4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 struct AddressSpaceDispatch {
92 /* This is a multi-level map on the physical address space.
93 * The bottom level has pointers to MemoryRegionSections.
95 PhysPageEntry phys_map;
96 MemoryListener listener;
100 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
101 typedef struct subpage_t {
105 uint16_t sub_section[TARGET_PAGE_SIZE];
108 static MemoryRegionSection *phys_sections;
109 static unsigned phys_sections_nb, phys_sections_nb_alloc;
110 static uint16_t phys_section_unassigned;
111 static uint16_t phys_section_notdirty;
112 static uint16_t phys_section_rom;
113 static uint16_t phys_section_watch;
115 /* Simple allocator for PhysPageEntry nodes */
116 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
117 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121 static void io_mem_init(void);
122 static void memory_map_init(void);
123 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125 static MemoryRegion io_mem_watch;
128 #if !defined(CONFIG_USER_ONLY)
130 static void phys_map_node_reserve(unsigned nodes)
132 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
133 typedef PhysPageEntry Node[L2_SIZE];
134 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
136 phys_map_nodes_nb + nodes);
137 phys_map_nodes = g_renew(Node, phys_map_nodes,
138 phys_map_nodes_nb_alloc);
142 static uint16_t phys_map_node_alloc(void)
147 ret = phys_map_nodes_nb++;
148 assert(ret != PHYS_MAP_NODE_NIL);
149 assert(ret != phys_map_nodes_nb_alloc);
150 for (i = 0; i < L2_SIZE; ++i) {
151 phys_map_nodes[ret][i].is_leaf = 0;
152 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
157 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
158 hwaddr *nb, uint16_t leaf,
163 hwaddr step = (hwaddr)1 << (level * L2_BITS);
165 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
166 lp->ptr = phys_map_node_alloc();
167 p = phys_map_nodes[lp->ptr];
169 for (i = 0; i < L2_SIZE; i++) {
171 p[i].ptr = phys_section_unassigned;
175 p = phys_map_nodes[lp->ptr];
177 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
179 while (*nb && lp < &p[L2_SIZE]) {
180 if ((*index & (step - 1)) == 0 && *nb >= step) {
186 phys_page_set_level(lp, index, nb, leaf, level - 1);
192 static void phys_page_set(AddressSpaceDispatch *d,
193 hwaddr index, hwaddr nb,
196 /* Wildly overreserve - it doesn't matter much. */
197 phys_map_node_reserve(3 * P_L2_LEVELS);
199 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
202 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
204 PhysPageEntry lp = d->phys_map;
208 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
209 if (lp.ptr == PHYS_MAP_NODE_NIL) {
210 return &phys_sections[phys_section_unassigned];
212 p = phys_map_nodes[lp.ptr];
213 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
215 return &phys_sections[lp.ptr];
218 bool memory_region_is_unassigned(MemoryRegion *mr)
220 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
221 && mr != &io_mem_watch;
224 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
226 bool resolve_subpage)
228 MemoryRegionSection *section;
231 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
232 if (resolve_subpage && section->mr->subpage) {
233 subpage = container_of(section->mr, subpage_t, iomem);
234 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
239 static MemoryRegionSection *
240 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
241 hwaddr *plen, bool resolve_subpage)
243 MemoryRegionSection *section;
246 section = address_space_lookup_region(as, addr, resolve_subpage);
247 /* Compute offset within MemoryRegionSection */
248 addr -= section->offset_within_address_space;
250 /* Compute offset within MemoryRegion */
251 *xlat = addr + section->offset_within_region;
253 diff = int128_sub(section->mr->size, int128_make64(addr));
254 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
258 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
259 hwaddr *xlat, hwaddr *plen,
263 MemoryRegionSection *section;
268 section = address_space_translate_internal(as, addr, &addr, plen, true);
271 if (!mr->iommu_ops) {
275 iotlb = mr->iommu_ops->translate(mr, addr);
276 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
277 | (addr & iotlb.addr_mask));
278 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
279 if (!(iotlb.perm & (1 << is_write))) {
280 mr = &io_mem_unassigned;
284 as = iotlb.target_as;
292 MemoryRegionSection *
293 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
296 MemoryRegionSection *section;
297 section = address_space_translate_internal(as, addr, xlat, plen, false);
299 assert(!section->mr->iommu_ops);
304 void cpu_exec_init_all(void)
306 #if !defined(CONFIG_USER_ONLY)
307 qemu_mutex_init(&ram_list.mutex);
313 #if !defined(CONFIG_USER_ONLY)
315 static int cpu_common_post_load(void *opaque, int version_id)
317 CPUState *cpu = opaque;
319 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
320 version_id is increased. */
321 cpu->interrupt_request &= ~0x01;
322 tlb_flush(cpu->env_ptr, 1);
327 const VMStateDescription vmstate_cpu_common = {
328 .name = "cpu_common",
330 .minimum_version_id = 1,
331 .minimum_version_id_old = 1,
332 .post_load = cpu_common_post_load,
333 .fields = (VMStateField []) {
334 VMSTATE_UINT32(halted, CPUState),
335 VMSTATE_UINT32(interrupt_request, CPUState),
336 VMSTATE_END_OF_LIST()
342 CPUState *qemu_get_cpu(int index)
344 CPUArchState *env = first_cpu;
345 CPUState *cpu = NULL;
348 cpu = ENV_GET_CPU(env);
349 if (cpu->cpu_index == index) {
355 return env ? cpu : NULL;
358 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
360 CPUArchState *env = first_cpu;
363 func(ENV_GET_CPU(env), data);
368 void cpu_exec_init(CPUArchState *env)
370 CPUState *cpu = ENV_GET_CPU(env);
371 CPUClass *cc = CPU_GET_CLASS(cpu);
375 #if defined(CONFIG_USER_ONLY)
378 env->next_cpu = NULL;
381 while (*penv != NULL) {
382 penv = &(*penv)->next_cpu;
385 cpu->cpu_index = cpu_index;
387 QTAILQ_INIT(&env->breakpoints);
388 QTAILQ_INIT(&env->watchpoints);
389 #ifndef CONFIG_USER_ONLY
390 cpu->thread_id = qemu_get_thread_id();
393 #if defined(CONFIG_USER_ONLY)
396 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
397 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
398 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
399 cpu_save, cpu_load, env);
400 assert(cc->vmsd == NULL);
402 if (cc->vmsd != NULL) {
403 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
407 #if defined(TARGET_HAS_ICE)
408 #if defined(CONFIG_USER_ONLY)
409 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
411 tb_invalidate_phys_page_range(pc, pc + 1, 0);
414 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
416 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
417 (pc & ~TARGET_PAGE_MASK));
420 #endif /* TARGET_HAS_ICE */
422 #if defined(CONFIG_USER_ONLY)
423 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
428 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
429 int flags, CPUWatchpoint **watchpoint)
434 /* Add a watchpoint. */
435 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
436 int flags, CPUWatchpoint **watchpoint)
438 target_ulong len_mask = ~(len - 1);
441 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
442 if ((len & (len - 1)) || (addr & ~len_mask) ||
443 len == 0 || len > TARGET_PAGE_SIZE) {
444 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
445 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
448 wp = g_malloc(sizeof(*wp));
451 wp->len_mask = len_mask;
454 /* keep all GDB-injected watchpoints in front */
456 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
458 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
460 tlb_flush_page(env, addr);
467 /* Remove a specific watchpoint. */
468 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
471 target_ulong len_mask = ~(len - 1);
474 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
475 if (addr == wp->vaddr && len_mask == wp->len_mask
476 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
477 cpu_watchpoint_remove_by_ref(env, wp);
484 /* Remove a specific watchpoint by reference. */
485 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
487 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
489 tlb_flush_page(env, watchpoint->vaddr);
494 /* Remove all matching watchpoints. */
495 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
497 CPUWatchpoint *wp, *next;
499 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
500 if (wp->flags & mask)
501 cpu_watchpoint_remove_by_ref(env, wp);
506 /* Add a breakpoint. */
507 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
508 CPUBreakpoint **breakpoint)
510 #if defined(TARGET_HAS_ICE)
513 bp = g_malloc(sizeof(*bp));
518 /* keep all GDB-injected breakpoints in front */
520 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
522 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
524 breakpoint_invalidate(env, pc);
534 /* Remove a specific breakpoint. */
535 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
537 #if defined(TARGET_HAS_ICE)
540 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
541 if (bp->pc == pc && bp->flags == flags) {
542 cpu_breakpoint_remove_by_ref(env, bp);
552 /* Remove a specific breakpoint by reference. */
553 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
555 #if defined(TARGET_HAS_ICE)
556 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
558 breakpoint_invalidate(env, breakpoint->pc);
564 /* Remove all matching breakpoints. */
565 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
567 #if defined(TARGET_HAS_ICE)
568 CPUBreakpoint *bp, *next;
570 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
571 if (bp->flags & mask)
572 cpu_breakpoint_remove_by_ref(env, bp);
577 /* enable or disable single step mode. EXCP_DEBUG is returned by the
578 CPU loop after each instruction */
579 void cpu_single_step(CPUArchState *env, int enabled)
581 #if defined(TARGET_HAS_ICE)
582 if (env->singlestep_enabled != enabled) {
583 env->singlestep_enabled = enabled;
585 kvm_update_guest_debug(env, 0);
587 /* must flush all the translated code to avoid inconsistencies */
588 /* XXX: only flush what is necessary */
595 void cpu_abort(CPUArchState *env, const char *fmt, ...)
597 CPUState *cpu = ENV_GET_CPU(env);
603 fprintf(stderr, "qemu: fatal: ");
604 vfprintf(stderr, fmt, ap);
605 fprintf(stderr, "\n");
606 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
607 if (qemu_log_enabled()) {
608 qemu_log("qemu: fatal: ");
609 qemu_log_vprintf(fmt, ap2);
611 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
617 #if defined(CONFIG_USER_ONLY)
619 struct sigaction act;
620 sigfillset(&act.sa_mask);
621 act.sa_handler = SIG_DFL;
622 sigaction(SIGABRT, &act, NULL);
628 CPUArchState *cpu_copy(CPUArchState *env)
630 CPUArchState *new_env = cpu_init(env->cpu_model_str);
631 CPUArchState *next_cpu = new_env->next_cpu;
632 #if defined(TARGET_HAS_ICE)
637 memcpy(new_env, env, sizeof(CPUArchState));
639 /* Preserve chaining. */
640 new_env->next_cpu = next_cpu;
642 /* Clone all break/watchpoints.
643 Note: Once we support ptrace with hw-debug register access, make sure
644 BP_CPU break/watchpoints are handled correctly on clone. */
645 QTAILQ_INIT(&env->breakpoints);
646 QTAILQ_INIT(&env->watchpoints);
647 #if defined(TARGET_HAS_ICE)
648 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
649 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
651 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
652 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
660 #if !defined(CONFIG_USER_ONLY)
661 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
666 /* we modify the TLB cache so that the dirty bit will be set again
667 when accessing the range */
668 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
669 /* Check that we don't span multiple blocks - this breaks the
670 address comparisons below. */
671 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
672 != (end - 1) - start) {
675 cpu_tlb_reset_dirty_all(start1, length);
679 /* Note: start and end must be within the same ram block. */
680 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
685 start &= TARGET_PAGE_MASK;
686 end = TARGET_PAGE_ALIGN(end);
688 length = end - start;
691 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
694 tlb_reset_dirty_range_all(start, end, length);
698 static int cpu_physical_memory_set_dirty_tracking(int enable)
701 in_migration = enable;
705 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
706 MemoryRegionSection *section,
708 hwaddr paddr, hwaddr xlat,
710 target_ulong *address)
715 if (memory_region_is_ram(section->mr)) {
717 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
719 if (!section->readonly) {
720 iotlb |= phys_section_notdirty;
722 iotlb |= phys_section_rom;
725 iotlb = section - phys_sections;
729 /* Make accesses to pages with watchpoints go via the
730 watchpoint trap routines. */
731 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
732 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
733 /* Avoid trapping reads of pages with a write breakpoint. */
734 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
735 iotlb = phys_section_watch + paddr;
736 *address |= TLB_MMIO;
744 #endif /* defined(CONFIG_USER_ONLY) */
746 #if !defined(CONFIG_USER_ONLY)
748 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
750 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
752 static uint16_t phys_section_add(MemoryRegionSection *section)
754 /* The physical section number is ORed with a page-aligned
755 * pointer to produce the iotlb entries. Thus it should
756 * never overflow into the page-aligned value.
758 assert(phys_sections_nb < TARGET_PAGE_SIZE);
760 if (phys_sections_nb == phys_sections_nb_alloc) {
761 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
762 phys_sections = g_renew(MemoryRegionSection, phys_sections,
763 phys_sections_nb_alloc);
765 phys_sections[phys_sections_nb] = *section;
766 memory_region_ref(section->mr);
767 return phys_sections_nb++;
770 static void phys_section_destroy(MemoryRegion *mr)
772 memory_region_unref(mr);
775 subpage_t *subpage = container_of(mr, subpage_t, iomem);
776 memory_region_destroy(&subpage->iomem);
781 static void phys_sections_clear(void)
783 while (phys_sections_nb > 0) {
784 MemoryRegionSection *section = &phys_sections[--phys_sections_nb];
785 phys_section_destroy(section->mr);
787 phys_map_nodes_nb = 0;
790 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
793 hwaddr base = section->offset_within_address_space
795 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
796 MemoryRegionSection subsection = {
797 .offset_within_address_space = base,
798 .size = int128_make64(TARGET_PAGE_SIZE),
802 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
804 if (!(existing->mr->subpage)) {
805 subpage = subpage_init(d->as, base);
806 subsection.mr = &subpage->iomem;
807 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
808 phys_section_add(&subsection));
810 subpage = container_of(existing->mr, subpage_t, iomem);
812 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
813 end = start + int128_get64(section->size) - 1;
814 subpage_register(subpage, start, end, phys_section_add(section));
818 static void register_multipage(AddressSpaceDispatch *d,
819 MemoryRegionSection *section)
821 hwaddr start_addr = section->offset_within_address_space;
822 uint16_t section_index = phys_section_add(section);
823 uint64_t num_pages = int128_get64(int128_rshift(section->size,
827 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
830 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
832 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
833 MemoryRegionSection now = *section, remain = *section;
834 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
836 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
837 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
838 - now.offset_within_address_space;
840 now.size = int128_min(int128_make64(left), now.size);
841 register_subpage(d, &now);
843 now.size = int128_zero();
845 while (int128_ne(remain.size, now.size)) {
846 remain.size = int128_sub(remain.size, now.size);
847 remain.offset_within_address_space += int128_get64(now.size);
848 remain.offset_within_region += int128_get64(now.size);
850 if (int128_lt(remain.size, page_size)) {
851 register_subpage(d, &now);
852 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
853 now.size = page_size;
854 register_subpage(d, &now);
856 now.size = int128_and(now.size, int128_neg(page_size));
857 register_multipage(d, &now);
862 void qemu_flush_coalesced_mmio_buffer(void)
865 kvm_flush_coalesced_mmio_buffer();
868 void qemu_mutex_lock_ramlist(void)
870 qemu_mutex_lock(&ram_list.mutex);
873 void qemu_mutex_unlock_ramlist(void)
875 qemu_mutex_unlock(&ram_list.mutex);
878 #if defined(__linux__) && !defined(TARGET_S390X)
882 #define HUGETLBFS_MAGIC 0x958458f6
884 static long gethugepagesize(const char *path)
890 ret = statfs(path, &fs);
891 } while (ret != 0 && errno == EINTR);
898 if (fs.f_type != HUGETLBFS_MAGIC)
899 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
904 static void *file_ram_alloc(RAMBlock *block,
909 char *sanitized_name;
916 unsigned long hpagesize;
918 hpagesize = gethugepagesize(path);
923 if (memory < hpagesize) {
927 if (kvm_enabled() && !kvm_has_sync_mmu()) {
928 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
932 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
933 sanitized_name = g_strdup(block->mr->name);
934 for (c = sanitized_name; *c != '\0'; c++) {
939 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
941 g_free(sanitized_name);
943 fd = mkstemp(filename);
945 perror("unable to create backing store for hugepages");
952 memory = (memory+hpagesize-1) & ~(hpagesize-1);
955 * ftruncate is not supported by hugetlbfs in older
956 * hosts, so don't bother bailing out on errors.
957 * If anything goes wrong with it under other filesystems,
960 if (ftruncate(fd, memory))
964 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
965 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
966 * to sidestep this quirk.
968 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
969 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
971 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
973 if (area == MAP_FAILED) {
974 perror("file_ram_alloc: can't mmap RAM pages");
983 static ram_addr_t find_ram_offset(ram_addr_t size)
985 RAMBlock *block, *next_block;
986 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
988 assert(size != 0); /* it would hand out same offset multiple times */
990 if (QTAILQ_EMPTY(&ram_list.blocks))
993 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
994 ram_addr_t end, next = RAM_ADDR_MAX;
996 end = block->offset + block->length;
998 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
999 if (next_block->offset >= end) {
1000 next = MIN(next, next_block->offset);
1003 if (next - end >= size && next - end < mingap) {
1005 mingap = next - end;
1009 if (offset == RAM_ADDR_MAX) {
1010 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1018 ram_addr_t last_ram_offset(void)
1021 ram_addr_t last = 0;
1023 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1024 last = MAX(last, block->offset + block->length);
1029 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1032 QemuOpts *machine_opts;
1034 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1035 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1037 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1038 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1040 perror("qemu_madvise");
1041 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1042 "but dump_guest_core=off specified\n");
1047 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1049 RAMBlock *new_block, *block;
1052 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1053 if (block->offset == addr) {
1059 assert(!new_block->idstr[0]);
1062 char *id = qdev_get_dev_path(dev);
1064 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1068 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1070 /* This assumes the iothread lock is taken here too. */
1071 qemu_mutex_lock_ramlist();
1072 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1073 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1074 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1079 qemu_mutex_unlock_ramlist();
1082 static int memory_try_enable_merging(void *addr, size_t len)
1086 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1087 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1088 /* disabled by the user */
1092 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1095 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1098 RAMBlock *block, *new_block;
1100 size = TARGET_PAGE_ALIGN(size);
1101 new_block = g_malloc0(sizeof(*new_block));
1103 /* This assumes the iothread lock is taken here too. */
1104 qemu_mutex_lock_ramlist();
1106 new_block->offset = find_ram_offset(size);
1108 new_block->host = host;
1109 new_block->flags |= RAM_PREALLOC_MASK;
1112 #if defined (__linux__) && !defined(TARGET_S390X)
1113 new_block->host = file_ram_alloc(new_block, size, mem_path);
1114 if (!new_block->host) {
1115 new_block->host = qemu_anon_ram_alloc(size);
1116 memory_try_enable_merging(new_block->host, size);
1119 fprintf(stderr, "-mem-path option unsupported\n");
1123 if (xen_enabled()) {
1124 xen_ram_alloc(new_block->offset, size, mr);
1125 } else if (kvm_enabled()) {
1126 /* some s390/kvm configurations have special constraints */
1127 new_block->host = kvm_ram_alloc(size);
1129 new_block->host = qemu_anon_ram_alloc(size);
1131 memory_try_enable_merging(new_block->host, size);
1134 new_block->length = size;
1136 /* Keep the list sorted from biggest to smallest block. */
1137 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1138 if (block->length < new_block->length) {
1143 QTAILQ_INSERT_BEFORE(block, new_block, next);
1145 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1147 ram_list.mru_block = NULL;
1150 qemu_mutex_unlock_ramlist();
1152 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1153 last_ram_offset() >> TARGET_PAGE_BITS);
1154 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1155 0, size >> TARGET_PAGE_BITS);
1156 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1158 qemu_ram_setup_dump(new_block->host, size);
1159 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1162 kvm_setup_guest_memory(new_block->host, size);
1164 return new_block->offset;
1167 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1169 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1172 void qemu_ram_free_from_ptr(ram_addr_t addr)
1176 /* This assumes the iothread lock is taken here too. */
1177 qemu_mutex_lock_ramlist();
1178 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1179 if (addr == block->offset) {
1180 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1181 ram_list.mru_block = NULL;
1187 qemu_mutex_unlock_ramlist();
1190 void qemu_ram_free(ram_addr_t addr)
1194 /* This assumes the iothread lock is taken here too. */
1195 qemu_mutex_lock_ramlist();
1196 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1197 if (addr == block->offset) {
1198 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1199 ram_list.mru_block = NULL;
1201 if (block->flags & RAM_PREALLOC_MASK) {
1203 } else if (mem_path) {
1204 #if defined (__linux__) && !defined(TARGET_S390X)
1206 munmap(block->host, block->length);
1209 qemu_anon_ram_free(block->host, block->length);
1215 if (xen_enabled()) {
1216 xen_invalidate_map_cache_entry(block->host);
1218 qemu_anon_ram_free(block->host, block->length);
1225 qemu_mutex_unlock_ramlist();
1230 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1237 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1238 offset = addr - block->offset;
1239 if (offset < block->length) {
1240 vaddr = block->host + offset;
1241 if (block->flags & RAM_PREALLOC_MASK) {
1245 munmap(vaddr, length);
1247 #if defined(__linux__) && !defined(TARGET_S390X)
1250 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1253 flags |= MAP_PRIVATE;
1255 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1256 flags, block->fd, offset);
1258 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1259 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1266 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1267 flags |= MAP_SHARED | MAP_ANONYMOUS;
1268 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1271 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1272 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1276 if (area != vaddr) {
1277 fprintf(stderr, "Could not remap addr: "
1278 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1282 memory_try_enable_merging(vaddr, length);
1283 qemu_ram_setup_dump(vaddr, length);
1289 #endif /* !_WIN32 */
1291 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1292 With the exception of the softmmu code in this file, this should
1293 only be used for local memory (e.g. video ram) that the device owns,
1294 and knows it isn't going to access beyond the end of the block.
1296 It should not be used for general purpose DMA.
1297 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1299 void *qemu_get_ram_ptr(ram_addr_t addr)
1303 /* The list is protected by the iothread lock here. */
1304 block = ram_list.mru_block;
1305 if (block && addr - block->offset < block->length) {
1308 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1309 if (addr - block->offset < block->length) {
1314 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1318 ram_list.mru_block = block;
1319 if (xen_enabled()) {
1320 /* We need to check if the requested address is in the RAM
1321 * because we don't want to map the entire memory in QEMU.
1322 * In that case just map until the end of the page.
1324 if (block->offset == 0) {
1325 return xen_map_cache(addr, 0, 0);
1326 } else if (block->host == NULL) {
1328 xen_map_cache(block->offset, block->length, 1);
1331 return block->host + (addr - block->offset);
1334 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1335 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1337 * ??? Is this still necessary?
1339 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1343 /* The list is protected by the iothread lock here. */
1344 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1345 if (addr - block->offset < block->length) {
1346 if (xen_enabled()) {
1347 /* We need to check if the requested address is in the RAM
1348 * because we don't want to map the entire memory in QEMU.
1349 * In that case just map until the end of the page.
1351 if (block->offset == 0) {
1352 return xen_map_cache(addr, 0, 0);
1353 } else if (block->host == NULL) {
1355 xen_map_cache(block->offset, block->length, 1);
1358 return block->host + (addr - block->offset);
1362 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1368 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1369 * but takes a size argument */
1370 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1375 if (xen_enabled()) {
1376 return xen_map_cache(addr, *size, 1);
1380 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1381 if (addr - block->offset < block->length) {
1382 if (addr - block->offset + *size > block->length)
1383 *size = block->length - addr + block->offset;
1384 return block->host + (addr - block->offset);
1388 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1393 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1396 uint8_t *host = ptr;
1398 if (xen_enabled()) {
1399 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1403 block = ram_list.mru_block;
1404 if (block && block->host && host - block->host < block->length) {
1408 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1409 /* This case append when the block is not mapped. */
1410 if (block->host == NULL) {
1413 if (host - block->host < block->length) {
1421 *ram_addr = block->offset + (host - block->host);
1425 /* Some of the softmmu routines need to translate from a host pointer
1426 (typically a TLB entry) back to a ram offset. */
1427 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1429 ram_addr_t ram_addr;
1431 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1432 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1438 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1439 uint64_t val, unsigned size)
1442 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1443 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1444 tb_invalidate_phys_page_fast(ram_addr, size);
1445 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1449 stb_p(qemu_get_ram_ptr(ram_addr), val);
1452 stw_p(qemu_get_ram_ptr(ram_addr), val);
1455 stl_p(qemu_get_ram_ptr(ram_addr), val);
1460 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1461 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1462 /* we remove the notdirty callback only if the code has been
1464 if (dirty_flags == 0xff)
1465 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1468 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1469 unsigned size, bool is_write)
1474 static const MemoryRegionOps notdirty_mem_ops = {
1475 .write = notdirty_mem_write,
1476 .valid.accepts = notdirty_mem_accepts,
1477 .endianness = DEVICE_NATIVE_ENDIAN,
1480 /* Generate a debug exception if a watchpoint has been hit. */
1481 static void check_watchpoint(int offset, int len_mask, int flags)
1483 CPUArchState *env = cpu_single_env;
1484 target_ulong pc, cs_base;
1489 if (env->watchpoint_hit) {
1490 /* We re-entered the check after replacing the TB. Now raise
1491 * the debug interrupt so that is will trigger after the
1492 * current instruction. */
1493 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1496 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1497 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1498 if ((vaddr == (wp->vaddr & len_mask) ||
1499 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1500 wp->flags |= BP_WATCHPOINT_HIT;
1501 if (!env->watchpoint_hit) {
1502 env->watchpoint_hit = wp;
1503 tb_check_watchpoint(env);
1504 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1505 env->exception_index = EXCP_DEBUG;
1508 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1509 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1510 cpu_resume_from_signal(env, NULL);
1514 wp->flags &= ~BP_WATCHPOINT_HIT;
1519 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1520 so these check for a hit then pass through to the normal out-of-line
1522 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1525 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1527 case 1: return ldub_phys(addr);
1528 case 2: return lduw_phys(addr);
1529 case 4: return ldl_phys(addr);
1534 static void watch_mem_write(void *opaque, hwaddr addr,
1535 uint64_t val, unsigned size)
1537 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1540 stb_phys(addr, val);
1543 stw_phys(addr, val);
1546 stl_phys(addr, val);
1552 static const MemoryRegionOps watch_mem_ops = {
1553 .read = watch_mem_read,
1554 .write = watch_mem_write,
1555 .endianness = DEVICE_NATIVE_ENDIAN,
1558 static uint64_t subpage_read(void *opaque, hwaddr addr,
1561 subpage_t *subpage = opaque;
1564 #if defined(DEBUG_SUBPAGE)
1565 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1566 subpage, len, addr);
1568 address_space_read(subpage->as, addr + subpage->base, buf, len);
1581 static void subpage_write(void *opaque, hwaddr addr,
1582 uint64_t value, unsigned len)
1584 subpage_t *subpage = opaque;
1587 #if defined(DEBUG_SUBPAGE)
1588 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1589 " value %"PRIx64"\n",
1590 __func__, subpage, len, addr, value);
1605 address_space_write(subpage->as, addr + subpage->base, buf, len);
1608 static bool subpage_accepts(void *opaque, hwaddr addr,
1609 unsigned size, bool is_write)
1611 subpage_t *subpage = opaque;
1612 #if defined(DEBUG_SUBPAGE)
1613 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1614 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1617 return address_space_access_valid(subpage->as, addr + subpage->base,
1621 static const MemoryRegionOps subpage_ops = {
1622 .read = subpage_read,
1623 .write = subpage_write,
1624 .valid.accepts = subpage_accepts,
1625 .endianness = DEVICE_NATIVE_ENDIAN,
1628 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1633 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1635 idx = SUBPAGE_IDX(start);
1636 eidx = SUBPAGE_IDX(end);
1637 #if defined(DEBUG_SUBPAGE)
1638 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1639 mmio, start, end, idx, eidx, memory);
1641 for (; idx <= eidx; idx++) {
1642 mmio->sub_section[idx] = section;
1648 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1652 mmio = g_malloc0(sizeof(subpage_t));
1656 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1657 "subpage", TARGET_PAGE_SIZE);
1658 mmio->iomem.subpage = true;
1659 #if defined(DEBUG_SUBPAGE)
1660 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1661 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1663 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1668 static uint16_t dummy_section(MemoryRegion *mr)
1670 MemoryRegionSection section = {
1672 .offset_within_address_space = 0,
1673 .offset_within_region = 0,
1674 .size = int128_2_64(),
1677 return phys_section_add(§ion);
1680 MemoryRegion *iotlb_to_region(hwaddr index)
1682 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1685 static void io_mem_init(void)
1687 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1688 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1689 "unassigned", UINT64_MAX);
1690 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1691 "notdirty", UINT64_MAX);
1692 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1693 "watch", UINT64_MAX);
1696 static void mem_begin(MemoryListener *listener)
1698 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1700 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1703 static void core_begin(MemoryListener *listener)
1705 phys_sections_clear();
1706 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1707 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1708 phys_section_rom = dummy_section(&io_mem_rom);
1709 phys_section_watch = dummy_section(&io_mem_watch);
1712 static void tcg_commit(MemoryListener *listener)
1716 /* since each CPU stores ram addresses in its TLB cache, we must
1717 reset the modified entries */
1719 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1724 static void core_log_global_start(MemoryListener *listener)
1726 cpu_physical_memory_set_dirty_tracking(1);
1729 static void core_log_global_stop(MemoryListener *listener)
1731 cpu_physical_memory_set_dirty_tracking(0);
1734 static MemoryListener core_memory_listener = {
1735 .begin = core_begin,
1736 .log_global_start = core_log_global_start,
1737 .log_global_stop = core_log_global_stop,
1741 static MemoryListener tcg_memory_listener = {
1742 .commit = tcg_commit,
1745 void address_space_init_dispatch(AddressSpace *as)
1747 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1749 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1750 d->listener = (MemoryListener) {
1752 .region_add = mem_add,
1753 .region_nop = mem_add,
1758 memory_listener_register(&d->listener, as);
1761 void address_space_destroy_dispatch(AddressSpace *as)
1763 AddressSpaceDispatch *d = as->dispatch;
1765 memory_listener_unregister(&d->listener);
1767 as->dispatch = NULL;
1770 static void memory_map_init(void)
1772 system_memory = g_malloc(sizeof(*system_memory));
1773 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1774 address_space_init(&address_space_memory, system_memory, "memory");
1776 system_io = g_malloc(sizeof(*system_io));
1777 memory_region_init(system_io, NULL, "io", 65536);
1778 address_space_init(&address_space_io, system_io, "I/O");
1780 memory_listener_register(&core_memory_listener, &address_space_memory);
1781 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1784 MemoryRegion *get_system_memory(void)
1786 return system_memory;
1789 MemoryRegion *get_system_io(void)
1794 #endif /* !defined(CONFIG_USER_ONLY) */
1796 /* physical memory access (slow version, mainly for debug) */
1797 #if defined(CONFIG_USER_ONLY)
1798 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1799 uint8_t *buf, int len, int is_write)
1806 page = addr & TARGET_PAGE_MASK;
1807 l = (page + TARGET_PAGE_SIZE) - addr;
1810 flags = page_get_flags(page);
1811 if (!(flags & PAGE_VALID))
1814 if (!(flags & PAGE_WRITE))
1816 /* XXX: this code should not depend on lock_user */
1817 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1820 unlock_user(p, addr, l);
1822 if (!(flags & PAGE_READ))
1824 /* XXX: this code should not depend on lock_user */
1825 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1828 unlock_user(p, addr, 0);
1839 static void invalidate_and_set_dirty(hwaddr addr,
1842 if (!cpu_physical_memory_is_dirty(addr)) {
1843 /* invalidate code */
1844 tb_invalidate_phys_page_range(addr, addr + length, 0);
1846 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1848 xen_modified_memory(addr, length);
1851 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1853 if (memory_region_is_ram(mr)) {
1854 return !(is_write && mr->readonly);
1856 if (memory_region_is_romd(mr)) {
1863 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1865 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1868 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1874 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1875 int len, bool is_write)
1886 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1889 if (!memory_access_is_direct(mr, is_write)) {
1890 l = memory_access_size(mr, l, addr1);
1891 /* XXX: could force cpu_single_env to NULL to avoid
1894 /* 32 bit write access */
1896 error |= io_mem_write(mr, addr1, val, 4);
1897 } else if (l == 2) {
1898 /* 16 bit write access */
1900 error |= io_mem_write(mr, addr1, val, 2);
1902 /* 8 bit write access */
1904 error |= io_mem_write(mr, addr1, val, 1);
1907 addr1 += memory_region_get_ram_addr(mr);
1909 ptr = qemu_get_ram_ptr(addr1);
1910 memcpy(ptr, buf, l);
1911 invalidate_and_set_dirty(addr1, l);
1914 if (!memory_access_is_direct(mr, is_write)) {
1916 l = memory_access_size(mr, l, addr1);
1918 /* 32 bit read access */
1919 error |= io_mem_read(mr, addr1, &val, 4);
1921 } else if (l == 2) {
1922 /* 16 bit read access */
1923 error |= io_mem_read(mr, addr1, &val, 2);
1926 /* 8 bit read access */
1927 error |= io_mem_read(mr, addr1, &val, 1);
1932 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1933 memcpy(buf, ptr, l);
1944 bool address_space_write(AddressSpace *as, hwaddr addr,
1945 const uint8_t *buf, int len)
1947 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1950 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1952 return address_space_rw(as, addr, buf, len, false);
1956 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1957 int len, int is_write)
1959 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1962 /* used for ROM loading : can write in RAM and ROM */
1963 void cpu_physical_memory_write_rom(hwaddr addr,
1964 const uint8_t *buf, int len)
1973 mr = address_space_translate(&address_space_memory,
1974 addr, &addr1, &l, true);
1976 if (!(memory_region_is_ram(mr) ||
1977 memory_region_is_romd(mr))) {
1980 addr1 += memory_region_get_ram_addr(mr);
1982 ptr = qemu_get_ram_ptr(addr1);
1983 memcpy(ptr, buf, l);
1984 invalidate_and_set_dirty(addr1, l);
1998 static BounceBuffer bounce;
2000 typedef struct MapClient {
2002 void (*callback)(void *opaque);
2003 QLIST_ENTRY(MapClient) link;
2006 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2007 = QLIST_HEAD_INITIALIZER(map_client_list);
2009 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2011 MapClient *client = g_malloc(sizeof(*client));
2013 client->opaque = opaque;
2014 client->callback = callback;
2015 QLIST_INSERT_HEAD(&map_client_list, client, link);
2019 static void cpu_unregister_map_client(void *_client)
2021 MapClient *client = (MapClient *)_client;
2023 QLIST_REMOVE(client, link);
2027 static void cpu_notify_map_clients(void)
2031 while (!QLIST_EMPTY(&map_client_list)) {
2032 client = QLIST_FIRST(&map_client_list);
2033 client->callback(client->opaque);
2034 cpu_unregister_map_client(client);
2038 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2045 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2046 if (!memory_access_is_direct(mr, is_write)) {
2047 l = memory_access_size(mr, l, addr);
2048 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2059 /* Map a physical memory region into a host virtual address.
2060 * May map a subset of the requested range, given by and returned in *plen.
2061 * May return NULL if resources needed to perform the mapping are exhausted.
2062 * Use only for reads OR writes - not for read-modify-write operations.
2063 * Use cpu_register_map_client() to know when retrying the map operation is
2064 * likely to succeed.
2066 void *address_space_map(AddressSpace *as,
2075 ram_addr_t raddr = RAM_ADDR_MAX;
2081 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2083 if (!memory_access_is_direct(mr, is_write)) {
2084 if (todo || bounce.buffer) {
2087 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2091 address_space_read(as, addr, bounce.buffer, l);
2095 return bounce.buffer;
2098 raddr = memory_region_get_ram_addr(mr) + xlat;
2100 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2110 ret = qemu_ram_ptr_length(raddr, &rlen);
2115 /* Unmaps a memory region previously mapped by address_space_map().
2116 * Will also mark the memory as dirty if is_write == 1. access_len gives
2117 * the amount of memory that was actually read or written by the caller.
2119 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2120 int is_write, hwaddr access_len)
2122 if (buffer != bounce.buffer) {
2124 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2125 while (access_len) {
2127 l = TARGET_PAGE_SIZE;
2130 invalidate_and_set_dirty(addr1, l);
2135 if (xen_enabled()) {
2136 xen_invalidate_map_cache_entry(buffer);
2141 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2143 qemu_vfree(bounce.buffer);
2144 bounce.buffer = NULL;
2145 cpu_notify_map_clients();
2148 void *cpu_physical_memory_map(hwaddr addr,
2152 return address_space_map(&address_space_memory, addr, plen, is_write);
2155 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2156 int is_write, hwaddr access_len)
2158 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2161 /* warning: addr must be aligned */
2162 static inline uint32_t ldl_phys_internal(hwaddr addr,
2163 enum device_endian endian)
2171 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2173 if (l < 4 || !memory_access_is_direct(mr, false)) {
2175 io_mem_read(mr, addr1, &val, 4);
2176 #if defined(TARGET_WORDS_BIGENDIAN)
2177 if (endian == DEVICE_LITTLE_ENDIAN) {
2181 if (endian == DEVICE_BIG_ENDIAN) {
2187 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2191 case DEVICE_LITTLE_ENDIAN:
2192 val = ldl_le_p(ptr);
2194 case DEVICE_BIG_ENDIAN:
2195 val = ldl_be_p(ptr);
2205 uint32_t ldl_phys(hwaddr addr)
2207 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2210 uint32_t ldl_le_phys(hwaddr addr)
2212 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2215 uint32_t ldl_be_phys(hwaddr addr)
2217 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2220 /* warning: addr must be aligned */
2221 static inline uint64_t ldq_phys_internal(hwaddr addr,
2222 enum device_endian endian)
2230 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2232 if (l < 8 || !memory_access_is_direct(mr, false)) {
2234 io_mem_read(mr, addr1, &val, 8);
2235 #if defined(TARGET_WORDS_BIGENDIAN)
2236 if (endian == DEVICE_LITTLE_ENDIAN) {
2240 if (endian == DEVICE_BIG_ENDIAN) {
2246 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2250 case DEVICE_LITTLE_ENDIAN:
2251 val = ldq_le_p(ptr);
2253 case DEVICE_BIG_ENDIAN:
2254 val = ldq_be_p(ptr);
2264 uint64_t ldq_phys(hwaddr addr)
2266 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2269 uint64_t ldq_le_phys(hwaddr addr)
2271 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2274 uint64_t ldq_be_phys(hwaddr addr)
2276 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2280 uint32_t ldub_phys(hwaddr addr)
2283 cpu_physical_memory_read(addr, &val, 1);
2287 /* warning: addr must be aligned */
2288 static inline uint32_t lduw_phys_internal(hwaddr addr,
2289 enum device_endian endian)
2297 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2299 if (l < 2 || !memory_access_is_direct(mr, false)) {
2301 io_mem_read(mr, addr1, &val, 2);
2302 #if defined(TARGET_WORDS_BIGENDIAN)
2303 if (endian == DEVICE_LITTLE_ENDIAN) {
2307 if (endian == DEVICE_BIG_ENDIAN) {
2313 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2317 case DEVICE_LITTLE_ENDIAN:
2318 val = lduw_le_p(ptr);
2320 case DEVICE_BIG_ENDIAN:
2321 val = lduw_be_p(ptr);
2331 uint32_t lduw_phys(hwaddr addr)
2333 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2336 uint32_t lduw_le_phys(hwaddr addr)
2338 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2341 uint32_t lduw_be_phys(hwaddr addr)
2343 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2346 /* warning: addr must be aligned. The ram page is not masked as dirty
2347 and the code inside is not invalidated. It is useful if the dirty
2348 bits are used to track modified PTEs */
2349 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2356 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2358 if (l < 4 || !memory_access_is_direct(mr, true)) {
2359 io_mem_write(mr, addr1, val, 4);
2361 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2362 ptr = qemu_get_ram_ptr(addr1);
2365 if (unlikely(in_migration)) {
2366 if (!cpu_physical_memory_is_dirty(addr1)) {
2367 /* invalidate code */
2368 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2370 cpu_physical_memory_set_dirty_flags(
2371 addr1, (0xff & ~CODE_DIRTY_FLAG));
2377 /* warning: addr must be aligned */
2378 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2379 enum device_endian endian)
2386 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2388 if (l < 4 || !memory_access_is_direct(mr, true)) {
2389 #if defined(TARGET_WORDS_BIGENDIAN)
2390 if (endian == DEVICE_LITTLE_ENDIAN) {
2394 if (endian == DEVICE_BIG_ENDIAN) {
2398 io_mem_write(mr, addr1, val, 4);
2401 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2402 ptr = qemu_get_ram_ptr(addr1);
2404 case DEVICE_LITTLE_ENDIAN:
2407 case DEVICE_BIG_ENDIAN:
2414 invalidate_and_set_dirty(addr1, 4);
2418 void stl_phys(hwaddr addr, uint32_t val)
2420 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2423 void stl_le_phys(hwaddr addr, uint32_t val)
2425 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2428 void stl_be_phys(hwaddr addr, uint32_t val)
2430 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2434 void stb_phys(hwaddr addr, uint32_t val)
2437 cpu_physical_memory_write(addr, &v, 1);
2440 /* warning: addr must be aligned */
2441 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2442 enum device_endian endian)
2449 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2451 if (l < 2 || !memory_access_is_direct(mr, true)) {
2452 #if defined(TARGET_WORDS_BIGENDIAN)
2453 if (endian == DEVICE_LITTLE_ENDIAN) {
2457 if (endian == DEVICE_BIG_ENDIAN) {
2461 io_mem_write(mr, addr1, val, 2);
2464 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2465 ptr = qemu_get_ram_ptr(addr1);
2467 case DEVICE_LITTLE_ENDIAN:
2470 case DEVICE_BIG_ENDIAN:
2477 invalidate_and_set_dirty(addr1, 2);
2481 void stw_phys(hwaddr addr, uint32_t val)
2483 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2486 void stw_le_phys(hwaddr addr, uint32_t val)
2488 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2491 void stw_be_phys(hwaddr addr, uint32_t val)
2493 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2497 void stq_phys(hwaddr addr, uint64_t val)
2500 cpu_physical_memory_write(addr, &val, 8);
2503 void stq_le_phys(hwaddr addr, uint64_t val)
2505 val = cpu_to_le64(val);
2506 cpu_physical_memory_write(addr, &val, 8);
2509 void stq_be_phys(hwaddr addr, uint64_t val)
2511 val = cpu_to_be64(val);
2512 cpu_physical_memory_write(addr, &val, 8);
2515 /* virtual memory access for debug (includes writing to ROM) */
2516 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2517 uint8_t *buf, int len, int is_write)
2524 page = addr & TARGET_PAGE_MASK;
2525 phys_addr = cpu_get_phys_page_debug(env, page);
2526 /* if no physical page mapped, return an error */
2527 if (phys_addr == -1)
2529 l = (page + TARGET_PAGE_SIZE) - addr;
2532 phys_addr += (addr & ~TARGET_PAGE_MASK);
2534 cpu_physical_memory_write_rom(phys_addr, buf, l);
2536 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2545 #if !defined(CONFIG_USER_ONLY)
2548 * A helper function for the _utterly broken_ virtio device model to find out if
2549 * it's running on a big endian machine. Don't do this at home kids!
2551 bool virtio_is_big_endian(void);
2552 bool virtio_is_big_endian(void)
2554 #if defined(TARGET_WORDS_BIGENDIAN)
2563 #ifndef CONFIG_USER_ONLY
2564 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2569 mr = address_space_translate(&address_space_memory,
2570 phys_addr, &phys_addr, &l, false);
2572 return !(memory_region_is_ram(mr) ||
2573 memory_region_is_romd(mr));
2576 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2580 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2581 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob