4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 struct AddressSpaceDispatch {
92 /* This is a multi-level map on the physical address space.
93 * The bottom level has pointers to MemoryRegionSections.
95 PhysPageEntry phys_map;
96 MemoryListener listener;
100 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
101 typedef struct subpage_t {
105 uint16_t sub_section[TARGET_PAGE_SIZE];
108 static MemoryRegionSection *phys_sections;
109 static unsigned phys_sections_nb, phys_sections_nb_alloc;
110 static uint16_t phys_section_unassigned;
111 static uint16_t phys_section_notdirty;
112 static uint16_t phys_section_rom;
113 static uint16_t phys_section_watch;
115 /* Simple allocator for PhysPageEntry nodes */
116 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
117 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121 static void io_mem_init(void);
122 static void memory_map_init(void);
123 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125 static MemoryRegion io_mem_watch;
128 #if !defined(CONFIG_USER_ONLY)
130 static void phys_map_node_reserve(unsigned nodes)
132 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
133 typedef PhysPageEntry Node[L2_SIZE];
134 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
136 phys_map_nodes_nb + nodes);
137 phys_map_nodes = g_renew(Node, phys_map_nodes,
138 phys_map_nodes_nb_alloc);
142 static uint16_t phys_map_node_alloc(void)
147 ret = phys_map_nodes_nb++;
148 assert(ret != PHYS_MAP_NODE_NIL);
149 assert(ret != phys_map_nodes_nb_alloc);
150 for (i = 0; i < L2_SIZE; ++i) {
151 phys_map_nodes[ret][i].is_leaf = 0;
152 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
157 static void phys_map_nodes_reset(void)
159 phys_map_nodes_nb = 0;
163 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
164 hwaddr *nb, uint16_t leaf,
169 hwaddr step = (hwaddr)1 << (level * L2_BITS);
171 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
172 lp->ptr = phys_map_node_alloc();
173 p = phys_map_nodes[lp->ptr];
175 for (i = 0; i < L2_SIZE; i++) {
177 p[i].ptr = phys_section_unassigned;
181 p = phys_map_nodes[lp->ptr];
183 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
185 while (*nb && lp < &p[L2_SIZE]) {
186 if ((*index & (step - 1)) == 0 && *nb >= step) {
192 phys_page_set_level(lp, index, nb, leaf, level - 1);
198 static void phys_page_set(AddressSpaceDispatch *d,
199 hwaddr index, hwaddr nb,
202 /* Wildly overreserve - it doesn't matter much. */
203 phys_map_node_reserve(3 * P_L2_LEVELS);
205 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
208 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
210 PhysPageEntry lp = d->phys_map;
214 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
215 if (lp.ptr == PHYS_MAP_NODE_NIL) {
216 return &phys_sections[phys_section_unassigned];
218 p = phys_map_nodes[lp.ptr];
219 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
221 return &phys_sections[lp.ptr];
224 bool memory_region_is_unassigned(MemoryRegion *mr)
226 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
227 && mr != &io_mem_watch;
230 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
232 bool resolve_subpage)
234 MemoryRegionSection *section;
237 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
238 if (resolve_subpage && section->mr->subpage) {
239 subpage = container_of(section->mr, subpage_t, iomem);
240 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
245 static MemoryRegionSection *
246 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
247 hwaddr *plen, bool resolve_subpage)
249 MemoryRegionSection *section;
252 section = address_space_lookup_region(as, addr, resolve_subpage);
253 /* Compute offset within MemoryRegionSection */
254 addr -= section->offset_within_address_space;
256 /* Compute offset within MemoryRegion */
257 *xlat = addr + section->offset_within_region;
259 diff = int128_sub(section->mr->size, int128_make64(addr));
260 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
264 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
265 hwaddr *xlat, hwaddr *plen,
269 MemoryRegionSection *section;
274 section = address_space_translate_internal(as, addr, &addr, plen, true);
277 if (!mr->iommu_ops) {
281 iotlb = mr->iommu_ops->translate(mr, addr);
282 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
283 | (addr & iotlb.addr_mask));
284 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
285 if (!(iotlb.perm & (1 << is_write))) {
286 mr = &io_mem_unassigned;
290 as = iotlb.target_as;
298 MemoryRegionSection *
299 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
302 MemoryRegionSection *section;
303 section = address_space_translate_internal(as, addr, xlat, plen, false);
305 assert(!section->mr->iommu_ops);
310 void cpu_exec_init_all(void)
312 #if !defined(CONFIG_USER_ONLY)
313 qemu_mutex_init(&ram_list.mutex);
319 #if !defined(CONFIG_USER_ONLY)
321 static int cpu_common_post_load(void *opaque, int version_id)
323 CPUState *cpu = opaque;
325 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
326 version_id is increased. */
327 cpu->interrupt_request &= ~0x01;
328 tlb_flush(cpu->env_ptr, 1);
333 static const VMStateDescription vmstate_cpu_common = {
334 .name = "cpu_common",
336 .minimum_version_id = 1,
337 .minimum_version_id_old = 1,
338 .post_load = cpu_common_post_load,
339 .fields = (VMStateField []) {
340 VMSTATE_UINT32(halted, CPUState),
341 VMSTATE_UINT32(interrupt_request, CPUState),
342 VMSTATE_END_OF_LIST()
346 #define vmstate_cpu_common vmstate_dummy
349 CPUState *qemu_get_cpu(int index)
351 CPUArchState *env = first_cpu;
352 CPUState *cpu = NULL;
355 cpu = ENV_GET_CPU(env);
356 if (cpu->cpu_index == index) {
362 return env ? cpu : NULL;
365 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
367 CPUArchState *env = first_cpu;
370 func(ENV_GET_CPU(env), data);
375 void cpu_exec_init(CPUArchState *env)
377 CPUState *cpu = ENV_GET_CPU(env);
378 CPUClass *cc = CPU_GET_CLASS(cpu);
382 #if defined(CONFIG_USER_ONLY)
385 env->next_cpu = NULL;
388 while (*penv != NULL) {
389 penv = &(*penv)->next_cpu;
392 cpu->cpu_index = cpu_index;
394 QTAILQ_INIT(&env->breakpoints);
395 QTAILQ_INIT(&env->watchpoints);
396 #ifndef CONFIG_USER_ONLY
397 cpu->thread_id = qemu_get_thread_id();
400 #if defined(CONFIG_USER_ONLY)
403 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
404 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
405 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
406 cpu_save, cpu_load, env);
407 assert(cc->vmsd == NULL);
409 if (cc->vmsd != NULL) {
410 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
414 #if defined(TARGET_HAS_ICE)
415 #if defined(CONFIG_USER_ONLY)
416 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
418 tb_invalidate_phys_page_range(pc, pc + 1, 0);
421 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
423 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
424 (pc & ~TARGET_PAGE_MASK));
427 #endif /* TARGET_HAS_ICE */
429 #if defined(CONFIG_USER_ONLY)
430 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
435 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
436 int flags, CPUWatchpoint **watchpoint)
441 /* Add a watchpoint. */
442 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
443 int flags, CPUWatchpoint **watchpoint)
445 target_ulong len_mask = ~(len - 1);
448 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
449 if ((len & (len - 1)) || (addr & ~len_mask) ||
450 len == 0 || len > TARGET_PAGE_SIZE) {
451 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
452 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
455 wp = g_malloc(sizeof(*wp));
458 wp->len_mask = len_mask;
461 /* keep all GDB-injected watchpoints in front */
463 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
465 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
467 tlb_flush_page(env, addr);
474 /* Remove a specific watchpoint. */
475 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
478 target_ulong len_mask = ~(len - 1);
481 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
482 if (addr == wp->vaddr && len_mask == wp->len_mask
483 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
484 cpu_watchpoint_remove_by_ref(env, wp);
491 /* Remove a specific watchpoint by reference. */
492 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
494 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
496 tlb_flush_page(env, watchpoint->vaddr);
501 /* Remove all matching watchpoints. */
502 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
504 CPUWatchpoint *wp, *next;
506 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
507 if (wp->flags & mask)
508 cpu_watchpoint_remove_by_ref(env, wp);
513 /* Add a breakpoint. */
514 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
515 CPUBreakpoint **breakpoint)
517 #if defined(TARGET_HAS_ICE)
520 bp = g_malloc(sizeof(*bp));
525 /* keep all GDB-injected breakpoints in front */
527 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
529 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
531 breakpoint_invalidate(env, pc);
541 /* Remove a specific breakpoint. */
542 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
544 #if defined(TARGET_HAS_ICE)
547 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
548 if (bp->pc == pc && bp->flags == flags) {
549 cpu_breakpoint_remove_by_ref(env, bp);
559 /* Remove a specific breakpoint by reference. */
560 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
562 #if defined(TARGET_HAS_ICE)
563 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
565 breakpoint_invalidate(env, breakpoint->pc);
571 /* Remove all matching breakpoints. */
572 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
574 #if defined(TARGET_HAS_ICE)
575 CPUBreakpoint *bp, *next;
577 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
578 if (bp->flags & mask)
579 cpu_breakpoint_remove_by_ref(env, bp);
584 /* enable or disable single step mode. EXCP_DEBUG is returned by the
585 CPU loop after each instruction */
586 void cpu_single_step(CPUArchState *env, int enabled)
588 #if defined(TARGET_HAS_ICE)
589 if (env->singlestep_enabled != enabled) {
590 env->singlestep_enabled = enabled;
592 kvm_update_guest_debug(env, 0);
594 /* must flush all the translated code to avoid inconsistencies */
595 /* XXX: only flush what is necessary */
602 void cpu_exit(CPUArchState *env)
604 CPUState *cpu = ENV_GET_CPU(env);
606 cpu->exit_request = 1;
607 cpu->tcg_exit_req = 1;
610 void cpu_abort(CPUArchState *env, const char *fmt, ...)
617 fprintf(stderr, "qemu: fatal: ");
618 vfprintf(stderr, fmt, ap);
619 fprintf(stderr, "\n");
620 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
621 if (qemu_log_enabled()) {
622 qemu_log("qemu: fatal: ");
623 qemu_log_vprintf(fmt, ap2);
625 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
631 #if defined(CONFIG_USER_ONLY)
633 struct sigaction act;
634 sigfillset(&act.sa_mask);
635 act.sa_handler = SIG_DFL;
636 sigaction(SIGABRT, &act, NULL);
642 CPUArchState *cpu_copy(CPUArchState *env)
644 CPUArchState *new_env = cpu_init(env->cpu_model_str);
645 CPUArchState *next_cpu = new_env->next_cpu;
646 #if defined(TARGET_HAS_ICE)
651 memcpy(new_env, env, sizeof(CPUArchState));
653 /* Preserve chaining. */
654 new_env->next_cpu = next_cpu;
656 /* Clone all break/watchpoints.
657 Note: Once we support ptrace with hw-debug register access, make sure
658 BP_CPU break/watchpoints are handled correctly on clone. */
659 QTAILQ_INIT(&env->breakpoints);
660 QTAILQ_INIT(&env->watchpoints);
661 #if defined(TARGET_HAS_ICE)
662 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
663 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
665 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
666 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
674 #if !defined(CONFIG_USER_ONLY)
675 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
680 /* we modify the TLB cache so that the dirty bit will be set again
681 when accessing the range */
682 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
683 /* Check that we don't span multiple blocks - this breaks the
684 address comparisons below. */
685 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
686 != (end - 1) - start) {
689 cpu_tlb_reset_dirty_all(start1, length);
693 /* Note: start and end must be within the same ram block. */
694 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
699 start &= TARGET_PAGE_MASK;
700 end = TARGET_PAGE_ALIGN(end);
702 length = end - start;
705 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
708 tlb_reset_dirty_range_all(start, end, length);
712 static int cpu_physical_memory_set_dirty_tracking(int enable)
715 in_migration = enable;
719 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
720 MemoryRegionSection *section,
722 hwaddr paddr, hwaddr xlat,
724 target_ulong *address)
729 if (memory_region_is_ram(section->mr)) {
731 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
733 if (!section->readonly) {
734 iotlb |= phys_section_notdirty;
736 iotlb |= phys_section_rom;
739 iotlb = section - phys_sections;
743 /* Make accesses to pages with watchpoints go via the
744 watchpoint trap routines. */
745 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
746 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
747 /* Avoid trapping reads of pages with a write breakpoint. */
748 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
749 iotlb = phys_section_watch + paddr;
750 *address |= TLB_MMIO;
758 #endif /* defined(CONFIG_USER_ONLY) */
760 #if !defined(CONFIG_USER_ONLY)
762 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
764 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
765 static void destroy_page_desc(uint16_t section_index)
767 MemoryRegionSection *section = &phys_sections[section_index];
768 MemoryRegion *mr = section->mr;
771 subpage_t *subpage = container_of(mr, subpage_t, iomem);
772 memory_region_destroy(&subpage->iomem);
777 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
782 if (lp->ptr == PHYS_MAP_NODE_NIL) {
786 p = phys_map_nodes[lp->ptr];
787 for (i = 0; i < L2_SIZE; ++i) {
789 destroy_l2_mapping(&p[i], level - 1);
791 destroy_page_desc(p[i].ptr);
795 lp->ptr = PHYS_MAP_NODE_NIL;
798 static void destroy_all_mappings(AddressSpaceDispatch *d)
800 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
801 phys_map_nodes_reset();
804 static uint16_t phys_section_add(MemoryRegionSection *section)
806 /* The physical section number is ORed with a page-aligned
807 * pointer to produce the iotlb entries. Thus it should
808 * never overflow into the page-aligned value.
810 assert(phys_sections_nb < TARGET_PAGE_SIZE);
812 if (phys_sections_nb == phys_sections_nb_alloc) {
813 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
814 phys_sections = g_renew(MemoryRegionSection, phys_sections,
815 phys_sections_nb_alloc);
817 phys_sections[phys_sections_nb] = *section;
818 return phys_sections_nb++;
821 static void phys_sections_clear(void)
823 phys_sections_nb = 0;
826 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
829 hwaddr base = section->offset_within_address_space
831 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
832 MemoryRegionSection subsection = {
833 .offset_within_address_space = base,
834 .size = int128_make64(TARGET_PAGE_SIZE),
838 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
840 if (!(existing->mr->subpage)) {
841 subpage = subpage_init(d->as, base);
842 subsection.mr = &subpage->iomem;
843 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
844 phys_section_add(&subsection));
846 subpage = container_of(existing->mr, subpage_t, iomem);
848 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
849 end = start + int128_get64(section->size) - 1;
850 subpage_register(subpage, start, end, phys_section_add(section));
854 static void register_multipage(AddressSpaceDispatch *d,
855 MemoryRegionSection *section)
857 hwaddr start_addr = section->offset_within_address_space;
858 uint16_t section_index = phys_section_add(section);
859 uint64_t num_pages = int128_get64(int128_rshift(section->size,
863 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
866 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
868 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
869 MemoryRegionSection now = *section, remain = *section;
870 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
872 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
873 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
874 - now.offset_within_address_space;
876 now.size = int128_min(int128_make64(left), now.size);
877 register_subpage(d, &now);
879 now.size = int128_zero();
881 while (int128_ne(remain.size, now.size)) {
882 remain.size = int128_sub(remain.size, now.size);
883 remain.offset_within_address_space += int128_get64(now.size);
884 remain.offset_within_region += int128_get64(now.size);
886 if (int128_lt(remain.size, page_size)) {
887 register_subpage(d, &now);
888 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
889 now.size = page_size;
890 register_subpage(d, &now);
892 now.size = int128_and(now.size, int128_neg(page_size));
893 register_multipage(d, &now);
898 void qemu_flush_coalesced_mmio_buffer(void)
901 kvm_flush_coalesced_mmio_buffer();
904 void qemu_mutex_lock_ramlist(void)
906 qemu_mutex_lock(&ram_list.mutex);
909 void qemu_mutex_unlock_ramlist(void)
911 qemu_mutex_unlock(&ram_list.mutex);
914 #if defined(__linux__) && !defined(TARGET_S390X)
918 #define HUGETLBFS_MAGIC 0x958458f6
920 static long gethugepagesize(const char *path)
926 ret = statfs(path, &fs);
927 } while (ret != 0 && errno == EINTR);
934 if (fs.f_type != HUGETLBFS_MAGIC)
935 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
940 static void *file_ram_alloc(RAMBlock *block,
945 char *sanitized_name;
952 unsigned long hpagesize;
954 hpagesize = gethugepagesize(path);
959 if (memory < hpagesize) {
963 if (kvm_enabled() && !kvm_has_sync_mmu()) {
964 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
968 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
969 sanitized_name = g_strdup(block->mr->name);
970 for (c = sanitized_name; *c != '\0'; c++) {
975 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
977 g_free(sanitized_name);
979 fd = mkstemp(filename);
981 perror("unable to create backing store for hugepages");
988 memory = (memory+hpagesize-1) & ~(hpagesize-1);
991 * ftruncate is not supported by hugetlbfs in older
992 * hosts, so don't bother bailing out on errors.
993 * If anything goes wrong with it under other filesystems,
996 if (ftruncate(fd, memory))
1000 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
1001 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
1002 * to sidestep this quirk.
1004 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
1005 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
1007 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1009 if (area == MAP_FAILED) {
1010 perror("file_ram_alloc: can't mmap RAM pages");
1019 static ram_addr_t find_ram_offset(ram_addr_t size)
1021 RAMBlock *block, *next_block;
1022 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1024 assert(size != 0); /* it would hand out same offset multiple times */
1026 if (QTAILQ_EMPTY(&ram_list.blocks))
1029 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1030 ram_addr_t end, next = RAM_ADDR_MAX;
1032 end = block->offset + block->length;
1034 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1035 if (next_block->offset >= end) {
1036 next = MIN(next, next_block->offset);
1039 if (next - end >= size && next - end < mingap) {
1041 mingap = next - end;
1045 if (offset == RAM_ADDR_MAX) {
1046 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1054 ram_addr_t last_ram_offset(void)
1057 ram_addr_t last = 0;
1059 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1060 last = MAX(last, block->offset + block->length);
1065 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1068 QemuOpts *machine_opts;
1070 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1071 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1073 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1074 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1076 perror("qemu_madvise");
1077 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1078 "but dump_guest_core=off specified\n");
1083 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1085 RAMBlock *new_block, *block;
1088 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1089 if (block->offset == addr) {
1095 assert(!new_block->idstr[0]);
1098 char *id = qdev_get_dev_path(dev);
1100 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1104 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1106 /* This assumes the iothread lock is taken here too. */
1107 qemu_mutex_lock_ramlist();
1108 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1109 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1110 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1115 qemu_mutex_unlock_ramlist();
1118 static int memory_try_enable_merging(void *addr, size_t len)
1122 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1123 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1124 /* disabled by the user */
1128 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1131 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1134 RAMBlock *block, *new_block;
1136 size = TARGET_PAGE_ALIGN(size);
1137 new_block = g_malloc0(sizeof(*new_block));
1139 /* This assumes the iothread lock is taken here too. */
1140 qemu_mutex_lock_ramlist();
1142 new_block->offset = find_ram_offset(size);
1144 new_block->host = host;
1145 new_block->flags |= RAM_PREALLOC_MASK;
1148 #if defined (__linux__) && !defined(TARGET_S390X)
1149 new_block->host = file_ram_alloc(new_block, size, mem_path);
1150 if (!new_block->host) {
1151 new_block->host = qemu_anon_ram_alloc(size);
1152 memory_try_enable_merging(new_block->host, size);
1155 fprintf(stderr, "-mem-path option unsupported\n");
1159 if (xen_enabled()) {
1160 xen_ram_alloc(new_block->offset, size, mr);
1161 } else if (kvm_enabled()) {
1162 /* some s390/kvm configurations have special constraints */
1163 new_block->host = kvm_ram_alloc(size);
1165 new_block->host = qemu_anon_ram_alloc(size);
1167 memory_try_enable_merging(new_block->host, size);
1170 new_block->length = size;
1172 /* Keep the list sorted from biggest to smallest block. */
1173 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1174 if (block->length < new_block->length) {
1179 QTAILQ_INSERT_BEFORE(block, new_block, next);
1181 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1183 ram_list.mru_block = NULL;
1186 qemu_mutex_unlock_ramlist();
1188 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1189 last_ram_offset() >> TARGET_PAGE_BITS);
1190 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1191 0, size >> TARGET_PAGE_BITS);
1192 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1194 qemu_ram_setup_dump(new_block->host, size);
1195 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1198 kvm_setup_guest_memory(new_block->host, size);
1200 return new_block->offset;
1203 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1205 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1208 void qemu_ram_free_from_ptr(ram_addr_t addr)
1212 /* This assumes the iothread lock is taken here too. */
1213 qemu_mutex_lock_ramlist();
1214 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1215 if (addr == block->offset) {
1216 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1217 ram_list.mru_block = NULL;
1223 qemu_mutex_unlock_ramlist();
1226 void qemu_ram_free(ram_addr_t addr)
1230 /* This assumes the iothread lock is taken here too. */
1231 qemu_mutex_lock_ramlist();
1232 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1233 if (addr == block->offset) {
1234 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1235 ram_list.mru_block = NULL;
1237 if (block->flags & RAM_PREALLOC_MASK) {
1239 } else if (mem_path) {
1240 #if defined (__linux__) && !defined(TARGET_S390X)
1242 munmap(block->host, block->length);
1245 qemu_anon_ram_free(block->host, block->length);
1251 if (xen_enabled()) {
1252 xen_invalidate_map_cache_entry(block->host);
1254 qemu_anon_ram_free(block->host, block->length);
1261 qemu_mutex_unlock_ramlist();
1266 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1273 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1274 offset = addr - block->offset;
1275 if (offset < block->length) {
1276 vaddr = block->host + offset;
1277 if (block->flags & RAM_PREALLOC_MASK) {
1281 munmap(vaddr, length);
1283 #if defined(__linux__) && !defined(TARGET_S390X)
1286 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1289 flags |= MAP_PRIVATE;
1291 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1292 flags, block->fd, offset);
1294 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1295 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1302 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1303 flags |= MAP_SHARED | MAP_ANONYMOUS;
1304 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1307 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1308 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1312 if (area != vaddr) {
1313 fprintf(stderr, "Could not remap addr: "
1314 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1318 memory_try_enable_merging(vaddr, length);
1319 qemu_ram_setup_dump(vaddr, length);
1325 #endif /* !_WIN32 */
1327 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1328 With the exception of the softmmu code in this file, this should
1329 only be used for local memory (e.g. video ram) that the device owns,
1330 and knows it isn't going to access beyond the end of the block.
1332 It should not be used for general purpose DMA.
1333 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1335 void *qemu_get_ram_ptr(ram_addr_t addr)
1339 /* The list is protected by the iothread lock here. */
1340 block = ram_list.mru_block;
1341 if (block && addr - block->offset < block->length) {
1344 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1345 if (addr - block->offset < block->length) {
1350 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1354 ram_list.mru_block = block;
1355 if (xen_enabled()) {
1356 /* We need to check if the requested address is in the RAM
1357 * because we don't want to map the entire memory in QEMU.
1358 * In that case just map until the end of the page.
1360 if (block->offset == 0) {
1361 return xen_map_cache(addr, 0, 0);
1362 } else if (block->host == NULL) {
1364 xen_map_cache(block->offset, block->length, 1);
1367 return block->host + (addr - block->offset);
1370 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1371 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1373 * ??? Is this still necessary?
1375 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1379 /* The list is protected by the iothread lock here. */
1380 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1381 if (addr - block->offset < block->length) {
1382 if (xen_enabled()) {
1383 /* We need to check if the requested address is in the RAM
1384 * because we don't want to map the entire memory in QEMU.
1385 * In that case just map until the end of the page.
1387 if (block->offset == 0) {
1388 return xen_map_cache(addr, 0, 0);
1389 } else if (block->host == NULL) {
1391 xen_map_cache(block->offset, block->length, 1);
1394 return block->host + (addr - block->offset);
1398 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1404 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1405 * but takes a size argument */
1406 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1411 if (xen_enabled()) {
1412 return xen_map_cache(addr, *size, 1);
1416 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1417 if (addr - block->offset < block->length) {
1418 if (addr - block->offset + *size > block->length)
1419 *size = block->length - addr + block->offset;
1420 return block->host + (addr - block->offset);
1424 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1429 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1432 uint8_t *host = ptr;
1434 if (xen_enabled()) {
1435 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1439 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1440 /* This case append when the block is not mapped. */
1441 if (block->host == NULL) {
1444 if (host - block->host < block->length) {
1445 *ram_addr = block->offset + (host - block->host);
1453 /* Some of the softmmu routines need to translate from a host pointer
1454 (typically a TLB entry) back to a ram offset. */
1455 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1457 ram_addr_t ram_addr;
1459 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1460 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1466 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1467 uint64_t val, unsigned size)
1470 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1471 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1472 tb_invalidate_phys_page_fast(ram_addr, size);
1473 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1477 stb_p(qemu_get_ram_ptr(ram_addr), val);
1480 stw_p(qemu_get_ram_ptr(ram_addr), val);
1483 stl_p(qemu_get_ram_ptr(ram_addr), val);
1488 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1489 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1490 /* we remove the notdirty callback only if the code has been
1492 if (dirty_flags == 0xff)
1493 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1496 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1497 unsigned size, bool is_write)
1502 static const MemoryRegionOps notdirty_mem_ops = {
1503 .write = notdirty_mem_write,
1504 .valid.accepts = notdirty_mem_accepts,
1505 .endianness = DEVICE_NATIVE_ENDIAN,
1508 /* Generate a debug exception if a watchpoint has been hit. */
1509 static void check_watchpoint(int offset, int len_mask, int flags)
1511 CPUArchState *env = cpu_single_env;
1512 target_ulong pc, cs_base;
1517 if (env->watchpoint_hit) {
1518 /* We re-entered the check after replacing the TB. Now raise
1519 * the debug interrupt so that is will trigger after the
1520 * current instruction. */
1521 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1524 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1525 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1526 if ((vaddr == (wp->vaddr & len_mask) ||
1527 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1528 wp->flags |= BP_WATCHPOINT_HIT;
1529 if (!env->watchpoint_hit) {
1530 env->watchpoint_hit = wp;
1531 tb_check_watchpoint(env);
1532 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1533 env->exception_index = EXCP_DEBUG;
1536 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1537 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1538 cpu_resume_from_signal(env, NULL);
1542 wp->flags &= ~BP_WATCHPOINT_HIT;
1547 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1548 so these check for a hit then pass through to the normal out-of-line
1550 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1553 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1555 case 1: return ldub_phys(addr);
1556 case 2: return lduw_phys(addr);
1557 case 4: return ldl_phys(addr);
1562 static void watch_mem_write(void *opaque, hwaddr addr,
1563 uint64_t val, unsigned size)
1565 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1568 stb_phys(addr, val);
1571 stw_phys(addr, val);
1574 stl_phys(addr, val);
1580 static const MemoryRegionOps watch_mem_ops = {
1581 .read = watch_mem_read,
1582 .write = watch_mem_write,
1583 .endianness = DEVICE_NATIVE_ENDIAN,
1586 static uint64_t subpage_read(void *opaque, hwaddr addr,
1589 subpage_t *subpage = opaque;
1592 #if defined(DEBUG_SUBPAGE)
1593 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1594 subpage, len, addr);
1596 address_space_read(subpage->as, addr + subpage->base, buf, len);
1609 static void subpage_write(void *opaque, hwaddr addr,
1610 uint64_t value, unsigned len)
1612 subpage_t *subpage = opaque;
1615 #if defined(DEBUG_SUBPAGE)
1616 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1617 " value %"PRIx64"\n",
1618 __func__, subpage, len, addr, value);
1633 address_space_write(subpage->as, addr + subpage->base, buf, len);
1636 static bool subpage_accepts(void *opaque, hwaddr addr,
1637 unsigned size, bool is_write)
1639 subpage_t *subpage = opaque;
1640 #if defined(DEBUG_SUBPAGE)
1641 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1642 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1645 return address_space_access_valid(subpage->as, addr + subpage->base,
1649 static const MemoryRegionOps subpage_ops = {
1650 .read = subpage_read,
1651 .write = subpage_write,
1652 .valid.accepts = subpage_accepts,
1653 .endianness = DEVICE_NATIVE_ENDIAN,
1656 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1661 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1663 idx = SUBPAGE_IDX(start);
1664 eidx = SUBPAGE_IDX(end);
1665 #if defined(DEBUG_SUBPAGE)
1666 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1667 mmio, start, end, idx, eidx, memory);
1669 for (; idx <= eidx; idx++) {
1670 mmio->sub_section[idx] = section;
1676 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1680 mmio = g_malloc0(sizeof(subpage_t));
1684 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1685 "subpage", TARGET_PAGE_SIZE);
1686 mmio->iomem.subpage = true;
1687 #if defined(DEBUG_SUBPAGE)
1688 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1689 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1691 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1696 static uint16_t dummy_section(MemoryRegion *mr)
1698 MemoryRegionSection section = {
1700 .offset_within_address_space = 0,
1701 .offset_within_region = 0,
1702 .size = int128_2_64(),
1705 return phys_section_add(§ion);
1708 MemoryRegion *iotlb_to_region(hwaddr index)
1710 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1713 static void io_mem_init(void)
1715 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1716 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1717 "unassigned", UINT64_MAX);
1718 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1719 "notdirty", UINT64_MAX);
1720 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1721 "watch", UINT64_MAX);
1724 static void mem_begin(MemoryListener *listener)
1726 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1728 destroy_all_mappings(d);
1729 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1732 static void core_begin(MemoryListener *listener)
1734 phys_sections_clear();
1735 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1736 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1737 phys_section_rom = dummy_section(&io_mem_rom);
1738 phys_section_watch = dummy_section(&io_mem_watch);
1741 static void tcg_commit(MemoryListener *listener)
1745 /* since each CPU stores ram addresses in its TLB cache, we must
1746 reset the modified entries */
1748 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1753 static void core_log_global_start(MemoryListener *listener)
1755 cpu_physical_memory_set_dirty_tracking(1);
1758 static void core_log_global_stop(MemoryListener *listener)
1760 cpu_physical_memory_set_dirty_tracking(0);
1763 static void io_region_add(MemoryListener *listener,
1764 MemoryRegionSection *section)
1766 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1768 mrio->mr = section->mr;
1769 mrio->offset = section->offset_within_region;
1770 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1771 section->offset_within_address_space,
1772 int128_get64(section->size));
1773 ioport_register(&mrio->iorange);
1776 static void io_region_del(MemoryListener *listener,
1777 MemoryRegionSection *section)
1779 isa_unassign_ioport(section->offset_within_address_space,
1780 int128_get64(section->size));
1783 static MemoryListener core_memory_listener = {
1784 .begin = core_begin,
1785 .log_global_start = core_log_global_start,
1786 .log_global_stop = core_log_global_stop,
1790 static MemoryListener io_memory_listener = {
1791 .region_add = io_region_add,
1792 .region_del = io_region_del,
1796 static MemoryListener tcg_memory_listener = {
1797 .commit = tcg_commit,
1800 void address_space_init_dispatch(AddressSpace *as)
1802 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1804 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1805 d->listener = (MemoryListener) {
1807 .region_add = mem_add,
1808 .region_nop = mem_add,
1813 memory_listener_register(&d->listener, as);
1816 void address_space_destroy_dispatch(AddressSpace *as)
1818 AddressSpaceDispatch *d = as->dispatch;
1820 memory_listener_unregister(&d->listener);
1821 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1823 as->dispatch = NULL;
1826 static void memory_map_init(void)
1828 system_memory = g_malloc(sizeof(*system_memory));
1829 memory_region_init(system_memory, "system", INT64_MAX);
1830 address_space_init(&address_space_memory, system_memory, "memory");
1832 system_io = g_malloc(sizeof(*system_io));
1833 memory_region_init(system_io, "io", 65536);
1834 address_space_init(&address_space_io, system_io, "I/O");
1836 memory_listener_register(&core_memory_listener, &address_space_memory);
1837 memory_listener_register(&io_memory_listener, &address_space_io);
1838 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1841 MemoryRegion *get_system_memory(void)
1843 return system_memory;
1846 MemoryRegion *get_system_io(void)
1851 #endif /* !defined(CONFIG_USER_ONLY) */
1853 /* physical memory access (slow version, mainly for debug) */
1854 #if defined(CONFIG_USER_ONLY)
1855 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1856 uint8_t *buf, int len, int is_write)
1863 page = addr & TARGET_PAGE_MASK;
1864 l = (page + TARGET_PAGE_SIZE) - addr;
1867 flags = page_get_flags(page);
1868 if (!(flags & PAGE_VALID))
1871 if (!(flags & PAGE_WRITE))
1873 /* XXX: this code should not depend on lock_user */
1874 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1877 unlock_user(p, addr, l);
1879 if (!(flags & PAGE_READ))
1881 /* XXX: this code should not depend on lock_user */
1882 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1885 unlock_user(p, addr, 0);
1896 static void invalidate_and_set_dirty(hwaddr addr,
1899 if (!cpu_physical_memory_is_dirty(addr)) {
1900 /* invalidate code */
1901 tb_invalidate_phys_page_range(addr, addr + length, 0);
1903 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1905 xen_modified_memory(addr, length);
1908 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1910 if (memory_region_is_ram(mr)) {
1911 return !(is_write && mr->readonly);
1913 if (memory_region_is_romd(mr)) {
1920 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1922 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1925 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1931 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1932 int len, bool is_write)
1943 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1946 if (!memory_access_is_direct(mr, is_write)) {
1947 l = memory_access_size(mr, l, addr1);
1948 /* XXX: could force cpu_single_env to NULL to avoid
1951 /* 32 bit write access */
1953 error |= io_mem_write(mr, addr1, val, 4);
1954 } else if (l == 2) {
1955 /* 16 bit write access */
1957 error |= io_mem_write(mr, addr1, val, 2);
1959 /* 8 bit write access */
1961 error |= io_mem_write(mr, addr1, val, 1);
1964 addr1 += memory_region_get_ram_addr(mr);
1966 ptr = qemu_get_ram_ptr(addr1);
1967 memcpy(ptr, buf, l);
1968 invalidate_and_set_dirty(addr1, l);
1971 if (!memory_access_is_direct(mr, is_write)) {
1973 l = memory_access_size(mr, l, addr1);
1975 /* 32 bit read access */
1976 error |= io_mem_read(mr, addr1, &val, 4);
1978 } else if (l == 2) {
1979 /* 16 bit read access */
1980 error |= io_mem_read(mr, addr1, &val, 2);
1983 /* 8 bit read access */
1984 error |= io_mem_read(mr, addr1, &val, 1);
1989 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1990 memcpy(buf, ptr, l);
2001 bool address_space_write(AddressSpace *as, hwaddr addr,
2002 const uint8_t *buf, int len)
2004 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2007 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2009 return address_space_rw(as, addr, buf, len, false);
2013 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2014 int len, int is_write)
2016 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2019 /* used for ROM loading : can write in RAM and ROM */
2020 void cpu_physical_memory_write_rom(hwaddr addr,
2021 const uint8_t *buf, int len)
2030 mr = address_space_translate(&address_space_memory,
2031 addr, &addr1, &l, true);
2033 if (!(memory_region_is_ram(mr) ||
2034 memory_region_is_romd(mr))) {
2037 addr1 += memory_region_get_ram_addr(mr);
2039 ptr = qemu_get_ram_ptr(addr1);
2040 memcpy(ptr, buf, l);
2041 invalidate_and_set_dirty(addr1, l);
2055 static BounceBuffer bounce;
2057 typedef struct MapClient {
2059 void (*callback)(void *opaque);
2060 QLIST_ENTRY(MapClient) link;
2063 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2064 = QLIST_HEAD_INITIALIZER(map_client_list);
2066 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2068 MapClient *client = g_malloc(sizeof(*client));
2070 client->opaque = opaque;
2071 client->callback = callback;
2072 QLIST_INSERT_HEAD(&map_client_list, client, link);
2076 static void cpu_unregister_map_client(void *_client)
2078 MapClient *client = (MapClient *)_client;
2080 QLIST_REMOVE(client, link);
2084 static void cpu_notify_map_clients(void)
2088 while (!QLIST_EMPTY(&map_client_list)) {
2089 client = QLIST_FIRST(&map_client_list);
2090 client->callback(client->opaque);
2091 cpu_unregister_map_client(client);
2095 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2102 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2103 if (!memory_access_is_direct(mr, is_write)) {
2104 l = memory_access_size(mr, l, addr);
2105 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2116 /* Map a physical memory region into a host virtual address.
2117 * May map a subset of the requested range, given by and returned in *plen.
2118 * May return NULL if resources needed to perform the mapping are exhausted.
2119 * Use only for reads OR writes - not for read-modify-write operations.
2120 * Use cpu_register_map_client() to know when retrying the map operation is
2121 * likely to succeed.
2123 void *address_space_map(AddressSpace *as,
2132 ram_addr_t raddr = RAM_ADDR_MAX;
2138 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2140 if (!memory_access_is_direct(mr, is_write)) {
2141 if (todo || bounce.buffer) {
2144 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2148 address_space_read(as, addr, bounce.buffer, l);
2152 return bounce.buffer;
2155 raddr = memory_region_get_ram_addr(mr) + xlat;
2157 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2167 ret = qemu_ram_ptr_length(raddr, &rlen);
2172 /* Unmaps a memory region previously mapped by address_space_map().
2173 * Will also mark the memory as dirty if is_write == 1. access_len gives
2174 * the amount of memory that was actually read or written by the caller.
2176 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2177 int is_write, hwaddr access_len)
2179 if (buffer != bounce.buffer) {
2181 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2182 while (access_len) {
2184 l = TARGET_PAGE_SIZE;
2187 invalidate_and_set_dirty(addr1, l);
2192 if (xen_enabled()) {
2193 xen_invalidate_map_cache_entry(buffer);
2198 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2200 qemu_vfree(bounce.buffer);
2201 bounce.buffer = NULL;
2202 cpu_notify_map_clients();
2205 void *cpu_physical_memory_map(hwaddr addr,
2209 return address_space_map(&address_space_memory, addr, plen, is_write);
2212 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2213 int is_write, hwaddr access_len)
2215 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2218 /* warning: addr must be aligned */
2219 static inline uint32_t ldl_phys_internal(hwaddr addr,
2220 enum device_endian endian)
2228 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2230 if (l < 4 || !memory_access_is_direct(mr, false)) {
2232 io_mem_read(mr, addr1, &val, 4);
2233 #if defined(TARGET_WORDS_BIGENDIAN)
2234 if (endian == DEVICE_LITTLE_ENDIAN) {
2238 if (endian == DEVICE_BIG_ENDIAN) {
2244 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2248 case DEVICE_LITTLE_ENDIAN:
2249 val = ldl_le_p(ptr);
2251 case DEVICE_BIG_ENDIAN:
2252 val = ldl_be_p(ptr);
2262 uint32_t ldl_phys(hwaddr addr)
2264 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2267 uint32_t ldl_le_phys(hwaddr addr)
2269 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2272 uint32_t ldl_be_phys(hwaddr addr)
2274 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2277 /* warning: addr must be aligned */
2278 static inline uint64_t ldq_phys_internal(hwaddr addr,
2279 enum device_endian endian)
2287 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2289 if (l < 8 || !memory_access_is_direct(mr, false)) {
2291 io_mem_read(mr, addr1, &val, 8);
2292 #if defined(TARGET_WORDS_BIGENDIAN)
2293 if (endian == DEVICE_LITTLE_ENDIAN) {
2297 if (endian == DEVICE_BIG_ENDIAN) {
2303 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2307 case DEVICE_LITTLE_ENDIAN:
2308 val = ldq_le_p(ptr);
2310 case DEVICE_BIG_ENDIAN:
2311 val = ldq_be_p(ptr);
2321 uint64_t ldq_phys(hwaddr addr)
2323 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2326 uint64_t ldq_le_phys(hwaddr addr)
2328 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2331 uint64_t ldq_be_phys(hwaddr addr)
2333 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2337 uint32_t ldub_phys(hwaddr addr)
2340 cpu_physical_memory_read(addr, &val, 1);
2344 /* warning: addr must be aligned */
2345 static inline uint32_t lduw_phys_internal(hwaddr addr,
2346 enum device_endian endian)
2354 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2356 if (l < 2 || !memory_access_is_direct(mr, false)) {
2358 io_mem_read(mr, addr1, &val, 2);
2359 #if defined(TARGET_WORDS_BIGENDIAN)
2360 if (endian == DEVICE_LITTLE_ENDIAN) {
2364 if (endian == DEVICE_BIG_ENDIAN) {
2370 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2374 case DEVICE_LITTLE_ENDIAN:
2375 val = lduw_le_p(ptr);
2377 case DEVICE_BIG_ENDIAN:
2378 val = lduw_be_p(ptr);
2388 uint32_t lduw_phys(hwaddr addr)
2390 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2393 uint32_t lduw_le_phys(hwaddr addr)
2395 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2398 uint32_t lduw_be_phys(hwaddr addr)
2400 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2403 /* warning: addr must be aligned. The ram page is not masked as dirty
2404 and the code inside is not invalidated. It is useful if the dirty
2405 bits are used to track modified PTEs */
2406 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2413 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2415 if (l < 4 || !memory_access_is_direct(mr, true)) {
2416 io_mem_write(mr, addr1, val, 4);
2418 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2419 ptr = qemu_get_ram_ptr(addr1);
2422 if (unlikely(in_migration)) {
2423 if (!cpu_physical_memory_is_dirty(addr1)) {
2424 /* invalidate code */
2425 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2427 cpu_physical_memory_set_dirty_flags(
2428 addr1, (0xff & ~CODE_DIRTY_FLAG));
2434 /* warning: addr must be aligned */
2435 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2436 enum device_endian endian)
2443 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2445 if (l < 4 || !memory_access_is_direct(mr, true)) {
2446 #if defined(TARGET_WORDS_BIGENDIAN)
2447 if (endian == DEVICE_LITTLE_ENDIAN) {
2451 if (endian == DEVICE_BIG_ENDIAN) {
2455 io_mem_write(mr, addr1, val, 4);
2458 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2459 ptr = qemu_get_ram_ptr(addr1);
2461 case DEVICE_LITTLE_ENDIAN:
2464 case DEVICE_BIG_ENDIAN:
2471 invalidate_and_set_dirty(addr1, 4);
2475 void stl_phys(hwaddr addr, uint32_t val)
2477 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2480 void stl_le_phys(hwaddr addr, uint32_t val)
2482 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2485 void stl_be_phys(hwaddr addr, uint32_t val)
2487 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2491 void stb_phys(hwaddr addr, uint32_t val)
2494 cpu_physical_memory_write(addr, &v, 1);
2497 /* warning: addr must be aligned */
2498 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2499 enum device_endian endian)
2506 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2508 if (l < 2 || !memory_access_is_direct(mr, true)) {
2509 #if defined(TARGET_WORDS_BIGENDIAN)
2510 if (endian == DEVICE_LITTLE_ENDIAN) {
2514 if (endian == DEVICE_BIG_ENDIAN) {
2518 io_mem_write(mr, addr1, val, 2);
2521 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2522 ptr = qemu_get_ram_ptr(addr1);
2524 case DEVICE_LITTLE_ENDIAN:
2527 case DEVICE_BIG_ENDIAN:
2534 invalidate_and_set_dirty(addr1, 2);
2538 void stw_phys(hwaddr addr, uint32_t val)
2540 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2543 void stw_le_phys(hwaddr addr, uint32_t val)
2545 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2548 void stw_be_phys(hwaddr addr, uint32_t val)
2550 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2554 void stq_phys(hwaddr addr, uint64_t val)
2557 cpu_physical_memory_write(addr, &val, 8);
2560 void stq_le_phys(hwaddr addr, uint64_t val)
2562 val = cpu_to_le64(val);
2563 cpu_physical_memory_write(addr, &val, 8);
2566 void stq_be_phys(hwaddr addr, uint64_t val)
2568 val = cpu_to_be64(val);
2569 cpu_physical_memory_write(addr, &val, 8);
2572 /* virtual memory access for debug (includes writing to ROM) */
2573 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2574 uint8_t *buf, int len, int is_write)
2581 page = addr & TARGET_PAGE_MASK;
2582 phys_addr = cpu_get_phys_page_debug(env, page);
2583 /* if no physical page mapped, return an error */
2584 if (phys_addr == -1)
2586 l = (page + TARGET_PAGE_SIZE) - addr;
2589 phys_addr += (addr & ~TARGET_PAGE_MASK);
2591 cpu_physical_memory_write_rom(phys_addr, buf, l);
2593 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2602 #if !defined(CONFIG_USER_ONLY)
2605 * A helper function for the _utterly broken_ virtio device model to find out if
2606 * it's running on a big endian machine. Don't do this at home kids!
2608 bool virtio_is_big_endian(void);
2609 bool virtio_is_big_endian(void)
2611 #if defined(TARGET_WORDS_BIGENDIAN)
2620 #ifndef CONFIG_USER_ONLY
2621 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2626 mr = address_space_translate(&address_space_memory,
2627 phys_addr, &phys_addr, &l, false);
2629 return !(memory_region_is_ram(mr) ||
2630 memory_region_is_romd(mr));
projects / sdk / emulator / qemu.git / blob