4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 //#define DEBUG_SUBPAGE
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
86 #define RAM_RESIZEABLE (1 << 2)
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
99 #if !defined(CONFIG_USER_ONLY)
101 typedef struct PhysPageEntry PhysPageEntry;
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
116 #define P_L2_SIZE (1 << P_L2_BITS)
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
120 typedef PhysPageEntry Node[P_L2_SIZE];
122 typedef struct PhysPageMap {
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
128 unsigned nodes_nb_alloc;
130 MemoryRegionSection *sections;
133 struct AddressSpaceDispatch {
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
139 PhysPageEntry phys_map;
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
149 uint16_t sub_section[TARGET_PAGE_SIZE];
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
161 static MemoryRegion io_mem_watch;
164 #if !defined(CONFIG_USER_ONLY)
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
182 ret = map->nodes_nb++;
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
236 unsigned valid_ptr = P_L2_SIZE;
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
254 phys_page_compact(&p[i], nodes, compacted);
258 /* We can only compress if there's only one child. */
263 assert(valid_ptr < P_L2_SIZE);
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
280 lp->skip += p[valid_ptr].skip;
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
286 DECLARE_BITMAP(compacted, nodes_nb);
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
297 hwaddr index = addr >> TARGET_PAGE_BITS;
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return §ions[PHYS_SECTION_UNASSIGNED];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return §ions[lp.ptr];
313 return §ions[PHYS_SECTION_UNASSIGNED];
317 bool memory_region_is_unassigned(MemoryRegion *mr)
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
326 bool resolve_subpage)
328 MemoryRegionSection *section;
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
344 MemoryRegionSection *section;
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
380 if (memory_region_is_romd(mr)) {
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
393 MemoryRegionSection *section;
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
401 if (!mr->iommu_ops) {
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
414 as = iotlb.target_as;
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
435 assert(!section->mr->iommu_ops);
440 #if !defined(CONFIG_USER_ONLY)
442 static int cpu_common_post_load(void *opaque, int version_id)
444 CPUState *cpu = opaque;
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
454 static int cpu_common_pre_load(void *opaque)
456 CPUState *cpu = opaque;
458 cpu->exception_index = -1;
463 static bool cpu_common_exception_index_needed(void *opaque)
465 CPUState *cpu = opaque;
467 return tcg_enabled() && cpu->exception_index != -1;
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
481 const VMStateDescription vmstate_cpu_common = {
482 .name = "cpu_common",
484 .minimum_version_id = 1,
485 .pre_load = cpu_common_pre_load,
486 .post_load = cpu_common_post_load,
487 .fields = (VMStateField[]) {
488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
490 VMSTATE_END_OF_LIST()
492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
500 CPUState *qemu_get_cpu(int index)
505 if (cpu->cpu_index == index) {
513 #if !defined(CONFIG_USER_ONLY)
514 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
529 void cpu_exec_init(CPUArchState *env, Error **errp)
531 CPUState *cpu = ENV_GET_CPU(env);
532 CPUClass *cc = CPU_GET_CLASS(cpu);
536 #ifndef CONFIG_USER_ONLY
537 cpu->as = &address_space_memory;
538 cpu->thread_id = qemu_get_thread_id();
539 cpu_reload_memory_map(cpu);
542 #if defined(CONFIG_USER_ONLY)
546 CPU_FOREACH(some_cpu) {
549 cpu->cpu_index = cpu_index;
550 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
551 #if defined(CONFIG_USER_ONLY)
554 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
555 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
557 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
558 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
559 cpu_save, cpu_load, env);
560 assert(cc->vmsd == NULL);
561 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
563 if (cc->vmsd != NULL) {
564 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
568 #if defined(CONFIG_USER_ONLY)
569 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
571 tb_invalidate_phys_page_range(pc, pc + 1, 0);
574 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
576 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
578 tb_invalidate_phys_addr(cpu->as,
579 phys | (pc & ~TARGET_PAGE_MASK));
584 #if defined(CONFIG_USER_ONLY)
585 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
590 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
596 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
600 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
601 int flags, CPUWatchpoint **watchpoint)
606 /* Add a watchpoint. */
607 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
608 int flags, CPUWatchpoint **watchpoint)
612 /* forbid ranges which are empty or run off the end of the address space */
613 if (len == 0 || (addr + len - 1) < addr) {
614 error_report("tried to set invalid watchpoint at %"
615 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
618 wp = g_malloc(sizeof(*wp));
624 /* keep all GDB-injected watchpoints in front */
625 if (flags & BP_GDB) {
626 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
628 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
631 tlb_flush_page(cpu, addr);
638 /* Remove a specific watchpoint. */
639 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
644 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
645 if (addr == wp->vaddr && len == wp->len
646 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
647 cpu_watchpoint_remove_by_ref(cpu, wp);
654 /* Remove a specific watchpoint by reference. */
655 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
657 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
659 tlb_flush_page(cpu, watchpoint->vaddr);
664 /* Remove all matching watchpoints. */
665 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
667 CPUWatchpoint *wp, *next;
669 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
670 if (wp->flags & mask) {
671 cpu_watchpoint_remove_by_ref(cpu, wp);
676 /* Return true if this watchpoint address matches the specified
677 * access (ie the address range covered by the watchpoint overlaps
678 * partially or completely with the address range covered by the
681 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
685 /* We know the lengths are non-zero, but a little caution is
686 * required to avoid errors in the case where the range ends
687 * exactly at the top of the address space and so addr + len
688 * wraps round to zero.
690 vaddr wpend = wp->vaddr + wp->len - 1;
691 vaddr addrend = addr + len - 1;
693 return !(addr > wpend || wp->vaddr > addrend);
698 /* Add a breakpoint. */
699 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
700 CPUBreakpoint **breakpoint)
704 bp = g_malloc(sizeof(*bp));
709 /* keep all GDB-injected breakpoints in front */
710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
713 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
716 breakpoint_invalidate(cpu, pc);
724 /* Remove a specific breakpoint. */
725 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
729 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
730 if (bp->pc == pc && bp->flags == flags) {
731 cpu_breakpoint_remove_by_ref(cpu, bp);
738 /* Remove a specific breakpoint by reference. */
739 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
741 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
743 breakpoint_invalidate(cpu, breakpoint->pc);
748 /* Remove all matching breakpoints. */
749 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
751 CPUBreakpoint *bp, *next;
753 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
754 if (bp->flags & mask) {
755 cpu_breakpoint_remove_by_ref(cpu, bp);
760 /* enable or disable single step mode. EXCP_DEBUG is returned by the
761 CPU loop after each instruction */
762 void cpu_single_step(CPUState *cpu, int enabled)
764 if (cpu->singlestep_enabled != enabled) {
765 cpu->singlestep_enabled = enabled;
767 kvm_update_guest_debug(cpu, 0);
769 /* must flush all the translated code to avoid inconsistencies */
770 /* XXX: only flush what is necessary */
771 CPUArchState *env = cpu->env_ptr;
777 void cpu_abort(CPUState *cpu, const char *fmt, ...)
784 fprintf(stderr, "qemu: fatal: ");
785 vfprintf(stderr, fmt, ap);
786 fprintf(stderr, "\n");
787 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
788 if (qemu_log_enabled()) {
789 qemu_log("qemu: fatal: ");
790 qemu_log_vprintf(fmt, ap2);
792 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
798 #if defined(CONFIG_USER_ONLY)
800 struct sigaction act;
801 sigfillset(&act.sa_mask);
802 act.sa_handler = SIG_DFL;
803 sigaction(SIGABRT, &act, NULL);
809 #if !defined(CONFIG_USER_ONLY)
810 /* Called from RCU critical section */
811 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
815 block = atomic_rcu_read(&ram_list.mru_block);
816 if (block && addr - block->offset < block->max_length) {
819 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
820 if (addr - block->offset < block->max_length) {
825 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
829 /* It is safe to write mru_block outside the iothread lock. This
834 * xxx removed from list
838 * call_rcu(reclaim_ramblock, xxx);
841 * atomic_rcu_set is not needed here. The block was already published
842 * when it was placed into the list. Here we're just making an extra
843 * copy of the pointer.
845 ram_list.mru_block = block;
849 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
855 end = TARGET_PAGE_ALIGN(start + length);
856 start &= TARGET_PAGE_MASK;
859 block = qemu_get_ram_block(start);
860 assert(block == qemu_get_ram_block(end - 1));
861 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
862 cpu_tlb_reset_dirty_all(start1, length);
866 /* Note: start and end must be within the same ram block. */
867 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
871 unsigned long end, page;
878 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
879 page = start >> TARGET_PAGE_BITS;
880 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
883 if (dirty && tcg_enabled()) {
884 tlb_reset_dirty_range_all(start, length);
890 /* Called from RCU critical section */
891 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
892 MemoryRegionSection *section,
894 hwaddr paddr, hwaddr xlat,
896 target_ulong *address)
901 if (memory_region_is_ram(section->mr)) {
903 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
905 if (!section->readonly) {
906 iotlb |= PHYS_SECTION_NOTDIRTY;
908 iotlb |= PHYS_SECTION_ROM;
911 iotlb = section - section->address_space->dispatch->map.sections;
915 /* Make accesses to pages with watchpoints go via the
916 watchpoint trap routines. */
917 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
918 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
919 /* Avoid trapping reads of pages with a write breakpoint. */
920 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
921 iotlb = PHYS_SECTION_WATCH + paddr;
922 *address |= TLB_MMIO;
930 #endif /* defined(CONFIG_USER_ONLY) */
932 #if !defined(CONFIG_USER_ONLY)
934 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
936 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
938 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
942 * Set a custom physical guest memory alloator.
943 * Accelerators with unusual needs may need this. Hopefully, we can
944 * get rid of it eventually.
946 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
948 phys_mem_alloc = alloc;
951 static uint16_t phys_section_add(PhysPageMap *map,
952 MemoryRegionSection *section)
954 /* The physical section number is ORed with a page-aligned
955 * pointer to produce the iotlb entries. Thus it should
956 * never overflow into the page-aligned value.
958 assert(map->sections_nb < TARGET_PAGE_SIZE);
960 if (map->sections_nb == map->sections_nb_alloc) {
961 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
962 map->sections = g_renew(MemoryRegionSection, map->sections,
963 map->sections_nb_alloc);
965 map->sections[map->sections_nb] = *section;
966 memory_region_ref(section->mr);
967 return map->sections_nb++;
970 static void phys_section_destroy(MemoryRegion *mr)
972 memory_region_unref(mr);
975 subpage_t *subpage = container_of(mr, subpage_t, iomem);
976 object_unref(OBJECT(&subpage->iomem));
981 static void phys_sections_free(PhysPageMap *map)
983 while (map->sections_nb > 0) {
984 MemoryRegionSection *section = &map->sections[--map->sections_nb];
985 phys_section_destroy(section->mr);
987 g_free(map->sections);
991 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
994 hwaddr base = section->offset_within_address_space
996 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
997 d->map.nodes, d->map.sections);
998 MemoryRegionSection subsection = {
999 .offset_within_address_space = base,
1000 .size = int128_make64(TARGET_PAGE_SIZE),
1004 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1006 if (!(existing->mr->subpage)) {
1007 subpage = subpage_init(d->as, base);
1008 subsection.address_space = d->as;
1009 subsection.mr = &subpage->iomem;
1010 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1011 phys_section_add(&d->map, &subsection));
1013 subpage = container_of(existing->mr, subpage_t, iomem);
1015 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1016 end = start + int128_get64(section->size) - 1;
1017 subpage_register(subpage, start, end,
1018 phys_section_add(&d->map, section));
1022 static void register_multipage(AddressSpaceDispatch *d,
1023 MemoryRegionSection *section)
1025 hwaddr start_addr = section->offset_within_address_space;
1026 uint16_t section_index = phys_section_add(&d->map, section);
1027 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1031 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1034 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1036 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1037 AddressSpaceDispatch *d = as->next_dispatch;
1038 MemoryRegionSection now = *section, remain = *section;
1039 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1041 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1042 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1043 - now.offset_within_address_space;
1045 now.size = int128_min(int128_make64(left), now.size);
1046 register_subpage(d, &now);
1048 now.size = int128_zero();
1050 while (int128_ne(remain.size, now.size)) {
1051 remain.size = int128_sub(remain.size, now.size);
1052 remain.offset_within_address_space += int128_get64(now.size);
1053 remain.offset_within_region += int128_get64(now.size);
1055 if (int128_lt(remain.size, page_size)) {
1056 register_subpage(d, &now);
1057 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1058 now.size = page_size;
1059 register_subpage(d, &now);
1061 now.size = int128_and(now.size, int128_neg(page_size));
1062 register_multipage(d, &now);
1067 void qemu_flush_coalesced_mmio_buffer(void)
1070 kvm_flush_coalesced_mmio_buffer();
1073 void qemu_mutex_lock_ramlist(void)
1075 qemu_mutex_lock(&ram_list.mutex);
1078 void qemu_mutex_unlock_ramlist(void)
1080 qemu_mutex_unlock(&ram_list.mutex);
1085 #include <sys/vfs.h>
1087 #define HUGETLBFS_MAGIC 0x958458f6
1089 static long gethugepagesize(const char *path, Error **errp)
1095 ret = statfs(path, &fs);
1096 } while (ret != 0 && errno == EINTR);
1099 error_setg_errno(errp, errno, "failed to get page size of file %s",
1104 if (fs.f_type != HUGETLBFS_MAGIC)
1105 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1110 static void *file_ram_alloc(RAMBlock *block,
1116 char *sanitized_name;
1121 Error *local_err = NULL;
1123 hpagesize = gethugepagesize(path, &local_err);
1125 error_propagate(errp, local_err);
1128 block->mr->align = hpagesize;
1130 if (memory < hpagesize) {
1131 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1132 "or larger than huge page size 0x%" PRIx64,
1137 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1139 "host lacks kvm mmu notifiers, -mem-path unsupported");
1143 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1144 sanitized_name = g_strdup(memory_region_name(block->mr));
1145 for (c = sanitized_name; *c != '\0'; c++) {
1150 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1152 g_free(sanitized_name);
1154 fd = mkstemp(filename);
1156 error_setg_errno(errp, errno,
1157 "unable to create backing store for hugepages");
1164 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1167 * ftruncate is not supported by hugetlbfs in older
1168 * hosts, so don't bother bailing out on errors.
1169 * If anything goes wrong with it under other filesystems,
1172 if (ftruncate(fd, memory)) {
1173 perror("ftruncate");
1176 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1177 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1179 if (area == MAP_FAILED) {
1180 error_setg_errno(errp, errno,
1181 "unable to map backing store for hugepages");
1187 os_mem_prealloc(fd, area, memory);
1195 error_report("%s", error_get_pretty(*errp));
1202 /* Called with the ramlist lock held. */
1203 static ram_addr_t find_ram_offset(ram_addr_t size)
1205 RAMBlock *block, *next_block;
1206 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1208 assert(size != 0); /* it would hand out same offset multiple times */
1210 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1214 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1215 ram_addr_t end, next = RAM_ADDR_MAX;
1217 end = block->offset + block->max_length;
1219 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1220 if (next_block->offset >= end) {
1221 next = MIN(next, next_block->offset);
1224 if (next - end >= size && next - end < mingap) {
1226 mingap = next - end;
1230 if (offset == RAM_ADDR_MAX) {
1231 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1239 ram_addr_t last_ram_offset(void)
1242 ram_addr_t last = 0;
1245 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1246 last = MAX(last, block->offset + block->max_length);
1252 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1256 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1257 if (!machine_dump_guest_core(current_machine)) {
1258 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1260 perror("qemu_madvise");
1261 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1262 "but dump_guest_core=off specified\n");
1267 /* Called within an RCU critical section, or while the ramlist lock
1270 static RAMBlock *find_ram_block(ram_addr_t addr)
1274 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1275 if (block->offset == addr) {
1283 /* Called with iothread lock held. */
1284 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1286 RAMBlock *new_block, *block;
1289 new_block = find_ram_block(addr);
1291 assert(!new_block->idstr[0]);
1294 char *id = qdev_get_dev_path(dev);
1296 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1300 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1302 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1303 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1304 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1312 /* Called with iothread lock held. */
1313 void qemu_ram_unset_idstr(ram_addr_t addr)
1317 /* FIXME: arch_init.c assumes that this is not called throughout
1318 * migration. Ignore the problem since hot-unplug during migration
1319 * does not work anyway.
1323 block = find_ram_block(addr);
1325 memset(block->idstr, 0, sizeof(block->idstr));
1330 static int memory_try_enable_merging(void *addr, size_t len)
1332 if (!machine_mem_merge(current_machine)) {
1333 /* disabled by the user */
1337 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1340 /* Only legal before guest might have detected the memory size: e.g. on
1341 * incoming migration, or right after reset.
1343 * As memory core doesn't know how is memory accessed, it is up to
1344 * resize callback to update device state and/or add assertions to detect
1345 * misuse, if necessary.
1347 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1349 RAMBlock *block = find_ram_block(base);
1353 newsize = TARGET_PAGE_ALIGN(newsize);
1355 if (block->used_length == newsize) {
1359 if (!(block->flags & RAM_RESIZEABLE)) {
1360 error_setg_errno(errp, EINVAL,
1361 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1362 " in != 0x" RAM_ADDR_FMT, block->idstr,
1363 newsize, block->used_length);
1367 if (block->max_length < newsize) {
1368 error_setg_errno(errp, EINVAL,
1369 "Length too large: %s: 0x" RAM_ADDR_FMT
1370 " > 0x" RAM_ADDR_FMT, block->idstr,
1371 newsize, block->max_length);
1375 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1376 block->used_length = newsize;
1377 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1379 memory_region_set_size(block->mr, newsize);
1380 if (block->resized) {
1381 block->resized(block->idstr, newsize, block->host);
1386 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1389 RAMBlock *last_block = NULL;
1390 ram_addr_t old_ram_size, new_ram_size;
1392 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1394 qemu_mutex_lock_ramlist();
1395 new_block->offset = find_ram_offset(new_block->max_length);
1397 if (!new_block->host) {
1398 if (xen_enabled()) {
1399 xen_ram_alloc(new_block->offset, new_block->max_length,
1402 new_block->host = phys_mem_alloc(new_block->max_length,
1403 &new_block->mr->align);
1404 if (!new_block->host) {
1405 error_setg_errno(errp, errno,
1406 "cannot set up guest memory '%s'",
1407 memory_region_name(new_block->mr));
1408 qemu_mutex_unlock_ramlist();
1411 memory_try_enable_merging(new_block->host, new_block->max_length);
1415 new_ram_size = MAX(old_ram_size,
1416 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1417 if (new_ram_size > old_ram_size) {
1418 migration_bitmap_extend(old_ram_size, new_ram_size);
1420 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1421 * QLIST (which has an RCU-friendly variant) does not have insertion at
1422 * tail, so save the last element in last_block.
1424 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1426 if (block->max_length < new_block->max_length) {
1431 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1432 } else if (last_block) {
1433 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1434 } else { /* list is empty */
1435 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1437 ram_list.mru_block = NULL;
1439 /* Write list before version */
1442 qemu_mutex_unlock_ramlist();
1444 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1446 if (new_ram_size > old_ram_size) {
1449 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1450 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1451 ram_list.dirty_memory[i] =
1452 bitmap_zero_extend(ram_list.dirty_memory[i],
1453 old_ram_size, new_ram_size);
1456 cpu_physical_memory_set_dirty_range(new_block->offset,
1457 new_block->used_length,
1460 if (new_block->host) {
1461 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1462 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1463 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1464 if (kvm_enabled()) {
1465 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1469 return new_block->offset;
1473 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1474 bool share, const char *mem_path,
1477 RAMBlock *new_block;
1479 Error *local_err = NULL;
1481 if (xen_enabled()) {
1482 error_setg(errp, "-mem-path not supported with Xen");
1486 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1488 * file_ram_alloc() needs to allocate just like
1489 * phys_mem_alloc, but we haven't bothered to provide
1493 "-mem-path not supported with this accelerator");
1497 size = TARGET_PAGE_ALIGN(size);
1498 new_block = g_malloc0(sizeof(*new_block));
1500 new_block->used_length = size;
1501 new_block->max_length = size;
1502 new_block->flags = share ? RAM_SHARED : 0;
1503 new_block->host = file_ram_alloc(new_block, size,
1505 if (!new_block->host) {
1510 addr = ram_block_add(new_block, &local_err);
1513 error_propagate(errp, local_err);
1521 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1522 void (*resized)(const char*,
1525 void *host, bool resizeable,
1526 MemoryRegion *mr, Error **errp)
1528 RAMBlock *new_block;
1530 Error *local_err = NULL;
1532 size = TARGET_PAGE_ALIGN(size);
1533 max_size = TARGET_PAGE_ALIGN(max_size);
1534 new_block = g_malloc0(sizeof(*new_block));
1536 new_block->resized = resized;
1537 new_block->used_length = size;
1538 new_block->max_length = max_size;
1539 assert(max_size >= size);
1541 new_block->host = host;
1543 new_block->flags |= RAM_PREALLOC;
1546 new_block->flags |= RAM_RESIZEABLE;
1548 addr = ram_block_add(new_block, &local_err);
1551 error_propagate(errp, local_err);
1557 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1558 MemoryRegion *mr, Error **errp)
1560 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1563 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1565 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1568 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1569 void (*resized)(const char*,
1572 MemoryRegion *mr, Error **errp)
1574 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1577 void qemu_ram_free_from_ptr(ram_addr_t addr)
1581 qemu_mutex_lock_ramlist();
1582 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1583 if (addr == block->offset) {
1584 QLIST_REMOVE_RCU(block, next);
1585 ram_list.mru_block = NULL;
1586 /* Write list before version */
1589 g_free_rcu(block, rcu);
1593 qemu_mutex_unlock_ramlist();
1596 static void reclaim_ramblock(RAMBlock *block)
1598 if (block->flags & RAM_PREALLOC) {
1600 } else if (xen_enabled()) {
1601 xen_invalidate_map_cache_entry(block->host);
1603 } else if (block->fd >= 0) {
1604 munmap(block->host, block->max_length);
1608 qemu_anon_ram_free(block->host, block->max_length);
1613 void qemu_ram_free(ram_addr_t addr)
1617 qemu_mutex_lock_ramlist();
1618 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1619 if (addr == block->offset) {
1620 QLIST_REMOVE_RCU(block, next);
1621 ram_list.mru_block = NULL;
1622 /* Write list before version */
1625 call_rcu(block, reclaim_ramblock, rcu);
1629 qemu_mutex_unlock_ramlist();
1633 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1640 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1641 offset = addr - block->offset;
1642 if (offset < block->max_length) {
1643 vaddr = ramblock_ptr(block, offset);
1644 if (block->flags & RAM_PREALLOC) {
1646 } else if (xen_enabled()) {
1650 if (block->fd >= 0) {
1651 flags |= (block->flags & RAM_SHARED ?
1652 MAP_SHARED : MAP_PRIVATE);
1653 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1654 flags, block->fd, offset);
1657 * Remap needs to match alloc. Accelerators that
1658 * set phys_mem_alloc never remap. If they did,
1659 * we'd need a remap hook here.
1661 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1663 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1664 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1667 if (area != vaddr) {
1668 fprintf(stderr, "Could not remap addr: "
1669 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1673 memory_try_enable_merging(vaddr, length);
1674 qemu_ram_setup_dump(vaddr, length);
1679 #endif /* !_WIN32 */
1681 int qemu_get_ram_fd(ram_addr_t addr)
1687 block = qemu_get_ram_block(addr);
1693 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1699 block = qemu_get_ram_block(addr);
1700 ptr = ramblock_ptr(block, 0);
1705 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1706 * This should not be used for general purpose DMA. Use address_space_map
1707 * or address_space_rw instead. For local memory (e.g. video ram) that the
1708 * device owns, use memory_region_get_ram_ptr.
1710 * By the time this function returns, the returned pointer is not protected
1711 * by RCU anymore. If the caller is not within an RCU critical section and
1712 * does not hold the iothread lock, it must have other means of protecting the
1713 * pointer, such as a reference to the region that includes the incoming
1716 void *qemu_get_ram_ptr(ram_addr_t addr)
1722 block = qemu_get_ram_block(addr);
1724 if (xen_enabled() && block->host == NULL) {
1725 /* We need to check if the requested address is in the RAM
1726 * because we don't want to map the entire memory in QEMU.
1727 * In that case just map until the end of the page.
1729 if (block->offset == 0) {
1730 ptr = xen_map_cache(addr, 0, 0);
1734 block->host = xen_map_cache(block->offset, block->max_length, 1);
1736 ptr = ramblock_ptr(block, addr - block->offset);
1743 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1744 * but takes a size argument.
1746 * By the time this function returns, the returned pointer is not protected
1747 * by RCU anymore. If the caller is not within an RCU critical section and
1748 * does not hold the iothread lock, it must have other means of protecting the
1749 * pointer, such as a reference to the region that includes the incoming
1752 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1758 if (xen_enabled()) {
1759 return xen_map_cache(addr, *size, 1);
1763 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1764 if (addr - block->offset < block->max_length) {
1765 if (addr - block->offset + *size > block->max_length)
1766 *size = block->max_length - addr + block->offset;
1767 ptr = ramblock_ptr(block, addr - block->offset);
1773 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1778 /* Some of the softmmu routines need to translate from a host pointer
1779 * (typically a TLB entry) back to a ram offset.
1781 * By the time this function returns, the returned pointer is not protected
1782 * by RCU anymore. If the caller is not within an RCU critical section and
1783 * does not hold the iothread lock, it must have other means of protecting the
1784 * pointer, such as a reference to the region that includes the incoming
1787 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1790 uint8_t *host = ptr;
1793 if (xen_enabled()) {
1795 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1796 mr = qemu_get_ram_block(*ram_addr)->mr;
1802 block = atomic_rcu_read(&ram_list.mru_block);
1803 if (block && block->host && host - block->host < block->max_length) {
1807 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1808 /* This case append when the block is not mapped. */
1809 if (block->host == NULL) {
1812 if (host - block->host < block->max_length) {
1821 *ram_addr = block->offset + (host - block->host);
1827 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1828 uint64_t val, unsigned size)
1830 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1831 tb_invalidate_phys_page_fast(ram_addr, size);
1835 stb_p(qemu_get_ram_ptr(ram_addr), val);
1838 stw_p(qemu_get_ram_ptr(ram_addr), val);
1841 stl_p(qemu_get_ram_ptr(ram_addr), val);
1846 /* Set both VGA and migration bits for simplicity and to remove
1847 * the notdirty callback faster.
1849 cpu_physical_memory_set_dirty_range(ram_addr, size,
1850 DIRTY_CLIENTS_NOCODE);
1851 /* we remove the notdirty callback only if the code has been
1853 if (!cpu_physical_memory_is_clean(ram_addr)) {
1854 CPUArchState *env = current_cpu->env_ptr;
1855 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1859 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1860 unsigned size, bool is_write)
1865 static const MemoryRegionOps notdirty_mem_ops = {
1866 .write = notdirty_mem_write,
1867 .valid.accepts = notdirty_mem_accepts,
1868 .endianness = DEVICE_NATIVE_ENDIAN,
1871 /* Generate a debug exception if a watchpoint has been hit. */
1872 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1874 CPUState *cpu = current_cpu;
1875 CPUArchState *env = cpu->env_ptr;
1876 target_ulong pc, cs_base;
1881 if (cpu->watchpoint_hit) {
1882 /* We re-entered the check after replacing the TB. Now raise
1883 * the debug interrupt so that is will trigger after the
1884 * current instruction. */
1885 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1888 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1889 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1890 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1891 && (wp->flags & flags)) {
1892 if (flags == BP_MEM_READ) {
1893 wp->flags |= BP_WATCHPOINT_HIT_READ;
1895 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1897 wp->hitaddr = vaddr;
1898 wp->hitattrs = attrs;
1899 if (!cpu->watchpoint_hit) {
1900 cpu->watchpoint_hit = wp;
1901 tb_check_watchpoint(cpu);
1902 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1903 cpu->exception_index = EXCP_DEBUG;
1906 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1907 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1908 cpu_resume_from_signal(cpu, NULL);
1912 wp->flags &= ~BP_WATCHPOINT_HIT;
1917 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1918 so these check for a hit then pass through to the normal out-of-line
1920 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1921 unsigned size, MemTxAttrs attrs)
1926 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1929 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1932 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1935 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1943 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1944 uint64_t val, unsigned size,
1949 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1952 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1955 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1958 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1965 static const MemoryRegionOps watch_mem_ops = {
1966 .read_with_attrs = watch_mem_read,
1967 .write_with_attrs = watch_mem_write,
1968 .endianness = DEVICE_NATIVE_ENDIAN,
1971 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1972 unsigned len, MemTxAttrs attrs)
1974 subpage_t *subpage = opaque;
1978 #if defined(DEBUG_SUBPAGE)
1979 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1980 subpage, len, addr);
1982 res = address_space_read(subpage->as, addr + subpage->base,
1989 *data = ldub_p(buf);
1992 *data = lduw_p(buf);
2005 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2006 uint64_t value, unsigned len, MemTxAttrs attrs)
2008 subpage_t *subpage = opaque;
2011 #if defined(DEBUG_SUBPAGE)
2012 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2013 " value %"PRIx64"\n",
2014 __func__, subpage, len, addr, value);
2032 return address_space_write(subpage->as, addr + subpage->base,
2036 static bool subpage_accepts(void *opaque, hwaddr addr,
2037 unsigned len, bool is_write)
2039 subpage_t *subpage = opaque;
2040 #if defined(DEBUG_SUBPAGE)
2041 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2042 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2045 return address_space_access_valid(subpage->as, addr + subpage->base,
2049 static const MemoryRegionOps subpage_ops = {
2050 .read_with_attrs = subpage_read,
2051 .write_with_attrs = subpage_write,
2052 .impl.min_access_size = 1,
2053 .impl.max_access_size = 8,
2054 .valid.min_access_size = 1,
2055 .valid.max_access_size = 8,
2056 .valid.accepts = subpage_accepts,
2057 .endianness = DEVICE_NATIVE_ENDIAN,
2060 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2065 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2067 idx = SUBPAGE_IDX(start);
2068 eidx = SUBPAGE_IDX(end);
2069 #if defined(DEBUG_SUBPAGE)
2070 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2071 __func__, mmio, start, end, idx, eidx, section);
2073 for (; idx <= eidx; idx++) {
2074 mmio->sub_section[idx] = section;
2080 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2084 mmio = g_malloc0(sizeof(subpage_t));
2088 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2089 NULL, TARGET_PAGE_SIZE);
2090 mmio->iomem.subpage = true;
2091 #if defined(DEBUG_SUBPAGE)
2092 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2093 mmio, base, TARGET_PAGE_SIZE);
2095 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2100 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2104 MemoryRegionSection section = {
2105 .address_space = as,
2107 .offset_within_address_space = 0,
2108 .offset_within_region = 0,
2109 .size = int128_2_64(),
2112 return phys_section_add(map, §ion);
2115 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2117 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2118 MemoryRegionSection *sections = d->map.sections;
2120 return sections[index & ~TARGET_PAGE_MASK].mr;
2123 static void io_mem_init(void)
2125 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2126 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2128 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2130 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2134 static void mem_begin(MemoryListener *listener)
2136 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2137 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2140 n = dummy_section(&d->map, as, &io_mem_unassigned);
2141 assert(n == PHYS_SECTION_UNASSIGNED);
2142 n = dummy_section(&d->map, as, &io_mem_notdirty);
2143 assert(n == PHYS_SECTION_NOTDIRTY);
2144 n = dummy_section(&d->map, as, &io_mem_rom);
2145 assert(n == PHYS_SECTION_ROM);
2146 n = dummy_section(&d->map, as, &io_mem_watch);
2147 assert(n == PHYS_SECTION_WATCH);
2149 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2151 as->next_dispatch = d;
2154 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2156 phys_sections_free(&d->map);
2160 static void mem_commit(MemoryListener *listener)
2162 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2163 AddressSpaceDispatch *cur = as->dispatch;
2164 AddressSpaceDispatch *next = as->next_dispatch;
2166 phys_page_compact_all(next, next->map.nodes_nb);
2168 atomic_rcu_set(&as->dispatch, next);
2170 call_rcu(cur, address_space_dispatch_free, rcu);
2174 static void tcg_commit(MemoryListener *listener)
2178 /* since each CPU stores ram addresses in its TLB cache, we must
2179 reset the modified entries */
2182 /* FIXME: Disentangle the cpu.h circular files deps so we can
2183 directly get the right CPU from listener. */
2184 if (cpu->tcg_as_listener != listener) {
2187 cpu_reload_memory_map(cpu);
2191 void address_space_init_dispatch(AddressSpace *as)
2193 as->dispatch = NULL;
2194 as->dispatch_listener = (MemoryListener) {
2196 .commit = mem_commit,
2197 .region_add = mem_add,
2198 .region_nop = mem_add,
2201 memory_listener_register(&as->dispatch_listener, as);
2204 void address_space_unregister(AddressSpace *as)
2206 memory_listener_unregister(&as->dispatch_listener);
2209 void address_space_destroy_dispatch(AddressSpace *as)
2211 AddressSpaceDispatch *d = as->dispatch;
2213 atomic_rcu_set(&as->dispatch, NULL);
2215 call_rcu(d, address_space_dispatch_free, rcu);
2219 static void memory_map_init(void)
2221 system_memory = g_malloc(sizeof(*system_memory));
2223 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2224 address_space_init(&address_space_memory, system_memory, "memory");
2226 system_io = g_malloc(sizeof(*system_io));
2227 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2229 address_space_init(&address_space_io, system_io, "I/O");
2232 MemoryRegion *get_system_memory(void)
2234 return system_memory;
2237 MemoryRegion *get_system_io(void)
2242 #endif /* !defined(CONFIG_USER_ONLY) */
2244 /* physical memory access (slow version, mainly for debug) */
2245 #if defined(CONFIG_USER_ONLY)
2246 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2247 uint8_t *buf, int len, int is_write)
2254 page = addr & TARGET_PAGE_MASK;
2255 l = (page + TARGET_PAGE_SIZE) - addr;
2258 flags = page_get_flags(page);
2259 if (!(flags & PAGE_VALID))
2262 if (!(flags & PAGE_WRITE))
2264 /* XXX: this code should not depend on lock_user */
2265 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2268 unlock_user(p, addr, l);
2270 if (!(flags & PAGE_READ))
2272 /* XXX: this code should not depend on lock_user */
2273 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2276 unlock_user(p, addr, 0);
2287 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2290 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2291 /* No early return if dirty_log_mask is or becomes 0, because
2292 * cpu_physical_memory_set_dirty_range will still call
2293 * xen_modified_memory.
2295 if (dirty_log_mask) {
2297 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2299 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2300 tb_invalidate_phys_range(addr, addr + length);
2301 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2303 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2306 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2308 unsigned access_size_max = mr->ops->valid.max_access_size;
2310 /* Regions are assumed to support 1-4 byte accesses unless
2311 otherwise specified. */
2312 if (access_size_max == 0) {
2313 access_size_max = 4;
2316 /* Bound the maximum access by the alignment of the address. */
2317 if (!mr->ops->impl.unaligned) {
2318 unsigned align_size_max = addr & -addr;
2319 if (align_size_max != 0 && align_size_max < access_size_max) {
2320 access_size_max = align_size_max;
2324 /* Don't attempt accesses larger than the maximum. */
2325 if (l > access_size_max) {
2326 l = access_size_max;
2329 l = 1 << (qemu_fls(l) - 1);
2335 static bool prepare_mmio_access(MemoryRegion *mr)
2337 bool unlocked = !qemu_mutex_iothread_locked();
2338 bool release_lock = false;
2340 if (unlocked && mr->global_locking) {
2341 qemu_mutex_lock_iothread();
2343 release_lock = true;
2345 if (mr->flush_coalesced_mmio) {
2347 qemu_mutex_lock_iothread();
2349 qemu_flush_coalesced_mmio_buffer();
2351 qemu_mutex_unlock_iothread();
2355 return release_lock;
2358 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2359 uint8_t *buf, int len, bool is_write)
2366 MemTxResult result = MEMTX_OK;
2367 bool release_lock = false;
2372 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2375 if (!memory_access_is_direct(mr, is_write)) {
2376 release_lock |= prepare_mmio_access(mr);
2377 l = memory_access_size(mr, l, addr1);
2378 /* XXX: could force current_cpu to NULL to avoid
2382 /* 64 bit write access */
2384 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2388 /* 32 bit write access */
2390 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2394 /* 16 bit write access */
2396 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2400 /* 8 bit write access */
2402 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2409 addr1 += memory_region_get_ram_addr(mr);
2411 ptr = qemu_get_ram_ptr(addr1);
2412 memcpy(ptr, buf, l);
2413 invalidate_and_set_dirty(mr, addr1, l);
2416 if (!memory_access_is_direct(mr, is_write)) {
2418 release_lock |= prepare_mmio_access(mr);
2419 l = memory_access_size(mr, l, addr1);
2422 /* 64 bit read access */
2423 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2428 /* 32 bit read access */
2429 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2434 /* 16 bit read access */
2435 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2440 /* 8 bit read access */
2441 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2450 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2451 memcpy(buf, ptr, l);
2456 qemu_mutex_unlock_iothread();
2457 release_lock = false;
2469 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2470 const uint8_t *buf, int len)
2472 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2475 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2476 uint8_t *buf, int len)
2478 return address_space_rw(as, addr, attrs, buf, len, false);
2482 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2483 int len, int is_write)
2485 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2486 buf, len, is_write);
2489 enum write_rom_type {
2494 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2495 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2505 mr = address_space_translate(as, addr, &addr1, &l, true);
2507 if (!(memory_region_is_ram(mr) ||
2508 memory_region_is_romd(mr))) {
2509 l = memory_access_size(mr, l, addr1);
2511 addr1 += memory_region_get_ram_addr(mr);
2513 ptr = qemu_get_ram_ptr(addr1);
2516 memcpy(ptr, buf, l);
2517 invalidate_and_set_dirty(mr, addr1, l);
2520 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2531 /* used for ROM loading : can write in RAM and ROM */
2532 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2533 const uint8_t *buf, int len)
2535 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2538 void cpu_flush_icache_range(hwaddr start, int len)
2541 * This function should do the same thing as an icache flush that was
2542 * triggered from within the guest. For TCG we are always cache coherent,
2543 * so there is no need to flush anything. For KVM / Xen we need to flush
2544 * the host's instruction cache at least.
2546 if (tcg_enabled()) {
2550 cpu_physical_memory_write_rom_internal(&address_space_memory,
2551 start, NULL, len, FLUSH_CACHE);
2562 static BounceBuffer bounce;
2564 typedef struct MapClient {
2566 QLIST_ENTRY(MapClient) link;
2569 QemuMutex map_client_list_lock;
2570 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2571 = QLIST_HEAD_INITIALIZER(map_client_list);
2573 static void cpu_unregister_map_client_do(MapClient *client)
2575 QLIST_REMOVE(client, link);
2579 static void cpu_notify_map_clients_locked(void)
2583 while (!QLIST_EMPTY(&map_client_list)) {
2584 client = QLIST_FIRST(&map_client_list);
2585 qemu_bh_schedule(client->bh);
2586 cpu_unregister_map_client_do(client);
2590 void cpu_register_map_client(QEMUBH *bh)
2592 MapClient *client = g_malloc(sizeof(*client));
2594 qemu_mutex_lock(&map_client_list_lock);
2596 QLIST_INSERT_HEAD(&map_client_list, client, link);
2597 if (!atomic_read(&bounce.in_use)) {
2598 cpu_notify_map_clients_locked();
2600 qemu_mutex_unlock(&map_client_list_lock);
2603 void cpu_exec_init_all(void)
2605 qemu_mutex_init(&ram_list.mutex);
2608 qemu_mutex_init(&map_client_list_lock);
2611 void cpu_unregister_map_client(QEMUBH *bh)
2615 qemu_mutex_lock(&map_client_list_lock);
2616 QLIST_FOREACH(client, &map_client_list, link) {
2617 if (client->bh == bh) {
2618 cpu_unregister_map_client_do(client);
2622 qemu_mutex_unlock(&map_client_list_lock);
2625 static void cpu_notify_map_clients(void)
2627 qemu_mutex_lock(&map_client_list_lock);
2628 cpu_notify_map_clients_locked();
2629 qemu_mutex_unlock(&map_client_list_lock);
2632 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2640 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2641 if (!memory_access_is_direct(mr, is_write)) {
2642 l = memory_access_size(mr, l, addr);
2643 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2655 /* Map a physical memory region into a host virtual address.
2656 * May map a subset of the requested range, given by and returned in *plen.
2657 * May return NULL if resources needed to perform the mapping are exhausted.
2658 * Use only for reads OR writes - not for read-modify-write operations.
2659 * Use cpu_register_map_client() to know when retrying the map operation is
2660 * likely to succeed.
2662 void *address_space_map(AddressSpace *as,
2669 hwaddr l, xlat, base;
2670 MemoryRegion *mr, *this_mr;
2679 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2681 if (!memory_access_is_direct(mr, is_write)) {
2682 if (atomic_xchg(&bounce.in_use, true)) {
2686 /* Avoid unbounded allocations */
2687 l = MIN(l, TARGET_PAGE_SIZE);
2688 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2692 memory_region_ref(mr);
2695 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2701 return bounce.buffer;
2705 raddr = memory_region_get_ram_addr(mr);
2716 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2717 if (this_mr != mr || xlat != base + done) {
2722 memory_region_ref(mr);
2725 return qemu_ram_ptr_length(raddr + base, plen);
2728 /* Unmaps a memory region previously mapped by address_space_map().
2729 * Will also mark the memory as dirty if is_write == 1. access_len gives
2730 * the amount of memory that was actually read or written by the caller.
2732 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2733 int is_write, hwaddr access_len)
2735 if (buffer != bounce.buffer) {
2739 mr = qemu_ram_addr_from_host(buffer, &addr1);
2742 invalidate_and_set_dirty(mr, addr1, access_len);
2744 if (xen_enabled()) {
2745 xen_invalidate_map_cache_entry(buffer);
2747 memory_region_unref(mr);
2751 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2752 bounce.buffer, access_len);
2754 qemu_vfree(bounce.buffer);
2755 bounce.buffer = NULL;
2756 memory_region_unref(bounce.mr);
2757 atomic_mb_set(&bounce.in_use, false);
2758 cpu_notify_map_clients();
2761 void *cpu_physical_memory_map(hwaddr addr,
2765 return address_space_map(&address_space_memory, addr, plen, is_write);
2768 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2769 int is_write, hwaddr access_len)
2771 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2774 /* warning: addr must be aligned */
2775 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2777 MemTxResult *result,
2778 enum device_endian endian)
2786 bool release_lock = false;
2789 mr = address_space_translate(as, addr, &addr1, &l, false);
2790 if (l < 4 || !memory_access_is_direct(mr, false)) {
2791 release_lock |= prepare_mmio_access(mr);
2794 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2795 #if defined(TARGET_WORDS_BIGENDIAN)
2796 if (endian == DEVICE_LITTLE_ENDIAN) {
2800 if (endian == DEVICE_BIG_ENDIAN) {
2806 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2810 case DEVICE_LITTLE_ENDIAN:
2811 val = ldl_le_p(ptr);
2813 case DEVICE_BIG_ENDIAN:
2814 val = ldl_be_p(ptr);
2826 qemu_mutex_unlock_iothread();
2832 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2833 MemTxAttrs attrs, MemTxResult *result)
2835 return address_space_ldl_internal(as, addr, attrs, result,
2836 DEVICE_NATIVE_ENDIAN);
2839 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2840 MemTxAttrs attrs, MemTxResult *result)
2842 return address_space_ldl_internal(as, addr, attrs, result,
2843 DEVICE_LITTLE_ENDIAN);
2846 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2847 MemTxAttrs attrs, MemTxResult *result)
2849 return address_space_ldl_internal(as, addr, attrs, result,
2853 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2855 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2858 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2860 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2863 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2865 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2868 /* warning: addr must be aligned */
2869 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2871 MemTxResult *result,
2872 enum device_endian endian)
2880 bool release_lock = false;
2883 mr = address_space_translate(as, addr, &addr1, &l,
2885 if (l < 8 || !memory_access_is_direct(mr, false)) {
2886 release_lock |= prepare_mmio_access(mr);
2889 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2890 #if defined(TARGET_WORDS_BIGENDIAN)
2891 if (endian == DEVICE_LITTLE_ENDIAN) {
2895 if (endian == DEVICE_BIG_ENDIAN) {
2901 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2905 case DEVICE_LITTLE_ENDIAN:
2906 val = ldq_le_p(ptr);
2908 case DEVICE_BIG_ENDIAN:
2909 val = ldq_be_p(ptr);
2921 qemu_mutex_unlock_iothread();
2927 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2928 MemTxAttrs attrs, MemTxResult *result)
2930 return address_space_ldq_internal(as, addr, attrs, result,
2931 DEVICE_NATIVE_ENDIAN);
2934 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2935 MemTxAttrs attrs, MemTxResult *result)
2937 return address_space_ldq_internal(as, addr, attrs, result,
2938 DEVICE_LITTLE_ENDIAN);
2941 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2942 MemTxAttrs attrs, MemTxResult *result)
2944 return address_space_ldq_internal(as, addr, attrs, result,
2948 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2950 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2953 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2955 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2958 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2960 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2964 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2965 MemTxAttrs attrs, MemTxResult *result)
2970 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2977 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2979 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2982 /* warning: addr must be aligned */
2983 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2986 MemTxResult *result,
2987 enum device_endian endian)
2995 bool release_lock = false;
2998 mr = address_space_translate(as, addr, &addr1, &l,
3000 if (l < 2 || !memory_access_is_direct(mr, false)) {
3001 release_lock |= prepare_mmio_access(mr);
3004 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3005 #if defined(TARGET_WORDS_BIGENDIAN)
3006 if (endian == DEVICE_LITTLE_ENDIAN) {
3010 if (endian == DEVICE_BIG_ENDIAN) {
3016 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3020 case DEVICE_LITTLE_ENDIAN:
3021 val = lduw_le_p(ptr);
3023 case DEVICE_BIG_ENDIAN:
3024 val = lduw_be_p(ptr);
3036 qemu_mutex_unlock_iothread();
3042 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3043 MemTxAttrs attrs, MemTxResult *result)
3045 return address_space_lduw_internal(as, addr, attrs, result,
3046 DEVICE_NATIVE_ENDIAN);
3049 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3050 MemTxAttrs attrs, MemTxResult *result)
3052 return address_space_lduw_internal(as, addr, attrs, result,
3053 DEVICE_LITTLE_ENDIAN);
3056 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3057 MemTxAttrs attrs, MemTxResult *result)
3059 return address_space_lduw_internal(as, addr, attrs, result,
3063 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3065 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3068 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3070 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3073 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3075 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3078 /* warning: addr must be aligned. The ram page is not masked as dirty
3079 and the code inside is not invalidated. It is useful if the dirty
3080 bits are used to track modified PTEs */
3081 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3082 MemTxAttrs attrs, MemTxResult *result)
3089 uint8_t dirty_log_mask;
3090 bool release_lock = false;
3093 mr = address_space_translate(as, addr, &addr1, &l,
3095 if (l < 4 || !memory_access_is_direct(mr, true)) {
3096 release_lock |= prepare_mmio_access(mr);
3098 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3100 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3101 ptr = qemu_get_ram_ptr(addr1);
3104 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3105 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3106 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3113 qemu_mutex_unlock_iothread();
3118 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3120 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3123 /* warning: addr must be aligned */
3124 static inline void address_space_stl_internal(AddressSpace *as,
3125 hwaddr addr, uint32_t val,
3127 MemTxResult *result,
3128 enum device_endian endian)
3135 bool release_lock = false;
3138 mr = address_space_translate(as, addr, &addr1, &l,
3140 if (l < 4 || !memory_access_is_direct(mr, true)) {
3141 release_lock |= prepare_mmio_access(mr);
3143 #if defined(TARGET_WORDS_BIGENDIAN)
3144 if (endian == DEVICE_LITTLE_ENDIAN) {
3148 if (endian == DEVICE_BIG_ENDIAN) {
3152 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3155 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3156 ptr = qemu_get_ram_ptr(addr1);
3158 case DEVICE_LITTLE_ENDIAN:
3161 case DEVICE_BIG_ENDIAN:
3168 invalidate_and_set_dirty(mr, addr1, 4);
3175 qemu_mutex_unlock_iothread();
3180 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3181 MemTxAttrs attrs, MemTxResult *result)
3183 address_space_stl_internal(as, addr, val, attrs, result,
3184 DEVICE_NATIVE_ENDIAN);
3187 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3188 MemTxAttrs attrs, MemTxResult *result)
3190 address_space_stl_internal(as, addr, val, attrs, result,
3191 DEVICE_LITTLE_ENDIAN);
3194 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3195 MemTxAttrs attrs, MemTxResult *result)
3197 address_space_stl_internal(as, addr, val, attrs, result,
3201 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3203 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3206 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3208 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3211 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3213 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3217 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3218 MemTxAttrs attrs, MemTxResult *result)
3223 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3229 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3231 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3234 /* warning: addr must be aligned */
3235 static inline void address_space_stw_internal(AddressSpace *as,
3236 hwaddr addr, uint32_t val,
3238 MemTxResult *result,
3239 enum device_endian endian)
3246 bool release_lock = false;
3249 mr = address_space_translate(as, addr, &addr1, &l, true);
3250 if (l < 2 || !memory_access_is_direct(mr, true)) {
3251 release_lock |= prepare_mmio_access(mr);
3253 #if defined(TARGET_WORDS_BIGENDIAN)
3254 if (endian == DEVICE_LITTLE_ENDIAN) {
3258 if (endian == DEVICE_BIG_ENDIAN) {
3262 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3265 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3266 ptr = qemu_get_ram_ptr(addr1);
3268 case DEVICE_LITTLE_ENDIAN:
3271 case DEVICE_BIG_ENDIAN:
3278 invalidate_and_set_dirty(mr, addr1, 2);
3285 qemu_mutex_unlock_iothread();
3290 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3291 MemTxAttrs attrs, MemTxResult *result)
3293 address_space_stw_internal(as, addr, val, attrs, result,
3294 DEVICE_NATIVE_ENDIAN);
3297 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3298 MemTxAttrs attrs, MemTxResult *result)
3300 address_space_stw_internal(as, addr, val, attrs, result,
3301 DEVICE_LITTLE_ENDIAN);
3304 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3305 MemTxAttrs attrs, MemTxResult *result)
3307 address_space_stw_internal(as, addr, val, attrs, result,
3311 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3313 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3316 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3318 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3321 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3323 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3327 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3328 MemTxAttrs attrs, MemTxResult *result)
3332 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3338 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3339 MemTxAttrs attrs, MemTxResult *result)
3342 val = cpu_to_le64(val);
3343 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3348 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3349 MemTxAttrs attrs, MemTxResult *result)
3352 val = cpu_to_be64(val);
3353 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3359 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3361 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3364 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3366 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3369 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3371 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3374 /* virtual memory access for debug (includes writing to ROM) */
3375 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3376 uint8_t *buf, int len, int is_write)
3383 page = addr & TARGET_PAGE_MASK;
3384 phys_addr = cpu_get_phys_page_debug(cpu, page);
3385 /* if no physical page mapped, return an error */
3386 if (phys_addr == -1)
3388 l = (page + TARGET_PAGE_SIZE) - addr;
3391 phys_addr += (addr & ~TARGET_PAGE_MASK);
3393 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3395 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3407 * A helper function for the _utterly broken_ virtio device model to find out if
3408 * it's running on a big endian machine. Don't do this at home kids!
3410 bool target_words_bigendian(void);
3411 bool target_words_bigendian(void)
3413 #if defined(TARGET_WORDS_BIGENDIAN)
3420 #ifndef CONFIG_USER_ONLY
3421 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3428 mr = address_space_translate(&address_space_memory,
3429 phys_addr, &phys_addr, &l, false);
3431 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3436 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3442 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3443 ret = func(block->idstr, block->host, block->offset,
3444 block->used_length, opaque);
projects / sdk / emulator / qemu.git / blob