4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 typedef PhysPageEntry Node[L2_SIZE];
93 struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map;
99 MemoryRegionSection *sections;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t {
108 uint16_t sub_section[TARGET_PAGE_SIZE];
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
120 unsigned nodes_nb_alloc;
122 MemoryRegionSection *sections;
125 static PhysPageMap *prev_map;
126 static PhysPageMap next_map;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
132 static void *qemu_safe_ram_ptr(ram_addr_t addr);
134 static MemoryRegion io_mem_watch;
137 #if !defined(CONFIG_USER_ONLY)
139 static void phys_map_node_reserve(unsigned nodes)
141 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
142 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
144 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
145 next_map.nodes_nb + nodes);
146 next_map.nodes = g_renew(Node, next_map.nodes,
147 next_map.nodes_nb_alloc);
151 static uint16_t phys_map_node_alloc(void)
156 ret = next_map.nodes_nb++;
157 assert(ret != PHYS_MAP_NODE_NIL);
158 assert(ret != next_map.nodes_nb_alloc);
159 for (i = 0; i < L2_SIZE; ++i) {
160 next_map.nodes[ret][i].is_leaf = 0;
161 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
166 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
167 hwaddr *nb, uint16_t leaf,
172 hwaddr step = (hwaddr)1 << (level * L2_BITS);
174 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
175 lp->ptr = phys_map_node_alloc();
176 p = next_map.nodes[lp->ptr];
178 for (i = 0; i < L2_SIZE; i++) {
180 p[i].ptr = PHYS_SECTION_UNASSIGNED;
184 p = next_map.nodes[lp->ptr];
186 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
188 while (*nb && lp < &p[L2_SIZE]) {
189 if ((*index & (step - 1)) == 0 && *nb >= step) {
195 phys_page_set_level(lp, index, nb, leaf, level - 1);
201 static void phys_page_set(AddressSpaceDispatch *d,
202 hwaddr index, hwaddr nb,
205 /* Wildly overreserve - it doesn't matter much. */
206 phys_map_node_reserve(3 * P_L2_LEVELS);
208 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
211 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
212 Node *nodes, MemoryRegionSection *sections)
217 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
218 if (lp.ptr == PHYS_MAP_NODE_NIL) {
219 return §ions[PHYS_SECTION_UNASSIGNED];
222 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
224 return §ions[lp.ptr];
227 bool memory_region_is_unassigned(MemoryRegion *mr)
229 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
230 && mr != &io_mem_watch;
233 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
235 bool resolve_subpage)
237 MemoryRegionSection *section;
240 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
241 d->nodes, d->sections);
242 if (resolve_subpage && section->mr->subpage) {
243 subpage = container_of(section->mr, subpage_t, iomem);
244 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
249 static MemoryRegionSection *
250 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
251 hwaddr *plen, bool resolve_subpage)
253 MemoryRegionSection *section;
256 section = address_space_lookup_region(d, addr, resolve_subpage);
257 /* Compute offset within MemoryRegionSection */
258 addr -= section->offset_within_address_space;
260 /* Compute offset within MemoryRegion */
261 *xlat = addr + section->offset_within_region;
263 diff = int128_sub(section->mr->size, int128_make64(addr));
264 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
268 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
269 hwaddr *xlat, hwaddr *plen,
273 MemoryRegionSection *section;
278 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
281 if (!mr->iommu_ops) {
285 iotlb = mr->iommu_ops->translate(mr, addr);
286 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
287 | (addr & iotlb.addr_mask));
288 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
289 if (!(iotlb.perm & (1 << is_write))) {
290 mr = &io_mem_unassigned;
294 as = iotlb.target_as;
302 MemoryRegionSection *
303 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
306 MemoryRegionSection *section;
307 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
309 assert(!section->mr->iommu_ops);
314 void cpu_exec_init_all(void)
316 #if !defined(CONFIG_USER_ONLY)
317 qemu_mutex_init(&ram_list.mutex);
323 #if !defined(CONFIG_USER_ONLY)
325 static int cpu_common_post_load(void *opaque, int version_id)
327 CPUState *cpu = opaque;
329 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
330 version_id is increased. */
331 cpu->interrupt_request &= ~0x01;
332 tlb_flush(cpu->env_ptr, 1);
337 const VMStateDescription vmstate_cpu_common = {
338 .name = "cpu_common",
340 .minimum_version_id = 1,
341 .minimum_version_id_old = 1,
342 .post_load = cpu_common_post_load,
343 .fields = (VMStateField []) {
344 VMSTATE_UINT32(halted, CPUState),
345 VMSTATE_UINT32(interrupt_request, CPUState),
346 VMSTATE_END_OF_LIST()
352 CPUState *qemu_get_cpu(int index)
354 CPUArchState *env = first_cpu;
355 CPUState *cpu = NULL;
358 cpu = ENV_GET_CPU(env);
359 if (cpu->cpu_index == index) {
365 return env ? cpu : NULL;
368 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
370 CPUArchState *env = first_cpu;
373 func(ENV_GET_CPU(env), data);
378 void cpu_exec_init(CPUArchState *env)
380 CPUState *cpu = ENV_GET_CPU(env);
381 CPUClass *cc = CPU_GET_CLASS(cpu);
385 #if defined(CONFIG_USER_ONLY)
388 env->next_cpu = NULL;
391 while (*penv != NULL) {
392 penv = &(*penv)->next_cpu;
395 cpu->cpu_index = cpu_index;
397 QTAILQ_INIT(&env->breakpoints);
398 QTAILQ_INIT(&env->watchpoints);
399 #ifndef CONFIG_USER_ONLY
400 cpu->thread_id = qemu_get_thread_id();
403 #if defined(CONFIG_USER_ONLY)
406 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
407 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
408 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
409 cpu_save, cpu_load, env);
410 assert(cc->vmsd == NULL);
412 if (cc->vmsd != NULL) {
413 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
417 #if defined(TARGET_HAS_ICE)
418 #if defined(CONFIG_USER_ONLY)
419 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
421 tb_invalidate_phys_page_range(pc, pc + 1, 0);
424 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
426 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
427 (pc & ~TARGET_PAGE_MASK));
430 #endif /* TARGET_HAS_ICE */
432 #if defined(CONFIG_USER_ONLY)
433 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
438 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
439 int flags, CPUWatchpoint **watchpoint)
444 /* Add a watchpoint. */
445 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
446 int flags, CPUWatchpoint **watchpoint)
448 target_ulong len_mask = ~(len - 1);
451 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
452 if ((len & (len - 1)) || (addr & ~len_mask) ||
453 len == 0 || len > TARGET_PAGE_SIZE) {
454 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
455 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
458 wp = g_malloc(sizeof(*wp));
461 wp->len_mask = len_mask;
464 /* keep all GDB-injected watchpoints in front */
466 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
468 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
470 tlb_flush_page(env, addr);
477 /* Remove a specific watchpoint. */
478 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
481 target_ulong len_mask = ~(len - 1);
484 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
485 if (addr == wp->vaddr && len_mask == wp->len_mask
486 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
487 cpu_watchpoint_remove_by_ref(env, wp);
494 /* Remove a specific watchpoint by reference. */
495 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
497 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
499 tlb_flush_page(env, watchpoint->vaddr);
504 /* Remove all matching watchpoints. */
505 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
507 CPUWatchpoint *wp, *next;
509 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
510 if (wp->flags & mask)
511 cpu_watchpoint_remove_by_ref(env, wp);
516 /* Add a breakpoint. */
517 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
518 CPUBreakpoint **breakpoint)
520 #if defined(TARGET_HAS_ICE)
523 bp = g_malloc(sizeof(*bp));
528 /* keep all GDB-injected breakpoints in front */
530 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
532 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
534 breakpoint_invalidate(env, pc);
544 /* Remove a specific breakpoint. */
545 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
547 #if defined(TARGET_HAS_ICE)
550 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
551 if (bp->pc == pc && bp->flags == flags) {
552 cpu_breakpoint_remove_by_ref(env, bp);
562 /* Remove a specific breakpoint by reference. */
563 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
565 #if defined(TARGET_HAS_ICE)
566 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
568 breakpoint_invalidate(env, breakpoint->pc);
574 /* Remove all matching breakpoints. */
575 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
577 #if defined(TARGET_HAS_ICE)
578 CPUBreakpoint *bp, *next;
580 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
581 if (bp->flags & mask)
582 cpu_breakpoint_remove_by_ref(env, bp);
587 /* enable or disable single step mode. EXCP_DEBUG is returned by the
588 CPU loop after each instruction */
589 void cpu_single_step(CPUArchState *env, int enabled)
591 #if defined(TARGET_HAS_ICE)
592 if (env->singlestep_enabled != enabled) {
593 env->singlestep_enabled = enabled;
595 kvm_update_guest_debug(env, 0);
597 /* must flush all the translated code to avoid inconsistencies */
598 /* XXX: only flush what is necessary */
605 void cpu_abort(CPUArchState *env, const char *fmt, ...)
607 CPUState *cpu = ENV_GET_CPU(env);
613 fprintf(stderr, "qemu: fatal: ");
614 vfprintf(stderr, fmt, ap);
615 fprintf(stderr, "\n");
616 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
617 if (qemu_log_enabled()) {
618 qemu_log("qemu: fatal: ");
619 qemu_log_vprintf(fmt, ap2);
621 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
627 #if defined(CONFIG_USER_ONLY)
629 struct sigaction act;
630 sigfillset(&act.sa_mask);
631 act.sa_handler = SIG_DFL;
632 sigaction(SIGABRT, &act, NULL);
638 CPUArchState *cpu_copy(CPUArchState *env)
640 CPUArchState *new_env = cpu_init(env->cpu_model_str);
641 CPUArchState *next_cpu = new_env->next_cpu;
642 #if defined(TARGET_HAS_ICE)
647 memcpy(new_env, env, sizeof(CPUArchState));
649 /* Preserve chaining. */
650 new_env->next_cpu = next_cpu;
652 /* Clone all break/watchpoints.
653 Note: Once we support ptrace with hw-debug register access, make sure
654 BP_CPU break/watchpoints are handled correctly on clone. */
655 QTAILQ_INIT(&env->breakpoints);
656 QTAILQ_INIT(&env->watchpoints);
657 #if defined(TARGET_HAS_ICE)
658 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
659 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
661 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
662 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
670 #if !defined(CONFIG_USER_ONLY)
671 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
676 /* we modify the TLB cache so that the dirty bit will be set again
677 when accessing the range */
678 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
679 /* Check that we don't span multiple blocks - this breaks the
680 address comparisons below. */
681 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
682 != (end - 1) - start) {
685 cpu_tlb_reset_dirty_all(start1, length);
689 /* Note: start and end must be within the same ram block. */
690 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
695 start &= TARGET_PAGE_MASK;
696 end = TARGET_PAGE_ALIGN(end);
698 length = end - start;
701 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
704 tlb_reset_dirty_range_all(start, end, length);
708 static int cpu_physical_memory_set_dirty_tracking(int enable)
711 in_migration = enable;
715 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
716 MemoryRegionSection *section,
718 hwaddr paddr, hwaddr xlat,
720 target_ulong *address)
725 if (memory_region_is_ram(section->mr)) {
727 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
729 if (!section->readonly) {
730 iotlb |= PHYS_SECTION_NOTDIRTY;
732 iotlb |= PHYS_SECTION_ROM;
735 iotlb = section - address_space_memory.dispatch->sections;
739 /* Make accesses to pages with watchpoints go via the
740 watchpoint trap routines. */
741 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
742 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
743 /* Avoid trapping reads of pages with a write breakpoint. */
744 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
745 iotlb = PHYS_SECTION_WATCH + paddr;
746 *address |= TLB_MMIO;
754 #endif /* defined(CONFIG_USER_ONLY) */
756 #if !defined(CONFIG_USER_ONLY)
758 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
760 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
762 static uint16_t phys_section_add(MemoryRegionSection *section)
764 /* The physical section number is ORed with a page-aligned
765 * pointer to produce the iotlb entries. Thus it should
766 * never overflow into the page-aligned value.
768 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
770 if (next_map.sections_nb == next_map.sections_nb_alloc) {
771 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
773 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
774 next_map.sections_nb_alloc);
776 next_map.sections[next_map.sections_nb] = *section;
777 memory_region_ref(section->mr);
778 return next_map.sections_nb++;
781 static void phys_section_destroy(MemoryRegion *mr)
783 memory_region_unref(mr);
786 subpage_t *subpage = container_of(mr, subpage_t, iomem);
787 memory_region_destroy(&subpage->iomem);
792 static void phys_sections_free(PhysPageMap *map)
794 while (map->sections_nb > 0) {
795 MemoryRegionSection *section = &map->sections[--map->sections_nb];
796 phys_section_destroy(section->mr);
798 g_free(map->sections);
803 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
806 hwaddr base = section->offset_within_address_space
808 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
809 next_map.nodes, next_map.sections);
810 MemoryRegionSection subsection = {
811 .offset_within_address_space = base,
812 .size = int128_make64(TARGET_PAGE_SIZE),
816 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
818 if (!(existing->mr->subpage)) {
819 subpage = subpage_init(d->as, base);
820 subsection.mr = &subpage->iomem;
821 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
822 phys_section_add(&subsection));
824 subpage = container_of(existing->mr, subpage_t, iomem);
826 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
827 end = start + int128_get64(section->size) - 1;
828 subpage_register(subpage, start, end, phys_section_add(section));
832 static void register_multipage(AddressSpaceDispatch *d,
833 MemoryRegionSection *section)
835 hwaddr start_addr = section->offset_within_address_space;
836 uint16_t section_index = phys_section_add(section);
837 uint64_t num_pages = int128_get64(int128_rshift(section->size,
841 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
844 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
846 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
847 AddressSpaceDispatch *d = as->next_dispatch;
848 MemoryRegionSection now = *section, remain = *section;
849 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
851 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
852 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
853 - now.offset_within_address_space;
855 now.size = int128_min(int128_make64(left), now.size);
856 register_subpage(d, &now);
858 now.size = int128_zero();
860 while (int128_ne(remain.size, now.size)) {
861 remain.size = int128_sub(remain.size, now.size);
862 remain.offset_within_address_space += int128_get64(now.size);
863 remain.offset_within_region += int128_get64(now.size);
865 if (int128_lt(remain.size, page_size)) {
866 register_subpage(d, &now);
867 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
868 now.size = page_size;
869 register_subpage(d, &now);
871 now.size = int128_and(now.size, int128_neg(page_size));
872 register_multipage(d, &now);
877 void qemu_flush_coalesced_mmio_buffer(void)
880 kvm_flush_coalesced_mmio_buffer();
883 void qemu_mutex_lock_ramlist(void)
885 qemu_mutex_lock(&ram_list.mutex);
888 void qemu_mutex_unlock_ramlist(void)
890 qemu_mutex_unlock(&ram_list.mutex);
893 #if defined(__linux__) && !defined(TARGET_S390X)
897 #define HUGETLBFS_MAGIC 0x958458f6
899 static long gethugepagesize(const char *path)
905 ret = statfs(path, &fs);
906 } while (ret != 0 && errno == EINTR);
913 if (fs.f_type != HUGETLBFS_MAGIC)
914 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
919 static void *file_ram_alloc(RAMBlock *block,
924 char *sanitized_name;
931 unsigned long hpagesize;
933 hpagesize = gethugepagesize(path);
938 if (memory < hpagesize) {
942 if (kvm_enabled() && !kvm_has_sync_mmu()) {
943 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
947 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
948 sanitized_name = g_strdup(block->mr->name);
949 for (c = sanitized_name; *c != '\0'; c++) {
954 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
956 g_free(sanitized_name);
958 fd = mkstemp(filename);
960 perror("unable to create backing store for hugepages");
967 memory = (memory+hpagesize-1) & ~(hpagesize-1);
970 * ftruncate is not supported by hugetlbfs in older
971 * hosts, so don't bother bailing out on errors.
972 * If anything goes wrong with it under other filesystems,
975 if (ftruncate(fd, memory))
979 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
980 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
981 * to sidestep this quirk.
983 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
984 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
986 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
988 if (area == MAP_FAILED) {
989 perror("file_ram_alloc: can't mmap RAM pages");
998 static ram_addr_t find_ram_offset(ram_addr_t size)
1000 RAMBlock *block, *next_block;
1001 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1003 assert(size != 0); /* it would hand out same offset multiple times */
1005 if (QTAILQ_EMPTY(&ram_list.blocks))
1008 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1009 ram_addr_t end, next = RAM_ADDR_MAX;
1011 end = block->offset + block->length;
1013 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1014 if (next_block->offset >= end) {
1015 next = MIN(next, next_block->offset);
1018 if (next - end >= size && next - end < mingap) {
1020 mingap = next - end;
1024 if (offset == RAM_ADDR_MAX) {
1025 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1033 ram_addr_t last_ram_offset(void)
1036 ram_addr_t last = 0;
1038 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1039 last = MAX(last, block->offset + block->length);
1044 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1048 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1049 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1050 "dump-guest-core", true)) {
1051 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1053 perror("qemu_madvise");
1054 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1055 "but dump_guest_core=off specified\n");
1060 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1062 RAMBlock *new_block, *block;
1065 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1066 if (block->offset == addr) {
1072 assert(!new_block->idstr[0]);
1075 char *id = qdev_get_dev_path(dev);
1077 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1081 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1083 /* This assumes the iothread lock is taken here too. */
1084 qemu_mutex_lock_ramlist();
1085 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1086 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1087 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1092 qemu_mutex_unlock_ramlist();
1095 static int memory_try_enable_merging(void *addr, size_t len)
1097 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1098 /* disabled by the user */
1102 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1105 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1108 RAMBlock *block, *new_block;
1110 size = TARGET_PAGE_ALIGN(size);
1111 new_block = g_malloc0(sizeof(*new_block));
1113 /* This assumes the iothread lock is taken here too. */
1114 qemu_mutex_lock_ramlist();
1116 new_block->offset = find_ram_offset(size);
1118 new_block->host = host;
1119 new_block->flags |= RAM_PREALLOC_MASK;
1122 #if defined (__linux__) && !defined(TARGET_S390X)
1123 new_block->host = file_ram_alloc(new_block, size, mem_path);
1124 if (!new_block->host) {
1125 new_block->host = qemu_anon_ram_alloc(size);
1126 memory_try_enable_merging(new_block->host, size);
1129 fprintf(stderr, "-mem-path option unsupported\n");
1133 if (xen_enabled()) {
1134 xen_ram_alloc(new_block->offset, size, mr);
1135 } else if (kvm_enabled()) {
1136 /* some s390/kvm configurations have special constraints */
1137 new_block->host = kvm_ram_alloc(size);
1139 new_block->host = qemu_anon_ram_alloc(size);
1141 memory_try_enable_merging(new_block->host, size);
1144 new_block->length = size;
1146 /* Keep the list sorted from biggest to smallest block. */
1147 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1148 if (block->length < new_block->length) {
1153 QTAILQ_INSERT_BEFORE(block, new_block, next);
1155 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1157 ram_list.mru_block = NULL;
1160 qemu_mutex_unlock_ramlist();
1162 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1163 last_ram_offset() >> TARGET_PAGE_BITS);
1164 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1165 0, size >> TARGET_PAGE_BITS);
1166 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1168 qemu_ram_setup_dump(new_block->host, size);
1169 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1172 kvm_setup_guest_memory(new_block->host, size);
1174 return new_block->offset;
1177 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1179 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1182 void qemu_ram_free_from_ptr(ram_addr_t addr)
1186 /* This assumes the iothread lock is taken here too. */
1187 qemu_mutex_lock_ramlist();
1188 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1189 if (addr == block->offset) {
1190 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1191 ram_list.mru_block = NULL;
1197 qemu_mutex_unlock_ramlist();
1200 void qemu_ram_free(ram_addr_t addr)
1204 /* This assumes the iothread lock is taken here too. */
1205 qemu_mutex_lock_ramlist();
1206 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1207 if (addr == block->offset) {
1208 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1209 ram_list.mru_block = NULL;
1211 if (block->flags & RAM_PREALLOC_MASK) {
1213 } else if (mem_path) {
1214 #if defined (__linux__) && !defined(TARGET_S390X)
1216 munmap(block->host, block->length);
1219 qemu_anon_ram_free(block->host, block->length);
1225 if (xen_enabled()) {
1226 xen_invalidate_map_cache_entry(block->host);
1228 qemu_anon_ram_free(block->host, block->length);
1235 qemu_mutex_unlock_ramlist();
1240 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1247 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1248 offset = addr - block->offset;
1249 if (offset < block->length) {
1250 vaddr = block->host + offset;
1251 if (block->flags & RAM_PREALLOC_MASK) {
1255 munmap(vaddr, length);
1257 #if defined(__linux__) && !defined(TARGET_S390X)
1260 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1263 flags |= MAP_PRIVATE;
1265 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1266 flags, block->fd, offset);
1268 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1269 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1276 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1277 flags |= MAP_SHARED | MAP_ANONYMOUS;
1278 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1281 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1282 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1286 if (area != vaddr) {
1287 fprintf(stderr, "Could not remap addr: "
1288 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1292 memory_try_enable_merging(vaddr, length);
1293 qemu_ram_setup_dump(vaddr, length);
1299 #endif /* !_WIN32 */
1301 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1305 /* The list is protected by the iothread lock here. */
1306 block = ram_list.mru_block;
1307 if (block && addr - block->offset < block->length) {
1310 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1311 if (addr - block->offset < block->length) {
1316 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1320 ram_list.mru_block = block;
1324 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1325 With the exception of the softmmu code in this file, this should
1326 only be used for local memory (e.g. video ram) that the device owns,
1327 and knows it isn't going to access beyond the end of the block.
1329 It should not be used for general purpose DMA.
1330 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1332 void *qemu_get_ram_ptr(ram_addr_t addr)
1334 RAMBlock *block = qemu_get_ram_block(addr);
1336 if (xen_enabled()) {
1337 /* We need to check if the requested address is in the RAM
1338 * because we don't want to map the entire memory in QEMU.
1339 * In that case just map until the end of the page.
1341 if (block->offset == 0) {
1342 return xen_map_cache(addr, 0, 0);
1343 } else if (block->host == NULL) {
1345 xen_map_cache(block->offset, block->length, 1);
1348 return block->host + (addr - block->offset);
1351 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1352 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1354 * ??? Is this still necessary?
1356 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1360 /* The list is protected by the iothread lock here. */
1361 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1362 if (addr - block->offset < block->length) {
1363 if (xen_enabled()) {
1364 /* We need to check if the requested address is in the RAM
1365 * because we don't want to map the entire memory in QEMU.
1366 * In that case just map until the end of the page.
1368 if (block->offset == 0) {
1369 return xen_map_cache(addr, 0, 0);
1370 } else if (block->host == NULL) {
1372 xen_map_cache(block->offset, block->length, 1);
1375 return block->host + (addr - block->offset);
1379 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1385 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1386 * but takes a size argument */
1387 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1392 if (xen_enabled()) {
1393 return xen_map_cache(addr, *size, 1);
1397 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1398 if (addr - block->offset < block->length) {
1399 if (addr - block->offset + *size > block->length)
1400 *size = block->length - addr + block->offset;
1401 return block->host + (addr - block->offset);
1405 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1410 /* Some of the softmmu routines need to translate from a host pointer
1411 (typically a TLB entry) back to a ram offset. */
1412 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1415 uint8_t *host = ptr;
1417 if (xen_enabled()) {
1418 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1419 return qemu_get_ram_block(*ram_addr)->mr;
1422 block = ram_list.mru_block;
1423 if (block && block->host && host - block->host < block->length) {
1427 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1428 /* This case append when the block is not mapped. */
1429 if (block->host == NULL) {
1432 if (host - block->host < block->length) {
1440 *ram_addr = block->offset + (host - block->host);
1444 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1445 uint64_t val, unsigned size)
1448 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1449 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1450 tb_invalidate_phys_page_fast(ram_addr, size);
1451 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1455 stb_p(qemu_get_ram_ptr(ram_addr), val);
1458 stw_p(qemu_get_ram_ptr(ram_addr), val);
1461 stl_p(qemu_get_ram_ptr(ram_addr), val);
1466 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1467 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1468 /* we remove the notdirty callback only if the code has been
1470 if (dirty_flags == 0xff)
1471 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1474 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1475 unsigned size, bool is_write)
1480 static const MemoryRegionOps notdirty_mem_ops = {
1481 .write = notdirty_mem_write,
1482 .valid.accepts = notdirty_mem_accepts,
1483 .endianness = DEVICE_NATIVE_ENDIAN,
1486 /* Generate a debug exception if a watchpoint has been hit. */
1487 static void check_watchpoint(int offset, int len_mask, int flags)
1489 CPUArchState *env = cpu_single_env;
1490 target_ulong pc, cs_base;
1495 if (env->watchpoint_hit) {
1496 /* We re-entered the check after replacing the TB. Now raise
1497 * the debug interrupt so that is will trigger after the
1498 * current instruction. */
1499 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1502 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1503 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1504 if ((vaddr == (wp->vaddr & len_mask) ||
1505 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1506 wp->flags |= BP_WATCHPOINT_HIT;
1507 if (!env->watchpoint_hit) {
1508 env->watchpoint_hit = wp;
1509 tb_check_watchpoint(env);
1510 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1511 env->exception_index = EXCP_DEBUG;
1514 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1515 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1516 cpu_resume_from_signal(env, NULL);
1520 wp->flags &= ~BP_WATCHPOINT_HIT;
1525 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1526 so these check for a hit then pass through to the normal out-of-line
1528 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1531 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1533 case 1: return ldub_phys(addr);
1534 case 2: return lduw_phys(addr);
1535 case 4: return ldl_phys(addr);
1540 static void watch_mem_write(void *opaque, hwaddr addr,
1541 uint64_t val, unsigned size)
1543 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1546 stb_phys(addr, val);
1549 stw_phys(addr, val);
1552 stl_phys(addr, val);
1558 static const MemoryRegionOps watch_mem_ops = {
1559 .read = watch_mem_read,
1560 .write = watch_mem_write,
1561 .endianness = DEVICE_NATIVE_ENDIAN,
1564 static uint64_t subpage_read(void *opaque, hwaddr addr,
1567 subpage_t *subpage = opaque;
1570 #if defined(DEBUG_SUBPAGE)
1571 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1572 subpage, len, addr);
1574 address_space_read(subpage->as, addr + subpage->base, buf, len);
1587 static void subpage_write(void *opaque, hwaddr addr,
1588 uint64_t value, unsigned len)
1590 subpage_t *subpage = opaque;
1593 #if defined(DEBUG_SUBPAGE)
1594 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1595 " value %"PRIx64"\n",
1596 __func__, subpage, len, addr, value);
1611 address_space_write(subpage->as, addr + subpage->base, buf, len);
1614 static bool subpage_accepts(void *opaque, hwaddr addr,
1615 unsigned size, bool is_write)
1617 subpage_t *subpage = opaque;
1618 #if defined(DEBUG_SUBPAGE)
1619 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1620 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1623 return address_space_access_valid(subpage->as, addr + subpage->base,
1627 static const MemoryRegionOps subpage_ops = {
1628 .read = subpage_read,
1629 .write = subpage_write,
1630 .valid.accepts = subpage_accepts,
1631 .endianness = DEVICE_NATIVE_ENDIAN,
1634 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1639 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1641 idx = SUBPAGE_IDX(start);
1642 eidx = SUBPAGE_IDX(end);
1643 #if defined(DEBUG_SUBPAGE)
1644 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1645 mmio, start, end, idx, eidx, memory);
1647 for (; idx <= eidx; idx++) {
1648 mmio->sub_section[idx] = section;
1654 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1658 mmio = g_malloc0(sizeof(subpage_t));
1662 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1663 "subpage", TARGET_PAGE_SIZE);
1664 mmio->iomem.subpage = true;
1665 #if defined(DEBUG_SUBPAGE)
1666 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1667 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1669 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1674 static uint16_t dummy_section(MemoryRegion *mr)
1676 MemoryRegionSection section = {
1678 .offset_within_address_space = 0,
1679 .offset_within_region = 0,
1680 .size = int128_2_64(),
1683 return phys_section_add(§ion);
1686 MemoryRegion *iotlb_to_region(hwaddr index)
1688 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1691 static void io_mem_init(void)
1693 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1694 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1695 "unassigned", UINT64_MAX);
1696 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1697 "notdirty", UINT64_MAX);
1698 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1699 "watch", UINT64_MAX);
1702 static void mem_begin(MemoryListener *listener)
1704 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1705 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1707 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1709 as->next_dispatch = d;
1712 static void mem_commit(MemoryListener *listener)
1714 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1715 AddressSpaceDispatch *cur = as->dispatch;
1716 AddressSpaceDispatch *next = as->next_dispatch;
1718 next->nodes = next_map.nodes;
1719 next->sections = next_map.sections;
1721 as->dispatch = next;
1725 static void core_begin(MemoryListener *listener)
1729 prev_map = g_new(PhysPageMap, 1);
1730 *prev_map = next_map;
1732 memset(&next_map, 0, sizeof(next_map));
1733 n = dummy_section(&io_mem_unassigned);
1734 assert(n == PHYS_SECTION_UNASSIGNED);
1735 n = dummy_section(&io_mem_notdirty);
1736 assert(n == PHYS_SECTION_NOTDIRTY);
1737 n = dummy_section(&io_mem_rom);
1738 assert(n == PHYS_SECTION_ROM);
1739 n = dummy_section(&io_mem_watch);
1740 assert(n == PHYS_SECTION_WATCH);
1743 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1744 * All AddressSpaceDispatch instances have switched to the next map.
1746 static void core_commit(MemoryListener *listener)
1748 phys_sections_free(prev_map);
1751 static void tcg_commit(MemoryListener *listener)
1755 /* since each CPU stores ram addresses in its TLB cache, we must
1756 reset the modified entries */
1758 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1763 static void core_log_global_start(MemoryListener *listener)
1765 cpu_physical_memory_set_dirty_tracking(1);
1768 static void core_log_global_stop(MemoryListener *listener)
1770 cpu_physical_memory_set_dirty_tracking(0);
1773 static MemoryListener core_memory_listener = {
1774 .begin = core_begin,
1775 .commit = core_commit,
1776 .log_global_start = core_log_global_start,
1777 .log_global_stop = core_log_global_stop,
1781 static MemoryListener tcg_memory_listener = {
1782 .commit = tcg_commit,
1785 void address_space_init_dispatch(AddressSpace *as)
1787 as->dispatch = NULL;
1788 as->dispatch_listener = (MemoryListener) {
1790 .commit = mem_commit,
1791 .region_add = mem_add,
1792 .region_nop = mem_add,
1795 memory_listener_register(&as->dispatch_listener, as);
1798 void address_space_destroy_dispatch(AddressSpace *as)
1800 AddressSpaceDispatch *d = as->dispatch;
1802 memory_listener_unregister(&as->dispatch_listener);
1804 as->dispatch = NULL;
1807 static void memory_map_init(void)
1809 system_memory = g_malloc(sizeof(*system_memory));
1810 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1811 address_space_init(&address_space_memory, system_memory, "memory");
1813 system_io = g_malloc(sizeof(*system_io));
1814 memory_region_init(system_io, NULL, "io", 65536);
1815 address_space_init(&address_space_io, system_io, "I/O");
1817 memory_listener_register(&core_memory_listener, &address_space_memory);
1818 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1821 MemoryRegion *get_system_memory(void)
1823 return system_memory;
1826 MemoryRegion *get_system_io(void)
1831 #endif /* !defined(CONFIG_USER_ONLY) */
1833 /* physical memory access (slow version, mainly for debug) */
1834 #if defined(CONFIG_USER_ONLY)
1835 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1836 uint8_t *buf, int len, int is_write)
1843 page = addr & TARGET_PAGE_MASK;
1844 l = (page + TARGET_PAGE_SIZE) - addr;
1847 flags = page_get_flags(page);
1848 if (!(flags & PAGE_VALID))
1851 if (!(flags & PAGE_WRITE))
1853 /* XXX: this code should not depend on lock_user */
1854 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1857 unlock_user(p, addr, l);
1859 if (!(flags & PAGE_READ))
1861 /* XXX: this code should not depend on lock_user */
1862 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1865 unlock_user(p, addr, 0);
1876 static void invalidate_and_set_dirty(hwaddr addr,
1879 if (!cpu_physical_memory_is_dirty(addr)) {
1880 /* invalidate code */
1881 tb_invalidate_phys_page_range(addr, addr + length, 0);
1883 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1885 xen_modified_memory(addr, length);
1888 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1890 if (memory_region_is_ram(mr)) {
1891 return !(is_write && mr->readonly);
1893 if (memory_region_is_romd(mr)) {
1900 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1902 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1905 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1911 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1912 int len, bool is_write)
1923 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1926 if (!memory_access_is_direct(mr, is_write)) {
1927 l = memory_access_size(mr, l, addr1);
1928 /* XXX: could force cpu_single_env to NULL to avoid
1931 /* 32 bit write access */
1933 error |= io_mem_write(mr, addr1, val, 4);
1934 } else if (l == 2) {
1935 /* 16 bit write access */
1937 error |= io_mem_write(mr, addr1, val, 2);
1939 /* 8 bit write access */
1941 error |= io_mem_write(mr, addr1, val, 1);
1944 addr1 += memory_region_get_ram_addr(mr);
1946 ptr = qemu_get_ram_ptr(addr1);
1947 memcpy(ptr, buf, l);
1948 invalidate_and_set_dirty(addr1, l);
1951 if (!memory_access_is_direct(mr, is_write)) {
1953 l = memory_access_size(mr, l, addr1);
1955 /* 32 bit read access */
1956 error |= io_mem_read(mr, addr1, &val, 4);
1958 } else if (l == 2) {
1959 /* 16 bit read access */
1960 error |= io_mem_read(mr, addr1, &val, 2);
1963 /* 8 bit read access */
1964 error |= io_mem_read(mr, addr1, &val, 1);
1969 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1970 memcpy(buf, ptr, l);
1981 bool address_space_write(AddressSpace *as, hwaddr addr,
1982 const uint8_t *buf, int len)
1984 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1987 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1989 return address_space_rw(as, addr, buf, len, false);
1993 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1994 int len, int is_write)
1996 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1999 /* used for ROM loading : can write in RAM and ROM */
2000 void cpu_physical_memory_write_rom(hwaddr addr,
2001 const uint8_t *buf, int len)
2010 mr = address_space_translate(&address_space_memory,
2011 addr, &addr1, &l, true);
2013 if (!(memory_region_is_ram(mr) ||
2014 memory_region_is_romd(mr))) {
2017 addr1 += memory_region_get_ram_addr(mr);
2019 ptr = qemu_get_ram_ptr(addr1);
2020 memcpy(ptr, buf, l);
2021 invalidate_and_set_dirty(addr1, l);
2036 static BounceBuffer bounce;
2038 typedef struct MapClient {
2040 void (*callback)(void *opaque);
2041 QLIST_ENTRY(MapClient) link;
2044 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2045 = QLIST_HEAD_INITIALIZER(map_client_list);
2047 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2049 MapClient *client = g_malloc(sizeof(*client));
2051 client->opaque = opaque;
2052 client->callback = callback;
2053 QLIST_INSERT_HEAD(&map_client_list, client, link);
2057 static void cpu_unregister_map_client(void *_client)
2059 MapClient *client = (MapClient *)_client;
2061 QLIST_REMOVE(client, link);
2065 static void cpu_notify_map_clients(void)
2069 while (!QLIST_EMPTY(&map_client_list)) {
2070 client = QLIST_FIRST(&map_client_list);
2071 client->callback(client->opaque);
2072 cpu_unregister_map_client(client);
2076 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2083 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2084 if (!memory_access_is_direct(mr, is_write)) {
2085 l = memory_access_size(mr, l, addr);
2086 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2097 /* Map a physical memory region into a host virtual address.
2098 * May map a subset of the requested range, given by and returned in *plen.
2099 * May return NULL if resources needed to perform the mapping are exhausted.
2100 * Use only for reads OR writes - not for read-modify-write operations.
2101 * Use cpu_register_map_client() to know when retrying the map operation is
2102 * likely to succeed.
2104 void *address_space_map(AddressSpace *as,
2111 hwaddr l, xlat, base;
2112 MemoryRegion *mr, *this_mr;
2120 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2121 if (!memory_access_is_direct(mr, is_write)) {
2122 if (bounce.buffer) {
2125 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2129 memory_region_ref(mr);
2132 address_space_read(as, addr, bounce.buffer, l);
2136 return bounce.buffer;
2140 raddr = memory_region_get_ram_addr(mr);
2151 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2152 if (this_mr != mr || xlat != base + done) {
2157 memory_region_ref(mr);
2159 return qemu_ram_ptr_length(raddr + base, plen);
2162 /* Unmaps a memory region previously mapped by address_space_map().
2163 * Will also mark the memory as dirty if is_write == 1. access_len gives
2164 * the amount of memory that was actually read or written by the caller.
2166 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2167 int is_write, hwaddr access_len)
2169 if (buffer != bounce.buffer) {
2173 mr = qemu_ram_addr_from_host(buffer, &addr1);
2176 while (access_len) {
2178 l = TARGET_PAGE_SIZE;
2181 invalidate_and_set_dirty(addr1, l);
2186 if (xen_enabled()) {
2187 xen_invalidate_map_cache_entry(buffer);
2189 memory_region_unref(mr);
2193 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2195 qemu_vfree(bounce.buffer);
2196 bounce.buffer = NULL;
2197 memory_region_unref(bounce.mr);
2198 cpu_notify_map_clients();
2201 void *cpu_physical_memory_map(hwaddr addr,
2205 return address_space_map(&address_space_memory, addr, plen, is_write);
2208 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2209 int is_write, hwaddr access_len)
2211 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2214 /* warning: addr must be aligned */
2215 static inline uint32_t ldl_phys_internal(hwaddr addr,
2216 enum device_endian endian)
2224 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2226 if (l < 4 || !memory_access_is_direct(mr, false)) {
2228 io_mem_read(mr, addr1, &val, 4);
2229 #if defined(TARGET_WORDS_BIGENDIAN)
2230 if (endian == DEVICE_LITTLE_ENDIAN) {
2234 if (endian == DEVICE_BIG_ENDIAN) {
2240 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2244 case DEVICE_LITTLE_ENDIAN:
2245 val = ldl_le_p(ptr);
2247 case DEVICE_BIG_ENDIAN:
2248 val = ldl_be_p(ptr);
2258 uint32_t ldl_phys(hwaddr addr)
2260 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2263 uint32_t ldl_le_phys(hwaddr addr)
2265 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2268 uint32_t ldl_be_phys(hwaddr addr)
2270 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2273 /* warning: addr must be aligned */
2274 static inline uint64_t ldq_phys_internal(hwaddr addr,
2275 enum device_endian endian)
2283 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2285 if (l < 8 || !memory_access_is_direct(mr, false)) {
2287 io_mem_read(mr, addr1, &val, 8);
2288 #if defined(TARGET_WORDS_BIGENDIAN)
2289 if (endian == DEVICE_LITTLE_ENDIAN) {
2293 if (endian == DEVICE_BIG_ENDIAN) {
2299 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2303 case DEVICE_LITTLE_ENDIAN:
2304 val = ldq_le_p(ptr);
2306 case DEVICE_BIG_ENDIAN:
2307 val = ldq_be_p(ptr);
2317 uint64_t ldq_phys(hwaddr addr)
2319 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2322 uint64_t ldq_le_phys(hwaddr addr)
2324 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2327 uint64_t ldq_be_phys(hwaddr addr)
2329 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2333 uint32_t ldub_phys(hwaddr addr)
2336 cpu_physical_memory_read(addr, &val, 1);
2340 /* warning: addr must be aligned */
2341 static inline uint32_t lduw_phys_internal(hwaddr addr,
2342 enum device_endian endian)
2350 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2352 if (l < 2 || !memory_access_is_direct(mr, false)) {
2354 io_mem_read(mr, addr1, &val, 2);
2355 #if defined(TARGET_WORDS_BIGENDIAN)
2356 if (endian == DEVICE_LITTLE_ENDIAN) {
2360 if (endian == DEVICE_BIG_ENDIAN) {
2366 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2370 case DEVICE_LITTLE_ENDIAN:
2371 val = lduw_le_p(ptr);
2373 case DEVICE_BIG_ENDIAN:
2374 val = lduw_be_p(ptr);
2384 uint32_t lduw_phys(hwaddr addr)
2386 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2389 uint32_t lduw_le_phys(hwaddr addr)
2391 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2394 uint32_t lduw_be_phys(hwaddr addr)
2396 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2399 /* warning: addr must be aligned. The ram page is not masked as dirty
2400 and the code inside is not invalidated. It is useful if the dirty
2401 bits are used to track modified PTEs */
2402 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2409 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2411 if (l < 4 || !memory_access_is_direct(mr, true)) {
2412 io_mem_write(mr, addr1, val, 4);
2414 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2415 ptr = qemu_get_ram_ptr(addr1);
2418 if (unlikely(in_migration)) {
2419 if (!cpu_physical_memory_is_dirty(addr1)) {
2420 /* invalidate code */
2421 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2423 cpu_physical_memory_set_dirty_flags(
2424 addr1, (0xff & ~CODE_DIRTY_FLAG));
2430 /* warning: addr must be aligned */
2431 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2432 enum device_endian endian)
2439 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2441 if (l < 4 || !memory_access_is_direct(mr, true)) {
2442 #if defined(TARGET_WORDS_BIGENDIAN)
2443 if (endian == DEVICE_LITTLE_ENDIAN) {
2447 if (endian == DEVICE_BIG_ENDIAN) {
2451 io_mem_write(mr, addr1, val, 4);
2454 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2455 ptr = qemu_get_ram_ptr(addr1);
2457 case DEVICE_LITTLE_ENDIAN:
2460 case DEVICE_BIG_ENDIAN:
2467 invalidate_and_set_dirty(addr1, 4);
2471 void stl_phys(hwaddr addr, uint32_t val)
2473 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2476 void stl_le_phys(hwaddr addr, uint32_t val)
2478 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2481 void stl_be_phys(hwaddr addr, uint32_t val)
2483 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2487 void stb_phys(hwaddr addr, uint32_t val)
2490 cpu_physical_memory_write(addr, &v, 1);
2493 /* warning: addr must be aligned */
2494 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2495 enum device_endian endian)
2502 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2504 if (l < 2 || !memory_access_is_direct(mr, true)) {
2505 #if defined(TARGET_WORDS_BIGENDIAN)
2506 if (endian == DEVICE_LITTLE_ENDIAN) {
2510 if (endian == DEVICE_BIG_ENDIAN) {
2514 io_mem_write(mr, addr1, val, 2);
2517 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2518 ptr = qemu_get_ram_ptr(addr1);
2520 case DEVICE_LITTLE_ENDIAN:
2523 case DEVICE_BIG_ENDIAN:
2530 invalidate_and_set_dirty(addr1, 2);
2534 void stw_phys(hwaddr addr, uint32_t val)
2536 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2539 void stw_le_phys(hwaddr addr, uint32_t val)
2541 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2544 void stw_be_phys(hwaddr addr, uint32_t val)
2546 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2550 void stq_phys(hwaddr addr, uint64_t val)
2553 cpu_physical_memory_write(addr, &val, 8);
2556 void stq_le_phys(hwaddr addr, uint64_t val)
2558 val = cpu_to_le64(val);
2559 cpu_physical_memory_write(addr, &val, 8);
2562 void stq_be_phys(hwaddr addr, uint64_t val)
2564 val = cpu_to_be64(val);
2565 cpu_physical_memory_write(addr, &val, 8);
2568 /* virtual memory access for debug (includes writing to ROM) */
2569 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2570 uint8_t *buf, int len, int is_write)
2577 page = addr & TARGET_PAGE_MASK;
2578 phys_addr = cpu_get_phys_page_debug(env, page);
2579 /* if no physical page mapped, return an error */
2580 if (phys_addr == -1)
2582 l = (page + TARGET_PAGE_SIZE) - addr;
2585 phys_addr += (addr & ~TARGET_PAGE_MASK);
2587 cpu_physical_memory_write_rom(phys_addr, buf, l);
2589 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2598 #if !defined(CONFIG_USER_ONLY)
2601 * A helper function for the _utterly broken_ virtio device model to find out if
2602 * it's running on a big endian machine. Don't do this at home kids!
2604 bool virtio_is_big_endian(void);
2605 bool virtio_is_big_endian(void)
2607 #if defined(TARGET_WORDS_BIGENDIAN)
2616 #ifndef CONFIG_USER_ONLY
2617 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2622 mr = address_space_translate(&address_space_memory,
2623 phys_addr, &phys_addr, &l, false);
2625 return !(memory_region_is_ram(mr) ||
2626 memory_region_is_romd(mr));
2629 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2633 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2634 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob