4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 typedef PhysPageEntry Node[L2_SIZE];
93 struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map;
99 MemoryRegionSection *sections;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t {
108 uint16_t sub_section[TARGET_PAGE_SIZE];
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
120 unsigned nodes_nb_alloc;
122 MemoryRegionSection *sections;
125 static PhysPageMap *prev_map;
126 static PhysPageMap next_map;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
132 static void *qemu_safe_ram_ptr(ram_addr_t addr);
134 static MemoryRegion io_mem_watch;
137 #if !defined(CONFIG_USER_ONLY)
139 static void phys_map_node_reserve(unsigned nodes)
141 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
142 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
144 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
145 next_map.nodes_nb + nodes);
146 next_map.nodes = g_renew(Node, next_map.nodes,
147 next_map.nodes_nb_alloc);
151 static uint16_t phys_map_node_alloc(void)
156 ret = next_map.nodes_nb++;
157 assert(ret != PHYS_MAP_NODE_NIL);
158 assert(ret != next_map.nodes_nb_alloc);
159 for (i = 0; i < L2_SIZE; ++i) {
160 next_map.nodes[ret][i].is_leaf = 0;
161 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
166 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
167 hwaddr *nb, uint16_t leaf,
172 hwaddr step = (hwaddr)1 << (level * L2_BITS);
174 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
175 lp->ptr = phys_map_node_alloc();
176 p = next_map.nodes[lp->ptr];
178 for (i = 0; i < L2_SIZE; i++) {
180 p[i].ptr = PHYS_SECTION_UNASSIGNED;
184 p = next_map.nodes[lp->ptr];
186 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
188 while (*nb && lp < &p[L2_SIZE]) {
189 if ((*index & (step - 1)) == 0 && *nb >= step) {
195 phys_page_set_level(lp, index, nb, leaf, level - 1);
201 static void phys_page_set(AddressSpaceDispatch *d,
202 hwaddr index, hwaddr nb,
205 /* Wildly overreserve - it doesn't matter much. */
206 phys_map_node_reserve(3 * P_L2_LEVELS);
208 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
211 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
212 Node *nodes, MemoryRegionSection *sections)
217 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
218 if (lp.ptr == PHYS_MAP_NODE_NIL) {
219 return §ions[PHYS_SECTION_UNASSIGNED];
222 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
224 return §ions[lp.ptr];
227 bool memory_region_is_unassigned(MemoryRegion *mr)
229 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
230 && mr != &io_mem_watch;
233 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
235 bool resolve_subpage)
237 AddressSpaceDispatch *d = as->dispatch;
238 MemoryRegionSection *section;
241 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
242 d->nodes, d->sections);
243 if (resolve_subpage && section->mr->subpage) {
244 subpage = container_of(section->mr, subpage_t, iomem);
245 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
250 static MemoryRegionSection *
251 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
252 hwaddr *plen, bool resolve_subpage)
254 MemoryRegionSection *section;
257 section = address_space_lookup_region(as, addr, resolve_subpage);
258 /* Compute offset within MemoryRegionSection */
259 addr -= section->offset_within_address_space;
261 /* Compute offset within MemoryRegion */
262 *xlat = addr + section->offset_within_region;
264 diff = int128_sub(section->mr->size, int128_make64(addr));
265 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
269 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
270 hwaddr *xlat, hwaddr *plen,
274 MemoryRegionSection *section;
279 section = address_space_translate_internal(as, addr, &addr, plen, true);
282 if (!mr->iommu_ops) {
286 iotlb = mr->iommu_ops->translate(mr, addr);
287 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
288 | (addr & iotlb.addr_mask));
289 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
290 if (!(iotlb.perm & (1 << is_write))) {
291 mr = &io_mem_unassigned;
295 as = iotlb.target_as;
303 MemoryRegionSection *
304 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
307 MemoryRegionSection *section;
308 section = address_space_translate_internal(as, addr, xlat, plen, false);
310 assert(!section->mr->iommu_ops);
315 void cpu_exec_init_all(void)
317 #if !defined(CONFIG_USER_ONLY)
318 qemu_mutex_init(&ram_list.mutex);
324 #if !defined(CONFIG_USER_ONLY)
326 static int cpu_common_post_load(void *opaque, int version_id)
328 CPUState *cpu = opaque;
330 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
331 version_id is increased. */
332 cpu->interrupt_request &= ~0x01;
333 tlb_flush(cpu->env_ptr, 1);
338 const VMStateDescription vmstate_cpu_common = {
339 .name = "cpu_common",
341 .minimum_version_id = 1,
342 .minimum_version_id_old = 1,
343 .post_load = cpu_common_post_load,
344 .fields = (VMStateField []) {
345 VMSTATE_UINT32(halted, CPUState),
346 VMSTATE_UINT32(interrupt_request, CPUState),
347 VMSTATE_END_OF_LIST()
353 CPUState *qemu_get_cpu(int index)
355 CPUArchState *env = first_cpu;
356 CPUState *cpu = NULL;
359 cpu = ENV_GET_CPU(env);
360 if (cpu->cpu_index == index) {
366 return env ? cpu : NULL;
369 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
371 CPUArchState *env = first_cpu;
374 func(ENV_GET_CPU(env), data);
379 void cpu_exec_init(CPUArchState *env)
381 CPUState *cpu = ENV_GET_CPU(env);
382 CPUClass *cc = CPU_GET_CLASS(cpu);
386 #if defined(CONFIG_USER_ONLY)
389 env->next_cpu = NULL;
392 while (*penv != NULL) {
393 penv = &(*penv)->next_cpu;
396 cpu->cpu_index = cpu_index;
398 QTAILQ_INIT(&env->breakpoints);
399 QTAILQ_INIT(&env->watchpoints);
400 #ifndef CONFIG_USER_ONLY
401 cpu->thread_id = qemu_get_thread_id();
404 #if defined(CONFIG_USER_ONLY)
407 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
408 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
409 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
410 cpu_save, cpu_load, env);
411 assert(cc->vmsd == NULL);
413 if (cc->vmsd != NULL) {
414 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
418 #if defined(TARGET_HAS_ICE)
419 #if defined(CONFIG_USER_ONLY)
420 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
422 tb_invalidate_phys_page_range(pc, pc + 1, 0);
425 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
427 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
428 (pc & ~TARGET_PAGE_MASK));
431 #endif /* TARGET_HAS_ICE */
433 #if defined(CONFIG_USER_ONLY)
434 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
439 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
440 int flags, CPUWatchpoint **watchpoint)
445 /* Add a watchpoint. */
446 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
447 int flags, CPUWatchpoint **watchpoint)
449 target_ulong len_mask = ~(len - 1);
452 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
453 if ((len & (len - 1)) || (addr & ~len_mask) ||
454 len == 0 || len > TARGET_PAGE_SIZE) {
455 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
456 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
459 wp = g_malloc(sizeof(*wp));
462 wp->len_mask = len_mask;
465 /* keep all GDB-injected watchpoints in front */
467 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
469 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
471 tlb_flush_page(env, addr);
478 /* Remove a specific watchpoint. */
479 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
482 target_ulong len_mask = ~(len - 1);
485 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
486 if (addr == wp->vaddr && len_mask == wp->len_mask
487 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
488 cpu_watchpoint_remove_by_ref(env, wp);
495 /* Remove a specific watchpoint by reference. */
496 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
498 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
500 tlb_flush_page(env, watchpoint->vaddr);
505 /* Remove all matching watchpoints. */
506 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
508 CPUWatchpoint *wp, *next;
510 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
511 if (wp->flags & mask)
512 cpu_watchpoint_remove_by_ref(env, wp);
517 /* Add a breakpoint. */
518 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
519 CPUBreakpoint **breakpoint)
521 #if defined(TARGET_HAS_ICE)
524 bp = g_malloc(sizeof(*bp));
529 /* keep all GDB-injected breakpoints in front */
531 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
533 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
535 breakpoint_invalidate(env, pc);
545 /* Remove a specific breakpoint. */
546 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
548 #if defined(TARGET_HAS_ICE)
551 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
552 if (bp->pc == pc && bp->flags == flags) {
553 cpu_breakpoint_remove_by_ref(env, bp);
563 /* Remove a specific breakpoint by reference. */
564 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
566 #if defined(TARGET_HAS_ICE)
567 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
569 breakpoint_invalidate(env, breakpoint->pc);
575 /* Remove all matching breakpoints. */
576 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
578 #if defined(TARGET_HAS_ICE)
579 CPUBreakpoint *bp, *next;
581 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
582 if (bp->flags & mask)
583 cpu_breakpoint_remove_by_ref(env, bp);
588 /* enable or disable single step mode. EXCP_DEBUG is returned by the
589 CPU loop after each instruction */
590 void cpu_single_step(CPUArchState *env, int enabled)
592 #if defined(TARGET_HAS_ICE)
593 if (env->singlestep_enabled != enabled) {
594 env->singlestep_enabled = enabled;
596 kvm_update_guest_debug(env, 0);
598 /* must flush all the translated code to avoid inconsistencies */
599 /* XXX: only flush what is necessary */
606 void cpu_abort(CPUArchState *env, const char *fmt, ...)
608 CPUState *cpu = ENV_GET_CPU(env);
614 fprintf(stderr, "qemu: fatal: ");
615 vfprintf(stderr, fmt, ap);
616 fprintf(stderr, "\n");
617 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
618 if (qemu_log_enabled()) {
619 qemu_log("qemu: fatal: ");
620 qemu_log_vprintf(fmt, ap2);
622 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
628 #if defined(CONFIG_USER_ONLY)
630 struct sigaction act;
631 sigfillset(&act.sa_mask);
632 act.sa_handler = SIG_DFL;
633 sigaction(SIGABRT, &act, NULL);
639 CPUArchState *cpu_copy(CPUArchState *env)
641 CPUArchState *new_env = cpu_init(env->cpu_model_str);
642 CPUArchState *next_cpu = new_env->next_cpu;
643 #if defined(TARGET_HAS_ICE)
648 memcpy(new_env, env, sizeof(CPUArchState));
650 /* Preserve chaining. */
651 new_env->next_cpu = next_cpu;
653 /* Clone all break/watchpoints.
654 Note: Once we support ptrace with hw-debug register access, make sure
655 BP_CPU break/watchpoints are handled correctly on clone. */
656 QTAILQ_INIT(&env->breakpoints);
657 QTAILQ_INIT(&env->watchpoints);
658 #if defined(TARGET_HAS_ICE)
659 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
660 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
662 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
663 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
671 #if !defined(CONFIG_USER_ONLY)
672 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
677 /* we modify the TLB cache so that the dirty bit will be set again
678 when accessing the range */
679 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
680 /* Check that we don't span multiple blocks - this breaks the
681 address comparisons below. */
682 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
683 != (end - 1) - start) {
686 cpu_tlb_reset_dirty_all(start1, length);
690 /* Note: start and end must be within the same ram block. */
691 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
696 start &= TARGET_PAGE_MASK;
697 end = TARGET_PAGE_ALIGN(end);
699 length = end - start;
702 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
705 tlb_reset_dirty_range_all(start, end, length);
709 static int cpu_physical_memory_set_dirty_tracking(int enable)
712 in_migration = enable;
716 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
717 MemoryRegionSection *section,
719 hwaddr paddr, hwaddr xlat,
721 target_ulong *address)
726 if (memory_region_is_ram(section->mr)) {
728 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
730 if (!section->readonly) {
731 iotlb |= PHYS_SECTION_NOTDIRTY;
733 iotlb |= PHYS_SECTION_ROM;
736 iotlb = section - address_space_memory.dispatch->sections;
740 /* Make accesses to pages with watchpoints go via the
741 watchpoint trap routines. */
742 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
743 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
744 /* Avoid trapping reads of pages with a write breakpoint. */
745 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
746 iotlb = PHYS_SECTION_WATCH + paddr;
747 *address |= TLB_MMIO;
755 #endif /* defined(CONFIG_USER_ONLY) */
757 #if !defined(CONFIG_USER_ONLY)
759 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
761 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
763 static uint16_t phys_section_add(MemoryRegionSection *section)
765 /* The physical section number is ORed with a page-aligned
766 * pointer to produce the iotlb entries. Thus it should
767 * never overflow into the page-aligned value.
769 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
771 if (next_map.sections_nb == next_map.sections_nb_alloc) {
772 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
774 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
775 next_map.sections_nb_alloc);
777 next_map.sections[next_map.sections_nb] = *section;
778 memory_region_ref(section->mr);
779 return next_map.sections_nb++;
782 static void phys_section_destroy(MemoryRegion *mr)
784 memory_region_unref(mr);
787 subpage_t *subpage = container_of(mr, subpage_t, iomem);
788 memory_region_destroy(&subpage->iomem);
793 static void phys_sections_free(PhysPageMap *map)
795 while (map->sections_nb > 0) {
796 MemoryRegionSection *section = &map->sections[--map->sections_nb];
797 phys_section_destroy(section->mr);
799 g_free(map->sections);
804 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
807 hwaddr base = section->offset_within_address_space
809 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
810 next_map.nodes, next_map.sections);
811 MemoryRegionSection subsection = {
812 .offset_within_address_space = base,
813 .size = int128_make64(TARGET_PAGE_SIZE),
817 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
819 if (!(existing->mr->subpage)) {
820 subpage = subpage_init(d->as, base);
821 subsection.mr = &subpage->iomem;
822 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
823 phys_section_add(&subsection));
825 subpage = container_of(existing->mr, subpage_t, iomem);
827 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
828 end = start + int128_get64(section->size) - 1;
829 subpage_register(subpage, start, end, phys_section_add(section));
833 static void register_multipage(AddressSpaceDispatch *d,
834 MemoryRegionSection *section)
836 hwaddr start_addr = section->offset_within_address_space;
837 uint16_t section_index = phys_section_add(section);
838 uint64_t num_pages = int128_get64(int128_rshift(section->size,
842 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
845 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
847 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
848 AddressSpaceDispatch *d = as->next_dispatch;
849 MemoryRegionSection now = *section, remain = *section;
850 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
852 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
853 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
854 - now.offset_within_address_space;
856 now.size = int128_min(int128_make64(left), now.size);
857 register_subpage(d, &now);
859 now.size = int128_zero();
861 while (int128_ne(remain.size, now.size)) {
862 remain.size = int128_sub(remain.size, now.size);
863 remain.offset_within_address_space += int128_get64(now.size);
864 remain.offset_within_region += int128_get64(now.size);
866 if (int128_lt(remain.size, page_size)) {
867 register_subpage(d, &now);
868 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
869 now.size = page_size;
870 register_subpage(d, &now);
872 now.size = int128_and(now.size, int128_neg(page_size));
873 register_multipage(d, &now);
878 void qemu_flush_coalesced_mmio_buffer(void)
881 kvm_flush_coalesced_mmio_buffer();
884 void qemu_mutex_lock_ramlist(void)
886 qemu_mutex_lock(&ram_list.mutex);
889 void qemu_mutex_unlock_ramlist(void)
891 qemu_mutex_unlock(&ram_list.mutex);
894 #if defined(__linux__) && !defined(TARGET_S390X)
898 #define HUGETLBFS_MAGIC 0x958458f6
900 static long gethugepagesize(const char *path)
906 ret = statfs(path, &fs);
907 } while (ret != 0 && errno == EINTR);
914 if (fs.f_type != HUGETLBFS_MAGIC)
915 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
920 static void *file_ram_alloc(RAMBlock *block,
925 char *sanitized_name;
932 unsigned long hpagesize;
934 hpagesize = gethugepagesize(path);
939 if (memory < hpagesize) {
943 if (kvm_enabled() && !kvm_has_sync_mmu()) {
944 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
948 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
949 sanitized_name = g_strdup(block->mr->name);
950 for (c = sanitized_name; *c != '\0'; c++) {
955 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
957 g_free(sanitized_name);
959 fd = mkstemp(filename);
961 perror("unable to create backing store for hugepages");
968 memory = (memory+hpagesize-1) & ~(hpagesize-1);
971 * ftruncate is not supported by hugetlbfs in older
972 * hosts, so don't bother bailing out on errors.
973 * If anything goes wrong with it under other filesystems,
976 if (ftruncate(fd, memory))
980 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
981 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
982 * to sidestep this quirk.
984 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
985 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
987 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
989 if (area == MAP_FAILED) {
990 perror("file_ram_alloc: can't mmap RAM pages");
999 static ram_addr_t find_ram_offset(ram_addr_t size)
1001 RAMBlock *block, *next_block;
1002 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1004 assert(size != 0); /* it would hand out same offset multiple times */
1006 if (QTAILQ_EMPTY(&ram_list.blocks))
1009 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1010 ram_addr_t end, next = RAM_ADDR_MAX;
1012 end = block->offset + block->length;
1014 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1015 if (next_block->offset >= end) {
1016 next = MIN(next, next_block->offset);
1019 if (next - end >= size && next - end < mingap) {
1021 mingap = next - end;
1025 if (offset == RAM_ADDR_MAX) {
1026 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1034 ram_addr_t last_ram_offset(void)
1037 ram_addr_t last = 0;
1039 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1040 last = MAX(last, block->offset + block->length);
1045 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1048 QemuOpts *machine_opts;
1050 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1051 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1053 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1054 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1056 perror("qemu_madvise");
1057 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1058 "but dump_guest_core=off specified\n");
1063 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1065 RAMBlock *new_block, *block;
1068 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1069 if (block->offset == addr) {
1075 assert(!new_block->idstr[0]);
1078 char *id = qdev_get_dev_path(dev);
1080 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1084 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1086 /* This assumes the iothread lock is taken here too. */
1087 qemu_mutex_lock_ramlist();
1088 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1089 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1090 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1095 qemu_mutex_unlock_ramlist();
1098 static int memory_try_enable_merging(void *addr, size_t len)
1102 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1103 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1104 /* disabled by the user */
1108 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1111 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1114 RAMBlock *block, *new_block;
1116 size = TARGET_PAGE_ALIGN(size);
1117 new_block = g_malloc0(sizeof(*new_block));
1119 /* This assumes the iothread lock is taken here too. */
1120 qemu_mutex_lock_ramlist();
1122 new_block->offset = find_ram_offset(size);
1124 new_block->host = host;
1125 new_block->flags |= RAM_PREALLOC_MASK;
1128 #if defined (__linux__) && !defined(TARGET_S390X)
1129 new_block->host = file_ram_alloc(new_block, size, mem_path);
1130 if (!new_block->host) {
1131 new_block->host = qemu_anon_ram_alloc(size);
1132 memory_try_enable_merging(new_block->host, size);
1135 fprintf(stderr, "-mem-path option unsupported\n");
1139 if (xen_enabled()) {
1140 xen_ram_alloc(new_block->offset, size, mr);
1141 } else if (kvm_enabled()) {
1142 /* some s390/kvm configurations have special constraints */
1143 new_block->host = kvm_ram_alloc(size);
1145 new_block->host = qemu_anon_ram_alloc(size);
1147 memory_try_enable_merging(new_block->host, size);
1150 new_block->length = size;
1152 /* Keep the list sorted from biggest to smallest block. */
1153 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1154 if (block->length < new_block->length) {
1159 QTAILQ_INSERT_BEFORE(block, new_block, next);
1161 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1163 ram_list.mru_block = NULL;
1166 qemu_mutex_unlock_ramlist();
1168 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1169 last_ram_offset() >> TARGET_PAGE_BITS);
1170 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1171 0, size >> TARGET_PAGE_BITS);
1172 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1174 qemu_ram_setup_dump(new_block->host, size);
1175 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1178 kvm_setup_guest_memory(new_block->host, size);
1180 return new_block->offset;
1183 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1185 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1188 void qemu_ram_free_from_ptr(ram_addr_t addr)
1192 /* This assumes the iothread lock is taken here too. */
1193 qemu_mutex_lock_ramlist();
1194 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1195 if (addr == block->offset) {
1196 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1197 ram_list.mru_block = NULL;
1203 qemu_mutex_unlock_ramlist();
1206 void qemu_ram_free(ram_addr_t addr)
1210 /* This assumes the iothread lock is taken here too. */
1211 qemu_mutex_lock_ramlist();
1212 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1213 if (addr == block->offset) {
1214 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1215 ram_list.mru_block = NULL;
1217 if (block->flags & RAM_PREALLOC_MASK) {
1219 } else if (mem_path) {
1220 #if defined (__linux__) && !defined(TARGET_S390X)
1222 munmap(block->host, block->length);
1225 qemu_anon_ram_free(block->host, block->length);
1231 if (xen_enabled()) {
1232 xen_invalidate_map_cache_entry(block->host);
1234 qemu_anon_ram_free(block->host, block->length);
1241 qemu_mutex_unlock_ramlist();
1246 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1253 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1254 offset = addr - block->offset;
1255 if (offset < block->length) {
1256 vaddr = block->host + offset;
1257 if (block->flags & RAM_PREALLOC_MASK) {
1261 munmap(vaddr, length);
1263 #if defined(__linux__) && !defined(TARGET_S390X)
1266 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1269 flags |= MAP_PRIVATE;
1271 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1272 flags, block->fd, offset);
1274 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1275 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1282 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1283 flags |= MAP_SHARED | MAP_ANONYMOUS;
1284 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1287 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1288 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1292 if (area != vaddr) {
1293 fprintf(stderr, "Could not remap addr: "
1294 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1298 memory_try_enable_merging(vaddr, length);
1299 qemu_ram_setup_dump(vaddr, length);
1305 #endif /* !_WIN32 */
1307 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1311 /* The list is protected by the iothread lock here. */
1312 block = ram_list.mru_block;
1313 if (block && addr - block->offset < block->length) {
1316 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1317 if (addr - block->offset < block->length) {
1322 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1326 ram_list.mru_block = block;
1330 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1331 With the exception of the softmmu code in this file, this should
1332 only be used for local memory (e.g. video ram) that the device owns,
1333 and knows it isn't going to access beyond the end of the block.
1335 It should not be used for general purpose DMA.
1336 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1338 void *qemu_get_ram_ptr(ram_addr_t addr)
1340 RAMBlock *block = qemu_get_ram_block(addr);
1342 if (xen_enabled()) {
1343 /* We need to check if the requested address is in the RAM
1344 * because we don't want to map the entire memory in QEMU.
1345 * In that case just map until the end of the page.
1347 if (block->offset == 0) {
1348 return xen_map_cache(addr, 0, 0);
1349 } else if (block->host == NULL) {
1351 xen_map_cache(block->offset, block->length, 1);
1354 return block->host + (addr - block->offset);
1357 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1358 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1360 * ??? Is this still necessary?
1362 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1366 /* The list is protected by the iothread lock here. */
1367 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1368 if (addr - block->offset < block->length) {
1369 if (xen_enabled()) {
1370 /* We need to check if the requested address is in the RAM
1371 * because we don't want to map the entire memory in QEMU.
1372 * In that case just map until the end of the page.
1374 if (block->offset == 0) {
1375 return xen_map_cache(addr, 0, 0);
1376 } else if (block->host == NULL) {
1378 xen_map_cache(block->offset, block->length, 1);
1381 return block->host + (addr - block->offset);
1385 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1391 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1392 * but takes a size argument */
1393 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1398 if (xen_enabled()) {
1399 return xen_map_cache(addr, *size, 1);
1403 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1404 if (addr - block->offset < block->length) {
1405 if (addr - block->offset + *size > block->length)
1406 *size = block->length - addr + block->offset;
1407 return block->host + (addr - block->offset);
1411 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1416 /* Some of the softmmu routines need to translate from a host pointer
1417 (typically a TLB entry) back to a ram offset. */
1418 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1421 uint8_t *host = ptr;
1423 if (xen_enabled()) {
1424 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1425 return qemu_get_ram_block(*ram_addr)->mr;
1428 block = ram_list.mru_block;
1429 if (block && block->host && host - block->host < block->length) {
1433 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1434 /* This case append when the block is not mapped. */
1435 if (block->host == NULL) {
1438 if (host - block->host < block->length) {
1446 *ram_addr = block->offset + (host - block->host);
1450 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1451 uint64_t val, unsigned size)
1454 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1455 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1456 tb_invalidate_phys_page_fast(ram_addr, size);
1457 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1461 stb_p(qemu_get_ram_ptr(ram_addr), val);
1464 stw_p(qemu_get_ram_ptr(ram_addr), val);
1467 stl_p(qemu_get_ram_ptr(ram_addr), val);
1472 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1473 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1474 /* we remove the notdirty callback only if the code has been
1476 if (dirty_flags == 0xff)
1477 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1480 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1481 unsigned size, bool is_write)
1486 static const MemoryRegionOps notdirty_mem_ops = {
1487 .write = notdirty_mem_write,
1488 .valid.accepts = notdirty_mem_accepts,
1489 .endianness = DEVICE_NATIVE_ENDIAN,
1492 /* Generate a debug exception if a watchpoint has been hit. */
1493 static void check_watchpoint(int offset, int len_mask, int flags)
1495 CPUArchState *env = cpu_single_env;
1496 target_ulong pc, cs_base;
1501 if (env->watchpoint_hit) {
1502 /* We re-entered the check after replacing the TB. Now raise
1503 * the debug interrupt so that is will trigger after the
1504 * current instruction. */
1505 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1508 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1509 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1510 if ((vaddr == (wp->vaddr & len_mask) ||
1511 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1512 wp->flags |= BP_WATCHPOINT_HIT;
1513 if (!env->watchpoint_hit) {
1514 env->watchpoint_hit = wp;
1515 tb_check_watchpoint(env);
1516 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1517 env->exception_index = EXCP_DEBUG;
1520 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1521 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1522 cpu_resume_from_signal(env, NULL);
1526 wp->flags &= ~BP_WATCHPOINT_HIT;
1531 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1532 so these check for a hit then pass through to the normal out-of-line
1534 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1537 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1539 case 1: return ldub_phys(addr);
1540 case 2: return lduw_phys(addr);
1541 case 4: return ldl_phys(addr);
1546 static void watch_mem_write(void *opaque, hwaddr addr,
1547 uint64_t val, unsigned size)
1549 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1552 stb_phys(addr, val);
1555 stw_phys(addr, val);
1558 stl_phys(addr, val);
1564 static const MemoryRegionOps watch_mem_ops = {
1565 .read = watch_mem_read,
1566 .write = watch_mem_write,
1567 .endianness = DEVICE_NATIVE_ENDIAN,
1570 static uint64_t subpage_read(void *opaque, hwaddr addr,
1573 subpage_t *subpage = opaque;
1576 #if defined(DEBUG_SUBPAGE)
1577 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1578 subpage, len, addr);
1580 address_space_read(subpage->as, addr + subpage->base, buf, len);
1593 static void subpage_write(void *opaque, hwaddr addr,
1594 uint64_t value, unsigned len)
1596 subpage_t *subpage = opaque;
1599 #if defined(DEBUG_SUBPAGE)
1600 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1601 " value %"PRIx64"\n",
1602 __func__, subpage, len, addr, value);
1617 address_space_write(subpage->as, addr + subpage->base, buf, len);
1620 static bool subpage_accepts(void *opaque, hwaddr addr,
1621 unsigned size, bool is_write)
1623 subpage_t *subpage = opaque;
1624 #if defined(DEBUG_SUBPAGE)
1625 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1626 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1629 return address_space_access_valid(subpage->as, addr + subpage->base,
1633 static const MemoryRegionOps subpage_ops = {
1634 .read = subpage_read,
1635 .write = subpage_write,
1636 .valid.accepts = subpage_accepts,
1637 .endianness = DEVICE_NATIVE_ENDIAN,
1640 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1645 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1647 idx = SUBPAGE_IDX(start);
1648 eidx = SUBPAGE_IDX(end);
1649 #if defined(DEBUG_SUBPAGE)
1650 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1651 mmio, start, end, idx, eidx, memory);
1653 for (; idx <= eidx; idx++) {
1654 mmio->sub_section[idx] = section;
1660 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1664 mmio = g_malloc0(sizeof(subpage_t));
1668 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1669 "subpage", TARGET_PAGE_SIZE);
1670 mmio->iomem.subpage = true;
1671 #if defined(DEBUG_SUBPAGE)
1672 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1673 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1675 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1680 static uint16_t dummy_section(MemoryRegion *mr)
1682 MemoryRegionSection section = {
1684 .offset_within_address_space = 0,
1685 .offset_within_region = 0,
1686 .size = int128_2_64(),
1689 return phys_section_add(§ion);
1692 MemoryRegion *iotlb_to_region(hwaddr index)
1694 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1697 static void io_mem_init(void)
1699 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1700 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1701 "unassigned", UINT64_MAX);
1702 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1703 "notdirty", UINT64_MAX);
1704 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1705 "watch", UINT64_MAX);
1708 static void mem_begin(MemoryListener *listener)
1710 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1711 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1713 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1715 as->next_dispatch = d;
1718 static void mem_commit(MemoryListener *listener)
1720 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1721 AddressSpaceDispatch *cur = as->dispatch;
1722 AddressSpaceDispatch *next = as->next_dispatch;
1724 next->nodes = next_map.nodes;
1725 next->sections = next_map.sections;
1727 as->dispatch = next;
1731 static void core_begin(MemoryListener *listener)
1735 prev_map = g_new(PhysPageMap, 1);
1736 *prev_map = next_map;
1738 memset(&next_map, 0, sizeof(next_map));
1739 n = dummy_section(&io_mem_unassigned);
1740 assert(n == PHYS_SECTION_UNASSIGNED);
1741 n = dummy_section(&io_mem_notdirty);
1742 assert(n == PHYS_SECTION_NOTDIRTY);
1743 n = dummy_section(&io_mem_rom);
1744 assert(n == PHYS_SECTION_ROM);
1745 n = dummy_section(&io_mem_watch);
1746 assert(n == PHYS_SECTION_WATCH);
1749 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1750 * All AddressSpaceDispatch instances have switched to the next map.
1752 static void core_commit(MemoryListener *listener)
1754 phys_sections_free(prev_map);
1757 static void tcg_commit(MemoryListener *listener)
1761 /* since each CPU stores ram addresses in its TLB cache, we must
1762 reset the modified entries */
1764 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1769 static void core_log_global_start(MemoryListener *listener)
1771 cpu_physical_memory_set_dirty_tracking(1);
1774 static void core_log_global_stop(MemoryListener *listener)
1776 cpu_physical_memory_set_dirty_tracking(0);
1779 static MemoryListener core_memory_listener = {
1780 .begin = core_begin,
1781 .commit = core_commit,
1782 .log_global_start = core_log_global_start,
1783 .log_global_stop = core_log_global_stop,
1787 static MemoryListener tcg_memory_listener = {
1788 .commit = tcg_commit,
1791 void address_space_init_dispatch(AddressSpace *as)
1793 as->dispatch = NULL;
1794 as->dispatch_listener = (MemoryListener) {
1796 .commit = mem_commit,
1797 .region_add = mem_add,
1798 .region_nop = mem_add,
1801 memory_listener_register(&as->dispatch_listener, as);
1804 void address_space_destroy_dispatch(AddressSpace *as)
1806 AddressSpaceDispatch *d = as->dispatch;
1808 memory_listener_unregister(&as->dispatch_listener);
1810 as->dispatch = NULL;
1813 static void memory_map_init(void)
1815 system_memory = g_malloc(sizeof(*system_memory));
1816 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1817 address_space_init(&address_space_memory, system_memory, "memory");
1819 system_io = g_malloc(sizeof(*system_io));
1820 memory_region_init(system_io, NULL, "io", 65536);
1821 address_space_init(&address_space_io, system_io, "I/O");
1823 memory_listener_register(&core_memory_listener, &address_space_memory);
1824 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1827 MemoryRegion *get_system_memory(void)
1829 return system_memory;
1832 MemoryRegion *get_system_io(void)
1837 #endif /* !defined(CONFIG_USER_ONLY) */
1839 /* physical memory access (slow version, mainly for debug) */
1840 #if defined(CONFIG_USER_ONLY)
1841 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1842 uint8_t *buf, int len, int is_write)
1849 page = addr & TARGET_PAGE_MASK;
1850 l = (page + TARGET_PAGE_SIZE) - addr;
1853 flags = page_get_flags(page);
1854 if (!(flags & PAGE_VALID))
1857 if (!(flags & PAGE_WRITE))
1859 /* XXX: this code should not depend on lock_user */
1860 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1863 unlock_user(p, addr, l);
1865 if (!(flags & PAGE_READ))
1867 /* XXX: this code should not depend on lock_user */
1868 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1871 unlock_user(p, addr, 0);
1882 static void invalidate_and_set_dirty(hwaddr addr,
1885 if (!cpu_physical_memory_is_dirty(addr)) {
1886 /* invalidate code */
1887 tb_invalidate_phys_page_range(addr, addr + length, 0);
1889 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1891 xen_modified_memory(addr, length);
1894 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1896 if (memory_region_is_ram(mr)) {
1897 return !(is_write && mr->readonly);
1899 if (memory_region_is_romd(mr)) {
1906 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1908 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1911 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1917 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1918 int len, bool is_write)
1929 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1932 if (!memory_access_is_direct(mr, is_write)) {
1933 l = memory_access_size(mr, l, addr1);
1934 /* XXX: could force cpu_single_env to NULL to avoid
1937 /* 32 bit write access */
1939 error |= io_mem_write(mr, addr1, val, 4);
1940 } else if (l == 2) {
1941 /* 16 bit write access */
1943 error |= io_mem_write(mr, addr1, val, 2);
1945 /* 8 bit write access */
1947 error |= io_mem_write(mr, addr1, val, 1);
1950 addr1 += memory_region_get_ram_addr(mr);
1952 ptr = qemu_get_ram_ptr(addr1);
1953 memcpy(ptr, buf, l);
1954 invalidate_and_set_dirty(addr1, l);
1957 if (!memory_access_is_direct(mr, is_write)) {
1959 l = memory_access_size(mr, l, addr1);
1961 /* 32 bit read access */
1962 error |= io_mem_read(mr, addr1, &val, 4);
1964 } else if (l == 2) {
1965 /* 16 bit read access */
1966 error |= io_mem_read(mr, addr1, &val, 2);
1969 /* 8 bit read access */
1970 error |= io_mem_read(mr, addr1, &val, 1);
1975 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1976 memcpy(buf, ptr, l);
1987 bool address_space_write(AddressSpace *as, hwaddr addr,
1988 const uint8_t *buf, int len)
1990 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1993 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1995 return address_space_rw(as, addr, buf, len, false);
1999 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2000 int len, int is_write)
2002 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2005 /* used for ROM loading : can write in RAM and ROM */
2006 void cpu_physical_memory_write_rom(hwaddr addr,
2007 const uint8_t *buf, int len)
2016 mr = address_space_translate(&address_space_memory,
2017 addr, &addr1, &l, true);
2019 if (!(memory_region_is_ram(mr) ||
2020 memory_region_is_romd(mr))) {
2023 addr1 += memory_region_get_ram_addr(mr);
2025 ptr = qemu_get_ram_ptr(addr1);
2026 memcpy(ptr, buf, l);
2027 invalidate_and_set_dirty(addr1, l);
2042 static BounceBuffer bounce;
2044 typedef struct MapClient {
2046 void (*callback)(void *opaque);
2047 QLIST_ENTRY(MapClient) link;
2050 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2051 = QLIST_HEAD_INITIALIZER(map_client_list);
2053 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2055 MapClient *client = g_malloc(sizeof(*client));
2057 client->opaque = opaque;
2058 client->callback = callback;
2059 QLIST_INSERT_HEAD(&map_client_list, client, link);
2063 static void cpu_unregister_map_client(void *_client)
2065 MapClient *client = (MapClient *)_client;
2067 QLIST_REMOVE(client, link);
2071 static void cpu_notify_map_clients(void)
2075 while (!QLIST_EMPTY(&map_client_list)) {
2076 client = QLIST_FIRST(&map_client_list);
2077 client->callback(client->opaque);
2078 cpu_unregister_map_client(client);
2082 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2089 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2090 if (!memory_access_is_direct(mr, is_write)) {
2091 l = memory_access_size(mr, l, addr);
2092 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2103 /* Map a physical memory region into a host virtual address.
2104 * May map a subset of the requested range, given by and returned in *plen.
2105 * May return NULL if resources needed to perform the mapping are exhausted.
2106 * Use only for reads OR writes - not for read-modify-write operations.
2107 * Use cpu_register_map_client() to know when retrying the map operation is
2108 * likely to succeed.
2110 void *address_space_map(AddressSpace *as,
2117 hwaddr l, xlat, base;
2118 MemoryRegion *mr, *this_mr;
2126 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2127 if (!memory_access_is_direct(mr, is_write)) {
2128 if (bounce.buffer) {
2131 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2135 memory_region_ref(mr);
2138 address_space_read(as, addr, bounce.buffer, l);
2142 return bounce.buffer;
2146 raddr = memory_region_get_ram_addr(mr);
2157 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2158 if (this_mr != mr || xlat != base + done) {
2163 memory_region_ref(mr);
2165 return qemu_ram_ptr_length(raddr + base, plen);
2168 /* Unmaps a memory region previously mapped by address_space_map().
2169 * Will also mark the memory as dirty if is_write == 1. access_len gives
2170 * the amount of memory that was actually read or written by the caller.
2172 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2173 int is_write, hwaddr access_len)
2175 if (buffer != bounce.buffer) {
2179 mr = qemu_ram_addr_from_host(buffer, &addr1);
2182 while (access_len) {
2184 l = TARGET_PAGE_SIZE;
2187 invalidate_and_set_dirty(addr1, l);
2192 if (xen_enabled()) {
2193 xen_invalidate_map_cache_entry(buffer);
2195 memory_region_unref(mr);
2199 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2201 qemu_vfree(bounce.buffer);
2202 bounce.buffer = NULL;
2203 memory_region_unref(bounce.mr);
2204 cpu_notify_map_clients();
2207 void *cpu_physical_memory_map(hwaddr addr,
2211 return address_space_map(&address_space_memory, addr, plen, is_write);
2214 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2215 int is_write, hwaddr access_len)
2217 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2220 /* warning: addr must be aligned */
2221 static inline uint32_t ldl_phys_internal(hwaddr addr,
2222 enum device_endian endian)
2230 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2232 if (l < 4 || !memory_access_is_direct(mr, false)) {
2234 io_mem_read(mr, addr1, &val, 4);
2235 #if defined(TARGET_WORDS_BIGENDIAN)
2236 if (endian == DEVICE_LITTLE_ENDIAN) {
2240 if (endian == DEVICE_BIG_ENDIAN) {
2246 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2250 case DEVICE_LITTLE_ENDIAN:
2251 val = ldl_le_p(ptr);
2253 case DEVICE_BIG_ENDIAN:
2254 val = ldl_be_p(ptr);
2264 uint32_t ldl_phys(hwaddr addr)
2266 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2269 uint32_t ldl_le_phys(hwaddr addr)
2271 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2274 uint32_t ldl_be_phys(hwaddr addr)
2276 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2279 /* warning: addr must be aligned */
2280 static inline uint64_t ldq_phys_internal(hwaddr addr,
2281 enum device_endian endian)
2289 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2291 if (l < 8 || !memory_access_is_direct(mr, false)) {
2293 io_mem_read(mr, addr1, &val, 8);
2294 #if defined(TARGET_WORDS_BIGENDIAN)
2295 if (endian == DEVICE_LITTLE_ENDIAN) {
2299 if (endian == DEVICE_BIG_ENDIAN) {
2305 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2309 case DEVICE_LITTLE_ENDIAN:
2310 val = ldq_le_p(ptr);
2312 case DEVICE_BIG_ENDIAN:
2313 val = ldq_be_p(ptr);
2323 uint64_t ldq_phys(hwaddr addr)
2325 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2328 uint64_t ldq_le_phys(hwaddr addr)
2330 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2333 uint64_t ldq_be_phys(hwaddr addr)
2335 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2339 uint32_t ldub_phys(hwaddr addr)
2342 cpu_physical_memory_read(addr, &val, 1);
2346 /* warning: addr must be aligned */
2347 static inline uint32_t lduw_phys_internal(hwaddr addr,
2348 enum device_endian endian)
2356 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2358 if (l < 2 || !memory_access_is_direct(mr, false)) {
2360 io_mem_read(mr, addr1, &val, 2);
2361 #if defined(TARGET_WORDS_BIGENDIAN)
2362 if (endian == DEVICE_LITTLE_ENDIAN) {
2366 if (endian == DEVICE_BIG_ENDIAN) {
2372 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2376 case DEVICE_LITTLE_ENDIAN:
2377 val = lduw_le_p(ptr);
2379 case DEVICE_BIG_ENDIAN:
2380 val = lduw_be_p(ptr);
2390 uint32_t lduw_phys(hwaddr addr)
2392 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2395 uint32_t lduw_le_phys(hwaddr addr)
2397 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2400 uint32_t lduw_be_phys(hwaddr addr)
2402 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2405 /* warning: addr must be aligned. The ram page is not masked as dirty
2406 and the code inside is not invalidated. It is useful if the dirty
2407 bits are used to track modified PTEs */
2408 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2415 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2417 if (l < 4 || !memory_access_is_direct(mr, true)) {
2418 io_mem_write(mr, addr1, val, 4);
2420 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2421 ptr = qemu_get_ram_ptr(addr1);
2424 if (unlikely(in_migration)) {
2425 if (!cpu_physical_memory_is_dirty(addr1)) {
2426 /* invalidate code */
2427 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2429 cpu_physical_memory_set_dirty_flags(
2430 addr1, (0xff & ~CODE_DIRTY_FLAG));
2436 /* warning: addr must be aligned */
2437 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2438 enum device_endian endian)
2445 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2447 if (l < 4 || !memory_access_is_direct(mr, true)) {
2448 #if defined(TARGET_WORDS_BIGENDIAN)
2449 if (endian == DEVICE_LITTLE_ENDIAN) {
2453 if (endian == DEVICE_BIG_ENDIAN) {
2457 io_mem_write(mr, addr1, val, 4);
2460 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2461 ptr = qemu_get_ram_ptr(addr1);
2463 case DEVICE_LITTLE_ENDIAN:
2466 case DEVICE_BIG_ENDIAN:
2473 invalidate_and_set_dirty(addr1, 4);
2477 void stl_phys(hwaddr addr, uint32_t val)
2479 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2482 void stl_le_phys(hwaddr addr, uint32_t val)
2484 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2487 void stl_be_phys(hwaddr addr, uint32_t val)
2489 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2493 void stb_phys(hwaddr addr, uint32_t val)
2496 cpu_physical_memory_write(addr, &v, 1);
2499 /* warning: addr must be aligned */
2500 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2501 enum device_endian endian)
2508 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2510 if (l < 2 || !memory_access_is_direct(mr, true)) {
2511 #if defined(TARGET_WORDS_BIGENDIAN)
2512 if (endian == DEVICE_LITTLE_ENDIAN) {
2516 if (endian == DEVICE_BIG_ENDIAN) {
2520 io_mem_write(mr, addr1, val, 2);
2523 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2524 ptr = qemu_get_ram_ptr(addr1);
2526 case DEVICE_LITTLE_ENDIAN:
2529 case DEVICE_BIG_ENDIAN:
2536 invalidate_and_set_dirty(addr1, 2);
2540 void stw_phys(hwaddr addr, uint32_t val)
2542 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2545 void stw_le_phys(hwaddr addr, uint32_t val)
2547 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2550 void stw_be_phys(hwaddr addr, uint32_t val)
2552 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2556 void stq_phys(hwaddr addr, uint64_t val)
2559 cpu_physical_memory_write(addr, &val, 8);
2562 void stq_le_phys(hwaddr addr, uint64_t val)
2564 val = cpu_to_le64(val);
2565 cpu_physical_memory_write(addr, &val, 8);
2568 void stq_be_phys(hwaddr addr, uint64_t val)
2570 val = cpu_to_be64(val);
2571 cpu_physical_memory_write(addr, &val, 8);
2574 /* virtual memory access for debug (includes writing to ROM) */
2575 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2576 uint8_t *buf, int len, int is_write)
2583 page = addr & TARGET_PAGE_MASK;
2584 phys_addr = cpu_get_phys_page_debug(env, page);
2585 /* if no physical page mapped, return an error */
2586 if (phys_addr == -1)
2588 l = (page + TARGET_PAGE_SIZE) - addr;
2591 phys_addr += (addr & ~TARGET_PAGE_MASK);
2593 cpu_physical_memory_write_rom(phys_addr, buf, l);
2595 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2604 #if !defined(CONFIG_USER_ONLY)
2607 * A helper function for the _utterly broken_ virtio device model to find out if
2608 * it's running on a big endian machine. Don't do this at home kids!
2610 bool virtio_is_big_endian(void);
2611 bool virtio_is_big_endian(void)
2613 #if defined(TARGET_WORDS_BIGENDIAN)
2622 #ifndef CONFIG_USER_ONLY
2623 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2628 mr = address_space_translate(&address_space_memory,
2629 phys_addr, &phys_addr, &l, false);
2631 return !(memory_region_is_ram(mr) ||
2632 memory_region_is_romd(mr));
2635 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2639 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2640 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob