4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
82 #if !defined(CONFIG_USER_ONLY)
84 typedef struct PhysPageEntry PhysPageEntry;
86 struct PhysPageEntry {
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
96 PhysPageEntry phys_map;
97 MemoryListener listener;
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
106 uint16_t sub_section[TARGET_PAGE_SIZE];
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
126 static MemoryRegion io_mem_watch;
129 #if !defined(CONFIG_USER_ONLY)
131 static void phys_map_node_reserve(unsigned nodes)
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
143 static uint16_t phys_map_node_alloc(void)
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
158 static void phys_map_nodes_reset(void)
160 phys_map_nodes_nb = 0;
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
176 for (i = 0; i < L2_SIZE; i++) {
178 p[i].ptr = phys_section_unassigned;
182 p = phys_map_nodes[lp->ptr];
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
211 PhysPageEntry lp = d->phys_map;
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
222 return &phys_sections[lp.ptr];
225 bool memory_region_is_unassigned(MemoryRegion *mr)
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
233 bool resolve_subpage)
235 MemoryRegionSection *section;
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
250 MemoryRegionSection *section;
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
269 return address_space_translate_internal(as, addr, xlat, plen, true)->mr;
272 MemoryRegionSection *
273 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
276 return address_space_translate_internal(as, addr, xlat, plen, false);
280 void cpu_exec_init_all(void)
282 #if !defined(CONFIG_USER_ONLY)
283 qemu_mutex_init(&ram_list.mutex);
289 #if !defined(CONFIG_USER_ONLY)
291 static int cpu_common_post_load(void *opaque, int version_id)
293 CPUState *cpu = opaque;
295 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
296 version_id is increased. */
297 cpu->interrupt_request &= ~0x01;
298 tlb_flush(cpu->env_ptr, 1);
303 static const VMStateDescription vmstate_cpu_common = {
304 .name = "cpu_common",
306 .minimum_version_id = 1,
307 .minimum_version_id_old = 1,
308 .post_load = cpu_common_post_load,
309 .fields = (VMStateField []) {
310 VMSTATE_UINT32(halted, CPUState),
311 VMSTATE_UINT32(interrupt_request, CPUState),
312 VMSTATE_END_OF_LIST()
316 #define vmstate_cpu_common vmstate_dummy
319 CPUState *qemu_get_cpu(int index)
321 CPUArchState *env = first_cpu;
322 CPUState *cpu = NULL;
325 cpu = ENV_GET_CPU(env);
326 if (cpu->cpu_index == index) {
332 return env ? cpu : NULL;
335 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
337 CPUArchState *env = first_cpu;
340 func(ENV_GET_CPU(env), data);
345 void cpu_exec_init(CPUArchState *env)
347 CPUState *cpu = ENV_GET_CPU(env);
348 CPUClass *cc = CPU_GET_CLASS(cpu);
352 #if defined(CONFIG_USER_ONLY)
355 env->next_cpu = NULL;
358 while (*penv != NULL) {
359 penv = &(*penv)->next_cpu;
362 cpu->cpu_index = cpu_index;
364 QTAILQ_INIT(&env->breakpoints);
365 QTAILQ_INIT(&env->watchpoints);
366 #ifndef CONFIG_USER_ONLY
367 cpu->thread_id = qemu_get_thread_id();
370 #if defined(CONFIG_USER_ONLY)
373 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
374 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
375 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
376 cpu_save, cpu_load, env);
377 assert(cc->vmsd == NULL);
379 if (cc->vmsd != NULL) {
380 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
384 #if defined(TARGET_HAS_ICE)
385 #if defined(CONFIG_USER_ONLY)
386 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
388 tb_invalidate_phys_page_range(pc, pc + 1, 0);
391 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
393 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
394 (pc & ~TARGET_PAGE_MASK));
397 #endif /* TARGET_HAS_ICE */
399 #if defined(CONFIG_USER_ONLY)
400 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
405 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
406 int flags, CPUWatchpoint **watchpoint)
411 /* Add a watchpoint. */
412 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
413 int flags, CPUWatchpoint **watchpoint)
415 target_ulong len_mask = ~(len - 1);
418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
419 if ((len & (len - 1)) || (addr & ~len_mask) ||
420 len == 0 || len > TARGET_PAGE_SIZE) {
421 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
422 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
425 wp = g_malloc(sizeof(*wp));
428 wp->len_mask = len_mask;
431 /* keep all GDB-injected watchpoints in front */
433 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
435 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
437 tlb_flush_page(env, addr);
444 /* Remove a specific watchpoint. */
445 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
448 target_ulong len_mask = ~(len - 1);
451 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
452 if (addr == wp->vaddr && len_mask == wp->len_mask
453 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
454 cpu_watchpoint_remove_by_ref(env, wp);
461 /* Remove a specific watchpoint by reference. */
462 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
464 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
466 tlb_flush_page(env, watchpoint->vaddr);
471 /* Remove all matching watchpoints. */
472 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
474 CPUWatchpoint *wp, *next;
476 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
477 if (wp->flags & mask)
478 cpu_watchpoint_remove_by_ref(env, wp);
483 /* Add a breakpoint. */
484 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
485 CPUBreakpoint **breakpoint)
487 #if defined(TARGET_HAS_ICE)
490 bp = g_malloc(sizeof(*bp));
495 /* keep all GDB-injected breakpoints in front */
497 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
499 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
501 breakpoint_invalidate(env, pc);
511 /* Remove a specific breakpoint. */
512 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
514 #if defined(TARGET_HAS_ICE)
517 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
518 if (bp->pc == pc && bp->flags == flags) {
519 cpu_breakpoint_remove_by_ref(env, bp);
529 /* Remove a specific breakpoint by reference. */
530 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
532 #if defined(TARGET_HAS_ICE)
533 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
535 breakpoint_invalidate(env, breakpoint->pc);
541 /* Remove all matching breakpoints. */
542 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
544 #if defined(TARGET_HAS_ICE)
545 CPUBreakpoint *bp, *next;
547 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
548 if (bp->flags & mask)
549 cpu_breakpoint_remove_by_ref(env, bp);
554 /* enable or disable single step mode. EXCP_DEBUG is returned by the
555 CPU loop after each instruction */
556 void cpu_single_step(CPUArchState *env, int enabled)
558 #if defined(TARGET_HAS_ICE)
559 if (env->singlestep_enabled != enabled) {
560 env->singlestep_enabled = enabled;
562 kvm_update_guest_debug(env, 0);
564 /* must flush all the translated code to avoid inconsistencies */
565 /* XXX: only flush what is necessary */
572 void cpu_exit(CPUArchState *env)
574 CPUState *cpu = ENV_GET_CPU(env);
576 cpu->exit_request = 1;
577 cpu->tcg_exit_req = 1;
580 void cpu_abort(CPUArchState *env, const char *fmt, ...)
587 fprintf(stderr, "qemu: fatal: ");
588 vfprintf(stderr, fmt, ap);
589 fprintf(stderr, "\n");
590 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
591 if (qemu_log_enabled()) {
592 qemu_log("qemu: fatal: ");
593 qemu_log_vprintf(fmt, ap2);
595 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
601 #if defined(CONFIG_USER_ONLY)
603 struct sigaction act;
604 sigfillset(&act.sa_mask);
605 act.sa_handler = SIG_DFL;
606 sigaction(SIGABRT, &act, NULL);
612 CPUArchState *cpu_copy(CPUArchState *env)
614 CPUArchState *new_env = cpu_init(env->cpu_model_str);
615 CPUArchState *next_cpu = new_env->next_cpu;
616 #if defined(TARGET_HAS_ICE)
621 memcpy(new_env, env, sizeof(CPUArchState));
623 /* Preserve chaining. */
624 new_env->next_cpu = next_cpu;
626 /* Clone all break/watchpoints.
627 Note: Once we support ptrace with hw-debug register access, make sure
628 BP_CPU break/watchpoints are handled correctly on clone. */
629 QTAILQ_INIT(&env->breakpoints);
630 QTAILQ_INIT(&env->watchpoints);
631 #if defined(TARGET_HAS_ICE)
632 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
633 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
635 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
636 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
644 #if !defined(CONFIG_USER_ONLY)
645 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
650 /* we modify the TLB cache so that the dirty bit will be set again
651 when accessing the range */
652 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
653 /* Check that we don't span multiple blocks - this breaks the
654 address comparisons below. */
655 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
656 != (end - 1) - start) {
659 cpu_tlb_reset_dirty_all(start1, length);
663 /* Note: start and end must be within the same ram block. */
664 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
669 start &= TARGET_PAGE_MASK;
670 end = TARGET_PAGE_ALIGN(end);
672 length = end - start;
675 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
678 tlb_reset_dirty_range_all(start, end, length);
682 static int cpu_physical_memory_set_dirty_tracking(int enable)
685 in_migration = enable;
689 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
690 MemoryRegionSection *section,
692 hwaddr paddr, hwaddr xlat,
694 target_ulong *address)
699 if (memory_region_is_ram(section->mr)) {
701 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
703 if (!section->readonly) {
704 iotlb |= phys_section_notdirty;
706 iotlb |= phys_section_rom;
709 iotlb = section - phys_sections;
713 /* Make accesses to pages with watchpoints go via the
714 watchpoint trap routines. */
715 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
716 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
717 /* Avoid trapping reads of pages with a write breakpoint. */
718 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
719 iotlb = phys_section_watch + paddr;
720 *address |= TLB_MMIO;
728 #endif /* defined(CONFIG_USER_ONLY) */
730 #if !defined(CONFIG_USER_ONLY)
732 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
734 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
735 static void destroy_page_desc(uint16_t section_index)
737 MemoryRegionSection *section = &phys_sections[section_index];
738 MemoryRegion *mr = section->mr;
741 subpage_t *subpage = container_of(mr, subpage_t, iomem);
742 memory_region_destroy(&subpage->iomem);
747 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
752 if (lp->ptr == PHYS_MAP_NODE_NIL) {
756 p = phys_map_nodes[lp->ptr];
757 for (i = 0; i < L2_SIZE; ++i) {
759 destroy_l2_mapping(&p[i], level - 1);
761 destroy_page_desc(p[i].ptr);
765 lp->ptr = PHYS_MAP_NODE_NIL;
768 static void destroy_all_mappings(AddressSpaceDispatch *d)
770 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
771 phys_map_nodes_reset();
774 static uint16_t phys_section_add(MemoryRegionSection *section)
776 /* The physical section number is ORed with a page-aligned
777 * pointer to produce the iotlb entries. Thus it should
778 * never overflow into the page-aligned value.
780 assert(phys_sections_nb < TARGET_PAGE_SIZE);
782 if (phys_sections_nb == phys_sections_nb_alloc) {
783 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
784 phys_sections = g_renew(MemoryRegionSection, phys_sections,
785 phys_sections_nb_alloc);
787 phys_sections[phys_sections_nb] = *section;
788 return phys_sections_nb++;
791 static void phys_sections_clear(void)
793 phys_sections_nb = 0;
796 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
799 hwaddr base = section->offset_within_address_space
801 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
802 MemoryRegionSection subsection = {
803 .offset_within_address_space = base,
804 .size = TARGET_PAGE_SIZE,
808 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
810 if (!(existing->mr->subpage)) {
811 subpage = subpage_init(d->as, base);
812 subsection.mr = &subpage->iomem;
813 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
814 phys_section_add(&subsection));
816 subpage = container_of(existing->mr, subpage_t, iomem);
818 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
819 end = start + section->size - 1;
820 subpage_register(subpage, start, end, phys_section_add(section));
824 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
826 hwaddr start_addr = section->offset_within_address_space;
827 ram_addr_t size = section->size;
829 uint16_t section_index = phys_section_add(section);
834 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
838 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
840 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
841 MemoryRegionSection now = *section, remain = *section;
843 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
844 || (now.size < TARGET_PAGE_SIZE)) {
845 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
846 - now.offset_within_address_space,
848 register_subpage(d, &now);
849 remain.size -= now.size;
850 remain.offset_within_address_space += now.size;
851 remain.offset_within_region += now.size;
853 while (remain.size >= TARGET_PAGE_SIZE) {
855 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
856 now.size = TARGET_PAGE_SIZE;
857 register_subpage(d, &now);
859 now.size &= TARGET_PAGE_MASK;
860 register_multipage(d, &now);
862 remain.size -= now.size;
863 remain.offset_within_address_space += now.size;
864 remain.offset_within_region += now.size;
868 register_subpage(d, &now);
872 void qemu_flush_coalesced_mmio_buffer(void)
875 kvm_flush_coalesced_mmio_buffer();
878 void qemu_mutex_lock_ramlist(void)
880 qemu_mutex_lock(&ram_list.mutex);
883 void qemu_mutex_unlock_ramlist(void)
885 qemu_mutex_unlock(&ram_list.mutex);
888 #if defined(__linux__) && !defined(TARGET_S390X)
892 #define HUGETLBFS_MAGIC 0x958458f6
894 static long gethugepagesize(const char *path)
900 ret = statfs(path, &fs);
901 } while (ret != 0 && errno == EINTR);
908 if (fs.f_type != HUGETLBFS_MAGIC)
909 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
914 static void *file_ram_alloc(RAMBlock *block,
919 char *sanitized_name;
926 unsigned long hpagesize;
928 hpagesize = gethugepagesize(path);
933 if (memory < hpagesize) {
937 if (kvm_enabled() && !kvm_has_sync_mmu()) {
938 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
942 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
943 sanitized_name = g_strdup(block->mr->name);
944 for (c = sanitized_name; *c != '\0'; c++) {
949 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
951 g_free(sanitized_name);
953 fd = mkstemp(filename);
955 perror("unable to create backing store for hugepages");
962 memory = (memory+hpagesize-1) & ~(hpagesize-1);
965 * ftruncate is not supported by hugetlbfs in older
966 * hosts, so don't bother bailing out on errors.
967 * If anything goes wrong with it under other filesystems,
970 if (ftruncate(fd, memory))
974 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
975 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
976 * to sidestep this quirk.
978 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
979 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
981 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
983 if (area == MAP_FAILED) {
984 perror("file_ram_alloc: can't mmap RAM pages");
993 static ram_addr_t find_ram_offset(ram_addr_t size)
995 RAMBlock *block, *next_block;
996 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
998 assert(size != 0); /* it would hand out same offset multiple times */
1000 if (QTAILQ_EMPTY(&ram_list.blocks))
1003 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1004 ram_addr_t end, next = RAM_ADDR_MAX;
1006 end = block->offset + block->length;
1008 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1009 if (next_block->offset >= end) {
1010 next = MIN(next, next_block->offset);
1013 if (next - end >= size && next - end < mingap) {
1015 mingap = next - end;
1019 if (offset == RAM_ADDR_MAX) {
1020 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1028 ram_addr_t last_ram_offset(void)
1031 ram_addr_t last = 0;
1033 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1034 last = MAX(last, block->offset + block->length);
1039 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1042 QemuOpts *machine_opts;
1044 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1045 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1047 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1048 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1050 perror("qemu_madvise");
1051 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1052 "but dump_guest_core=off specified\n");
1057 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1059 RAMBlock *new_block, *block;
1062 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1063 if (block->offset == addr) {
1069 assert(!new_block->idstr[0]);
1072 char *id = qdev_get_dev_path(dev);
1074 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1078 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1080 /* This assumes the iothread lock is taken here too. */
1081 qemu_mutex_lock_ramlist();
1082 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1083 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1084 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1089 qemu_mutex_unlock_ramlist();
1092 static int memory_try_enable_merging(void *addr, size_t len)
1096 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1097 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1098 /* disabled by the user */
1102 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1105 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1108 RAMBlock *block, *new_block;
1110 size = TARGET_PAGE_ALIGN(size);
1111 new_block = g_malloc0(sizeof(*new_block));
1113 /* This assumes the iothread lock is taken here too. */
1114 qemu_mutex_lock_ramlist();
1116 new_block->offset = find_ram_offset(size);
1118 new_block->host = host;
1119 new_block->flags |= RAM_PREALLOC_MASK;
1122 #if defined (__linux__) && !defined(TARGET_S390X)
1123 new_block->host = file_ram_alloc(new_block, size, mem_path);
1124 if (!new_block->host) {
1125 new_block->host = qemu_anon_ram_alloc(size);
1126 memory_try_enable_merging(new_block->host, size);
1129 fprintf(stderr, "-mem-path option unsupported\n");
1133 if (xen_enabled()) {
1134 xen_ram_alloc(new_block->offset, size, mr);
1135 } else if (kvm_enabled()) {
1136 /* some s390/kvm configurations have special constraints */
1137 new_block->host = kvm_ram_alloc(size);
1139 new_block->host = qemu_anon_ram_alloc(size);
1141 memory_try_enable_merging(new_block->host, size);
1144 new_block->length = size;
1146 /* Keep the list sorted from biggest to smallest block. */
1147 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1148 if (block->length < new_block->length) {
1153 QTAILQ_INSERT_BEFORE(block, new_block, next);
1155 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1157 ram_list.mru_block = NULL;
1160 qemu_mutex_unlock_ramlist();
1162 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1163 last_ram_offset() >> TARGET_PAGE_BITS);
1164 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1165 0, size >> TARGET_PAGE_BITS);
1166 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1168 qemu_ram_setup_dump(new_block->host, size);
1169 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1172 kvm_setup_guest_memory(new_block->host, size);
1174 return new_block->offset;
1177 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1179 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1182 void qemu_ram_free_from_ptr(ram_addr_t addr)
1186 /* This assumes the iothread lock is taken here too. */
1187 qemu_mutex_lock_ramlist();
1188 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1189 if (addr == block->offset) {
1190 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1191 ram_list.mru_block = NULL;
1197 qemu_mutex_unlock_ramlist();
1200 void qemu_ram_free(ram_addr_t addr)
1204 /* This assumes the iothread lock is taken here too. */
1205 qemu_mutex_lock_ramlist();
1206 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1207 if (addr == block->offset) {
1208 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1209 ram_list.mru_block = NULL;
1211 if (block->flags & RAM_PREALLOC_MASK) {
1213 } else if (mem_path) {
1214 #if defined (__linux__) && !defined(TARGET_S390X)
1216 munmap(block->host, block->length);
1219 qemu_anon_ram_free(block->host, block->length);
1225 if (xen_enabled()) {
1226 xen_invalidate_map_cache_entry(block->host);
1228 qemu_anon_ram_free(block->host, block->length);
1235 qemu_mutex_unlock_ramlist();
1240 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1247 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1248 offset = addr - block->offset;
1249 if (offset < block->length) {
1250 vaddr = block->host + offset;
1251 if (block->flags & RAM_PREALLOC_MASK) {
1255 munmap(vaddr, length);
1257 #if defined(__linux__) && !defined(TARGET_S390X)
1260 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1263 flags |= MAP_PRIVATE;
1265 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1266 flags, block->fd, offset);
1268 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1269 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1276 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1277 flags |= MAP_SHARED | MAP_ANONYMOUS;
1278 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1281 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1282 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1286 if (area != vaddr) {
1287 fprintf(stderr, "Could not remap addr: "
1288 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1292 memory_try_enable_merging(vaddr, length);
1293 qemu_ram_setup_dump(vaddr, length);
1299 #endif /* !_WIN32 */
1301 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1302 With the exception of the softmmu code in this file, this should
1303 only be used for local memory (e.g. video ram) that the device owns,
1304 and knows it isn't going to access beyond the end of the block.
1306 It should not be used for general purpose DMA.
1307 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1309 void *qemu_get_ram_ptr(ram_addr_t addr)
1313 /* The list is protected by the iothread lock here. */
1314 block = ram_list.mru_block;
1315 if (block && addr - block->offset < block->length) {
1318 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1319 if (addr - block->offset < block->length) {
1324 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1328 ram_list.mru_block = block;
1329 if (xen_enabled()) {
1330 /* We need to check if the requested address is in the RAM
1331 * because we don't want to map the entire memory in QEMU.
1332 * In that case just map until the end of the page.
1334 if (block->offset == 0) {
1335 return xen_map_cache(addr, 0, 0);
1336 } else if (block->host == NULL) {
1338 xen_map_cache(block->offset, block->length, 1);
1341 return block->host + (addr - block->offset);
1344 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1345 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1347 * ??? Is this still necessary?
1349 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1353 /* The list is protected by the iothread lock here. */
1354 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1355 if (addr - block->offset < block->length) {
1356 if (xen_enabled()) {
1357 /* We need to check if the requested address is in the RAM
1358 * because we don't want to map the entire memory in QEMU.
1359 * In that case just map until the end of the page.
1361 if (block->offset == 0) {
1362 return xen_map_cache(addr, 0, 0);
1363 } else if (block->host == NULL) {
1365 xen_map_cache(block->offset, block->length, 1);
1368 return block->host + (addr - block->offset);
1372 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1378 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1379 * but takes a size argument */
1380 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1385 if (xen_enabled()) {
1386 return xen_map_cache(addr, *size, 1);
1390 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1391 if (addr - block->offset < block->length) {
1392 if (addr - block->offset + *size > block->length)
1393 *size = block->length - addr + block->offset;
1394 return block->host + (addr - block->offset);
1398 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1403 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1406 uint8_t *host = ptr;
1408 if (xen_enabled()) {
1409 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1413 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1414 /* This case append when the block is not mapped. */
1415 if (block->host == NULL) {
1418 if (host - block->host < block->length) {
1419 *ram_addr = block->offset + (host - block->host);
1427 /* Some of the softmmu routines need to translate from a host pointer
1428 (typically a TLB entry) back to a ram offset. */
1429 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1431 ram_addr_t ram_addr;
1433 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1434 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1440 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1441 uint64_t val, unsigned size)
1444 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1445 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1446 tb_invalidate_phys_page_fast(ram_addr, size);
1447 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1451 stb_p(qemu_get_ram_ptr(ram_addr), val);
1454 stw_p(qemu_get_ram_ptr(ram_addr), val);
1457 stl_p(qemu_get_ram_ptr(ram_addr), val);
1462 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1463 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1464 /* we remove the notdirty callback only if the code has been
1466 if (dirty_flags == 0xff)
1467 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1470 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1471 unsigned size, bool is_write)
1476 static const MemoryRegionOps notdirty_mem_ops = {
1477 .write = notdirty_mem_write,
1478 .valid.accepts = notdirty_mem_accepts,
1479 .endianness = DEVICE_NATIVE_ENDIAN,
1482 /* Generate a debug exception if a watchpoint has been hit. */
1483 static void check_watchpoint(int offset, int len_mask, int flags)
1485 CPUArchState *env = cpu_single_env;
1486 target_ulong pc, cs_base;
1491 if (env->watchpoint_hit) {
1492 /* We re-entered the check after replacing the TB. Now raise
1493 * the debug interrupt so that is will trigger after the
1494 * current instruction. */
1495 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1498 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1499 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1500 if ((vaddr == (wp->vaddr & len_mask) ||
1501 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1502 wp->flags |= BP_WATCHPOINT_HIT;
1503 if (!env->watchpoint_hit) {
1504 env->watchpoint_hit = wp;
1505 tb_check_watchpoint(env);
1506 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1507 env->exception_index = EXCP_DEBUG;
1510 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1511 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1512 cpu_resume_from_signal(env, NULL);
1516 wp->flags &= ~BP_WATCHPOINT_HIT;
1521 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1522 so these check for a hit then pass through to the normal out-of-line
1524 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1527 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1529 case 1: return ldub_phys(addr);
1530 case 2: return lduw_phys(addr);
1531 case 4: return ldl_phys(addr);
1536 static void watch_mem_write(void *opaque, hwaddr addr,
1537 uint64_t val, unsigned size)
1539 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1542 stb_phys(addr, val);
1545 stw_phys(addr, val);
1548 stl_phys(addr, val);
1554 static const MemoryRegionOps watch_mem_ops = {
1555 .read = watch_mem_read,
1556 .write = watch_mem_write,
1557 .endianness = DEVICE_NATIVE_ENDIAN,
1560 static uint64_t subpage_read(void *opaque, hwaddr addr,
1563 subpage_t *subpage = opaque;
1566 #if defined(DEBUG_SUBPAGE)
1567 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1568 subpage, len, addr);
1570 address_space_read(subpage->as, addr + subpage->base, buf, len);
1583 static void subpage_write(void *opaque, hwaddr addr,
1584 uint64_t value, unsigned len)
1586 subpage_t *subpage = opaque;
1589 #if defined(DEBUG_SUBPAGE)
1590 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1591 " value %"PRIx64"\n",
1592 __func__, subpage, len, addr, value);
1607 address_space_write(subpage->as, addr + subpage->base, buf, len);
1610 static bool subpage_accepts(void *opaque, hwaddr addr,
1611 unsigned size, bool is_write)
1613 subpage_t *subpage = opaque;
1614 #if defined(DEBUG_SUBPAGE)
1615 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1616 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1619 return address_space_access_valid(subpage->as, addr + subpage->base,
1623 static const MemoryRegionOps subpage_ops = {
1624 .read = subpage_read,
1625 .write = subpage_write,
1626 .valid.accepts = subpage_accepts,
1627 .endianness = DEVICE_NATIVE_ENDIAN,
1630 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1635 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1637 idx = SUBPAGE_IDX(start);
1638 eidx = SUBPAGE_IDX(end);
1639 #if defined(DEBUG_SUBPAGE)
1640 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1641 mmio, start, end, idx, eidx, memory);
1643 for (; idx <= eidx; idx++) {
1644 mmio->sub_section[idx] = section;
1650 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1654 mmio = g_malloc0(sizeof(subpage_t));
1658 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1659 "subpage", TARGET_PAGE_SIZE);
1660 mmio->iomem.subpage = true;
1661 #if defined(DEBUG_SUBPAGE)
1662 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1663 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1665 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1670 static uint16_t dummy_section(MemoryRegion *mr)
1672 MemoryRegionSection section = {
1674 .offset_within_address_space = 0,
1675 .offset_within_region = 0,
1679 return phys_section_add(§ion);
1682 MemoryRegion *iotlb_to_region(hwaddr index)
1684 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1687 static void io_mem_init(void)
1689 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1690 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1691 "unassigned", UINT64_MAX);
1692 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1693 "notdirty", UINT64_MAX);
1694 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1695 "watch", UINT64_MAX);
1698 static void mem_begin(MemoryListener *listener)
1700 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1702 destroy_all_mappings(d);
1703 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1706 static void core_begin(MemoryListener *listener)
1708 phys_sections_clear();
1709 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1710 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1711 phys_section_rom = dummy_section(&io_mem_rom);
1712 phys_section_watch = dummy_section(&io_mem_watch);
1715 static void tcg_commit(MemoryListener *listener)
1719 /* since each CPU stores ram addresses in its TLB cache, we must
1720 reset the modified entries */
1722 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1727 static void core_log_global_start(MemoryListener *listener)
1729 cpu_physical_memory_set_dirty_tracking(1);
1732 static void core_log_global_stop(MemoryListener *listener)
1734 cpu_physical_memory_set_dirty_tracking(0);
1737 static void io_region_add(MemoryListener *listener,
1738 MemoryRegionSection *section)
1740 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1742 mrio->mr = section->mr;
1743 mrio->offset = section->offset_within_region;
1744 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1745 section->offset_within_address_space, section->size);
1746 ioport_register(&mrio->iorange);
1749 static void io_region_del(MemoryListener *listener,
1750 MemoryRegionSection *section)
1752 isa_unassign_ioport(section->offset_within_address_space, section->size);
1755 static MemoryListener core_memory_listener = {
1756 .begin = core_begin,
1757 .log_global_start = core_log_global_start,
1758 .log_global_stop = core_log_global_stop,
1762 static MemoryListener io_memory_listener = {
1763 .region_add = io_region_add,
1764 .region_del = io_region_del,
1768 static MemoryListener tcg_memory_listener = {
1769 .commit = tcg_commit,
1772 void address_space_init_dispatch(AddressSpace *as)
1774 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1776 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1777 d->listener = (MemoryListener) {
1779 .region_add = mem_add,
1780 .region_nop = mem_add,
1785 memory_listener_register(&d->listener, as);
1788 void address_space_destroy_dispatch(AddressSpace *as)
1790 AddressSpaceDispatch *d = as->dispatch;
1792 memory_listener_unregister(&d->listener);
1793 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1795 as->dispatch = NULL;
1798 static void memory_map_init(void)
1800 system_memory = g_malloc(sizeof(*system_memory));
1801 memory_region_init(system_memory, "system", INT64_MAX);
1802 address_space_init(&address_space_memory, system_memory);
1803 address_space_memory.name = "memory";
1805 system_io = g_malloc(sizeof(*system_io));
1806 memory_region_init(system_io, "io", 65536);
1807 address_space_init(&address_space_io, system_io);
1808 address_space_io.name = "I/O";
1810 memory_listener_register(&core_memory_listener, &address_space_memory);
1811 memory_listener_register(&io_memory_listener, &address_space_io);
1812 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1814 dma_context_init(&dma_context_memory, &address_space_memory,
1818 MemoryRegion *get_system_memory(void)
1820 return system_memory;
1823 MemoryRegion *get_system_io(void)
1828 #endif /* !defined(CONFIG_USER_ONLY) */
1830 /* physical memory access (slow version, mainly for debug) */
1831 #if defined(CONFIG_USER_ONLY)
1832 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1833 uint8_t *buf, int len, int is_write)
1840 page = addr & TARGET_PAGE_MASK;
1841 l = (page + TARGET_PAGE_SIZE) - addr;
1844 flags = page_get_flags(page);
1845 if (!(flags & PAGE_VALID))
1848 if (!(flags & PAGE_WRITE))
1850 /* XXX: this code should not depend on lock_user */
1851 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1854 unlock_user(p, addr, l);
1856 if (!(flags & PAGE_READ))
1858 /* XXX: this code should not depend on lock_user */
1859 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1862 unlock_user(p, addr, 0);
1873 static void invalidate_and_set_dirty(hwaddr addr,
1876 if (!cpu_physical_memory_is_dirty(addr)) {
1877 /* invalidate code */
1878 tb_invalidate_phys_page_range(addr, addr + length, 0);
1880 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1882 xen_modified_memory(addr, length);
1885 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1887 if (memory_region_is_ram(mr)) {
1888 return !(is_write && mr->readonly);
1890 if (memory_region_is_romd(mr)) {
1897 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1899 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1902 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1908 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1909 int len, bool is_write)
1920 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1923 if (!memory_access_is_direct(mr, is_write)) {
1924 l = memory_access_size(mr, l, addr1);
1925 /* XXX: could force cpu_single_env to NULL to avoid
1928 /* 32 bit write access */
1930 error |= io_mem_write(mr, addr1, val, 4);
1931 } else if (l == 2) {
1932 /* 16 bit write access */
1934 error |= io_mem_write(mr, addr1, val, 2);
1936 /* 8 bit write access */
1938 error |= io_mem_write(mr, addr1, val, 1);
1941 addr1 += memory_region_get_ram_addr(mr);
1943 ptr = qemu_get_ram_ptr(addr1);
1944 memcpy(ptr, buf, l);
1945 invalidate_and_set_dirty(addr1, l);
1948 if (!memory_access_is_direct(mr, is_write)) {
1950 l = memory_access_size(mr, l, addr1);
1952 /* 32 bit read access */
1953 error |= io_mem_read(mr, addr1, &val, 4);
1955 } else if (l == 2) {
1956 /* 16 bit read access */
1957 error |= io_mem_read(mr, addr1, &val, 2);
1960 /* 8 bit read access */
1961 error |= io_mem_read(mr, addr1, &val, 1);
1966 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1967 memcpy(buf, ptr, l);
1978 bool address_space_write(AddressSpace *as, hwaddr addr,
1979 const uint8_t *buf, int len)
1981 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1984 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1986 return address_space_rw(as, addr, buf, len, false);
1990 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1991 int len, int is_write)
1993 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1996 /* used for ROM loading : can write in RAM and ROM */
1997 void cpu_physical_memory_write_rom(hwaddr addr,
1998 const uint8_t *buf, int len)
2007 mr = address_space_translate(&address_space_memory,
2008 addr, &addr1, &l, true);
2010 if (!(memory_region_is_ram(mr) ||
2011 memory_region_is_romd(mr))) {
2014 addr1 += memory_region_get_ram_addr(mr);
2016 ptr = qemu_get_ram_ptr(addr1);
2017 memcpy(ptr, buf, l);
2018 invalidate_and_set_dirty(addr1, l);
2032 static BounceBuffer bounce;
2034 typedef struct MapClient {
2036 void (*callback)(void *opaque);
2037 QLIST_ENTRY(MapClient) link;
2040 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2041 = QLIST_HEAD_INITIALIZER(map_client_list);
2043 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2045 MapClient *client = g_malloc(sizeof(*client));
2047 client->opaque = opaque;
2048 client->callback = callback;
2049 QLIST_INSERT_HEAD(&map_client_list, client, link);
2053 static void cpu_unregister_map_client(void *_client)
2055 MapClient *client = (MapClient *)_client;
2057 QLIST_REMOVE(client, link);
2061 static void cpu_notify_map_clients(void)
2065 while (!QLIST_EMPTY(&map_client_list)) {
2066 client = QLIST_FIRST(&map_client_list);
2067 client->callback(client->opaque);
2068 cpu_unregister_map_client(client);
2072 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2079 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2080 if (!memory_access_is_direct(mr, is_write)) {
2081 l = memory_access_size(mr, l, addr);
2082 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2093 /* Map a physical memory region into a host virtual address.
2094 * May map a subset of the requested range, given by and returned in *plen.
2095 * May return NULL if resources needed to perform the mapping are exhausted.
2096 * Use only for reads OR writes - not for read-modify-write operations.
2097 * Use cpu_register_map_client() to know when retrying the map operation is
2098 * likely to succeed.
2100 void *address_space_map(AddressSpace *as,
2109 ram_addr_t raddr = RAM_ADDR_MAX;
2115 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2117 if (!memory_access_is_direct(mr, is_write)) {
2118 if (todo || bounce.buffer) {
2121 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2125 address_space_read(as, addr, bounce.buffer, l);
2129 return bounce.buffer;
2132 raddr = memory_region_get_ram_addr(mr) + xlat;
2134 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2144 ret = qemu_ram_ptr_length(raddr, &rlen);
2149 /* Unmaps a memory region previously mapped by address_space_map().
2150 * Will also mark the memory as dirty if is_write == 1. access_len gives
2151 * the amount of memory that was actually read or written by the caller.
2153 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2154 int is_write, hwaddr access_len)
2156 if (buffer != bounce.buffer) {
2158 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2159 while (access_len) {
2161 l = TARGET_PAGE_SIZE;
2164 invalidate_and_set_dirty(addr1, l);
2169 if (xen_enabled()) {
2170 xen_invalidate_map_cache_entry(buffer);
2175 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2177 qemu_vfree(bounce.buffer);
2178 bounce.buffer = NULL;
2179 cpu_notify_map_clients();
2182 void *cpu_physical_memory_map(hwaddr addr,
2186 return address_space_map(&address_space_memory, addr, plen, is_write);
2189 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2190 int is_write, hwaddr access_len)
2192 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2195 /* warning: addr must be aligned */
2196 static inline uint32_t ldl_phys_internal(hwaddr addr,
2197 enum device_endian endian)
2205 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2207 if (l < 4 || !memory_access_is_direct(mr, false)) {
2209 io_mem_read(mr, addr1, &val, 4);
2210 #if defined(TARGET_WORDS_BIGENDIAN)
2211 if (endian == DEVICE_LITTLE_ENDIAN) {
2215 if (endian == DEVICE_BIG_ENDIAN) {
2221 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2225 case DEVICE_LITTLE_ENDIAN:
2226 val = ldl_le_p(ptr);
2228 case DEVICE_BIG_ENDIAN:
2229 val = ldl_be_p(ptr);
2239 uint32_t ldl_phys(hwaddr addr)
2241 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2244 uint32_t ldl_le_phys(hwaddr addr)
2246 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2249 uint32_t ldl_be_phys(hwaddr addr)
2251 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2254 /* warning: addr must be aligned */
2255 static inline uint64_t ldq_phys_internal(hwaddr addr,
2256 enum device_endian endian)
2264 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2266 if (l < 8 || !memory_access_is_direct(mr, false)) {
2268 io_mem_read(mr, addr1, &val, 8);
2269 #if defined(TARGET_WORDS_BIGENDIAN)
2270 if (endian == DEVICE_LITTLE_ENDIAN) {
2274 if (endian == DEVICE_BIG_ENDIAN) {
2280 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2284 case DEVICE_LITTLE_ENDIAN:
2285 val = ldq_le_p(ptr);
2287 case DEVICE_BIG_ENDIAN:
2288 val = ldq_be_p(ptr);
2298 uint64_t ldq_phys(hwaddr addr)
2300 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2303 uint64_t ldq_le_phys(hwaddr addr)
2305 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2308 uint64_t ldq_be_phys(hwaddr addr)
2310 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2314 uint32_t ldub_phys(hwaddr addr)
2317 cpu_physical_memory_read(addr, &val, 1);
2321 /* warning: addr must be aligned */
2322 static inline uint32_t lduw_phys_internal(hwaddr addr,
2323 enum device_endian endian)
2331 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2333 if (l < 2 || !memory_access_is_direct(mr, false)) {
2335 io_mem_read(mr, addr1, &val, 2);
2336 #if defined(TARGET_WORDS_BIGENDIAN)
2337 if (endian == DEVICE_LITTLE_ENDIAN) {
2341 if (endian == DEVICE_BIG_ENDIAN) {
2347 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2351 case DEVICE_LITTLE_ENDIAN:
2352 val = lduw_le_p(ptr);
2354 case DEVICE_BIG_ENDIAN:
2355 val = lduw_be_p(ptr);
2365 uint32_t lduw_phys(hwaddr addr)
2367 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2370 uint32_t lduw_le_phys(hwaddr addr)
2372 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2375 uint32_t lduw_be_phys(hwaddr addr)
2377 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2380 /* warning: addr must be aligned. The ram page is not masked as dirty
2381 and the code inside is not invalidated. It is useful if the dirty
2382 bits are used to track modified PTEs */
2383 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2390 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2392 if (l < 4 || !memory_access_is_direct(mr, true)) {
2393 io_mem_write(mr, addr1, val, 4);
2395 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2396 ptr = qemu_get_ram_ptr(addr1);
2399 if (unlikely(in_migration)) {
2400 if (!cpu_physical_memory_is_dirty(addr1)) {
2401 /* invalidate code */
2402 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2404 cpu_physical_memory_set_dirty_flags(
2405 addr1, (0xff & ~CODE_DIRTY_FLAG));
2411 /* warning: addr must be aligned */
2412 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2413 enum device_endian endian)
2420 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2422 if (l < 4 || !memory_access_is_direct(mr, true)) {
2423 #if defined(TARGET_WORDS_BIGENDIAN)
2424 if (endian == DEVICE_LITTLE_ENDIAN) {
2428 if (endian == DEVICE_BIG_ENDIAN) {
2432 io_mem_write(mr, addr1, val, 4);
2435 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2436 ptr = qemu_get_ram_ptr(addr1);
2438 case DEVICE_LITTLE_ENDIAN:
2441 case DEVICE_BIG_ENDIAN:
2448 invalidate_and_set_dirty(addr1, 4);
2452 void stl_phys(hwaddr addr, uint32_t val)
2454 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2457 void stl_le_phys(hwaddr addr, uint32_t val)
2459 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2462 void stl_be_phys(hwaddr addr, uint32_t val)
2464 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2468 void stb_phys(hwaddr addr, uint32_t val)
2471 cpu_physical_memory_write(addr, &v, 1);
2474 /* warning: addr must be aligned */
2475 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2476 enum device_endian endian)
2483 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2485 if (l < 2 || !memory_access_is_direct(mr, true)) {
2486 #if defined(TARGET_WORDS_BIGENDIAN)
2487 if (endian == DEVICE_LITTLE_ENDIAN) {
2491 if (endian == DEVICE_BIG_ENDIAN) {
2495 io_mem_write(mr, addr1, val, 2);
2498 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2499 ptr = qemu_get_ram_ptr(addr1);
2501 case DEVICE_LITTLE_ENDIAN:
2504 case DEVICE_BIG_ENDIAN:
2511 invalidate_and_set_dirty(addr1, 2);
2515 void stw_phys(hwaddr addr, uint32_t val)
2517 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2520 void stw_le_phys(hwaddr addr, uint32_t val)
2522 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2525 void stw_be_phys(hwaddr addr, uint32_t val)
2527 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2531 void stq_phys(hwaddr addr, uint64_t val)
2534 cpu_physical_memory_write(addr, &val, 8);
2537 void stq_le_phys(hwaddr addr, uint64_t val)
2539 val = cpu_to_le64(val);
2540 cpu_physical_memory_write(addr, &val, 8);
2543 void stq_be_phys(hwaddr addr, uint64_t val)
2545 val = cpu_to_be64(val);
2546 cpu_physical_memory_write(addr, &val, 8);
2549 /* virtual memory access for debug (includes writing to ROM) */
2550 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2551 uint8_t *buf, int len, int is_write)
2558 page = addr & TARGET_PAGE_MASK;
2559 phys_addr = cpu_get_phys_page_debug(env, page);
2560 /* if no physical page mapped, return an error */
2561 if (phys_addr == -1)
2563 l = (page + TARGET_PAGE_SIZE) - addr;
2566 phys_addr += (addr & ~TARGET_PAGE_MASK);
2568 cpu_physical_memory_write_rom(phys_addr, buf, l);
2570 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2579 #if !defined(CONFIG_USER_ONLY)
2582 * A helper function for the _utterly broken_ virtio device model to find out if
2583 * it's running on a big endian machine. Don't do this at home kids!
2585 bool virtio_is_big_endian(void);
2586 bool virtio_is_big_endian(void)
2588 #if defined(TARGET_WORDS_BIGENDIAN)
2597 #ifndef CONFIG_USER_ONLY
2598 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2603 mr = address_space_translate(&address_space_memory,
2604 phys_addr, &phys_addr, &l, false);
2606 return !(memory_region_is_ram(mr) ||
2607 memory_region_is_romd(mr));
projects / sdk / emulator / qemu.git / blob