4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 struct AddressSpaceDispatch {
92 /* This is a multi-level map on the physical address space.
93 * The bottom level has pointers to MemoryRegionSections.
95 PhysPageEntry phys_map;
96 MemoryListener listener;
100 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
101 typedef struct subpage_t {
105 uint16_t sub_section[TARGET_PAGE_SIZE];
108 static MemoryRegionSection *phys_sections;
109 static unsigned phys_sections_nb, phys_sections_nb_alloc;
110 static uint16_t phys_section_unassigned;
111 static uint16_t phys_section_notdirty;
112 static uint16_t phys_section_rom;
113 static uint16_t phys_section_watch;
115 /* Simple allocator for PhysPageEntry nodes */
116 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
117 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121 static void io_mem_init(void);
122 static void memory_map_init(void);
123 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125 static MemoryRegion io_mem_watch;
128 #if !defined(CONFIG_USER_ONLY)
130 static void phys_map_node_reserve(unsigned nodes)
132 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
133 typedef PhysPageEntry Node[L2_SIZE];
134 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
136 phys_map_nodes_nb + nodes);
137 phys_map_nodes = g_renew(Node, phys_map_nodes,
138 phys_map_nodes_nb_alloc);
142 static uint16_t phys_map_node_alloc(void)
147 ret = phys_map_nodes_nb++;
148 assert(ret != PHYS_MAP_NODE_NIL);
149 assert(ret != phys_map_nodes_nb_alloc);
150 for (i = 0; i < L2_SIZE; ++i) {
151 phys_map_nodes[ret][i].is_leaf = 0;
152 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
157 static void phys_map_nodes_reset(void)
159 phys_map_nodes_nb = 0;
163 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
164 hwaddr *nb, uint16_t leaf,
169 hwaddr step = (hwaddr)1 << (level * L2_BITS);
171 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
172 lp->ptr = phys_map_node_alloc();
173 p = phys_map_nodes[lp->ptr];
175 for (i = 0; i < L2_SIZE; i++) {
177 p[i].ptr = phys_section_unassigned;
181 p = phys_map_nodes[lp->ptr];
183 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
185 while (*nb && lp < &p[L2_SIZE]) {
186 if ((*index & (step - 1)) == 0 && *nb >= step) {
192 phys_page_set_level(lp, index, nb, leaf, level - 1);
198 static void phys_page_set(AddressSpaceDispatch *d,
199 hwaddr index, hwaddr nb,
202 /* Wildly overreserve - it doesn't matter much. */
203 phys_map_node_reserve(3 * P_L2_LEVELS);
205 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
208 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
210 PhysPageEntry lp = d->phys_map;
214 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
215 if (lp.ptr == PHYS_MAP_NODE_NIL) {
216 return &phys_sections[phys_section_unassigned];
218 p = phys_map_nodes[lp.ptr];
219 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
221 return &phys_sections[lp.ptr];
224 bool memory_region_is_unassigned(MemoryRegion *mr)
226 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
227 && mr != &io_mem_watch;
230 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
232 bool resolve_subpage)
234 MemoryRegionSection *section;
237 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
238 if (resolve_subpage && section->mr->subpage) {
239 subpage = container_of(section->mr, subpage_t, iomem);
240 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
245 static MemoryRegionSection *
246 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
247 hwaddr *plen, bool resolve_subpage)
249 MemoryRegionSection *section;
252 section = address_space_lookup_region(as, addr, resolve_subpage);
253 /* Compute offset within MemoryRegionSection */
254 addr -= section->offset_within_address_space;
256 /* Compute offset within MemoryRegion */
257 *xlat = addr + section->offset_within_region;
259 diff = int128_sub(section->mr->size, int128_make64(addr));
260 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
264 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
265 hwaddr *xlat, hwaddr *plen,
269 MemoryRegionSection *section;
274 section = address_space_translate_internal(as, addr, &addr, plen, true);
277 if (!mr->iommu_ops) {
281 iotlb = mr->iommu_ops->translate(mr, addr);
282 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
283 | (addr & iotlb.addr_mask));
284 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
285 if (!(iotlb.perm & (1 << is_write))) {
286 mr = &io_mem_unassigned;
290 as = iotlb.target_as;
298 MemoryRegionSection *
299 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
302 MemoryRegionSection *section;
303 section = address_space_translate_internal(as, addr, xlat, plen, false);
305 assert(!section->mr->iommu_ops);
310 void cpu_exec_init_all(void)
312 #if !defined(CONFIG_USER_ONLY)
313 qemu_mutex_init(&ram_list.mutex);
319 #if !defined(CONFIG_USER_ONLY)
321 static int cpu_common_post_load(void *opaque, int version_id)
323 CPUState *cpu = opaque;
325 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
326 version_id is increased. */
327 cpu->interrupt_request &= ~0x01;
328 tlb_flush(cpu->env_ptr, 1);
333 const VMStateDescription vmstate_cpu_common = {
334 .name = "cpu_common",
336 .minimum_version_id = 1,
337 .minimum_version_id_old = 1,
338 .post_load = cpu_common_post_load,
339 .fields = (VMStateField []) {
340 VMSTATE_UINT32(halted, CPUState),
341 VMSTATE_UINT32(interrupt_request, CPUState),
342 VMSTATE_END_OF_LIST()
348 CPUState *qemu_get_cpu(int index)
350 CPUArchState *env = first_cpu;
351 CPUState *cpu = NULL;
354 cpu = ENV_GET_CPU(env);
355 if (cpu->cpu_index == index) {
361 return env ? cpu : NULL;
364 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
366 CPUArchState *env = first_cpu;
369 func(ENV_GET_CPU(env), data);
374 void cpu_exec_init(CPUArchState *env)
376 CPUState *cpu = ENV_GET_CPU(env);
377 CPUClass *cc = CPU_GET_CLASS(cpu);
381 #if defined(CONFIG_USER_ONLY)
384 env->next_cpu = NULL;
387 while (*penv != NULL) {
388 penv = &(*penv)->next_cpu;
391 cpu->cpu_index = cpu_index;
393 QTAILQ_INIT(&env->breakpoints);
394 QTAILQ_INIT(&env->watchpoints);
395 #ifndef CONFIG_USER_ONLY
396 cpu->thread_id = qemu_get_thread_id();
399 #if defined(CONFIG_USER_ONLY)
402 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
403 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
404 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
405 cpu_save, cpu_load, env);
406 assert(cc->vmsd == NULL);
408 if (cc->vmsd != NULL) {
409 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
413 #if defined(TARGET_HAS_ICE)
414 #if defined(CONFIG_USER_ONLY)
415 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
417 tb_invalidate_phys_page_range(pc, pc + 1, 0);
420 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
422 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
423 (pc & ~TARGET_PAGE_MASK));
426 #endif /* TARGET_HAS_ICE */
428 #if defined(CONFIG_USER_ONLY)
429 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
434 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
435 int flags, CPUWatchpoint **watchpoint)
440 /* Add a watchpoint. */
441 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
442 int flags, CPUWatchpoint **watchpoint)
444 target_ulong len_mask = ~(len - 1);
447 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
448 if ((len & (len - 1)) || (addr & ~len_mask) ||
449 len == 0 || len > TARGET_PAGE_SIZE) {
450 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
451 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
454 wp = g_malloc(sizeof(*wp));
457 wp->len_mask = len_mask;
460 /* keep all GDB-injected watchpoints in front */
462 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
464 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
466 tlb_flush_page(env, addr);
473 /* Remove a specific watchpoint. */
474 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
477 target_ulong len_mask = ~(len - 1);
480 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
481 if (addr == wp->vaddr && len_mask == wp->len_mask
482 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
483 cpu_watchpoint_remove_by_ref(env, wp);
490 /* Remove a specific watchpoint by reference. */
491 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
493 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
495 tlb_flush_page(env, watchpoint->vaddr);
500 /* Remove all matching watchpoints. */
501 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
503 CPUWatchpoint *wp, *next;
505 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
506 if (wp->flags & mask)
507 cpu_watchpoint_remove_by_ref(env, wp);
512 /* Add a breakpoint. */
513 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
514 CPUBreakpoint **breakpoint)
516 #if defined(TARGET_HAS_ICE)
519 bp = g_malloc(sizeof(*bp));
524 /* keep all GDB-injected breakpoints in front */
526 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
528 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
530 breakpoint_invalidate(env, pc);
540 /* Remove a specific breakpoint. */
541 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
543 #if defined(TARGET_HAS_ICE)
546 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
547 if (bp->pc == pc && bp->flags == flags) {
548 cpu_breakpoint_remove_by_ref(env, bp);
558 /* Remove a specific breakpoint by reference. */
559 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
561 #if defined(TARGET_HAS_ICE)
562 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
564 breakpoint_invalidate(env, breakpoint->pc);
570 /* Remove all matching breakpoints. */
571 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
573 #if defined(TARGET_HAS_ICE)
574 CPUBreakpoint *bp, *next;
576 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
577 if (bp->flags & mask)
578 cpu_breakpoint_remove_by_ref(env, bp);
583 /* enable or disable single step mode. EXCP_DEBUG is returned by the
584 CPU loop after each instruction */
585 void cpu_single_step(CPUArchState *env, int enabled)
587 #if defined(TARGET_HAS_ICE)
588 if (env->singlestep_enabled != enabled) {
589 env->singlestep_enabled = enabled;
591 kvm_update_guest_debug(env, 0);
593 /* must flush all the translated code to avoid inconsistencies */
594 /* XXX: only flush what is necessary */
601 void cpu_abort(CPUArchState *env, const char *fmt, ...)
603 CPUState *cpu = ENV_GET_CPU(env);
609 fprintf(stderr, "qemu: fatal: ");
610 vfprintf(stderr, fmt, ap);
611 fprintf(stderr, "\n");
612 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
613 if (qemu_log_enabled()) {
614 qemu_log("qemu: fatal: ");
615 qemu_log_vprintf(fmt, ap2);
617 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
623 #if defined(CONFIG_USER_ONLY)
625 struct sigaction act;
626 sigfillset(&act.sa_mask);
627 act.sa_handler = SIG_DFL;
628 sigaction(SIGABRT, &act, NULL);
634 CPUArchState *cpu_copy(CPUArchState *env)
636 CPUArchState *new_env = cpu_init(env->cpu_model_str);
637 CPUArchState *next_cpu = new_env->next_cpu;
638 #if defined(TARGET_HAS_ICE)
643 memcpy(new_env, env, sizeof(CPUArchState));
645 /* Preserve chaining. */
646 new_env->next_cpu = next_cpu;
648 /* Clone all break/watchpoints.
649 Note: Once we support ptrace with hw-debug register access, make sure
650 BP_CPU break/watchpoints are handled correctly on clone. */
651 QTAILQ_INIT(&env->breakpoints);
652 QTAILQ_INIT(&env->watchpoints);
653 #if defined(TARGET_HAS_ICE)
654 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
655 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
657 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
658 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
666 #if !defined(CONFIG_USER_ONLY)
667 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
672 /* we modify the TLB cache so that the dirty bit will be set again
673 when accessing the range */
674 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
675 /* Check that we don't span multiple blocks - this breaks the
676 address comparisons below. */
677 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
678 != (end - 1) - start) {
681 cpu_tlb_reset_dirty_all(start1, length);
685 /* Note: start and end must be within the same ram block. */
686 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
691 start &= TARGET_PAGE_MASK;
692 end = TARGET_PAGE_ALIGN(end);
694 length = end - start;
697 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
700 tlb_reset_dirty_range_all(start, end, length);
704 static int cpu_physical_memory_set_dirty_tracking(int enable)
707 in_migration = enable;
711 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
712 MemoryRegionSection *section,
714 hwaddr paddr, hwaddr xlat,
716 target_ulong *address)
721 if (memory_region_is_ram(section->mr)) {
723 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
725 if (!section->readonly) {
726 iotlb |= phys_section_notdirty;
728 iotlb |= phys_section_rom;
731 iotlb = section - phys_sections;
735 /* Make accesses to pages with watchpoints go via the
736 watchpoint trap routines. */
737 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
738 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
739 /* Avoid trapping reads of pages with a write breakpoint. */
740 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
741 iotlb = phys_section_watch + paddr;
742 *address |= TLB_MMIO;
750 #endif /* defined(CONFIG_USER_ONLY) */
752 #if !defined(CONFIG_USER_ONLY)
754 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
756 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
757 static void destroy_page_desc(uint16_t section_index)
759 MemoryRegionSection *section = &phys_sections[section_index];
760 MemoryRegion *mr = section->mr;
763 subpage_t *subpage = container_of(mr, subpage_t, iomem);
764 memory_region_destroy(&subpage->iomem);
769 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
774 if (lp->ptr == PHYS_MAP_NODE_NIL) {
778 p = phys_map_nodes[lp->ptr];
779 for (i = 0; i < L2_SIZE; ++i) {
781 destroy_l2_mapping(&p[i], level - 1);
783 destroy_page_desc(p[i].ptr);
787 lp->ptr = PHYS_MAP_NODE_NIL;
790 static void destroy_all_mappings(AddressSpaceDispatch *d)
792 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
793 phys_map_nodes_reset();
796 static uint16_t phys_section_add(MemoryRegionSection *section)
798 /* The physical section number is ORed with a page-aligned
799 * pointer to produce the iotlb entries. Thus it should
800 * never overflow into the page-aligned value.
802 assert(phys_sections_nb < TARGET_PAGE_SIZE);
804 if (phys_sections_nb == phys_sections_nb_alloc) {
805 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
806 phys_sections = g_renew(MemoryRegionSection, phys_sections,
807 phys_sections_nb_alloc);
809 phys_sections[phys_sections_nb] = *section;
810 return phys_sections_nb++;
813 static void phys_sections_clear(void)
815 phys_sections_nb = 0;
818 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
821 hwaddr base = section->offset_within_address_space
823 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
824 MemoryRegionSection subsection = {
825 .offset_within_address_space = base,
826 .size = int128_make64(TARGET_PAGE_SIZE),
830 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
832 if (!(existing->mr->subpage)) {
833 subpage = subpage_init(d->as, base);
834 subsection.mr = &subpage->iomem;
835 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
836 phys_section_add(&subsection));
838 subpage = container_of(existing->mr, subpage_t, iomem);
840 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
841 end = start + int128_get64(section->size) - 1;
842 subpage_register(subpage, start, end, phys_section_add(section));
846 static void register_multipage(AddressSpaceDispatch *d,
847 MemoryRegionSection *section)
849 hwaddr start_addr = section->offset_within_address_space;
850 uint16_t section_index = phys_section_add(section);
851 uint64_t num_pages = int128_get64(int128_rshift(section->size,
855 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
858 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
860 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
861 MemoryRegionSection now = *section, remain = *section;
862 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
864 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
865 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
866 - now.offset_within_address_space;
868 now.size = int128_min(int128_make64(left), now.size);
869 register_subpage(d, &now);
871 now.size = int128_zero();
873 while (int128_ne(remain.size, now.size)) {
874 remain.size = int128_sub(remain.size, now.size);
875 remain.offset_within_address_space += int128_get64(now.size);
876 remain.offset_within_region += int128_get64(now.size);
878 if (int128_lt(remain.size, page_size)) {
879 register_subpage(d, &now);
880 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
881 now.size = page_size;
882 register_subpage(d, &now);
884 now.size = int128_and(now.size, int128_neg(page_size));
885 register_multipage(d, &now);
890 void qemu_flush_coalesced_mmio_buffer(void)
893 kvm_flush_coalesced_mmio_buffer();
896 void qemu_mutex_lock_ramlist(void)
898 qemu_mutex_lock(&ram_list.mutex);
901 void qemu_mutex_unlock_ramlist(void)
903 qemu_mutex_unlock(&ram_list.mutex);
906 #if defined(__linux__) && !defined(TARGET_S390X)
910 #define HUGETLBFS_MAGIC 0x958458f6
912 static long gethugepagesize(const char *path)
918 ret = statfs(path, &fs);
919 } while (ret != 0 && errno == EINTR);
926 if (fs.f_type != HUGETLBFS_MAGIC)
927 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
932 static void *file_ram_alloc(RAMBlock *block,
937 char *sanitized_name;
944 unsigned long hpagesize;
946 hpagesize = gethugepagesize(path);
951 if (memory < hpagesize) {
955 if (kvm_enabled() && !kvm_has_sync_mmu()) {
956 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
960 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
961 sanitized_name = g_strdup(block->mr->name);
962 for (c = sanitized_name; *c != '\0'; c++) {
967 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
969 g_free(sanitized_name);
971 fd = mkstemp(filename);
973 perror("unable to create backing store for hugepages");
980 memory = (memory+hpagesize-1) & ~(hpagesize-1);
983 * ftruncate is not supported by hugetlbfs in older
984 * hosts, so don't bother bailing out on errors.
985 * If anything goes wrong with it under other filesystems,
988 if (ftruncate(fd, memory))
992 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
993 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
994 * to sidestep this quirk.
996 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
997 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
999 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1001 if (area == MAP_FAILED) {
1002 perror("file_ram_alloc: can't mmap RAM pages");
1011 static ram_addr_t find_ram_offset(ram_addr_t size)
1013 RAMBlock *block, *next_block;
1014 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1016 assert(size != 0); /* it would hand out same offset multiple times */
1018 if (QTAILQ_EMPTY(&ram_list.blocks))
1021 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1022 ram_addr_t end, next = RAM_ADDR_MAX;
1024 end = block->offset + block->length;
1026 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1027 if (next_block->offset >= end) {
1028 next = MIN(next, next_block->offset);
1031 if (next - end >= size && next - end < mingap) {
1033 mingap = next - end;
1037 if (offset == RAM_ADDR_MAX) {
1038 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1046 ram_addr_t last_ram_offset(void)
1049 ram_addr_t last = 0;
1051 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1052 last = MAX(last, block->offset + block->length);
1057 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1060 QemuOpts *machine_opts;
1062 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1063 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1065 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1066 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1068 perror("qemu_madvise");
1069 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1070 "but dump_guest_core=off specified\n");
1075 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1077 RAMBlock *new_block, *block;
1080 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1081 if (block->offset == addr) {
1087 assert(!new_block->idstr[0]);
1090 char *id = qdev_get_dev_path(dev);
1092 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1096 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1098 /* This assumes the iothread lock is taken here too. */
1099 qemu_mutex_lock_ramlist();
1100 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1101 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1102 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1107 qemu_mutex_unlock_ramlist();
1110 static int memory_try_enable_merging(void *addr, size_t len)
1114 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1115 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1116 /* disabled by the user */
1120 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1123 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1126 RAMBlock *block, *new_block;
1128 size = TARGET_PAGE_ALIGN(size);
1129 new_block = g_malloc0(sizeof(*new_block));
1131 /* This assumes the iothread lock is taken here too. */
1132 qemu_mutex_lock_ramlist();
1134 new_block->offset = find_ram_offset(size);
1136 new_block->host = host;
1137 new_block->flags |= RAM_PREALLOC_MASK;
1140 #if defined (__linux__) && !defined(TARGET_S390X)
1141 new_block->host = file_ram_alloc(new_block, size, mem_path);
1142 if (!new_block->host) {
1143 new_block->host = qemu_anon_ram_alloc(size);
1144 memory_try_enable_merging(new_block->host, size);
1147 fprintf(stderr, "-mem-path option unsupported\n");
1151 if (xen_enabled()) {
1152 xen_ram_alloc(new_block->offset, size, mr);
1153 } else if (kvm_enabled()) {
1154 /* some s390/kvm configurations have special constraints */
1155 new_block->host = kvm_ram_alloc(size);
1157 new_block->host = qemu_anon_ram_alloc(size);
1159 memory_try_enable_merging(new_block->host, size);
1162 new_block->length = size;
1164 /* Keep the list sorted from biggest to smallest block. */
1165 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1166 if (block->length < new_block->length) {
1171 QTAILQ_INSERT_BEFORE(block, new_block, next);
1173 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1175 ram_list.mru_block = NULL;
1178 qemu_mutex_unlock_ramlist();
1180 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1181 last_ram_offset() >> TARGET_PAGE_BITS);
1182 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1183 0, size >> TARGET_PAGE_BITS);
1184 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1186 qemu_ram_setup_dump(new_block->host, size);
1187 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1190 kvm_setup_guest_memory(new_block->host, size);
1192 return new_block->offset;
1195 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1197 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1200 void qemu_ram_free_from_ptr(ram_addr_t addr)
1204 /* This assumes the iothread lock is taken here too. */
1205 qemu_mutex_lock_ramlist();
1206 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1207 if (addr == block->offset) {
1208 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1209 ram_list.mru_block = NULL;
1215 qemu_mutex_unlock_ramlist();
1218 void qemu_ram_free(ram_addr_t addr)
1222 /* This assumes the iothread lock is taken here too. */
1223 qemu_mutex_lock_ramlist();
1224 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1225 if (addr == block->offset) {
1226 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1227 ram_list.mru_block = NULL;
1229 if (block->flags & RAM_PREALLOC_MASK) {
1231 } else if (mem_path) {
1232 #if defined (__linux__) && !defined(TARGET_S390X)
1234 munmap(block->host, block->length);
1237 qemu_anon_ram_free(block->host, block->length);
1243 if (xen_enabled()) {
1244 xen_invalidate_map_cache_entry(block->host);
1246 qemu_anon_ram_free(block->host, block->length);
1253 qemu_mutex_unlock_ramlist();
1258 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1265 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1266 offset = addr - block->offset;
1267 if (offset < block->length) {
1268 vaddr = block->host + offset;
1269 if (block->flags & RAM_PREALLOC_MASK) {
1273 munmap(vaddr, length);
1275 #if defined(__linux__) && !defined(TARGET_S390X)
1278 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1281 flags |= MAP_PRIVATE;
1283 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1284 flags, block->fd, offset);
1286 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1287 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1294 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1295 flags |= MAP_SHARED | MAP_ANONYMOUS;
1296 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1299 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1300 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1304 if (area != vaddr) {
1305 fprintf(stderr, "Could not remap addr: "
1306 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1310 memory_try_enable_merging(vaddr, length);
1311 qemu_ram_setup_dump(vaddr, length);
1317 #endif /* !_WIN32 */
1319 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1320 With the exception of the softmmu code in this file, this should
1321 only be used for local memory (e.g. video ram) that the device owns,
1322 and knows it isn't going to access beyond the end of the block.
1324 It should not be used for general purpose DMA.
1325 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1327 void *qemu_get_ram_ptr(ram_addr_t addr)
1331 /* The list is protected by the iothread lock here. */
1332 block = ram_list.mru_block;
1333 if (block && addr - block->offset < block->length) {
1336 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1337 if (addr - block->offset < block->length) {
1342 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1346 ram_list.mru_block = block;
1347 if (xen_enabled()) {
1348 /* We need to check if the requested address is in the RAM
1349 * because we don't want to map the entire memory in QEMU.
1350 * In that case just map until the end of the page.
1352 if (block->offset == 0) {
1353 return xen_map_cache(addr, 0, 0);
1354 } else if (block->host == NULL) {
1356 xen_map_cache(block->offset, block->length, 1);
1359 return block->host + (addr - block->offset);
1362 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1363 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1365 * ??? Is this still necessary?
1367 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1371 /* The list is protected by the iothread lock here. */
1372 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1373 if (addr - block->offset < block->length) {
1374 if (xen_enabled()) {
1375 /* We need to check if the requested address is in the RAM
1376 * because we don't want to map the entire memory in QEMU.
1377 * In that case just map until the end of the page.
1379 if (block->offset == 0) {
1380 return xen_map_cache(addr, 0, 0);
1381 } else if (block->host == NULL) {
1383 xen_map_cache(block->offset, block->length, 1);
1386 return block->host + (addr - block->offset);
1390 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1396 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1397 * but takes a size argument */
1398 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1403 if (xen_enabled()) {
1404 return xen_map_cache(addr, *size, 1);
1408 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1409 if (addr - block->offset < block->length) {
1410 if (addr - block->offset + *size > block->length)
1411 *size = block->length - addr + block->offset;
1412 return block->host + (addr - block->offset);
1416 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1421 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1424 uint8_t *host = ptr;
1426 if (xen_enabled()) {
1427 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1431 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1432 /* This case append when the block is not mapped. */
1433 if (block->host == NULL) {
1436 if (host - block->host < block->length) {
1437 *ram_addr = block->offset + (host - block->host);
1445 /* Some of the softmmu routines need to translate from a host pointer
1446 (typically a TLB entry) back to a ram offset. */
1447 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1449 ram_addr_t ram_addr;
1451 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1452 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1458 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1459 uint64_t val, unsigned size)
1462 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1463 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1464 tb_invalidate_phys_page_fast(ram_addr, size);
1465 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1469 stb_p(qemu_get_ram_ptr(ram_addr), val);
1472 stw_p(qemu_get_ram_ptr(ram_addr), val);
1475 stl_p(qemu_get_ram_ptr(ram_addr), val);
1480 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1481 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1482 /* we remove the notdirty callback only if the code has been
1484 if (dirty_flags == 0xff)
1485 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1488 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1489 unsigned size, bool is_write)
1494 static const MemoryRegionOps notdirty_mem_ops = {
1495 .write = notdirty_mem_write,
1496 .valid.accepts = notdirty_mem_accepts,
1497 .endianness = DEVICE_NATIVE_ENDIAN,
1500 /* Generate a debug exception if a watchpoint has been hit. */
1501 static void check_watchpoint(int offset, int len_mask, int flags)
1503 CPUArchState *env = cpu_single_env;
1504 target_ulong pc, cs_base;
1509 if (env->watchpoint_hit) {
1510 /* We re-entered the check after replacing the TB. Now raise
1511 * the debug interrupt so that is will trigger after the
1512 * current instruction. */
1513 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1516 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1517 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1518 if ((vaddr == (wp->vaddr & len_mask) ||
1519 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1520 wp->flags |= BP_WATCHPOINT_HIT;
1521 if (!env->watchpoint_hit) {
1522 env->watchpoint_hit = wp;
1523 tb_check_watchpoint(env);
1524 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1525 env->exception_index = EXCP_DEBUG;
1528 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1529 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1530 cpu_resume_from_signal(env, NULL);
1534 wp->flags &= ~BP_WATCHPOINT_HIT;
1539 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1540 so these check for a hit then pass through to the normal out-of-line
1542 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1545 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1547 case 1: return ldub_phys(addr);
1548 case 2: return lduw_phys(addr);
1549 case 4: return ldl_phys(addr);
1554 static void watch_mem_write(void *opaque, hwaddr addr,
1555 uint64_t val, unsigned size)
1557 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1560 stb_phys(addr, val);
1563 stw_phys(addr, val);
1566 stl_phys(addr, val);
1572 static const MemoryRegionOps watch_mem_ops = {
1573 .read = watch_mem_read,
1574 .write = watch_mem_write,
1575 .endianness = DEVICE_NATIVE_ENDIAN,
1578 static uint64_t subpage_read(void *opaque, hwaddr addr,
1581 subpage_t *subpage = opaque;
1584 #if defined(DEBUG_SUBPAGE)
1585 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1586 subpage, len, addr);
1588 address_space_read(subpage->as, addr + subpage->base, buf, len);
1601 static void subpage_write(void *opaque, hwaddr addr,
1602 uint64_t value, unsigned len)
1604 subpage_t *subpage = opaque;
1607 #if defined(DEBUG_SUBPAGE)
1608 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1609 " value %"PRIx64"\n",
1610 __func__, subpage, len, addr, value);
1625 address_space_write(subpage->as, addr + subpage->base, buf, len);
1628 static bool subpage_accepts(void *opaque, hwaddr addr,
1629 unsigned size, bool is_write)
1631 subpage_t *subpage = opaque;
1632 #if defined(DEBUG_SUBPAGE)
1633 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1634 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1637 return address_space_access_valid(subpage->as, addr + subpage->base,
1641 static const MemoryRegionOps subpage_ops = {
1642 .read = subpage_read,
1643 .write = subpage_write,
1644 .valid.accepts = subpage_accepts,
1645 .endianness = DEVICE_NATIVE_ENDIAN,
1648 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1653 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1655 idx = SUBPAGE_IDX(start);
1656 eidx = SUBPAGE_IDX(end);
1657 #if defined(DEBUG_SUBPAGE)
1658 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1659 mmio, start, end, idx, eidx, memory);
1661 for (; idx <= eidx; idx++) {
1662 mmio->sub_section[idx] = section;
1668 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1672 mmio = g_malloc0(sizeof(subpage_t));
1676 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1677 "subpage", TARGET_PAGE_SIZE);
1678 mmio->iomem.subpage = true;
1679 #if defined(DEBUG_SUBPAGE)
1680 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1681 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1683 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1688 static uint16_t dummy_section(MemoryRegion *mr)
1690 MemoryRegionSection section = {
1692 .offset_within_address_space = 0,
1693 .offset_within_region = 0,
1694 .size = int128_2_64(),
1697 return phys_section_add(§ion);
1700 MemoryRegion *iotlb_to_region(hwaddr index)
1702 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1705 static void io_mem_init(void)
1707 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1708 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1709 "unassigned", UINT64_MAX);
1710 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1711 "notdirty", UINT64_MAX);
1712 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1713 "watch", UINT64_MAX);
1716 static void mem_begin(MemoryListener *listener)
1718 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1720 destroy_all_mappings(d);
1721 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1724 static void core_begin(MemoryListener *listener)
1726 phys_sections_clear();
1727 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1728 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1729 phys_section_rom = dummy_section(&io_mem_rom);
1730 phys_section_watch = dummy_section(&io_mem_watch);
1733 static void tcg_commit(MemoryListener *listener)
1737 /* since each CPU stores ram addresses in its TLB cache, we must
1738 reset the modified entries */
1740 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1745 static void core_log_global_start(MemoryListener *listener)
1747 cpu_physical_memory_set_dirty_tracking(1);
1750 static void core_log_global_stop(MemoryListener *listener)
1752 cpu_physical_memory_set_dirty_tracking(0);
1755 static MemoryListener core_memory_listener = {
1756 .begin = core_begin,
1757 .log_global_start = core_log_global_start,
1758 .log_global_stop = core_log_global_stop,
1762 static MemoryListener tcg_memory_listener = {
1763 .commit = tcg_commit,
1766 void address_space_init_dispatch(AddressSpace *as)
1768 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1770 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1771 d->listener = (MemoryListener) {
1773 .region_add = mem_add,
1774 .region_nop = mem_add,
1779 memory_listener_register(&d->listener, as);
1782 void address_space_destroy_dispatch(AddressSpace *as)
1784 AddressSpaceDispatch *d = as->dispatch;
1786 memory_listener_unregister(&d->listener);
1787 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1789 as->dispatch = NULL;
1792 static void memory_map_init(void)
1794 system_memory = g_malloc(sizeof(*system_memory));
1795 memory_region_init(system_memory, "system", INT64_MAX);
1796 address_space_init(&address_space_memory, system_memory, "memory");
1798 system_io = g_malloc(sizeof(*system_io));
1799 memory_region_init(system_io, "io", 65536);
1800 address_space_init(&address_space_io, system_io, "I/O");
1802 memory_listener_register(&core_memory_listener, &address_space_memory);
1803 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1806 MemoryRegion *get_system_memory(void)
1808 return system_memory;
1811 MemoryRegion *get_system_io(void)
1816 #endif /* !defined(CONFIG_USER_ONLY) */
1818 /* physical memory access (slow version, mainly for debug) */
1819 #if defined(CONFIG_USER_ONLY)
1820 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1821 uint8_t *buf, int len, int is_write)
1828 page = addr & TARGET_PAGE_MASK;
1829 l = (page + TARGET_PAGE_SIZE) - addr;
1832 flags = page_get_flags(page);
1833 if (!(flags & PAGE_VALID))
1836 if (!(flags & PAGE_WRITE))
1838 /* XXX: this code should not depend on lock_user */
1839 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1842 unlock_user(p, addr, l);
1844 if (!(flags & PAGE_READ))
1846 /* XXX: this code should not depend on lock_user */
1847 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1850 unlock_user(p, addr, 0);
1861 static void invalidate_and_set_dirty(hwaddr addr,
1864 if (!cpu_physical_memory_is_dirty(addr)) {
1865 /* invalidate code */
1866 tb_invalidate_phys_page_range(addr, addr + length, 0);
1868 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1870 xen_modified_memory(addr, length);
1873 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1875 if (memory_region_is_ram(mr)) {
1876 return !(is_write && mr->readonly);
1878 if (memory_region_is_romd(mr)) {
1885 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1887 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1890 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1896 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1897 int len, bool is_write)
1908 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1911 if (!memory_access_is_direct(mr, is_write)) {
1912 l = memory_access_size(mr, l, addr1);
1913 /* XXX: could force cpu_single_env to NULL to avoid
1916 /* 32 bit write access */
1918 error |= io_mem_write(mr, addr1, val, 4);
1919 } else if (l == 2) {
1920 /* 16 bit write access */
1922 error |= io_mem_write(mr, addr1, val, 2);
1924 /* 8 bit write access */
1926 error |= io_mem_write(mr, addr1, val, 1);
1929 addr1 += memory_region_get_ram_addr(mr);
1931 ptr = qemu_get_ram_ptr(addr1);
1932 memcpy(ptr, buf, l);
1933 invalidate_and_set_dirty(addr1, l);
1936 if (!memory_access_is_direct(mr, is_write)) {
1938 l = memory_access_size(mr, l, addr1);
1940 /* 32 bit read access */
1941 error |= io_mem_read(mr, addr1, &val, 4);
1943 } else if (l == 2) {
1944 /* 16 bit read access */
1945 error |= io_mem_read(mr, addr1, &val, 2);
1948 /* 8 bit read access */
1949 error |= io_mem_read(mr, addr1, &val, 1);
1954 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1955 memcpy(buf, ptr, l);
1966 bool address_space_write(AddressSpace *as, hwaddr addr,
1967 const uint8_t *buf, int len)
1969 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1972 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1974 return address_space_rw(as, addr, buf, len, false);
1978 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1979 int len, int is_write)
1981 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1984 /* used for ROM loading : can write in RAM and ROM */
1985 void cpu_physical_memory_write_rom(hwaddr addr,
1986 const uint8_t *buf, int len)
1995 mr = address_space_translate(&address_space_memory,
1996 addr, &addr1, &l, true);
1998 if (!(memory_region_is_ram(mr) ||
1999 memory_region_is_romd(mr))) {
2002 addr1 += memory_region_get_ram_addr(mr);
2004 ptr = qemu_get_ram_ptr(addr1);
2005 memcpy(ptr, buf, l);
2006 invalidate_and_set_dirty(addr1, l);
2020 static BounceBuffer bounce;
2022 typedef struct MapClient {
2024 void (*callback)(void *opaque);
2025 QLIST_ENTRY(MapClient) link;
2028 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2029 = QLIST_HEAD_INITIALIZER(map_client_list);
2031 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2033 MapClient *client = g_malloc(sizeof(*client));
2035 client->opaque = opaque;
2036 client->callback = callback;
2037 QLIST_INSERT_HEAD(&map_client_list, client, link);
2041 static void cpu_unregister_map_client(void *_client)
2043 MapClient *client = (MapClient *)_client;
2045 QLIST_REMOVE(client, link);
2049 static void cpu_notify_map_clients(void)
2053 while (!QLIST_EMPTY(&map_client_list)) {
2054 client = QLIST_FIRST(&map_client_list);
2055 client->callback(client->opaque);
2056 cpu_unregister_map_client(client);
2060 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2067 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2068 if (!memory_access_is_direct(mr, is_write)) {
2069 l = memory_access_size(mr, l, addr);
2070 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2081 /* Map a physical memory region into a host virtual address.
2082 * May map a subset of the requested range, given by and returned in *plen.
2083 * May return NULL if resources needed to perform the mapping are exhausted.
2084 * Use only for reads OR writes - not for read-modify-write operations.
2085 * Use cpu_register_map_client() to know when retrying the map operation is
2086 * likely to succeed.
2088 void *address_space_map(AddressSpace *as,
2097 ram_addr_t raddr = RAM_ADDR_MAX;
2103 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2105 if (!memory_access_is_direct(mr, is_write)) {
2106 if (todo || bounce.buffer) {
2109 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2113 address_space_read(as, addr, bounce.buffer, l);
2117 return bounce.buffer;
2120 raddr = memory_region_get_ram_addr(mr) + xlat;
2122 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2132 ret = qemu_ram_ptr_length(raddr, &rlen);
2137 /* Unmaps a memory region previously mapped by address_space_map().
2138 * Will also mark the memory as dirty if is_write == 1. access_len gives
2139 * the amount of memory that was actually read or written by the caller.
2141 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2142 int is_write, hwaddr access_len)
2144 if (buffer != bounce.buffer) {
2146 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2147 while (access_len) {
2149 l = TARGET_PAGE_SIZE;
2152 invalidate_and_set_dirty(addr1, l);
2157 if (xen_enabled()) {
2158 xen_invalidate_map_cache_entry(buffer);
2163 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2165 qemu_vfree(bounce.buffer);
2166 bounce.buffer = NULL;
2167 cpu_notify_map_clients();
2170 void *cpu_physical_memory_map(hwaddr addr,
2174 return address_space_map(&address_space_memory, addr, plen, is_write);
2177 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2178 int is_write, hwaddr access_len)
2180 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2183 /* warning: addr must be aligned */
2184 static inline uint32_t ldl_phys_internal(hwaddr addr,
2185 enum device_endian endian)
2193 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2195 if (l < 4 || !memory_access_is_direct(mr, false)) {
2197 io_mem_read(mr, addr1, &val, 4);
2198 #if defined(TARGET_WORDS_BIGENDIAN)
2199 if (endian == DEVICE_LITTLE_ENDIAN) {
2203 if (endian == DEVICE_BIG_ENDIAN) {
2209 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2213 case DEVICE_LITTLE_ENDIAN:
2214 val = ldl_le_p(ptr);
2216 case DEVICE_BIG_ENDIAN:
2217 val = ldl_be_p(ptr);
2227 uint32_t ldl_phys(hwaddr addr)
2229 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2232 uint32_t ldl_le_phys(hwaddr addr)
2234 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2237 uint32_t ldl_be_phys(hwaddr addr)
2239 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2242 /* warning: addr must be aligned */
2243 static inline uint64_t ldq_phys_internal(hwaddr addr,
2244 enum device_endian endian)
2252 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2254 if (l < 8 || !memory_access_is_direct(mr, false)) {
2256 io_mem_read(mr, addr1, &val, 8);
2257 #if defined(TARGET_WORDS_BIGENDIAN)
2258 if (endian == DEVICE_LITTLE_ENDIAN) {
2262 if (endian == DEVICE_BIG_ENDIAN) {
2268 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2272 case DEVICE_LITTLE_ENDIAN:
2273 val = ldq_le_p(ptr);
2275 case DEVICE_BIG_ENDIAN:
2276 val = ldq_be_p(ptr);
2286 uint64_t ldq_phys(hwaddr addr)
2288 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2291 uint64_t ldq_le_phys(hwaddr addr)
2293 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2296 uint64_t ldq_be_phys(hwaddr addr)
2298 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2302 uint32_t ldub_phys(hwaddr addr)
2305 cpu_physical_memory_read(addr, &val, 1);
2309 /* warning: addr must be aligned */
2310 static inline uint32_t lduw_phys_internal(hwaddr addr,
2311 enum device_endian endian)
2319 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2321 if (l < 2 || !memory_access_is_direct(mr, false)) {
2323 io_mem_read(mr, addr1, &val, 2);
2324 #if defined(TARGET_WORDS_BIGENDIAN)
2325 if (endian == DEVICE_LITTLE_ENDIAN) {
2329 if (endian == DEVICE_BIG_ENDIAN) {
2335 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2339 case DEVICE_LITTLE_ENDIAN:
2340 val = lduw_le_p(ptr);
2342 case DEVICE_BIG_ENDIAN:
2343 val = lduw_be_p(ptr);
2353 uint32_t lduw_phys(hwaddr addr)
2355 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2358 uint32_t lduw_le_phys(hwaddr addr)
2360 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2363 uint32_t lduw_be_phys(hwaddr addr)
2365 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2368 /* warning: addr must be aligned. The ram page is not masked as dirty
2369 and the code inside is not invalidated. It is useful if the dirty
2370 bits are used to track modified PTEs */
2371 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2378 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2380 if (l < 4 || !memory_access_is_direct(mr, true)) {
2381 io_mem_write(mr, addr1, val, 4);
2383 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2384 ptr = qemu_get_ram_ptr(addr1);
2387 if (unlikely(in_migration)) {
2388 if (!cpu_physical_memory_is_dirty(addr1)) {
2389 /* invalidate code */
2390 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2392 cpu_physical_memory_set_dirty_flags(
2393 addr1, (0xff & ~CODE_DIRTY_FLAG));
2399 /* warning: addr must be aligned */
2400 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2401 enum device_endian endian)
2408 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2410 if (l < 4 || !memory_access_is_direct(mr, true)) {
2411 #if defined(TARGET_WORDS_BIGENDIAN)
2412 if (endian == DEVICE_LITTLE_ENDIAN) {
2416 if (endian == DEVICE_BIG_ENDIAN) {
2420 io_mem_write(mr, addr1, val, 4);
2423 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2424 ptr = qemu_get_ram_ptr(addr1);
2426 case DEVICE_LITTLE_ENDIAN:
2429 case DEVICE_BIG_ENDIAN:
2436 invalidate_and_set_dirty(addr1, 4);
2440 void stl_phys(hwaddr addr, uint32_t val)
2442 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2445 void stl_le_phys(hwaddr addr, uint32_t val)
2447 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2450 void stl_be_phys(hwaddr addr, uint32_t val)
2452 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2456 void stb_phys(hwaddr addr, uint32_t val)
2459 cpu_physical_memory_write(addr, &v, 1);
2462 /* warning: addr must be aligned */
2463 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2464 enum device_endian endian)
2471 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2473 if (l < 2 || !memory_access_is_direct(mr, true)) {
2474 #if defined(TARGET_WORDS_BIGENDIAN)
2475 if (endian == DEVICE_LITTLE_ENDIAN) {
2479 if (endian == DEVICE_BIG_ENDIAN) {
2483 io_mem_write(mr, addr1, val, 2);
2486 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2487 ptr = qemu_get_ram_ptr(addr1);
2489 case DEVICE_LITTLE_ENDIAN:
2492 case DEVICE_BIG_ENDIAN:
2499 invalidate_and_set_dirty(addr1, 2);
2503 void stw_phys(hwaddr addr, uint32_t val)
2505 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2508 void stw_le_phys(hwaddr addr, uint32_t val)
2510 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2513 void stw_be_phys(hwaddr addr, uint32_t val)
2515 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2519 void stq_phys(hwaddr addr, uint64_t val)
2522 cpu_physical_memory_write(addr, &val, 8);
2525 void stq_le_phys(hwaddr addr, uint64_t val)
2527 val = cpu_to_le64(val);
2528 cpu_physical_memory_write(addr, &val, 8);
2531 void stq_be_phys(hwaddr addr, uint64_t val)
2533 val = cpu_to_be64(val);
2534 cpu_physical_memory_write(addr, &val, 8);
2537 /* virtual memory access for debug (includes writing to ROM) */
2538 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2539 uint8_t *buf, int len, int is_write)
2546 page = addr & TARGET_PAGE_MASK;
2547 phys_addr = cpu_get_phys_page_debug(env, page);
2548 /* if no physical page mapped, return an error */
2549 if (phys_addr == -1)
2551 l = (page + TARGET_PAGE_SIZE) - addr;
2554 phys_addr += (addr & ~TARGET_PAGE_MASK);
2556 cpu_physical_memory_write_rom(phys_addr, buf, l);
2558 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2567 #if !defined(CONFIG_USER_ONLY)
2570 * A helper function for the _utterly broken_ virtio device model to find out if
2571 * it's running on a big endian machine. Don't do this at home kids!
2573 bool virtio_is_big_endian(void);
2574 bool virtio_is_big_endian(void)
2576 #if defined(TARGET_WORDS_BIGENDIAN)
2585 #ifndef CONFIG_USER_ONLY
2586 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2591 mr = address_space_translate(&address_space_memory,
2592 phys_addr, &phys_addr, &l, false);
2594 return !(memory_region_is_ram(mr) ||
2595 memory_region_is_romd(mr));
2598 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2602 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2603 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob