4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 typedef struct PhysPageEntry PhysPageEntry;
86 struct PhysPageEntry {
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
96 PhysPageEntry phys_map;
97 MemoryListener listener;
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
106 uint16_t sub_section[TARGET_PAGE_SIZE];
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
126 static MemoryRegion io_mem_watch;
129 #if !defined(CONFIG_USER_ONLY)
131 static void phys_map_node_reserve(unsigned nodes)
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
143 static uint16_t phys_map_node_alloc(void)
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
158 static void phys_map_nodes_reset(void)
160 phys_map_nodes_nb = 0;
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
176 for (i = 0; i < L2_SIZE; i++) {
178 p[i].ptr = phys_section_unassigned;
182 p = phys_map_nodes[lp->ptr];
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
211 PhysPageEntry lp = d->phys_map;
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
222 return &phys_sections[lp.ptr];
225 bool memory_region_is_unassigned(MemoryRegion *mr)
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
233 bool resolve_subpage)
235 MemoryRegionSection *section;
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
250 MemoryRegionSection *section;
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
269 return address_space_translate_internal(as, addr, xlat, plen, true)->mr;
272 MemoryRegionSection *
273 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
276 return address_space_translate_internal(as, addr, xlat, plen, false);
280 void cpu_exec_init_all(void)
282 #if !defined(CONFIG_USER_ONLY)
283 qemu_mutex_init(&ram_list.mutex);
289 #if !defined(CONFIG_USER_ONLY)
291 static int cpu_common_post_load(void *opaque, int version_id)
293 CPUState *cpu = opaque;
295 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
296 version_id is increased. */
297 cpu->interrupt_request &= ~0x01;
298 tlb_flush(cpu->env_ptr, 1);
303 static const VMStateDescription vmstate_cpu_common = {
304 .name = "cpu_common",
306 .minimum_version_id = 1,
307 .minimum_version_id_old = 1,
308 .post_load = cpu_common_post_load,
309 .fields = (VMStateField []) {
310 VMSTATE_UINT32(halted, CPUState),
311 VMSTATE_UINT32(interrupt_request, CPUState),
312 VMSTATE_END_OF_LIST()
316 #define vmstate_cpu_common vmstate_dummy
319 CPUState *qemu_get_cpu(int index)
321 CPUArchState *env = first_cpu;
322 CPUState *cpu = NULL;
325 cpu = ENV_GET_CPU(env);
326 if (cpu->cpu_index == index) {
332 return env ? cpu : NULL;
335 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
337 CPUArchState *env = first_cpu;
340 func(ENV_GET_CPU(env), data);
345 void cpu_exec_init(CPUArchState *env)
347 CPUState *cpu = ENV_GET_CPU(env);
348 CPUClass *cc = CPU_GET_CLASS(cpu);
352 #if defined(CONFIG_USER_ONLY)
355 env->next_cpu = NULL;
358 while (*penv != NULL) {
359 penv = &(*penv)->next_cpu;
362 cpu->cpu_index = cpu_index;
364 QTAILQ_INIT(&env->breakpoints);
365 QTAILQ_INIT(&env->watchpoints);
366 #ifndef CONFIG_USER_ONLY
367 cpu->thread_id = qemu_get_thread_id();
370 #if defined(CONFIG_USER_ONLY)
373 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
374 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
375 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
376 cpu_save, cpu_load, env);
377 assert(cc->vmsd == NULL);
379 if (cc->vmsd != NULL) {
380 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
384 #if defined(TARGET_HAS_ICE)
385 #if defined(CONFIG_USER_ONLY)
386 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
388 tb_invalidate_phys_page_range(pc, pc + 1, 0);
391 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
393 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
394 (pc & ~TARGET_PAGE_MASK));
397 #endif /* TARGET_HAS_ICE */
399 #if defined(CONFIG_USER_ONLY)
400 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
405 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
406 int flags, CPUWatchpoint **watchpoint)
411 /* Add a watchpoint. */
412 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
413 int flags, CPUWatchpoint **watchpoint)
415 target_ulong len_mask = ~(len - 1);
418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
419 if ((len & (len - 1)) || (addr & ~len_mask) ||
420 len == 0 || len > TARGET_PAGE_SIZE) {
421 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
422 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
425 wp = g_malloc(sizeof(*wp));
428 wp->len_mask = len_mask;
431 /* keep all GDB-injected watchpoints in front */
433 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
435 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
437 tlb_flush_page(env, addr);
444 /* Remove a specific watchpoint. */
445 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
448 target_ulong len_mask = ~(len - 1);
451 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
452 if (addr == wp->vaddr && len_mask == wp->len_mask
453 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
454 cpu_watchpoint_remove_by_ref(env, wp);
461 /* Remove a specific watchpoint by reference. */
462 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
464 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
466 tlb_flush_page(env, watchpoint->vaddr);
471 /* Remove all matching watchpoints. */
472 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
474 CPUWatchpoint *wp, *next;
476 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
477 if (wp->flags & mask)
478 cpu_watchpoint_remove_by_ref(env, wp);
483 /* Add a breakpoint. */
484 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
485 CPUBreakpoint **breakpoint)
487 #if defined(TARGET_HAS_ICE)
490 bp = g_malloc(sizeof(*bp));
495 /* keep all GDB-injected breakpoints in front */
497 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
499 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
501 breakpoint_invalidate(env, pc);
511 /* Remove a specific breakpoint. */
512 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
514 #if defined(TARGET_HAS_ICE)
517 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
518 if (bp->pc == pc && bp->flags == flags) {
519 cpu_breakpoint_remove_by_ref(env, bp);
529 /* Remove a specific breakpoint by reference. */
530 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
532 #if defined(TARGET_HAS_ICE)
533 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
535 breakpoint_invalidate(env, breakpoint->pc);
541 /* Remove all matching breakpoints. */
542 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
544 #if defined(TARGET_HAS_ICE)
545 CPUBreakpoint *bp, *next;
547 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
548 if (bp->flags & mask)
549 cpu_breakpoint_remove_by_ref(env, bp);
554 /* enable or disable single step mode. EXCP_DEBUG is returned by the
555 CPU loop after each instruction */
556 void cpu_single_step(CPUArchState *env, int enabled)
558 #if defined(TARGET_HAS_ICE)
559 if (env->singlestep_enabled != enabled) {
560 env->singlestep_enabled = enabled;
562 kvm_update_guest_debug(env, 0);
564 /* must flush all the translated code to avoid inconsistencies */
565 /* XXX: only flush what is necessary */
572 void cpu_exit(CPUArchState *env)
574 CPUState *cpu = ENV_GET_CPU(env);
576 cpu->exit_request = 1;
577 cpu->tcg_exit_req = 1;
580 void cpu_abort(CPUArchState *env, const char *fmt, ...)
587 fprintf(stderr, "qemu: fatal: ");
588 vfprintf(stderr, fmt, ap);
589 fprintf(stderr, "\n");
590 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
591 if (qemu_log_enabled()) {
592 qemu_log("qemu: fatal: ");
593 qemu_log_vprintf(fmt, ap2);
595 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
601 #if defined(CONFIG_USER_ONLY)
603 struct sigaction act;
604 sigfillset(&act.sa_mask);
605 act.sa_handler = SIG_DFL;
606 sigaction(SIGABRT, &act, NULL);
612 CPUArchState *cpu_copy(CPUArchState *env)
614 CPUArchState *new_env = cpu_init(env->cpu_model_str);
615 CPUArchState *next_cpu = new_env->next_cpu;
616 #if defined(TARGET_HAS_ICE)
621 memcpy(new_env, env, sizeof(CPUArchState));
623 /* Preserve chaining. */
624 new_env->next_cpu = next_cpu;
626 /* Clone all break/watchpoints.
627 Note: Once we support ptrace with hw-debug register access, make sure
628 BP_CPU break/watchpoints are handled correctly on clone. */
629 QTAILQ_INIT(&env->breakpoints);
630 QTAILQ_INIT(&env->watchpoints);
631 #if defined(TARGET_HAS_ICE)
632 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
633 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
635 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
636 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
644 #if !defined(CONFIG_USER_ONLY)
645 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
650 /* we modify the TLB cache so that the dirty bit will be set again
651 when accessing the range */
652 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
653 /* Check that we don't span multiple blocks - this breaks the
654 address comparisons below. */
655 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
656 != (end - 1) - start) {
659 cpu_tlb_reset_dirty_all(start1, length);
663 /* Note: start and end must be within the same ram block. */
664 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
669 start &= TARGET_PAGE_MASK;
670 end = TARGET_PAGE_ALIGN(end);
672 length = end - start;
675 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
678 tlb_reset_dirty_range_all(start, end, length);
682 static int cpu_physical_memory_set_dirty_tracking(int enable)
685 in_migration = enable;
689 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
690 MemoryRegionSection *section,
692 hwaddr paddr, hwaddr xlat,
694 target_ulong *address)
699 if (memory_region_is_ram(section->mr)) {
701 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
703 if (!section->readonly) {
704 iotlb |= phys_section_notdirty;
706 iotlb |= phys_section_rom;
709 iotlb = section - phys_sections;
713 /* Make accesses to pages with watchpoints go via the
714 watchpoint trap routines. */
715 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
716 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
717 /* Avoid trapping reads of pages with a write breakpoint. */
718 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
719 iotlb = phys_section_watch + paddr;
720 *address |= TLB_MMIO;
728 #endif /* defined(CONFIG_USER_ONLY) */
730 #if !defined(CONFIG_USER_ONLY)
732 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
734 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
735 static void destroy_page_desc(uint16_t section_index)
737 MemoryRegionSection *section = &phys_sections[section_index];
738 MemoryRegion *mr = section->mr;
741 subpage_t *subpage = container_of(mr, subpage_t, iomem);
742 memory_region_destroy(&subpage->iomem);
747 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
752 if (lp->ptr == PHYS_MAP_NODE_NIL) {
756 p = phys_map_nodes[lp->ptr];
757 for (i = 0; i < L2_SIZE; ++i) {
759 destroy_l2_mapping(&p[i], level - 1);
761 destroy_page_desc(p[i].ptr);
765 lp->ptr = PHYS_MAP_NODE_NIL;
768 static void destroy_all_mappings(AddressSpaceDispatch *d)
770 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
771 phys_map_nodes_reset();
774 static uint16_t phys_section_add(MemoryRegionSection *section)
776 /* The physical section number is ORed with a page-aligned
777 * pointer to produce the iotlb entries. Thus it should
778 * never overflow into the page-aligned value.
780 assert(phys_sections_nb < TARGET_PAGE_SIZE);
782 if (phys_sections_nb == phys_sections_nb_alloc) {
783 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
784 phys_sections = g_renew(MemoryRegionSection, phys_sections,
785 phys_sections_nb_alloc);
787 phys_sections[phys_sections_nb] = *section;
788 return phys_sections_nb++;
791 static void phys_sections_clear(void)
793 phys_sections_nb = 0;
796 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
799 hwaddr base = section->offset_within_address_space
801 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
802 MemoryRegionSection subsection = {
803 .offset_within_address_space = base,
804 .size = TARGET_PAGE_SIZE,
808 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
810 if (!(existing->mr->subpage)) {
811 subpage = subpage_init(d->as, base);
812 subsection.mr = &subpage->iomem;
813 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
814 phys_section_add(&subsection));
816 subpage = container_of(existing->mr, subpage_t, iomem);
818 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
819 end = start + section->size - 1;
820 subpage_register(subpage, start, end, phys_section_add(section));
824 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
826 hwaddr start_addr = section->offset_within_address_space;
827 uint16_t section_index = phys_section_add(section);
828 uint64_t num_pages = section->size >> TARGET_PAGE_BITS;
831 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
834 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
836 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
837 MemoryRegionSection now = *section, remain = *section;
839 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
840 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
841 - now.offset_within_address_space;
843 now.size = MIN(left, now.size);
844 register_subpage(d, &now);
848 while (remain.size != now.size) {
849 remain.size -= now.size;
850 remain.offset_within_address_space += now.size;
851 remain.offset_within_region += now.size;
853 if (remain.size < TARGET_PAGE_SIZE) {
854 register_subpage(d, &now);
855 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
856 now.size = TARGET_PAGE_SIZE;
857 register_subpage(d, &now);
859 now.size &= -TARGET_PAGE_SIZE;
860 register_multipage(d, &now);
865 void qemu_flush_coalesced_mmio_buffer(void)
868 kvm_flush_coalesced_mmio_buffer();
871 void qemu_mutex_lock_ramlist(void)
873 qemu_mutex_lock(&ram_list.mutex);
876 void qemu_mutex_unlock_ramlist(void)
878 qemu_mutex_unlock(&ram_list.mutex);
881 #if defined(__linux__) && !defined(TARGET_S390X)
885 #define HUGETLBFS_MAGIC 0x958458f6
887 static long gethugepagesize(const char *path)
893 ret = statfs(path, &fs);
894 } while (ret != 0 && errno == EINTR);
901 if (fs.f_type != HUGETLBFS_MAGIC)
902 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
907 static void *file_ram_alloc(RAMBlock *block,
912 char *sanitized_name;
919 unsigned long hpagesize;
921 hpagesize = gethugepagesize(path);
926 if (memory < hpagesize) {
930 if (kvm_enabled() && !kvm_has_sync_mmu()) {
931 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
935 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
936 sanitized_name = g_strdup(block->mr->name);
937 for (c = sanitized_name; *c != '\0'; c++) {
942 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
944 g_free(sanitized_name);
946 fd = mkstemp(filename);
948 perror("unable to create backing store for hugepages");
955 memory = (memory+hpagesize-1) & ~(hpagesize-1);
958 * ftruncate is not supported by hugetlbfs in older
959 * hosts, so don't bother bailing out on errors.
960 * If anything goes wrong with it under other filesystems,
963 if (ftruncate(fd, memory))
967 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
968 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
969 * to sidestep this quirk.
971 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
972 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
974 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
976 if (area == MAP_FAILED) {
977 perror("file_ram_alloc: can't mmap RAM pages");
986 static ram_addr_t find_ram_offset(ram_addr_t size)
988 RAMBlock *block, *next_block;
989 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
991 assert(size != 0); /* it would hand out same offset multiple times */
993 if (QTAILQ_EMPTY(&ram_list.blocks))
996 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
997 ram_addr_t end, next = RAM_ADDR_MAX;
999 end = block->offset + block->length;
1001 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1002 if (next_block->offset >= end) {
1003 next = MIN(next, next_block->offset);
1006 if (next - end >= size && next - end < mingap) {
1008 mingap = next - end;
1012 if (offset == RAM_ADDR_MAX) {
1013 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1021 ram_addr_t last_ram_offset(void)
1024 ram_addr_t last = 0;
1026 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1027 last = MAX(last, block->offset + block->length);
1032 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1035 QemuOpts *machine_opts;
1037 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1038 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1040 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1041 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1043 perror("qemu_madvise");
1044 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1045 "but dump_guest_core=off specified\n");
1050 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1052 RAMBlock *new_block, *block;
1055 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1056 if (block->offset == addr) {
1062 assert(!new_block->idstr[0]);
1065 char *id = qdev_get_dev_path(dev);
1067 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1071 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1073 /* This assumes the iothread lock is taken here too. */
1074 qemu_mutex_lock_ramlist();
1075 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1076 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1077 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1082 qemu_mutex_unlock_ramlist();
1085 static int memory_try_enable_merging(void *addr, size_t len)
1089 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1090 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1091 /* disabled by the user */
1095 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1098 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1101 RAMBlock *block, *new_block;
1103 size = TARGET_PAGE_ALIGN(size);
1104 new_block = g_malloc0(sizeof(*new_block));
1106 /* This assumes the iothread lock is taken here too. */
1107 qemu_mutex_lock_ramlist();
1109 new_block->offset = find_ram_offset(size);
1111 new_block->host = host;
1112 new_block->flags |= RAM_PREALLOC_MASK;
1115 #if defined (__linux__) && !defined(TARGET_S390X)
1116 new_block->host = file_ram_alloc(new_block, size, mem_path);
1117 if (!new_block->host) {
1118 new_block->host = qemu_anon_ram_alloc(size);
1119 memory_try_enable_merging(new_block->host, size);
1122 fprintf(stderr, "-mem-path option unsupported\n");
1126 if (xen_enabled()) {
1127 xen_ram_alloc(new_block->offset, size, mr);
1128 } else if (kvm_enabled()) {
1129 /* some s390/kvm configurations have special constraints */
1130 new_block->host = kvm_ram_alloc(size);
1132 new_block->host = qemu_anon_ram_alloc(size);
1134 memory_try_enable_merging(new_block->host, size);
1137 new_block->length = size;
1139 /* Keep the list sorted from biggest to smallest block. */
1140 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1141 if (block->length < new_block->length) {
1146 QTAILQ_INSERT_BEFORE(block, new_block, next);
1148 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1150 ram_list.mru_block = NULL;
1153 qemu_mutex_unlock_ramlist();
1155 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1156 last_ram_offset() >> TARGET_PAGE_BITS);
1157 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1158 0, size >> TARGET_PAGE_BITS);
1159 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1161 qemu_ram_setup_dump(new_block->host, size);
1162 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1165 kvm_setup_guest_memory(new_block->host, size);
1167 return new_block->offset;
1170 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1172 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1175 void qemu_ram_free_from_ptr(ram_addr_t addr)
1179 /* This assumes the iothread lock is taken here too. */
1180 qemu_mutex_lock_ramlist();
1181 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1182 if (addr == block->offset) {
1183 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1184 ram_list.mru_block = NULL;
1190 qemu_mutex_unlock_ramlist();
1193 void qemu_ram_free(ram_addr_t addr)
1197 /* This assumes the iothread lock is taken here too. */
1198 qemu_mutex_lock_ramlist();
1199 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1200 if (addr == block->offset) {
1201 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1202 ram_list.mru_block = NULL;
1204 if (block->flags & RAM_PREALLOC_MASK) {
1206 } else if (mem_path) {
1207 #if defined (__linux__) && !defined(TARGET_S390X)
1209 munmap(block->host, block->length);
1212 qemu_anon_ram_free(block->host, block->length);
1218 if (xen_enabled()) {
1219 xen_invalidate_map_cache_entry(block->host);
1221 qemu_anon_ram_free(block->host, block->length);
1228 qemu_mutex_unlock_ramlist();
1233 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1240 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1241 offset = addr - block->offset;
1242 if (offset < block->length) {
1243 vaddr = block->host + offset;
1244 if (block->flags & RAM_PREALLOC_MASK) {
1248 munmap(vaddr, length);
1250 #if defined(__linux__) && !defined(TARGET_S390X)
1253 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1256 flags |= MAP_PRIVATE;
1258 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1259 flags, block->fd, offset);
1261 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1262 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1269 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1270 flags |= MAP_SHARED | MAP_ANONYMOUS;
1271 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1274 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1275 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1279 if (area != vaddr) {
1280 fprintf(stderr, "Could not remap addr: "
1281 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1285 memory_try_enable_merging(vaddr, length);
1286 qemu_ram_setup_dump(vaddr, length);
1292 #endif /* !_WIN32 */
1294 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1295 With the exception of the softmmu code in this file, this should
1296 only be used for local memory (e.g. video ram) that the device owns,
1297 and knows it isn't going to access beyond the end of the block.
1299 It should not be used for general purpose DMA.
1300 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1302 void *qemu_get_ram_ptr(ram_addr_t addr)
1306 /* The list is protected by the iothread lock here. */
1307 block = ram_list.mru_block;
1308 if (block && addr - block->offset < block->length) {
1311 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1312 if (addr - block->offset < block->length) {
1317 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1321 ram_list.mru_block = block;
1322 if (xen_enabled()) {
1323 /* We need to check if the requested address is in the RAM
1324 * because we don't want to map the entire memory in QEMU.
1325 * In that case just map until the end of the page.
1327 if (block->offset == 0) {
1328 return xen_map_cache(addr, 0, 0);
1329 } else if (block->host == NULL) {
1331 xen_map_cache(block->offset, block->length, 1);
1334 return block->host + (addr - block->offset);
1337 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1338 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1340 * ??? Is this still necessary?
1342 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1346 /* The list is protected by the iothread lock here. */
1347 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1348 if (addr - block->offset < block->length) {
1349 if (xen_enabled()) {
1350 /* We need to check if the requested address is in the RAM
1351 * because we don't want to map the entire memory in QEMU.
1352 * In that case just map until the end of the page.
1354 if (block->offset == 0) {
1355 return xen_map_cache(addr, 0, 0);
1356 } else if (block->host == NULL) {
1358 xen_map_cache(block->offset, block->length, 1);
1361 return block->host + (addr - block->offset);
1365 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1371 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1372 * but takes a size argument */
1373 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1378 if (xen_enabled()) {
1379 return xen_map_cache(addr, *size, 1);
1383 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1384 if (addr - block->offset < block->length) {
1385 if (addr - block->offset + *size > block->length)
1386 *size = block->length - addr + block->offset;
1387 return block->host + (addr - block->offset);
1391 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1396 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1399 uint8_t *host = ptr;
1401 if (xen_enabled()) {
1402 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1406 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1407 /* This case append when the block is not mapped. */
1408 if (block->host == NULL) {
1411 if (host - block->host < block->length) {
1412 *ram_addr = block->offset + (host - block->host);
1420 /* Some of the softmmu routines need to translate from a host pointer
1421 (typically a TLB entry) back to a ram offset. */
1422 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1424 ram_addr_t ram_addr;
1426 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1427 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1433 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1434 uint64_t val, unsigned size)
1437 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1438 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1439 tb_invalidate_phys_page_fast(ram_addr, size);
1440 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1444 stb_p(qemu_get_ram_ptr(ram_addr), val);
1447 stw_p(qemu_get_ram_ptr(ram_addr), val);
1450 stl_p(qemu_get_ram_ptr(ram_addr), val);
1455 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1456 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1457 /* we remove the notdirty callback only if the code has been
1459 if (dirty_flags == 0xff)
1460 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1463 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1464 unsigned size, bool is_write)
1469 static const MemoryRegionOps notdirty_mem_ops = {
1470 .write = notdirty_mem_write,
1471 .valid.accepts = notdirty_mem_accepts,
1472 .endianness = DEVICE_NATIVE_ENDIAN,
1475 /* Generate a debug exception if a watchpoint has been hit. */
1476 static void check_watchpoint(int offset, int len_mask, int flags)
1478 CPUArchState *env = cpu_single_env;
1479 target_ulong pc, cs_base;
1484 if (env->watchpoint_hit) {
1485 /* We re-entered the check after replacing the TB. Now raise
1486 * the debug interrupt so that is will trigger after the
1487 * current instruction. */
1488 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1491 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1492 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1493 if ((vaddr == (wp->vaddr & len_mask) ||
1494 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1495 wp->flags |= BP_WATCHPOINT_HIT;
1496 if (!env->watchpoint_hit) {
1497 env->watchpoint_hit = wp;
1498 tb_check_watchpoint(env);
1499 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1500 env->exception_index = EXCP_DEBUG;
1503 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1504 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1505 cpu_resume_from_signal(env, NULL);
1509 wp->flags &= ~BP_WATCHPOINT_HIT;
1514 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1515 so these check for a hit then pass through to the normal out-of-line
1517 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1520 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1522 case 1: return ldub_phys(addr);
1523 case 2: return lduw_phys(addr);
1524 case 4: return ldl_phys(addr);
1529 static void watch_mem_write(void *opaque, hwaddr addr,
1530 uint64_t val, unsigned size)
1532 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1535 stb_phys(addr, val);
1538 stw_phys(addr, val);
1541 stl_phys(addr, val);
1547 static const MemoryRegionOps watch_mem_ops = {
1548 .read = watch_mem_read,
1549 .write = watch_mem_write,
1550 .endianness = DEVICE_NATIVE_ENDIAN,
1553 static uint64_t subpage_read(void *opaque, hwaddr addr,
1556 subpage_t *subpage = opaque;
1559 #if defined(DEBUG_SUBPAGE)
1560 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1561 subpage, len, addr);
1563 address_space_read(subpage->as, addr + subpage->base, buf, len);
1576 static void subpage_write(void *opaque, hwaddr addr,
1577 uint64_t value, unsigned len)
1579 subpage_t *subpage = opaque;
1582 #if defined(DEBUG_SUBPAGE)
1583 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1584 " value %"PRIx64"\n",
1585 __func__, subpage, len, addr, value);
1600 address_space_write(subpage->as, addr + subpage->base, buf, len);
1603 static bool subpage_accepts(void *opaque, hwaddr addr,
1604 unsigned size, bool is_write)
1606 subpage_t *subpage = opaque;
1607 #if defined(DEBUG_SUBPAGE)
1608 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1609 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1612 return address_space_access_valid(subpage->as, addr + subpage->base,
1616 static const MemoryRegionOps subpage_ops = {
1617 .read = subpage_read,
1618 .write = subpage_write,
1619 .valid.accepts = subpage_accepts,
1620 .endianness = DEVICE_NATIVE_ENDIAN,
1623 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1628 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1630 idx = SUBPAGE_IDX(start);
1631 eidx = SUBPAGE_IDX(end);
1632 #if defined(DEBUG_SUBPAGE)
1633 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1634 mmio, start, end, idx, eidx, memory);
1636 for (; idx <= eidx; idx++) {
1637 mmio->sub_section[idx] = section;
1643 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1647 mmio = g_malloc0(sizeof(subpage_t));
1651 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1652 "subpage", TARGET_PAGE_SIZE);
1653 mmio->iomem.subpage = true;
1654 #if defined(DEBUG_SUBPAGE)
1655 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1656 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1658 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1663 static uint16_t dummy_section(MemoryRegion *mr)
1665 MemoryRegionSection section = {
1667 .offset_within_address_space = 0,
1668 .offset_within_region = 0,
1672 return phys_section_add(§ion);
1675 MemoryRegion *iotlb_to_region(hwaddr index)
1677 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1680 static void io_mem_init(void)
1682 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1683 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1684 "unassigned", UINT64_MAX);
1685 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1686 "notdirty", UINT64_MAX);
1687 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1688 "watch", UINT64_MAX);
1691 static void mem_begin(MemoryListener *listener)
1693 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1695 destroy_all_mappings(d);
1696 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1699 static void core_begin(MemoryListener *listener)
1701 phys_sections_clear();
1702 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1703 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1704 phys_section_rom = dummy_section(&io_mem_rom);
1705 phys_section_watch = dummy_section(&io_mem_watch);
1708 static void tcg_commit(MemoryListener *listener)
1712 /* since each CPU stores ram addresses in its TLB cache, we must
1713 reset the modified entries */
1715 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1720 static void core_log_global_start(MemoryListener *listener)
1722 cpu_physical_memory_set_dirty_tracking(1);
1725 static void core_log_global_stop(MemoryListener *listener)
1727 cpu_physical_memory_set_dirty_tracking(0);
1730 static void io_region_add(MemoryListener *listener,
1731 MemoryRegionSection *section)
1733 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1735 mrio->mr = section->mr;
1736 mrio->offset = section->offset_within_region;
1737 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1738 section->offset_within_address_space, section->size);
1739 ioport_register(&mrio->iorange);
1742 static void io_region_del(MemoryListener *listener,
1743 MemoryRegionSection *section)
1745 isa_unassign_ioport(section->offset_within_address_space, section->size);
1748 static MemoryListener core_memory_listener = {
1749 .begin = core_begin,
1750 .log_global_start = core_log_global_start,
1751 .log_global_stop = core_log_global_stop,
1755 static MemoryListener io_memory_listener = {
1756 .region_add = io_region_add,
1757 .region_del = io_region_del,
1761 static MemoryListener tcg_memory_listener = {
1762 .commit = tcg_commit,
1765 void address_space_init_dispatch(AddressSpace *as)
1767 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1769 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1770 d->listener = (MemoryListener) {
1772 .region_add = mem_add,
1773 .region_nop = mem_add,
1778 memory_listener_register(&d->listener, as);
1781 void address_space_destroy_dispatch(AddressSpace *as)
1783 AddressSpaceDispatch *d = as->dispatch;
1785 memory_listener_unregister(&d->listener);
1786 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1788 as->dispatch = NULL;
1791 static void memory_map_init(void)
1793 system_memory = g_malloc(sizeof(*system_memory));
1794 memory_region_init(system_memory, "system", INT64_MAX);
1795 address_space_init(&address_space_memory, system_memory);
1796 address_space_memory.name = "memory";
1798 system_io = g_malloc(sizeof(*system_io));
1799 memory_region_init(system_io, "io", 65536);
1800 address_space_init(&address_space_io, system_io);
1801 address_space_io.name = "I/O";
1803 memory_listener_register(&core_memory_listener, &address_space_memory);
1804 memory_listener_register(&io_memory_listener, &address_space_io);
1805 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1807 dma_context_init(&dma_context_memory, &address_space_memory,
1811 MemoryRegion *get_system_memory(void)
1813 return system_memory;
1816 MemoryRegion *get_system_io(void)
1821 #endif /* !defined(CONFIG_USER_ONLY) */
1823 /* physical memory access (slow version, mainly for debug) */
1824 #if defined(CONFIG_USER_ONLY)
1825 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1826 uint8_t *buf, int len, int is_write)
1833 page = addr & TARGET_PAGE_MASK;
1834 l = (page + TARGET_PAGE_SIZE) - addr;
1837 flags = page_get_flags(page);
1838 if (!(flags & PAGE_VALID))
1841 if (!(flags & PAGE_WRITE))
1843 /* XXX: this code should not depend on lock_user */
1844 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1847 unlock_user(p, addr, l);
1849 if (!(flags & PAGE_READ))
1851 /* XXX: this code should not depend on lock_user */
1852 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1855 unlock_user(p, addr, 0);
1866 static void invalidate_and_set_dirty(hwaddr addr,
1869 if (!cpu_physical_memory_is_dirty(addr)) {
1870 /* invalidate code */
1871 tb_invalidate_phys_page_range(addr, addr + length, 0);
1873 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1875 xen_modified_memory(addr, length);
1878 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1880 if (memory_region_is_ram(mr)) {
1881 return !(is_write && mr->readonly);
1883 if (memory_region_is_romd(mr)) {
1890 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1892 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1895 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1901 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1902 int len, bool is_write)
1913 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1916 if (!memory_access_is_direct(mr, is_write)) {
1917 l = memory_access_size(mr, l, addr1);
1918 /* XXX: could force cpu_single_env to NULL to avoid
1921 /* 32 bit write access */
1923 error |= io_mem_write(mr, addr1, val, 4);
1924 } else if (l == 2) {
1925 /* 16 bit write access */
1927 error |= io_mem_write(mr, addr1, val, 2);
1929 /* 8 bit write access */
1931 error |= io_mem_write(mr, addr1, val, 1);
1934 addr1 += memory_region_get_ram_addr(mr);
1936 ptr = qemu_get_ram_ptr(addr1);
1937 memcpy(ptr, buf, l);
1938 invalidate_and_set_dirty(addr1, l);
1941 if (!memory_access_is_direct(mr, is_write)) {
1943 l = memory_access_size(mr, l, addr1);
1945 /* 32 bit read access */
1946 error |= io_mem_read(mr, addr1, &val, 4);
1948 } else if (l == 2) {
1949 /* 16 bit read access */
1950 error |= io_mem_read(mr, addr1, &val, 2);
1953 /* 8 bit read access */
1954 error |= io_mem_read(mr, addr1, &val, 1);
1959 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1960 memcpy(buf, ptr, l);
1971 bool address_space_write(AddressSpace *as, hwaddr addr,
1972 const uint8_t *buf, int len)
1974 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1977 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1979 return address_space_rw(as, addr, buf, len, false);
1983 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1984 int len, int is_write)
1986 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1989 /* used for ROM loading : can write in RAM and ROM */
1990 void cpu_physical_memory_write_rom(hwaddr addr,
1991 const uint8_t *buf, int len)
2000 mr = address_space_translate(&address_space_memory,
2001 addr, &addr1, &l, true);
2003 if (!(memory_region_is_ram(mr) ||
2004 memory_region_is_romd(mr))) {
2007 addr1 += memory_region_get_ram_addr(mr);
2009 ptr = qemu_get_ram_ptr(addr1);
2010 memcpy(ptr, buf, l);
2011 invalidate_and_set_dirty(addr1, l);
2025 static BounceBuffer bounce;
2027 typedef struct MapClient {
2029 void (*callback)(void *opaque);
2030 QLIST_ENTRY(MapClient) link;
2033 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2034 = QLIST_HEAD_INITIALIZER(map_client_list);
2036 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2038 MapClient *client = g_malloc(sizeof(*client));
2040 client->opaque = opaque;
2041 client->callback = callback;
2042 QLIST_INSERT_HEAD(&map_client_list, client, link);
2046 static void cpu_unregister_map_client(void *_client)
2048 MapClient *client = (MapClient *)_client;
2050 QLIST_REMOVE(client, link);
2054 static void cpu_notify_map_clients(void)
2058 while (!QLIST_EMPTY(&map_client_list)) {
2059 client = QLIST_FIRST(&map_client_list);
2060 client->callback(client->opaque);
2061 cpu_unregister_map_client(client);
2065 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2072 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2073 if (!memory_access_is_direct(mr, is_write)) {
2074 l = memory_access_size(mr, l, addr);
2075 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2086 /* Map a physical memory region into a host virtual address.
2087 * May map a subset of the requested range, given by and returned in *plen.
2088 * May return NULL if resources needed to perform the mapping are exhausted.
2089 * Use only for reads OR writes - not for read-modify-write operations.
2090 * Use cpu_register_map_client() to know when retrying the map operation is
2091 * likely to succeed.
2093 void *address_space_map(AddressSpace *as,
2102 ram_addr_t raddr = RAM_ADDR_MAX;
2108 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2110 if (!memory_access_is_direct(mr, is_write)) {
2111 if (todo || bounce.buffer) {
2114 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2118 address_space_read(as, addr, bounce.buffer, l);
2122 return bounce.buffer;
2125 raddr = memory_region_get_ram_addr(mr) + xlat;
2127 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2137 ret = qemu_ram_ptr_length(raddr, &rlen);
2142 /* Unmaps a memory region previously mapped by address_space_map().
2143 * Will also mark the memory as dirty if is_write == 1. access_len gives
2144 * the amount of memory that was actually read or written by the caller.
2146 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2147 int is_write, hwaddr access_len)
2149 if (buffer != bounce.buffer) {
2151 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2152 while (access_len) {
2154 l = TARGET_PAGE_SIZE;
2157 invalidate_and_set_dirty(addr1, l);
2162 if (xen_enabled()) {
2163 xen_invalidate_map_cache_entry(buffer);
2168 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2170 qemu_vfree(bounce.buffer);
2171 bounce.buffer = NULL;
2172 cpu_notify_map_clients();
2175 void *cpu_physical_memory_map(hwaddr addr,
2179 return address_space_map(&address_space_memory, addr, plen, is_write);
2182 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2183 int is_write, hwaddr access_len)
2185 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2188 /* warning: addr must be aligned */
2189 static inline uint32_t ldl_phys_internal(hwaddr addr,
2190 enum device_endian endian)
2198 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2200 if (l < 4 || !memory_access_is_direct(mr, false)) {
2202 io_mem_read(mr, addr1, &val, 4);
2203 #if defined(TARGET_WORDS_BIGENDIAN)
2204 if (endian == DEVICE_LITTLE_ENDIAN) {
2208 if (endian == DEVICE_BIG_ENDIAN) {
2214 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2218 case DEVICE_LITTLE_ENDIAN:
2219 val = ldl_le_p(ptr);
2221 case DEVICE_BIG_ENDIAN:
2222 val = ldl_be_p(ptr);
2232 uint32_t ldl_phys(hwaddr addr)
2234 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2237 uint32_t ldl_le_phys(hwaddr addr)
2239 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2242 uint32_t ldl_be_phys(hwaddr addr)
2244 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2247 /* warning: addr must be aligned */
2248 static inline uint64_t ldq_phys_internal(hwaddr addr,
2249 enum device_endian endian)
2257 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2259 if (l < 8 || !memory_access_is_direct(mr, false)) {
2261 io_mem_read(mr, addr1, &val, 8);
2262 #if defined(TARGET_WORDS_BIGENDIAN)
2263 if (endian == DEVICE_LITTLE_ENDIAN) {
2267 if (endian == DEVICE_BIG_ENDIAN) {
2273 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2277 case DEVICE_LITTLE_ENDIAN:
2278 val = ldq_le_p(ptr);
2280 case DEVICE_BIG_ENDIAN:
2281 val = ldq_be_p(ptr);
2291 uint64_t ldq_phys(hwaddr addr)
2293 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2296 uint64_t ldq_le_phys(hwaddr addr)
2298 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2301 uint64_t ldq_be_phys(hwaddr addr)
2303 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2307 uint32_t ldub_phys(hwaddr addr)
2310 cpu_physical_memory_read(addr, &val, 1);
2314 /* warning: addr must be aligned */
2315 static inline uint32_t lduw_phys_internal(hwaddr addr,
2316 enum device_endian endian)
2324 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2326 if (l < 2 || !memory_access_is_direct(mr, false)) {
2328 io_mem_read(mr, addr1, &val, 2);
2329 #if defined(TARGET_WORDS_BIGENDIAN)
2330 if (endian == DEVICE_LITTLE_ENDIAN) {
2334 if (endian == DEVICE_BIG_ENDIAN) {
2340 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2344 case DEVICE_LITTLE_ENDIAN:
2345 val = lduw_le_p(ptr);
2347 case DEVICE_BIG_ENDIAN:
2348 val = lduw_be_p(ptr);
2358 uint32_t lduw_phys(hwaddr addr)
2360 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2363 uint32_t lduw_le_phys(hwaddr addr)
2365 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2368 uint32_t lduw_be_phys(hwaddr addr)
2370 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2373 /* warning: addr must be aligned. The ram page is not masked as dirty
2374 and the code inside is not invalidated. It is useful if the dirty
2375 bits are used to track modified PTEs */
2376 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2383 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2385 if (l < 4 || !memory_access_is_direct(mr, true)) {
2386 io_mem_write(mr, addr1, val, 4);
2388 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2389 ptr = qemu_get_ram_ptr(addr1);
2392 if (unlikely(in_migration)) {
2393 if (!cpu_physical_memory_is_dirty(addr1)) {
2394 /* invalidate code */
2395 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2397 cpu_physical_memory_set_dirty_flags(
2398 addr1, (0xff & ~CODE_DIRTY_FLAG));
2404 /* warning: addr must be aligned */
2405 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2406 enum device_endian endian)
2413 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2415 if (l < 4 || !memory_access_is_direct(mr, true)) {
2416 #if defined(TARGET_WORDS_BIGENDIAN)
2417 if (endian == DEVICE_LITTLE_ENDIAN) {
2421 if (endian == DEVICE_BIG_ENDIAN) {
2425 io_mem_write(mr, addr1, val, 4);
2428 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2429 ptr = qemu_get_ram_ptr(addr1);
2431 case DEVICE_LITTLE_ENDIAN:
2434 case DEVICE_BIG_ENDIAN:
2441 invalidate_and_set_dirty(addr1, 4);
2445 void stl_phys(hwaddr addr, uint32_t val)
2447 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2450 void stl_le_phys(hwaddr addr, uint32_t val)
2452 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2455 void stl_be_phys(hwaddr addr, uint32_t val)
2457 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2461 void stb_phys(hwaddr addr, uint32_t val)
2464 cpu_physical_memory_write(addr, &v, 1);
2467 /* warning: addr must be aligned */
2468 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2469 enum device_endian endian)
2476 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2478 if (l < 2 || !memory_access_is_direct(mr, true)) {
2479 #if defined(TARGET_WORDS_BIGENDIAN)
2480 if (endian == DEVICE_LITTLE_ENDIAN) {
2484 if (endian == DEVICE_BIG_ENDIAN) {
2488 io_mem_write(mr, addr1, val, 2);
2491 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2492 ptr = qemu_get_ram_ptr(addr1);
2494 case DEVICE_LITTLE_ENDIAN:
2497 case DEVICE_BIG_ENDIAN:
2504 invalidate_and_set_dirty(addr1, 2);
2508 void stw_phys(hwaddr addr, uint32_t val)
2510 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2513 void stw_le_phys(hwaddr addr, uint32_t val)
2515 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2518 void stw_be_phys(hwaddr addr, uint32_t val)
2520 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2524 void stq_phys(hwaddr addr, uint64_t val)
2527 cpu_physical_memory_write(addr, &val, 8);
2530 void stq_le_phys(hwaddr addr, uint64_t val)
2532 val = cpu_to_le64(val);
2533 cpu_physical_memory_write(addr, &val, 8);
2536 void stq_be_phys(hwaddr addr, uint64_t val)
2538 val = cpu_to_be64(val);
2539 cpu_physical_memory_write(addr, &val, 8);
2542 /* virtual memory access for debug (includes writing to ROM) */
2543 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2544 uint8_t *buf, int len, int is_write)
2551 page = addr & TARGET_PAGE_MASK;
2552 phys_addr = cpu_get_phys_page_debug(env, page);
2553 /* if no physical page mapped, return an error */
2554 if (phys_addr == -1)
2556 l = (page + TARGET_PAGE_SIZE) - addr;
2559 phys_addr += (addr & ~TARGET_PAGE_MASK);
2561 cpu_physical_memory_write_rom(phys_addr, buf, l);
2563 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2572 #if !defined(CONFIG_USER_ONLY)
2575 * A helper function for the _utterly broken_ virtio device model to find out if
2576 * it's running on a big endian machine. Don't do this at home kids!
2578 bool virtio_is_big_endian(void);
2579 bool virtio_is_big_endian(void)
2581 #if defined(TARGET_WORDS_BIGENDIAN)
2590 #ifndef CONFIG_USER_ONLY
2591 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2596 mr = address_space_translate(&address_space_memory,
2597 phys_addr, &phys_addr, &l, false);
2599 return !(memory_region_is_ram(mr) ||
2600 memory_region_is_romd(mr));
projects / sdk / emulator / qemu.git / blob