4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 //#define DEBUG_SUBPAGE
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
86 #define RAM_RESIZEABLE (1 << 2)
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
93 __thread CPUState *current_cpu;
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
99 #if !defined(CONFIG_USER_ONLY)
101 typedef struct PhysPageEntry PhysPageEntry;
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
116 #define P_L2_SIZE (1 << P_L2_BITS)
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
120 typedef PhysPageEntry Node[P_L2_SIZE];
122 typedef struct PhysPageMap {
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
128 unsigned nodes_nb_alloc;
130 MemoryRegionSection *sections;
133 struct AddressSpaceDispatch {
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
139 PhysPageEntry phys_map;
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
149 uint16_t sub_section[TARGET_PAGE_SIZE];
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
161 static MemoryRegion io_mem_watch;
164 #if !defined(CONFIG_USER_ONLY)
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
182 ret = map->nodes_nb++;
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
236 unsigned valid_ptr = P_L2_SIZE;
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
254 phys_page_compact(&p[i], nodes, compacted);
258 /* We can only compress if there's only one child. */
263 assert(valid_ptr < P_L2_SIZE);
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
280 lp->skip += p[valid_ptr].skip;
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
286 DECLARE_BITMAP(compacted, nodes_nb);
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
297 hwaddr index = addr >> TARGET_PAGE_BITS;
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return §ions[PHYS_SECTION_UNASSIGNED];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return §ions[lp.ptr];
313 return §ions[PHYS_SECTION_UNASSIGNED];
317 bool memory_region_is_unassigned(MemoryRegion *mr)
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
326 bool resolve_subpage)
328 MemoryRegionSection *section;
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
344 MemoryRegionSection *section;
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
380 if (memory_region_is_romd(mr)) {
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
393 MemoryRegionSection *section;
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
401 if (!mr->iommu_ops) {
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
414 as = iotlb.target_as;
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
435 assert(!section->mr->iommu_ops);
440 #if !defined(CONFIG_USER_ONLY)
442 static int cpu_common_post_load(void *opaque, int version_id)
444 CPUState *cpu = opaque;
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
454 static int cpu_common_pre_load(void *opaque)
456 CPUState *cpu = opaque;
458 cpu->exception_index = -1;
463 static bool cpu_common_exception_index_needed(void *opaque)
465 CPUState *cpu = opaque;
467 return tcg_enabled() && cpu->exception_index != -1;
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
481 static bool cpu_common_crash_occurred_needed(void *opaque)
483 CPUState *cpu = opaque;
485 return cpu->crash_occurred;
488 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
489 .name = "cpu_common/crash_occurred",
491 .minimum_version_id = 1,
492 .needed = cpu_common_crash_occurred_needed,
493 .fields = (VMStateField[]) {
494 VMSTATE_BOOL(crash_occurred, CPUState),
495 VMSTATE_END_OF_LIST()
499 const VMStateDescription vmstate_cpu_common = {
500 .name = "cpu_common",
502 .minimum_version_id = 1,
503 .pre_load = cpu_common_pre_load,
504 .post_load = cpu_common_post_load,
505 .fields = (VMStateField[]) {
506 VMSTATE_UINT32(halted, CPUState),
507 VMSTATE_UINT32(interrupt_request, CPUState),
508 VMSTATE_END_OF_LIST()
510 .subsections = (const VMStateDescription*[]) {
511 &vmstate_cpu_common_exception_index,
512 &vmstate_cpu_common_crash_occurred,
519 CPUState *qemu_get_cpu(int index)
524 if (cpu->cpu_index == index) {
532 #if !defined(CONFIG_USER_ONLY)
533 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
535 /* We only support one address space per cpu at the moment. */
536 assert(cpu->as == as);
538 if (cpu->tcg_as_listener) {
539 memory_listener_unregister(cpu->tcg_as_listener);
541 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
543 cpu->tcg_as_listener->commit = tcg_commit;
544 memory_listener_register(cpu->tcg_as_listener, as);
548 #ifndef CONFIG_USER_ONLY
549 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
551 static int cpu_get_free_index(Error **errp)
553 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
555 if (cpu >= MAX_CPUMASK_BITS) {
556 error_setg(errp, "Trying to use more CPUs than max of %d",
561 bitmap_set(cpu_index_map, cpu, 1);
565 void cpu_exec_exit(CPUState *cpu)
567 if (cpu->cpu_index == -1) {
568 /* cpu_index was never allocated by this @cpu or was already freed. */
572 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
577 static int cpu_get_free_index(Error **errp)
582 CPU_FOREACH(some_cpu) {
588 void cpu_exec_exit(CPUState *cpu)
593 void cpu_exec_init(CPUState *cpu, Error **errp)
595 CPUClass *cc = CPU_GET_CLASS(cpu);
597 Error *local_err = NULL;
599 #ifndef CONFIG_USER_ONLY
600 cpu->as = &address_space_memory;
601 cpu->thread_id = qemu_get_thread_id();
602 cpu_reload_memory_map(cpu);
605 #if defined(CONFIG_USER_ONLY)
608 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
610 error_propagate(errp, local_err);
611 #if defined(CONFIG_USER_ONLY)
616 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
617 #if defined(CONFIG_USER_ONLY)
620 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
621 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
623 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
624 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
625 cpu_save, cpu_load, cpu->env_ptr);
626 assert(cc->vmsd == NULL);
627 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
629 if (cc->vmsd != NULL) {
630 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
634 #if defined(CONFIG_USER_ONLY)
635 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
637 tb_invalidate_phys_page_range(pc, pc + 1, 0);
640 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
642 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
644 tb_invalidate_phys_addr(cpu->as,
645 phys | (pc & ~TARGET_PAGE_MASK));
650 #if defined(CONFIG_USER_ONLY)
651 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
656 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
662 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
666 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
667 int flags, CPUWatchpoint **watchpoint)
672 /* Add a watchpoint. */
673 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
674 int flags, CPUWatchpoint **watchpoint)
678 /* forbid ranges which are empty or run off the end of the address space */
679 if (len == 0 || (addr + len - 1) < addr) {
680 error_report("tried to set invalid watchpoint at %"
681 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
684 wp = g_malloc(sizeof(*wp));
690 /* keep all GDB-injected watchpoints in front */
691 if (flags & BP_GDB) {
692 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
694 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
697 tlb_flush_page(cpu, addr);
704 /* Remove a specific watchpoint. */
705 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
710 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
711 if (addr == wp->vaddr && len == wp->len
712 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
713 cpu_watchpoint_remove_by_ref(cpu, wp);
720 /* Remove a specific watchpoint by reference. */
721 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
723 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
725 tlb_flush_page(cpu, watchpoint->vaddr);
730 /* Remove all matching watchpoints. */
731 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
733 CPUWatchpoint *wp, *next;
735 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
736 if (wp->flags & mask) {
737 cpu_watchpoint_remove_by_ref(cpu, wp);
742 /* Return true if this watchpoint address matches the specified
743 * access (ie the address range covered by the watchpoint overlaps
744 * partially or completely with the address range covered by the
747 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
751 /* We know the lengths are non-zero, but a little caution is
752 * required to avoid errors in the case where the range ends
753 * exactly at the top of the address space and so addr + len
754 * wraps round to zero.
756 vaddr wpend = wp->vaddr + wp->len - 1;
757 vaddr addrend = addr + len - 1;
759 return !(addr > wpend || wp->vaddr > addrend);
764 /* Add a breakpoint. */
765 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
766 CPUBreakpoint **breakpoint)
770 bp = g_malloc(sizeof(*bp));
775 /* keep all GDB-injected breakpoints in front */
776 if (flags & BP_GDB) {
777 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
779 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
782 breakpoint_invalidate(cpu, pc);
790 /* Remove a specific breakpoint. */
791 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
795 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
796 if (bp->pc == pc && bp->flags == flags) {
797 cpu_breakpoint_remove_by_ref(cpu, bp);
804 /* Remove a specific breakpoint by reference. */
805 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
807 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
809 breakpoint_invalidate(cpu, breakpoint->pc);
814 /* Remove all matching breakpoints. */
815 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
817 CPUBreakpoint *bp, *next;
819 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
820 if (bp->flags & mask) {
821 cpu_breakpoint_remove_by_ref(cpu, bp);
826 /* enable or disable single step mode. EXCP_DEBUG is returned by the
827 CPU loop after each instruction */
828 void cpu_single_step(CPUState *cpu, int enabled)
830 if (cpu->singlestep_enabled != enabled) {
831 cpu->singlestep_enabled = enabled;
833 kvm_update_guest_debug(cpu, 0);
835 /* must flush all the translated code to avoid inconsistencies */
836 /* XXX: only flush what is necessary */
842 void cpu_abort(CPUState *cpu, const char *fmt, ...)
849 fprintf(stderr, "qemu: fatal: ");
850 vfprintf(stderr, fmt, ap);
851 fprintf(stderr, "\n");
852 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
853 if (qemu_log_enabled()) {
854 qemu_log("qemu: fatal: ");
855 qemu_log_vprintf(fmt, ap2);
857 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
863 #if defined(CONFIG_USER_ONLY)
865 struct sigaction act;
866 sigfillset(&act.sa_mask);
867 act.sa_handler = SIG_DFL;
868 sigaction(SIGABRT, &act, NULL);
874 #if !defined(CONFIG_USER_ONLY)
875 /* Called from RCU critical section */
876 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
880 block = atomic_rcu_read(&ram_list.mru_block);
881 if (block && addr - block->offset < block->max_length) {
884 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
885 if (addr - block->offset < block->max_length) {
890 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
894 /* It is safe to write mru_block outside the iothread lock. This
899 * xxx removed from list
903 * call_rcu(reclaim_ramblock, xxx);
906 * atomic_rcu_set is not needed here. The block was already published
907 * when it was placed into the list. Here we're just making an extra
908 * copy of the pointer.
910 ram_list.mru_block = block;
914 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
920 end = TARGET_PAGE_ALIGN(start + length);
921 start &= TARGET_PAGE_MASK;
924 block = qemu_get_ram_block(start);
925 assert(block == qemu_get_ram_block(end - 1));
926 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
927 cpu_tlb_reset_dirty_all(start1, length);
931 /* Note: start and end must be within the same ram block. */
932 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
936 unsigned long end, page;
943 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
944 page = start >> TARGET_PAGE_BITS;
945 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
948 if (dirty && tcg_enabled()) {
949 tlb_reset_dirty_range_all(start, length);
955 /* Called from RCU critical section */
956 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
957 MemoryRegionSection *section,
959 hwaddr paddr, hwaddr xlat,
961 target_ulong *address)
966 if (memory_region_is_ram(section->mr)) {
968 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
970 if (!section->readonly) {
971 iotlb |= PHYS_SECTION_NOTDIRTY;
973 iotlb |= PHYS_SECTION_ROM;
976 AddressSpaceDispatch *d;
978 d = atomic_rcu_read(§ion->address_space->dispatch);
979 iotlb = section - d->map.sections;
983 /* Make accesses to pages with watchpoints go via the
984 watchpoint trap routines. */
985 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
986 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
987 /* Avoid trapping reads of pages with a write breakpoint. */
988 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
989 iotlb = PHYS_SECTION_WATCH + paddr;
990 *address |= TLB_MMIO;
998 #endif /* defined(CONFIG_USER_ONLY) */
1000 #if !defined(CONFIG_USER_ONLY)
1002 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1004 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1006 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1007 qemu_anon_ram_alloc;
1010 * Set a custom physical guest memory alloator.
1011 * Accelerators with unusual needs may need this. Hopefully, we can
1012 * get rid of it eventually.
1014 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1016 phys_mem_alloc = alloc;
1019 static uint16_t phys_section_add(PhysPageMap *map,
1020 MemoryRegionSection *section)
1022 /* The physical section number is ORed with a page-aligned
1023 * pointer to produce the iotlb entries. Thus it should
1024 * never overflow into the page-aligned value.
1026 assert(map->sections_nb < TARGET_PAGE_SIZE);
1028 if (map->sections_nb == map->sections_nb_alloc) {
1029 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1030 map->sections = g_renew(MemoryRegionSection, map->sections,
1031 map->sections_nb_alloc);
1033 map->sections[map->sections_nb] = *section;
1034 memory_region_ref(section->mr);
1035 return map->sections_nb++;
1038 static void phys_section_destroy(MemoryRegion *mr)
1040 memory_region_unref(mr);
1043 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1044 object_unref(OBJECT(&subpage->iomem));
1049 static void phys_sections_free(PhysPageMap *map)
1051 while (map->sections_nb > 0) {
1052 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1053 phys_section_destroy(section->mr);
1055 g_free(map->sections);
1059 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1062 hwaddr base = section->offset_within_address_space
1064 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1065 d->map.nodes, d->map.sections);
1066 MemoryRegionSection subsection = {
1067 .offset_within_address_space = base,
1068 .size = int128_make64(TARGET_PAGE_SIZE),
1072 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1074 if (!(existing->mr->subpage)) {
1075 subpage = subpage_init(d->as, base);
1076 subsection.address_space = d->as;
1077 subsection.mr = &subpage->iomem;
1078 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1079 phys_section_add(&d->map, &subsection));
1081 subpage = container_of(existing->mr, subpage_t, iomem);
1083 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1084 end = start + int128_get64(section->size) - 1;
1085 subpage_register(subpage, start, end,
1086 phys_section_add(&d->map, section));
1090 static void register_multipage(AddressSpaceDispatch *d,
1091 MemoryRegionSection *section)
1093 hwaddr start_addr = section->offset_within_address_space;
1094 uint16_t section_index = phys_section_add(&d->map, section);
1095 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1099 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1102 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1104 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1105 AddressSpaceDispatch *d = as->next_dispatch;
1106 MemoryRegionSection now = *section, remain = *section;
1107 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1109 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1110 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1111 - now.offset_within_address_space;
1113 now.size = int128_min(int128_make64(left), now.size);
1114 register_subpage(d, &now);
1116 now.size = int128_zero();
1118 while (int128_ne(remain.size, now.size)) {
1119 remain.size = int128_sub(remain.size, now.size);
1120 remain.offset_within_address_space += int128_get64(now.size);
1121 remain.offset_within_region += int128_get64(now.size);
1123 if (int128_lt(remain.size, page_size)) {
1124 register_subpage(d, &now);
1125 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1126 now.size = page_size;
1127 register_subpage(d, &now);
1129 now.size = int128_and(now.size, int128_neg(page_size));
1130 register_multipage(d, &now);
1135 void qemu_flush_coalesced_mmio_buffer(void)
1138 kvm_flush_coalesced_mmio_buffer();
1141 void qemu_mutex_lock_ramlist(void)
1143 qemu_mutex_lock(&ram_list.mutex);
1146 void qemu_mutex_unlock_ramlist(void)
1148 qemu_mutex_unlock(&ram_list.mutex);
1153 #include <sys/vfs.h>
1155 #define HUGETLBFS_MAGIC 0x958458f6
1157 static long gethugepagesize(const char *path, Error **errp)
1163 ret = statfs(path, &fs);
1164 } while (ret != 0 && errno == EINTR);
1167 error_setg_errno(errp, errno, "failed to get page size of file %s",
1172 if (fs.f_type != HUGETLBFS_MAGIC)
1173 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1178 static void *file_ram_alloc(RAMBlock *block,
1184 char *sanitized_name;
1189 Error *local_err = NULL;
1191 hpagesize = gethugepagesize(path, &local_err);
1193 error_propagate(errp, local_err);
1196 block->mr->align = hpagesize;
1198 if (memory < hpagesize) {
1199 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1200 "or larger than huge page size 0x%" PRIx64,
1205 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1207 "host lacks kvm mmu notifiers, -mem-path unsupported");
1211 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1212 sanitized_name = g_strdup(memory_region_name(block->mr));
1213 for (c = sanitized_name; *c != '\0'; c++) {
1218 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1220 g_free(sanitized_name);
1222 fd = mkstemp(filename);
1224 error_setg_errno(errp, errno,
1225 "unable to create backing store for hugepages");
1232 memory = ROUND_UP(memory, hpagesize);
1235 * ftruncate is not supported by hugetlbfs in older
1236 * hosts, so don't bother bailing out on errors.
1237 * If anything goes wrong with it under other filesystems,
1240 if (ftruncate(fd, memory)) {
1241 perror("ftruncate");
1244 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1245 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1247 if (area == MAP_FAILED) {
1248 error_setg_errno(errp, errno,
1249 "unable to map backing store for hugepages");
1255 os_mem_prealloc(fd, area, memory);
1263 error_report("%s", error_get_pretty(*errp));
1270 /* Called with the ramlist lock held. */
1271 static ram_addr_t find_ram_offset(ram_addr_t size)
1273 RAMBlock *block, *next_block;
1274 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1276 assert(size != 0); /* it would hand out same offset multiple times */
1278 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1282 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1283 ram_addr_t end, next = RAM_ADDR_MAX;
1285 end = block->offset + block->max_length;
1287 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1288 if (next_block->offset >= end) {
1289 next = MIN(next, next_block->offset);
1292 if (next - end >= size && next - end < mingap) {
1294 mingap = next - end;
1298 if (offset == RAM_ADDR_MAX) {
1299 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1307 ram_addr_t last_ram_offset(void)
1310 ram_addr_t last = 0;
1313 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1314 last = MAX(last, block->offset + block->max_length);
1320 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1324 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1325 if (!machine_dump_guest_core(current_machine)) {
1326 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1328 perror("qemu_madvise");
1329 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1330 "but dump_guest_core=off specified\n");
1335 /* Called within an RCU critical section, or while the ramlist lock
1338 static RAMBlock *find_ram_block(ram_addr_t addr)
1342 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1343 if (block->offset == addr) {
1351 /* Called with iothread lock held. */
1352 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1354 RAMBlock *new_block, *block;
1357 new_block = find_ram_block(addr);
1359 assert(!new_block->idstr[0]);
1362 char *id = qdev_get_dev_path(dev);
1364 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1368 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1370 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1371 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1372 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1380 /* Called with iothread lock held. */
1381 void qemu_ram_unset_idstr(ram_addr_t addr)
1385 /* FIXME: arch_init.c assumes that this is not called throughout
1386 * migration. Ignore the problem since hot-unplug during migration
1387 * does not work anyway.
1391 block = find_ram_block(addr);
1393 memset(block->idstr, 0, sizeof(block->idstr));
1398 static int memory_try_enable_merging(void *addr, size_t len)
1400 if (!machine_mem_merge(current_machine)) {
1401 /* disabled by the user */
1405 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1408 /* Only legal before guest might have detected the memory size: e.g. on
1409 * incoming migration, or right after reset.
1411 * As memory core doesn't know how is memory accessed, it is up to
1412 * resize callback to update device state and/or add assertions to detect
1413 * misuse, if necessary.
1415 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1417 RAMBlock *block = find_ram_block(base);
1421 newsize = TARGET_PAGE_ALIGN(newsize);
1423 if (block->used_length == newsize) {
1427 if (!(block->flags & RAM_RESIZEABLE)) {
1428 error_setg_errno(errp, EINVAL,
1429 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1430 " in != 0x" RAM_ADDR_FMT, block->idstr,
1431 newsize, block->used_length);
1435 if (block->max_length < newsize) {
1436 error_setg_errno(errp, EINVAL,
1437 "Length too large: %s: 0x" RAM_ADDR_FMT
1438 " > 0x" RAM_ADDR_FMT, block->idstr,
1439 newsize, block->max_length);
1443 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1444 block->used_length = newsize;
1445 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1447 memory_region_set_size(block->mr, newsize);
1448 if (block->resized) {
1449 block->resized(block->idstr, newsize, block->host);
1454 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1457 RAMBlock *last_block = NULL;
1458 ram_addr_t old_ram_size, new_ram_size;
1460 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1462 qemu_mutex_lock_ramlist();
1463 new_block->offset = find_ram_offset(new_block->max_length);
1465 if (!new_block->host) {
1466 if (xen_enabled()) {
1467 xen_ram_alloc(new_block->offset, new_block->max_length,
1470 new_block->host = phys_mem_alloc(new_block->max_length,
1471 &new_block->mr->align);
1472 if (!new_block->host) {
1473 error_setg_errno(errp, errno,
1474 "cannot set up guest memory '%s'",
1475 memory_region_name(new_block->mr));
1476 qemu_mutex_unlock_ramlist();
1479 memory_try_enable_merging(new_block->host, new_block->max_length);
1483 new_ram_size = MAX(old_ram_size,
1484 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1485 if (new_ram_size > old_ram_size) {
1486 migration_bitmap_extend(old_ram_size, new_ram_size);
1488 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1489 * QLIST (which has an RCU-friendly variant) does not have insertion at
1490 * tail, so save the last element in last_block.
1492 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1494 if (block->max_length < new_block->max_length) {
1499 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1500 } else if (last_block) {
1501 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1502 } else { /* list is empty */
1503 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1505 ram_list.mru_block = NULL;
1507 /* Write list before version */
1510 qemu_mutex_unlock_ramlist();
1512 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1514 if (new_ram_size > old_ram_size) {
1517 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1518 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1519 ram_list.dirty_memory[i] =
1520 bitmap_zero_extend(ram_list.dirty_memory[i],
1521 old_ram_size, new_ram_size);
1524 cpu_physical_memory_set_dirty_range(new_block->offset,
1525 new_block->used_length,
1528 if (new_block->host) {
1529 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1530 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1531 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1532 if (kvm_enabled()) {
1533 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1537 return new_block->offset;
1541 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1542 bool share, const char *mem_path,
1545 RAMBlock *new_block;
1547 Error *local_err = NULL;
1549 if (xen_enabled()) {
1550 error_setg(errp, "-mem-path not supported with Xen");
1554 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1556 * file_ram_alloc() needs to allocate just like
1557 * phys_mem_alloc, but we haven't bothered to provide
1561 "-mem-path not supported with this accelerator");
1565 size = TARGET_PAGE_ALIGN(size);
1566 new_block = g_malloc0(sizeof(*new_block));
1568 new_block->used_length = size;
1569 new_block->max_length = size;
1570 new_block->flags = share ? RAM_SHARED : 0;
1571 new_block->host = file_ram_alloc(new_block, size,
1573 if (!new_block->host) {
1578 addr = ram_block_add(new_block, &local_err);
1581 error_propagate(errp, local_err);
1589 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1590 void (*resized)(const char*,
1593 void *host, bool resizeable,
1594 MemoryRegion *mr, Error **errp)
1596 RAMBlock *new_block;
1598 Error *local_err = NULL;
1600 size = TARGET_PAGE_ALIGN(size);
1601 max_size = TARGET_PAGE_ALIGN(max_size);
1602 new_block = g_malloc0(sizeof(*new_block));
1604 new_block->resized = resized;
1605 new_block->used_length = size;
1606 new_block->max_length = max_size;
1607 assert(max_size >= size);
1609 new_block->host = host;
1611 new_block->flags |= RAM_PREALLOC;
1614 new_block->flags |= RAM_RESIZEABLE;
1616 addr = ram_block_add(new_block, &local_err);
1619 error_propagate(errp, local_err);
1625 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1626 MemoryRegion *mr, Error **errp)
1628 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1631 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1633 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1636 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1637 void (*resized)(const char*,
1640 MemoryRegion *mr, Error **errp)
1642 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1645 void qemu_ram_free_from_ptr(ram_addr_t addr)
1649 qemu_mutex_lock_ramlist();
1650 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1651 if (addr == block->offset) {
1652 QLIST_REMOVE_RCU(block, next);
1653 ram_list.mru_block = NULL;
1654 /* Write list before version */
1657 g_free_rcu(block, rcu);
1661 qemu_mutex_unlock_ramlist();
1664 static void reclaim_ramblock(RAMBlock *block)
1666 if (block->flags & RAM_PREALLOC) {
1668 } else if (xen_enabled()) {
1669 xen_invalidate_map_cache_entry(block->host);
1671 } else if (block->fd >= 0) {
1672 munmap(block->host, block->max_length);
1676 qemu_anon_ram_free(block->host, block->max_length);
1681 void qemu_ram_free(ram_addr_t addr)
1685 qemu_mutex_lock_ramlist();
1686 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1687 if (addr == block->offset) {
1688 QLIST_REMOVE_RCU(block, next);
1689 ram_list.mru_block = NULL;
1690 /* Write list before version */
1693 call_rcu(block, reclaim_ramblock, rcu);
1697 qemu_mutex_unlock_ramlist();
1701 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1708 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1709 offset = addr - block->offset;
1710 if (offset < block->max_length) {
1711 vaddr = ramblock_ptr(block, offset);
1712 if (block->flags & RAM_PREALLOC) {
1714 } else if (xen_enabled()) {
1718 if (block->fd >= 0) {
1719 flags |= (block->flags & RAM_SHARED ?
1720 MAP_SHARED : MAP_PRIVATE);
1721 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1722 flags, block->fd, offset);
1725 * Remap needs to match alloc. Accelerators that
1726 * set phys_mem_alloc never remap. If they did,
1727 * we'd need a remap hook here.
1729 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1731 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1732 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1735 if (area != vaddr) {
1736 fprintf(stderr, "Could not remap addr: "
1737 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1741 memory_try_enable_merging(vaddr, length);
1742 qemu_ram_setup_dump(vaddr, length);
1747 #endif /* !_WIN32 */
1749 int qemu_get_ram_fd(ram_addr_t addr)
1755 block = qemu_get_ram_block(addr);
1761 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1767 block = qemu_get_ram_block(addr);
1768 ptr = ramblock_ptr(block, 0);
1773 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1774 * This should not be used for general purpose DMA. Use address_space_map
1775 * or address_space_rw instead. For local memory (e.g. video ram) that the
1776 * device owns, use memory_region_get_ram_ptr.
1778 * By the time this function returns, the returned pointer is not protected
1779 * by RCU anymore. If the caller is not within an RCU critical section and
1780 * does not hold the iothread lock, it must have other means of protecting the
1781 * pointer, such as a reference to the region that includes the incoming
1784 void *qemu_get_ram_ptr(ram_addr_t addr)
1790 block = qemu_get_ram_block(addr);
1792 if (xen_enabled() && block->host == NULL) {
1793 /* We need to check if the requested address is in the RAM
1794 * because we don't want to map the entire memory in QEMU.
1795 * In that case just map until the end of the page.
1797 if (block->offset == 0) {
1798 ptr = xen_map_cache(addr, 0, 0);
1802 block->host = xen_map_cache(block->offset, block->max_length, 1);
1804 ptr = ramblock_ptr(block, addr - block->offset);
1811 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1812 * but takes a size argument.
1814 * By the time this function returns, the returned pointer is not protected
1815 * by RCU anymore. If the caller is not within an RCU critical section and
1816 * does not hold the iothread lock, it must have other means of protecting the
1817 * pointer, such as a reference to the region that includes the incoming
1820 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1826 if (xen_enabled()) {
1827 return xen_map_cache(addr, *size, 1);
1831 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1832 if (addr - block->offset < block->max_length) {
1833 if (addr - block->offset + *size > block->max_length)
1834 *size = block->max_length - addr + block->offset;
1835 ptr = ramblock_ptr(block, addr - block->offset);
1841 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1846 /* Some of the softmmu routines need to translate from a host pointer
1847 * (typically a TLB entry) back to a ram offset.
1849 * By the time this function returns, the returned pointer is not protected
1850 * by RCU anymore. If the caller is not within an RCU critical section and
1851 * does not hold the iothread lock, it must have other means of protecting the
1852 * pointer, such as a reference to the region that includes the incoming
1855 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1858 uint8_t *host = ptr;
1861 if (xen_enabled()) {
1863 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1864 mr = qemu_get_ram_block(*ram_addr)->mr;
1870 block = atomic_rcu_read(&ram_list.mru_block);
1871 if (block && block->host && host - block->host < block->max_length) {
1875 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1876 /* This case append when the block is not mapped. */
1877 if (block->host == NULL) {
1880 if (host - block->host < block->max_length) {
1889 *ram_addr = block->offset + (host - block->host);
1895 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1896 uint64_t val, unsigned size)
1898 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1899 tb_invalidate_phys_page_fast(ram_addr, size);
1903 stb_p(qemu_get_ram_ptr(ram_addr), val);
1906 stw_p(qemu_get_ram_ptr(ram_addr), val);
1909 stl_p(qemu_get_ram_ptr(ram_addr), val);
1914 /* Set both VGA and migration bits for simplicity and to remove
1915 * the notdirty callback faster.
1917 cpu_physical_memory_set_dirty_range(ram_addr, size,
1918 DIRTY_CLIENTS_NOCODE);
1919 /* we remove the notdirty callback only if the code has been
1921 if (!cpu_physical_memory_is_clean(ram_addr)) {
1922 CPUArchState *env = current_cpu->env_ptr;
1923 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1927 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1928 unsigned size, bool is_write)
1933 static const MemoryRegionOps notdirty_mem_ops = {
1934 .write = notdirty_mem_write,
1935 .valid.accepts = notdirty_mem_accepts,
1936 .endianness = DEVICE_NATIVE_ENDIAN,
1939 /* Generate a debug exception if a watchpoint has been hit. */
1940 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1942 CPUState *cpu = current_cpu;
1943 CPUArchState *env = cpu->env_ptr;
1944 target_ulong pc, cs_base;
1949 if (cpu->watchpoint_hit) {
1950 /* We re-entered the check after replacing the TB. Now raise
1951 * the debug interrupt so that is will trigger after the
1952 * current instruction. */
1953 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1956 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1957 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1958 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1959 && (wp->flags & flags)) {
1960 if (flags == BP_MEM_READ) {
1961 wp->flags |= BP_WATCHPOINT_HIT_READ;
1963 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1965 wp->hitaddr = vaddr;
1966 wp->hitattrs = attrs;
1967 if (!cpu->watchpoint_hit) {
1968 cpu->watchpoint_hit = wp;
1969 tb_check_watchpoint(cpu);
1970 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1971 cpu->exception_index = EXCP_DEBUG;
1974 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1975 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1976 cpu_resume_from_signal(cpu, NULL);
1980 wp->flags &= ~BP_WATCHPOINT_HIT;
1985 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1986 so these check for a hit then pass through to the normal out-of-line
1988 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1989 unsigned size, MemTxAttrs attrs)
1994 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1997 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2000 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2003 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2011 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2012 uint64_t val, unsigned size,
2017 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2020 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2023 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2026 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2033 static const MemoryRegionOps watch_mem_ops = {
2034 .read_with_attrs = watch_mem_read,
2035 .write_with_attrs = watch_mem_write,
2036 .endianness = DEVICE_NATIVE_ENDIAN,
2039 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2040 unsigned len, MemTxAttrs attrs)
2042 subpage_t *subpage = opaque;
2046 #if defined(DEBUG_SUBPAGE)
2047 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2048 subpage, len, addr);
2050 res = address_space_read(subpage->as, addr + subpage->base,
2057 *data = ldub_p(buf);
2060 *data = lduw_p(buf);
2073 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2074 uint64_t value, unsigned len, MemTxAttrs attrs)
2076 subpage_t *subpage = opaque;
2079 #if defined(DEBUG_SUBPAGE)
2080 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2081 " value %"PRIx64"\n",
2082 __func__, subpage, len, addr, value);
2100 return address_space_write(subpage->as, addr + subpage->base,
2104 static bool subpage_accepts(void *opaque, hwaddr addr,
2105 unsigned len, bool is_write)
2107 subpage_t *subpage = opaque;
2108 #if defined(DEBUG_SUBPAGE)
2109 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2110 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2113 return address_space_access_valid(subpage->as, addr + subpage->base,
2117 static const MemoryRegionOps subpage_ops = {
2118 .read_with_attrs = subpage_read,
2119 .write_with_attrs = subpage_write,
2120 .impl.min_access_size = 1,
2121 .impl.max_access_size = 8,
2122 .valid.min_access_size = 1,
2123 .valid.max_access_size = 8,
2124 .valid.accepts = subpage_accepts,
2125 .endianness = DEVICE_NATIVE_ENDIAN,
2128 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2133 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2135 idx = SUBPAGE_IDX(start);
2136 eidx = SUBPAGE_IDX(end);
2137 #if defined(DEBUG_SUBPAGE)
2138 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2139 __func__, mmio, start, end, idx, eidx, section);
2141 for (; idx <= eidx; idx++) {
2142 mmio->sub_section[idx] = section;
2148 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2152 mmio = g_malloc0(sizeof(subpage_t));
2156 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2157 NULL, TARGET_PAGE_SIZE);
2158 mmio->iomem.subpage = true;
2159 #if defined(DEBUG_SUBPAGE)
2160 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2161 mmio, base, TARGET_PAGE_SIZE);
2163 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2168 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2172 MemoryRegionSection section = {
2173 .address_space = as,
2175 .offset_within_address_space = 0,
2176 .offset_within_region = 0,
2177 .size = int128_2_64(),
2180 return phys_section_add(map, §ion);
2183 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2185 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2186 MemoryRegionSection *sections = d->map.sections;
2188 return sections[index & ~TARGET_PAGE_MASK].mr;
2191 static void io_mem_init(void)
2193 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2194 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2196 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2198 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2202 static void mem_begin(MemoryListener *listener)
2204 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2205 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2208 n = dummy_section(&d->map, as, &io_mem_unassigned);
2209 assert(n == PHYS_SECTION_UNASSIGNED);
2210 n = dummy_section(&d->map, as, &io_mem_notdirty);
2211 assert(n == PHYS_SECTION_NOTDIRTY);
2212 n = dummy_section(&d->map, as, &io_mem_rom);
2213 assert(n == PHYS_SECTION_ROM);
2214 n = dummy_section(&d->map, as, &io_mem_watch);
2215 assert(n == PHYS_SECTION_WATCH);
2217 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2219 as->next_dispatch = d;
2222 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2224 phys_sections_free(&d->map);
2228 static void mem_commit(MemoryListener *listener)
2230 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2231 AddressSpaceDispatch *cur = as->dispatch;
2232 AddressSpaceDispatch *next = as->next_dispatch;
2234 phys_page_compact_all(next, next->map.nodes_nb);
2236 atomic_rcu_set(&as->dispatch, next);
2238 call_rcu(cur, address_space_dispatch_free, rcu);
2242 static void tcg_commit(MemoryListener *listener)
2246 /* since each CPU stores ram addresses in its TLB cache, we must
2247 reset the modified entries */
2250 /* FIXME: Disentangle the cpu.h circular files deps so we can
2251 directly get the right CPU from listener. */
2252 if (cpu->tcg_as_listener != listener) {
2255 cpu_reload_memory_map(cpu);
2259 void address_space_init_dispatch(AddressSpace *as)
2261 as->dispatch = NULL;
2262 as->dispatch_listener = (MemoryListener) {
2264 .commit = mem_commit,
2265 .region_add = mem_add,
2266 .region_nop = mem_add,
2269 memory_listener_register(&as->dispatch_listener, as);
2272 void address_space_unregister(AddressSpace *as)
2274 memory_listener_unregister(&as->dispatch_listener);
2277 void address_space_destroy_dispatch(AddressSpace *as)
2279 AddressSpaceDispatch *d = as->dispatch;
2281 atomic_rcu_set(&as->dispatch, NULL);
2283 call_rcu(d, address_space_dispatch_free, rcu);
2287 static void memory_map_init(void)
2289 system_memory = g_malloc(sizeof(*system_memory));
2291 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2292 address_space_init(&address_space_memory, system_memory, "memory");
2294 system_io = g_malloc(sizeof(*system_io));
2295 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2297 address_space_init(&address_space_io, system_io, "I/O");
2300 MemoryRegion *get_system_memory(void)
2302 return system_memory;
2305 MemoryRegion *get_system_io(void)
2310 #endif /* !defined(CONFIG_USER_ONLY) */
2312 /* physical memory access (slow version, mainly for debug) */
2313 #if defined(CONFIG_USER_ONLY)
2314 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2315 uint8_t *buf, int len, int is_write)
2322 page = addr & TARGET_PAGE_MASK;
2323 l = (page + TARGET_PAGE_SIZE) - addr;
2326 flags = page_get_flags(page);
2327 if (!(flags & PAGE_VALID))
2330 if (!(flags & PAGE_WRITE))
2332 /* XXX: this code should not depend on lock_user */
2333 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2336 unlock_user(p, addr, l);
2338 if (!(flags & PAGE_READ))
2340 /* XXX: this code should not depend on lock_user */
2341 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2344 unlock_user(p, addr, 0);
2355 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2358 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2359 /* No early return if dirty_log_mask is or becomes 0, because
2360 * cpu_physical_memory_set_dirty_range will still call
2361 * xen_modified_memory.
2363 if (dirty_log_mask) {
2365 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2367 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2368 tb_invalidate_phys_range(addr, addr + length);
2369 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2371 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2374 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2376 unsigned access_size_max = mr->ops->valid.max_access_size;
2378 /* Regions are assumed to support 1-4 byte accesses unless
2379 otherwise specified. */
2380 if (access_size_max == 0) {
2381 access_size_max = 4;
2384 /* Bound the maximum access by the alignment of the address. */
2385 if (!mr->ops->impl.unaligned) {
2386 unsigned align_size_max = addr & -addr;
2387 if (align_size_max != 0 && align_size_max < access_size_max) {
2388 access_size_max = align_size_max;
2392 /* Don't attempt accesses larger than the maximum. */
2393 if (l > access_size_max) {
2394 l = access_size_max;
2401 static bool prepare_mmio_access(MemoryRegion *mr)
2403 bool unlocked = !qemu_mutex_iothread_locked();
2404 bool release_lock = false;
2406 if (unlocked && mr->global_locking) {
2407 qemu_mutex_lock_iothread();
2409 release_lock = true;
2411 if (mr->flush_coalesced_mmio) {
2413 qemu_mutex_lock_iothread();
2415 qemu_flush_coalesced_mmio_buffer();
2417 qemu_mutex_unlock_iothread();
2421 return release_lock;
2424 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2425 uint8_t *buf, int len, bool is_write)
2432 MemTxResult result = MEMTX_OK;
2433 bool release_lock = false;
2438 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2441 if (!memory_access_is_direct(mr, is_write)) {
2442 release_lock |= prepare_mmio_access(mr);
2443 l = memory_access_size(mr, l, addr1);
2444 /* XXX: could force current_cpu to NULL to avoid
2448 /* 64 bit write access */
2450 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2454 /* 32 bit write access */
2456 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2460 /* 16 bit write access */
2462 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2466 /* 8 bit write access */
2468 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2475 addr1 += memory_region_get_ram_addr(mr);
2477 ptr = qemu_get_ram_ptr(addr1);
2478 memcpy(ptr, buf, l);
2479 invalidate_and_set_dirty(mr, addr1, l);
2482 if (!memory_access_is_direct(mr, is_write)) {
2484 release_lock |= prepare_mmio_access(mr);
2485 l = memory_access_size(mr, l, addr1);
2488 /* 64 bit read access */
2489 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2494 /* 32 bit read access */
2495 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2500 /* 16 bit read access */
2501 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2506 /* 8 bit read access */
2507 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2516 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2517 memcpy(buf, ptr, l);
2522 qemu_mutex_unlock_iothread();
2523 release_lock = false;
2535 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2536 const uint8_t *buf, int len)
2538 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2541 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2542 uint8_t *buf, int len)
2544 return address_space_rw(as, addr, attrs, buf, len, false);
2548 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2549 int len, int is_write)
2551 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2552 buf, len, is_write);
2555 enum write_rom_type {
2560 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2561 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2571 mr = address_space_translate(as, addr, &addr1, &l, true);
2573 if (!(memory_region_is_ram(mr) ||
2574 memory_region_is_romd(mr))) {
2575 l = memory_access_size(mr, l, addr1);
2577 addr1 += memory_region_get_ram_addr(mr);
2579 ptr = qemu_get_ram_ptr(addr1);
2582 memcpy(ptr, buf, l);
2583 invalidate_and_set_dirty(mr, addr1, l);
2586 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2597 /* used for ROM loading : can write in RAM and ROM */
2598 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2599 const uint8_t *buf, int len)
2601 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2604 void cpu_flush_icache_range(hwaddr start, int len)
2607 * This function should do the same thing as an icache flush that was
2608 * triggered from within the guest. For TCG we are always cache coherent,
2609 * so there is no need to flush anything. For KVM / Xen we need to flush
2610 * the host's instruction cache at least.
2612 if (tcg_enabled()) {
2616 cpu_physical_memory_write_rom_internal(&address_space_memory,
2617 start, NULL, len, FLUSH_CACHE);
2628 static BounceBuffer bounce;
2630 typedef struct MapClient {
2632 QLIST_ENTRY(MapClient) link;
2635 QemuMutex map_client_list_lock;
2636 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2637 = QLIST_HEAD_INITIALIZER(map_client_list);
2639 static void cpu_unregister_map_client_do(MapClient *client)
2641 QLIST_REMOVE(client, link);
2645 static void cpu_notify_map_clients_locked(void)
2649 while (!QLIST_EMPTY(&map_client_list)) {
2650 client = QLIST_FIRST(&map_client_list);
2651 qemu_bh_schedule(client->bh);
2652 cpu_unregister_map_client_do(client);
2656 void cpu_register_map_client(QEMUBH *bh)
2658 MapClient *client = g_malloc(sizeof(*client));
2660 qemu_mutex_lock(&map_client_list_lock);
2662 QLIST_INSERT_HEAD(&map_client_list, client, link);
2663 if (!atomic_read(&bounce.in_use)) {
2664 cpu_notify_map_clients_locked();
2666 qemu_mutex_unlock(&map_client_list_lock);
2669 void cpu_exec_init_all(void)
2671 qemu_mutex_init(&ram_list.mutex);
2674 qemu_mutex_init(&map_client_list_lock);
2677 void cpu_unregister_map_client(QEMUBH *bh)
2681 qemu_mutex_lock(&map_client_list_lock);
2682 QLIST_FOREACH(client, &map_client_list, link) {
2683 if (client->bh == bh) {
2684 cpu_unregister_map_client_do(client);
2688 qemu_mutex_unlock(&map_client_list_lock);
2691 static void cpu_notify_map_clients(void)
2693 qemu_mutex_lock(&map_client_list_lock);
2694 cpu_notify_map_clients_locked();
2695 qemu_mutex_unlock(&map_client_list_lock);
2698 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2706 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2707 if (!memory_access_is_direct(mr, is_write)) {
2708 l = memory_access_size(mr, l, addr);
2709 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2721 /* Map a physical memory region into a host virtual address.
2722 * May map a subset of the requested range, given by and returned in *plen.
2723 * May return NULL if resources needed to perform the mapping are exhausted.
2724 * Use only for reads OR writes - not for read-modify-write operations.
2725 * Use cpu_register_map_client() to know when retrying the map operation is
2726 * likely to succeed.
2728 void *address_space_map(AddressSpace *as,
2735 hwaddr l, xlat, base;
2736 MemoryRegion *mr, *this_mr;
2745 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2747 if (!memory_access_is_direct(mr, is_write)) {
2748 if (atomic_xchg(&bounce.in_use, true)) {
2752 /* Avoid unbounded allocations */
2753 l = MIN(l, TARGET_PAGE_SIZE);
2754 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2758 memory_region_ref(mr);
2761 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2767 return bounce.buffer;
2771 raddr = memory_region_get_ram_addr(mr);
2782 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2783 if (this_mr != mr || xlat != base + done) {
2788 memory_region_ref(mr);
2791 return qemu_ram_ptr_length(raddr + base, plen);
2794 /* Unmaps a memory region previously mapped by address_space_map().
2795 * Will also mark the memory as dirty if is_write == 1. access_len gives
2796 * the amount of memory that was actually read or written by the caller.
2798 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2799 int is_write, hwaddr access_len)
2801 if (buffer != bounce.buffer) {
2805 mr = qemu_ram_addr_from_host(buffer, &addr1);
2808 invalidate_and_set_dirty(mr, addr1, access_len);
2810 if (xen_enabled()) {
2811 xen_invalidate_map_cache_entry(buffer);
2813 memory_region_unref(mr);
2817 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2818 bounce.buffer, access_len);
2820 qemu_vfree(bounce.buffer);
2821 bounce.buffer = NULL;
2822 memory_region_unref(bounce.mr);
2823 atomic_mb_set(&bounce.in_use, false);
2824 cpu_notify_map_clients();
2827 void *cpu_physical_memory_map(hwaddr addr,
2831 return address_space_map(&address_space_memory, addr, plen, is_write);
2834 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2835 int is_write, hwaddr access_len)
2837 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2840 /* warning: addr must be aligned */
2841 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2843 MemTxResult *result,
2844 enum device_endian endian)
2852 bool release_lock = false;
2855 mr = address_space_translate(as, addr, &addr1, &l, false);
2856 if (l < 4 || !memory_access_is_direct(mr, false)) {
2857 release_lock |= prepare_mmio_access(mr);
2860 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2861 #if defined(TARGET_WORDS_BIGENDIAN)
2862 if (endian == DEVICE_LITTLE_ENDIAN) {
2866 if (endian == DEVICE_BIG_ENDIAN) {
2872 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2876 case DEVICE_LITTLE_ENDIAN:
2877 val = ldl_le_p(ptr);
2879 case DEVICE_BIG_ENDIAN:
2880 val = ldl_be_p(ptr);
2892 qemu_mutex_unlock_iothread();
2898 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2899 MemTxAttrs attrs, MemTxResult *result)
2901 return address_space_ldl_internal(as, addr, attrs, result,
2902 DEVICE_NATIVE_ENDIAN);
2905 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2906 MemTxAttrs attrs, MemTxResult *result)
2908 return address_space_ldl_internal(as, addr, attrs, result,
2909 DEVICE_LITTLE_ENDIAN);
2912 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2913 MemTxAttrs attrs, MemTxResult *result)
2915 return address_space_ldl_internal(as, addr, attrs, result,
2919 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2921 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2924 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2926 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2929 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2931 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2934 /* warning: addr must be aligned */
2935 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2937 MemTxResult *result,
2938 enum device_endian endian)
2946 bool release_lock = false;
2949 mr = address_space_translate(as, addr, &addr1, &l,
2951 if (l < 8 || !memory_access_is_direct(mr, false)) {
2952 release_lock |= prepare_mmio_access(mr);
2955 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2956 #if defined(TARGET_WORDS_BIGENDIAN)
2957 if (endian == DEVICE_LITTLE_ENDIAN) {
2961 if (endian == DEVICE_BIG_ENDIAN) {
2967 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2971 case DEVICE_LITTLE_ENDIAN:
2972 val = ldq_le_p(ptr);
2974 case DEVICE_BIG_ENDIAN:
2975 val = ldq_be_p(ptr);
2987 qemu_mutex_unlock_iothread();
2993 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2994 MemTxAttrs attrs, MemTxResult *result)
2996 return address_space_ldq_internal(as, addr, attrs, result,
2997 DEVICE_NATIVE_ENDIAN);
3000 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3001 MemTxAttrs attrs, MemTxResult *result)
3003 return address_space_ldq_internal(as, addr, attrs, result,
3004 DEVICE_LITTLE_ENDIAN);
3007 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3008 MemTxAttrs attrs, MemTxResult *result)
3010 return address_space_ldq_internal(as, addr, attrs, result,
3014 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3016 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3019 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3021 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3024 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3026 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3030 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs, MemTxResult *result)
3036 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3043 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3045 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3048 /* warning: addr must be aligned */
3049 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3052 MemTxResult *result,
3053 enum device_endian endian)
3061 bool release_lock = false;
3064 mr = address_space_translate(as, addr, &addr1, &l,
3066 if (l < 2 || !memory_access_is_direct(mr, false)) {
3067 release_lock |= prepare_mmio_access(mr);
3070 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3071 #if defined(TARGET_WORDS_BIGENDIAN)
3072 if (endian == DEVICE_LITTLE_ENDIAN) {
3076 if (endian == DEVICE_BIG_ENDIAN) {
3082 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3086 case DEVICE_LITTLE_ENDIAN:
3087 val = lduw_le_p(ptr);
3089 case DEVICE_BIG_ENDIAN:
3090 val = lduw_be_p(ptr);
3102 qemu_mutex_unlock_iothread();
3108 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3109 MemTxAttrs attrs, MemTxResult *result)
3111 return address_space_lduw_internal(as, addr, attrs, result,
3112 DEVICE_NATIVE_ENDIAN);
3115 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3116 MemTxAttrs attrs, MemTxResult *result)
3118 return address_space_lduw_internal(as, addr, attrs, result,
3119 DEVICE_LITTLE_ENDIAN);
3122 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs, MemTxResult *result)
3125 return address_space_lduw_internal(as, addr, attrs, result,
3129 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3131 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3134 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3136 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3139 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3141 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3144 /* warning: addr must be aligned. The ram page is not masked as dirty
3145 and the code inside is not invalidated. It is useful if the dirty
3146 bits are used to track modified PTEs */
3147 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3148 MemTxAttrs attrs, MemTxResult *result)
3155 uint8_t dirty_log_mask;
3156 bool release_lock = false;
3159 mr = address_space_translate(as, addr, &addr1, &l,
3161 if (l < 4 || !memory_access_is_direct(mr, true)) {
3162 release_lock |= prepare_mmio_access(mr);
3164 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3166 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3167 ptr = qemu_get_ram_ptr(addr1);
3170 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3171 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3172 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3179 qemu_mutex_unlock_iothread();
3184 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3186 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3189 /* warning: addr must be aligned */
3190 static inline void address_space_stl_internal(AddressSpace *as,
3191 hwaddr addr, uint32_t val,
3193 MemTxResult *result,
3194 enum device_endian endian)
3201 bool release_lock = false;
3204 mr = address_space_translate(as, addr, &addr1, &l,
3206 if (l < 4 || !memory_access_is_direct(mr, true)) {
3207 release_lock |= prepare_mmio_access(mr);
3209 #if defined(TARGET_WORDS_BIGENDIAN)
3210 if (endian == DEVICE_LITTLE_ENDIAN) {
3214 if (endian == DEVICE_BIG_ENDIAN) {
3218 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3221 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3222 ptr = qemu_get_ram_ptr(addr1);
3224 case DEVICE_LITTLE_ENDIAN:
3227 case DEVICE_BIG_ENDIAN:
3234 invalidate_and_set_dirty(mr, addr1, 4);
3241 qemu_mutex_unlock_iothread();
3246 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3247 MemTxAttrs attrs, MemTxResult *result)
3249 address_space_stl_internal(as, addr, val, attrs, result,
3250 DEVICE_NATIVE_ENDIAN);
3253 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3254 MemTxAttrs attrs, MemTxResult *result)
3256 address_space_stl_internal(as, addr, val, attrs, result,
3257 DEVICE_LITTLE_ENDIAN);
3260 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3261 MemTxAttrs attrs, MemTxResult *result)
3263 address_space_stl_internal(as, addr, val, attrs, result,
3267 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3269 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3272 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3274 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3277 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3279 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3283 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3284 MemTxAttrs attrs, MemTxResult *result)
3289 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3295 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3297 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3300 /* warning: addr must be aligned */
3301 static inline void address_space_stw_internal(AddressSpace *as,
3302 hwaddr addr, uint32_t val,
3304 MemTxResult *result,
3305 enum device_endian endian)
3312 bool release_lock = false;
3315 mr = address_space_translate(as, addr, &addr1, &l, true);
3316 if (l < 2 || !memory_access_is_direct(mr, true)) {
3317 release_lock |= prepare_mmio_access(mr);
3319 #if defined(TARGET_WORDS_BIGENDIAN)
3320 if (endian == DEVICE_LITTLE_ENDIAN) {
3324 if (endian == DEVICE_BIG_ENDIAN) {
3328 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3331 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3332 ptr = qemu_get_ram_ptr(addr1);
3334 case DEVICE_LITTLE_ENDIAN:
3337 case DEVICE_BIG_ENDIAN:
3344 invalidate_and_set_dirty(mr, addr1, 2);
3351 qemu_mutex_unlock_iothread();
3356 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3357 MemTxAttrs attrs, MemTxResult *result)
3359 address_space_stw_internal(as, addr, val, attrs, result,
3360 DEVICE_NATIVE_ENDIAN);
3363 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3364 MemTxAttrs attrs, MemTxResult *result)
3366 address_space_stw_internal(as, addr, val, attrs, result,
3367 DEVICE_LITTLE_ENDIAN);
3370 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3371 MemTxAttrs attrs, MemTxResult *result)
3373 address_space_stw_internal(as, addr, val, attrs, result,
3377 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3379 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3382 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3384 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3387 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3389 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3393 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3398 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3404 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3405 MemTxAttrs attrs, MemTxResult *result)
3408 val = cpu_to_le64(val);
3409 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3414 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3415 MemTxAttrs attrs, MemTxResult *result)
3418 val = cpu_to_be64(val);
3419 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3425 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3427 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3430 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3432 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3435 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3437 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3440 /* virtual memory access for debug (includes writing to ROM) */
3441 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3442 uint8_t *buf, int len, int is_write)
3449 page = addr & TARGET_PAGE_MASK;
3450 phys_addr = cpu_get_phys_page_debug(cpu, page);
3451 /* if no physical page mapped, return an error */
3452 if (phys_addr == -1)
3454 l = (page + TARGET_PAGE_SIZE) - addr;
3457 phys_addr += (addr & ~TARGET_PAGE_MASK);
3459 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3461 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3473 * A helper function for the _utterly broken_ virtio device model to find out if
3474 * it's running on a big endian machine. Don't do this at home kids!
3476 bool target_words_bigendian(void);
3477 bool target_words_bigendian(void)
3479 #if defined(TARGET_WORDS_BIGENDIAN)
3486 #ifndef CONFIG_USER_ONLY
3487 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3494 mr = address_space_translate(&address_space_memory,
3495 phys_addr, &phys_addr, &l, false);
3497 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3502 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3508 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3509 ret = func(block->idstr, block->host, block->offset,
3510 block->used_length, opaque);
projects / sdk / emulator / qemu.git / blob