
809 MemoryRegionSection subsection = {
810 .offset_within_address_space = base,
811 .size = int128_make64(TARGET_PAGE_SIZE),
815 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
817 if (!(existing->mr->subpage)) {
818 subpage = subpage_init(d->as, base);
819 subsection.mr = &subpage->iomem;
820 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
821 phys_section_add(&subsection));
823 subpage = container_of(existing->mr, subpage_t, iomem);
825 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
826 end = start + int128_get64(section->size) - 1;
827 subpage_register(subpage, start, end, phys_section_add(section));
831 static void register_multipage(AddressSpaceDispatch *d,
832 MemoryRegionSection *section)
834 hwaddr start_addr = section->offset_within_address_space;
835 uint16_t section_index = phys_section_add(section);
836 uint64_t num_pages = int128_get64(int128_rshift(section->size,
840 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
843 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
845 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
846 AddressSpaceDispatch *d = as->next_dispatch;
847 MemoryRegionSection now = *section, remain = *section;
848 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
850 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
851 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
852 - now.offset_within_address_space;
854 now.size = int128_min(int128_make64(left), now.size);
855 register_subpage(d, &now);
857 now.size = int128_zero();
859 while (int128_ne(remain.size, now.size)) {
860 remain.size = int128_sub(remain.size, now.size);
861 remain.offset_within_address_space += int128_get64(now.size);
862 remain.offset_within_region += int128_get64(now.size);
864 if (int128_lt(remain.size, page_size)) {
865 register_subpage(d, &now);
866 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
867 now.size = page_size;
868 register_subpage(d, &now);
870 now.size = int128_and(now.size, int128_neg(page_size));
871 register_multipage(d, &now);
876 void qemu_flush_coalesced_mmio_buffer(void)
879 kvm_flush_coalesced_mmio_buffer();
882 void qemu_mutex_lock_ramlist(void)
884 qemu_mutex_lock(&ram_list.mutex);
887 void qemu_mutex_unlock_ramlist(void)
889 qemu_mutex_unlock(&ram_list.mutex);
892 #if defined(__linux__) && !defined(TARGET_S390X)
896 #define HUGETLBFS_MAGIC 0x958458f6
898 static long gethugepagesize(const char *path)
904 ret = statfs(path, &fs);
905 } while (ret != 0 && errno == EINTR);
912 if (fs.f_type != HUGETLBFS_MAGIC)
913 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
918 static void *file_ram_alloc(RAMBlock *block,
923 char *sanitized_name;
930 unsigned long hpagesize;
932 hpagesize = gethugepagesize(path);
937 if (memory < hpagesize) {
941 if (kvm_enabled() && !kvm_has_sync_mmu()) {
942 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
946 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
947 sanitized_name = g_strdup(block->mr->name);
948 for (c = sanitized_name; *c != '\0'; c++) {
953 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
955 g_free(sanitized_name);
957 fd = mkstemp(filename);
959 perror("unable to create backing store for hugepages");
966 memory = (memory+hpagesize-1) & ~(hpagesize-1);
969 * ftruncate is not supported by hugetlbfs in older
970 * hosts, so don't bother bailing out on errors.
971 * If anything goes wrong with it under other filesystems,
974 if (ftruncate(fd, memory))
978 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
979 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
980 * to sidestep this quirk.
982 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
983 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
985 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
987 if (area == MAP_FAILED) {
988 perror("file_ram_alloc: can't mmap RAM pages");
997 static ram_addr_t find_ram_offset(ram_addr_t size)
999 RAMBlock *block, *next_block;
1000 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1002 assert(size != 0); /* it would hand out same offset multiple times */
1004 if (QTAILQ_EMPTY(&ram_list.blocks))
1007 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1008 ram_addr_t end, next = RAM_ADDR_MAX;
1010 end = block->offset + block->length;
1012 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1013 if (next_block->offset >= end) {
1014 next = MIN(next, next_block->offset);
1017 if (next - end >= size && next - end < mingap) {
1019 mingap = next - end;
1023 if (offset == RAM_ADDR_MAX) {
1024 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1032 ram_addr_t last_ram_offset(void)
1035 ram_addr_t last = 0;
1037 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1038 last = MAX(last, block->offset + block->length);
1043 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1046 QemuOpts *machine_opts;
1048 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1049 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1051 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1052 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1054 perror("qemu_madvise");
1055 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1056 "but dump_guest_core=off specified\n");
1061 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1063 RAMBlock *new_block, *block;
1066 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1067 if (block->offset == addr) {
1073 assert(!new_block->idstr[0]);
1076 char *id = qdev_get_dev_path(dev);
1078 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1082 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1084 /* This assumes the iothread lock is taken here too. */
1085 qemu_mutex_lock_ramlist();
1086 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1087 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1088 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1093 qemu_mutex_unlock_ramlist();
1096 static int memory_try_enable_merging(void *addr, size_t len)
1100 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1101 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1102 /* disabled by the user */
1106 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1109 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1112 RAMBlock *block, *new_block;
1114 size = TARGET_PAGE_ALIGN(size);
1115 new_block = g_malloc0(sizeof(*new_block));
1117 /* This assumes the iothread lock is taken here too. */
1118 qemu_mutex_lock_ramlist();
1120 new_block->offset = find_ram_offset(size);
1122 new_block->host = host;
1123 new_block->flags |= RAM_PREALLOC_MASK;
1126 #if defined (__linux__) && !defined(TARGET_S390X)
1127 new_block->host = file_ram_alloc(new_block, size, mem_path);
1128 if (!new_block->host) {
1129 new_block->host = qemu_anon_ram_alloc(size);
1130 memory_try_enable_merging(new_block->host, size);
1133 fprintf(stderr, "-mem-path option unsupported\n");
1137 if (xen_enabled()) {
1138 xen_ram_alloc(new_block->offset, size, mr);
1139 } else if (kvm_enabled()) {
1140 /* some s390/kvm configurations have special constraints */
1141 new_block->host = kvm_ram_alloc(size);
1143 new_block->host = qemu_anon_ram_alloc(size);
1145 memory_try_enable_merging(new_block->host, size);
1148 new_block->length = size;
1150 /* Keep the list sorted from biggest to smallest block. */
1151 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1152 if (block->length < new_block->length) {
1157 QTAILQ_INSERT_BEFORE(block, new_block, next);
1159 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1161 ram_list.mru_block = NULL;
1164 qemu_mutex_unlock_ramlist();
1166 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1167 last_ram_offset() >> TARGET_PAGE_BITS);
1168 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1169 0, size >> TARGET_PAGE_BITS);
1170 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1172 qemu_ram_setup_dump(new_block->host, size);
1173 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1176 kvm_setup_guest_memory(new_block->host, size);
1178 return new_block->offset;
1181 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1183 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1186 void qemu_ram_free_from_ptr(ram_addr_t addr)
1190 /* This assumes the iothread lock is taken here too. */
1191 qemu_mutex_lock_ramlist();
1192 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1193 if (addr == block->offset) {
1194 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1195 ram_list.mru_block = NULL;
1201 qemu_mutex_unlock_ramlist();
1204 void qemu_ram_free(ram_addr_t addr)
1208 /* This assumes the iothread lock is taken here too. */
1209 qemu_mutex_lock_ramlist();
1210 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1211 if (addr == block->offset) {
1212 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1213 ram_list.mru_block = NULL;
1215 if (block->flags & RAM_PREALLOC_MASK) {
1217 } else if (mem_path) {
1218 #if defined (__linux__) && !defined(TARGET_S390X)
1220 munmap(block->host, block->length);
1223 qemu_anon_ram_free(block->host, block->length);
1229 if (xen_enabled()) {
1230 xen_invalidate_map_cache_entry(block->host);
1232 qemu_anon_ram_free(block->host, block->length);
1239 qemu_mutex_unlock_ramlist();
1244 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1251 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1252 offset = addr - block->offset;
1253 if (offset < block->length) {
1254 vaddr = block->host + offset;
1255 if (block->flags & RAM_PREALLOC_MASK) {
1259 munmap(vaddr, length);
1261 #if defined(__linux__) && !defined(TARGET_S390X)
1264 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1267 flags |= MAP_PRIVATE;
1269 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1270 flags, block->fd, offset);
1272 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1273 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1280 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1281 flags |= MAP_SHARED | MAP_ANONYMOUS;
1282 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1285 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1286 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1290 if (area != vaddr) {
1291 fprintf(stderr, "Could not remap addr: "
1292 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1296 memory_try_enable_merging(vaddr, length);
1297 qemu_ram_setup_dump(vaddr, length);
1303 #endif /* !_WIN32 */
1305 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1309 /* The list is protected by the iothread lock here. */
1310 block = ram_list.mru_block;
1311 if (block && addr - block->offset < block->length) {
1314 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1315 if (addr - block->offset < block->length) {
1320 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1324 ram_list.mru_block = block;
1328 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1329 With the exception of the softmmu code in this file, this should
1330 only be used for local memory (e.g. video ram) that the device owns,
1331 and knows it isn't going to access beyond the end of the block.
1333 It should not be used for general purpose DMA.
1334 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1336 void *qemu_get_ram_ptr(ram_addr_t addr)
1338 RAMBlock *block = qemu_get_ram_block(addr);
1340 if (xen_enabled()) {
1341 /* We need to check if the requested address is in the RAM
1342 * because we don't want to map the entire memory in QEMU.
1343 * In that case just map until the end of the page.
1345 if (block->offset == 0) {
1346 return xen_map_cache(addr, 0, 0);
1347 } else if (block->host == NULL) {
1349 xen_map_cache(block->offset, block->length, 1);
1352 return block->host + (addr - block->offset);
1355 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1356 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1358 * ??? Is this still necessary?
1360 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1364 /* The list is protected by the iothread lock here. */
1365 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1366 if (addr - block->offset < block->length) {
1367 if (xen_enabled()) {
1368 /* We need to check if the requested address is in the RAM
1369 * because we don't want to map the entire memory in QEMU.
1370 * In that case just map until the end of the page.
1372 if (block->offset == 0) {
1373 return xen_map_cache(addr, 0, 0);
1374 } else if (block->host == NULL) {
1376 xen_map_cache(block->offset, block->length, 1);
1379 return block->host + (addr - block->offset);
1383 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1389 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1390 * but takes a size argument */
1391 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1396 if (xen_enabled()) {
1397 return xen_map_cache(addr, *size, 1);
1401 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1402 if (addr - block->offset < block->length) {
1403 if (addr - block->offset + *size > block->length)
1404 *size = block->length - addr + block->offset;
1405 return block->host + (addr - block->offset);
1409 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1414 /* Some of the softmmu routines need to translate from a host pointer
1415 (typically a TLB entry) back to a ram offset. */
1416 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1419 uint8_t *host = ptr;
1421 if (xen_enabled()) {
1422 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1423 return qemu_get_ram_block(*ram_addr)->mr;
1426 block = ram_list.mru_block;
1427 if (block && block->host && host - block->host < block->length) {
1431 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1432 /* This case append when the block is not mapped. */
1433 if (block->host == NULL) {
1436 if (host - block->host < block->length) {
1444 *ram_addr = block->offset + (host - block->host);
1448 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1449 uint64_t val, unsigned size)
1452 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1453 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1454 tb_invalidate_phys_page_fast(ram_addr, size);
1455 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1459 stb_p(qemu_get_ram_ptr(ram_addr), val);
1462 stw_p(qemu_get_ram_ptr(ram_addr), val);
1465 stl_p(qemu_get_ram_ptr(ram_addr), val);
1470 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1471 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1472 /* we remove the notdirty callback only if the code has been
1474 if (dirty_flags == 0xff)
1475 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1478 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1479 unsigned size, bool is_write)
1484 static const MemoryRegionOps notdirty_mem_ops = {
1485 .write = notdirty_mem_write,
1486 .valid.accepts = notdirty_mem_accepts,
1487 .endianness = DEVICE_NATIVE_ENDIAN,
1490 /* Generate a debug exception if a watchpoint has been hit. */
1491 static void check_watchpoint(int offset, int len_mask, int flags)
1493 CPUArchState *env = cpu_single_env;
1494 target_ulong pc, cs_base;
1499 if (env->watchpoint_hit) {
1500 /* We re-entered the check after replacing the TB. Now raise
1501 * the debug interrupt so that is will trigger after the
1502 * current instruction. */
1503 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1506 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1507 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1508 if ((vaddr == (wp->vaddr & len_mask) ||
1509 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1510 wp->flags |= BP_WATCHPOINT_HIT;
1511 if (!env->watchpoint_hit) {
1512 env->watchpoint_hit = wp;
1513 tb_check_watchpoint(env);
1514 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1515 env->exception_index = EXCP_DEBUG;
1518 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1519 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1520 cpu_resume_from_signal(env, NULL);
1524 wp->flags &= ~BP_WATCHPOINT_HIT;
1529 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1530 so these check for a hit then pass through to the normal out-of-line
1532 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1535 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1537 case 1: return ldub_phys(addr);
1538 case 2: return lduw_phys(addr);
1539 case 4: return ldl_phys(addr);
1544 static void watch_mem_write(void *opaque, hwaddr addr,
1545 uint64_t val, unsigned size)
1547 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1550 stb_phys(addr, val);
1553 stw_phys(addr, val);
1556 stl_phys(addr, val);
1562 static const MemoryRegionOps watch_mem_ops = {
1563 .read = watch_mem_read,
1564 .write = watch_mem_write,
1565 .endianness = DEVICE_NATIVE_ENDIAN,
1568 static uint64_t subpage_read(void *opaque, hwaddr addr,
1571 subpage_t *subpage = opaque;
1574 #if defined(DEBUG_SUBPAGE)
1575 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1576 subpage, len, addr);
1578 address_space_read(subpage->as, addr + subpage->base, buf, len);
1591 static void subpage_write(void *opaque, hwaddr addr,
1592 uint64_t value, unsigned len)
1594 subpage_t *subpage = opaque;
1597 #if defined(DEBUG_SUBPAGE)
1598 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1599 " value %"PRIx64"\n",
1600 __func__, subpage, len, addr, value);
1615 address_space_write(subpage->as, addr + subpage->base, buf, len);
1618 static bool subpage_accepts(void *opaque, hwaddr addr,
1619 unsigned size, bool is_write)
1621 subpage_t *subpage = opaque;
1622 #if defined(DEBUG_SUBPAGE)
1623 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1624 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1627 return address_space_access_valid(subpage->as, addr + subpage->base,
1631 static const MemoryRegionOps subpage_ops = {
1632 .read = subpage_read,
1633 .write = subpage_write,
1634 .valid.accepts = subpage_accepts,
1635 .endianness = DEVICE_NATIVE_ENDIAN,
1638 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1643 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1645 idx = SUBPAGE_IDX(start);
1646 eidx = SUBPAGE_IDX(end);
1647 #if defined(DEBUG_SUBPAGE)
1648 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1649 mmio, start, end, idx, eidx, memory);
1651 for (; idx <= eidx; idx++) {
1652 mmio->sub_section[idx] = section;
1658 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1662 mmio = g_malloc0(sizeof(subpage_t));
1666 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1667 "subpage", TARGET_PAGE_SIZE);
1668 mmio->iomem.subpage = true;
1669 #if defined(DEBUG_SUBPAGE)
1670 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1671 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1673 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1678 static uint16_t dummy_section(MemoryRegion *mr)
1680 MemoryRegionSection section = {
1682 .offset_within_address_space = 0,
1683 .offset_within_region = 0,
1684 .size = int128_2_64(),
1687 return phys_section_add(§ion);
1690 MemoryRegion *iotlb_to_region(hwaddr index)
1692 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1695 static void io_mem_init(void)
1697 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1698 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1699 "unassigned", UINT64_MAX);
1700 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1701 "notdirty", UINT64_MAX);
1702 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1703 "watch", UINT64_MAX);
1706 static void mem_begin(MemoryListener *listener)
1708 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1709 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1711 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1713 as->next_dispatch = d;
1716 static void mem_commit(MemoryListener *listener)
1718 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1719 AddressSpaceDispatch *cur = as->dispatch;
1720 AddressSpaceDispatch *next = as->next_dispatch;
1722 next->nodes = next_map.nodes;
1723 next->sections = next_map.sections;
1725 as->dispatch = next;
1729 static void core_begin(MemoryListener *listener)
1733 prev_map = g_new(PhysPageMap, 1);
1734 *prev_map = next_map;
1736 memset(&next_map, 0, sizeof(next_map));
1737 n = dummy_section(&io_mem_unassigned);
1738 assert(n == PHYS_SECTION_UNASSIGNED);
1739 n = dummy_section(&io_mem_notdirty);
1740 assert(n == PHYS_SECTION_NOTDIRTY);
1741 n = dummy_section(&io_mem_rom);
1742 assert(n == PHYS_SECTION_ROM);
1743 n = dummy_section(&io_mem_watch);
1744 assert(n == PHYS_SECTION_WATCH);
1747 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1748 * All AddressSpaceDispatch instances have switched to the next map.
1750 static void core_commit(MemoryListener *listener)
1752 phys_sections_free(prev_map);
1755 static void tcg_commit(MemoryListener *listener)
1759 /* since each CPU stores ram addresses in its TLB cache, we must
1760 reset the modified entries */
1762 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1767 static void core_log_global_start(MemoryListener *listener)
1769 cpu_physical_memory_set_dirty_tracking(1);
1772 static void core_log_global_stop(MemoryListener *listener)
1774 cpu_physical_memory_set_dirty_tracking(0);
1777 static MemoryListener core_memory_listener = {
1778 .begin = core_begin,
1779 .commit = core_commit,
1780 .log_global_start = core_log_global_start,
1781 .log_global_stop = core_log_global_stop,
1785 static MemoryListener tcg_memory_listener = {
1786 .commit = tcg_commit,
1789 void address_space_init_dispatch(AddressSpace *as)
1791 as->dispatch = NULL;
1792 as->dispatch_listener = (MemoryListener) {
1794 .commit = mem_commit,
1795 .region_add = mem_add,
1796 .region_nop = mem_add,
1799 memory_listener_register(&as->dispatch_listener, as);
1802 void address_space_destroy_dispatch(AddressSpace *as)
1804 AddressSpaceDispatch *d = as->dispatch;
1806 memory_listener_unregister(&as->dispatch_listener);
1808 as->dispatch = NULL;
1811 static void memory_map_init(void)
1813 system_memory = g_malloc(sizeof(*system_memory));
1814 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1815 address_space_init(&address_space_memory, system_memory, "memory");
1817 system_io = g_malloc(sizeof(*system_io));
1818 memory_region_init(system_io, NULL, "io", 65536);
1819 address_space_init(&address_space_io, system_io, "I/O");
1821 memory_listener_register(&core_memory_listener, &address_space_memory);
1822 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1825 MemoryRegion *get_system_memory(void)
1827 return system_memory;
1830 MemoryRegion *get_system_io(void)
1835 #endif /* !defined(CONFIG_USER_ONLY) */
1837 /* physical memory access (slow version, mainly for debug) */
1838 #if defined(CONFIG_USER_ONLY)
1839 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1840 uint8_t *buf, int len, int is_write)
1847 page = addr & TARGET_PAGE_MASK;
1848 l = (page + TARGET_PAGE_SIZE) - addr;
1851 flags = page_get_flags(page);
1852 if (!(flags & PAGE_VALID))
1855 if (!(flags & PAGE_WRITE))
1857 /* XXX: this code should not depend on lock_user */
1858 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1861 unlock_user(p, addr, l);
1863 if (!(flags & PAGE_READ))
1865 /* XXX: this code should not depend on lock_user */
1866 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1869 unlock_user(p, addr, 0);
1880 static void invalidate_and_set_dirty(hwaddr addr,
1883 if (!cpu_physical_memory_is_dirty(addr)) {
1884 /* invalidate code */
1885 tb_invalidate_phys_page_range(addr, addr + length, 0);
1887 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1889 xen_modified_memory(addr, length);
1892 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1894 if (memory_region_is_ram(mr)) {
1895 return !(is_write && mr->readonly);
1897 if (memory_region_is_romd(mr)) {
1904 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1906 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1909 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1915 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1916 int len, bool is_write)
1927 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1930 if (!memory_access_is_direct(mr, is_write)) {
1931 l = memory_access_size(mr, l, addr1);
1932 /* XXX: could force cpu_single_env to NULL to avoid
1935 /* 32 bit write access */
1937 error |= io_mem_write(mr, addr1, val, 4);
1938 } else if (l == 2) {
1939 /* 16 bit write access */
1941 error |= io_mem_write(mr, addr1, val, 2);
1943 /* 8 bit write access */
1945 error |= io_mem_write(mr, addr1, val, 1);
1948 addr1 += memory_region_get_ram_addr(mr);
1950 ptr = qemu_get_ram_ptr(addr1);
1951 memcpy(ptr, buf, l);
1952 invalidate_and_set_dirty(addr1, l);
1955 if (!memory_access_is_direct(mr, is_write)) {
1957 l = memory_access_size(mr, l, addr1);
1959 /* 32 bit read access */
1960 error |= io_mem_read(mr, addr1, &val, 4);
1962 } else if (l == 2) {
1963 /* 16 bit read access */
1964 error |= io_mem_read(mr, addr1, &val, 2);
1967 /* 8 bit read access */
1968 error |= io_mem_read(mr, addr1, &val, 1);
1973 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1974 memcpy(buf, ptr, l);
1985 bool address_space_write(AddressSpace *as, hwaddr addr,
1986 const uint8_t *buf, int len)
1988 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1991 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1993 return address_space_rw(as, addr, buf, len, false);
1997 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1998 int len, int is_write)
2000 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2003 /* used for ROM loading : can write in RAM and ROM */
2004 void cpu_physical_memory_write_rom(hwaddr addr,
2005 const uint8_t *buf, int len)
2014 mr = address_space_translate(&address_space_memory,
2015 addr, &addr1, &l, true);
2017 if (!(memory_region_is_ram(mr) ||
2018 memory_region_is_romd(mr))) {
2021 addr1 += memory_region_get_ram_addr(mr);
2023 ptr = qemu_get_ram_ptr(addr1);
2024 memcpy(ptr, buf, l);
2025 invalidate_and_set_dirty(addr1, l);
2040 static BounceBuffer bounce;
2042 typedef struct MapClient {
2044 void (*callback)(void *opaque);
2045 QLIST_ENTRY(MapClient) link;
2048 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2049 = QLIST_HEAD_INITIALIZER(map_client_list);
2051 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2053 MapClient *client = g_malloc(sizeof(*client));
2055 client->opaque = opaque;
2056 client->callback = callback;
2057 QLIST_INSERT_HEAD(&map_client_list, client, link);
2061 static void cpu_unregister_map_client(void *_client)
2063 MapClient *client = (MapClient *)_client;
2065 QLIST_REMOVE(client, link);
2069 static void cpu_notify_map_clients(void)
2073 while (!QLIST_EMPTY(&map_client_list)) {
2074 client = QLIST_FIRST(&map_client_list);
2075 client->callback(client->opaque);
2076 cpu_unregister_map_client(client);
2080 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2087 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2088 if (!memory_access_is_direct(mr, is_write)) {
2089 l = memory_access_size(mr, l, addr);
2090 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2101 /* Map a physical memory region into a host virtual address.
2102 * May map a subset of the requested range, given by and returned in *plen.
2103 * May return NULL if resources needed to perform the mapping are exhausted.
2104 * Use only for reads OR writes - not for read-modify-write operations.
2105 * Use cpu_register_map_client() to know when retrying the map operation is
2106 * likely to succeed.
2108 void *address_space_map(AddressSpace *as,
2115 hwaddr l, xlat, base;
2116 MemoryRegion *mr, *this_mr;
2124 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2125 if (!memory_access_is_direct(mr, is_write)) {
2126 if (bounce.buffer) {
2129 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2133 memory_region_ref(mr);
2136 address_space_read(as, addr, bounce.buffer, l);
2140 return bounce.buffer;
2144 raddr = memory_region_get_ram_addr(mr);
2155 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2156 if (this_mr != mr || xlat != base + done) {
2161 memory_region_ref(mr);
2163 return qemu_ram_ptr_length(raddr + base, plen);
2166 /* Unmaps a memory region previously mapped by address_space_map().
2167 * Will also mark the memory as dirty if is_write == 1. access_len gives
2168 * the amount of memory that was actually read or written by the caller.
2170 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2171 int is_write, hwaddr access_len)
2173 if (buffer != bounce.buffer) {
2177 mr = qemu_ram_addr_from_host(buffer, &addr1);
2180 while (access_len) {
2182 l = TARGET_PAGE_SIZE;
2185 invalidate_and_set_dirty(addr1, l);
2190 if (xen_enabled()) {
2191 xen_invalidate_map_cache_entry(buffer);
2193 memory_region_unref(mr);
2197 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2199 qemu_vfree(bounce.buffer);
2200 bounce.buffer = NULL;
2201 memory_region_unref(bounce.mr);
2202 cpu_notify_map_clients();
2205 void *cpu_physical_memory_map(hwaddr addr,
2209 return address_space_map(&address_space_memory, addr, plen, is_write);
2212 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2213 int is_write, hwaddr access_len)
2215 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2218 /* warning: addr must be aligned */
2219 static inline uint32_t ldl_phys_internal(hwaddr addr,
2220 enum device_endian endian)
2228 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2230 if (l < 4 || !memory_access_is_direct(mr, false)) {
2232 io_mem_read(mr, addr1, &val, 4);
2233 #if defined(TARGET_WORDS_BIGENDIAN)
2234 if (endian == DEVICE_LITTLE_ENDIAN) {
2238 if (endian == DEVICE_BIG_ENDIAN) {
2244 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2248 case DEVICE_LITTLE_ENDIAN:
2249 val = ldl_le_p(ptr);
2251 case DEVICE_BIG_ENDIAN:
2252 val = ldl_be_p(ptr);
2262 uint32_t ldl_phys(hwaddr addr)
2264 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2267 uint32_t ldl_le_phys(hwaddr addr)
2269 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2272 uint32_t ldl_be_phys(hwaddr addr)
2274 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2277 /* warning: addr must be aligned */
2278 static inline uint64_t ldq_phys_internal(hwaddr addr,
2279 enum device_endian endian)
2287 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2289 if (l < 8 || !memory_access_is_direct(mr, false)) {
2291 io_mem_read(mr, addr1, &val, 8);
2292 #if defined(TARGET_WORDS_BIGENDIAN)
2293 if (endian == DEVICE_LITTLE_ENDIAN) {
2297 if (endian == DEVICE_BIG_ENDIAN) {
2303 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2307 case DEVICE_LITTLE_ENDIAN:
2308 val = ldq_le_p(ptr);
2310 case DEVICE_BIG_ENDIAN:
2311 val = ldq_be_p(ptr);
2321 uint64_t ldq_phys(hwaddr addr)
2323 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2326 uint64_t ldq_le_phys(hwaddr addr)
2328 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2331 uint64_t ldq_be_phys(hwaddr addr)
2333 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2337 uint32_t ldub_phys(hwaddr addr)
2340 cpu_physical_memory_read(addr, &val, 1);
2344 /* warning: addr must be aligned */
2345 static inline uint32_t lduw_phys_internal(hwaddr addr,
2346 enum device_endian endian)
2354 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2356 if (l < 2 || !memory_access_is_direct(mr, false)) {
2358 io_mem_read(mr, addr1, &val, 2);
2359 #if defined(TARGET_WORDS_BIGENDIAN)
2360 if (endian == DEVICE_LITTLE_ENDIAN) {
2364 if (endian == DEVICE_BIG_ENDIAN) {
2370 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2374 case DEVICE_LITTLE_ENDIAN:
2375 val = lduw_le_p(ptr);
2377 case DEVICE_BIG_ENDIAN:
2378 val = lduw_be_p(ptr);
2388 uint32_t lduw_phys(hwaddr addr)
2390 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2393 uint32_t lduw_le_phys(hwaddr addr)
2395 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2398 uint32_t lduw_be_phys(hwaddr addr)
2400 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2403 /* warning: addr must be aligned. The ram page is not masked as dirty
2404 and the code inside is not invalidated. It is useful if the dirty
2405 bits are used to track modified PTEs */
2406 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2413 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2415 if (l < 4 || !memory_access_is_direct(mr, true)) {
2416 io_mem_write(mr, addr1, val, 4);
2418 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2419 ptr = qemu_get_ram_ptr(addr1);
2422 if (unlikely(in_migration)) {
2423 if (!cpu_physical_memory_is_dirty(addr1)) {
2424 /* invalidate code */
2425 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2427 cpu_physical_memory_set_dirty_flags(
2428 addr1, (0xff & ~CODE_DIRTY_FLAG));
2434 /* warning: addr must be aligned */
2435 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2436 enum device_endian endian)
2443 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2445 if (l < 4 || !memory_access_is_direct(mr, true)) {
2446 #if defined(TARGET_WORDS_BIGENDIAN)
2447 if (endian == DEVICE_LITTLE_ENDIAN) {
2451 if (endian == DEVICE_BIG_ENDIAN) {
2455 io_mem_write(mr, addr1, val, 4);
2458 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2459 ptr = qemu_get_ram_ptr(addr1);
2461 case DEVICE_LITTLE_ENDIAN:
2464 case DEVICE_BIG_ENDIAN:
2471 invalidate_and_set_dirty(addr1, 4);
2475 void stl_phys(hwaddr addr, uint32_t val)
2477 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2480 void stl_le_phys(hwaddr addr, uint32_t val)
2482 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2485 void stl_be_phys(hwaddr addr, uint32_t val)
2487 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2491 void stb_phys(hwaddr addr, uint32_t val)
2494 cpu_physical_memory_write(addr, &v, 1);
2497 /* warning: addr must be aligned */
2498 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2499 enum device_endian endian)
2506 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2508 if (l < 2 || !memory_access_is_direct(mr, true)) {
2509 #if defined(TARGET_WORDS_BIGENDIAN)
2510 if (endian == DEVICE_LITTLE_ENDIAN) {
2514 if (endian == DEVICE_BIG_ENDIAN) {
2518 io_mem_write(mr, addr1, val, 2);
2521 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2522 ptr = qemu_get_ram_ptr(addr1);
2524 case DEVICE_LITTLE_ENDIAN:
2527 case DEVICE_BIG_ENDIAN:
2534 invalidate_and_set_dirty(addr1, 2);
2538 void stw_phys(hwaddr addr, uint32_t val)
2540 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2543 void stw_le_phys(hwaddr addr, uint32_t val)
2545 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2548 void stw_be_phys(hwaddr addr, uint32_t val)
2550 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2554 void stq_phys(hwaddr addr, uint64_t val)
2557 cpu_physical_memory_write(addr, &val, 8);
2560 void stq_le_phys(hwaddr addr, uint64_t val)
2562 val = cpu_to_le64(val);
2563 cpu_physical_memory_write(addr, &val, 8);
2566 void stq_be_phys(hwaddr addr, uint64_t val)
2568 val = cpu_to_be64(val);
2569 cpu_physical_memory_write(addr, &val, 8);
2572 /* virtual memory access for debug (includes writing to ROM) */
2573 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2574 uint8_t *buf, int len, int is_write)
2581 page = addr & TARGET_PAGE_MASK;
2582 phys_addr = cpu_get_phys_page_debug(env, page);
2583 /* if no physical page mapped, return an error */
2584 if (phys_addr == -1)
2586 l = (page + TARGET_PAGE_SIZE) - addr;
2589 phys_addr += (addr & ~TARGET_PAGE_MASK);
2591 cpu_physical_memory_write_rom(phys_addr, buf, l);
2593 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2602 #if !defined(CONFIG_USER_ONLY)
2605 * A helper function for the _utterly broken_ virtio device model to find out if
2606 * it's running on a big endian machine. Don't do this at home kids!
2608 bool virtio_is_big_endian(void);
2609 bool virtio_is_big_endian(void)
2611 #if defined(TARGET_WORDS_BIGENDIAN)
2620 #ifndef CONFIG_USER_ONLY
2621 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2626 mr = address_space_translate(&address_space_memory,
2627 phys_addr, &phys_addr, &l, false);
2629 return !(memory_region_is_ram(mr) ||
2630 memory_region_is_romd(mr));
2633 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2637 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2638 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob