4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
53 //#define DEBUG_SUBPAGE
55 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 CPUArchState *first_cpu;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUArchState *,cpu_single_env);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 struct AddressSpaceDispatch {
92 /* This is a multi-level map on the physical address space.
93 * The bottom level has pointers to MemoryRegionSections.
95 PhysPageEntry phys_map;
96 MemoryListener listener;
100 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
101 typedef struct subpage_t {
105 uint16_t sub_section[TARGET_PAGE_SIZE];
108 static MemoryRegionSection *phys_sections;
109 static unsigned phys_sections_nb, phys_sections_nb_alloc;
110 static uint16_t phys_section_unassigned;
111 static uint16_t phys_section_notdirty;
112 static uint16_t phys_section_rom;
113 static uint16_t phys_section_watch;
115 /* Simple allocator for PhysPageEntry nodes */
116 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
117 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121 static void io_mem_init(void);
122 static void memory_map_init(void);
123 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125 static MemoryRegion io_mem_watch;
128 #if !defined(CONFIG_USER_ONLY)
130 static void phys_map_node_reserve(unsigned nodes)
132 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
133 typedef PhysPageEntry Node[L2_SIZE];
134 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
136 phys_map_nodes_nb + nodes);
137 phys_map_nodes = g_renew(Node, phys_map_nodes,
138 phys_map_nodes_nb_alloc);
142 static uint16_t phys_map_node_alloc(void)
147 ret = phys_map_nodes_nb++;
148 assert(ret != PHYS_MAP_NODE_NIL);
149 assert(ret != phys_map_nodes_nb_alloc);
150 for (i = 0; i < L2_SIZE; ++i) {
151 phys_map_nodes[ret][i].is_leaf = 0;
152 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
157 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
158 hwaddr *nb, uint16_t leaf,
163 hwaddr step = (hwaddr)1 << (level * L2_BITS);
165 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
166 lp->ptr = phys_map_node_alloc();
167 p = phys_map_nodes[lp->ptr];
169 for (i = 0; i < L2_SIZE; i++) {
171 p[i].ptr = phys_section_unassigned;
175 p = phys_map_nodes[lp->ptr];
177 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
179 while (*nb && lp < &p[L2_SIZE]) {
180 if ((*index & (step - 1)) == 0 && *nb >= step) {
186 phys_page_set_level(lp, index, nb, leaf, level - 1);
192 static void phys_page_set(AddressSpaceDispatch *d,
193 hwaddr index, hwaddr nb,
196 /* Wildly overreserve - it doesn't matter much. */
197 phys_map_node_reserve(3 * P_L2_LEVELS);
199 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
202 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
204 PhysPageEntry lp = d->phys_map;
208 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
209 if (lp.ptr == PHYS_MAP_NODE_NIL) {
210 return &phys_sections[phys_section_unassigned];
212 p = phys_map_nodes[lp.ptr];
213 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
215 return &phys_sections[lp.ptr];
218 bool memory_region_is_unassigned(MemoryRegion *mr)
220 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
221 && mr != &io_mem_watch;
224 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
226 bool resolve_subpage)
228 MemoryRegionSection *section;
231 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
232 if (resolve_subpage && section->mr->subpage) {
233 subpage = container_of(section->mr, subpage_t, iomem);
234 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
239 static MemoryRegionSection *
240 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
241 hwaddr *plen, bool resolve_subpage)
243 MemoryRegionSection *section;
246 section = address_space_lookup_region(as, addr, resolve_subpage);
247 /* Compute offset within MemoryRegionSection */
248 addr -= section->offset_within_address_space;
250 /* Compute offset within MemoryRegion */
251 *xlat = addr + section->offset_within_region;
253 diff = int128_sub(section->mr->size, int128_make64(addr));
254 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
258 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
259 hwaddr *xlat, hwaddr *plen,
263 MemoryRegionSection *section;
268 section = address_space_translate_internal(as, addr, &addr, plen, true);
271 if (!mr->iommu_ops) {
275 iotlb = mr->iommu_ops->translate(mr, addr);
276 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
277 | (addr & iotlb.addr_mask));
278 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
279 if (!(iotlb.perm & (1 << is_write))) {
280 mr = &io_mem_unassigned;
284 as = iotlb.target_as;
292 MemoryRegionSection *
293 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
296 MemoryRegionSection *section;
297 section = address_space_translate_internal(as, addr, xlat, plen, false);
299 assert(!section->mr->iommu_ops);
304 void cpu_exec_init_all(void)
306 #if !defined(CONFIG_USER_ONLY)
307 qemu_mutex_init(&ram_list.mutex);
313 #if !defined(CONFIG_USER_ONLY)
315 static int cpu_common_post_load(void *opaque, int version_id)
317 CPUState *cpu = opaque;
319 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
320 version_id is increased. */
321 cpu->interrupt_request &= ~0x01;
322 tlb_flush(cpu->env_ptr, 1);
327 const VMStateDescription vmstate_cpu_common = {
328 .name = "cpu_common",
330 .minimum_version_id = 1,
331 .minimum_version_id_old = 1,
332 .post_load = cpu_common_post_load,
333 .fields = (VMStateField []) {
334 VMSTATE_UINT32(halted, CPUState),
335 VMSTATE_UINT32(interrupt_request, CPUState),
336 VMSTATE_END_OF_LIST()
342 CPUState *qemu_get_cpu(int index)
344 CPUArchState *env = first_cpu;
345 CPUState *cpu = NULL;
348 cpu = ENV_GET_CPU(env);
349 if (cpu->cpu_index == index) {
355 return env ? cpu : NULL;
358 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
360 CPUArchState *env = first_cpu;
363 func(ENV_GET_CPU(env), data);
368 void cpu_exec_init(CPUArchState *env)
370 CPUState *cpu = ENV_GET_CPU(env);
371 CPUClass *cc = CPU_GET_CLASS(cpu);
375 #if defined(CONFIG_USER_ONLY)
378 env->next_cpu = NULL;
381 while (*penv != NULL) {
382 penv = &(*penv)->next_cpu;
385 cpu->cpu_index = cpu_index;
387 QTAILQ_INIT(&env->breakpoints);
388 QTAILQ_INIT(&env->watchpoints);
389 #ifndef CONFIG_USER_ONLY
390 cpu->thread_id = qemu_get_thread_id();
393 #if defined(CONFIG_USER_ONLY)
396 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
397 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
398 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
399 cpu_save, cpu_load, env);
400 assert(cc->vmsd == NULL);
402 if (cc->vmsd != NULL) {
403 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
407 #if defined(TARGET_HAS_ICE)
408 #if defined(CONFIG_USER_ONLY)
409 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
411 tb_invalidate_phys_page_range(pc, pc + 1, 0);
414 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
416 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
417 (pc & ~TARGET_PAGE_MASK));
420 #endif /* TARGET_HAS_ICE */
422 #if defined(CONFIG_USER_ONLY)
423 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
428 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
429 int flags, CPUWatchpoint **watchpoint)
434 /* Add a watchpoint. */
435 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
436 int flags, CPUWatchpoint **watchpoint)
438 target_ulong len_mask = ~(len - 1);
441 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
442 if ((len & (len - 1)) || (addr & ~len_mask) ||
443 len == 0 || len > TARGET_PAGE_SIZE) {
444 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
445 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
448 wp = g_malloc(sizeof(*wp));
451 wp->len_mask = len_mask;
454 /* keep all GDB-injected watchpoints in front */
456 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
458 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
460 tlb_flush_page(env, addr);
467 /* Remove a specific watchpoint. */
468 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
471 target_ulong len_mask = ~(len - 1);
474 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
475 if (addr == wp->vaddr && len_mask == wp->len_mask
476 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
477 cpu_watchpoint_remove_by_ref(env, wp);
484 /* Remove a specific watchpoint by reference. */
485 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
487 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
489 tlb_flush_page(env, watchpoint->vaddr);
494 /* Remove all matching watchpoints. */
495 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
497 CPUWatchpoint *wp, *next;
499 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
500 if (wp->flags & mask)
501 cpu_watchpoint_remove_by_ref(env, wp);
506 /* Add a breakpoint. */
507 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
508 CPUBreakpoint **breakpoint)
510 #if defined(TARGET_HAS_ICE)
513 bp = g_malloc(sizeof(*bp));
518 /* keep all GDB-injected breakpoints in front */
520 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
522 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
524 breakpoint_invalidate(env, pc);
534 /* Remove a specific breakpoint. */
535 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
537 #if defined(TARGET_HAS_ICE)
540 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
541 if (bp->pc == pc && bp->flags == flags) {
542 cpu_breakpoint_remove_by_ref(env, bp);
552 /* Remove a specific breakpoint by reference. */
553 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
555 #if defined(TARGET_HAS_ICE)
556 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
558 breakpoint_invalidate(env, breakpoint->pc);
564 /* Remove all matching breakpoints. */
565 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
567 #if defined(TARGET_HAS_ICE)
568 CPUBreakpoint *bp, *next;
570 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
571 if (bp->flags & mask)
572 cpu_breakpoint_remove_by_ref(env, bp);
577 /* enable or disable single step mode. EXCP_DEBUG is returned by the
578 CPU loop after each instruction */
579 void cpu_single_step(CPUArchState *env, int enabled)
581 #if defined(TARGET_HAS_ICE)
582 if (env->singlestep_enabled != enabled) {
583 env->singlestep_enabled = enabled;
585 kvm_update_guest_debug(env, 0);
587 /* must flush all the translated code to avoid inconsistencies */
588 /* XXX: only flush what is necessary */
595 void cpu_abort(CPUArchState *env, const char *fmt, ...)
597 CPUState *cpu = ENV_GET_CPU(env);
603 fprintf(stderr, "qemu: fatal: ");
604 vfprintf(stderr, fmt, ap);
605 fprintf(stderr, "\n");
606 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
607 if (qemu_log_enabled()) {
608 qemu_log("qemu: fatal: ");
609 qemu_log_vprintf(fmt, ap2);
611 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
617 #if defined(CONFIG_USER_ONLY)
619 struct sigaction act;
620 sigfillset(&act.sa_mask);
621 act.sa_handler = SIG_DFL;
622 sigaction(SIGABRT, &act, NULL);
628 CPUArchState *cpu_copy(CPUArchState *env)
630 CPUArchState *new_env = cpu_init(env->cpu_model_str);
631 CPUArchState *next_cpu = new_env->next_cpu;
632 #if defined(TARGET_HAS_ICE)
637 memcpy(new_env, env, sizeof(CPUArchState));
639 /* Preserve chaining. */
640 new_env->next_cpu = next_cpu;
642 /* Clone all break/watchpoints.
643 Note: Once we support ptrace with hw-debug register access, make sure
644 BP_CPU break/watchpoints are handled correctly on clone. */
645 QTAILQ_INIT(&env->breakpoints);
646 QTAILQ_INIT(&env->watchpoints);
647 #if defined(TARGET_HAS_ICE)
648 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
649 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
651 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
652 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
660 #if !defined(CONFIG_USER_ONLY)
661 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
666 /* we modify the TLB cache so that the dirty bit will be set again
667 when accessing the range */
668 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
669 /* Check that we don't span multiple blocks - this breaks the
670 address comparisons below. */
671 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
672 != (end - 1) - start) {
675 cpu_tlb_reset_dirty_all(start1, length);
679 /* Note: start and end must be within the same ram block. */
680 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
685 start &= TARGET_PAGE_MASK;
686 end = TARGET_PAGE_ALIGN(end);
688 length = end - start;
691 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
694 tlb_reset_dirty_range_all(start, end, length);
698 static int cpu_physical_memory_set_dirty_tracking(int enable)
701 in_migration = enable;
705 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
706 MemoryRegionSection *section,
708 hwaddr paddr, hwaddr xlat,
710 target_ulong *address)
715 if (memory_region_is_ram(section->mr)) {
717 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
719 if (!section->readonly) {
720 iotlb |= phys_section_notdirty;
722 iotlb |= phys_section_rom;
725 iotlb = section - phys_sections;
729 /* Make accesses to pages with watchpoints go via the
730 watchpoint trap routines. */
731 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
732 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
733 /* Avoid trapping reads of pages with a write breakpoint. */
734 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
735 iotlb = phys_section_watch + paddr;
736 *address |= TLB_MMIO;
744 #endif /* defined(CONFIG_USER_ONLY) */
746 #if !defined(CONFIG_USER_ONLY)
748 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
750 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
752 static uint16_t phys_section_add(MemoryRegionSection *section)
754 /* The physical section number is ORed with a page-aligned
755 * pointer to produce the iotlb entries. Thus it should
756 * never overflow into the page-aligned value.
758 assert(phys_sections_nb < TARGET_PAGE_SIZE);
760 if (phys_sections_nb == phys_sections_nb_alloc) {
761 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
762 phys_sections = g_renew(MemoryRegionSection, phys_sections,
763 phys_sections_nb_alloc);
765 phys_sections[phys_sections_nb] = *section;
766 memory_region_ref(section->mr);
767 return phys_sections_nb++;
770 static void phys_section_destroy(MemoryRegion *mr)
772 memory_region_unref(mr);
775 subpage_t *subpage = container_of(mr, subpage_t, iomem);
776 memory_region_destroy(&subpage->iomem);
781 static void phys_sections_clear(void)
783 while (phys_sections_nb > 0) {
784 MemoryRegionSection *section = &phys_sections[--phys_sections_nb];
785 phys_section_destroy(section->mr);
787 phys_map_nodes_nb = 0;
790 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
793 hwaddr base = section->offset_within_address_space
795 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
796 MemoryRegionSection subsection = {
797 .offset_within_address_space = base,
798 .size = int128_make64(TARGET_PAGE_SIZE),
802 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
804 if (!(existing->mr->subpage)) {
805 subpage = subpage_init(d->as, base);
806 subsection.mr = &subpage->iomem;
807 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
808 phys_section_add(&subsection));
810 subpage = container_of(existing->mr, subpage_t, iomem);
812 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
813 end = start + int128_get64(section->size) - 1;
814 subpage_register(subpage, start, end, phys_section_add(section));
818 static void register_multipage(AddressSpaceDispatch *d,
819 MemoryRegionSection *section)
821 hwaddr start_addr = section->offset_within_address_space;
822 uint16_t section_index = phys_section_add(section);
823 uint64_t num_pages = int128_get64(int128_rshift(section->size,
827 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
830 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
832 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
833 MemoryRegionSection now = *section, remain = *section;
834 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
836 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
837 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
838 - now.offset_within_address_space;
840 now.size = int128_min(int128_make64(left), now.size);
841 register_subpage(d, &now);
843 now.size = int128_zero();
845 while (int128_ne(remain.size, now.size)) {
846 remain.size = int128_sub(remain.size, now.size);
847 remain.offset_within_address_space += int128_get64(now.size);
848 remain.offset_within_region += int128_get64(now.size);
850 if (int128_lt(remain.size, page_size)) {
851 register_subpage(d, &now);
852 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
853 now.size = page_size;
854 register_subpage(d, &now);
856 now.size = int128_and(now.size, int128_neg(page_size));
857 register_multipage(d, &now);
862 void qemu_flush_coalesced_mmio_buffer(void)
865 kvm_flush_coalesced_mmio_buffer();
868 void qemu_mutex_lock_ramlist(void)
870 qemu_mutex_lock(&ram_list.mutex);
873 void qemu_mutex_unlock_ramlist(void)
875 qemu_mutex_unlock(&ram_list.mutex);
878 #if defined(__linux__) && !defined(TARGET_S390X)
882 #define HUGETLBFS_MAGIC 0x958458f6
884 static long gethugepagesize(const char *path)
890 ret = statfs(path, &fs);
891 } while (ret != 0 && errno == EINTR);
898 if (fs.f_type != HUGETLBFS_MAGIC)
899 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
904 static void *file_ram_alloc(RAMBlock *block,
909 char *sanitized_name;
916 unsigned long hpagesize;
918 hpagesize = gethugepagesize(path);
923 if (memory < hpagesize) {
927 if (kvm_enabled() && !kvm_has_sync_mmu()) {
928 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
932 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
933 sanitized_name = g_strdup(block->mr->name);
934 for (c = sanitized_name; *c != '\0'; c++) {
939 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
941 g_free(sanitized_name);
943 fd = mkstemp(filename);
945 perror("unable to create backing store for hugepages");
952 memory = (memory+hpagesize-1) & ~(hpagesize-1);
955 * ftruncate is not supported by hugetlbfs in older
956 * hosts, so don't bother bailing out on errors.
957 * If anything goes wrong with it under other filesystems,
960 if (ftruncate(fd, memory))
964 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
965 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
966 * to sidestep this quirk.
968 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
969 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
971 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
973 if (area == MAP_FAILED) {
974 perror("file_ram_alloc: can't mmap RAM pages");
983 static ram_addr_t find_ram_offset(ram_addr_t size)
985 RAMBlock *block, *next_block;
986 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
988 assert(size != 0); /* it would hand out same offset multiple times */
990 if (QTAILQ_EMPTY(&ram_list.blocks))
993 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
994 ram_addr_t end, next = RAM_ADDR_MAX;
996 end = block->offset + block->length;
998 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
999 if (next_block->offset >= end) {
1000 next = MIN(next, next_block->offset);
1003 if (next - end >= size && next - end < mingap) {
1005 mingap = next - end;
1009 if (offset == RAM_ADDR_MAX) {
1010 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1018 ram_addr_t last_ram_offset(void)
1021 ram_addr_t last = 0;
1023 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1024 last = MAX(last, block->offset + block->length);
1029 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1032 QemuOpts *machine_opts;
1034 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1035 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1037 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1038 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1040 perror("qemu_madvise");
1041 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1042 "but dump_guest_core=off specified\n");
1047 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1049 RAMBlock *new_block, *block;
1052 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1053 if (block->offset == addr) {
1059 assert(!new_block->idstr[0]);
1062 char *id = qdev_get_dev_path(dev);
1064 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1068 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1070 /* This assumes the iothread lock is taken here too. */
1071 qemu_mutex_lock_ramlist();
1072 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1073 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1074 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1079 qemu_mutex_unlock_ramlist();
1082 static int memory_try_enable_merging(void *addr, size_t len)
1086 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1087 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1088 /* disabled by the user */
1092 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1095 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1098 RAMBlock *block, *new_block;
1100 size = TARGET_PAGE_ALIGN(size);
1101 new_block = g_malloc0(sizeof(*new_block));
1103 /* This assumes the iothread lock is taken here too. */
1104 qemu_mutex_lock_ramlist();
1106 new_block->offset = find_ram_offset(size);
1108 new_block->host = host;
1109 new_block->flags |= RAM_PREALLOC_MASK;
1112 #if defined (__linux__) && !defined(TARGET_S390X)
1113 new_block->host = file_ram_alloc(new_block, size, mem_path);
1114 if (!new_block->host) {
1115 new_block->host = qemu_anon_ram_alloc(size);
1116 memory_try_enable_merging(new_block->host, size);
1119 fprintf(stderr, "-mem-path option unsupported\n");
1123 if (xen_enabled()) {
1124 xen_ram_alloc(new_block->offset, size, mr);
1125 } else if (kvm_enabled()) {
1126 /* some s390/kvm configurations have special constraints */
1127 new_block->host = kvm_ram_alloc(size);
1129 new_block->host = qemu_anon_ram_alloc(size);
1131 memory_try_enable_merging(new_block->host, size);
1134 new_block->length = size;
1136 /* Keep the list sorted from biggest to smallest block. */
1137 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1138 if (block->length < new_block->length) {
1143 QTAILQ_INSERT_BEFORE(block, new_block, next);
1145 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1147 ram_list.mru_block = NULL;
1150 qemu_mutex_unlock_ramlist();
1152 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1153 last_ram_offset() >> TARGET_PAGE_BITS);
1154 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1155 0, size >> TARGET_PAGE_BITS);
1156 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1158 qemu_ram_setup_dump(new_block->host, size);
1159 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1162 kvm_setup_guest_memory(new_block->host, size);
1164 return new_block->offset;
1167 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1169 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1172 void qemu_ram_free_from_ptr(ram_addr_t addr)
1176 /* This assumes the iothread lock is taken here too. */
1177 qemu_mutex_lock_ramlist();
1178 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1179 if (addr == block->offset) {
1180 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1181 ram_list.mru_block = NULL;
1187 qemu_mutex_unlock_ramlist();
1190 void qemu_ram_free(ram_addr_t addr)
1194 /* This assumes the iothread lock is taken here too. */
1195 qemu_mutex_lock_ramlist();
1196 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1197 if (addr == block->offset) {
1198 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1199 ram_list.mru_block = NULL;
1201 if (block->flags & RAM_PREALLOC_MASK) {
1203 } else if (mem_path) {
1204 #if defined (__linux__) && !defined(TARGET_S390X)
1206 munmap(block->host, block->length);
1209 qemu_anon_ram_free(block->host, block->length);
1215 if (xen_enabled()) {
1216 xen_invalidate_map_cache_entry(block->host);
1218 qemu_anon_ram_free(block->host, block->length);
1225 qemu_mutex_unlock_ramlist();
1230 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1237 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1238 offset = addr - block->offset;
1239 if (offset < block->length) {
1240 vaddr = block->host + offset;
1241 if (block->flags & RAM_PREALLOC_MASK) {
1245 munmap(vaddr, length);
1247 #if defined(__linux__) && !defined(TARGET_S390X)
1250 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1253 flags |= MAP_PRIVATE;
1255 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1256 flags, block->fd, offset);
1258 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1259 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1266 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1267 flags |= MAP_SHARED | MAP_ANONYMOUS;
1268 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1271 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1272 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1276 if (area != vaddr) {
1277 fprintf(stderr, "Could not remap addr: "
1278 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1282 memory_try_enable_merging(vaddr, length);
1283 qemu_ram_setup_dump(vaddr, length);
1289 #endif /* !_WIN32 */
1291 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1292 With the exception of the softmmu code in this file, this should
1293 only be used for local memory (e.g. video ram) that the device owns,
1294 and knows it isn't going to access beyond the end of the block.
1296 It should not be used for general purpose DMA.
1297 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1299 void *qemu_get_ram_ptr(ram_addr_t addr)
1303 /* The list is protected by the iothread lock here. */
1304 block = ram_list.mru_block;
1305 if (block && addr - block->offset < block->length) {
1308 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1309 if (addr - block->offset < block->length) {
1314 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1318 ram_list.mru_block = block;
1319 if (xen_enabled()) {
1320 /* We need to check if the requested address is in the RAM
1321 * because we don't want to map the entire memory in QEMU.
1322 * In that case just map until the end of the page.
1324 if (block->offset == 0) {
1325 return xen_map_cache(addr, 0, 0);
1326 } else if (block->host == NULL) {
1328 xen_map_cache(block->offset, block->length, 1);
1331 return block->host + (addr - block->offset);
1334 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1335 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1337 * ??? Is this still necessary?
1339 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1343 /* The list is protected by the iothread lock here. */
1344 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1345 if (addr - block->offset < block->length) {
1346 if (xen_enabled()) {
1347 /* We need to check if the requested address is in the RAM
1348 * because we don't want to map the entire memory in QEMU.
1349 * In that case just map until the end of the page.
1351 if (block->offset == 0) {
1352 return xen_map_cache(addr, 0, 0);
1353 } else if (block->host == NULL) {
1355 xen_map_cache(block->offset, block->length, 1);
1358 return block->host + (addr - block->offset);
1362 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1368 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1369 * but takes a size argument */
1370 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1375 if (xen_enabled()) {
1376 return xen_map_cache(addr, *size, 1);
1380 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1381 if (addr - block->offset < block->length) {
1382 if (addr - block->offset + *size > block->length)
1383 *size = block->length - addr + block->offset;
1384 return block->host + (addr - block->offset);
1388 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1393 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1396 uint8_t *host = ptr;
1398 if (xen_enabled()) {
1399 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1403 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1404 /* This case append when the block is not mapped. */
1405 if (block->host == NULL) {
1408 if (host - block->host < block->length) {
1409 *ram_addr = block->offset + (host - block->host);
1417 /* Some of the softmmu routines need to translate from a host pointer
1418 (typically a TLB entry) back to a ram offset. */
1419 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1421 ram_addr_t ram_addr;
1423 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1424 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1430 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1431 uint64_t val, unsigned size)
1434 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1435 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1436 tb_invalidate_phys_page_fast(ram_addr, size);
1437 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1441 stb_p(qemu_get_ram_ptr(ram_addr), val);
1444 stw_p(qemu_get_ram_ptr(ram_addr), val);
1447 stl_p(qemu_get_ram_ptr(ram_addr), val);
1452 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1453 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1454 /* we remove the notdirty callback only if the code has been
1456 if (dirty_flags == 0xff)
1457 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1460 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1461 unsigned size, bool is_write)
1466 static const MemoryRegionOps notdirty_mem_ops = {
1467 .write = notdirty_mem_write,
1468 .valid.accepts = notdirty_mem_accepts,
1469 .endianness = DEVICE_NATIVE_ENDIAN,
1472 /* Generate a debug exception if a watchpoint has been hit. */
1473 static void check_watchpoint(int offset, int len_mask, int flags)
1475 CPUArchState *env = cpu_single_env;
1476 target_ulong pc, cs_base;
1481 if (env->watchpoint_hit) {
1482 /* We re-entered the check after replacing the TB. Now raise
1483 * the debug interrupt so that is will trigger after the
1484 * current instruction. */
1485 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1488 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1489 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1490 if ((vaddr == (wp->vaddr & len_mask) ||
1491 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1492 wp->flags |= BP_WATCHPOINT_HIT;
1493 if (!env->watchpoint_hit) {
1494 env->watchpoint_hit = wp;
1495 tb_check_watchpoint(env);
1496 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1497 env->exception_index = EXCP_DEBUG;
1500 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1501 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1502 cpu_resume_from_signal(env, NULL);
1506 wp->flags &= ~BP_WATCHPOINT_HIT;
1511 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1512 so these check for a hit then pass through to the normal out-of-line
1514 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1517 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1519 case 1: return ldub_phys(addr);
1520 case 2: return lduw_phys(addr);
1521 case 4: return ldl_phys(addr);
1526 static void watch_mem_write(void *opaque, hwaddr addr,
1527 uint64_t val, unsigned size)
1529 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1532 stb_phys(addr, val);
1535 stw_phys(addr, val);
1538 stl_phys(addr, val);
1544 static const MemoryRegionOps watch_mem_ops = {
1545 .read = watch_mem_read,
1546 .write = watch_mem_write,
1547 .endianness = DEVICE_NATIVE_ENDIAN,
1550 static uint64_t subpage_read(void *opaque, hwaddr addr,
1553 subpage_t *subpage = opaque;
1556 #if defined(DEBUG_SUBPAGE)
1557 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1558 subpage, len, addr);
1560 address_space_read(subpage->as, addr + subpage->base, buf, len);
1573 static void subpage_write(void *opaque, hwaddr addr,
1574 uint64_t value, unsigned len)
1576 subpage_t *subpage = opaque;
1579 #if defined(DEBUG_SUBPAGE)
1580 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1581 " value %"PRIx64"\n",
1582 __func__, subpage, len, addr, value);
1597 address_space_write(subpage->as, addr + subpage->base, buf, len);
1600 static bool subpage_accepts(void *opaque, hwaddr addr,
1601 unsigned size, bool is_write)
1603 subpage_t *subpage = opaque;
1604 #if defined(DEBUG_SUBPAGE)
1605 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1606 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1609 return address_space_access_valid(subpage->as, addr + subpage->base,
1613 static const MemoryRegionOps subpage_ops = {
1614 .read = subpage_read,
1615 .write = subpage_write,
1616 .valid.accepts = subpage_accepts,
1617 .endianness = DEVICE_NATIVE_ENDIAN,
1620 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1625 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1627 idx = SUBPAGE_IDX(start);
1628 eidx = SUBPAGE_IDX(end);
1629 #if defined(DEBUG_SUBPAGE)
1630 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1631 mmio, start, end, idx, eidx, memory);
1633 for (; idx <= eidx; idx++) {
1634 mmio->sub_section[idx] = section;
1640 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1644 mmio = g_malloc0(sizeof(subpage_t));
1648 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1649 "subpage", TARGET_PAGE_SIZE);
1650 mmio->iomem.subpage = true;
1651 #if defined(DEBUG_SUBPAGE)
1652 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1653 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1655 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1660 static uint16_t dummy_section(MemoryRegion *mr)
1662 MemoryRegionSection section = {
1664 .offset_within_address_space = 0,
1665 .offset_within_region = 0,
1666 .size = int128_2_64(),
1669 return phys_section_add(§ion);
1672 MemoryRegion *iotlb_to_region(hwaddr index)
1674 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1677 static void io_mem_init(void)
1679 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1680 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1681 "unassigned", UINT64_MAX);
1682 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1683 "notdirty", UINT64_MAX);
1684 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1685 "watch", UINT64_MAX);
1688 static void mem_begin(MemoryListener *listener)
1690 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1692 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1695 static void core_begin(MemoryListener *listener)
1697 phys_sections_clear();
1698 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1699 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1700 phys_section_rom = dummy_section(&io_mem_rom);
1701 phys_section_watch = dummy_section(&io_mem_watch);
1704 static void tcg_commit(MemoryListener *listener)
1708 /* since each CPU stores ram addresses in its TLB cache, we must
1709 reset the modified entries */
1711 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1716 static void core_log_global_start(MemoryListener *listener)
1718 cpu_physical_memory_set_dirty_tracking(1);
1721 static void core_log_global_stop(MemoryListener *listener)
1723 cpu_physical_memory_set_dirty_tracking(0);
1726 static MemoryListener core_memory_listener = {
1727 .begin = core_begin,
1728 .log_global_start = core_log_global_start,
1729 .log_global_stop = core_log_global_stop,
1733 static MemoryListener tcg_memory_listener = {
1734 .commit = tcg_commit,
1737 void address_space_init_dispatch(AddressSpace *as)
1739 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1741 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1742 d->listener = (MemoryListener) {
1744 .region_add = mem_add,
1745 .region_nop = mem_add,
1750 memory_listener_register(&d->listener, as);
1753 void address_space_destroy_dispatch(AddressSpace *as)
1755 AddressSpaceDispatch *d = as->dispatch;
1757 memory_listener_unregister(&d->listener);
1759 as->dispatch = NULL;
1762 static void memory_map_init(void)
1764 system_memory = g_malloc(sizeof(*system_memory));
1765 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1766 address_space_init(&address_space_memory, system_memory, "memory");
1768 system_io = g_malloc(sizeof(*system_io));
1769 memory_region_init(system_io, NULL, "io", 65536);
1770 address_space_init(&address_space_io, system_io, "I/O");
1772 memory_listener_register(&core_memory_listener, &address_space_memory);
1773 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1776 MemoryRegion *get_system_memory(void)
1778 return system_memory;
1781 MemoryRegion *get_system_io(void)
1786 #endif /* !defined(CONFIG_USER_ONLY) */
1788 /* physical memory access (slow version, mainly for debug) */
1789 #if defined(CONFIG_USER_ONLY)
1790 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1791 uint8_t *buf, int len, int is_write)
1798 page = addr & TARGET_PAGE_MASK;
1799 l = (page + TARGET_PAGE_SIZE) - addr;
1802 flags = page_get_flags(page);
1803 if (!(flags & PAGE_VALID))
1806 if (!(flags & PAGE_WRITE))
1808 /* XXX: this code should not depend on lock_user */
1809 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1812 unlock_user(p, addr, l);
1814 if (!(flags & PAGE_READ))
1816 /* XXX: this code should not depend on lock_user */
1817 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1820 unlock_user(p, addr, 0);
1831 static void invalidate_and_set_dirty(hwaddr addr,
1834 if (!cpu_physical_memory_is_dirty(addr)) {
1835 /* invalidate code */
1836 tb_invalidate_phys_page_range(addr, addr + length, 0);
1838 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1840 xen_modified_memory(addr, length);
1843 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1845 if (memory_region_is_ram(mr)) {
1846 return !(is_write && mr->readonly);
1848 if (memory_region_is_romd(mr)) {
1855 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1857 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1860 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1866 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1867 int len, bool is_write)
1878 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1881 if (!memory_access_is_direct(mr, is_write)) {
1882 l = memory_access_size(mr, l, addr1);
1883 /* XXX: could force cpu_single_env to NULL to avoid
1886 /* 32 bit write access */
1888 error |= io_mem_write(mr, addr1, val, 4);
1889 } else if (l == 2) {
1890 /* 16 bit write access */
1892 error |= io_mem_write(mr, addr1, val, 2);
1894 /* 8 bit write access */
1896 error |= io_mem_write(mr, addr1, val, 1);
1899 addr1 += memory_region_get_ram_addr(mr);
1901 ptr = qemu_get_ram_ptr(addr1);
1902 memcpy(ptr, buf, l);
1903 invalidate_and_set_dirty(addr1, l);
1906 if (!memory_access_is_direct(mr, is_write)) {
1908 l = memory_access_size(mr, l, addr1);
1910 /* 32 bit read access */
1911 error |= io_mem_read(mr, addr1, &val, 4);
1913 } else if (l == 2) {
1914 /* 16 bit read access */
1915 error |= io_mem_read(mr, addr1, &val, 2);
1918 /* 8 bit read access */
1919 error |= io_mem_read(mr, addr1, &val, 1);
1924 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1925 memcpy(buf, ptr, l);
1936 bool address_space_write(AddressSpace *as, hwaddr addr,
1937 const uint8_t *buf, int len)
1939 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1942 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1944 return address_space_rw(as, addr, buf, len, false);
1948 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1949 int len, int is_write)
1951 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1954 /* used for ROM loading : can write in RAM and ROM */
1955 void cpu_physical_memory_write_rom(hwaddr addr,
1956 const uint8_t *buf, int len)
1965 mr = address_space_translate(&address_space_memory,
1966 addr, &addr1, &l, true);
1968 if (!(memory_region_is_ram(mr) ||
1969 memory_region_is_romd(mr))) {
1972 addr1 += memory_region_get_ram_addr(mr);
1974 ptr = qemu_get_ram_ptr(addr1);
1975 memcpy(ptr, buf, l);
1976 invalidate_and_set_dirty(addr1, l);
1990 static BounceBuffer bounce;
1992 typedef struct MapClient {
1994 void (*callback)(void *opaque);
1995 QLIST_ENTRY(MapClient) link;
1998 static QLIST_HEAD(map_client_list, MapClient) map_client_list
1999 = QLIST_HEAD_INITIALIZER(map_client_list);
2001 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2003 MapClient *client = g_malloc(sizeof(*client));
2005 client->opaque = opaque;
2006 client->callback = callback;
2007 QLIST_INSERT_HEAD(&map_client_list, client, link);
2011 static void cpu_unregister_map_client(void *_client)
2013 MapClient *client = (MapClient *)_client;
2015 QLIST_REMOVE(client, link);
2019 static void cpu_notify_map_clients(void)
2023 while (!QLIST_EMPTY(&map_client_list)) {
2024 client = QLIST_FIRST(&map_client_list);
2025 client->callback(client->opaque);
2026 cpu_unregister_map_client(client);
2030 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2037 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2038 if (!memory_access_is_direct(mr, is_write)) {
2039 l = memory_access_size(mr, l, addr);
2040 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2051 /* Map a physical memory region into a host virtual address.
2052 * May map a subset of the requested range, given by and returned in *plen.
2053 * May return NULL if resources needed to perform the mapping are exhausted.
2054 * Use only for reads OR writes - not for read-modify-write operations.
2055 * Use cpu_register_map_client() to know when retrying the map operation is
2056 * likely to succeed.
2058 void *address_space_map(AddressSpace *as,
2067 ram_addr_t raddr = RAM_ADDR_MAX;
2073 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2075 if (!memory_access_is_direct(mr, is_write)) {
2076 if (todo || bounce.buffer) {
2079 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2083 address_space_read(as, addr, bounce.buffer, l);
2087 return bounce.buffer;
2090 raddr = memory_region_get_ram_addr(mr) + xlat;
2092 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2102 ret = qemu_ram_ptr_length(raddr, &rlen);
2107 /* Unmaps a memory region previously mapped by address_space_map().
2108 * Will also mark the memory as dirty if is_write == 1. access_len gives
2109 * the amount of memory that was actually read or written by the caller.
2111 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2112 int is_write, hwaddr access_len)
2114 if (buffer != bounce.buffer) {
2116 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2117 while (access_len) {
2119 l = TARGET_PAGE_SIZE;
2122 invalidate_and_set_dirty(addr1, l);
2127 if (xen_enabled()) {
2128 xen_invalidate_map_cache_entry(buffer);
2133 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2135 qemu_vfree(bounce.buffer);
2136 bounce.buffer = NULL;
2137 cpu_notify_map_clients();
2140 void *cpu_physical_memory_map(hwaddr addr,
2144 return address_space_map(&address_space_memory, addr, plen, is_write);
2147 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2148 int is_write, hwaddr access_len)
2150 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2153 /* warning: addr must be aligned */
2154 static inline uint32_t ldl_phys_internal(hwaddr addr,
2155 enum device_endian endian)
2163 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2165 if (l < 4 || !memory_access_is_direct(mr, false)) {
2167 io_mem_read(mr, addr1, &val, 4);
2168 #if defined(TARGET_WORDS_BIGENDIAN)
2169 if (endian == DEVICE_LITTLE_ENDIAN) {
2173 if (endian == DEVICE_BIG_ENDIAN) {
2179 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2183 case DEVICE_LITTLE_ENDIAN:
2184 val = ldl_le_p(ptr);
2186 case DEVICE_BIG_ENDIAN:
2187 val = ldl_be_p(ptr);
2197 uint32_t ldl_phys(hwaddr addr)
2199 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2202 uint32_t ldl_le_phys(hwaddr addr)
2204 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2207 uint32_t ldl_be_phys(hwaddr addr)
2209 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2212 /* warning: addr must be aligned */
2213 static inline uint64_t ldq_phys_internal(hwaddr addr,
2214 enum device_endian endian)
2222 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2224 if (l < 8 || !memory_access_is_direct(mr, false)) {
2226 io_mem_read(mr, addr1, &val, 8);
2227 #if defined(TARGET_WORDS_BIGENDIAN)
2228 if (endian == DEVICE_LITTLE_ENDIAN) {
2232 if (endian == DEVICE_BIG_ENDIAN) {
2238 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2242 case DEVICE_LITTLE_ENDIAN:
2243 val = ldq_le_p(ptr);
2245 case DEVICE_BIG_ENDIAN:
2246 val = ldq_be_p(ptr);
2256 uint64_t ldq_phys(hwaddr addr)
2258 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2261 uint64_t ldq_le_phys(hwaddr addr)
2263 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2266 uint64_t ldq_be_phys(hwaddr addr)
2268 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2272 uint32_t ldub_phys(hwaddr addr)
2275 cpu_physical_memory_read(addr, &val, 1);
2279 /* warning: addr must be aligned */
2280 static inline uint32_t lduw_phys_internal(hwaddr addr,
2281 enum device_endian endian)
2289 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2291 if (l < 2 || !memory_access_is_direct(mr, false)) {
2293 io_mem_read(mr, addr1, &val, 2);
2294 #if defined(TARGET_WORDS_BIGENDIAN)
2295 if (endian == DEVICE_LITTLE_ENDIAN) {
2299 if (endian == DEVICE_BIG_ENDIAN) {
2305 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2309 case DEVICE_LITTLE_ENDIAN:
2310 val = lduw_le_p(ptr);
2312 case DEVICE_BIG_ENDIAN:
2313 val = lduw_be_p(ptr);
2323 uint32_t lduw_phys(hwaddr addr)
2325 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2328 uint32_t lduw_le_phys(hwaddr addr)
2330 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2333 uint32_t lduw_be_phys(hwaddr addr)
2335 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2338 /* warning: addr must be aligned. The ram page is not masked as dirty
2339 and the code inside is not invalidated. It is useful if the dirty
2340 bits are used to track modified PTEs */
2341 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2348 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2350 if (l < 4 || !memory_access_is_direct(mr, true)) {
2351 io_mem_write(mr, addr1, val, 4);
2353 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2354 ptr = qemu_get_ram_ptr(addr1);
2357 if (unlikely(in_migration)) {
2358 if (!cpu_physical_memory_is_dirty(addr1)) {
2359 /* invalidate code */
2360 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2362 cpu_physical_memory_set_dirty_flags(
2363 addr1, (0xff & ~CODE_DIRTY_FLAG));
2369 /* warning: addr must be aligned */
2370 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2371 enum device_endian endian)
2378 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2380 if (l < 4 || !memory_access_is_direct(mr, true)) {
2381 #if defined(TARGET_WORDS_BIGENDIAN)
2382 if (endian == DEVICE_LITTLE_ENDIAN) {
2386 if (endian == DEVICE_BIG_ENDIAN) {
2390 io_mem_write(mr, addr1, val, 4);
2393 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2394 ptr = qemu_get_ram_ptr(addr1);
2396 case DEVICE_LITTLE_ENDIAN:
2399 case DEVICE_BIG_ENDIAN:
2406 invalidate_and_set_dirty(addr1, 4);
2410 void stl_phys(hwaddr addr, uint32_t val)
2412 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2415 void stl_le_phys(hwaddr addr, uint32_t val)
2417 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2420 void stl_be_phys(hwaddr addr, uint32_t val)
2422 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2426 void stb_phys(hwaddr addr, uint32_t val)
2429 cpu_physical_memory_write(addr, &v, 1);
2432 /* warning: addr must be aligned */
2433 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2434 enum device_endian endian)
2441 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2443 if (l < 2 || !memory_access_is_direct(mr, true)) {
2444 #if defined(TARGET_WORDS_BIGENDIAN)
2445 if (endian == DEVICE_LITTLE_ENDIAN) {
2449 if (endian == DEVICE_BIG_ENDIAN) {
2453 io_mem_write(mr, addr1, val, 2);
2456 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2457 ptr = qemu_get_ram_ptr(addr1);
2459 case DEVICE_LITTLE_ENDIAN:
2462 case DEVICE_BIG_ENDIAN:
2469 invalidate_and_set_dirty(addr1, 2);
2473 void stw_phys(hwaddr addr, uint32_t val)
2475 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2478 void stw_le_phys(hwaddr addr, uint32_t val)
2480 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2483 void stw_be_phys(hwaddr addr, uint32_t val)
2485 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2489 void stq_phys(hwaddr addr, uint64_t val)
2492 cpu_physical_memory_write(addr, &val, 8);
2495 void stq_le_phys(hwaddr addr, uint64_t val)
2497 val = cpu_to_le64(val);
2498 cpu_physical_memory_write(addr, &val, 8);
2501 void stq_be_phys(hwaddr addr, uint64_t val)
2503 val = cpu_to_be64(val);
2504 cpu_physical_memory_write(addr, &val, 8);
2507 /* virtual memory access for debug (includes writing to ROM) */
2508 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2509 uint8_t *buf, int len, int is_write)
2516 page = addr & TARGET_PAGE_MASK;
2517 phys_addr = cpu_get_phys_page_debug(env, page);
2518 /* if no physical page mapped, return an error */
2519 if (phys_addr == -1)
2521 l = (page + TARGET_PAGE_SIZE) - addr;
2524 phys_addr += (addr & ~TARGET_PAGE_MASK);
2526 cpu_physical_memory_write_rom(phys_addr, buf, l);
2528 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2537 #if !defined(CONFIG_USER_ONLY)
2540 * A helper function for the _utterly broken_ virtio device model to find out if
2541 * it's running on a big endian machine. Don't do this at home kids!
2543 bool virtio_is_big_endian(void);
2544 bool virtio_is_big_endian(void)
2546 #if defined(TARGET_WORDS_BIGENDIAN)
2555 #ifndef CONFIG_USER_ONLY
2556 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2561 mr = address_space_translate(&address_space_memory,
2562 phys_addr, &phys_addr, &l, false);
2564 return !(memory_region_is_ram(mr) ||
2565 memory_region_is_romd(mr));
2568 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2572 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2573 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob