4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 struct AddressSpaceDispatch {
92 /* This is a multi-level map on the physical address space.
93 * The bottom level has pointers to MemoryRegionSections.
95 PhysPageEntry phys_map;
96 MemoryListener listener;
100 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
101 typedef struct subpage_t {
105 uint16_t sub_section[TARGET_PAGE_SIZE];
108 static MemoryRegionSection *phys_sections;
109 static unsigned phys_sections_nb, phys_sections_nb_alloc;
110 static uint16_t phys_section_unassigned;
111 static uint16_t phys_section_notdirty;
112 static uint16_t phys_section_rom;
113 static uint16_t phys_section_watch;
115 /* Simple allocator for PhysPageEntry nodes */
116 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
117 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121 static void io_mem_init(void);
122 static void memory_map_init(void);
123 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125 static MemoryRegion io_mem_watch;
128 #if !defined(CONFIG_USER_ONLY)
130 static void phys_map_node_reserve(unsigned nodes)
132 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
133 typedef PhysPageEntry Node[L2_SIZE];
134 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
136 phys_map_nodes_nb + nodes);
137 phys_map_nodes = g_renew(Node, phys_map_nodes,
138 phys_map_nodes_nb_alloc);
142 static uint16_t phys_map_node_alloc(void)
147 ret = phys_map_nodes_nb++;
148 assert(ret != PHYS_MAP_NODE_NIL);
149 assert(ret != phys_map_nodes_nb_alloc);
150 for (i = 0; i < L2_SIZE; ++i) {
151 phys_map_nodes[ret][i].is_leaf = 0;
152 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
157 static void phys_map_nodes_reset(void)
159 phys_map_nodes_nb = 0;
163 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
164 hwaddr *nb, uint16_t leaf,
169 hwaddr step = (hwaddr)1 << (level * L2_BITS);
171 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
172 lp->ptr = phys_map_node_alloc();
173 p = phys_map_nodes[lp->ptr];
175 for (i = 0; i < L2_SIZE; i++) {
177 p[i].ptr = phys_section_unassigned;
181 p = phys_map_nodes[lp->ptr];
183 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
185 while (*nb && lp < &p[L2_SIZE]) {
186 if ((*index & (step - 1)) == 0 && *nb >= step) {
192 phys_page_set_level(lp, index, nb, leaf, level - 1);
198 static void phys_page_set(AddressSpaceDispatch *d,
199 hwaddr index, hwaddr nb,
202 /* Wildly overreserve - it doesn't matter much. */
203 phys_map_node_reserve(3 * P_L2_LEVELS);
205 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
208 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
210 PhysPageEntry lp = d->phys_map;
214 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
215 if (lp.ptr == PHYS_MAP_NODE_NIL) {
216 return &phys_sections[phys_section_unassigned];
218 p = phys_map_nodes[lp.ptr];
219 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
221 return &phys_sections[lp.ptr];
224 bool memory_region_is_unassigned(MemoryRegion *mr)
226 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
227 && mr != &io_mem_watch;
230 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
232 bool resolve_subpage)
234 MemoryRegionSection *section;
237 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
238 if (resolve_subpage && section->mr->subpage) {
239 subpage = container_of(section->mr, subpage_t, iomem);
240 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
245 static MemoryRegionSection *
246 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
247 hwaddr *plen, bool resolve_subpage)
249 MemoryRegionSection *section;
252 section = address_space_lookup_region(as, addr, resolve_subpage);
253 /* Compute offset within MemoryRegionSection */
254 addr -= section->offset_within_address_space;
256 /* Compute offset within MemoryRegion */
257 *xlat = addr + section->offset_within_region;
259 diff = int128_sub(section->mr->size, int128_make64(addr));
260 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
264 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
265 hwaddr *xlat, hwaddr *plen,
269 MemoryRegionSection *section;
274 section = address_space_translate_internal(as, addr, &addr, plen, true);
277 if (!mr->iommu_ops) {
281 iotlb = mr->iommu_ops->translate(mr, addr);
282 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
283 | (addr & iotlb.addr_mask));
284 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
285 if (!(iotlb.perm & (1 << is_write))) {
286 mr = &io_mem_unassigned;
290 as = iotlb.target_as;
298 MemoryRegionSection *
299 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
302 MemoryRegionSection *section;
303 section = address_space_translate_internal(as, addr, xlat, plen, false);
305 assert(!section->mr->iommu_ops);
310 void cpu_exec_init_all(void)
312 #if !defined(CONFIG_USER_ONLY)
313 qemu_mutex_init(&ram_list.mutex);
319 #if !defined(CONFIG_USER_ONLY)
321 static int cpu_common_post_load(void *opaque, int version_id)
323 CPUState *cpu = opaque;
325 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
326 version_id is increased. */
327 cpu->interrupt_request &= ~0x01;
328 tlb_flush(cpu->env_ptr, 1);
333 const VMStateDescription vmstate_cpu_common = {
334 .name = "cpu_common",
336 .minimum_version_id = 1,
337 .minimum_version_id_old = 1,
338 .post_load = cpu_common_post_load,
339 .fields = (VMStateField []) {
340 VMSTATE_UINT32(halted, CPUState),
341 VMSTATE_UINT32(interrupt_request, CPUState),
342 VMSTATE_END_OF_LIST()
348 CPUState *qemu_get_cpu(int index)
350 CPUArchState *env = first_cpu;
351 CPUState *cpu = NULL;
354 cpu = ENV_GET_CPU(env);
355 if (cpu->cpu_index == index) {
361 return env ? cpu : NULL;
364 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
366 CPUArchState *env = first_cpu;
369 func(ENV_GET_CPU(env), data);
374 void cpu_exec_init(CPUArchState *env)
376 CPUState *cpu = ENV_GET_CPU(env);
377 CPUClass *cc = CPU_GET_CLASS(cpu);
381 #if defined(CONFIG_USER_ONLY)
384 env->next_cpu = NULL;
387 while (*penv != NULL) {
388 penv = &(*penv)->next_cpu;
391 cpu->cpu_index = cpu_index;
393 QTAILQ_INIT(&env->breakpoints);
394 QTAILQ_INIT(&env->watchpoints);
395 #ifndef CONFIG_USER_ONLY
396 cpu->thread_id = qemu_get_thread_id();
399 #if defined(CONFIG_USER_ONLY)
402 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
403 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
404 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
405 cpu_save, cpu_load, env);
406 assert(cc->vmsd == NULL);
408 if (cc->vmsd != NULL) {
409 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
413 #if defined(TARGET_HAS_ICE)
414 #if defined(CONFIG_USER_ONLY)
415 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
417 tb_invalidate_phys_page_range(pc, pc + 1, 0);
420 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
422 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
423 (pc & ~TARGET_PAGE_MASK));
426 #endif /* TARGET_HAS_ICE */
428 #if defined(CONFIG_USER_ONLY)
429 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
434 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
435 int flags, CPUWatchpoint **watchpoint)
440 /* Add a watchpoint. */
441 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
442 int flags, CPUWatchpoint **watchpoint)
444 target_ulong len_mask = ~(len - 1);
447 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
448 if ((len & (len - 1)) || (addr & ~len_mask) ||
449 len == 0 || len > TARGET_PAGE_SIZE) {
450 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
451 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
454 wp = g_malloc(sizeof(*wp));
457 wp->len_mask = len_mask;
460 /* keep all GDB-injected watchpoints in front */
462 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
464 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
466 tlb_flush_page(env, addr);
473 /* Remove a specific watchpoint. */
474 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
477 target_ulong len_mask = ~(len - 1);
480 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
481 if (addr == wp->vaddr && len_mask == wp->len_mask
482 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
483 cpu_watchpoint_remove_by_ref(env, wp);
490 /* Remove a specific watchpoint by reference. */
491 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
493 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
495 tlb_flush_page(env, watchpoint->vaddr);
500 /* Remove all matching watchpoints. */
501 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
503 CPUWatchpoint *wp, *next;
505 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
506 if (wp->flags & mask)
507 cpu_watchpoint_remove_by_ref(env, wp);
512 /* Add a breakpoint. */
513 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
514 CPUBreakpoint **breakpoint)
516 #if defined(TARGET_HAS_ICE)
519 bp = g_malloc(sizeof(*bp));
524 /* keep all GDB-injected breakpoints in front */
526 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
528 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
530 breakpoint_invalidate(env, pc);
540 /* Remove a specific breakpoint. */
541 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
543 #if defined(TARGET_HAS_ICE)
546 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
547 if (bp->pc == pc && bp->flags == flags) {
548 cpu_breakpoint_remove_by_ref(env, bp);
558 /* Remove a specific breakpoint by reference. */
559 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
561 #if defined(TARGET_HAS_ICE)
562 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
564 breakpoint_invalidate(env, breakpoint->pc);
570 /* Remove all matching breakpoints. */
571 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
573 #if defined(TARGET_HAS_ICE)
574 CPUBreakpoint *bp, *next;
576 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
577 if (bp->flags & mask)
578 cpu_breakpoint_remove_by_ref(env, bp);
583 /* enable or disable single step mode. EXCP_DEBUG is returned by the
584 CPU loop after each instruction */
585 void cpu_single_step(CPUArchState *env, int enabled)
587 #if defined(TARGET_HAS_ICE)
588 if (env->singlestep_enabled != enabled) {
589 env->singlestep_enabled = enabled;
591 kvm_update_guest_debug(env, 0);
593 /* must flush all the translated code to avoid inconsistencies */
594 /* XXX: only flush what is necessary */
601 void cpu_abort(CPUArchState *env, const char *fmt, ...)
603 CPUState *cpu = ENV_GET_CPU(env);
609 fprintf(stderr, "qemu: fatal: ");
610 vfprintf(stderr, fmt, ap);
611 fprintf(stderr, "\n");
612 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
613 if (qemu_log_enabled()) {
614 qemu_log("qemu: fatal: ");
615 qemu_log_vprintf(fmt, ap2);
617 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
623 #if defined(CONFIG_USER_ONLY)
625 struct sigaction act;
626 sigfillset(&act.sa_mask);
627 act.sa_handler = SIG_DFL;
628 sigaction(SIGABRT, &act, NULL);
634 CPUArchState *cpu_copy(CPUArchState *env)
636 CPUArchState *new_env = cpu_init(env->cpu_model_str);
637 CPUArchState *next_cpu = new_env->next_cpu;
638 #if defined(TARGET_HAS_ICE)
643 memcpy(new_env, env, sizeof(CPUArchState));
645 /* Preserve chaining. */
646 new_env->next_cpu = next_cpu;
648 /* Clone all break/watchpoints.
649 Note: Once we support ptrace with hw-debug register access, make sure
650 BP_CPU break/watchpoints are handled correctly on clone. */
651 QTAILQ_INIT(&env->breakpoints);
652 QTAILQ_INIT(&env->watchpoints);
653 #if defined(TARGET_HAS_ICE)
654 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
655 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
657 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
658 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
666 #if !defined(CONFIG_USER_ONLY)
667 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
672 /* we modify the TLB cache so that the dirty bit will be set again
673 when accessing the range */
674 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
675 /* Check that we don't span multiple blocks - this breaks the
676 address comparisons below. */
677 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
678 != (end - 1) - start) {
681 cpu_tlb_reset_dirty_all(start1, length);
685 /* Note: start and end must be within the same ram block. */
686 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
691 start &= TARGET_PAGE_MASK;
692 end = TARGET_PAGE_ALIGN(end);
694 length = end - start;
697 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
700 tlb_reset_dirty_range_all(start, end, length);
704 static int cpu_physical_memory_set_dirty_tracking(int enable)
707 in_migration = enable;
711 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
712 MemoryRegionSection *section,
714 hwaddr paddr, hwaddr xlat,
716 target_ulong *address)
721 if (memory_region_is_ram(section->mr)) {
723 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
725 if (!section->readonly) {
726 iotlb |= phys_section_notdirty;
728 iotlb |= phys_section_rom;
731 iotlb = section - phys_sections;
735 /* Make accesses to pages with watchpoints go via the
736 watchpoint trap routines. */
737 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
738 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
739 /* Avoid trapping reads of pages with a write breakpoint. */
740 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
741 iotlb = phys_section_watch + paddr;
742 *address |= TLB_MMIO;
750 #endif /* defined(CONFIG_USER_ONLY) */
752 #if !defined(CONFIG_USER_ONLY)
754 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
756 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
757 static void destroy_page_desc(uint16_t section_index)
759 MemoryRegionSection *section = &phys_sections[section_index];
760 MemoryRegion *mr = section->mr;
763 subpage_t *subpage = container_of(mr, subpage_t, iomem);
764 memory_region_destroy(&subpage->iomem);
769 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
774 if (lp->ptr == PHYS_MAP_NODE_NIL) {
778 p = phys_map_nodes[lp->ptr];
779 for (i = 0; i < L2_SIZE; ++i) {
781 destroy_l2_mapping(&p[i], level - 1);
783 destroy_page_desc(p[i].ptr);
787 lp->ptr = PHYS_MAP_NODE_NIL;
790 static void destroy_all_mappings(AddressSpaceDispatch *d)
792 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
793 phys_map_nodes_reset();
796 static uint16_t phys_section_add(MemoryRegionSection *section)
798 /* The physical section number is ORed with a page-aligned
799 * pointer to produce the iotlb entries. Thus it should
800 * never overflow into the page-aligned value.
802 assert(phys_sections_nb < TARGET_PAGE_SIZE);
804 if (phys_sections_nb == phys_sections_nb_alloc) {
805 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
806 phys_sections = g_renew(MemoryRegionSection, phys_sections,
807 phys_sections_nb_alloc);
809 phys_sections[phys_sections_nb] = *section;
810 return phys_sections_nb++;
813 static void phys_sections_clear(void)
815 phys_sections_nb = 0;
818 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
821 hwaddr base = section->offset_within_address_space
823 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
824 MemoryRegionSection subsection = {
825 .offset_within_address_space = base,
826 .size = int128_make64(TARGET_PAGE_SIZE),
830 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
832 if (!(existing->mr->subpage)) {
833 subpage = subpage_init(d->as, base);
834 subsection.mr = &subpage->iomem;
835 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
836 phys_section_add(&subsection));
838 subpage = container_of(existing->mr, subpage_t, iomem);
840 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
841 end = start + int128_get64(section->size) - 1;
842 subpage_register(subpage, start, end, phys_section_add(section));
846 static void register_multipage(AddressSpaceDispatch *d,
847 MemoryRegionSection *section)
849 hwaddr start_addr = section->offset_within_address_space;
850 uint16_t section_index = phys_section_add(section);
851 uint64_t num_pages = int128_get64(int128_rshift(section->size,
855 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
858 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
860 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
861 MemoryRegionSection now = *section, remain = *section;
862 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
864 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
865 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
866 - now.offset_within_address_space;
868 now.size = int128_min(int128_make64(left), now.size);
869 register_subpage(d, &now);
871 now.size = int128_zero();
873 while (int128_ne(remain.size, now.size)) {
874 remain.size = int128_sub(remain.size, now.size);
875 remain.offset_within_address_space += int128_get64(now.size);
876 remain.offset_within_region += int128_get64(now.size);
878 if (int128_lt(remain.size, page_size)) {
879 register_subpage(d, &now);
880 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
881 now.size = page_size;
882 register_subpage(d, &now);
884 now.size = int128_and(now.size, int128_neg(page_size));
885 register_multipage(d, &now);
890 void qemu_flush_coalesced_mmio_buffer(void)
893 kvm_flush_coalesced_mmio_buffer();
896 void qemu_mutex_lock_ramlist(void)
898 qemu_mutex_lock(&ram_list.mutex);
901 void qemu_mutex_unlock_ramlist(void)
903 qemu_mutex_unlock(&ram_list.mutex);
906 #if defined(__linux__) && !defined(TARGET_S390X)
910 #define HUGETLBFS_MAGIC 0x958458f6
912 static long gethugepagesize(const char *path)
918 ret = statfs(path, &fs);
919 } while (ret != 0 && errno == EINTR);
926 if (fs.f_type != HUGETLBFS_MAGIC)
927 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
932 static void *file_ram_alloc(RAMBlock *block,
937 char *sanitized_name;
944 unsigned long hpagesize;
946 hpagesize = gethugepagesize(path);
951 if (memory < hpagesize) {
955 if (kvm_enabled() && !kvm_has_sync_mmu()) {
956 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
960 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
961 sanitized_name = g_strdup(block->mr->name);
962 for (c = sanitized_name; *c != '\0'; c++) {
967 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
969 g_free(sanitized_name);
971 fd = mkstemp(filename);
973 perror("unable to create backing store for hugepages");
980 memory = (memory+hpagesize-1) & ~(hpagesize-1);
983 * ftruncate is not supported by hugetlbfs in older
984 * hosts, so don't bother bailing out on errors.
985 * If anything goes wrong with it under other filesystems,
988 if (ftruncate(fd, memory))
992 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
993 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
994 * to sidestep this quirk.
996 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
997 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
999 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1001 if (area == MAP_FAILED) {
1002 perror("file_ram_alloc: can't mmap RAM pages");
1011 static ram_addr_t find_ram_offset(ram_addr_t size)
1013 RAMBlock *block, *next_block;
1014 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1016 assert(size != 0); /* it would hand out same offset multiple times */
1018 if (QTAILQ_EMPTY(&ram_list.blocks))
1021 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1022 ram_addr_t end, next = RAM_ADDR_MAX;
1024 end = block->offset + block->length;
1026 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1027 if (next_block->offset >= end) {
1028 next = MIN(next, next_block->offset);
1031 if (next - end >= size && next - end < mingap) {
1033 mingap = next - end;
1037 if (offset == RAM_ADDR_MAX) {
1038 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1046 ram_addr_t last_ram_offset(void)
1049 ram_addr_t last = 0;
1051 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1052 last = MAX(last, block->offset + block->length);
1057 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1060 QemuOpts *machine_opts;
1062 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1063 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1065 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1066 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1068 perror("qemu_madvise");
1069 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1070 "but dump_guest_core=off specified\n");
1075 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1077 RAMBlock *new_block, *block;
1080 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1081 if (block->offset == addr) {
1087 assert(!new_block->idstr[0]);
1090 char *id = qdev_get_dev_path(dev);
1092 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1096 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1098 /* This assumes the iothread lock is taken here too. */
1099 qemu_mutex_lock_ramlist();
1100 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1101 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1102 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1107 qemu_mutex_unlock_ramlist();
1110 static int memory_try_enable_merging(void *addr, size_t len)
1114 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1115 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1116 /* disabled by the user */
1120 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1123 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1126 RAMBlock *block, *new_block;
1128 size = TARGET_PAGE_ALIGN(size);
1129 new_block = g_malloc0(sizeof(*new_block));
1131 /* This assumes the iothread lock is taken here too. */
1132 qemu_mutex_lock_ramlist();
1134 new_block->offset = find_ram_offset(size);
1136 new_block->host = host;
1137 new_block->flags |= RAM_PREALLOC_MASK;
1140 #if defined (__linux__) && !defined(TARGET_S390X)
1141 new_block->host = file_ram_alloc(new_block, size, mem_path);
1142 if (!new_block->host) {
1143 new_block->host = qemu_anon_ram_alloc(size);
1144 memory_try_enable_merging(new_block->host, size);
1147 fprintf(stderr, "-mem-path option unsupported\n");
1151 if (xen_enabled()) {
1152 xen_ram_alloc(new_block->offset, size, mr);
1153 } else if (kvm_enabled()) {
1154 /* some s390/kvm configurations have special constraints */
1155 new_block->host = kvm_ram_alloc(size);
1157 new_block->host = qemu_anon_ram_alloc(size);
1159 memory_try_enable_merging(new_block->host, size);
1162 new_block->length = size;
1164 /* Keep the list sorted from biggest to smallest block. */
1165 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1166 if (block->length < new_block->length) {
1171 QTAILQ_INSERT_BEFORE(block, new_block, next);
1173 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1175 ram_list.mru_block = NULL;
1178 qemu_mutex_unlock_ramlist();
1180 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1181 last_ram_offset() >> TARGET_PAGE_BITS);
1182 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1183 0, size >> TARGET_PAGE_BITS);
1184 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1186 qemu_ram_setup_dump(new_block->host, size);
1187 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1190 kvm_setup_guest_memory(new_block->host, size);
1192 return new_block->offset;
1195 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1197 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1200 void qemu_ram_free_from_ptr(ram_addr_t addr)
1204 /* This assumes the iothread lock is taken here too. */
1205 qemu_mutex_lock_ramlist();
1206 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1207 if (addr == block->offset) {
1208 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1209 ram_list.mru_block = NULL;
1215 qemu_mutex_unlock_ramlist();
1218 void qemu_ram_free(ram_addr_t addr)
1222 /* This assumes the iothread lock is taken here too. */
1223 qemu_mutex_lock_ramlist();
1224 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1225 if (addr == block->offset) {
1226 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1227 ram_list.mru_block = NULL;
1229 if (block->flags & RAM_PREALLOC_MASK) {
1231 } else if (mem_path) {
1232 #if defined (__linux__) && !defined(TARGET_S390X)
1234 munmap(block->host, block->length);
1237 qemu_anon_ram_free(block->host, block->length);
1243 if (xen_enabled()) {
1244 xen_invalidate_map_cache_entry(block->host);
1246 qemu_anon_ram_free(block->host, block->length);
1253 qemu_mutex_unlock_ramlist();
1258 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1265 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1266 offset = addr - block->offset;
1267 if (offset < block->length) {
1268 vaddr = block->host + offset;
1269 if (block->flags & RAM_PREALLOC_MASK) {
1273 munmap(vaddr, length);
1275 #if defined(__linux__) && !defined(TARGET_S390X)
1278 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1281 flags |= MAP_PRIVATE;
1283 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1284 flags, block->fd, offset);
1286 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1287 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1294 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1295 flags |= MAP_SHARED | MAP_ANONYMOUS;
1296 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1299 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1300 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1304 if (area != vaddr) {
1305 fprintf(stderr, "Could not remap addr: "
1306 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1310 memory_try_enable_merging(vaddr, length);
1311 qemu_ram_setup_dump(vaddr, length);
1317 #endif /* !_WIN32 */
1319 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1320 With the exception of the softmmu code in this file, this should
1321 only be used for local memory (e.g. video ram) that the device owns,
1322 and knows it isn't going to access beyond the end of the block.
1324 It should not be used for general purpose DMA.
1325 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1327 void *qemu_get_ram_ptr(ram_addr_t addr)
1331 /* The list is protected by the iothread lock here. */
1332 block = ram_list.mru_block;
1333 if (block && addr - block->offset < block->length) {
1336 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1337 if (addr - block->offset < block->length) {
1342 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1346 ram_list.mru_block = block;
1347 if (xen_enabled()) {
1348 /* We need to check if the requested address is in the RAM
1349 * because we don't want to map the entire memory in QEMU.
1350 * In that case just map until the end of the page.
1352 if (block->offset == 0) {
1353 return xen_map_cache(addr, 0, 0);
1354 } else if (block->host == NULL) {
1356 xen_map_cache(block->offset, block->length, 1);
1359 return block->host + (addr - block->offset);
1362 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1363 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1365 * ??? Is this still necessary?
1367 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1371 /* The list is protected by the iothread lock here. */
1372 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1373 if (addr - block->offset < block->length) {
1374 if (xen_enabled()) {
1375 /* We need to check if the requested address is in the RAM
1376 * because we don't want to map the entire memory in QEMU.
1377 * In that case just map until the end of the page.
1379 if (block->offset == 0) {
1380 return xen_map_cache(addr, 0, 0);
1381 } else if (block->host == NULL) {
1383 xen_map_cache(block->offset, block->length, 1);
1386 return block->host + (addr - block->offset);
1390 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1396 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1397 * but takes a size argument */
1398 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1403 if (xen_enabled()) {
1404 return xen_map_cache(addr, *size, 1);
1408 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1409 if (addr - block->offset < block->length) {
1410 if (addr - block->offset + *size > block->length)
1411 *size = block->length - addr + block->offset;
1412 return block->host + (addr - block->offset);
1416 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1421 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1424 uint8_t *host = ptr;
1426 if (xen_enabled()) {
1427 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1431 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1432 /* This case append when the block is not mapped. */
1433 if (block->host == NULL) {
1436 if (host - block->host < block->length) {
1437 *ram_addr = block->offset + (host - block->host);
1445 /* Some of the softmmu routines need to translate from a host pointer
1446 (typically a TLB entry) back to a ram offset. */
1447 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1449 ram_addr_t ram_addr;
1451 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1452 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1458 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1459 uint64_t val, unsigned size)
1462 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1463 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1464 tb_invalidate_phys_page_fast(ram_addr, size);
1465 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1469 stb_p(qemu_get_ram_ptr(ram_addr), val);
1472 stw_p(qemu_get_ram_ptr(ram_addr), val);
1475 stl_p(qemu_get_ram_ptr(ram_addr), val);
1480 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1481 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1482 /* we remove the notdirty callback only if the code has been
1484 if (dirty_flags == 0xff)
1485 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1488 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1489 unsigned size, bool is_write)
1494 static const MemoryRegionOps notdirty_mem_ops = {
1495 .write = notdirty_mem_write,
1496 .valid.accepts = notdirty_mem_accepts,
1497 .endianness = DEVICE_NATIVE_ENDIAN,
1500 /* Generate a debug exception if a watchpoint has been hit. */
1501 static void check_watchpoint(int offset, int len_mask, int flags)
1503 CPUArchState *env = cpu_single_env;
1504 target_ulong pc, cs_base;
1509 if (env->watchpoint_hit) {
1510 /* We re-entered the check after replacing the TB. Now raise
1511 * the debug interrupt so that is will trigger after the
1512 * current instruction. */
1513 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1516 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1517 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1518 if ((vaddr == (wp->vaddr & len_mask) ||
1519 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1520 wp->flags |= BP_WATCHPOINT_HIT;
1521 if (!env->watchpoint_hit) {
1522 env->watchpoint_hit = wp;
1523 tb_check_watchpoint(env);
1524 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1525 env->exception_index = EXCP_DEBUG;
1528 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1529 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1530 cpu_resume_from_signal(env, NULL);
1534 wp->flags &= ~BP_WATCHPOINT_HIT;
1539 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1540 so these check for a hit then pass through to the normal out-of-line
1542 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1545 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1547 case 1: return ldub_phys(addr);
1548 case 2: return lduw_phys(addr);
1549 case 4: return ldl_phys(addr);
1554 static void watch_mem_write(void *opaque, hwaddr addr,
1555 uint64_t val, unsigned size)
1557 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1560 stb_phys(addr, val);
1563 stw_phys(addr, val);
1566 stl_phys(addr, val);
1572 static const MemoryRegionOps watch_mem_ops = {
1573 .read = watch_mem_read,
1574 .write = watch_mem_write,
1575 .endianness = DEVICE_NATIVE_ENDIAN,
1578 static uint64_t subpage_read(void *opaque, hwaddr addr,
1581 subpage_t *subpage = opaque;
1584 #if defined(DEBUG_SUBPAGE)
1585 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1586 subpage, len, addr);
1588 address_space_read(subpage->as, addr + subpage->base, buf, len);
1601 static void subpage_write(void *opaque, hwaddr addr,
1602 uint64_t value, unsigned len)
1604 subpage_t *subpage = opaque;
1607 #if defined(DEBUG_SUBPAGE)
1608 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1609 " value %"PRIx64"\n",
1610 __func__, subpage, len, addr, value);
1625 address_space_write(subpage->as, addr + subpage->base, buf, len);
1628 static bool subpage_accepts(void *opaque, hwaddr addr,
1629 unsigned size, bool is_write)
1631 subpage_t *subpage = opaque;
1632 #if defined(DEBUG_SUBPAGE)
1633 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1634 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1637 return address_space_access_valid(subpage->as, addr + subpage->base,
1641 static const MemoryRegionOps subpage_ops = {
1642 .read = subpage_read,
1643 .write = subpage_write,
1644 .valid.accepts = subpage_accepts,
1645 .endianness = DEVICE_NATIVE_ENDIAN,
1648 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1653 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1655 idx = SUBPAGE_IDX(start);
1656 eidx = SUBPAGE_IDX(end);
1657 #if defined(DEBUG_SUBPAGE)
1658 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1659 mmio, start, end, idx, eidx, memory);
1661 for (; idx <= eidx; idx++) {
1662 mmio->sub_section[idx] = section;
1668 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1672 mmio = g_malloc0(sizeof(subpage_t));
1676 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1677 "subpage", TARGET_PAGE_SIZE);
1678 mmio->iomem.subpage = true;
1679 #if defined(DEBUG_SUBPAGE)
1680 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1681 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1683 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1688 static uint16_t dummy_section(MemoryRegion *mr)
1690 MemoryRegionSection section = {
1692 .offset_within_address_space = 0,
1693 .offset_within_region = 0,
1694 .size = int128_2_64(),
1697 return phys_section_add(§ion);
1700 MemoryRegion *iotlb_to_region(hwaddr index)
1702 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1705 static void io_mem_init(void)
1707 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1708 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1709 "unassigned", UINT64_MAX);
1710 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1711 "notdirty", UINT64_MAX);
1712 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1713 "watch", UINT64_MAX);
1716 static void mem_begin(MemoryListener *listener)
1718 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1720 destroy_all_mappings(d);
1721 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1724 static void core_begin(MemoryListener *listener)
1726 phys_sections_clear();
1727 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1728 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1729 phys_section_rom = dummy_section(&io_mem_rom);
1730 phys_section_watch = dummy_section(&io_mem_watch);
1733 static void tcg_commit(MemoryListener *listener)
1737 /* since each CPU stores ram addresses in its TLB cache, we must
1738 reset the modified entries */
1740 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1745 static void core_log_global_start(MemoryListener *listener)
1747 cpu_physical_memory_set_dirty_tracking(1);
1750 static void core_log_global_stop(MemoryListener *listener)
1752 cpu_physical_memory_set_dirty_tracking(0);
1755 static void io_region_add(MemoryListener *listener,
1756 MemoryRegionSection *section)
1758 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1760 mrio->mr = section->mr;
1761 mrio->offset = section->offset_within_region;
1762 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1763 section->offset_within_address_space,
1764 int128_get64(section->size));
1765 ioport_register(&mrio->iorange);
1768 static void io_region_del(MemoryListener *listener,
1769 MemoryRegionSection *section)
1771 isa_unassign_ioport(section->offset_within_address_space,
1772 int128_get64(section->size));
1775 static MemoryListener core_memory_listener = {
1776 .begin = core_begin,
1777 .log_global_start = core_log_global_start,
1778 .log_global_stop = core_log_global_stop,
1782 static MemoryListener io_memory_listener = {
1783 .region_add = io_region_add,
1784 .region_del = io_region_del,
1788 static MemoryListener tcg_memory_listener = {
1789 .commit = tcg_commit,
1792 void address_space_init_dispatch(AddressSpace *as)
1794 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1796 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1797 d->listener = (MemoryListener) {
1799 .region_add = mem_add,
1800 .region_nop = mem_add,
1805 memory_listener_register(&d->listener, as);
1808 void address_space_destroy_dispatch(AddressSpace *as)
1810 AddressSpaceDispatch *d = as->dispatch;
1812 memory_listener_unregister(&d->listener);
1813 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1815 as->dispatch = NULL;
1818 static void memory_map_init(void)
1820 system_memory = g_malloc(sizeof(*system_memory));
1821 memory_region_init(system_memory, "system", INT64_MAX);
1822 address_space_init(&address_space_memory, system_memory, "memory");
1824 system_io = g_malloc(sizeof(*system_io));
1825 memory_region_init(system_io, "io", 65536);
1826 address_space_init(&address_space_io, system_io, "I/O");
1828 memory_listener_register(&core_memory_listener, &address_space_memory);
1829 memory_listener_register(&io_memory_listener, &address_space_io);
1830 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1833 MemoryRegion *get_system_memory(void)
1835 return system_memory;
1838 MemoryRegion *get_system_io(void)
1843 #endif /* !defined(CONFIG_USER_ONLY) */
1845 /* physical memory access (slow version, mainly for debug) */
1846 #if defined(CONFIG_USER_ONLY)
1847 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1848 uint8_t *buf, int len, int is_write)
1855 page = addr & TARGET_PAGE_MASK;
1856 l = (page + TARGET_PAGE_SIZE) - addr;
1859 flags = page_get_flags(page);
1860 if (!(flags & PAGE_VALID))
1863 if (!(flags & PAGE_WRITE))
1865 /* XXX: this code should not depend on lock_user */
1866 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1869 unlock_user(p, addr, l);
1871 if (!(flags & PAGE_READ))
1873 /* XXX: this code should not depend on lock_user */
1874 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1877 unlock_user(p, addr, 0);
1888 static void invalidate_and_set_dirty(hwaddr addr,
1891 if (!cpu_physical_memory_is_dirty(addr)) {
1892 /* invalidate code */
1893 tb_invalidate_phys_page_range(addr, addr + length, 0);
1895 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1897 xen_modified_memory(addr, length);
1900 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1902 if (memory_region_is_ram(mr)) {
1903 return !(is_write && mr->readonly);
1905 if (memory_region_is_romd(mr)) {
1912 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1914 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1917 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1923 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1924 int len, bool is_write)
1935 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1938 if (!memory_access_is_direct(mr, is_write)) {
1939 l = memory_access_size(mr, l, addr1);
1940 /* XXX: could force cpu_single_env to NULL to avoid
1943 /* 32 bit write access */
1945 error |= io_mem_write(mr, addr1, val, 4);
1946 } else if (l == 2) {
1947 /* 16 bit write access */
1949 error |= io_mem_write(mr, addr1, val, 2);
1951 /* 8 bit write access */
1953 error |= io_mem_write(mr, addr1, val, 1);
1956 addr1 += memory_region_get_ram_addr(mr);
1958 ptr = qemu_get_ram_ptr(addr1);
1959 memcpy(ptr, buf, l);
1960 invalidate_and_set_dirty(addr1, l);
1963 if (!memory_access_is_direct(mr, is_write)) {
1965 l = memory_access_size(mr, l, addr1);
1967 /* 32 bit read access */
1968 error |= io_mem_read(mr, addr1, &val, 4);
1970 } else if (l == 2) {
1971 /* 16 bit read access */
1972 error |= io_mem_read(mr, addr1, &val, 2);
1975 /* 8 bit read access */
1976 error |= io_mem_read(mr, addr1, &val, 1);
1981 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1982 memcpy(buf, ptr, l);
1993 bool address_space_write(AddressSpace *as, hwaddr addr,
1994 const uint8_t *buf, int len)
1996 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1999 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2001 return address_space_rw(as, addr, buf, len, false);
2005 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2006 int len, int is_write)
2008 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2011 /* used for ROM loading : can write in RAM and ROM */
2012 void cpu_physical_memory_write_rom(hwaddr addr,
2013 const uint8_t *buf, int len)
2022 mr = address_space_translate(&address_space_memory,
2023 addr, &addr1, &l, true);
2025 if (!(memory_region_is_ram(mr) ||
2026 memory_region_is_romd(mr))) {
2029 addr1 += memory_region_get_ram_addr(mr);
2031 ptr = qemu_get_ram_ptr(addr1);
2032 memcpy(ptr, buf, l);
2033 invalidate_and_set_dirty(addr1, l);
2047 static BounceBuffer bounce;
2049 typedef struct MapClient {
2051 void (*callback)(void *opaque);
2052 QLIST_ENTRY(MapClient) link;
2055 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2056 = QLIST_HEAD_INITIALIZER(map_client_list);
2058 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2060 MapClient *client = g_malloc(sizeof(*client));
2062 client->opaque = opaque;
2063 client->callback = callback;
2064 QLIST_INSERT_HEAD(&map_client_list, client, link);
2068 static void cpu_unregister_map_client(void *_client)
2070 MapClient *client = (MapClient *)_client;
2072 QLIST_REMOVE(client, link);
2076 static void cpu_notify_map_clients(void)
2080 while (!QLIST_EMPTY(&map_client_list)) {
2081 client = QLIST_FIRST(&map_client_list);
2082 client->callback(client->opaque);
2083 cpu_unregister_map_client(client);
2087 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2094 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2095 if (!memory_access_is_direct(mr, is_write)) {
2096 l = memory_access_size(mr, l, addr);
2097 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2108 /* Map a physical memory region into a host virtual address.
2109 * May map a subset of the requested range, given by and returned in *plen.
2110 * May return NULL if resources needed to perform the mapping are exhausted.
2111 * Use only for reads OR writes - not for read-modify-write operations.
2112 * Use cpu_register_map_client() to know when retrying the map operation is
2113 * likely to succeed.
2115 void *address_space_map(AddressSpace *as,
2124 ram_addr_t raddr = RAM_ADDR_MAX;
2130 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2132 if (!memory_access_is_direct(mr, is_write)) {
2133 if (todo || bounce.buffer) {
2136 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2140 address_space_read(as, addr, bounce.buffer, l);
2144 return bounce.buffer;
2147 raddr = memory_region_get_ram_addr(mr) + xlat;
2149 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2159 ret = qemu_ram_ptr_length(raddr, &rlen);
2164 /* Unmaps a memory region previously mapped by address_space_map().
2165 * Will also mark the memory as dirty if is_write == 1. access_len gives
2166 * the amount of memory that was actually read or written by the caller.
2168 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2169 int is_write, hwaddr access_len)
2171 if (buffer != bounce.buffer) {
2173 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2174 while (access_len) {
2176 l = TARGET_PAGE_SIZE;
2179 invalidate_and_set_dirty(addr1, l);
2184 if (xen_enabled()) {
2185 xen_invalidate_map_cache_entry(buffer);
2190 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2192 qemu_vfree(bounce.buffer);
2193 bounce.buffer = NULL;
2194 cpu_notify_map_clients();
2197 void *cpu_physical_memory_map(hwaddr addr,
2201 return address_space_map(&address_space_memory, addr, plen, is_write);
2204 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2205 int is_write, hwaddr access_len)
2207 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2210 /* warning: addr must be aligned */
2211 static inline uint32_t ldl_phys_internal(hwaddr addr,
2212 enum device_endian endian)
2220 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2222 if (l < 4 || !memory_access_is_direct(mr, false)) {
2224 io_mem_read(mr, addr1, &val, 4);
2225 #if defined(TARGET_WORDS_BIGENDIAN)
2226 if (endian == DEVICE_LITTLE_ENDIAN) {
2230 if (endian == DEVICE_BIG_ENDIAN) {
2236 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2240 case DEVICE_LITTLE_ENDIAN:
2241 val = ldl_le_p(ptr);
2243 case DEVICE_BIG_ENDIAN:
2244 val = ldl_be_p(ptr);
2254 uint32_t ldl_phys(hwaddr addr)
2256 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2259 uint32_t ldl_le_phys(hwaddr addr)
2261 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2264 uint32_t ldl_be_phys(hwaddr addr)
2266 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2269 /* warning: addr must be aligned */
2270 static inline uint64_t ldq_phys_internal(hwaddr addr,
2271 enum device_endian endian)
2279 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2281 if (l < 8 || !memory_access_is_direct(mr, false)) {
2283 io_mem_read(mr, addr1, &val, 8);
2284 #if defined(TARGET_WORDS_BIGENDIAN)
2285 if (endian == DEVICE_LITTLE_ENDIAN) {
2289 if (endian == DEVICE_BIG_ENDIAN) {
2295 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2299 case DEVICE_LITTLE_ENDIAN:
2300 val = ldq_le_p(ptr);
2302 case DEVICE_BIG_ENDIAN:
2303 val = ldq_be_p(ptr);
2313 uint64_t ldq_phys(hwaddr addr)
2315 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2318 uint64_t ldq_le_phys(hwaddr addr)
2320 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2323 uint64_t ldq_be_phys(hwaddr addr)
2325 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2329 uint32_t ldub_phys(hwaddr addr)
2332 cpu_physical_memory_read(addr, &val, 1);
2336 /* warning: addr must be aligned */
2337 static inline uint32_t lduw_phys_internal(hwaddr addr,
2338 enum device_endian endian)
2346 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2348 if (l < 2 || !memory_access_is_direct(mr, false)) {
2350 io_mem_read(mr, addr1, &val, 2);
2351 #if defined(TARGET_WORDS_BIGENDIAN)
2352 if (endian == DEVICE_LITTLE_ENDIAN) {
2356 if (endian == DEVICE_BIG_ENDIAN) {
2362 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2366 case DEVICE_LITTLE_ENDIAN:
2367 val = lduw_le_p(ptr);
2369 case DEVICE_BIG_ENDIAN:
2370 val = lduw_be_p(ptr);
2380 uint32_t lduw_phys(hwaddr addr)
2382 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2385 uint32_t lduw_le_phys(hwaddr addr)
2387 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2390 uint32_t lduw_be_phys(hwaddr addr)
2392 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2395 /* warning: addr must be aligned. The ram page is not masked as dirty
2396 and the code inside is not invalidated. It is useful if the dirty
2397 bits are used to track modified PTEs */
2398 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2405 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2407 if (l < 4 || !memory_access_is_direct(mr, true)) {
2408 io_mem_write(mr, addr1, val, 4);
2410 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2411 ptr = qemu_get_ram_ptr(addr1);
2414 if (unlikely(in_migration)) {
2415 if (!cpu_physical_memory_is_dirty(addr1)) {
2416 /* invalidate code */
2417 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2419 cpu_physical_memory_set_dirty_flags(
2420 addr1, (0xff & ~CODE_DIRTY_FLAG));
2426 /* warning: addr must be aligned */
2427 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2428 enum device_endian endian)
2435 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2437 if (l < 4 || !memory_access_is_direct(mr, true)) {
2438 #if defined(TARGET_WORDS_BIGENDIAN)
2439 if (endian == DEVICE_LITTLE_ENDIAN) {
2443 if (endian == DEVICE_BIG_ENDIAN) {
2447 io_mem_write(mr, addr1, val, 4);
2450 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2451 ptr = qemu_get_ram_ptr(addr1);
2453 case DEVICE_LITTLE_ENDIAN:
2456 case DEVICE_BIG_ENDIAN:
2463 invalidate_and_set_dirty(addr1, 4);
2467 void stl_phys(hwaddr addr, uint32_t val)
2469 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2472 void stl_le_phys(hwaddr addr, uint32_t val)
2474 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2477 void stl_be_phys(hwaddr addr, uint32_t val)
2479 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2483 void stb_phys(hwaddr addr, uint32_t val)
2486 cpu_physical_memory_write(addr, &v, 1);
2489 /* warning: addr must be aligned */
2490 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2491 enum device_endian endian)
2498 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2500 if (l < 2 || !memory_access_is_direct(mr, true)) {
2501 #if defined(TARGET_WORDS_BIGENDIAN)
2502 if (endian == DEVICE_LITTLE_ENDIAN) {
2506 if (endian == DEVICE_BIG_ENDIAN) {
2510 io_mem_write(mr, addr1, val, 2);
2513 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2514 ptr = qemu_get_ram_ptr(addr1);
2516 case DEVICE_LITTLE_ENDIAN:
2519 case DEVICE_BIG_ENDIAN:
2526 invalidate_and_set_dirty(addr1, 2);
2530 void stw_phys(hwaddr addr, uint32_t val)
2532 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2535 void stw_le_phys(hwaddr addr, uint32_t val)
2537 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2540 void stw_be_phys(hwaddr addr, uint32_t val)
2542 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2546 void stq_phys(hwaddr addr, uint64_t val)
2549 cpu_physical_memory_write(addr, &val, 8);
2552 void stq_le_phys(hwaddr addr, uint64_t val)
2554 val = cpu_to_le64(val);
2555 cpu_physical_memory_write(addr, &val, 8);
2558 void stq_be_phys(hwaddr addr, uint64_t val)
2560 val = cpu_to_be64(val);
2561 cpu_physical_memory_write(addr, &val, 8);
2564 /* virtual memory access for debug (includes writing to ROM) */
2565 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2566 uint8_t *buf, int len, int is_write)
2573 page = addr & TARGET_PAGE_MASK;
2574 phys_addr = cpu_get_phys_page_debug(env, page);
2575 /* if no physical page mapped, return an error */
2576 if (phys_addr == -1)
2578 l = (page + TARGET_PAGE_SIZE) - addr;
2581 phys_addr += (addr & ~TARGET_PAGE_MASK);
2583 cpu_physical_memory_write_rom(phys_addr, buf, l);
2585 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2594 #if !defined(CONFIG_USER_ONLY)
2597 * A helper function for the _utterly broken_ virtio device model to find out if
2598 * it's running on a big endian machine. Don't do this at home kids!
2600 bool virtio_is_big_endian(void);
2601 bool virtio_is_big_endian(void)
2603 #if defined(TARGET_WORDS_BIGENDIAN)
2612 #ifndef CONFIG_USER_ONLY
2613 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2618 mr = address_space_translate(&address_space_memory,
2619 phys_addr, &phys_addr, &l, false);
2621 return !(memory_region_is_ram(mr) ||
2622 memory_region_is_romd(mr));
2625 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2629 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2630 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob