4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 typedef struct PhysPageEntry PhysPageEntry;
86 struct PhysPageEntry {
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
96 PhysPageEntry phys_map;
97 MemoryListener listener;
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
106 uint16_t sub_section[TARGET_PAGE_SIZE];
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
126 static MemoryRegion io_mem_watch;
129 #if !defined(CONFIG_USER_ONLY)
131 static void phys_map_node_reserve(unsigned nodes)
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
143 static uint16_t phys_map_node_alloc(void)
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
158 static void phys_map_nodes_reset(void)
160 phys_map_nodes_nb = 0;
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
176 for (i = 0; i < L2_SIZE; i++) {
178 p[i].ptr = phys_section_unassigned;
182 p = phys_map_nodes[lp->ptr];
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
211 PhysPageEntry lp = d->phys_map;
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
222 return &phys_sections[lp.ptr];
225 bool memory_region_is_unassigned(MemoryRegion *mr)
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
233 bool resolve_subpage)
235 MemoryRegionSection *section;
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
250 MemoryRegionSection *section;
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
270 MemoryRegionSection *section;
275 section = address_space_translate_internal(as, addr, &addr, plen, true);
278 if (!mr->iommu_ops) {
282 iotlb = mr->iommu_ops->translate(mr, addr);
283 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
284 | (addr & iotlb.addr_mask));
285 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
286 if (!(iotlb.perm & (1 << is_write))) {
287 mr = &io_mem_unassigned;
291 as = iotlb.target_as;
299 MemoryRegionSection *
300 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
303 MemoryRegionSection *section;
304 section = address_space_translate_internal(as, addr, xlat, plen, false);
306 assert(!section->mr->iommu_ops);
311 void cpu_exec_init_all(void)
313 #if !defined(CONFIG_USER_ONLY)
314 qemu_mutex_init(&ram_list.mutex);
320 #if !defined(CONFIG_USER_ONLY)
322 static int cpu_common_post_load(void *opaque, int version_id)
324 CPUState *cpu = opaque;
326 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
327 version_id is increased. */
328 cpu->interrupt_request &= ~0x01;
329 tlb_flush(cpu->env_ptr, 1);
334 static const VMStateDescription vmstate_cpu_common = {
335 .name = "cpu_common",
337 .minimum_version_id = 1,
338 .minimum_version_id_old = 1,
339 .post_load = cpu_common_post_load,
340 .fields = (VMStateField []) {
341 VMSTATE_UINT32(halted, CPUState),
342 VMSTATE_UINT32(interrupt_request, CPUState),
343 VMSTATE_END_OF_LIST()
347 #define vmstate_cpu_common vmstate_dummy
350 CPUState *qemu_get_cpu(int index)
352 CPUArchState *env = first_cpu;
353 CPUState *cpu = NULL;
356 cpu = ENV_GET_CPU(env);
357 if (cpu->cpu_index == index) {
363 return env ? cpu : NULL;
366 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
368 CPUArchState *env = first_cpu;
371 func(ENV_GET_CPU(env), data);
376 void cpu_exec_init(CPUArchState *env)
378 CPUState *cpu = ENV_GET_CPU(env);
379 CPUClass *cc = CPU_GET_CLASS(cpu);
383 #if defined(CONFIG_USER_ONLY)
386 env->next_cpu = NULL;
389 while (*penv != NULL) {
390 penv = &(*penv)->next_cpu;
393 cpu->cpu_index = cpu_index;
395 QTAILQ_INIT(&env->breakpoints);
396 QTAILQ_INIT(&env->watchpoints);
397 #ifndef CONFIG_USER_ONLY
398 cpu->thread_id = qemu_get_thread_id();
401 #if defined(CONFIG_USER_ONLY)
404 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
405 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
406 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
407 cpu_save, cpu_load, env);
408 assert(cc->vmsd == NULL);
410 if (cc->vmsd != NULL) {
411 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
415 #if defined(TARGET_HAS_ICE)
416 #if defined(CONFIG_USER_ONLY)
417 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
419 tb_invalidate_phys_page_range(pc, pc + 1, 0);
422 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
424 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
425 (pc & ~TARGET_PAGE_MASK));
428 #endif /* TARGET_HAS_ICE */
430 #if defined(CONFIG_USER_ONLY)
431 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
436 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
437 int flags, CPUWatchpoint **watchpoint)
442 /* Add a watchpoint. */
443 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
444 int flags, CPUWatchpoint **watchpoint)
446 target_ulong len_mask = ~(len - 1);
449 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
450 if ((len & (len - 1)) || (addr & ~len_mask) ||
451 len == 0 || len > TARGET_PAGE_SIZE) {
452 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
453 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
456 wp = g_malloc(sizeof(*wp));
459 wp->len_mask = len_mask;
462 /* keep all GDB-injected watchpoints in front */
464 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
466 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
468 tlb_flush_page(env, addr);
475 /* Remove a specific watchpoint. */
476 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
479 target_ulong len_mask = ~(len - 1);
482 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
483 if (addr == wp->vaddr && len_mask == wp->len_mask
484 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
485 cpu_watchpoint_remove_by_ref(env, wp);
492 /* Remove a specific watchpoint by reference. */
493 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
495 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
497 tlb_flush_page(env, watchpoint->vaddr);
502 /* Remove all matching watchpoints. */
503 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
505 CPUWatchpoint *wp, *next;
507 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
508 if (wp->flags & mask)
509 cpu_watchpoint_remove_by_ref(env, wp);
514 /* Add a breakpoint. */
515 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
516 CPUBreakpoint **breakpoint)
518 #if defined(TARGET_HAS_ICE)
521 bp = g_malloc(sizeof(*bp));
526 /* keep all GDB-injected breakpoints in front */
528 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
530 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
532 breakpoint_invalidate(env, pc);
542 /* Remove a specific breakpoint. */
543 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
545 #if defined(TARGET_HAS_ICE)
548 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
549 if (bp->pc == pc && bp->flags == flags) {
550 cpu_breakpoint_remove_by_ref(env, bp);
560 /* Remove a specific breakpoint by reference. */
561 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
563 #if defined(TARGET_HAS_ICE)
564 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
566 breakpoint_invalidate(env, breakpoint->pc);
572 /* Remove all matching breakpoints. */
573 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
575 #if defined(TARGET_HAS_ICE)
576 CPUBreakpoint *bp, *next;
578 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
579 if (bp->flags & mask)
580 cpu_breakpoint_remove_by_ref(env, bp);
585 /* enable or disable single step mode. EXCP_DEBUG is returned by the
586 CPU loop after each instruction */
587 void cpu_single_step(CPUArchState *env, int enabled)
589 #if defined(TARGET_HAS_ICE)
590 if (env->singlestep_enabled != enabled) {
591 env->singlestep_enabled = enabled;
593 kvm_update_guest_debug(env, 0);
595 /* must flush all the translated code to avoid inconsistencies */
596 /* XXX: only flush what is necessary */
603 void cpu_exit(CPUArchState *env)
605 CPUState *cpu = ENV_GET_CPU(env);
607 cpu->exit_request = 1;
608 cpu->tcg_exit_req = 1;
611 void cpu_abort(CPUArchState *env, const char *fmt, ...)
618 fprintf(stderr, "qemu: fatal: ");
619 vfprintf(stderr, fmt, ap);
620 fprintf(stderr, "\n");
621 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
622 if (qemu_log_enabled()) {
623 qemu_log("qemu: fatal: ");
624 qemu_log_vprintf(fmt, ap2);
626 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
632 #if defined(CONFIG_USER_ONLY)
634 struct sigaction act;
635 sigfillset(&act.sa_mask);
636 act.sa_handler = SIG_DFL;
637 sigaction(SIGABRT, &act, NULL);
643 CPUArchState *cpu_copy(CPUArchState *env)
645 CPUArchState *new_env = cpu_init(env->cpu_model_str);
646 CPUArchState *next_cpu = new_env->next_cpu;
647 #if defined(TARGET_HAS_ICE)
652 memcpy(new_env, env, sizeof(CPUArchState));
654 /* Preserve chaining. */
655 new_env->next_cpu = next_cpu;
657 /* Clone all break/watchpoints.
658 Note: Once we support ptrace with hw-debug register access, make sure
659 BP_CPU break/watchpoints are handled correctly on clone. */
660 QTAILQ_INIT(&env->breakpoints);
661 QTAILQ_INIT(&env->watchpoints);
662 #if defined(TARGET_HAS_ICE)
663 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
664 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
666 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
667 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
675 #if !defined(CONFIG_USER_ONLY)
676 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
681 /* we modify the TLB cache so that the dirty bit will be set again
682 when accessing the range */
683 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
684 /* Check that we don't span multiple blocks - this breaks the
685 address comparisons below. */
686 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
687 != (end - 1) - start) {
690 cpu_tlb_reset_dirty_all(start1, length);
694 /* Note: start and end must be within the same ram block. */
695 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
700 start &= TARGET_PAGE_MASK;
701 end = TARGET_PAGE_ALIGN(end);
703 length = end - start;
706 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
709 tlb_reset_dirty_range_all(start, end, length);
713 static int cpu_physical_memory_set_dirty_tracking(int enable)
716 in_migration = enable;
720 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
721 MemoryRegionSection *section,
723 hwaddr paddr, hwaddr xlat,
725 target_ulong *address)
730 if (memory_region_is_ram(section->mr)) {
732 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
734 if (!section->readonly) {
735 iotlb |= phys_section_notdirty;
737 iotlb |= phys_section_rom;
740 iotlb = section - phys_sections;
744 /* Make accesses to pages with watchpoints go via the
745 watchpoint trap routines. */
746 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
747 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
748 /* Avoid trapping reads of pages with a write breakpoint. */
749 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
750 iotlb = phys_section_watch + paddr;
751 *address |= TLB_MMIO;
759 #endif /* defined(CONFIG_USER_ONLY) */
761 #if !defined(CONFIG_USER_ONLY)
763 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
765 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
766 static void destroy_page_desc(uint16_t section_index)
768 MemoryRegionSection *section = &phys_sections[section_index];
769 MemoryRegion *mr = section->mr;
772 subpage_t *subpage = container_of(mr, subpage_t, iomem);
773 memory_region_destroy(&subpage->iomem);
778 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
783 if (lp->ptr == PHYS_MAP_NODE_NIL) {
787 p = phys_map_nodes[lp->ptr];
788 for (i = 0; i < L2_SIZE; ++i) {
790 destroy_l2_mapping(&p[i], level - 1);
792 destroy_page_desc(p[i].ptr);
796 lp->ptr = PHYS_MAP_NODE_NIL;
799 static void destroy_all_mappings(AddressSpaceDispatch *d)
801 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
802 phys_map_nodes_reset();
805 static uint16_t phys_section_add(MemoryRegionSection *section)
807 /* The physical section number is ORed with a page-aligned
808 * pointer to produce the iotlb entries. Thus it should
809 * never overflow into the page-aligned value.
811 assert(phys_sections_nb < TARGET_PAGE_SIZE);
813 if (phys_sections_nb == phys_sections_nb_alloc) {
814 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
815 phys_sections = g_renew(MemoryRegionSection, phys_sections,
816 phys_sections_nb_alloc);
818 phys_sections[phys_sections_nb] = *section;
819 return phys_sections_nb++;
822 static void phys_sections_clear(void)
824 phys_sections_nb = 0;
827 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
830 hwaddr base = section->offset_within_address_space
832 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
833 MemoryRegionSection subsection = {
834 .offset_within_address_space = base,
835 .size = int128_make64(TARGET_PAGE_SIZE),
839 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
841 if (!(existing->mr->subpage)) {
842 subpage = subpage_init(d->as, base);
843 subsection.mr = &subpage->iomem;
844 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
845 phys_section_add(&subsection));
847 subpage = container_of(existing->mr, subpage_t, iomem);
849 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
850 end = start + int128_get64(section->size) - 1;
851 subpage_register(subpage, start, end, phys_section_add(section));
855 static void register_multipage(AddressSpaceDispatch *d,
856 MemoryRegionSection *section)
858 hwaddr start_addr = section->offset_within_address_space;
859 uint16_t section_index = phys_section_add(section);
860 uint64_t num_pages = int128_get64(int128_rshift(section->size,
864 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
867 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
869 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
870 MemoryRegionSection now = *section, remain = *section;
871 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
873 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
874 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
875 - now.offset_within_address_space;
877 now.size = int128_min(int128_make64(left), now.size);
878 register_subpage(d, &now);
880 now.size = int128_zero();
882 while (int128_ne(remain.size, now.size)) {
883 remain.size = int128_sub(remain.size, now.size);
884 remain.offset_within_address_space += int128_get64(now.size);
885 remain.offset_within_region += int128_get64(now.size);
887 if (int128_lt(remain.size, page_size)) {
888 register_subpage(d, &now);
889 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
890 now.size = page_size;
891 register_subpage(d, &now);
893 now.size = int128_and(now.size, int128_neg(page_size));
894 register_multipage(d, &now);
899 void qemu_flush_coalesced_mmio_buffer(void)
902 kvm_flush_coalesced_mmio_buffer();
905 void qemu_mutex_lock_ramlist(void)
907 qemu_mutex_lock(&ram_list.mutex);
910 void qemu_mutex_unlock_ramlist(void)
912 qemu_mutex_unlock(&ram_list.mutex);
915 #if defined(__linux__) && !defined(TARGET_S390X)
919 #define HUGETLBFS_MAGIC 0x958458f6
921 static long gethugepagesize(const char *path)
927 ret = statfs(path, &fs);
928 } while (ret != 0 && errno == EINTR);
935 if (fs.f_type != HUGETLBFS_MAGIC)
936 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
941 static void *file_ram_alloc(RAMBlock *block,
946 char *sanitized_name;
953 unsigned long hpagesize;
955 hpagesize = gethugepagesize(path);
960 if (memory < hpagesize) {
964 if (kvm_enabled() && !kvm_has_sync_mmu()) {
965 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
969 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
970 sanitized_name = g_strdup(block->mr->name);
971 for (c = sanitized_name; *c != '\0'; c++) {
976 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
978 g_free(sanitized_name);
980 fd = mkstemp(filename);
982 perror("unable to create backing store for hugepages");
989 memory = (memory+hpagesize-1) & ~(hpagesize-1);
992 * ftruncate is not supported by hugetlbfs in older
993 * hosts, so don't bother bailing out on errors.
994 * If anything goes wrong with it under other filesystems,
997 if (ftruncate(fd, memory))
1001 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
1002 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
1003 * to sidestep this quirk.
1005 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
1006 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
1008 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1010 if (area == MAP_FAILED) {
1011 perror("file_ram_alloc: can't mmap RAM pages");
1020 static ram_addr_t find_ram_offset(ram_addr_t size)
1022 RAMBlock *block, *next_block;
1023 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1025 assert(size != 0); /* it would hand out same offset multiple times */
1027 if (QTAILQ_EMPTY(&ram_list.blocks))
1030 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1031 ram_addr_t end, next = RAM_ADDR_MAX;
1033 end = block->offset + block->length;
1035 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1036 if (next_block->offset >= end) {
1037 next = MIN(next, next_block->offset);
1040 if (next - end >= size && next - end < mingap) {
1042 mingap = next - end;
1046 if (offset == RAM_ADDR_MAX) {
1047 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1055 ram_addr_t last_ram_offset(void)
1058 ram_addr_t last = 0;
1060 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1061 last = MAX(last, block->offset + block->length);
1066 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1069 QemuOpts *machine_opts;
1071 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1072 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1074 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1075 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1077 perror("qemu_madvise");
1078 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1079 "but dump_guest_core=off specified\n");
1084 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1086 RAMBlock *new_block, *block;
1089 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1090 if (block->offset == addr) {
1096 assert(!new_block->idstr[0]);
1099 char *id = qdev_get_dev_path(dev);
1101 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1105 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1107 /* This assumes the iothread lock is taken here too. */
1108 qemu_mutex_lock_ramlist();
1109 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1110 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1111 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1116 qemu_mutex_unlock_ramlist();
1119 static int memory_try_enable_merging(void *addr, size_t len)
1123 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1124 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1125 /* disabled by the user */
1129 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1132 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1135 RAMBlock *block, *new_block;
1137 size = TARGET_PAGE_ALIGN(size);
1138 new_block = g_malloc0(sizeof(*new_block));
1140 /* This assumes the iothread lock is taken here too. */
1141 qemu_mutex_lock_ramlist();
1143 new_block->offset = find_ram_offset(size);
1145 new_block->host = host;
1146 new_block->flags |= RAM_PREALLOC_MASK;
1149 #if defined (__linux__) && !defined(TARGET_S390X)
1150 new_block->host = file_ram_alloc(new_block, size, mem_path);
1151 if (!new_block->host) {
1152 new_block->host = qemu_anon_ram_alloc(size);
1153 memory_try_enable_merging(new_block->host, size);
1156 fprintf(stderr, "-mem-path option unsupported\n");
1160 if (xen_enabled()) {
1161 xen_ram_alloc(new_block->offset, size, mr);
1162 } else if (kvm_enabled()) {
1163 /* some s390/kvm configurations have special constraints */
1164 new_block->host = kvm_ram_alloc(size);
1166 new_block->host = qemu_anon_ram_alloc(size);
1168 memory_try_enable_merging(new_block->host, size);
1171 new_block->length = size;
1173 /* Keep the list sorted from biggest to smallest block. */
1174 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1175 if (block->length < new_block->length) {
1180 QTAILQ_INSERT_BEFORE(block, new_block, next);
1182 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1184 ram_list.mru_block = NULL;
1187 qemu_mutex_unlock_ramlist();
1189 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1190 last_ram_offset() >> TARGET_PAGE_BITS);
1191 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1192 0, size >> TARGET_PAGE_BITS);
1193 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1195 qemu_ram_setup_dump(new_block->host, size);
1196 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1199 kvm_setup_guest_memory(new_block->host, size);
1201 return new_block->offset;
1204 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1206 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1209 void qemu_ram_free_from_ptr(ram_addr_t addr)
1213 /* This assumes the iothread lock is taken here too. */
1214 qemu_mutex_lock_ramlist();
1215 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1216 if (addr == block->offset) {
1217 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1218 ram_list.mru_block = NULL;
1224 qemu_mutex_unlock_ramlist();
1227 void qemu_ram_free(ram_addr_t addr)
1231 /* This assumes the iothread lock is taken here too. */
1232 qemu_mutex_lock_ramlist();
1233 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1234 if (addr == block->offset) {
1235 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1236 ram_list.mru_block = NULL;
1238 if (block->flags & RAM_PREALLOC_MASK) {
1240 } else if (mem_path) {
1241 #if defined (__linux__) && !defined(TARGET_S390X)
1243 munmap(block->host, block->length);
1246 qemu_anon_ram_free(block->host, block->length);
1252 if (xen_enabled()) {
1253 xen_invalidate_map_cache_entry(block->host);
1255 qemu_anon_ram_free(block->host, block->length);
1262 qemu_mutex_unlock_ramlist();
1267 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1274 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1275 offset = addr - block->offset;
1276 if (offset < block->length) {
1277 vaddr = block->host + offset;
1278 if (block->flags & RAM_PREALLOC_MASK) {
1282 munmap(vaddr, length);
1284 #if defined(__linux__) && !defined(TARGET_S390X)
1287 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1290 flags |= MAP_PRIVATE;
1292 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1293 flags, block->fd, offset);
1295 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1296 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1303 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1304 flags |= MAP_SHARED | MAP_ANONYMOUS;
1305 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1308 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1309 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1313 if (area != vaddr) {
1314 fprintf(stderr, "Could not remap addr: "
1315 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1319 memory_try_enable_merging(vaddr, length);
1320 qemu_ram_setup_dump(vaddr, length);
1326 #endif /* !_WIN32 */
1328 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1329 With the exception of the softmmu code in this file, this should
1330 only be used for local memory (e.g. video ram) that the device owns,
1331 and knows it isn't going to access beyond the end of the block.
1333 It should not be used for general purpose DMA.
1334 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1336 void *qemu_get_ram_ptr(ram_addr_t addr)
1340 /* The list is protected by the iothread lock here. */
1341 block = ram_list.mru_block;
1342 if (block && addr - block->offset < block->length) {
1345 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1346 if (addr - block->offset < block->length) {
1351 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1355 ram_list.mru_block = block;
1356 if (xen_enabled()) {
1357 /* We need to check if the requested address is in the RAM
1358 * because we don't want to map the entire memory in QEMU.
1359 * In that case just map until the end of the page.
1361 if (block->offset == 0) {
1362 return xen_map_cache(addr, 0, 0);
1363 } else if (block->host == NULL) {
1365 xen_map_cache(block->offset, block->length, 1);
1368 return block->host + (addr - block->offset);
1371 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1372 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1374 * ??? Is this still necessary?
1376 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1380 /* The list is protected by the iothread lock here. */
1381 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1382 if (addr - block->offset < block->length) {
1383 if (xen_enabled()) {
1384 /* We need to check if the requested address is in the RAM
1385 * because we don't want to map the entire memory in QEMU.
1386 * In that case just map until the end of the page.
1388 if (block->offset == 0) {
1389 return xen_map_cache(addr, 0, 0);
1390 } else if (block->host == NULL) {
1392 xen_map_cache(block->offset, block->length, 1);
1395 return block->host + (addr - block->offset);
1399 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1405 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1406 * but takes a size argument */
1407 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1412 if (xen_enabled()) {
1413 return xen_map_cache(addr, *size, 1);
1417 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1418 if (addr - block->offset < block->length) {
1419 if (addr - block->offset + *size > block->length)
1420 *size = block->length - addr + block->offset;
1421 return block->host + (addr - block->offset);
1425 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1430 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1433 uint8_t *host = ptr;
1435 if (xen_enabled()) {
1436 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1440 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1441 /* This case append when the block is not mapped. */
1442 if (block->host == NULL) {
1445 if (host - block->host < block->length) {
1446 *ram_addr = block->offset + (host - block->host);
1454 /* Some of the softmmu routines need to translate from a host pointer
1455 (typically a TLB entry) back to a ram offset. */
1456 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1458 ram_addr_t ram_addr;
1460 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1461 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1467 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1468 uint64_t val, unsigned size)
1471 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1472 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1473 tb_invalidate_phys_page_fast(ram_addr, size);
1474 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1478 stb_p(qemu_get_ram_ptr(ram_addr), val);
1481 stw_p(qemu_get_ram_ptr(ram_addr), val);
1484 stl_p(qemu_get_ram_ptr(ram_addr), val);
1489 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1490 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1491 /* we remove the notdirty callback only if the code has been
1493 if (dirty_flags == 0xff)
1494 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1497 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1498 unsigned size, bool is_write)
1503 static const MemoryRegionOps notdirty_mem_ops = {
1504 .write = notdirty_mem_write,
1505 .valid.accepts = notdirty_mem_accepts,
1506 .endianness = DEVICE_NATIVE_ENDIAN,
1509 /* Generate a debug exception if a watchpoint has been hit. */
1510 static void check_watchpoint(int offset, int len_mask, int flags)
1512 CPUArchState *env = cpu_single_env;
1513 target_ulong pc, cs_base;
1518 if (env->watchpoint_hit) {
1519 /* We re-entered the check after replacing the TB. Now raise
1520 * the debug interrupt so that is will trigger after the
1521 * current instruction. */
1522 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1525 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1526 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1527 if ((vaddr == (wp->vaddr & len_mask) ||
1528 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1529 wp->flags |= BP_WATCHPOINT_HIT;
1530 if (!env->watchpoint_hit) {
1531 env->watchpoint_hit = wp;
1532 tb_check_watchpoint(env);
1533 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1534 env->exception_index = EXCP_DEBUG;
1537 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1538 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1539 cpu_resume_from_signal(env, NULL);
1543 wp->flags &= ~BP_WATCHPOINT_HIT;
1548 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1549 so these check for a hit then pass through to the normal out-of-line
1551 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1554 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1556 case 1: return ldub_phys(addr);
1557 case 2: return lduw_phys(addr);
1558 case 4: return ldl_phys(addr);
1563 static void watch_mem_write(void *opaque, hwaddr addr,
1564 uint64_t val, unsigned size)
1566 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1569 stb_phys(addr, val);
1572 stw_phys(addr, val);
1575 stl_phys(addr, val);
1581 static const MemoryRegionOps watch_mem_ops = {
1582 .read = watch_mem_read,
1583 .write = watch_mem_write,
1584 .endianness = DEVICE_NATIVE_ENDIAN,
1587 static uint64_t subpage_read(void *opaque, hwaddr addr,
1590 subpage_t *subpage = opaque;
1593 #if defined(DEBUG_SUBPAGE)
1594 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1595 subpage, len, addr);
1597 address_space_read(subpage->as, addr + subpage->base, buf, len);
1610 static void subpage_write(void *opaque, hwaddr addr,
1611 uint64_t value, unsigned len)
1613 subpage_t *subpage = opaque;
1616 #if defined(DEBUG_SUBPAGE)
1617 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1618 " value %"PRIx64"\n",
1619 __func__, subpage, len, addr, value);
1634 address_space_write(subpage->as, addr + subpage->base, buf, len);
1637 static bool subpage_accepts(void *opaque, hwaddr addr,
1638 unsigned size, bool is_write)
1640 subpage_t *subpage = opaque;
1641 #if defined(DEBUG_SUBPAGE)
1642 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1643 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1646 return address_space_access_valid(subpage->as, addr + subpage->base,
1650 static const MemoryRegionOps subpage_ops = {
1651 .read = subpage_read,
1652 .write = subpage_write,
1653 .valid.accepts = subpage_accepts,
1654 .endianness = DEVICE_NATIVE_ENDIAN,
1657 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1662 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1664 idx = SUBPAGE_IDX(start);
1665 eidx = SUBPAGE_IDX(end);
1666 #if defined(DEBUG_SUBPAGE)
1667 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1668 mmio, start, end, idx, eidx, memory);
1670 for (; idx <= eidx; idx++) {
1671 mmio->sub_section[idx] = section;
1677 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1681 mmio = g_malloc0(sizeof(subpage_t));
1685 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1686 "subpage", TARGET_PAGE_SIZE);
1687 mmio->iomem.subpage = true;
1688 #if defined(DEBUG_SUBPAGE)
1689 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1690 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1692 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1697 static uint16_t dummy_section(MemoryRegion *mr)
1699 MemoryRegionSection section = {
1701 .offset_within_address_space = 0,
1702 .offset_within_region = 0,
1703 .size = int128_2_64(),
1706 return phys_section_add(§ion);
1709 MemoryRegion *iotlb_to_region(hwaddr index)
1711 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1714 static void io_mem_init(void)
1716 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1717 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1718 "unassigned", UINT64_MAX);
1719 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1720 "notdirty", UINT64_MAX);
1721 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1722 "watch", UINT64_MAX);
1725 static void mem_begin(MemoryListener *listener)
1727 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1729 destroy_all_mappings(d);
1730 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1733 static void core_begin(MemoryListener *listener)
1735 phys_sections_clear();
1736 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1737 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1738 phys_section_rom = dummy_section(&io_mem_rom);
1739 phys_section_watch = dummy_section(&io_mem_watch);
1742 static void tcg_commit(MemoryListener *listener)
1746 /* since each CPU stores ram addresses in its TLB cache, we must
1747 reset the modified entries */
1749 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1754 static void core_log_global_start(MemoryListener *listener)
1756 cpu_physical_memory_set_dirty_tracking(1);
1759 static void core_log_global_stop(MemoryListener *listener)
1761 cpu_physical_memory_set_dirty_tracking(0);
1764 static void io_region_add(MemoryListener *listener,
1765 MemoryRegionSection *section)
1767 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1769 mrio->mr = section->mr;
1770 mrio->offset = section->offset_within_region;
1771 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1772 section->offset_within_address_space,
1773 int128_get64(section->size));
1774 ioport_register(&mrio->iorange);
1777 static void io_region_del(MemoryListener *listener,
1778 MemoryRegionSection *section)
1780 isa_unassign_ioport(section->offset_within_address_space,
1781 int128_get64(section->size));
1784 static MemoryListener core_memory_listener = {
1785 .begin = core_begin,
1786 .log_global_start = core_log_global_start,
1787 .log_global_stop = core_log_global_stop,
1791 static MemoryListener io_memory_listener = {
1792 .region_add = io_region_add,
1793 .region_del = io_region_del,
1797 static MemoryListener tcg_memory_listener = {
1798 .commit = tcg_commit,
1801 void address_space_init_dispatch(AddressSpace *as)
1803 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1805 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1806 d->listener = (MemoryListener) {
1808 .region_add = mem_add,
1809 .region_nop = mem_add,
1814 memory_listener_register(&d->listener, as);
1817 void address_space_destroy_dispatch(AddressSpace *as)
1819 AddressSpaceDispatch *d = as->dispatch;
1821 memory_listener_unregister(&d->listener);
1822 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1824 as->dispatch = NULL;
1827 static void memory_map_init(void)
1829 system_memory = g_malloc(sizeof(*system_memory));
1830 memory_region_init(system_memory, "system", INT64_MAX);
1831 address_space_init(&address_space_memory, system_memory);
1832 address_space_memory.name = "memory";
1834 system_io = g_malloc(sizeof(*system_io));
1835 memory_region_init(system_io, "io", 65536);
1836 address_space_init(&address_space_io, system_io);
1837 address_space_io.name = "I/O";
1839 memory_listener_register(&core_memory_listener, &address_space_memory);
1840 memory_listener_register(&io_memory_listener, &address_space_io);
1841 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1843 dma_context_init(&dma_context_memory, &address_space_memory,
1847 MemoryRegion *get_system_memory(void)
1849 return system_memory;
1852 MemoryRegion *get_system_io(void)
1857 #endif /* !defined(CONFIG_USER_ONLY) */
1859 /* physical memory access (slow version, mainly for debug) */
1860 #if defined(CONFIG_USER_ONLY)
1861 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1862 uint8_t *buf, int len, int is_write)
1869 page = addr & TARGET_PAGE_MASK;
1870 l = (page + TARGET_PAGE_SIZE) - addr;
1873 flags = page_get_flags(page);
1874 if (!(flags & PAGE_VALID))
1877 if (!(flags & PAGE_WRITE))
1879 /* XXX: this code should not depend on lock_user */
1880 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1883 unlock_user(p, addr, l);
1885 if (!(flags & PAGE_READ))
1887 /* XXX: this code should not depend on lock_user */
1888 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1891 unlock_user(p, addr, 0);
1902 static void invalidate_and_set_dirty(hwaddr addr,
1905 if (!cpu_physical_memory_is_dirty(addr)) {
1906 /* invalidate code */
1907 tb_invalidate_phys_page_range(addr, addr + length, 0);
1909 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1911 xen_modified_memory(addr, length);
1914 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1916 if (memory_region_is_ram(mr)) {
1917 return !(is_write && mr->readonly);
1919 if (memory_region_is_romd(mr)) {
1926 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1928 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1931 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1937 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1938 int len, bool is_write)
1949 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1952 if (!memory_access_is_direct(mr, is_write)) {
1953 l = memory_access_size(mr, l, addr1);
1954 /* XXX: could force cpu_single_env to NULL to avoid
1957 /* 32 bit write access */
1959 error |= io_mem_write(mr, addr1, val, 4);
1960 } else if (l == 2) {
1961 /* 16 bit write access */
1963 error |= io_mem_write(mr, addr1, val, 2);
1965 /* 8 bit write access */
1967 error |= io_mem_write(mr, addr1, val, 1);
1970 addr1 += memory_region_get_ram_addr(mr);
1972 ptr = qemu_get_ram_ptr(addr1);
1973 memcpy(ptr, buf, l);
1974 invalidate_and_set_dirty(addr1, l);
1977 if (!memory_access_is_direct(mr, is_write)) {
1979 l = memory_access_size(mr, l, addr1);
1981 /* 32 bit read access */
1982 error |= io_mem_read(mr, addr1, &val, 4);
1984 } else if (l == 2) {
1985 /* 16 bit read access */
1986 error |= io_mem_read(mr, addr1, &val, 2);
1989 /* 8 bit read access */
1990 error |= io_mem_read(mr, addr1, &val, 1);
1995 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1996 memcpy(buf, ptr, l);
2007 bool address_space_write(AddressSpace *as, hwaddr addr,
2008 const uint8_t *buf, int len)
2010 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2013 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2015 return address_space_rw(as, addr, buf, len, false);
2019 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2020 int len, int is_write)
2022 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2025 /* used for ROM loading : can write in RAM and ROM */
2026 void cpu_physical_memory_write_rom(hwaddr addr,
2027 const uint8_t *buf, int len)
2036 mr = address_space_translate(&address_space_memory,
2037 addr, &addr1, &l, true);
2039 if (!(memory_region_is_ram(mr) ||
2040 memory_region_is_romd(mr))) {
2043 addr1 += memory_region_get_ram_addr(mr);
2045 ptr = qemu_get_ram_ptr(addr1);
2046 memcpy(ptr, buf, l);
2047 invalidate_and_set_dirty(addr1, l);
2061 static BounceBuffer bounce;
2063 typedef struct MapClient {
2065 void (*callback)(void *opaque);
2066 QLIST_ENTRY(MapClient) link;
2069 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2070 = QLIST_HEAD_INITIALIZER(map_client_list);
2072 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2074 MapClient *client = g_malloc(sizeof(*client));
2076 client->opaque = opaque;
2077 client->callback = callback;
2078 QLIST_INSERT_HEAD(&map_client_list, client, link);
2082 static void cpu_unregister_map_client(void *_client)
2084 MapClient *client = (MapClient *)_client;
2086 QLIST_REMOVE(client, link);
2090 static void cpu_notify_map_clients(void)
2094 while (!QLIST_EMPTY(&map_client_list)) {
2095 client = QLIST_FIRST(&map_client_list);
2096 client->callback(client->opaque);
2097 cpu_unregister_map_client(client);
2101 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2108 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2109 if (!memory_access_is_direct(mr, is_write)) {
2110 l = memory_access_size(mr, l, addr);
2111 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2122 /* Map a physical memory region into a host virtual address.
2123 * May map a subset of the requested range, given by and returned in *plen.
2124 * May return NULL if resources needed to perform the mapping are exhausted.
2125 * Use only for reads OR writes - not for read-modify-write operations.
2126 * Use cpu_register_map_client() to know when retrying the map operation is
2127 * likely to succeed.
2129 void *address_space_map(AddressSpace *as,
2138 ram_addr_t raddr = RAM_ADDR_MAX;
2144 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2146 if (!memory_access_is_direct(mr, is_write)) {
2147 if (todo || bounce.buffer) {
2150 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2154 address_space_read(as, addr, bounce.buffer, l);
2158 return bounce.buffer;
2161 raddr = memory_region_get_ram_addr(mr) + xlat;
2163 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2173 ret = qemu_ram_ptr_length(raddr, &rlen);
2178 /* Unmaps a memory region previously mapped by address_space_map().
2179 * Will also mark the memory as dirty if is_write == 1. access_len gives
2180 * the amount of memory that was actually read or written by the caller.
2182 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2183 int is_write, hwaddr access_len)
2185 if (buffer != bounce.buffer) {
2187 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2188 while (access_len) {
2190 l = TARGET_PAGE_SIZE;
2193 invalidate_and_set_dirty(addr1, l);
2198 if (xen_enabled()) {
2199 xen_invalidate_map_cache_entry(buffer);
2204 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2206 qemu_vfree(bounce.buffer);
2207 bounce.buffer = NULL;
2208 cpu_notify_map_clients();
2211 void *cpu_physical_memory_map(hwaddr addr,
2215 return address_space_map(&address_space_memory, addr, plen, is_write);
2218 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2219 int is_write, hwaddr access_len)
2221 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2224 /* warning: addr must be aligned */
2225 static inline uint32_t ldl_phys_internal(hwaddr addr,
2226 enum device_endian endian)
2234 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2236 if (l < 4 || !memory_access_is_direct(mr, false)) {
2238 io_mem_read(mr, addr1, &val, 4);
2239 #if defined(TARGET_WORDS_BIGENDIAN)
2240 if (endian == DEVICE_LITTLE_ENDIAN) {
2244 if (endian == DEVICE_BIG_ENDIAN) {
2250 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2254 case DEVICE_LITTLE_ENDIAN:
2255 val = ldl_le_p(ptr);
2257 case DEVICE_BIG_ENDIAN:
2258 val = ldl_be_p(ptr);
2268 uint32_t ldl_phys(hwaddr addr)
2270 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2273 uint32_t ldl_le_phys(hwaddr addr)
2275 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2278 uint32_t ldl_be_phys(hwaddr addr)
2280 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2283 /* warning: addr must be aligned */
2284 static inline uint64_t ldq_phys_internal(hwaddr addr,
2285 enum device_endian endian)
2293 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2295 if (l < 8 || !memory_access_is_direct(mr, false)) {
2297 io_mem_read(mr, addr1, &val, 8);
2298 #if defined(TARGET_WORDS_BIGENDIAN)
2299 if (endian == DEVICE_LITTLE_ENDIAN) {
2303 if (endian == DEVICE_BIG_ENDIAN) {
2309 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2313 case DEVICE_LITTLE_ENDIAN:
2314 val = ldq_le_p(ptr);
2316 case DEVICE_BIG_ENDIAN:
2317 val = ldq_be_p(ptr);
2327 uint64_t ldq_phys(hwaddr addr)
2329 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2332 uint64_t ldq_le_phys(hwaddr addr)
2334 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2337 uint64_t ldq_be_phys(hwaddr addr)
2339 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2343 uint32_t ldub_phys(hwaddr addr)
2346 cpu_physical_memory_read(addr, &val, 1);
2350 /* warning: addr must be aligned */
2351 static inline uint32_t lduw_phys_internal(hwaddr addr,
2352 enum device_endian endian)
2360 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2362 if (l < 2 || !memory_access_is_direct(mr, false)) {
2364 io_mem_read(mr, addr1, &val, 2);
2365 #if defined(TARGET_WORDS_BIGENDIAN)
2366 if (endian == DEVICE_LITTLE_ENDIAN) {
2370 if (endian == DEVICE_BIG_ENDIAN) {
2376 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2380 case DEVICE_LITTLE_ENDIAN:
2381 val = lduw_le_p(ptr);
2383 case DEVICE_BIG_ENDIAN:
2384 val = lduw_be_p(ptr);
2394 uint32_t lduw_phys(hwaddr addr)
2396 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2399 uint32_t lduw_le_phys(hwaddr addr)
2401 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2404 uint32_t lduw_be_phys(hwaddr addr)
2406 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2409 /* warning: addr must be aligned. The ram page is not masked as dirty
2410 and the code inside is not invalidated. It is useful if the dirty
2411 bits are used to track modified PTEs */
2412 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2419 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2421 if (l < 4 || !memory_access_is_direct(mr, true)) {
2422 io_mem_write(mr, addr1, val, 4);
2424 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2425 ptr = qemu_get_ram_ptr(addr1);
2428 if (unlikely(in_migration)) {
2429 if (!cpu_physical_memory_is_dirty(addr1)) {
2430 /* invalidate code */
2431 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2433 cpu_physical_memory_set_dirty_flags(
2434 addr1, (0xff & ~CODE_DIRTY_FLAG));
2440 /* warning: addr must be aligned */
2441 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2442 enum device_endian endian)
2449 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2451 if (l < 4 || !memory_access_is_direct(mr, true)) {
2452 #if defined(TARGET_WORDS_BIGENDIAN)
2453 if (endian == DEVICE_LITTLE_ENDIAN) {
2457 if (endian == DEVICE_BIG_ENDIAN) {
2461 io_mem_write(mr, addr1, val, 4);
2464 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2465 ptr = qemu_get_ram_ptr(addr1);
2467 case DEVICE_LITTLE_ENDIAN:
2470 case DEVICE_BIG_ENDIAN:
2477 invalidate_and_set_dirty(addr1, 4);
2481 void stl_phys(hwaddr addr, uint32_t val)
2483 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2486 void stl_le_phys(hwaddr addr, uint32_t val)
2488 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2491 void stl_be_phys(hwaddr addr, uint32_t val)
2493 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2497 void stb_phys(hwaddr addr, uint32_t val)
2500 cpu_physical_memory_write(addr, &v, 1);
2503 /* warning: addr must be aligned */
2504 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2505 enum device_endian endian)
2512 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2514 if (l < 2 || !memory_access_is_direct(mr, true)) {
2515 #if defined(TARGET_WORDS_BIGENDIAN)
2516 if (endian == DEVICE_LITTLE_ENDIAN) {
2520 if (endian == DEVICE_BIG_ENDIAN) {
2524 io_mem_write(mr, addr1, val, 2);
2527 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2528 ptr = qemu_get_ram_ptr(addr1);
2530 case DEVICE_LITTLE_ENDIAN:
2533 case DEVICE_BIG_ENDIAN:
2540 invalidate_and_set_dirty(addr1, 2);
2544 void stw_phys(hwaddr addr, uint32_t val)
2546 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2549 void stw_le_phys(hwaddr addr, uint32_t val)
2551 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2554 void stw_be_phys(hwaddr addr, uint32_t val)
2556 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2560 void stq_phys(hwaddr addr, uint64_t val)
2563 cpu_physical_memory_write(addr, &val, 8);
2566 void stq_le_phys(hwaddr addr, uint64_t val)
2568 val = cpu_to_le64(val);
2569 cpu_physical_memory_write(addr, &val, 8);
2572 void stq_be_phys(hwaddr addr, uint64_t val)
2574 val = cpu_to_be64(val);
2575 cpu_physical_memory_write(addr, &val, 8);
2578 /* virtual memory access for debug (includes writing to ROM) */
2579 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2580 uint8_t *buf, int len, int is_write)
2587 page = addr & TARGET_PAGE_MASK;
2588 phys_addr = cpu_get_phys_page_debug(env, page);
2589 /* if no physical page mapped, return an error */
2590 if (phys_addr == -1)
2592 l = (page + TARGET_PAGE_SIZE) - addr;
2595 phys_addr += (addr & ~TARGET_PAGE_MASK);
2597 cpu_physical_memory_write_rom(phys_addr, buf, l);
2599 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2608 #if !defined(CONFIG_USER_ONLY)
2611 * A helper function for the _utterly broken_ virtio device model to find out if
2612 * it's running on a big endian machine. Don't do this at home kids!
2614 bool virtio_is_big_endian(void);
2615 bool virtio_is_big_endian(void)
2617 #if defined(TARGET_WORDS_BIGENDIAN)
2626 #ifndef CONFIG_USER_ONLY
2627 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2632 mr = address_space_translate(&address_space_memory,
2633 phys_addr, &phys_addr, &l, false);
2635 return !(memory_region_is_ram(mr) ||
2636 memory_region_is_romd(mr));
projects / sdk / emulator / qemu.git / blob