4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 struct AddressSpaceDispatch {
92 /* This is a multi-level map on the physical address space.
93 * The bottom level has pointers to MemoryRegionSections.
95 PhysPageEntry phys_map;
96 MemoryListener listener;
100 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
101 typedef struct subpage_t {
105 uint16_t sub_section[TARGET_PAGE_SIZE];
108 static MemoryRegionSection *phys_sections;
109 static unsigned phys_sections_nb, phys_sections_nb_alloc;
110 static uint16_t phys_section_unassigned;
111 static uint16_t phys_section_notdirty;
112 static uint16_t phys_section_rom;
113 static uint16_t phys_section_watch;
115 /* Simple allocator for PhysPageEntry nodes */
116 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
117 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121 static void io_mem_init(void);
122 static void memory_map_init(void);
123 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125 static MemoryRegion io_mem_watch;
128 #if !defined(CONFIG_USER_ONLY)
130 static void phys_map_node_reserve(unsigned nodes)
132 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
133 typedef PhysPageEntry Node[L2_SIZE];
134 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
136 phys_map_nodes_nb + nodes);
137 phys_map_nodes = g_renew(Node, phys_map_nodes,
138 phys_map_nodes_nb_alloc);
142 static uint16_t phys_map_node_alloc(void)
147 ret = phys_map_nodes_nb++;
148 assert(ret != PHYS_MAP_NODE_NIL);
149 assert(ret != phys_map_nodes_nb_alloc);
150 for (i = 0; i < L2_SIZE; ++i) {
151 phys_map_nodes[ret][i].is_leaf = 0;
152 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
157 static void phys_map_nodes_reset(void)
159 phys_map_nodes_nb = 0;
163 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
164 hwaddr *nb, uint16_t leaf,
169 hwaddr step = (hwaddr)1 << (level * L2_BITS);
171 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
172 lp->ptr = phys_map_node_alloc();
173 p = phys_map_nodes[lp->ptr];
175 for (i = 0; i < L2_SIZE; i++) {
177 p[i].ptr = phys_section_unassigned;
181 p = phys_map_nodes[lp->ptr];
183 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
185 while (*nb && lp < &p[L2_SIZE]) {
186 if ((*index & (step - 1)) == 0 && *nb >= step) {
192 phys_page_set_level(lp, index, nb, leaf, level - 1);
198 static void phys_page_set(AddressSpaceDispatch *d,
199 hwaddr index, hwaddr nb,
202 /* Wildly overreserve - it doesn't matter much. */
203 phys_map_node_reserve(3 * P_L2_LEVELS);
205 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
208 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
210 PhysPageEntry lp = d->phys_map;
214 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
215 if (lp.ptr == PHYS_MAP_NODE_NIL) {
216 return &phys_sections[phys_section_unassigned];
218 p = phys_map_nodes[lp.ptr];
219 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
221 return &phys_sections[lp.ptr];
224 bool memory_region_is_unassigned(MemoryRegion *mr)
226 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
227 && mr != &io_mem_watch;
230 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
232 bool resolve_subpage)
234 MemoryRegionSection *section;
237 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
238 if (resolve_subpage && section->mr->subpage) {
239 subpage = container_of(section->mr, subpage_t, iomem);
240 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
245 static MemoryRegionSection *
246 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
247 hwaddr *plen, bool resolve_subpage)
249 MemoryRegionSection *section;
252 section = address_space_lookup_region(as, addr, resolve_subpage);
253 /* Compute offset within MemoryRegionSection */
254 addr -= section->offset_within_address_space;
256 /* Compute offset within MemoryRegion */
257 *xlat = addr + section->offset_within_region;
259 diff = int128_sub(section->mr->size, int128_make64(addr));
260 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
264 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
265 hwaddr *xlat, hwaddr *plen,
269 MemoryRegionSection *section;
274 section = address_space_translate_internal(as, addr, &addr, plen, true);
277 if (!mr->iommu_ops) {
281 iotlb = mr->iommu_ops->translate(mr, addr);
282 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
283 | (addr & iotlb.addr_mask));
284 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
285 if (!(iotlb.perm & (1 << is_write))) {
286 mr = &io_mem_unassigned;
290 as = iotlb.target_as;
298 MemoryRegionSection *
299 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
302 MemoryRegionSection *section;
303 section = address_space_translate_internal(as, addr, xlat, plen, false);
305 assert(!section->mr->iommu_ops);
310 void cpu_exec_init_all(void)
312 #if !defined(CONFIG_USER_ONLY)
313 qemu_mutex_init(&ram_list.mutex);
319 #if !defined(CONFIG_USER_ONLY)
321 static int cpu_common_post_load(void *opaque, int version_id)
323 CPUState *cpu = opaque;
325 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
326 version_id is increased. */
327 cpu->interrupt_request &= ~0x01;
328 tlb_flush(cpu->env_ptr, 1);
333 static const VMStateDescription vmstate_cpu_common = {
334 .name = "cpu_common",
336 .minimum_version_id = 1,
337 .minimum_version_id_old = 1,
338 .post_load = cpu_common_post_load,
339 .fields = (VMStateField []) {
340 VMSTATE_UINT32(halted, CPUState),
341 VMSTATE_UINT32(interrupt_request, CPUState),
342 VMSTATE_END_OF_LIST()
346 #define vmstate_cpu_common vmstate_dummy
349 CPUState *qemu_get_cpu(int index)
351 CPUArchState *env = first_cpu;
352 CPUState *cpu = NULL;
355 cpu = ENV_GET_CPU(env);
356 if (cpu->cpu_index == index) {
362 return env ? cpu : NULL;
365 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
367 CPUArchState *env = first_cpu;
370 func(ENV_GET_CPU(env), data);
375 void cpu_exec_init(CPUArchState *env)
377 CPUState *cpu = ENV_GET_CPU(env);
378 CPUClass *cc = CPU_GET_CLASS(cpu);
382 #if defined(CONFIG_USER_ONLY)
385 env->next_cpu = NULL;
388 while (*penv != NULL) {
389 penv = &(*penv)->next_cpu;
392 cpu->cpu_index = cpu_index;
394 QTAILQ_INIT(&env->breakpoints);
395 QTAILQ_INIT(&env->watchpoints);
396 #ifndef CONFIG_USER_ONLY
397 cpu->thread_id = qemu_get_thread_id();
400 #if defined(CONFIG_USER_ONLY)
403 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
404 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
405 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
406 cpu_save, cpu_load, env);
407 assert(cc->vmsd == NULL);
409 if (cc->vmsd != NULL) {
410 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
414 #if defined(TARGET_HAS_ICE)
415 #if defined(CONFIG_USER_ONLY)
416 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
418 tb_invalidate_phys_page_range(pc, pc + 1, 0);
421 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
423 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
424 (pc & ~TARGET_PAGE_MASK));
427 #endif /* TARGET_HAS_ICE */
429 #if defined(CONFIG_USER_ONLY)
430 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
435 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
436 int flags, CPUWatchpoint **watchpoint)
441 /* Add a watchpoint. */
442 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
443 int flags, CPUWatchpoint **watchpoint)
445 target_ulong len_mask = ~(len - 1);
448 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
449 if ((len & (len - 1)) || (addr & ~len_mask) ||
450 len == 0 || len > TARGET_PAGE_SIZE) {
451 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
452 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
455 wp = g_malloc(sizeof(*wp));
458 wp->len_mask = len_mask;
461 /* keep all GDB-injected watchpoints in front */
463 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
465 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
467 tlb_flush_page(env, addr);
474 /* Remove a specific watchpoint. */
475 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
478 target_ulong len_mask = ~(len - 1);
481 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
482 if (addr == wp->vaddr && len_mask == wp->len_mask
483 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
484 cpu_watchpoint_remove_by_ref(env, wp);
491 /* Remove a specific watchpoint by reference. */
492 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
494 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
496 tlb_flush_page(env, watchpoint->vaddr);
501 /* Remove all matching watchpoints. */
502 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
504 CPUWatchpoint *wp, *next;
506 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
507 if (wp->flags & mask)
508 cpu_watchpoint_remove_by_ref(env, wp);
513 /* Add a breakpoint. */
514 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
515 CPUBreakpoint **breakpoint)
517 #if defined(TARGET_HAS_ICE)
520 bp = g_malloc(sizeof(*bp));
525 /* keep all GDB-injected breakpoints in front */
527 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
529 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
531 breakpoint_invalidate(env, pc);
541 /* Remove a specific breakpoint. */
542 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
544 #if defined(TARGET_HAS_ICE)
547 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
548 if (bp->pc == pc && bp->flags == flags) {
549 cpu_breakpoint_remove_by_ref(env, bp);
559 /* Remove a specific breakpoint by reference. */
560 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
562 #if defined(TARGET_HAS_ICE)
563 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
565 breakpoint_invalidate(env, breakpoint->pc);
571 /* Remove all matching breakpoints. */
572 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
574 #if defined(TARGET_HAS_ICE)
575 CPUBreakpoint *bp, *next;
577 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
578 if (bp->flags & mask)
579 cpu_breakpoint_remove_by_ref(env, bp);
584 /* enable or disable single step mode. EXCP_DEBUG is returned by the
585 CPU loop after each instruction */
586 void cpu_single_step(CPUArchState *env, int enabled)
588 #if defined(TARGET_HAS_ICE)
589 if (env->singlestep_enabled != enabled) {
590 env->singlestep_enabled = enabled;
592 kvm_update_guest_debug(env, 0);
594 /* must flush all the translated code to avoid inconsistencies */
595 /* XXX: only flush what is necessary */
602 void cpu_exit(CPUArchState *env)
604 CPUState *cpu = ENV_GET_CPU(env);
606 cpu->exit_request = 1;
607 cpu->tcg_exit_req = 1;
610 void cpu_abort(CPUArchState *env, const char *fmt, ...)
617 fprintf(stderr, "qemu: fatal: ");
618 vfprintf(stderr, fmt, ap);
619 fprintf(stderr, "\n");
620 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
621 if (qemu_log_enabled()) {
622 qemu_log("qemu: fatal: ");
623 qemu_log_vprintf(fmt, ap2);
625 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
631 #if defined(CONFIG_USER_ONLY)
633 struct sigaction act;
634 sigfillset(&act.sa_mask);
635 act.sa_handler = SIG_DFL;
636 sigaction(SIGABRT, &act, NULL);
642 CPUArchState *cpu_copy(CPUArchState *env)
644 CPUArchState *new_env = cpu_init(env->cpu_model_str);
645 CPUArchState *next_cpu = new_env->next_cpu;
646 #if defined(TARGET_HAS_ICE)
651 memcpy(new_env, env, sizeof(CPUArchState));
653 /* Preserve chaining. */
654 new_env->next_cpu = next_cpu;
656 /* Clone all break/watchpoints.
657 Note: Once we support ptrace with hw-debug register access, make sure
658 BP_CPU break/watchpoints are handled correctly on clone. */
659 QTAILQ_INIT(&env->breakpoints);
660 QTAILQ_INIT(&env->watchpoints);
661 #if defined(TARGET_HAS_ICE)
662 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
663 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
665 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
666 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
674 #if !defined(CONFIG_USER_ONLY)
675 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
680 /* we modify the TLB cache so that the dirty bit will be set again
681 when accessing the range */
682 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
683 /* Check that we don't span multiple blocks - this breaks the
684 address comparisons below. */
685 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
686 != (end - 1) - start) {
689 cpu_tlb_reset_dirty_all(start1, length);
693 /* Note: start and end must be within the same ram block. */
694 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
699 start &= TARGET_PAGE_MASK;
700 end = TARGET_PAGE_ALIGN(end);
702 length = end - start;
705 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
708 tlb_reset_dirty_range_all(start, end, length);
712 static int cpu_physical_memory_set_dirty_tracking(int enable)
715 in_migration = enable;
719 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
720 MemoryRegionSection *section,
722 hwaddr paddr, hwaddr xlat,
724 target_ulong *address)
729 if (memory_region_is_ram(section->mr)) {
731 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
733 if (!section->readonly) {
734 iotlb |= phys_section_notdirty;
736 iotlb |= phys_section_rom;
739 iotlb = section - phys_sections;
743 /* Make accesses to pages with watchpoints go via the
744 watchpoint trap routines. */
745 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
746 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
747 /* Avoid trapping reads of pages with a write breakpoint. */
748 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
749 iotlb = phys_section_watch + paddr;
750 *address |= TLB_MMIO;
758 #endif /* defined(CONFIG_USER_ONLY) */
760 #if !defined(CONFIG_USER_ONLY)
762 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
764 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
765 static void destroy_page_desc(uint16_t section_index)
767 MemoryRegionSection *section = &phys_sections[section_index];
768 MemoryRegion *mr = section->mr;
771 subpage_t *subpage = container_of(mr, subpage_t, iomem);
772 memory_region_destroy(&subpage->iomem);
777 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
782 if (lp->ptr == PHYS_MAP_NODE_NIL) {
786 p = phys_map_nodes[lp->ptr];
787 for (i = 0; i < L2_SIZE; ++i) {
789 destroy_l2_mapping(&p[i], level - 1);
791 destroy_page_desc(p[i].ptr);
795 lp->ptr = PHYS_MAP_NODE_NIL;
798 static void destroy_all_mappings(AddressSpaceDispatch *d)
800 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
801 phys_map_nodes_reset();
804 static uint16_t phys_section_add(MemoryRegionSection *section)
806 /* The physical section number is ORed with a page-aligned
807 * pointer to produce the iotlb entries. Thus it should
808 * never overflow into the page-aligned value.
810 assert(phys_sections_nb < TARGET_PAGE_SIZE);
812 if (phys_sections_nb == phys_sections_nb_alloc) {
813 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
814 phys_sections = g_renew(MemoryRegionSection, phys_sections,
815 phys_sections_nb_alloc);
817 phys_sections[phys_sections_nb] = *section;
818 return phys_sections_nb++;
821 static void phys_sections_clear(void)
823 phys_sections_nb = 0;
826 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
829 hwaddr base = section->offset_within_address_space
831 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
832 MemoryRegionSection subsection = {
833 .offset_within_address_space = base,
834 .size = int128_make64(TARGET_PAGE_SIZE),
838 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
840 if (!(existing->mr->subpage)) {
841 subpage = subpage_init(d->as, base);
842 subsection.mr = &subpage->iomem;
843 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
844 phys_section_add(&subsection));
846 subpage = container_of(existing->mr, subpage_t, iomem);
848 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
849 end = start + int128_get64(section->size) - 1;
850 subpage_register(subpage, start, end, phys_section_add(section));
854 static void register_multipage(AddressSpaceDispatch *d,
855 MemoryRegionSection *section)
857 hwaddr start_addr = section->offset_within_address_space;
858 uint16_t section_index = phys_section_add(section);
859 uint64_t num_pages = int128_get64(int128_rshift(section->size,
863 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
866 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
868 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
869 MemoryRegionSection now = *section, remain = *section;
870 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
872 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
873 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
874 - now.offset_within_address_space;
876 now.size = int128_min(int128_make64(left), now.size);
877 register_subpage(d, &now);
879 now.size = int128_zero();
881 while (int128_ne(remain.size, now.size)) {
882 remain.size = int128_sub(remain.size, now.size);
883 remain.offset_within_address_space += int128_get64(now.size);
884 remain.offset_within_region += int128_get64(now.size);
886 if (int128_lt(remain.size, page_size)) {
887 register_subpage(d, &now);
888 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
889 now.size = page_size;
890 register_subpage(d, &now);
892 now.size = int128_and(now.size, int128_neg(page_size));
893 register_multipage(d, &now);
898 void qemu_flush_coalesced_mmio_buffer(void)
901 kvm_flush_coalesced_mmio_buffer();
904 void qemu_mutex_lock_ramlist(void)
906 qemu_mutex_lock(&ram_list.mutex);
909 void qemu_mutex_unlock_ramlist(void)
911 qemu_mutex_unlock(&ram_list.mutex);
914 #if defined(__linux__) && !defined(TARGET_S390X)
918 #define HUGETLBFS_MAGIC 0x958458f6
920 static long gethugepagesize(const char *path)
926 ret = statfs(path, &fs);
927 } while (ret != 0 && errno == EINTR);
934 if (fs.f_type != HUGETLBFS_MAGIC)
935 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
940 static void *file_ram_alloc(RAMBlock *block,
945 char *sanitized_name;
952 unsigned long hpagesize;
954 hpagesize = gethugepagesize(path);
959 if (memory < hpagesize) {
963 if (kvm_enabled() && !kvm_has_sync_mmu()) {
964 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
968 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
969 sanitized_name = g_strdup(block->mr->name);
970 for (c = sanitized_name; *c != '\0'; c++) {
975 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
977 g_free(sanitized_name);
979 fd = mkstemp(filename);
981 perror("unable to create backing store for hugepages");
988 memory = (memory+hpagesize-1) & ~(hpagesize-1);
991 * ftruncate is not supported by hugetlbfs in older
992 * hosts, so don't bother bailing out on errors.
993 * If anything goes wrong with it under other filesystems,
996 if (ftruncate(fd, memory))
1000 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
1001 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
1002 * to sidestep this quirk.
1004 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
1005 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
1007 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1009 if (area == MAP_FAILED) {
1010 perror("file_ram_alloc: can't mmap RAM pages");
1019 static ram_addr_t find_ram_offset(ram_addr_t size)
1021 RAMBlock *block, *next_block;
1022 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1024 assert(size != 0); /* it would hand out same offset multiple times */
1026 if (QTAILQ_EMPTY(&ram_list.blocks))
1029 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1030 ram_addr_t end, next = RAM_ADDR_MAX;
1032 end = block->offset + block->length;
1034 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1035 if (next_block->offset >= end) {
1036 next = MIN(next, next_block->offset);
1039 if (next - end >= size && next - end < mingap) {
1041 mingap = next - end;
1045 if (offset == RAM_ADDR_MAX) {
1046 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1054 ram_addr_t last_ram_offset(void)
1057 ram_addr_t last = 0;
1059 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1060 last = MAX(last, block->offset + block->length);
1065 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1068 QemuOpts *machine_opts;
1070 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1071 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1073 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1074 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1076 perror("qemu_madvise");
1077 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1078 "but dump_guest_core=off specified\n");
1083 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1085 RAMBlock *new_block, *block;
1088 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1089 if (block->offset == addr) {
1095 assert(!new_block->idstr[0]);
1098 char *id = qdev_get_dev_path(dev);
1100 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1104 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1106 /* This assumes the iothread lock is taken here too. */
1107 qemu_mutex_lock_ramlist();
1108 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1109 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1110 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1115 qemu_mutex_unlock_ramlist();
1118 static int memory_try_enable_merging(void *addr, size_t len)
1122 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1123 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1124 /* disabled by the user */
1128 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1131 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1134 RAMBlock *block, *new_block;
1136 size = TARGET_PAGE_ALIGN(size);
1137 new_block = g_malloc0(sizeof(*new_block));
1139 /* This assumes the iothread lock is taken here too. */
1140 qemu_mutex_lock_ramlist();
1142 new_block->offset = find_ram_offset(size);
1144 new_block->host = host;
1145 new_block->flags |= RAM_PREALLOC_MASK;
1148 #if defined (__linux__) && !defined(TARGET_S390X)
1149 new_block->host = file_ram_alloc(new_block, size, mem_path);
1150 if (!new_block->host) {
1151 new_block->host = qemu_anon_ram_alloc(size);
1152 memory_try_enable_merging(new_block->host, size);
1155 fprintf(stderr, "-mem-path option unsupported\n");
1159 if (xen_enabled()) {
1160 xen_ram_alloc(new_block->offset, size, mr);
1161 } else if (kvm_enabled()) {
1162 /* some s390/kvm configurations have special constraints */
1163 new_block->host = kvm_ram_alloc(size);
1165 new_block->host = qemu_anon_ram_alloc(size);
1167 memory_try_enable_merging(new_block->host, size);
1170 new_block->length = size;
1172 /* Keep the list sorted from biggest to smallest block. */
1173 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1174 if (block->length < new_block->length) {
1179 QTAILQ_INSERT_BEFORE(block, new_block, next);
1181 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1183 ram_list.mru_block = NULL;
1186 qemu_mutex_unlock_ramlist();
1188 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1189 last_ram_offset() >> TARGET_PAGE_BITS);
1190 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1191 0, size >> TARGET_PAGE_BITS);
1192 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1194 qemu_ram_setup_dump(new_block->host, size);
1195 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1198 kvm_setup_guest_memory(new_block->host, size);
1200 return new_block->offset;
1203 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1205 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1208 void qemu_ram_free_from_ptr(ram_addr_t addr)
1212 /* This assumes the iothread lock is taken here too. */
1213 qemu_mutex_lock_ramlist();
1214 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1215 if (addr == block->offset) {
1216 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1217 ram_list.mru_block = NULL;
1223 qemu_mutex_unlock_ramlist();
1226 void qemu_ram_free(ram_addr_t addr)
1230 /* This assumes the iothread lock is taken here too. */
1231 qemu_mutex_lock_ramlist();
1232 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1233 if (addr == block->offset) {
1234 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1235 ram_list.mru_block = NULL;
1237 if (block->flags & RAM_PREALLOC_MASK) {
1239 } else if (mem_path) {
1240 #if defined (__linux__) && !defined(TARGET_S390X)
1242 munmap(block->host, block->length);
1245 qemu_anon_ram_free(block->host, block->length);
1251 if (xen_enabled()) {
1252 xen_invalidate_map_cache_entry(block->host);
1254 qemu_anon_ram_free(block->host, block->length);
1261 qemu_mutex_unlock_ramlist();
1266 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1273 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1274 offset = addr - block->offset;
1275 if (offset < block->length) {
1276 vaddr = block->host + offset;
1277 if (block->flags & RAM_PREALLOC_MASK) {
1281 munmap(vaddr, length);
1283 #if defined(__linux__) && !defined(TARGET_S390X)
1286 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1289 flags |= MAP_PRIVATE;
1291 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1292 flags, block->fd, offset);
1294 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1295 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1302 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1303 flags |= MAP_SHARED | MAP_ANONYMOUS;
1304 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1307 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1308 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1312 if (area != vaddr) {
1313 fprintf(stderr, "Could not remap addr: "
1314 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1318 memory_try_enable_merging(vaddr, length);
1319 qemu_ram_setup_dump(vaddr, length);
1325 #endif /* !_WIN32 */
1327 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1328 With the exception of the softmmu code in this file, this should
1329 only be used for local memory (e.g. video ram) that the device owns,
1330 and knows it isn't going to access beyond the end of the block.
1332 It should not be used for general purpose DMA.
1333 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1335 void *qemu_get_ram_ptr(ram_addr_t addr)
1339 /* The list is protected by the iothread lock here. */
1340 block = ram_list.mru_block;
1341 if (block && addr - block->offset < block->length) {
1344 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1345 if (addr - block->offset < block->length) {
1350 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1354 ram_list.mru_block = block;
1355 if (xen_enabled()) {
1356 /* We need to check if the requested address is in the RAM
1357 * because we don't want to map the entire memory in QEMU.
1358 * In that case just map until the end of the page.
1360 if (block->offset == 0) {
1361 return xen_map_cache(addr, 0, 0);
1362 } else if (block->host == NULL) {
1364 xen_map_cache(block->offset, block->length, 1);
1367 return block->host + (addr - block->offset);
1370 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1371 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1373 * ??? Is this still necessary?
1375 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1379 /* The list is protected by the iothread lock here. */
1380 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1381 if (addr - block->offset < block->length) {
1382 if (xen_enabled()) {
1383 /* We need to check if the requested address is in the RAM
1384 * because we don't want to map the entire memory in QEMU.
1385 * In that case just map until the end of the page.
1387 if (block->offset == 0) {
1388 return xen_map_cache(addr, 0, 0);
1389 } else if (block->host == NULL) {
1391 xen_map_cache(block->offset, block->length, 1);
1394 return block->host + (addr - block->offset);
1398 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1404 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1405 * but takes a size argument */
1406 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1411 if (xen_enabled()) {
1412 return xen_map_cache(addr, *size, 1);
1416 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1417 if (addr - block->offset < block->length) {
1418 if (addr - block->offset + *size > block->length)
1419 *size = block->length - addr + block->offset;
1420 return block->host + (addr - block->offset);
1424 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1429 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1432 uint8_t *host = ptr;
1434 if (xen_enabled()) {
1435 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1439 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1440 /* This case append when the block is not mapped. */
1441 if (block->host == NULL) {
1444 if (host - block->host < block->length) {
1445 *ram_addr = block->offset + (host - block->host);
1453 /* Some of the softmmu routines need to translate from a host pointer
1454 (typically a TLB entry) back to a ram offset. */
1455 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1457 ram_addr_t ram_addr;
1459 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1460 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1466 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1467 uint64_t val, unsigned size)
1470 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1471 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1472 tb_invalidate_phys_page_fast(ram_addr, size);
1473 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1477 stb_p(qemu_get_ram_ptr(ram_addr), val);
1480 stw_p(qemu_get_ram_ptr(ram_addr), val);
1483 stl_p(qemu_get_ram_ptr(ram_addr), val);
1488 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1489 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1490 /* we remove the notdirty callback only if the code has been
1492 if (dirty_flags == 0xff)
1493 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1496 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1497 unsigned size, bool is_write)
1502 static const MemoryRegionOps notdirty_mem_ops = {
1503 .write = notdirty_mem_write,
1504 .valid.accepts = notdirty_mem_accepts,
1505 .endianness = DEVICE_NATIVE_ENDIAN,
1508 /* Generate a debug exception if a watchpoint has been hit. */
1509 static void check_watchpoint(int offset, int len_mask, int flags)
1511 CPUArchState *env = cpu_single_env;
1512 target_ulong pc, cs_base;
1517 if (env->watchpoint_hit) {
1518 /* We re-entered the check after replacing the TB. Now raise
1519 * the debug interrupt so that is will trigger after the
1520 * current instruction. */
1521 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1524 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1525 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1526 if ((vaddr == (wp->vaddr & len_mask) ||
1527 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1528 wp->flags |= BP_WATCHPOINT_HIT;
1529 if (!env->watchpoint_hit) {
1530 env->watchpoint_hit = wp;
1531 tb_check_watchpoint(env);
1532 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1533 env->exception_index = EXCP_DEBUG;
1536 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1537 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1538 cpu_resume_from_signal(env, NULL);
1542 wp->flags &= ~BP_WATCHPOINT_HIT;
1547 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1548 so these check for a hit then pass through to the normal out-of-line
1550 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1553 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1555 case 1: return ldub_phys(addr);
1556 case 2: return lduw_phys(addr);
1557 case 4: return ldl_phys(addr);
1562 static void watch_mem_write(void *opaque, hwaddr addr,
1563 uint64_t val, unsigned size)
1565 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1568 stb_phys(addr, val);
1571 stw_phys(addr, val);
1574 stl_phys(addr, val);
1580 static const MemoryRegionOps watch_mem_ops = {
1581 .read = watch_mem_read,
1582 .write = watch_mem_write,
1583 .endianness = DEVICE_NATIVE_ENDIAN,
1586 static uint64_t subpage_read(void *opaque, hwaddr addr,
1589 subpage_t *subpage = opaque;
1592 #if defined(DEBUG_SUBPAGE)
1593 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1594 subpage, len, addr);
1596 address_space_read(subpage->as, addr + subpage->base, buf, len);
1609 static void subpage_write(void *opaque, hwaddr addr,
1610 uint64_t value, unsigned len)
1612 subpage_t *subpage = opaque;
1615 #if defined(DEBUG_SUBPAGE)
1616 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1617 " value %"PRIx64"\n",
1618 __func__, subpage, len, addr, value);
1633 address_space_write(subpage->as, addr + subpage->base, buf, len);
1636 static bool subpage_accepts(void *opaque, hwaddr addr,
1637 unsigned size, bool is_write)
1639 subpage_t *subpage = opaque;
1640 #if defined(DEBUG_SUBPAGE)
1641 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1642 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1645 return address_space_access_valid(subpage->as, addr + subpage->base,
1649 static const MemoryRegionOps subpage_ops = {
1650 .read = subpage_read,
1651 .write = subpage_write,
1652 .valid.accepts = subpage_accepts,
1653 .endianness = DEVICE_NATIVE_ENDIAN,
1656 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1661 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1663 idx = SUBPAGE_IDX(start);
1664 eidx = SUBPAGE_IDX(end);
1665 #if defined(DEBUG_SUBPAGE)
1666 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1667 mmio, start, end, idx, eidx, memory);
1669 for (; idx <= eidx; idx++) {
1670 mmio->sub_section[idx] = section;
1676 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1680 mmio = g_malloc0(sizeof(subpage_t));
1684 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1685 "subpage", TARGET_PAGE_SIZE);
1686 mmio->iomem.subpage = true;
1687 #if defined(DEBUG_SUBPAGE)
1688 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1689 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1691 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1696 static uint16_t dummy_section(MemoryRegion *mr)
1698 MemoryRegionSection section = {
1700 .offset_within_address_space = 0,
1701 .offset_within_region = 0,
1702 .size = int128_2_64(),
1705 return phys_section_add(§ion);
1708 MemoryRegion *iotlb_to_region(hwaddr index)
1710 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1713 static void io_mem_init(void)
1715 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1716 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1717 "unassigned", UINT64_MAX);
1718 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
1719 "notdirty", UINT64_MAX);
1720 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1721 "watch", UINT64_MAX);
1724 static void mem_begin(MemoryListener *listener)
1726 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1728 destroy_all_mappings(d);
1729 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1732 static void core_begin(MemoryListener *listener)
1734 phys_sections_clear();
1735 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1736 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1737 phys_section_rom = dummy_section(&io_mem_rom);
1738 phys_section_watch = dummy_section(&io_mem_watch);
1741 static void tcg_commit(MemoryListener *listener)
1745 /* since each CPU stores ram addresses in its TLB cache, we must
1746 reset the modified entries */
1748 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1753 static void core_log_global_start(MemoryListener *listener)
1755 cpu_physical_memory_set_dirty_tracking(1);
1758 static void core_log_global_stop(MemoryListener *listener)
1760 cpu_physical_memory_set_dirty_tracking(0);
1763 static void io_region_add(MemoryListener *listener,
1764 MemoryRegionSection *section)
1766 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1768 mrio->mr = section->mr;
1769 mrio->offset = section->offset_within_region;
1770 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1771 section->offset_within_address_space,
1772 int128_get64(section->size));
1773 ioport_register(&mrio->iorange);
1776 static void io_region_del(MemoryListener *listener,
1777 MemoryRegionSection *section)
1779 isa_unassign_ioport(section->offset_within_address_space,
1780 int128_get64(section->size));
1783 static MemoryListener core_memory_listener = {
1784 .begin = core_begin,
1785 .log_global_start = core_log_global_start,
1786 .log_global_stop = core_log_global_stop,
1790 static MemoryListener io_memory_listener = {
1791 .region_add = io_region_add,
1792 .region_del = io_region_del,
1796 static MemoryListener tcg_memory_listener = {
1797 .commit = tcg_commit,
1800 void address_space_init_dispatch(AddressSpace *as)
1802 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1804 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1805 d->listener = (MemoryListener) {
1807 .region_add = mem_add,
1808 .region_nop = mem_add,
1813 memory_listener_register(&d->listener, as);
1816 void address_space_destroy_dispatch(AddressSpace *as)
1818 AddressSpaceDispatch *d = as->dispatch;
1820 memory_listener_unregister(&d->listener);
1821 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1823 as->dispatch = NULL;
1826 static void memory_map_init(void)
1828 system_memory = g_malloc(sizeof(*system_memory));
1829 memory_region_init(system_memory, "system", INT64_MAX);
1830 address_space_init(&address_space_memory, system_memory);
1831 address_space_memory.name = "memory";
1833 system_io = g_malloc(sizeof(*system_io));
1834 memory_region_init(system_io, "io", 65536);
1835 address_space_init(&address_space_io, system_io);
1836 address_space_io.name = "I/O";
1838 memory_listener_register(&core_memory_listener, &address_space_memory);
1839 memory_listener_register(&io_memory_listener, &address_space_io);
1840 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1843 MemoryRegion *get_system_memory(void)
1845 return system_memory;
1848 MemoryRegion *get_system_io(void)
1853 #endif /* !defined(CONFIG_USER_ONLY) */
1855 /* physical memory access (slow version, mainly for debug) */
1856 #if defined(CONFIG_USER_ONLY)
1857 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1858 uint8_t *buf, int len, int is_write)
1865 page = addr & TARGET_PAGE_MASK;
1866 l = (page + TARGET_PAGE_SIZE) - addr;
1869 flags = page_get_flags(page);
1870 if (!(flags & PAGE_VALID))
1873 if (!(flags & PAGE_WRITE))
1875 /* XXX: this code should not depend on lock_user */
1876 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1879 unlock_user(p, addr, l);
1881 if (!(flags & PAGE_READ))
1883 /* XXX: this code should not depend on lock_user */
1884 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1887 unlock_user(p, addr, 0);
1898 static void invalidate_and_set_dirty(hwaddr addr,
1901 if (!cpu_physical_memory_is_dirty(addr)) {
1902 /* invalidate code */
1903 tb_invalidate_phys_page_range(addr, addr + length, 0);
1905 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1907 xen_modified_memory(addr, length);
1910 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1912 if (memory_region_is_ram(mr)) {
1913 return !(is_write && mr->readonly);
1915 if (memory_region_is_romd(mr)) {
1922 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1924 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1927 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1933 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1934 int len, bool is_write)
1945 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1948 if (!memory_access_is_direct(mr, is_write)) {
1949 l = memory_access_size(mr, l, addr1);
1950 /* XXX: could force cpu_single_env to NULL to avoid
1953 /* 32 bit write access */
1955 error |= io_mem_write(mr, addr1, val, 4);
1956 } else if (l == 2) {
1957 /* 16 bit write access */
1959 error |= io_mem_write(mr, addr1, val, 2);
1961 /* 8 bit write access */
1963 error |= io_mem_write(mr, addr1, val, 1);
1966 addr1 += memory_region_get_ram_addr(mr);
1968 ptr = qemu_get_ram_ptr(addr1);
1969 memcpy(ptr, buf, l);
1970 invalidate_and_set_dirty(addr1, l);
1973 if (!memory_access_is_direct(mr, is_write)) {
1975 l = memory_access_size(mr, l, addr1);
1977 /* 32 bit read access */
1978 error |= io_mem_read(mr, addr1, &val, 4);
1980 } else if (l == 2) {
1981 /* 16 bit read access */
1982 error |= io_mem_read(mr, addr1, &val, 2);
1985 /* 8 bit read access */
1986 error |= io_mem_read(mr, addr1, &val, 1);
1991 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1992 memcpy(buf, ptr, l);
2003 bool address_space_write(AddressSpace *as, hwaddr addr,
2004 const uint8_t *buf, int len)
2006 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2009 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2011 return address_space_rw(as, addr, buf, len, false);
2015 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2016 int len, int is_write)
2018 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2021 /* used for ROM loading : can write in RAM and ROM */
2022 void cpu_physical_memory_write_rom(hwaddr addr,
2023 const uint8_t *buf, int len)
2032 mr = address_space_translate(&address_space_memory,
2033 addr, &addr1, &l, true);
2035 if (!(memory_region_is_ram(mr) ||
2036 memory_region_is_romd(mr))) {
2039 addr1 += memory_region_get_ram_addr(mr);
2041 ptr = qemu_get_ram_ptr(addr1);
2042 memcpy(ptr, buf, l);
2043 invalidate_and_set_dirty(addr1, l);
2057 static BounceBuffer bounce;
2059 typedef struct MapClient {
2061 void (*callback)(void *opaque);
2062 QLIST_ENTRY(MapClient) link;
2065 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2066 = QLIST_HEAD_INITIALIZER(map_client_list);
2068 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2070 MapClient *client = g_malloc(sizeof(*client));
2072 client->opaque = opaque;
2073 client->callback = callback;
2074 QLIST_INSERT_HEAD(&map_client_list, client, link);
2078 static void cpu_unregister_map_client(void *_client)
2080 MapClient *client = (MapClient *)_client;
2082 QLIST_REMOVE(client, link);
2086 static void cpu_notify_map_clients(void)
2090 while (!QLIST_EMPTY(&map_client_list)) {
2091 client = QLIST_FIRST(&map_client_list);
2092 client->callback(client->opaque);
2093 cpu_unregister_map_client(client);
2097 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2104 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2105 if (!memory_access_is_direct(mr, is_write)) {
2106 l = memory_access_size(mr, l, addr);
2107 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2118 /* Map a physical memory region into a host virtual address.
2119 * May map a subset of the requested range, given by and returned in *plen.
2120 * May return NULL if resources needed to perform the mapping are exhausted.
2121 * Use only for reads OR writes - not for read-modify-write operations.
2122 * Use cpu_register_map_client() to know when retrying the map operation is
2123 * likely to succeed.
2125 void *address_space_map(AddressSpace *as,
2134 ram_addr_t raddr = RAM_ADDR_MAX;
2140 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2142 if (!memory_access_is_direct(mr, is_write)) {
2143 if (todo || bounce.buffer) {
2146 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2150 address_space_read(as, addr, bounce.buffer, l);
2154 return bounce.buffer;
2157 raddr = memory_region_get_ram_addr(mr) + xlat;
2159 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2169 ret = qemu_ram_ptr_length(raddr, &rlen);
2174 /* Unmaps a memory region previously mapped by address_space_map().
2175 * Will also mark the memory as dirty if is_write == 1. access_len gives
2176 * the amount of memory that was actually read or written by the caller.
2178 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2179 int is_write, hwaddr access_len)
2181 if (buffer != bounce.buffer) {
2183 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2184 while (access_len) {
2186 l = TARGET_PAGE_SIZE;
2189 invalidate_and_set_dirty(addr1, l);
2194 if (xen_enabled()) {
2195 xen_invalidate_map_cache_entry(buffer);
2200 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2202 qemu_vfree(bounce.buffer);
2203 bounce.buffer = NULL;
2204 cpu_notify_map_clients();
2207 void *cpu_physical_memory_map(hwaddr addr,
2211 return address_space_map(&address_space_memory, addr, plen, is_write);
2214 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2215 int is_write, hwaddr access_len)
2217 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2220 /* warning: addr must be aligned */
2221 static inline uint32_t ldl_phys_internal(hwaddr addr,
2222 enum device_endian endian)
2230 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2232 if (l < 4 || !memory_access_is_direct(mr, false)) {
2234 io_mem_read(mr, addr1, &val, 4);
2235 #if defined(TARGET_WORDS_BIGENDIAN)
2236 if (endian == DEVICE_LITTLE_ENDIAN) {
2240 if (endian == DEVICE_BIG_ENDIAN) {
2246 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2250 case DEVICE_LITTLE_ENDIAN:
2251 val = ldl_le_p(ptr);
2253 case DEVICE_BIG_ENDIAN:
2254 val = ldl_be_p(ptr);
2264 uint32_t ldl_phys(hwaddr addr)
2266 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2269 uint32_t ldl_le_phys(hwaddr addr)
2271 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2274 uint32_t ldl_be_phys(hwaddr addr)
2276 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2279 /* warning: addr must be aligned */
2280 static inline uint64_t ldq_phys_internal(hwaddr addr,
2281 enum device_endian endian)
2289 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2291 if (l < 8 || !memory_access_is_direct(mr, false)) {
2293 io_mem_read(mr, addr1, &val, 8);
2294 #if defined(TARGET_WORDS_BIGENDIAN)
2295 if (endian == DEVICE_LITTLE_ENDIAN) {
2299 if (endian == DEVICE_BIG_ENDIAN) {
2305 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2309 case DEVICE_LITTLE_ENDIAN:
2310 val = ldq_le_p(ptr);
2312 case DEVICE_BIG_ENDIAN:
2313 val = ldq_be_p(ptr);
2323 uint64_t ldq_phys(hwaddr addr)
2325 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2328 uint64_t ldq_le_phys(hwaddr addr)
2330 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2333 uint64_t ldq_be_phys(hwaddr addr)
2335 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2339 uint32_t ldub_phys(hwaddr addr)
2342 cpu_physical_memory_read(addr, &val, 1);
2346 /* warning: addr must be aligned */
2347 static inline uint32_t lduw_phys_internal(hwaddr addr,
2348 enum device_endian endian)
2356 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2358 if (l < 2 || !memory_access_is_direct(mr, false)) {
2360 io_mem_read(mr, addr1, &val, 2);
2361 #if defined(TARGET_WORDS_BIGENDIAN)
2362 if (endian == DEVICE_LITTLE_ENDIAN) {
2366 if (endian == DEVICE_BIG_ENDIAN) {
2372 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2376 case DEVICE_LITTLE_ENDIAN:
2377 val = lduw_le_p(ptr);
2379 case DEVICE_BIG_ENDIAN:
2380 val = lduw_be_p(ptr);
2390 uint32_t lduw_phys(hwaddr addr)
2392 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2395 uint32_t lduw_le_phys(hwaddr addr)
2397 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2400 uint32_t lduw_be_phys(hwaddr addr)
2402 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2405 /* warning: addr must be aligned. The ram page is not masked as dirty
2406 and the code inside is not invalidated. It is useful if the dirty
2407 bits are used to track modified PTEs */
2408 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2415 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2417 if (l < 4 || !memory_access_is_direct(mr, true)) {
2418 io_mem_write(mr, addr1, val, 4);
2420 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2421 ptr = qemu_get_ram_ptr(addr1);
2424 if (unlikely(in_migration)) {
2425 if (!cpu_physical_memory_is_dirty(addr1)) {
2426 /* invalidate code */
2427 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2429 cpu_physical_memory_set_dirty_flags(
2430 addr1, (0xff & ~CODE_DIRTY_FLAG));
2436 /* warning: addr must be aligned */
2437 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2438 enum device_endian endian)
2445 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2447 if (l < 4 || !memory_access_is_direct(mr, true)) {
2448 #if defined(TARGET_WORDS_BIGENDIAN)
2449 if (endian == DEVICE_LITTLE_ENDIAN) {
2453 if (endian == DEVICE_BIG_ENDIAN) {
2457 io_mem_write(mr, addr1, val, 4);
2460 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2461 ptr = qemu_get_ram_ptr(addr1);
2463 case DEVICE_LITTLE_ENDIAN:
2466 case DEVICE_BIG_ENDIAN:
2473 invalidate_and_set_dirty(addr1, 4);
2477 void stl_phys(hwaddr addr, uint32_t val)
2479 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2482 void stl_le_phys(hwaddr addr, uint32_t val)
2484 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2487 void stl_be_phys(hwaddr addr, uint32_t val)
2489 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2493 void stb_phys(hwaddr addr, uint32_t val)
2496 cpu_physical_memory_write(addr, &v, 1);
2499 /* warning: addr must be aligned */
2500 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2501 enum device_endian endian)
2508 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2510 if (l < 2 || !memory_access_is_direct(mr, true)) {
2511 #if defined(TARGET_WORDS_BIGENDIAN)
2512 if (endian == DEVICE_LITTLE_ENDIAN) {
2516 if (endian == DEVICE_BIG_ENDIAN) {
2520 io_mem_write(mr, addr1, val, 2);
2523 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2524 ptr = qemu_get_ram_ptr(addr1);
2526 case DEVICE_LITTLE_ENDIAN:
2529 case DEVICE_BIG_ENDIAN:
2536 invalidate_and_set_dirty(addr1, 2);
2540 void stw_phys(hwaddr addr, uint32_t val)
2542 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2545 void stw_le_phys(hwaddr addr, uint32_t val)
2547 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2550 void stw_be_phys(hwaddr addr, uint32_t val)
2552 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2556 void stq_phys(hwaddr addr, uint64_t val)
2559 cpu_physical_memory_write(addr, &val, 8);
2562 void stq_le_phys(hwaddr addr, uint64_t val)
2564 val = cpu_to_le64(val);
2565 cpu_physical_memory_write(addr, &val, 8);
2568 void stq_be_phys(hwaddr addr, uint64_t val)
2570 val = cpu_to_be64(val);
2571 cpu_physical_memory_write(addr, &val, 8);
2574 /* virtual memory access for debug (includes writing to ROM) */
2575 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2576 uint8_t *buf, int len, int is_write)
2583 page = addr & TARGET_PAGE_MASK;
2584 phys_addr = cpu_get_phys_page_debug(env, page);
2585 /* if no physical page mapped, return an error */
2586 if (phys_addr == -1)
2588 l = (page + TARGET_PAGE_SIZE) - addr;
2591 phys_addr += (addr & ~TARGET_PAGE_MASK);
2593 cpu_physical_memory_write_rom(phys_addr, buf, l);
2595 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2604 #if !defined(CONFIG_USER_ONLY)
2607 * A helper function for the _utterly broken_ virtio device model to find out if
2608 * it's running on a big endian machine. Don't do this at home kids!
2610 bool virtio_is_big_endian(void);
2611 bool virtio_is_big_endian(void)
2613 #if defined(TARGET_WORDS_BIGENDIAN)
2622 #ifndef CONFIG_USER_ONLY
2623 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2628 mr = address_space_translate(&address_space_memory,
2629 phys_addr, &phys_addr, &l, false);
2631 return !(memory_region_is_ram(mr) ||
2632 memory_region_is_romd(mr));
projects / sdk / emulator / qemu.git / blob