4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
85 #define RAM_RESIZEABLE (1 << 2)
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
92 __thread CPUState *current_cpu;
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
98 #if !defined(CONFIG_USER_ONLY)
100 typedef struct PhysPageEntry PhysPageEntry;
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
115 #define P_L2_SIZE (1 << P_L2_BITS)
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119 typedef PhysPageEntry Node[P_L2_SIZE];
121 typedef struct PhysPageMap {
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
127 unsigned nodes_nb_alloc;
129 MemoryRegionSection *sections;
132 struct AddressSpaceDispatch {
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
138 PhysPageEntry phys_map;
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
148 uint16_t sub_section[TARGET_PAGE_SIZE];
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
160 static MemoryRegion io_mem_watch;
163 #if !defined(CONFIG_USER_ONLY)
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
181 ret = map->nodes_nb++;
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 unsigned valid_ptr = P_L2_SIZE;
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
253 phys_page_compact(&p[i], nodes, compacted);
257 /* We can only compress if there's only one child. */
262 assert(valid_ptr < P_L2_SIZE);
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
279 lp->skip += p[valid_ptr].skip;
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 DECLARE_BITMAP(compacted, nodes_nb);
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
296 hwaddr index = addr >> TARGET_PAGE_BITS;
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return §ions[PHYS_SECTION_UNASSIGNED];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return §ions[lp.ptr];
312 return §ions[PHYS_SECTION_UNASSIGNED];
316 bool memory_region_is_unassigned(MemoryRegion *mr)
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 bool resolve_subpage)
327 MemoryRegionSection *section;
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
343 MemoryRegionSection *section;
347 section = address_space_lookup_region(d, addr, resolve_subpage);
348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
356 /* MMIO registers can be expected to perform full-width accesses based only
357 * on their address, without considering adjacent registers that could
358 * decode to completely different MemoryRegions. When such registers
359 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
360 * regions overlap wildly. For this reason we cannot clamp the accesses
363 * If the length is small (as is the case for address_space_ldl/stl),
364 * everything works fine. If the incoming length is large, however,
365 * the caller really has to do the clamping through memory_access_size.
367 if (memory_region_is_ram(mr)) {
368 diff = int128_sub(section->size, int128_make64(addr));
369 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
374 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
376 if (memory_region_is_ram(mr)) {
377 return !(is_write && mr->readonly);
379 if (memory_region_is_romd(mr)) {
386 /* Called from RCU critical section */
387 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
388 hwaddr *xlat, hwaddr *plen,
392 MemoryRegionSection *section;
396 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
397 section = address_space_translate_internal(d, addr, &addr, plen, true);
400 if (!mr->iommu_ops) {
404 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
405 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
406 | (addr & iotlb.addr_mask));
407 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
408 if (!(iotlb.perm & (1 << is_write))) {
409 mr = &io_mem_unassigned;
413 as = iotlb.target_as;
416 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
417 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
418 *plen = MIN(page, *plen);
425 /* Called from RCU critical section */
426 MemoryRegionSection *
427 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
428 hwaddr *xlat, hwaddr *plen)
430 MemoryRegionSection *section;
431 section = address_space_translate_internal(cpu->memory_dispatch,
432 addr, xlat, plen, false);
434 assert(!section->mr->iommu_ops);
439 #if !defined(CONFIG_USER_ONLY)
441 static int cpu_common_post_load(void *opaque, int version_id)
443 CPUState *cpu = opaque;
445 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
446 version_id is increased. */
447 cpu->interrupt_request &= ~0x01;
453 static int cpu_common_pre_load(void *opaque)
455 CPUState *cpu = opaque;
457 cpu->exception_index = -1;
462 static bool cpu_common_exception_index_needed(void *opaque)
464 CPUState *cpu = opaque;
466 return tcg_enabled() && cpu->exception_index != -1;
469 static const VMStateDescription vmstate_cpu_common_exception_index = {
470 .name = "cpu_common/exception_index",
472 .minimum_version_id = 1,
473 .needed = cpu_common_exception_index_needed,
474 .fields = (VMStateField[]) {
475 VMSTATE_INT32(exception_index, CPUState),
476 VMSTATE_END_OF_LIST()
480 static bool cpu_common_crash_occurred_needed(void *opaque)
482 CPUState *cpu = opaque;
484 return cpu->crash_occurred;
487 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
488 .name = "cpu_common/crash_occurred",
490 .minimum_version_id = 1,
491 .needed = cpu_common_crash_occurred_needed,
492 .fields = (VMStateField[]) {
493 VMSTATE_BOOL(crash_occurred, CPUState),
494 VMSTATE_END_OF_LIST()
498 const VMStateDescription vmstate_cpu_common = {
499 .name = "cpu_common",
501 .minimum_version_id = 1,
502 .pre_load = cpu_common_pre_load,
503 .post_load = cpu_common_post_load,
504 .fields = (VMStateField[]) {
505 VMSTATE_UINT32(halted, CPUState),
506 VMSTATE_UINT32(interrupt_request, CPUState),
507 VMSTATE_END_OF_LIST()
509 .subsections = (const VMStateDescription*[]) {
510 &vmstate_cpu_common_exception_index,
511 &vmstate_cpu_common_crash_occurred,
518 CPUState *qemu_get_cpu(int index)
523 if (cpu->cpu_index == index) {
531 #if !defined(CONFIG_USER_ONLY)
532 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
534 /* We only support one address space per cpu at the moment. */
535 assert(cpu->as == as);
537 if (cpu->tcg_as_listener) {
538 memory_listener_unregister(cpu->tcg_as_listener);
540 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
542 cpu->tcg_as_listener->commit = tcg_commit;
543 memory_listener_register(cpu->tcg_as_listener, as);
547 #ifndef CONFIG_USER_ONLY
548 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
550 static int cpu_get_free_index(Error **errp)
552 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
554 if (cpu >= MAX_CPUMASK_BITS) {
555 error_setg(errp, "Trying to use more CPUs than max of %d",
560 bitmap_set(cpu_index_map, cpu, 1);
564 void cpu_exec_exit(CPUState *cpu)
566 if (cpu->cpu_index == -1) {
567 /* cpu_index was never allocated by this @cpu or was already freed. */
571 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
576 static int cpu_get_free_index(Error **errp)
581 CPU_FOREACH(some_cpu) {
587 void cpu_exec_exit(CPUState *cpu)
592 void cpu_exec_init(CPUState *cpu, Error **errp)
594 CPUClass *cc = CPU_GET_CLASS(cpu);
596 Error *local_err = NULL;
598 #ifndef CONFIG_USER_ONLY
599 cpu->as = &address_space_memory;
600 cpu->thread_id = qemu_get_thread_id();
601 cpu_reload_memory_map(cpu);
604 #if defined(CONFIG_USER_ONLY)
607 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
609 error_propagate(errp, local_err);
610 #if defined(CONFIG_USER_ONLY)
615 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
616 #if defined(CONFIG_USER_ONLY)
619 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
620 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
622 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
623 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
624 cpu_save, cpu_load, cpu->env_ptr);
625 assert(cc->vmsd == NULL);
626 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
628 if (cc->vmsd != NULL) {
629 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
633 #if defined(CONFIG_USER_ONLY)
634 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
636 tb_invalidate_phys_page_range(pc, pc + 1, 0);
639 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
641 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
643 tb_invalidate_phys_addr(cpu->as,
644 phys | (pc & ~TARGET_PAGE_MASK));
649 #if defined(CONFIG_USER_ONLY)
650 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
655 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
661 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
665 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
666 int flags, CPUWatchpoint **watchpoint)
671 /* Add a watchpoint. */
672 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
673 int flags, CPUWatchpoint **watchpoint)
677 /* forbid ranges which are empty or run off the end of the address space */
678 if (len == 0 || (addr + len - 1) < addr) {
679 error_report("tried to set invalid watchpoint at %"
680 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
683 wp = g_malloc(sizeof(*wp));
689 /* keep all GDB-injected watchpoints in front */
690 if (flags & BP_GDB) {
691 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
693 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
696 tlb_flush_page(cpu, addr);
703 /* Remove a specific watchpoint. */
704 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
709 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
710 if (addr == wp->vaddr && len == wp->len
711 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
712 cpu_watchpoint_remove_by_ref(cpu, wp);
719 /* Remove a specific watchpoint by reference. */
720 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
722 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
724 tlb_flush_page(cpu, watchpoint->vaddr);
729 /* Remove all matching watchpoints. */
730 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
732 CPUWatchpoint *wp, *next;
734 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
735 if (wp->flags & mask) {
736 cpu_watchpoint_remove_by_ref(cpu, wp);
741 /* Return true if this watchpoint address matches the specified
742 * access (ie the address range covered by the watchpoint overlaps
743 * partially or completely with the address range covered by the
746 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
750 /* We know the lengths are non-zero, but a little caution is
751 * required to avoid errors in the case where the range ends
752 * exactly at the top of the address space and so addr + len
753 * wraps round to zero.
755 vaddr wpend = wp->vaddr + wp->len - 1;
756 vaddr addrend = addr + len - 1;
758 return !(addr > wpend || wp->vaddr > addrend);
763 /* Add a breakpoint. */
764 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
765 CPUBreakpoint **breakpoint)
769 bp = g_malloc(sizeof(*bp));
774 /* keep all GDB-injected breakpoints in front */
775 if (flags & BP_GDB) {
776 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
778 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
781 breakpoint_invalidate(cpu, pc);
789 /* Remove a specific breakpoint. */
790 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
794 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
795 if (bp->pc == pc && bp->flags == flags) {
796 cpu_breakpoint_remove_by_ref(cpu, bp);
803 /* Remove a specific breakpoint by reference. */
804 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
806 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
808 breakpoint_invalidate(cpu, breakpoint->pc);
813 /* Remove all matching breakpoints. */
814 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
816 CPUBreakpoint *bp, *next;
818 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
819 if (bp->flags & mask) {
820 cpu_breakpoint_remove_by_ref(cpu, bp);
825 /* enable or disable single step mode. EXCP_DEBUG is returned by the
826 CPU loop after each instruction */
827 void cpu_single_step(CPUState *cpu, int enabled)
829 if (cpu->singlestep_enabled != enabled) {
830 cpu->singlestep_enabled = enabled;
832 kvm_update_guest_debug(cpu, 0);
834 /* must flush all the translated code to avoid inconsistencies */
835 /* XXX: only flush what is necessary */
841 void cpu_abort(CPUState *cpu, const char *fmt, ...)
848 fprintf(stderr, "qemu: fatal: ");
849 vfprintf(stderr, fmt, ap);
850 fprintf(stderr, "\n");
851 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
852 if (qemu_log_enabled()) {
853 qemu_log("qemu: fatal: ");
854 qemu_log_vprintf(fmt, ap2);
856 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
862 #if defined(CONFIG_USER_ONLY)
864 struct sigaction act;
865 sigfillset(&act.sa_mask);
866 act.sa_handler = SIG_DFL;
867 sigaction(SIGABRT, &act, NULL);
873 #if !defined(CONFIG_USER_ONLY)
874 /* Called from RCU critical section */
875 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
879 block = atomic_rcu_read(&ram_list.mru_block);
880 if (block && addr - block->offset < block->max_length) {
883 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
884 if (addr - block->offset < block->max_length) {
889 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
893 /* It is safe to write mru_block outside the iothread lock. This
898 * xxx removed from list
902 * call_rcu(reclaim_ramblock, xxx);
905 * atomic_rcu_set is not needed here. The block was already published
906 * when it was placed into the list. Here we're just making an extra
907 * copy of the pointer.
909 ram_list.mru_block = block;
913 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
920 end = TARGET_PAGE_ALIGN(start + length);
921 start &= TARGET_PAGE_MASK;
924 block = qemu_get_ram_block(start);
925 assert(block == qemu_get_ram_block(end - 1));
926 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
928 tlb_reset_dirty(cpu, start1, length);
933 /* Note: start and end must be within the same ram block. */
934 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
938 unsigned long end, page;
945 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
946 page = start >> TARGET_PAGE_BITS;
947 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
950 if (dirty && tcg_enabled()) {
951 tlb_reset_dirty_range_all(start, length);
957 /* Called from RCU critical section */
958 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
959 MemoryRegionSection *section,
961 hwaddr paddr, hwaddr xlat,
963 target_ulong *address)
968 if (memory_region_is_ram(section->mr)) {
970 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
972 if (!section->readonly) {
973 iotlb |= PHYS_SECTION_NOTDIRTY;
975 iotlb |= PHYS_SECTION_ROM;
978 AddressSpaceDispatch *d;
980 d = atomic_rcu_read(§ion->address_space->dispatch);
981 iotlb = section - d->map.sections;
985 /* Make accesses to pages with watchpoints go via the
986 watchpoint trap routines. */
987 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
988 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
989 /* Avoid trapping reads of pages with a write breakpoint. */
990 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
991 iotlb = PHYS_SECTION_WATCH + paddr;
992 *address |= TLB_MMIO;
1000 #endif /* defined(CONFIG_USER_ONLY) */
1002 #if !defined(CONFIG_USER_ONLY)
1004 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1006 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1008 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1009 qemu_anon_ram_alloc;
1012 * Set a custom physical guest memory alloator.
1013 * Accelerators with unusual needs may need this. Hopefully, we can
1014 * get rid of it eventually.
1016 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1018 phys_mem_alloc = alloc;
1021 static uint16_t phys_section_add(PhysPageMap *map,
1022 MemoryRegionSection *section)
1024 /* The physical section number is ORed with a page-aligned
1025 * pointer to produce the iotlb entries. Thus it should
1026 * never overflow into the page-aligned value.
1028 assert(map->sections_nb < TARGET_PAGE_SIZE);
1030 if (map->sections_nb == map->sections_nb_alloc) {
1031 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1032 map->sections = g_renew(MemoryRegionSection, map->sections,
1033 map->sections_nb_alloc);
1035 map->sections[map->sections_nb] = *section;
1036 memory_region_ref(section->mr);
1037 return map->sections_nb++;
1040 static void phys_section_destroy(MemoryRegion *mr)
1042 memory_region_unref(mr);
1045 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1046 object_unref(OBJECT(&subpage->iomem));
1051 static void phys_sections_free(PhysPageMap *map)
1053 while (map->sections_nb > 0) {
1054 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1055 phys_section_destroy(section->mr);
1057 g_free(map->sections);
1061 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1064 hwaddr base = section->offset_within_address_space
1066 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1067 d->map.nodes, d->map.sections);
1068 MemoryRegionSection subsection = {
1069 .offset_within_address_space = base,
1070 .size = int128_make64(TARGET_PAGE_SIZE),
1074 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1076 if (!(existing->mr->subpage)) {
1077 subpage = subpage_init(d->as, base);
1078 subsection.address_space = d->as;
1079 subsection.mr = &subpage->iomem;
1080 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1081 phys_section_add(&d->map, &subsection));
1083 subpage = container_of(existing->mr, subpage_t, iomem);
1085 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1086 end = start + int128_get64(section->size) - 1;
1087 subpage_register(subpage, start, end,
1088 phys_section_add(&d->map, section));
1092 static void register_multipage(AddressSpaceDispatch *d,
1093 MemoryRegionSection *section)
1095 hwaddr start_addr = section->offset_within_address_space;
1096 uint16_t section_index = phys_section_add(&d->map, section);
1097 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1101 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1104 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1106 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1107 AddressSpaceDispatch *d = as->next_dispatch;
1108 MemoryRegionSection now = *section, remain = *section;
1109 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1111 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1112 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1113 - now.offset_within_address_space;
1115 now.size = int128_min(int128_make64(left), now.size);
1116 register_subpage(d, &now);
1118 now.size = int128_zero();
1120 while (int128_ne(remain.size, now.size)) {
1121 remain.size = int128_sub(remain.size, now.size);
1122 remain.offset_within_address_space += int128_get64(now.size);
1123 remain.offset_within_region += int128_get64(now.size);
1125 if (int128_lt(remain.size, page_size)) {
1126 register_subpage(d, &now);
1127 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1128 now.size = page_size;
1129 register_subpage(d, &now);
1131 now.size = int128_and(now.size, int128_neg(page_size));
1132 register_multipage(d, &now);
1137 void qemu_flush_coalesced_mmio_buffer(void)
1140 kvm_flush_coalesced_mmio_buffer();
1143 void qemu_mutex_lock_ramlist(void)
1145 qemu_mutex_lock(&ram_list.mutex);
1148 void qemu_mutex_unlock_ramlist(void)
1150 qemu_mutex_unlock(&ram_list.mutex);
1155 #include <sys/vfs.h>
1157 #define HUGETLBFS_MAGIC 0x958458f6
1159 static long gethugepagesize(const char *path, Error **errp)
1165 ret = statfs(path, &fs);
1166 } while (ret != 0 && errno == EINTR);
1169 error_setg_errno(errp, errno, "failed to get page size of file %s",
1174 if (fs.f_type != HUGETLBFS_MAGIC)
1175 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1180 static void *file_ram_alloc(RAMBlock *block,
1186 char *sanitized_name;
1191 Error *local_err = NULL;
1193 hpagesize = gethugepagesize(path, &local_err);
1195 error_propagate(errp, local_err);
1198 block->mr->align = hpagesize;
1200 if (memory < hpagesize) {
1201 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1202 "or larger than huge page size 0x%" PRIx64,
1207 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1209 "host lacks kvm mmu notifiers, -mem-path unsupported");
1213 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1214 sanitized_name = g_strdup(memory_region_name(block->mr));
1215 for (c = sanitized_name; *c != '\0'; c++) {
1220 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1222 g_free(sanitized_name);
1224 fd = mkstemp(filename);
1226 error_setg_errno(errp, errno,
1227 "unable to create backing store for hugepages");
1234 memory = ROUND_UP(memory, hpagesize);
1237 * ftruncate is not supported by hugetlbfs in older
1238 * hosts, so don't bother bailing out on errors.
1239 * If anything goes wrong with it under other filesystems,
1242 if (ftruncate(fd, memory)) {
1243 perror("ftruncate");
1246 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1247 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1249 if (area == MAP_FAILED) {
1250 error_setg_errno(errp, errno,
1251 "unable to map backing store for hugepages");
1257 os_mem_prealloc(fd, area, memory);
1265 error_report("%s", error_get_pretty(*errp));
1272 /* Called with the ramlist lock held. */
1273 static ram_addr_t find_ram_offset(ram_addr_t size)
1275 RAMBlock *block, *next_block;
1276 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1278 assert(size != 0); /* it would hand out same offset multiple times */
1280 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1284 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1285 ram_addr_t end, next = RAM_ADDR_MAX;
1287 end = block->offset + block->max_length;
1289 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1290 if (next_block->offset >= end) {
1291 next = MIN(next, next_block->offset);
1294 if (next - end >= size && next - end < mingap) {
1296 mingap = next - end;
1300 if (offset == RAM_ADDR_MAX) {
1301 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1309 ram_addr_t last_ram_offset(void)
1312 ram_addr_t last = 0;
1315 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1316 last = MAX(last, block->offset + block->max_length);
1322 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1326 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1327 if (!machine_dump_guest_core(current_machine)) {
1328 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1330 perror("qemu_madvise");
1331 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1332 "but dump_guest_core=off specified\n");
1337 /* Called within an RCU critical section, or while the ramlist lock
1340 static RAMBlock *find_ram_block(ram_addr_t addr)
1344 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1345 if (block->offset == addr) {
1353 /* Called with iothread lock held. */
1354 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1356 RAMBlock *new_block, *block;
1359 new_block = find_ram_block(addr);
1361 assert(!new_block->idstr[0]);
1364 char *id = qdev_get_dev_path(dev);
1366 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1370 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1372 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1373 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1374 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1382 /* Called with iothread lock held. */
1383 void qemu_ram_unset_idstr(ram_addr_t addr)
1387 /* FIXME: arch_init.c assumes that this is not called throughout
1388 * migration. Ignore the problem since hot-unplug during migration
1389 * does not work anyway.
1393 block = find_ram_block(addr);
1395 memset(block->idstr, 0, sizeof(block->idstr));
1400 static int memory_try_enable_merging(void *addr, size_t len)
1402 if (!machine_mem_merge(current_machine)) {
1403 /* disabled by the user */
1407 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1410 /* Only legal before guest might have detected the memory size: e.g. on
1411 * incoming migration, or right after reset.
1413 * As memory core doesn't know how is memory accessed, it is up to
1414 * resize callback to update device state and/or add assertions to detect
1415 * misuse, if necessary.
1417 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1419 RAMBlock *block = find_ram_block(base);
1423 newsize = TARGET_PAGE_ALIGN(newsize);
1425 if (block->used_length == newsize) {
1429 if (!(block->flags & RAM_RESIZEABLE)) {
1430 error_setg_errno(errp, EINVAL,
1431 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1432 " in != 0x" RAM_ADDR_FMT, block->idstr,
1433 newsize, block->used_length);
1437 if (block->max_length < newsize) {
1438 error_setg_errno(errp, EINVAL,
1439 "Length too large: %s: 0x" RAM_ADDR_FMT
1440 " > 0x" RAM_ADDR_FMT, block->idstr,
1441 newsize, block->max_length);
1445 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1446 block->used_length = newsize;
1447 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1449 memory_region_set_size(block->mr, newsize);
1450 if (block->resized) {
1451 block->resized(block->idstr, newsize, block->host);
1456 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1459 RAMBlock *last_block = NULL;
1460 ram_addr_t old_ram_size, new_ram_size;
1462 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1464 qemu_mutex_lock_ramlist();
1465 new_block->offset = find_ram_offset(new_block->max_length);
1467 if (!new_block->host) {
1468 if (xen_enabled()) {
1469 xen_ram_alloc(new_block->offset, new_block->max_length,
1472 new_block->host = phys_mem_alloc(new_block->max_length,
1473 &new_block->mr->align);
1474 if (!new_block->host) {
1475 error_setg_errno(errp, errno,
1476 "cannot set up guest memory '%s'",
1477 memory_region_name(new_block->mr));
1478 qemu_mutex_unlock_ramlist();
1481 memory_try_enable_merging(new_block->host, new_block->max_length);
1485 new_ram_size = MAX(old_ram_size,
1486 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1487 if (new_ram_size > old_ram_size) {
1488 migration_bitmap_extend(old_ram_size, new_ram_size);
1490 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1491 * QLIST (which has an RCU-friendly variant) does not have insertion at
1492 * tail, so save the last element in last_block.
1494 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1496 if (block->max_length < new_block->max_length) {
1501 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1502 } else if (last_block) {
1503 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1504 } else { /* list is empty */
1505 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1507 ram_list.mru_block = NULL;
1509 /* Write list before version */
1512 qemu_mutex_unlock_ramlist();
1514 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1516 if (new_ram_size > old_ram_size) {
1519 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1520 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1521 ram_list.dirty_memory[i] =
1522 bitmap_zero_extend(ram_list.dirty_memory[i],
1523 old_ram_size, new_ram_size);
1526 cpu_physical_memory_set_dirty_range(new_block->offset,
1527 new_block->used_length,
1530 if (new_block->host) {
1531 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1532 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1533 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1534 if (kvm_enabled()) {
1535 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1539 return new_block->offset;
1543 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1544 bool share, const char *mem_path,
1547 RAMBlock *new_block;
1549 Error *local_err = NULL;
1551 if (xen_enabled()) {
1552 error_setg(errp, "-mem-path not supported with Xen");
1556 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1558 * file_ram_alloc() needs to allocate just like
1559 * phys_mem_alloc, but we haven't bothered to provide
1563 "-mem-path not supported with this accelerator");
1567 size = TARGET_PAGE_ALIGN(size);
1568 new_block = g_malloc0(sizeof(*new_block));
1570 new_block->used_length = size;
1571 new_block->max_length = size;
1572 new_block->flags = share ? RAM_SHARED : 0;
1573 new_block->host = file_ram_alloc(new_block, size,
1575 if (!new_block->host) {
1580 addr = ram_block_add(new_block, &local_err);
1583 error_propagate(errp, local_err);
1591 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1592 void (*resized)(const char*,
1595 void *host, bool resizeable,
1596 MemoryRegion *mr, Error **errp)
1598 RAMBlock *new_block;
1600 Error *local_err = NULL;
1602 size = TARGET_PAGE_ALIGN(size);
1603 max_size = TARGET_PAGE_ALIGN(max_size);
1604 new_block = g_malloc0(sizeof(*new_block));
1606 new_block->resized = resized;
1607 new_block->used_length = size;
1608 new_block->max_length = max_size;
1609 assert(max_size >= size);
1611 new_block->host = host;
1613 new_block->flags |= RAM_PREALLOC;
1616 new_block->flags |= RAM_RESIZEABLE;
1618 addr = ram_block_add(new_block, &local_err);
1621 error_propagate(errp, local_err);
1627 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1628 MemoryRegion *mr, Error **errp)
1630 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1633 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1635 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1638 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1639 void (*resized)(const char*,
1642 MemoryRegion *mr, Error **errp)
1644 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1647 void qemu_ram_free_from_ptr(ram_addr_t addr)
1651 qemu_mutex_lock_ramlist();
1652 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1653 if (addr == block->offset) {
1654 QLIST_REMOVE_RCU(block, next);
1655 ram_list.mru_block = NULL;
1656 /* Write list before version */
1659 g_free_rcu(block, rcu);
1663 qemu_mutex_unlock_ramlist();
1666 static void reclaim_ramblock(RAMBlock *block)
1668 if (block->flags & RAM_PREALLOC) {
1670 } else if (xen_enabled()) {
1671 xen_invalidate_map_cache_entry(block->host);
1673 } else if (block->fd >= 0) {
1674 munmap(block->host, block->max_length);
1678 qemu_anon_ram_free(block->host, block->max_length);
1683 void qemu_ram_free(ram_addr_t addr)
1687 qemu_mutex_lock_ramlist();
1688 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1689 if (addr == block->offset) {
1690 QLIST_REMOVE_RCU(block, next);
1691 ram_list.mru_block = NULL;
1692 /* Write list before version */
1695 call_rcu(block, reclaim_ramblock, rcu);
1699 qemu_mutex_unlock_ramlist();
1703 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1710 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1711 offset = addr - block->offset;
1712 if (offset < block->max_length) {
1713 vaddr = ramblock_ptr(block, offset);
1714 if (block->flags & RAM_PREALLOC) {
1716 } else if (xen_enabled()) {
1720 if (block->fd >= 0) {
1721 flags |= (block->flags & RAM_SHARED ?
1722 MAP_SHARED : MAP_PRIVATE);
1723 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1724 flags, block->fd, offset);
1727 * Remap needs to match alloc. Accelerators that
1728 * set phys_mem_alloc never remap. If they did,
1729 * we'd need a remap hook here.
1731 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1733 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1734 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1737 if (area != vaddr) {
1738 fprintf(stderr, "Could not remap addr: "
1739 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1743 memory_try_enable_merging(vaddr, length);
1744 qemu_ram_setup_dump(vaddr, length);
1749 #endif /* !_WIN32 */
1751 int qemu_get_ram_fd(ram_addr_t addr)
1757 block = qemu_get_ram_block(addr);
1763 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1769 block = qemu_get_ram_block(addr);
1770 ptr = ramblock_ptr(block, 0);
1775 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1776 * This should not be used for general purpose DMA. Use address_space_map
1777 * or address_space_rw instead. For local memory (e.g. video ram) that the
1778 * device owns, use memory_region_get_ram_ptr.
1780 * By the time this function returns, the returned pointer is not protected
1781 * by RCU anymore. If the caller is not within an RCU critical section and
1782 * does not hold the iothread lock, it must have other means of protecting the
1783 * pointer, such as a reference to the region that includes the incoming
1786 void *qemu_get_ram_ptr(ram_addr_t addr)
1792 block = qemu_get_ram_block(addr);
1794 if (xen_enabled() && block->host == NULL) {
1795 /* We need to check if the requested address is in the RAM
1796 * because we don't want to map the entire memory in QEMU.
1797 * In that case just map until the end of the page.
1799 if (block->offset == 0) {
1800 ptr = xen_map_cache(addr, 0, 0);
1804 block->host = xen_map_cache(block->offset, block->max_length, 1);
1806 ptr = ramblock_ptr(block, addr - block->offset);
1813 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1814 * but takes a size argument.
1816 * By the time this function returns, the returned pointer is not protected
1817 * by RCU anymore. If the caller is not within an RCU critical section and
1818 * does not hold the iothread lock, it must have other means of protecting the
1819 * pointer, such as a reference to the region that includes the incoming
1822 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1828 if (xen_enabled()) {
1829 return xen_map_cache(addr, *size, 1);
1833 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1834 if (addr - block->offset < block->max_length) {
1835 if (addr - block->offset + *size > block->max_length)
1836 *size = block->max_length - addr + block->offset;
1837 ptr = ramblock_ptr(block, addr - block->offset);
1843 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1848 /* Some of the softmmu routines need to translate from a host pointer
1849 * (typically a TLB entry) back to a ram offset.
1851 * By the time this function returns, the returned pointer is not protected
1852 * by RCU anymore. If the caller is not within an RCU critical section and
1853 * does not hold the iothread lock, it must have other means of protecting the
1854 * pointer, such as a reference to the region that includes the incoming
1857 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1860 uint8_t *host = ptr;
1863 if (xen_enabled()) {
1865 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1866 mr = qemu_get_ram_block(*ram_addr)->mr;
1872 block = atomic_rcu_read(&ram_list.mru_block);
1873 if (block && block->host && host - block->host < block->max_length) {
1877 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1878 /* This case append when the block is not mapped. */
1879 if (block->host == NULL) {
1882 if (host - block->host < block->max_length) {
1891 *ram_addr = block->offset + (host - block->host);
1897 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1898 uint64_t val, unsigned size)
1900 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1901 tb_invalidate_phys_page_fast(ram_addr, size);
1905 stb_p(qemu_get_ram_ptr(ram_addr), val);
1908 stw_p(qemu_get_ram_ptr(ram_addr), val);
1911 stl_p(qemu_get_ram_ptr(ram_addr), val);
1916 /* Set both VGA and migration bits for simplicity and to remove
1917 * the notdirty callback faster.
1919 cpu_physical_memory_set_dirty_range(ram_addr, size,
1920 DIRTY_CLIENTS_NOCODE);
1921 /* we remove the notdirty callback only if the code has been
1923 if (!cpu_physical_memory_is_clean(ram_addr)) {
1924 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1928 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1929 unsigned size, bool is_write)
1934 static const MemoryRegionOps notdirty_mem_ops = {
1935 .write = notdirty_mem_write,
1936 .valid.accepts = notdirty_mem_accepts,
1937 .endianness = DEVICE_NATIVE_ENDIAN,
1940 /* Generate a debug exception if a watchpoint has been hit. */
1941 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1943 CPUState *cpu = current_cpu;
1944 CPUArchState *env = cpu->env_ptr;
1945 target_ulong pc, cs_base;
1950 if (cpu->watchpoint_hit) {
1951 /* We re-entered the check after replacing the TB. Now raise
1952 * the debug interrupt so that is will trigger after the
1953 * current instruction. */
1954 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1957 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1958 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1959 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1960 && (wp->flags & flags)) {
1961 if (flags == BP_MEM_READ) {
1962 wp->flags |= BP_WATCHPOINT_HIT_READ;
1964 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1966 wp->hitaddr = vaddr;
1967 wp->hitattrs = attrs;
1968 if (!cpu->watchpoint_hit) {
1969 cpu->watchpoint_hit = wp;
1970 tb_check_watchpoint(cpu);
1971 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1972 cpu->exception_index = EXCP_DEBUG;
1975 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1976 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1977 cpu_resume_from_signal(cpu, NULL);
1981 wp->flags &= ~BP_WATCHPOINT_HIT;
1986 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1987 so these check for a hit then pass through to the normal out-of-line
1989 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1990 unsigned size, MemTxAttrs attrs)
1995 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1998 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2001 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2004 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2012 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2013 uint64_t val, unsigned size,
2018 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2021 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2024 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2027 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2034 static const MemoryRegionOps watch_mem_ops = {
2035 .read_with_attrs = watch_mem_read,
2036 .write_with_attrs = watch_mem_write,
2037 .endianness = DEVICE_NATIVE_ENDIAN,
2040 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2041 unsigned len, MemTxAttrs attrs)
2043 subpage_t *subpage = opaque;
2047 #if defined(DEBUG_SUBPAGE)
2048 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2049 subpage, len, addr);
2051 res = address_space_read(subpage->as, addr + subpage->base,
2058 *data = ldub_p(buf);
2061 *data = lduw_p(buf);
2074 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2075 uint64_t value, unsigned len, MemTxAttrs attrs)
2077 subpage_t *subpage = opaque;
2080 #if defined(DEBUG_SUBPAGE)
2081 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2082 " value %"PRIx64"\n",
2083 __func__, subpage, len, addr, value);
2101 return address_space_write(subpage->as, addr + subpage->base,
2105 static bool subpage_accepts(void *opaque, hwaddr addr,
2106 unsigned len, bool is_write)
2108 subpage_t *subpage = opaque;
2109 #if defined(DEBUG_SUBPAGE)
2110 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2111 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2114 return address_space_access_valid(subpage->as, addr + subpage->base,
2118 static const MemoryRegionOps subpage_ops = {
2119 .read_with_attrs = subpage_read,
2120 .write_with_attrs = subpage_write,
2121 .impl.min_access_size = 1,
2122 .impl.max_access_size = 8,
2123 .valid.min_access_size = 1,
2124 .valid.max_access_size = 8,
2125 .valid.accepts = subpage_accepts,
2126 .endianness = DEVICE_NATIVE_ENDIAN,
2129 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2134 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2136 idx = SUBPAGE_IDX(start);
2137 eidx = SUBPAGE_IDX(end);
2138 #if defined(DEBUG_SUBPAGE)
2139 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2140 __func__, mmio, start, end, idx, eidx, section);
2142 for (; idx <= eidx; idx++) {
2143 mmio->sub_section[idx] = section;
2149 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2153 mmio = g_malloc0(sizeof(subpage_t));
2157 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2158 NULL, TARGET_PAGE_SIZE);
2159 mmio->iomem.subpage = true;
2160 #if defined(DEBUG_SUBPAGE)
2161 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2162 mmio, base, TARGET_PAGE_SIZE);
2164 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2169 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2173 MemoryRegionSection section = {
2174 .address_space = as,
2176 .offset_within_address_space = 0,
2177 .offset_within_region = 0,
2178 .size = int128_2_64(),
2181 return phys_section_add(map, §ion);
2184 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2186 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2187 MemoryRegionSection *sections = d->map.sections;
2189 return sections[index & ~TARGET_PAGE_MASK].mr;
2192 static void io_mem_init(void)
2194 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2195 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2197 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2199 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2203 static void mem_begin(MemoryListener *listener)
2205 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2206 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2209 n = dummy_section(&d->map, as, &io_mem_unassigned);
2210 assert(n == PHYS_SECTION_UNASSIGNED);
2211 n = dummy_section(&d->map, as, &io_mem_notdirty);
2212 assert(n == PHYS_SECTION_NOTDIRTY);
2213 n = dummy_section(&d->map, as, &io_mem_rom);
2214 assert(n == PHYS_SECTION_ROM);
2215 n = dummy_section(&d->map, as, &io_mem_watch);
2216 assert(n == PHYS_SECTION_WATCH);
2218 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2220 as->next_dispatch = d;
2223 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2225 phys_sections_free(&d->map);
2229 static void mem_commit(MemoryListener *listener)
2231 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2232 AddressSpaceDispatch *cur = as->dispatch;
2233 AddressSpaceDispatch *next = as->next_dispatch;
2235 phys_page_compact_all(next, next->map.nodes_nb);
2237 atomic_rcu_set(&as->dispatch, next);
2239 call_rcu(cur, address_space_dispatch_free, rcu);
2243 static void tcg_commit(MemoryListener *listener)
2247 /* since each CPU stores ram addresses in its TLB cache, we must
2248 reset the modified entries */
2251 /* FIXME: Disentangle the cpu.h circular files deps so we can
2252 directly get the right CPU from listener. */
2253 if (cpu->tcg_as_listener != listener) {
2256 cpu_reload_memory_map(cpu);
2260 void address_space_init_dispatch(AddressSpace *as)
2262 as->dispatch = NULL;
2263 as->dispatch_listener = (MemoryListener) {
2265 .commit = mem_commit,
2266 .region_add = mem_add,
2267 .region_nop = mem_add,
2270 memory_listener_register(&as->dispatch_listener, as);
2273 void address_space_unregister(AddressSpace *as)
2275 memory_listener_unregister(&as->dispatch_listener);
2278 void address_space_destroy_dispatch(AddressSpace *as)
2280 AddressSpaceDispatch *d = as->dispatch;
2282 atomic_rcu_set(&as->dispatch, NULL);
2284 call_rcu(d, address_space_dispatch_free, rcu);
2288 static void memory_map_init(void)
2290 system_memory = g_malloc(sizeof(*system_memory));
2292 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2293 address_space_init(&address_space_memory, system_memory, "memory");
2295 system_io = g_malloc(sizeof(*system_io));
2296 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2298 address_space_init(&address_space_io, system_io, "I/O");
2301 MemoryRegion *get_system_memory(void)
2303 return system_memory;
2306 MemoryRegion *get_system_io(void)
2311 #endif /* !defined(CONFIG_USER_ONLY) */
2313 /* physical memory access (slow version, mainly for debug) */
2314 #if defined(CONFIG_USER_ONLY)
2315 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2316 uint8_t *buf, int len, int is_write)
2323 page = addr & TARGET_PAGE_MASK;
2324 l = (page + TARGET_PAGE_SIZE) - addr;
2327 flags = page_get_flags(page);
2328 if (!(flags & PAGE_VALID))
2331 if (!(flags & PAGE_WRITE))
2333 /* XXX: this code should not depend on lock_user */
2334 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2337 unlock_user(p, addr, l);
2339 if (!(flags & PAGE_READ))
2341 /* XXX: this code should not depend on lock_user */
2342 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2345 unlock_user(p, addr, 0);
2356 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2359 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2360 /* No early return if dirty_log_mask is or becomes 0, because
2361 * cpu_physical_memory_set_dirty_range will still call
2362 * xen_modified_memory.
2364 if (dirty_log_mask) {
2366 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2368 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2369 tb_invalidate_phys_range(addr, addr + length);
2370 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2372 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2375 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2377 unsigned access_size_max = mr->ops->valid.max_access_size;
2379 /* Regions are assumed to support 1-4 byte accesses unless
2380 otherwise specified. */
2381 if (access_size_max == 0) {
2382 access_size_max = 4;
2385 /* Bound the maximum access by the alignment of the address. */
2386 if (!mr->ops->impl.unaligned) {
2387 unsigned align_size_max = addr & -addr;
2388 if (align_size_max != 0 && align_size_max < access_size_max) {
2389 access_size_max = align_size_max;
2393 /* Don't attempt accesses larger than the maximum. */
2394 if (l > access_size_max) {
2395 l = access_size_max;
2402 static bool prepare_mmio_access(MemoryRegion *mr)
2404 bool unlocked = !qemu_mutex_iothread_locked();
2405 bool release_lock = false;
2407 if (unlocked && mr->global_locking) {
2408 qemu_mutex_lock_iothread();
2410 release_lock = true;
2412 if (mr->flush_coalesced_mmio) {
2414 qemu_mutex_lock_iothread();
2416 qemu_flush_coalesced_mmio_buffer();
2418 qemu_mutex_unlock_iothread();
2422 return release_lock;
2425 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2426 uint8_t *buf, int len, bool is_write)
2433 MemTxResult result = MEMTX_OK;
2434 bool release_lock = false;
2439 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2442 if (!memory_access_is_direct(mr, is_write)) {
2443 release_lock |= prepare_mmio_access(mr);
2444 l = memory_access_size(mr, l, addr1);
2445 /* XXX: could force current_cpu to NULL to avoid
2449 /* 64 bit write access */
2451 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2455 /* 32 bit write access */
2457 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2461 /* 16 bit write access */
2463 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2467 /* 8 bit write access */
2469 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2476 addr1 += memory_region_get_ram_addr(mr);
2478 ptr = qemu_get_ram_ptr(addr1);
2479 memcpy(ptr, buf, l);
2480 invalidate_and_set_dirty(mr, addr1, l);
2483 if (!memory_access_is_direct(mr, is_write)) {
2485 release_lock |= prepare_mmio_access(mr);
2486 l = memory_access_size(mr, l, addr1);
2489 /* 64 bit read access */
2490 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2495 /* 32 bit read access */
2496 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2501 /* 16 bit read access */
2502 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2507 /* 8 bit read access */
2508 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2517 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2518 memcpy(buf, ptr, l);
2523 qemu_mutex_unlock_iothread();
2524 release_lock = false;
2536 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2537 const uint8_t *buf, int len)
2539 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2542 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2543 uint8_t *buf, int len)
2545 return address_space_rw(as, addr, attrs, buf, len, false);
2549 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2550 int len, int is_write)
2552 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2553 buf, len, is_write);
2556 enum write_rom_type {
2561 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2562 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2572 mr = address_space_translate(as, addr, &addr1, &l, true);
2574 if (!(memory_region_is_ram(mr) ||
2575 memory_region_is_romd(mr))) {
2576 l = memory_access_size(mr, l, addr1);
2578 addr1 += memory_region_get_ram_addr(mr);
2580 ptr = qemu_get_ram_ptr(addr1);
2583 memcpy(ptr, buf, l);
2584 invalidate_and_set_dirty(mr, addr1, l);
2587 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2598 /* used for ROM loading : can write in RAM and ROM */
2599 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2600 const uint8_t *buf, int len)
2602 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2605 void cpu_flush_icache_range(hwaddr start, int len)
2608 * This function should do the same thing as an icache flush that was
2609 * triggered from within the guest. For TCG we are always cache coherent,
2610 * so there is no need to flush anything. For KVM / Xen we need to flush
2611 * the host's instruction cache at least.
2613 if (tcg_enabled()) {
2617 cpu_physical_memory_write_rom_internal(&address_space_memory,
2618 start, NULL, len, FLUSH_CACHE);
2629 static BounceBuffer bounce;
2631 typedef struct MapClient {
2633 QLIST_ENTRY(MapClient) link;
2636 QemuMutex map_client_list_lock;
2637 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2638 = QLIST_HEAD_INITIALIZER(map_client_list);
2640 static void cpu_unregister_map_client_do(MapClient *client)
2642 QLIST_REMOVE(client, link);
2646 static void cpu_notify_map_clients_locked(void)
2650 while (!QLIST_EMPTY(&map_client_list)) {
2651 client = QLIST_FIRST(&map_client_list);
2652 qemu_bh_schedule(client->bh);
2653 cpu_unregister_map_client_do(client);
2657 void cpu_register_map_client(QEMUBH *bh)
2659 MapClient *client = g_malloc(sizeof(*client));
2661 qemu_mutex_lock(&map_client_list_lock);
2663 QLIST_INSERT_HEAD(&map_client_list, client, link);
2664 if (!atomic_read(&bounce.in_use)) {
2665 cpu_notify_map_clients_locked();
2667 qemu_mutex_unlock(&map_client_list_lock);
2670 void cpu_exec_init_all(void)
2672 qemu_mutex_init(&ram_list.mutex);
2675 qemu_mutex_init(&map_client_list_lock);
2678 void cpu_unregister_map_client(QEMUBH *bh)
2682 qemu_mutex_lock(&map_client_list_lock);
2683 QLIST_FOREACH(client, &map_client_list, link) {
2684 if (client->bh == bh) {
2685 cpu_unregister_map_client_do(client);
2689 qemu_mutex_unlock(&map_client_list_lock);
2692 static void cpu_notify_map_clients(void)
2694 qemu_mutex_lock(&map_client_list_lock);
2695 cpu_notify_map_clients_locked();
2696 qemu_mutex_unlock(&map_client_list_lock);
2699 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2707 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2708 if (!memory_access_is_direct(mr, is_write)) {
2709 l = memory_access_size(mr, l, addr);
2710 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2722 /* Map a physical memory region into a host virtual address.
2723 * May map a subset of the requested range, given by and returned in *plen.
2724 * May return NULL if resources needed to perform the mapping are exhausted.
2725 * Use only for reads OR writes - not for read-modify-write operations.
2726 * Use cpu_register_map_client() to know when retrying the map operation is
2727 * likely to succeed.
2729 void *address_space_map(AddressSpace *as,
2736 hwaddr l, xlat, base;
2737 MemoryRegion *mr, *this_mr;
2746 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2748 if (!memory_access_is_direct(mr, is_write)) {
2749 if (atomic_xchg(&bounce.in_use, true)) {
2753 /* Avoid unbounded allocations */
2754 l = MIN(l, TARGET_PAGE_SIZE);
2755 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2759 memory_region_ref(mr);
2762 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2768 return bounce.buffer;
2772 raddr = memory_region_get_ram_addr(mr);
2783 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2784 if (this_mr != mr || xlat != base + done) {
2789 memory_region_ref(mr);
2792 return qemu_ram_ptr_length(raddr + base, plen);
2795 /* Unmaps a memory region previously mapped by address_space_map().
2796 * Will also mark the memory as dirty if is_write == 1. access_len gives
2797 * the amount of memory that was actually read or written by the caller.
2799 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2800 int is_write, hwaddr access_len)
2802 if (buffer != bounce.buffer) {
2806 mr = qemu_ram_addr_from_host(buffer, &addr1);
2809 invalidate_and_set_dirty(mr, addr1, access_len);
2811 if (xen_enabled()) {
2812 xen_invalidate_map_cache_entry(buffer);
2814 memory_region_unref(mr);
2818 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2819 bounce.buffer, access_len);
2821 qemu_vfree(bounce.buffer);
2822 bounce.buffer = NULL;
2823 memory_region_unref(bounce.mr);
2824 atomic_mb_set(&bounce.in_use, false);
2825 cpu_notify_map_clients();
2828 void *cpu_physical_memory_map(hwaddr addr,
2832 return address_space_map(&address_space_memory, addr, plen, is_write);
2835 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2836 int is_write, hwaddr access_len)
2838 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2841 /* warning: addr must be aligned */
2842 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2844 MemTxResult *result,
2845 enum device_endian endian)
2853 bool release_lock = false;
2856 mr = address_space_translate(as, addr, &addr1, &l, false);
2857 if (l < 4 || !memory_access_is_direct(mr, false)) {
2858 release_lock |= prepare_mmio_access(mr);
2861 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2862 #if defined(TARGET_WORDS_BIGENDIAN)
2863 if (endian == DEVICE_LITTLE_ENDIAN) {
2867 if (endian == DEVICE_BIG_ENDIAN) {
2873 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2877 case DEVICE_LITTLE_ENDIAN:
2878 val = ldl_le_p(ptr);
2880 case DEVICE_BIG_ENDIAN:
2881 val = ldl_be_p(ptr);
2893 qemu_mutex_unlock_iothread();
2899 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2900 MemTxAttrs attrs, MemTxResult *result)
2902 return address_space_ldl_internal(as, addr, attrs, result,
2903 DEVICE_NATIVE_ENDIAN);
2906 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2907 MemTxAttrs attrs, MemTxResult *result)
2909 return address_space_ldl_internal(as, addr, attrs, result,
2910 DEVICE_LITTLE_ENDIAN);
2913 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2914 MemTxAttrs attrs, MemTxResult *result)
2916 return address_space_ldl_internal(as, addr, attrs, result,
2920 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2922 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2925 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2927 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2930 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2932 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2935 /* warning: addr must be aligned */
2936 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2938 MemTxResult *result,
2939 enum device_endian endian)
2947 bool release_lock = false;
2950 mr = address_space_translate(as, addr, &addr1, &l,
2952 if (l < 8 || !memory_access_is_direct(mr, false)) {
2953 release_lock |= prepare_mmio_access(mr);
2956 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2957 #if defined(TARGET_WORDS_BIGENDIAN)
2958 if (endian == DEVICE_LITTLE_ENDIAN) {
2962 if (endian == DEVICE_BIG_ENDIAN) {
2968 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2972 case DEVICE_LITTLE_ENDIAN:
2973 val = ldq_le_p(ptr);
2975 case DEVICE_BIG_ENDIAN:
2976 val = ldq_be_p(ptr);
2988 qemu_mutex_unlock_iothread();
2994 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2995 MemTxAttrs attrs, MemTxResult *result)
2997 return address_space_ldq_internal(as, addr, attrs, result,
2998 DEVICE_NATIVE_ENDIAN);
3001 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3002 MemTxAttrs attrs, MemTxResult *result)
3004 return address_space_ldq_internal(as, addr, attrs, result,
3005 DEVICE_LITTLE_ENDIAN);
3008 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3009 MemTxAttrs attrs, MemTxResult *result)
3011 return address_space_ldq_internal(as, addr, attrs, result,
3015 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3017 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3020 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3022 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3025 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3027 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3031 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3032 MemTxAttrs attrs, MemTxResult *result)
3037 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3044 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3046 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3049 /* warning: addr must be aligned */
3050 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3053 MemTxResult *result,
3054 enum device_endian endian)
3062 bool release_lock = false;
3065 mr = address_space_translate(as, addr, &addr1, &l,
3067 if (l < 2 || !memory_access_is_direct(mr, false)) {
3068 release_lock |= prepare_mmio_access(mr);
3071 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3072 #if defined(TARGET_WORDS_BIGENDIAN)
3073 if (endian == DEVICE_LITTLE_ENDIAN) {
3077 if (endian == DEVICE_BIG_ENDIAN) {
3083 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3087 case DEVICE_LITTLE_ENDIAN:
3088 val = lduw_le_p(ptr);
3090 case DEVICE_BIG_ENDIAN:
3091 val = lduw_be_p(ptr);
3103 qemu_mutex_unlock_iothread();
3109 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3110 MemTxAttrs attrs, MemTxResult *result)
3112 return address_space_lduw_internal(as, addr, attrs, result,
3113 DEVICE_NATIVE_ENDIAN);
3116 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3117 MemTxAttrs attrs, MemTxResult *result)
3119 return address_space_lduw_internal(as, addr, attrs, result,
3120 DEVICE_LITTLE_ENDIAN);
3123 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3124 MemTxAttrs attrs, MemTxResult *result)
3126 return address_space_lduw_internal(as, addr, attrs, result,
3130 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3132 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3135 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3137 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3140 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3142 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3145 /* warning: addr must be aligned. The ram page is not masked as dirty
3146 and the code inside is not invalidated. It is useful if the dirty
3147 bits are used to track modified PTEs */
3148 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3149 MemTxAttrs attrs, MemTxResult *result)
3156 uint8_t dirty_log_mask;
3157 bool release_lock = false;
3160 mr = address_space_translate(as, addr, &addr1, &l,
3162 if (l < 4 || !memory_access_is_direct(mr, true)) {
3163 release_lock |= prepare_mmio_access(mr);
3165 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3167 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3168 ptr = qemu_get_ram_ptr(addr1);
3171 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3172 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3173 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3180 qemu_mutex_unlock_iothread();
3185 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3187 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3190 /* warning: addr must be aligned */
3191 static inline void address_space_stl_internal(AddressSpace *as,
3192 hwaddr addr, uint32_t val,
3194 MemTxResult *result,
3195 enum device_endian endian)
3202 bool release_lock = false;
3205 mr = address_space_translate(as, addr, &addr1, &l,
3207 if (l < 4 || !memory_access_is_direct(mr, true)) {
3208 release_lock |= prepare_mmio_access(mr);
3210 #if defined(TARGET_WORDS_BIGENDIAN)
3211 if (endian == DEVICE_LITTLE_ENDIAN) {
3215 if (endian == DEVICE_BIG_ENDIAN) {
3219 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3222 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3223 ptr = qemu_get_ram_ptr(addr1);
3225 case DEVICE_LITTLE_ENDIAN:
3228 case DEVICE_BIG_ENDIAN:
3235 invalidate_and_set_dirty(mr, addr1, 4);
3242 qemu_mutex_unlock_iothread();
3247 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3248 MemTxAttrs attrs, MemTxResult *result)
3250 address_space_stl_internal(as, addr, val, attrs, result,
3251 DEVICE_NATIVE_ENDIAN);
3254 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3255 MemTxAttrs attrs, MemTxResult *result)
3257 address_space_stl_internal(as, addr, val, attrs, result,
3258 DEVICE_LITTLE_ENDIAN);
3261 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3262 MemTxAttrs attrs, MemTxResult *result)
3264 address_space_stl_internal(as, addr, val, attrs, result,
3268 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3270 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3273 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3275 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3278 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3280 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3284 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3285 MemTxAttrs attrs, MemTxResult *result)
3290 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3296 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3298 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3301 /* warning: addr must be aligned */
3302 static inline void address_space_stw_internal(AddressSpace *as,
3303 hwaddr addr, uint32_t val,
3305 MemTxResult *result,
3306 enum device_endian endian)
3313 bool release_lock = false;
3316 mr = address_space_translate(as, addr, &addr1, &l, true);
3317 if (l < 2 || !memory_access_is_direct(mr, true)) {
3318 release_lock |= prepare_mmio_access(mr);
3320 #if defined(TARGET_WORDS_BIGENDIAN)
3321 if (endian == DEVICE_LITTLE_ENDIAN) {
3325 if (endian == DEVICE_BIG_ENDIAN) {
3329 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3332 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3333 ptr = qemu_get_ram_ptr(addr1);
3335 case DEVICE_LITTLE_ENDIAN:
3338 case DEVICE_BIG_ENDIAN:
3345 invalidate_and_set_dirty(mr, addr1, 2);
3352 qemu_mutex_unlock_iothread();
3357 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3358 MemTxAttrs attrs, MemTxResult *result)
3360 address_space_stw_internal(as, addr, val, attrs, result,
3361 DEVICE_NATIVE_ENDIAN);
3364 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3365 MemTxAttrs attrs, MemTxResult *result)
3367 address_space_stw_internal(as, addr, val, attrs, result,
3368 DEVICE_LITTLE_ENDIAN);
3371 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3372 MemTxAttrs attrs, MemTxResult *result)
3374 address_space_stw_internal(as, addr, val, attrs, result,
3378 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3380 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3383 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3385 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3388 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3390 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3394 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3395 MemTxAttrs attrs, MemTxResult *result)
3399 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3405 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3406 MemTxAttrs attrs, MemTxResult *result)
3409 val = cpu_to_le64(val);
3410 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3415 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3416 MemTxAttrs attrs, MemTxResult *result)
3419 val = cpu_to_be64(val);
3420 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3426 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3428 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3431 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3433 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3436 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3438 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3441 /* virtual memory access for debug (includes writing to ROM) */
3442 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3443 uint8_t *buf, int len, int is_write)
3450 page = addr & TARGET_PAGE_MASK;
3451 phys_addr = cpu_get_phys_page_debug(cpu, page);
3452 /* if no physical page mapped, return an error */
3453 if (phys_addr == -1)
3455 l = (page + TARGET_PAGE_SIZE) - addr;
3458 phys_addr += (addr & ~TARGET_PAGE_MASK);
3460 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3462 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3474 * A helper function for the _utterly broken_ virtio device model to find out if
3475 * it's running on a big endian machine. Don't do this at home kids!
3477 bool target_words_bigendian(void);
3478 bool target_words_bigendian(void)
3480 #if defined(TARGET_WORDS_BIGENDIAN)
3487 #ifndef CONFIG_USER_ONLY
3488 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3495 mr = address_space_translate(&address_space_memory,
3496 phys_addr, &phys_addr, &l, false);
3498 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3503 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3509 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3510 ret = func(block->idstr, block->host, block->offset,
3511 block->used_length, opaque);
projects / sdk / emulator / qemu.git / blob