4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 //#define DEBUG_SUBPAGE
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
86 #define RAM_RESIZEABLE (1 << 2)
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
99 #if !defined(CONFIG_USER_ONLY)
101 typedef struct PhysPageEntry PhysPageEntry;
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
116 #define P_L2_SIZE (1 << P_L2_BITS)
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
120 typedef PhysPageEntry Node[P_L2_SIZE];
122 typedef struct PhysPageMap {
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
128 unsigned nodes_nb_alloc;
130 MemoryRegionSection *sections;
133 struct AddressSpaceDispatch {
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
139 PhysPageEntry phys_map;
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
149 uint16_t sub_section[TARGET_PAGE_SIZE];
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
161 static MemoryRegion io_mem_watch;
164 #if !defined(CONFIG_USER_ONLY)
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
182 ret = map->nodes_nb++;
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
236 unsigned valid_ptr = P_L2_SIZE;
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
254 phys_page_compact(&p[i], nodes, compacted);
258 /* We can only compress if there's only one child. */
263 assert(valid_ptr < P_L2_SIZE);
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
280 lp->skip += p[valid_ptr].skip;
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
286 DECLARE_BITMAP(compacted, nodes_nb);
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
297 hwaddr index = addr >> TARGET_PAGE_BITS;
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return §ions[PHYS_SECTION_UNASSIGNED];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return §ions[lp.ptr];
313 return §ions[PHYS_SECTION_UNASSIGNED];
317 bool memory_region_is_unassigned(MemoryRegion *mr)
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
326 bool resolve_subpage)
328 MemoryRegionSection *section;
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
344 MemoryRegionSection *section;
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
356 if (memory_region_is_ram(mr)) {
357 diff = int128_sub(section->size, int128_make64(addr));
358 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
363 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
365 if (memory_region_is_ram(mr)) {
366 return !(is_write && mr->readonly);
368 if (memory_region_is_romd(mr)) {
375 /* Called from RCU critical section */
376 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
377 hwaddr *xlat, hwaddr *plen,
381 MemoryRegionSection *section;
385 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
386 section = address_space_translate_internal(d, addr, &addr, plen, true);
389 if (!mr->iommu_ops) {
393 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
394 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
395 | (addr & iotlb.addr_mask));
396 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
397 if (!(iotlb.perm & (1 << is_write))) {
398 mr = &io_mem_unassigned;
402 as = iotlb.target_as;
405 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
406 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
407 *plen = MIN(page, *plen);
414 /* Called from RCU critical section */
415 MemoryRegionSection *
416 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
417 hwaddr *xlat, hwaddr *plen)
419 MemoryRegionSection *section;
420 section = address_space_translate_internal(cpu->memory_dispatch,
421 addr, xlat, plen, false);
423 assert(!section->mr->iommu_ops);
428 #if !defined(CONFIG_USER_ONLY)
430 static int cpu_common_post_load(void *opaque, int version_id)
432 CPUState *cpu = opaque;
434 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
435 version_id is increased. */
436 cpu->interrupt_request &= ~0x01;
442 static int cpu_common_pre_load(void *opaque)
444 CPUState *cpu = opaque;
446 cpu->exception_index = -1;
451 static bool cpu_common_exception_index_needed(void *opaque)
453 CPUState *cpu = opaque;
455 return tcg_enabled() && cpu->exception_index != -1;
458 static const VMStateDescription vmstate_cpu_common_exception_index = {
459 .name = "cpu_common/exception_index",
461 .minimum_version_id = 1,
462 .needed = cpu_common_exception_index_needed,
463 .fields = (VMStateField[]) {
464 VMSTATE_INT32(exception_index, CPUState),
465 VMSTATE_END_OF_LIST()
469 const VMStateDescription vmstate_cpu_common = {
470 .name = "cpu_common",
472 .minimum_version_id = 1,
473 .pre_load = cpu_common_pre_load,
474 .post_load = cpu_common_post_load,
475 .fields = (VMStateField[]) {
476 VMSTATE_UINT32(halted, CPUState),
477 VMSTATE_UINT32(interrupt_request, CPUState),
478 VMSTATE_END_OF_LIST()
480 .subsections = (const VMStateDescription*[]) {
481 &vmstate_cpu_common_exception_index,
488 CPUState *qemu_get_cpu(int index)
493 if (cpu->cpu_index == index) {
501 #if !defined(CONFIG_USER_ONLY)
502 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
504 /* We only support one address space per cpu at the moment. */
505 assert(cpu->as == as);
507 if (cpu->tcg_as_listener) {
508 memory_listener_unregister(cpu->tcg_as_listener);
510 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
512 cpu->tcg_as_listener->commit = tcg_commit;
513 memory_listener_register(cpu->tcg_as_listener, as);
517 void cpu_exec_init(CPUArchState *env)
519 CPUState *cpu = ENV_GET_CPU(env);
520 CPUClass *cc = CPU_GET_CLASS(cpu);
524 #if defined(CONFIG_USER_ONLY)
528 CPU_FOREACH(some_cpu) {
531 cpu->cpu_index = cpu_index;
533 QTAILQ_INIT(&cpu->breakpoints);
534 QTAILQ_INIT(&cpu->watchpoints);
535 #ifndef CONFIG_USER_ONLY
536 cpu->as = &address_space_memory;
537 cpu->thread_id = qemu_get_thread_id();
538 cpu_reload_memory_map(cpu);
540 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
541 #if defined(CONFIG_USER_ONLY)
544 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
545 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
547 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
548 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
549 cpu_save, cpu_load, env);
550 assert(cc->vmsd == NULL);
551 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
553 if (cc->vmsd != NULL) {
554 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
558 #if defined(CONFIG_USER_ONLY)
559 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
561 tb_invalidate_phys_page_range(pc, pc + 1, 0);
564 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
566 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
568 tb_invalidate_phys_addr(cpu->as,
569 phys | (pc & ~TARGET_PAGE_MASK));
574 #if defined(CONFIG_USER_ONLY)
575 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
580 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
586 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
590 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
591 int flags, CPUWatchpoint **watchpoint)
596 /* Add a watchpoint. */
597 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
598 int flags, CPUWatchpoint **watchpoint)
602 /* forbid ranges which are empty or run off the end of the address space */
603 if (len == 0 || (addr + len - 1) < addr) {
604 error_report("tried to set invalid watchpoint at %"
605 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
608 wp = g_malloc(sizeof(*wp));
614 /* keep all GDB-injected watchpoints in front */
615 if (flags & BP_GDB) {
616 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
618 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
621 tlb_flush_page(cpu, addr);
628 /* Remove a specific watchpoint. */
629 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
634 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
635 if (addr == wp->vaddr && len == wp->len
636 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
637 cpu_watchpoint_remove_by_ref(cpu, wp);
644 /* Remove a specific watchpoint by reference. */
645 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
647 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
649 tlb_flush_page(cpu, watchpoint->vaddr);
654 /* Remove all matching watchpoints. */
655 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
657 CPUWatchpoint *wp, *next;
659 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
660 if (wp->flags & mask) {
661 cpu_watchpoint_remove_by_ref(cpu, wp);
666 /* Return true if this watchpoint address matches the specified
667 * access (ie the address range covered by the watchpoint overlaps
668 * partially or completely with the address range covered by the
671 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
675 /* We know the lengths are non-zero, but a little caution is
676 * required to avoid errors in the case where the range ends
677 * exactly at the top of the address space and so addr + len
678 * wraps round to zero.
680 vaddr wpend = wp->vaddr + wp->len - 1;
681 vaddr addrend = addr + len - 1;
683 return !(addr > wpend || wp->vaddr > addrend);
688 /* Add a breakpoint. */
689 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
690 CPUBreakpoint **breakpoint)
694 bp = g_malloc(sizeof(*bp));
699 /* keep all GDB-injected breakpoints in front */
700 if (flags & BP_GDB) {
701 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
703 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
706 breakpoint_invalidate(cpu, pc);
714 /* Remove a specific breakpoint. */
715 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
719 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
720 if (bp->pc == pc && bp->flags == flags) {
721 cpu_breakpoint_remove_by_ref(cpu, bp);
728 /* Remove a specific breakpoint by reference. */
729 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
731 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
733 breakpoint_invalidate(cpu, breakpoint->pc);
738 /* Remove all matching breakpoints. */
739 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
741 CPUBreakpoint *bp, *next;
743 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
744 if (bp->flags & mask) {
745 cpu_breakpoint_remove_by_ref(cpu, bp);
750 /* enable or disable single step mode. EXCP_DEBUG is returned by the
751 CPU loop after each instruction */
752 void cpu_single_step(CPUState *cpu, int enabled)
754 if (cpu->singlestep_enabled != enabled) {
755 cpu->singlestep_enabled = enabled;
757 kvm_update_guest_debug(cpu, 0);
759 /* must flush all the translated code to avoid inconsistencies */
760 /* XXX: only flush what is necessary */
761 CPUArchState *env = cpu->env_ptr;
767 void cpu_abort(CPUState *cpu, const char *fmt, ...)
774 fprintf(stderr, "qemu: fatal: ");
775 vfprintf(stderr, fmt, ap);
776 fprintf(stderr, "\n");
777 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
778 if (qemu_log_enabled()) {
779 qemu_log("qemu: fatal: ");
780 qemu_log_vprintf(fmt, ap2);
782 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
788 #if defined(CONFIG_USER_ONLY)
790 struct sigaction act;
791 sigfillset(&act.sa_mask);
792 act.sa_handler = SIG_DFL;
793 sigaction(SIGABRT, &act, NULL);
799 #if !defined(CONFIG_USER_ONLY)
800 /* Called from RCU critical section */
801 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
805 block = atomic_rcu_read(&ram_list.mru_block);
806 if (block && addr - block->offset < block->max_length) {
809 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
810 if (addr - block->offset < block->max_length) {
815 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
819 /* It is safe to write mru_block outside the iothread lock. This
824 * xxx removed from list
828 * call_rcu(reclaim_ramblock, xxx);
831 * atomic_rcu_set is not needed here. The block was already published
832 * when it was placed into the list. Here we're just making an extra
833 * copy of the pointer.
835 ram_list.mru_block = block;
839 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
845 end = TARGET_PAGE_ALIGN(start + length);
846 start &= TARGET_PAGE_MASK;
849 block = qemu_get_ram_block(start);
850 assert(block == qemu_get_ram_block(end - 1));
851 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
852 cpu_tlb_reset_dirty_all(start1, length);
856 /* Note: start and end must be within the same ram block. */
857 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
861 unsigned long end, page;
868 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
869 page = start >> TARGET_PAGE_BITS;
870 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
873 if (dirty && tcg_enabled()) {
874 tlb_reset_dirty_range_all(start, length);
880 /* Called from RCU critical section */
881 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
882 MemoryRegionSection *section,
884 hwaddr paddr, hwaddr xlat,
886 target_ulong *address)
891 if (memory_region_is_ram(section->mr)) {
893 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
895 if (!section->readonly) {
896 iotlb |= PHYS_SECTION_NOTDIRTY;
898 iotlb |= PHYS_SECTION_ROM;
901 iotlb = section - section->address_space->dispatch->map.sections;
905 /* Make accesses to pages with watchpoints go via the
906 watchpoint trap routines. */
907 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
908 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
909 /* Avoid trapping reads of pages with a write breakpoint. */
910 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
911 iotlb = PHYS_SECTION_WATCH + paddr;
912 *address |= TLB_MMIO;
920 #endif /* defined(CONFIG_USER_ONLY) */
922 #if !defined(CONFIG_USER_ONLY)
924 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
926 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
928 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
932 * Set a custom physical guest memory alloator.
933 * Accelerators with unusual needs may need this. Hopefully, we can
934 * get rid of it eventually.
936 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
938 phys_mem_alloc = alloc;
941 static uint16_t phys_section_add(PhysPageMap *map,
942 MemoryRegionSection *section)
944 /* The physical section number is ORed with a page-aligned
945 * pointer to produce the iotlb entries. Thus it should
946 * never overflow into the page-aligned value.
948 assert(map->sections_nb < TARGET_PAGE_SIZE);
950 if (map->sections_nb == map->sections_nb_alloc) {
951 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
952 map->sections = g_renew(MemoryRegionSection, map->sections,
953 map->sections_nb_alloc);
955 map->sections[map->sections_nb] = *section;
956 memory_region_ref(section->mr);
957 return map->sections_nb++;
960 static void phys_section_destroy(MemoryRegion *mr)
962 memory_region_unref(mr);
965 subpage_t *subpage = container_of(mr, subpage_t, iomem);
966 object_unref(OBJECT(&subpage->iomem));
971 static void phys_sections_free(PhysPageMap *map)
973 while (map->sections_nb > 0) {
974 MemoryRegionSection *section = &map->sections[--map->sections_nb];
975 phys_section_destroy(section->mr);
977 g_free(map->sections);
981 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
984 hwaddr base = section->offset_within_address_space
986 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
987 d->map.nodes, d->map.sections);
988 MemoryRegionSection subsection = {
989 .offset_within_address_space = base,
990 .size = int128_make64(TARGET_PAGE_SIZE),
994 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
996 if (!(existing->mr->subpage)) {
997 subpage = subpage_init(d->as, base);
998 subsection.address_space = d->as;
999 subsection.mr = &subpage->iomem;
1000 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1001 phys_section_add(&d->map, &subsection));
1003 subpage = container_of(existing->mr, subpage_t, iomem);
1005 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1006 end = start + int128_get64(section->size) - 1;
1007 subpage_register(subpage, start, end,
1008 phys_section_add(&d->map, section));
1012 static void register_multipage(AddressSpaceDispatch *d,
1013 MemoryRegionSection *section)
1015 hwaddr start_addr = section->offset_within_address_space;
1016 uint16_t section_index = phys_section_add(&d->map, section);
1017 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1021 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1024 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1026 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1027 AddressSpaceDispatch *d = as->next_dispatch;
1028 MemoryRegionSection now = *section, remain = *section;
1029 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1031 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1032 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1033 - now.offset_within_address_space;
1035 now.size = int128_min(int128_make64(left), now.size);
1036 register_subpage(d, &now);
1038 now.size = int128_zero();
1040 while (int128_ne(remain.size, now.size)) {
1041 remain.size = int128_sub(remain.size, now.size);
1042 remain.offset_within_address_space += int128_get64(now.size);
1043 remain.offset_within_region += int128_get64(now.size);
1045 if (int128_lt(remain.size, page_size)) {
1046 register_subpage(d, &now);
1047 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1048 now.size = page_size;
1049 register_subpage(d, &now);
1051 now.size = int128_and(now.size, int128_neg(page_size));
1052 register_multipage(d, &now);
1057 void qemu_flush_coalesced_mmio_buffer(void)
1060 kvm_flush_coalesced_mmio_buffer();
1063 void qemu_mutex_lock_ramlist(void)
1065 qemu_mutex_lock(&ram_list.mutex);
1068 void qemu_mutex_unlock_ramlist(void)
1070 qemu_mutex_unlock(&ram_list.mutex);
1075 #include <sys/vfs.h>
1077 #define HUGETLBFS_MAGIC 0x958458f6
1079 static long gethugepagesize(const char *path, Error **errp)
1085 ret = statfs(path, &fs);
1086 } while (ret != 0 && errno == EINTR);
1089 error_setg_errno(errp, errno, "failed to get page size of file %s",
1094 if (fs.f_type != HUGETLBFS_MAGIC)
1095 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1100 static void *file_ram_alloc(RAMBlock *block,
1106 char *sanitized_name;
1111 Error *local_err = NULL;
1113 hpagesize = gethugepagesize(path, &local_err);
1115 error_propagate(errp, local_err);
1118 block->mr->align = hpagesize;
1120 if (memory < hpagesize) {
1121 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1122 "or larger than huge page size 0x%" PRIx64,
1127 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1129 "host lacks kvm mmu notifiers, -mem-path unsupported");
1133 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1134 sanitized_name = g_strdup(memory_region_name(block->mr));
1135 for (c = sanitized_name; *c != '\0'; c++) {
1140 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1142 g_free(sanitized_name);
1144 fd = mkstemp(filename);
1146 error_setg_errno(errp, errno,
1147 "unable to create backing store for hugepages");
1154 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1157 * ftruncate is not supported by hugetlbfs in older
1158 * hosts, so don't bother bailing out on errors.
1159 * If anything goes wrong with it under other filesystems,
1162 if (ftruncate(fd, memory)) {
1163 perror("ftruncate");
1166 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1167 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1169 if (area == MAP_FAILED) {
1170 error_setg_errno(errp, errno,
1171 "unable to map backing store for hugepages");
1177 os_mem_prealloc(fd, area, memory);
1185 error_report("%s", error_get_pretty(*errp));
1192 /* Called with the ramlist lock held. */
1193 static ram_addr_t find_ram_offset(ram_addr_t size)
1195 RAMBlock *block, *next_block;
1196 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1198 assert(size != 0); /* it would hand out same offset multiple times */
1200 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1204 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1205 ram_addr_t end, next = RAM_ADDR_MAX;
1207 end = block->offset + block->max_length;
1209 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1210 if (next_block->offset >= end) {
1211 next = MIN(next, next_block->offset);
1214 if (next - end >= size && next - end < mingap) {
1216 mingap = next - end;
1220 if (offset == RAM_ADDR_MAX) {
1221 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1229 ram_addr_t last_ram_offset(void)
1232 ram_addr_t last = 0;
1235 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1236 last = MAX(last, block->offset + block->max_length);
1242 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1246 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1247 if (!machine_dump_guest_core(current_machine)) {
1248 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1250 perror("qemu_madvise");
1251 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1252 "but dump_guest_core=off specified\n");
1257 /* Called within an RCU critical section, or while the ramlist lock
1260 static RAMBlock *find_ram_block(ram_addr_t addr)
1264 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1265 if (block->offset == addr) {
1273 /* Called with iothread lock held. */
1274 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1276 RAMBlock *new_block, *block;
1279 new_block = find_ram_block(addr);
1281 assert(!new_block->idstr[0]);
1284 char *id = qdev_get_dev_path(dev);
1286 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1290 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1292 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1293 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1294 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1302 /* Called with iothread lock held. */
1303 void qemu_ram_unset_idstr(ram_addr_t addr)
1307 /* FIXME: arch_init.c assumes that this is not called throughout
1308 * migration. Ignore the problem since hot-unplug during migration
1309 * does not work anyway.
1313 block = find_ram_block(addr);
1315 memset(block->idstr, 0, sizeof(block->idstr));
1320 static int memory_try_enable_merging(void *addr, size_t len)
1322 if (!machine_mem_merge(current_machine)) {
1323 /* disabled by the user */
1327 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1330 /* Only legal before guest might have detected the memory size: e.g. on
1331 * incoming migration, or right after reset.
1333 * As memory core doesn't know how is memory accessed, it is up to
1334 * resize callback to update device state and/or add assertions to detect
1335 * misuse, if necessary.
1337 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1339 RAMBlock *block = find_ram_block(base);
1343 newsize = TARGET_PAGE_ALIGN(newsize);
1345 if (block->used_length == newsize) {
1349 if (!(block->flags & RAM_RESIZEABLE)) {
1350 error_setg_errno(errp, EINVAL,
1351 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1352 " in != 0x" RAM_ADDR_FMT, block->idstr,
1353 newsize, block->used_length);
1357 if (block->max_length < newsize) {
1358 error_setg_errno(errp, EINVAL,
1359 "Length too large: %s: 0x" RAM_ADDR_FMT
1360 " > 0x" RAM_ADDR_FMT, block->idstr,
1361 newsize, block->max_length);
1365 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1366 block->used_length = newsize;
1367 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1369 memory_region_set_size(block->mr, newsize);
1370 if (block->resized) {
1371 block->resized(block->idstr, newsize, block->host);
1376 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1379 RAMBlock *last_block = NULL;
1380 ram_addr_t old_ram_size, new_ram_size;
1382 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1384 qemu_mutex_lock_ramlist();
1385 new_block->offset = find_ram_offset(new_block->max_length);
1387 if (!new_block->host) {
1388 if (xen_enabled()) {
1389 xen_ram_alloc(new_block->offset, new_block->max_length,
1392 new_block->host = phys_mem_alloc(new_block->max_length,
1393 &new_block->mr->align);
1394 if (!new_block->host) {
1395 error_setg_errno(errp, errno,
1396 "cannot set up guest memory '%s'",
1397 memory_region_name(new_block->mr));
1398 qemu_mutex_unlock_ramlist();
1401 memory_try_enable_merging(new_block->host, new_block->max_length);
1405 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1406 * QLIST (which has an RCU-friendly variant) does not have insertion at
1407 * tail, so save the last element in last_block.
1409 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1411 if (block->max_length < new_block->max_length) {
1416 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1417 } else if (last_block) {
1418 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1419 } else { /* list is empty */
1420 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1422 ram_list.mru_block = NULL;
1424 /* Write list before version */
1427 qemu_mutex_unlock_ramlist();
1429 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1431 if (new_ram_size > old_ram_size) {
1434 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1435 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1436 ram_list.dirty_memory[i] =
1437 bitmap_zero_extend(ram_list.dirty_memory[i],
1438 old_ram_size, new_ram_size);
1441 cpu_physical_memory_set_dirty_range(new_block->offset,
1442 new_block->used_length,
1445 if (new_block->host) {
1446 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1447 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1448 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1449 if (kvm_enabled()) {
1450 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1454 return new_block->offset;
1458 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1459 bool share, const char *mem_path,
1462 RAMBlock *new_block;
1464 Error *local_err = NULL;
1466 if (xen_enabled()) {
1467 error_setg(errp, "-mem-path not supported with Xen");
1471 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1473 * file_ram_alloc() needs to allocate just like
1474 * phys_mem_alloc, but we haven't bothered to provide
1478 "-mem-path not supported with this accelerator");
1482 size = TARGET_PAGE_ALIGN(size);
1483 new_block = g_malloc0(sizeof(*new_block));
1485 new_block->used_length = size;
1486 new_block->max_length = size;
1487 new_block->flags = share ? RAM_SHARED : 0;
1488 new_block->host = file_ram_alloc(new_block, size,
1490 if (!new_block->host) {
1495 addr = ram_block_add(new_block, &local_err);
1498 error_propagate(errp, local_err);
1506 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1507 void (*resized)(const char*,
1510 void *host, bool resizeable,
1511 MemoryRegion *mr, Error **errp)
1513 RAMBlock *new_block;
1515 Error *local_err = NULL;
1517 size = TARGET_PAGE_ALIGN(size);
1518 max_size = TARGET_PAGE_ALIGN(max_size);
1519 new_block = g_malloc0(sizeof(*new_block));
1521 new_block->resized = resized;
1522 new_block->used_length = size;
1523 new_block->max_length = max_size;
1524 assert(max_size >= size);
1526 new_block->host = host;
1528 new_block->flags |= RAM_PREALLOC;
1531 new_block->flags |= RAM_RESIZEABLE;
1533 addr = ram_block_add(new_block, &local_err);
1536 error_propagate(errp, local_err);
1542 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1543 MemoryRegion *mr, Error **errp)
1545 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1548 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1550 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1553 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1554 void (*resized)(const char*,
1557 MemoryRegion *mr, Error **errp)
1559 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1562 void qemu_ram_free_from_ptr(ram_addr_t addr)
1566 qemu_mutex_lock_ramlist();
1567 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1568 if (addr == block->offset) {
1569 QLIST_REMOVE_RCU(block, next);
1570 ram_list.mru_block = NULL;
1571 /* Write list before version */
1574 g_free_rcu(block, rcu);
1578 qemu_mutex_unlock_ramlist();
1581 static void reclaim_ramblock(RAMBlock *block)
1583 if (block->flags & RAM_PREALLOC) {
1585 } else if (xen_enabled()) {
1586 xen_invalidate_map_cache_entry(block->host);
1588 } else if (block->fd >= 0) {
1589 munmap(block->host, block->max_length);
1593 qemu_anon_ram_free(block->host, block->max_length);
1598 void qemu_ram_free(ram_addr_t addr)
1602 qemu_mutex_lock_ramlist();
1603 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1604 if (addr == block->offset) {
1605 QLIST_REMOVE_RCU(block, next);
1606 ram_list.mru_block = NULL;
1607 /* Write list before version */
1610 call_rcu(block, reclaim_ramblock, rcu);
1614 qemu_mutex_unlock_ramlist();
1618 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1625 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1626 offset = addr - block->offset;
1627 if (offset < block->max_length) {
1628 vaddr = ramblock_ptr(block, offset);
1629 if (block->flags & RAM_PREALLOC) {
1631 } else if (xen_enabled()) {
1635 if (block->fd >= 0) {
1636 flags |= (block->flags & RAM_SHARED ?
1637 MAP_SHARED : MAP_PRIVATE);
1638 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1639 flags, block->fd, offset);
1642 * Remap needs to match alloc. Accelerators that
1643 * set phys_mem_alloc never remap. If they did,
1644 * we'd need a remap hook here.
1646 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1648 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1649 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1652 if (area != vaddr) {
1653 fprintf(stderr, "Could not remap addr: "
1654 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1658 memory_try_enable_merging(vaddr, length);
1659 qemu_ram_setup_dump(vaddr, length);
1664 #endif /* !_WIN32 */
1666 int qemu_get_ram_fd(ram_addr_t addr)
1672 block = qemu_get_ram_block(addr);
1678 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1684 block = qemu_get_ram_block(addr);
1685 ptr = ramblock_ptr(block, 0);
1690 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1691 * This should not be used for general purpose DMA. Use address_space_map
1692 * or address_space_rw instead. For local memory (e.g. video ram) that the
1693 * device owns, use memory_region_get_ram_ptr.
1695 * By the time this function returns, the returned pointer is not protected
1696 * by RCU anymore. If the caller is not within an RCU critical section and
1697 * does not hold the iothread lock, it must have other means of protecting the
1698 * pointer, such as a reference to the region that includes the incoming
1701 void *qemu_get_ram_ptr(ram_addr_t addr)
1707 block = qemu_get_ram_block(addr);
1709 if (xen_enabled() && block->host == NULL) {
1710 /* We need to check if the requested address is in the RAM
1711 * because we don't want to map the entire memory in QEMU.
1712 * In that case just map until the end of the page.
1714 if (block->offset == 0) {
1715 ptr = xen_map_cache(addr, 0, 0);
1719 block->host = xen_map_cache(block->offset, block->max_length, 1);
1721 ptr = ramblock_ptr(block, addr - block->offset);
1728 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1729 * but takes a size argument.
1731 * By the time this function returns, the returned pointer is not protected
1732 * by RCU anymore. If the caller is not within an RCU critical section and
1733 * does not hold the iothread lock, it must have other means of protecting the
1734 * pointer, such as a reference to the region that includes the incoming
1737 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1743 if (xen_enabled()) {
1744 return xen_map_cache(addr, *size, 1);
1748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1749 if (addr - block->offset < block->max_length) {
1750 if (addr - block->offset + *size > block->max_length)
1751 *size = block->max_length - addr + block->offset;
1752 ptr = ramblock_ptr(block, addr - block->offset);
1758 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1763 /* Some of the softmmu routines need to translate from a host pointer
1764 * (typically a TLB entry) back to a ram offset.
1766 * By the time this function returns, the returned pointer is not protected
1767 * by RCU anymore. If the caller is not within an RCU critical section and
1768 * does not hold the iothread lock, it must have other means of protecting the
1769 * pointer, such as a reference to the region that includes the incoming
1772 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1775 uint8_t *host = ptr;
1778 if (xen_enabled()) {
1780 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1781 mr = qemu_get_ram_block(*ram_addr)->mr;
1787 block = atomic_rcu_read(&ram_list.mru_block);
1788 if (block && block->host && host - block->host < block->max_length) {
1792 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1793 /* This case append when the block is not mapped. */
1794 if (block->host == NULL) {
1797 if (host - block->host < block->max_length) {
1806 *ram_addr = block->offset + (host - block->host);
1812 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1813 uint64_t val, unsigned size)
1815 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1816 tb_invalidate_phys_page_fast(ram_addr, size);
1820 stb_p(qemu_get_ram_ptr(ram_addr), val);
1823 stw_p(qemu_get_ram_ptr(ram_addr), val);
1826 stl_p(qemu_get_ram_ptr(ram_addr), val);
1831 /* Set both VGA and migration bits for simplicity and to remove
1832 * the notdirty callback faster.
1834 cpu_physical_memory_set_dirty_range(ram_addr, size,
1835 DIRTY_CLIENTS_NOCODE);
1836 /* we remove the notdirty callback only if the code has been
1838 if (!cpu_physical_memory_is_clean(ram_addr)) {
1839 CPUArchState *env = current_cpu->env_ptr;
1840 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1844 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1845 unsigned size, bool is_write)
1850 static const MemoryRegionOps notdirty_mem_ops = {
1851 .write = notdirty_mem_write,
1852 .valid.accepts = notdirty_mem_accepts,
1853 .endianness = DEVICE_NATIVE_ENDIAN,
1856 /* Generate a debug exception if a watchpoint has been hit. */
1857 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1859 CPUState *cpu = current_cpu;
1860 CPUArchState *env = cpu->env_ptr;
1861 target_ulong pc, cs_base;
1866 if (cpu->watchpoint_hit) {
1867 /* We re-entered the check after replacing the TB. Now raise
1868 * the debug interrupt so that is will trigger after the
1869 * current instruction. */
1870 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1873 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1874 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1875 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1876 && (wp->flags & flags)) {
1877 if (flags == BP_MEM_READ) {
1878 wp->flags |= BP_WATCHPOINT_HIT_READ;
1880 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1882 wp->hitaddr = vaddr;
1883 wp->hitattrs = attrs;
1884 if (!cpu->watchpoint_hit) {
1885 cpu->watchpoint_hit = wp;
1886 tb_check_watchpoint(cpu);
1887 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1888 cpu->exception_index = EXCP_DEBUG;
1891 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1892 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1893 cpu_resume_from_signal(cpu, NULL);
1897 wp->flags &= ~BP_WATCHPOINT_HIT;
1902 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1903 so these check for a hit then pass through to the normal out-of-line
1905 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1906 unsigned size, MemTxAttrs attrs)
1911 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1914 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1917 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1920 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1928 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1929 uint64_t val, unsigned size,
1934 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1937 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1940 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1943 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1950 static const MemoryRegionOps watch_mem_ops = {
1951 .read_with_attrs = watch_mem_read,
1952 .write_with_attrs = watch_mem_write,
1953 .endianness = DEVICE_NATIVE_ENDIAN,
1956 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1957 unsigned len, MemTxAttrs attrs)
1959 subpage_t *subpage = opaque;
1963 #if defined(DEBUG_SUBPAGE)
1964 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1965 subpage, len, addr);
1967 res = address_space_read(subpage->as, addr + subpage->base,
1974 *data = ldub_p(buf);
1977 *data = lduw_p(buf);
1990 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1991 uint64_t value, unsigned len, MemTxAttrs attrs)
1993 subpage_t *subpage = opaque;
1996 #if defined(DEBUG_SUBPAGE)
1997 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1998 " value %"PRIx64"\n",
1999 __func__, subpage, len, addr, value);
2017 return address_space_write(subpage->as, addr + subpage->base,
2021 static bool subpage_accepts(void *opaque, hwaddr addr,
2022 unsigned len, bool is_write)
2024 subpage_t *subpage = opaque;
2025 #if defined(DEBUG_SUBPAGE)
2026 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2027 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2030 return address_space_access_valid(subpage->as, addr + subpage->base,
2034 static const MemoryRegionOps subpage_ops = {
2035 .read_with_attrs = subpage_read,
2036 .write_with_attrs = subpage_write,
2037 .impl.min_access_size = 1,
2038 .impl.max_access_size = 8,
2039 .valid.min_access_size = 1,
2040 .valid.max_access_size = 8,
2041 .valid.accepts = subpage_accepts,
2042 .endianness = DEVICE_NATIVE_ENDIAN,
2045 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2050 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2052 idx = SUBPAGE_IDX(start);
2053 eidx = SUBPAGE_IDX(end);
2054 #if defined(DEBUG_SUBPAGE)
2055 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2056 __func__, mmio, start, end, idx, eidx, section);
2058 for (; idx <= eidx; idx++) {
2059 mmio->sub_section[idx] = section;
2065 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2069 mmio = g_malloc0(sizeof(subpage_t));
2073 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2074 NULL, TARGET_PAGE_SIZE);
2075 mmio->iomem.subpage = true;
2076 #if defined(DEBUG_SUBPAGE)
2077 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2078 mmio, base, TARGET_PAGE_SIZE);
2080 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2085 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2089 MemoryRegionSection section = {
2090 .address_space = as,
2092 .offset_within_address_space = 0,
2093 .offset_within_region = 0,
2094 .size = int128_2_64(),
2097 return phys_section_add(map, §ion);
2100 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2102 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2103 MemoryRegionSection *sections = d->map.sections;
2105 return sections[index & ~TARGET_PAGE_MASK].mr;
2108 static void io_mem_init(void)
2110 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2111 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2113 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2115 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2119 static void mem_begin(MemoryListener *listener)
2121 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2122 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2125 n = dummy_section(&d->map, as, &io_mem_unassigned);
2126 assert(n == PHYS_SECTION_UNASSIGNED);
2127 n = dummy_section(&d->map, as, &io_mem_notdirty);
2128 assert(n == PHYS_SECTION_NOTDIRTY);
2129 n = dummy_section(&d->map, as, &io_mem_rom);
2130 assert(n == PHYS_SECTION_ROM);
2131 n = dummy_section(&d->map, as, &io_mem_watch);
2132 assert(n == PHYS_SECTION_WATCH);
2134 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2136 as->next_dispatch = d;
2139 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2141 phys_sections_free(&d->map);
2145 static void mem_commit(MemoryListener *listener)
2147 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2148 AddressSpaceDispatch *cur = as->dispatch;
2149 AddressSpaceDispatch *next = as->next_dispatch;
2151 phys_page_compact_all(next, next->map.nodes_nb);
2153 atomic_rcu_set(&as->dispatch, next);
2155 call_rcu(cur, address_space_dispatch_free, rcu);
2159 static void tcg_commit(MemoryListener *listener)
2163 /* since each CPU stores ram addresses in its TLB cache, we must
2164 reset the modified entries */
2167 /* FIXME: Disentangle the cpu.h circular files deps so we can
2168 directly get the right CPU from listener. */
2169 if (cpu->tcg_as_listener != listener) {
2172 cpu_reload_memory_map(cpu);
2176 void address_space_init_dispatch(AddressSpace *as)
2178 as->dispatch = NULL;
2179 as->dispatch_listener = (MemoryListener) {
2181 .commit = mem_commit,
2182 .region_add = mem_add,
2183 .region_nop = mem_add,
2186 memory_listener_register(&as->dispatch_listener, as);
2189 void address_space_unregister(AddressSpace *as)
2191 memory_listener_unregister(&as->dispatch_listener);
2194 void address_space_destroy_dispatch(AddressSpace *as)
2196 AddressSpaceDispatch *d = as->dispatch;
2198 atomic_rcu_set(&as->dispatch, NULL);
2200 call_rcu(d, address_space_dispatch_free, rcu);
2204 static void memory_map_init(void)
2206 system_memory = g_malloc(sizeof(*system_memory));
2208 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2209 address_space_init(&address_space_memory, system_memory, "memory");
2211 system_io = g_malloc(sizeof(*system_io));
2212 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2214 address_space_init(&address_space_io, system_io, "I/O");
2217 MemoryRegion *get_system_memory(void)
2219 return system_memory;
2222 MemoryRegion *get_system_io(void)
2227 #endif /* !defined(CONFIG_USER_ONLY) */
2229 /* physical memory access (slow version, mainly for debug) */
2230 #if defined(CONFIG_USER_ONLY)
2231 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2232 uint8_t *buf, int len, int is_write)
2239 page = addr & TARGET_PAGE_MASK;
2240 l = (page + TARGET_PAGE_SIZE) - addr;
2243 flags = page_get_flags(page);
2244 if (!(flags & PAGE_VALID))
2247 if (!(flags & PAGE_WRITE))
2249 /* XXX: this code should not depend on lock_user */
2250 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2253 unlock_user(p, addr, l);
2255 if (!(flags & PAGE_READ))
2257 /* XXX: this code should not depend on lock_user */
2258 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2261 unlock_user(p, addr, 0);
2272 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2275 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2276 /* No early return if dirty_log_mask is or becomes 0, because
2277 * cpu_physical_memory_set_dirty_range will still call
2278 * xen_modified_memory.
2280 if (dirty_log_mask) {
2282 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2284 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2285 tb_invalidate_phys_range(addr, addr + length);
2286 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2288 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2291 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2293 unsigned access_size_max = mr->ops->valid.max_access_size;
2295 /* Regions are assumed to support 1-4 byte accesses unless
2296 otherwise specified. */
2297 if (access_size_max == 0) {
2298 access_size_max = 4;
2301 /* Bound the maximum access by the alignment of the address. */
2302 if (!mr->ops->impl.unaligned) {
2303 unsigned align_size_max = addr & -addr;
2304 if (align_size_max != 0 && align_size_max < access_size_max) {
2305 access_size_max = align_size_max;
2309 /* Don't attempt accesses larger than the maximum. */
2310 if (l > access_size_max) {
2311 l = access_size_max;
2314 l = 1 << (qemu_fls(l) - 1);
2320 static bool prepare_mmio_access(MemoryRegion *mr)
2322 bool unlocked = !qemu_mutex_iothread_locked();
2323 bool release_lock = false;
2325 if (unlocked && mr->global_locking) {
2326 qemu_mutex_lock_iothread();
2328 release_lock = true;
2330 if (mr->flush_coalesced_mmio) {
2332 qemu_mutex_lock_iothread();
2334 qemu_flush_coalesced_mmio_buffer();
2336 qemu_mutex_unlock_iothread();
2340 return release_lock;
2343 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2344 uint8_t *buf, int len, bool is_write)
2351 MemTxResult result = MEMTX_OK;
2352 bool release_lock = false;
2357 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2360 if (!memory_access_is_direct(mr, is_write)) {
2361 release_lock |= prepare_mmio_access(mr);
2362 l = memory_access_size(mr, l, addr1);
2363 /* XXX: could force current_cpu to NULL to avoid
2367 /* 64 bit write access */
2369 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2373 /* 32 bit write access */
2375 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2379 /* 16 bit write access */
2381 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2385 /* 8 bit write access */
2387 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2394 addr1 += memory_region_get_ram_addr(mr);
2396 ptr = qemu_get_ram_ptr(addr1);
2397 memcpy(ptr, buf, l);
2398 invalidate_and_set_dirty(mr, addr1, l);
2401 if (!memory_access_is_direct(mr, is_write)) {
2403 release_lock |= prepare_mmio_access(mr);
2404 l = memory_access_size(mr, l, addr1);
2407 /* 64 bit read access */
2408 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2413 /* 32 bit read access */
2414 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2419 /* 16 bit read access */
2420 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2425 /* 8 bit read access */
2426 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2435 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2436 memcpy(buf, ptr, l);
2441 qemu_mutex_unlock_iothread();
2442 release_lock = false;
2454 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2455 const uint8_t *buf, int len)
2457 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2460 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2461 uint8_t *buf, int len)
2463 return address_space_rw(as, addr, attrs, buf, len, false);
2467 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2468 int len, int is_write)
2470 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2471 buf, len, is_write);
2474 enum write_rom_type {
2479 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2480 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2490 mr = address_space_translate(as, addr, &addr1, &l, true);
2492 if (!(memory_region_is_ram(mr) ||
2493 memory_region_is_romd(mr))) {
2496 addr1 += memory_region_get_ram_addr(mr);
2498 ptr = qemu_get_ram_ptr(addr1);
2501 memcpy(ptr, buf, l);
2502 invalidate_and_set_dirty(mr, addr1, l);
2505 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2516 /* used for ROM loading : can write in RAM and ROM */
2517 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2518 const uint8_t *buf, int len)
2520 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2523 void cpu_flush_icache_range(hwaddr start, int len)
2526 * This function should do the same thing as an icache flush that was
2527 * triggered from within the guest. For TCG we are always cache coherent,
2528 * so there is no need to flush anything. For KVM / Xen we need to flush
2529 * the host's instruction cache at least.
2531 if (tcg_enabled()) {
2535 cpu_physical_memory_write_rom_internal(&address_space_memory,
2536 start, NULL, len, FLUSH_CACHE);
2547 static BounceBuffer bounce;
2549 typedef struct MapClient {
2551 QLIST_ENTRY(MapClient) link;
2554 QemuMutex map_client_list_lock;
2555 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2556 = QLIST_HEAD_INITIALIZER(map_client_list);
2558 static void cpu_unregister_map_client_do(MapClient *client)
2560 QLIST_REMOVE(client, link);
2564 static void cpu_notify_map_clients_locked(void)
2568 while (!QLIST_EMPTY(&map_client_list)) {
2569 client = QLIST_FIRST(&map_client_list);
2570 qemu_bh_schedule(client->bh);
2571 cpu_unregister_map_client_do(client);
2575 void cpu_register_map_client(QEMUBH *bh)
2577 MapClient *client = g_malloc(sizeof(*client));
2579 qemu_mutex_lock(&map_client_list_lock);
2581 QLIST_INSERT_HEAD(&map_client_list, client, link);
2582 if (!atomic_read(&bounce.in_use)) {
2583 cpu_notify_map_clients_locked();
2585 qemu_mutex_unlock(&map_client_list_lock);
2588 void cpu_exec_init_all(void)
2590 qemu_mutex_init(&ram_list.mutex);
2593 qemu_mutex_init(&map_client_list_lock);
2596 void cpu_unregister_map_client(QEMUBH *bh)
2600 qemu_mutex_lock(&map_client_list_lock);
2601 QLIST_FOREACH(client, &map_client_list, link) {
2602 if (client->bh == bh) {
2603 cpu_unregister_map_client_do(client);
2607 qemu_mutex_unlock(&map_client_list_lock);
2610 static void cpu_notify_map_clients(void)
2612 qemu_mutex_lock(&map_client_list_lock);
2613 cpu_notify_map_clients_locked();
2614 qemu_mutex_unlock(&map_client_list_lock);
2617 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2625 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2626 if (!memory_access_is_direct(mr, is_write)) {
2627 l = memory_access_size(mr, l, addr);
2628 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2640 /* Map a physical memory region into a host virtual address.
2641 * May map a subset of the requested range, given by and returned in *plen.
2642 * May return NULL if resources needed to perform the mapping are exhausted.
2643 * Use only for reads OR writes - not for read-modify-write operations.
2644 * Use cpu_register_map_client() to know when retrying the map operation is
2645 * likely to succeed.
2647 void *address_space_map(AddressSpace *as,
2654 hwaddr l, xlat, base;
2655 MemoryRegion *mr, *this_mr;
2664 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2666 if (!memory_access_is_direct(mr, is_write)) {
2667 if (atomic_xchg(&bounce.in_use, true)) {
2671 /* Avoid unbounded allocations */
2672 l = MIN(l, TARGET_PAGE_SIZE);
2673 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2677 memory_region_ref(mr);
2680 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2686 return bounce.buffer;
2690 raddr = memory_region_get_ram_addr(mr);
2701 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2702 if (this_mr != mr || xlat != base + done) {
2707 memory_region_ref(mr);
2710 return qemu_ram_ptr_length(raddr + base, plen);
2713 /* Unmaps a memory region previously mapped by address_space_map().
2714 * Will also mark the memory as dirty if is_write == 1. access_len gives
2715 * the amount of memory that was actually read or written by the caller.
2717 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2718 int is_write, hwaddr access_len)
2720 if (buffer != bounce.buffer) {
2724 mr = qemu_ram_addr_from_host(buffer, &addr1);
2727 invalidate_and_set_dirty(mr, addr1, access_len);
2729 if (xen_enabled()) {
2730 xen_invalidate_map_cache_entry(buffer);
2732 memory_region_unref(mr);
2736 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2737 bounce.buffer, access_len);
2739 qemu_vfree(bounce.buffer);
2740 bounce.buffer = NULL;
2741 memory_region_unref(bounce.mr);
2742 atomic_mb_set(&bounce.in_use, false);
2743 cpu_notify_map_clients();
2746 void *cpu_physical_memory_map(hwaddr addr,
2750 return address_space_map(&address_space_memory, addr, plen, is_write);
2753 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2754 int is_write, hwaddr access_len)
2756 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2759 /* warning: addr must be aligned */
2760 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2762 MemTxResult *result,
2763 enum device_endian endian)
2771 bool release_lock = false;
2774 mr = address_space_translate(as, addr, &addr1, &l, false);
2775 if (l < 4 || !memory_access_is_direct(mr, false)) {
2776 release_lock |= prepare_mmio_access(mr);
2779 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2780 #if defined(TARGET_WORDS_BIGENDIAN)
2781 if (endian == DEVICE_LITTLE_ENDIAN) {
2785 if (endian == DEVICE_BIG_ENDIAN) {
2791 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2795 case DEVICE_LITTLE_ENDIAN:
2796 val = ldl_le_p(ptr);
2798 case DEVICE_BIG_ENDIAN:
2799 val = ldl_be_p(ptr);
2811 qemu_mutex_unlock_iothread();
2817 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2818 MemTxAttrs attrs, MemTxResult *result)
2820 return address_space_ldl_internal(as, addr, attrs, result,
2821 DEVICE_NATIVE_ENDIAN);
2824 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2825 MemTxAttrs attrs, MemTxResult *result)
2827 return address_space_ldl_internal(as, addr, attrs, result,
2828 DEVICE_LITTLE_ENDIAN);
2831 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2832 MemTxAttrs attrs, MemTxResult *result)
2834 return address_space_ldl_internal(as, addr, attrs, result,
2838 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2840 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2843 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2845 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2848 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2850 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2853 /* warning: addr must be aligned */
2854 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2856 MemTxResult *result,
2857 enum device_endian endian)
2865 bool release_lock = false;
2868 mr = address_space_translate(as, addr, &addr1, &l,
2870 if (l < 8 || !memory_access_is_direct(mr, false)) {
2871 release_lock |= prepare_mmio_access(mr);
2874 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2875 #if defined(TARGET_WORDS_BIGENDIAN)
2876 if (endian == DEVICE_LITTLE_ENDIAN) {
2880 if (endian == DEVICE_BIG_ENDIAN) {
2886 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2890 case DEVICE_LITTLE_ENDIAN:
2891 val = ldq_le_p(ptr);
2893 case DEVICE_BIG_ENDIAN:
2894 val = ldq_be_p(ptr);
2906 qemu_mutex_unlock_iothread();
2912 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2913 MemTxAttrs attrs, MemTxResult *result)
2915 return address_space_ldq_internal(as, addr, attrs, result,
2916 DEVICE_NATIVE_ENDIAN);
2919 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2920 MemTxAttrs attrs, MemTxResult *result)
2922 return address_space_ldq_internal(as, addr, attrs, result,
2923 DEVICE_LITTLE_ENDIAN);
2926 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2927 MemTxAttrs attrs, MemTxResult *result)
2929 return address_space_ldq_internal(as, addr, attrs, result,
2933 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2935 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2938 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2940 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2943 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2945 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2949 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2950 MemTxAttrs attrs, MemTxResult *result)
2955 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2962 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2964 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2967 /* warning: addr must be aligned */
2968 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2971 MemTxResult *result,
2972 enum device_endian endian)
2980 bool release_lock = false;
2983 mr = address_space_translate(as, addr, &addr1, &l,
2985 if (l < 2 || !memory_access_is_direct(mr, false)) {
2986 release_lock |= prepare_mmio_access(mr);
2989 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2990 #if defined(TARGET_WORDS_BIGENDIAN)
2991 if (endian == DEVICE_LITTLE_ENDIAN) {
2995 if (endian == DEVICE_BIG_ENDIAN) {
3001 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3005 case DEVICE_LITTLE_ENDIAN:
3006 val = lduw_le_p(ptr);
3008 case DEVICE_BIG_ENDIAN:
3009 val = lduw_be_p(ptr);
3021 qemu_mutex_unlock_iothread();
3027 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3028 MemTxAttrs attrs, MemTxResult *result)
3030 return address_space_lduw_internal(as, addr, attrs, result,
3031 DEVICE_NATIVE_ENDIAN);
3034 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3035 MemTxAttrs attrs, MemTxResult *result)
3037 return address_space_lduw_internal(as, addr, attrs, result,
3038 DEVICE_LITTLE_ENDIAN);
3041 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3042 MemTxAttrs attrs, MemTxResult *result)
3044 return address_space_lduw_internal(as, addr, attrs, result,
3048 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3050 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3053 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3055 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3058 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3060 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3063 /* warning: addr must be aligned. The ram page is not masked as dirty
3064 and the code inside is not invalidated. It is useful if the dirty
3065 bits are used to track modified PTEs */
3066 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3067 MemTxAttrs attrs, MemTxResult *result)
3074 uint8_t dirty_log_mask;
3075 bool release_lock = false;
3078 mr = address_space_translate(as, addr, &addr1, &l,
3080 if (l < 4 || !memory_access_is_direct(mr, true)) {
3081 release_lock |= prepare_mmio_access(mr);
3083 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3085 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3086 ptr = qemu_get_ram_ptr(addr1);
3089 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3090 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3091 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3098 qemu_mutex_unlock_iothread();
3103 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3105 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3108 /* warning: addr must be aligned */
3109 static inline void address_space_stl_internal(AddressSpace *as,
3110 hwaddr addr, uint32_t val,
3112 MemTxResult *result,
3113 enum device_endian endian)
3120 bool release_lock = false;
3123 mr = address_space_translate(as, addr, &addr1, &l,
3125 if (l < 4 || !memory_access_is_direct(mr, true)) {
3126 release_lock |= prepare_mmio_access(mr);
3128 #if defined(TARGET_WORDS_BIGENDIAN)
3129 if (endian == DEVICE_LITTLE_ENDIAN) {
3133 if (endian == DEVICE_BIG_ENDIAN) {
3137 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3140 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3141 ptr = qemu_get_ram_ptr(addr1);
3143 case DEVICE_LITTLE_ENDIAN:
3146 case DEVICE_BIG_ENDIAN:
3153 invalidate_and_set_dirty(mr, addr1, 4);
3160 qemu_mutex_unlock_iothread();
3165 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3166 MemTxAttrs attrs, MemTxResult *result)
3168 address_space_stl_internal(as, addr, val, attrs, result,
3169 DEVICE_NATIVE_ENDIAN);
3172 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3173 MemTxAttrs attrs, MemTxResult *result)
3175 address_space_stl_internal(as, addr, val, attrs, result,
3176 DEVICE_LITTLE_ENDIAN);
3179 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3180 MemTxAttrs attrs, MemTxResult *result)
3182 address_space_stl_internal(as, addr, val, attrs, result,
3186 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3188 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3191 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3193 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3196 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3198 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3202 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3203 MemTxAttrs attrs, MemTxResult *result)
3208 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3214 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3216 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3219 /* warning: addr must be aligned */
3220 static inline void address_space_stw_internal(AddressSpace *as,
3221 hwaddr addr, uint32_t val,
3223 MemTxResult *result,
3224 enum device_endian endian)
3231 bool release_lock = false;
3234 mr = address_space_translate(as, addr, &addr1, &l, true);
3235 if (l < 2 || !memory_access_is_direct(mr, true)) {
3236 release_lock |= prepare_mmio_access(mr);
3238 #if defined(TARGET_WORDS_BIGENDIAN)
3239 if (endian == DEVICE_LITTLE_ENDIAN) {
3243 if (endian == DEVICE_BIG_ENDIAN) {
3247 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3250 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3251 ptr = qemu_get_ram_ptr(addr1);
3253 case DEVICE_LITTLE_ENDIAN:
3256 case DEVICE_BIG_ENDIAN:
3263 invalidate_and_set_dirty(mr, addr1, 2);
3270 qemu_mutex_unlock_iothread();
3275 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3276 MemTxAttrs attrs, MemTxResult *result)
3278 address_space_stw_internal(as, addr, val, attrs, result,
3279 DEVICE_NATIVE_ENDIAN);
3282 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs, MemTxResult *result)
3285 address_space_stw_internal(as, addr, val, attrs, result,
3286 DEVICE_LITTLE_ENDIAN);
3289 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
3292 address_space_stw_internal(as, addr, val, attrs, result,
3296 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3298 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3301 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3303 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3306 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3308 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3312 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3313 MemTxAttrs attrs, MemTxResult *result)
3317 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3323 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3324 MemTxAttrs attrs, MemTxResult *result)
3327 val = cpu_to_le64(val);
3328 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3333 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3334 MemTxAttrs attrs, MemTxResult *result)
3337 val = cpu_to_be64(val);
3338 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3344 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3346 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3349 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3351 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3354 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3356 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3359 /* virtual memory access for debug (includes writing to ROM) */
3360 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3361 uint8_t *buf, int len, int is_write)
3368 page = addr & TARGET_PAGE_MASK;
3369 phys_addr = cpu_get_phys_page_debug(cpu, page);
3370 /* if no physical page mapped, return an error */
3371 if (phys_addr == -1)
3373 l = (page + TARGET_PAGE_SIZE) - addr;
3376 phys_addr += (addr & ~TARGET_PAGE_MASK);
3378 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3380 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3392 * A helper function for the _utterly broken_ virtio device model to find out if
3393 * it's running on a big endian machine. Don't do this at home kids!
3395 bool target_words_bigendian(void);
3396 bool target_words_bigendian(void)
3398 #if defined(TARGET_WORDS_BIGENDIAN)
3405 #ifndef CONFIG_USER_ONLY
3406 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3413 mr = address_space_translate(&address_space_memory,
3414 phys_addr, &phys_addr, &l, false);
3416 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3421 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3427 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3428 ret = func(block->idstr, block->host, block->offset,
3429 block->used_length, opaque);
projects / sdk / emulator / qemu.git / blob