4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUState *, current_cpu);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 typedef PhysPageEntry Node[L2_SIZE];
93 struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map;
99 MemoryRegionSection *sections;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t {
108 uint16_t sub_section[TARGET_PAGE_SIZE];
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
120 unsigned nodes_nb_alloc;
122 MemoryRegionSection *sections;
125 static PhysPageMap *prev_map;
126 static PhysPageMap next_map;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
132 static void *qemu_safe_ram_ptr(ram_addr_t addr);
134 static MemoryRegion io_mem_watch;
137 #if !defined(CONFIG_USER_ONLY)
139 static void phys_map_node_reserve(unsigned nodes)
141 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
142 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
144 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
145 next_map.nodes_nb + nodes);
146 next_map.nodes = g_renew(Node, next_map.nodes,
147 next_map.nodes_nb_alloc);
151 static uint16_t phys_map_node_alloc(void)
156 ret = next_map.nodes_nb++;
157 assert(ret != PHYS_MAP_NODE_NIL);
158 assert(ret != next_map.nodes_nb_alloc);
159 for (i = 0; i < L2_SIZE; ++i) {
160 next_map.nodes[ret][i].is_leaf = 0;
161 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
166 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
167 hwaddr *nb, uint16_t leaf,
172 hwaddr step = (hwaddr)1 << (level * L2_BITS);
174 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
175 lp->ptr = phys_map_node_alloc();
176 p = next_map.nodes[lp->ptr];
178 for (i = 0; i < L2_SIZE; i++) {
180 p[i].ptr = PHYS_SECTION_UNASSIGNED;
184 p = next_map.nodes[lp->ptr];
186 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
188 while (*nb && lp < &p[L2_SIZE]) {
189 if ((*index & (step - 1)) == 0 && *nb >= step) {
195 phys_page_set_level(lp, index, nb, leaf, level - 1);
201 static void phys_page_set(AddressSpaceDispatch *d,
202 hwaddr index, hwaddr nb,
205 /* Wildly overreserve - it doesn't matter much. */
206 phys_map_node_reserve(3 * P_L2_LEVELS);
208 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
211 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
212 Node *nodes, MemoryRegionSection *sections)
217 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
218 if (lp.ptr == PHYS_MAP_NODE_NIL) {
219 return §ions[PHYS_SECTION_UNASSIGNED];
222 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
224 return §ions[lp.ptr];
227 bool memory_region_is_unassigned(MemoryRegion *mr)
229 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
230 && mr != &io_mem_watch;
233 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
235 bool resolve_subpage)
237 MemoryRegionSection *section;
240 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
241 d->nodes, d->sections);
242 if (resolve_subpage && section->mr->subpage) {
243 subpage = container_of(section->mr, subpage_t, iomem);
244 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
249 static MemoryRegionSection *
250 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
251 hwaddr *plen, bool resolve_subpage)
253 MemoryRegionSection *section;
256 section = address_space_lookup_region(d, addr, resolve_subpage);
257 /* Compute offset within MemoryRegionSection */
258 addr -= section->offset_within_address_space;
260 /* Compute offset within MemoryRegion */
261 *xlat = addr + section->offset_within_region;
263 diff = int128_sub(section->mr->size, int128_make64(addr));
264 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
268 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
269 hwaddr *xlat, hwaddr *plen,
273 MemoryRegionSection *section;
278 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
281 if (!mr->iommu_ops) {
285 iotlb = mr->iommu_ops->translate(mr, addr);
286 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
287 | (addr & iotlb.addr_mask));
288 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
289 if (!(iotlb.perm & (1 << is_write))) {
290 mr = &io_mem_unassigned;
294 as = iotlb.target_as;
302 MemoryRegionSection *
303 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
306 MemoryRegionSection *section;
307 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
309 assert(!section->mr->iommu_ops);
314 void cpu_exec_init_all(void)
316 #if !defined(CONFIG_USER_ONLY)
317 qemu_mutex_init(&ram_list.mutex);
323 #if !defined(CONFIG_USER_ONLY)
325 static int cpu_common_post_load(void *opaque, int version_id)
327 CPUState *cpu = opaque;
329 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
330 version_id is increased. */
331 cpu->interrupt_request &= ~0x01;
332 tlb_flush(cpu->env_ptr, 1);
337 const VMStateDescription vmstate_cpu_common = {
338 .name = "cpu_common",
340 .minimum_version_id = 1,
341 .minimum_version_id_old = 1,
342 .post_load = cpu_common_post_load,
343 .fields = (VMStateField []) {
344 VMSTATE_UINT32(halted, CPUState),
345 VMSTATE_UINT32(interrupt_request, CPUState),
346 VMSTATE_END_OF_LIST()
352 CPUState *qemu_get_cpu(int index)
354 CPUState *cpu = first_cpu;
357 if (cpu->cpu_index == index) {
366 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
377 void cpu_exec_init(CPUArchState *env)
379 CPUState *cpu = ENV_GET_CPU(env);
380 CPUClass *cc = CPU_GET_CLASS(cpu);
384 #if defined(CONFIG_USER_ONLY)
387 cpu->next_cpu = NULL;
390 while (*pcpu != NULL) {
391 pcpu = &(*pcpu)->next_cpu;
394 cpu->cpu_index = cpu_index;
396 QTAILQ_INIT(&env->breakpoints);
397 QTAILQ_INIT(&env->watchpoints);
398 #ifndef CONFIG_USER_ONLY
399 cpu->thread_id = qemu_get_thread_id();
402 #if defined(CONFIG_USER_ONLY)
405 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
406 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
407 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
408 cpu_save, cpu_load, env);
409 assert(cc->vmsd == NULL);
411 if (cc->vmsd != NULL) {
412 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
416 #if defined(TARGET_HAS_ICE)
417 #if defined(CONFIG_USER_ONLY)
418 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
420 tb_invalidate_phys_page_range(pc, pc + 1, 0);
423 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
425 tb_invalidate_phys_addr(cpu_get_phys_page_debug(cpu, pc) |
426 (pc & ~TARGET_PAGE_MASK));
429 #endif /* TARGET_HAS_ICE */
431 #if defined(CONFIG_USER_ONLY)
432 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
437 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
438 int flags, CPUWatchpoint **watchpoint)
443 /* Add a watchpoint. */
444 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
445 int flags, CPUWatchpoint **watchpoint)
447 target_ulong len_mask = ~(len - 1);
450 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
451 if ((len & (len - 1)) || (addr & ~len_mask) ||
452 len == 0 || len > TARGET_PAGE_SIZE) {
453 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
454 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
457 wp = g_malloc(sizeof(*wp));
460 wp->len_mask = len_mask;
463 /* keep all GDB-injected watchpoints in front */
465 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
467 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
469 tlb_flush_page(env, addr);
476 /* Remove a specific watchpoint. */
477 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
480 target_ulong len_mask = ~(len - 1);
483 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
484 if (addr == wp->vaddr && len_mask == wp->len_mask
485 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
486 cpu_watchpoint_remove_by_ref(env, wp);
493 /* Remove a specific watchpoint by reference. */
494 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
496 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
498 tlb_flush_page(env, watchpoint->vaddr);
503 /* Remove all matching watchpoints. */
504 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
506 CPUWatchpoint *wp, *next;
508 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
509 if (wp->flags & mask)
510 cpu_watchpoint_remove_by_ref(env, wp);
515 /* Add a breakpoint. */
516 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
517 CPUBreakpoint **breakpoint)
519 #if defined(TARGET_HAS_ICE)
522 bp = g_malloc(sizeof(*bp));
527 /* keep all GDB-injected breakpoints in front */
528 if (flags & BP_GDB) {
529 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
531 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
534 breakpoint_invalidate(ENV_GET_CPU(env), pc);
545 /* Remove a specific breakpoint. */
546 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
548 #if defined(TARGET_HAS_ICE)
551 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
552 if (bp->pc == pc && bp->flags == flags) {
553 cpu_breakpoint_remove_by_ref(env, bp);
563 /* Remove a specific breakpoint by reference. */
564 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
566 #if defined(TARGET_HAS_ICE)
567 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
569 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
575 /* Remove all matching breakpoints. */
576 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
578 #if defined(TARGET_HAS_ICE)
579 CPUBreakpoint *bp, *next;
581 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
582 if (bp->flags & mask)
583 cpu_breakpoint_remove_by_ref(env, bp);
588 /* enable or disable single step mode. EXCP_DEBUG is returned by the
589 CPU loop after each instruction */
590 void cpu_single_step(CPUState *cpu, int enabled)
592 #if defined(TARGET_HAS_ICE)
593 if (cpu->singlestep_enabled != enabled) {
594 cpu->singlestep_enabled = enabled;
596 kvm_update_guest_debug(cpu, 0);
598 /* must flush all the translated code to avoid inconsistencies */
599 /* XXX: only flush what is necessary */
600 CPUArchState *env = cpu->env_ptr;
607 void cpu_abort(CPUArchState *env, const char *fmt, ...)
609 CPUState *cpu = ENV_GET_CPU(env);
615 fprintf(stderr, "qemu: fatal: ");
616 vfprintf(stderr, fmt, ap);
617 fprintf(stderr, "\n");
618 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
619 if (qemu_log_enabled()) {
620 qemu_log("qemu: fatal: ");
621 qemu_log_vprintf(fmt, ap2);
623 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
629 #if defined(CONFIG_USER_ONLY)
631 struct sigaction act;
632 sigfillset(&act.sa_mask);
633 act.sa_handler = SIG_DFL;
634 sigaction(SIGABRT, &act, NULL);
640 CPUArchState *cpu_copy(CPUArchState *env)
642 CPUArchState *new_env = cpu_init(env->cpu_model_str);
643 #if defined(TARGET_HAS_ICE)
648 /* Reset non arch specific state */
649 cpu_reset(ENV_GET_CPU(new_env));
651 /* Copy arch specific state into the new CPU */
652 memcpy(new_env, env, sizeof(CPUArchState));
654 /* Clone all break/watchpoints.
655 Note: Once we support ptrace with hw-debug register access, make sure
656 BP_CPU break/watchpoints are handled correctly on clone. */
657 QTAILQ_INIT(&env->breakpoints);
658 QTAILQ_INIT(&env->watchpoints);
659 #if defined(TARGET_HAS_ICE)
660 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
661 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
663 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
664 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
672 #if !defined(CONFIG_USER_ONLY)
673 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
678 /* we modify the TLB cache so that the dirty bit will be set again
679 when accessing the range */
680 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
681 /* Check that we don't span multiple blocks - this breaks the
682 address comparisons below. */
683 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
684 != (end - 1) - start) {
687 cpu_tlb_reset_dirty_all(start1, length);
691 /* Note: start and end must be within the same ram block. */
692 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
697 start &= TARGET_PAGE_MASK;
698 end = TARGET_PAGE_ALIGN(end);
700 length = end - start;
703 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
706 tlb_reset_dirty_range_all(start, end, length);
710 static int cpu_physical_memory_set_dirty_tracking(int enable)
713 in_migration = enable;
717 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
718 MemoryRegionSection *section,
720 hwaddr paddr, hwaddr xlat,
722 target_ulong *address)
727 if (memory_region_is_ram(section->mr)) {
729 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
731 if (!section->readonly) {
732 iotlb |= PHYS_SECTION_NOTDIRTY;
734 iotlb |= PHYS_SECTION_ROM;
737 iotlb = section - address_space_memory.dispatch->sections;
741 /* Make accesses to pages with watchpoints go via the
742 watchpoint trap routines. */
743 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
744 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
745 /* Avoid trapping reads of pages with a write breakpoint. */
746 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
747 iotlb = PHYS_SECTION_WATCH + paddr;
748 *address |= TLB_MMIO;
756 #endif /* defined(CONFIG_USER_ONLY) */
758 #if !defined(CONFIG_USER_ONLY)
760 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
762 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
764 static uint16_t phys_section_add(MemoryRegionSection *section)
766 /* The physical section number is ORed with a page-aligned
767 * pointer to produce the iotlb entries. Thus it should
768 * never overflow into the page-aligned value.
770 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
772 if (next_map.sections_nb == next_map.sections_nb_alloc) {
773 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
775 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
776 next_map.sections_nb_alloc);
778 next_map.sections[next_map.sections_nb] = *section;
779 memory_region_ref(section->mr);
780 return next_map.sections_nb++;
783 static void phys_section_destroy(MemoryRegion *mr)
785 memory_region_unref(mr);
788 subpage_t *subpage = container_of(mr, subpage_t, iomem);
789 memory_region_destroy(&subpage->iomem);
794 static void phys_sections_free(PhysPageMap *map)
796 while (map->sections_nb > 0) {
797 MemoryRegionSection *section = &map->sections[--map->sections_nb];
798 phys_section_destroy(section->mr);
800 g_free(map->sections);
805 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
808 hwaddr base = section->offset_within_address_space
810 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
811 next_map.nodes, next_map.sections);
812 MemoryRegionSection subsection = {
813 .offset_within_address_space = base,
814 .size = int128_make64(TARGET_PAGE_SIZE),
818 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
820 if (!(existing->mr->subpage)) {
821 subpage = subpage_init(d->as, base);
822 subsection.mr = &subpage->iomem;
823 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
824 phys_section_add(&subsection));
826 subpage = container_of(existing->mr, subpage_t, iomem);
828 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
829 end = start + int128_get64(section->size) - 1;
830 subpage_register(subpage, start, end, phys_section_add(section));
834 static void register_multipage(AddressSpaceDispatch *d,
835 MemoryRegionSection *section)
837 hwaddr start_addr = section->offset_within_address_space;
838 uint16_t section_index = phys_section_add(section);
839 uint64_t num_pages = int128_get64(int128_rshift(section->size,
843 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
846 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
848 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
849 AddressSpaceDispatch *d = as->next_dispatch;
850 MemoryRegionSection now = *section, remain = *section;
851 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
853 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
854 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
855 - now.offset_within_address_space;
857 now.size = int128_min(int128_make64(left), now.size);
858 register_subpage(d, &now);
860 now.size = int128_zero();
862 while (int128_ne(remain.size, now.size)) {
863 remain.size = int128_sub(remain.size, now.size);
864 remain.offset_within_address_space += int128_get64(now.size);
865 remain.offset_within_region += int128_get64(now.size);
867 if (int128_lt(remain.size, page_size)) {
868 register_subpage(d, &now);
869 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
870 now.size = page_size;
871 register_subpage(d, &now);
873 now.size = int128_and(now.size, int128_neg(page_size));
874 register_multipage(d, &now);
879 void qemu_flush_coalesced_mmio_buffer(void)
882 kvm_flush_coalesced_mmio_buffer();
885 void qemu_mutex_lock_ramlist(void)
887 qemu_mutex_lock(&ram_list.mutex);
890 void qemu_mutex_unlock_ramlist(void)
892 qemu_mutex_unlock(&ram_list.mutex);
895 #if defined(__linux__) && !defined(TARGET_S390X)
899 #define HUGETLBFS_MAGIC 0x958458f6
901 static long gethugepagesize(const char *path)
907 ret = statfs(path, &fs);
908 } while (ret != 0 && errno == EINTR);
915 if (fs.f_type != HUGETLBFS_MAGIC)
916 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
921 static void *file_ram_alloc(RAMBlock *block,
926 char *sanitized_name;
933 unsigned long hpagesize;
935 hpagesize = gethugepagesize(path);
940 if (memory < hpagesize) {
944 if (kvm_enabled() && !kvm_has_sync_mmu()) {
945 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
949 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
950 sanitized_name = g_strdup(block->mr->name);
951 for (c = sanitized_name; *c != '\0'; c++) {
956 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
958 g_free(sanitized_name);
960 fd = mkstemp(filename);
962 perror("unable to create backing store for hugepages");
969 memory = (memory+hpagesize-1) & ~(hpagesize-1);
972 * ftruncate is not supported by hugetlbfs in older
973 * hosts, so don't bother bailing out on errors.
974 * If anything goes wrong with it under other filesystems,
977 if (ftruncate(fd, memory))
981 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
982 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
983 * to sidestep this quirk.
985 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
986 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
988 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
990 if (area == MAP_FAILED) {
991 perror("file_ram_alloc: can't mmap RAM pages");
1000 static ram_addr_t find_ram_offset(ram_addr_t size)
1002 RAMBlock *block, *next_block;
1003 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1005 assert(size != 0); /* it would hand out same offset multiple times */
1007 if (QTAILQ_EMPTY(&ram_list.blocks))
1010 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1011 ram_addr_t end, next = RAM_ADDR_MAX;
1013 end = block->offset + block->length;
1015 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1016 if (next_block->offset >= end) {
1017 next = MIN(next, next_block->offset);
1020 if (next - end >= size && next - end < mingap) {
1022 mingap = next - end;
1026 if (offset == RAM_ADDR_MAX) {
1027 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1035 ram_addr_t last_ram_offset(void)
1038 ram_addr_t last = 0;
1040 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1041 last = MAX(last, block->offset + block->length);
1046 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1050 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1051 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1052 "dump-guest-core", true)) {
1053 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1055 perror("qemu_madvise");
1056 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1057 "but dump_guest_core=off specified\n");
1062 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1064 RAMBlock *new_block, *block;
1067 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1068 if (block->offset == addr) {
1074 assert(!new_block->idstr[0]);
1077 char *id = qdev_get_dev_path(dev);
1079 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1083 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1085 /* This assumes the iothread lock is taken here too. */
1086 qemu_mutex_lock_ramlist();
1087 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1088 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1089 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1094 qemu_mutex_unlock_ramlist();
1097 static int memory_try_enable_merging(void *addr, size_t len)
1099 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1100 /* disabled by the user */
1104 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1107 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1110 RAMBlock *block, *new_block;
1112 size = TARGET_PAGE_ALIGN(size);
1113 new_block = g_malloc0(sizeof(*new_block));
1115 /* This assumes the iothread lock is taken here too. */
1116 qemu_mutex_lock_ramlist();
1118 new_block->offset = find_ram_offset(size);
1120 new_block->host = host;
1121 new_block->flags |= RAM_PREALLOC_MASK;
1124 #if defined (__linux__) && !defined(TARGET_S390X)
1125 new_block->host = file_ram_alloc(new_block, size, mem_path);
1126 if (!new_block->host) {
1127 new_block->host = qemu_anon_ram_alloc(size);
1128 memory_try_enable_merging(new_block->host, size);
1131 fprintf(stderr, "-mem-path option unsupported\n");
1135 if (xen_enabled()) {
1136 xen_ram_alloc(new_block->offset, size, mr);
1137 } else if (kvm_enabled()) {
1138 /* some s390/kvm configurations have special constraints */
1139 new_block->host = kvm_ram_alloc(size);
1141 new_block->host = qemu_anon_ram_alloc(size);
1143 memory_try_enable_merging(new_block->host, size);
1146 new_block->length = size;
1148 /* Keep the list sorted from biggest to smallest block. */
1149 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1150 if (block->length < new_block->length) {
1155 QTAILQ_INSERT_BEFORE(block, new_block, next);
1157 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1159 ram_list.mru_block = NULL;
1162 qemu_mutex_unlock_ramlist();
1164 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1165 last_ram_offset() >> TARGET_PAGE_BITS);
1166 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1167 0, size >> TARGET_PAGE_BITS);
1168 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1170 qemu_ram_setup_dump(new_block->host, size);
1171 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1174 kvm_setup_guest_memory(new_block->host, size);
1176 return new_block->offset;
1179 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1181 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1184 void qemu_ram_free_from_ptr(ram_addr_t addr)
1188 /* This assumes the iothread lock is taken here too. */
1189 qemu_mutex_lock_ramlist();
1190 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1191 if (addr == block->offset) {
1192 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1193 ram_list.mru_block = NULL;
1199 qemu_mutex_unlock_ramlist();
1202 void qemu_ram_free(ram_addr_t addr)
1206 /* This assumes the iothread lock is taken here too. */
1207 qemu_mutex_lock_ramlist();
1208 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1209 if (addr == block->offset) {
1210 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1211 ram_list.mru_block = NULL;
1213 if (block->flags & RAM_PREALLOC_MASK) {
1215 } else if (mem_path) {
1216 #if defined (__linux__) && !defined(TARGET_S390X)
1218 munmap(block->host, block->length);
1221 qemu_anon_ram_free(block->host, block->length);
1227 if (xen_enabled()) {
1228 xen_invalidate_map_cache_entry(block->host);
1230 qemu_anon_ram_free(block->host, block->length);
1237 qemu_mutex_unlock_ramlist();
1242 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1249 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1250 offset = addr - block->offset;
1251 if (offset < block->length) {
1252 vaddr = block->host + offset;
1253 if (block->flags & RAM_PREALLOC_MASK) {
1257 munmap(vaddr, length);
1259 #if defined(__linux__) && !defined(TARGET_S390X)
1262 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1265 flags |= MAP_PRIVATE;
1267 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1268 flags, block->fd, offset);
1270 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1271 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1278 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1279 flags |= MAP_SHARED | MAP_ANONYMOUS;
1280 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1283 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1284 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1288 if (area != vaddr) {
1289 fprintf(stderr, "Could not remap addr: "
1290 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1294 memory_try_enable_merging(vaddr, length);
1295 qemu_ram_setup_dump(vaddr, length);
1301 #endif /* !_WIN32 */
1303 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
1307 /* The list is protected by the iothread lock here. */
1308 block = ram_list.mru_block;
1309 if (block && addr - block->offset < block->length) {
1312 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1313 if (addr - block->offset < block->length) {
1318 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1322 ram_list.mru_block = block;
1326 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1327 With the exception of the softmmu code in this file, this should
1328 only be used for local memory (e.g. video ram) that the device owns,
1329 and knows it isn't going to access beyond the end of the block.
1331 It should not be used for general purpose DMA.
1332 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1334 void *qemu_get_ram_ptr(ram_addr_t addr)
1336 RAMBlock *block = qemu_get_ram_block(addr);
1338 if (xen_enabled()) {
1339 /* We need to check if the requested address is in the RAM
1340 * because we don't want to map the entire memory in QEMU.
1341 * In that case just map until the end of the page.
1343 if (block->offset == 0) {
1344 return xen_map_cache(addr, 0, 0);
1345 } else if (block->host == NULL) {
1347 xen_map_cache(block->offset, block->length, 1);
1350 return block->host + (addr - block->offset);
1353 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1354 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1356 * ??? Is this still necessary?
1358 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1362 /* The list is protected by the iothread lock here. */
1363 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1364 if (addr - block->offset < block->length) {
1365 if (xen_enabled()) {
1366 /* We need to check if the requested address is in the RAM
1367 * because we don't want to map the entire memory in QEMU.
1368 * In that case just map until the end of the page.
1370 if (block->offset == 0) {
1371 return xen_map_cache(addr, 0, 0);
1372 } else if (block->host == NULL) {
1374 xen_map_cache(block->offset, block->length, 1);
1377 return block->host + (addr - block->offset);
1381 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1387 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1388 * but takes a size argument */
1389 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1394 if (xen_enabled()) {
1395 return xen_map_cache(addr, *size, 1);
1399 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1400 if (addr - block->offset < block->length) {
1401 if (addr - block->offset + *size > block->length)
1402 *size = block->length - addr + block->offset;
1403 return block->host + (addr - block->offset);
1407 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1412 /* Some of the softmmu routines need to translate from a host pointer
1413 (typically a TLB entry) back to a ram offset. */
1414 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1417 uint8_t *host = ptr;
1419 if (xen_enabled()) {
1420 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1421 return qemu_get_ram_block(*ram_addr)->mr;
1424 block = ram_list.mru_block;
1425 if (block && block->host && host - block->host < block->length) {
1429 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1430 /* This case append when the block is not mapped. */
1431 if (block->host == NULL) {
1434 if (host - block->host < block->length) {
1442 *ram_addr = block->offset + (host - block->host);
1446 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1447 uint64_t val, unsigned size)
1450 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1451 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1452 tb_invalidate_phys_page_fast(ram_addr, size);
1453 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1457 stb_p(qemu_get_ram_ptr(ram_addr), val);
1460 stw_p(qemu_get_ram_ptr(ram_addr), val);
1463 stl_p(qemu_get_ram_ptr(ram_addr), val);
1468 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1469 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1470 /* we remove the notdirty callback only if the code has been
1472 if (dirty_flags == 0xff) {
1473 CPUArchState *env = current_cpu->env_ptr;
1474 tlb_set_dirty(env, env->mem_io_vaddr);
1478 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1479 unsigned size, bool is_write)
1484 static const MemoryRegionOps notdirty_mem_ops = {
1485 .write = notdirty_mem_write,
1486 .valid.accepts = notdirty_mem_accepts,
1487 .endianness = DEVICE_NATIVE_ENDIAN,
1490 /* Generate a debug exception if a watchpoint has been hit. */
1491 static void check_watchpoint(int offset, int len_mask, int flags)
1493 CPUArchState *env = current_cpu->env_ptr;
1494 target_ulong pc, cs_base;
1499 if (env->watchpoint_hit) {
1500 /* We re-entered the check after replacing the TB. Now raise
1501 * the debug interrupt so that is will trigger after the
1502 * current instruction. */
1503 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1506 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1507 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1508 if ((vaddr == (wp->vaddr & len_mask) ||
1509 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1510 wp->flags |= BP_WATCHPOINT_HIT;
1511 if (!env->watchpoint_hit) {
1512 env->watchpoint_hit = wp;
1513 tb_check_watchpoint(env);
1514 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1515 env->exception_index = EXCP_DEBUG;
1518 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1519 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1520 cpu_resume_from_signal(env, NULL);
1524 wp->flags &= ~BP_WATCHPOINT_HIT;
1529 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1530 so these check for a hit then pass through to the normal out-of-line
1532 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1535 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1537 case 1: return ldub_phys(addr);
1538 case 2: return lduw_phys(addr);
1539 case 4: return ldl_phys(addr);
1544 static void watch_mem_write(void *opaque, hwaddr addr,
1545 uint64_t val, unsigned size)
1547 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1550 stb_phys(addr, val);
1553 stw_phys(addr, val);
1556 stl_phys(addr, val);
1562 static const MemoryRegionOps watch_mem_ops = {
1563 .read = watch_mem_read,
1564 .write = watch_mem_write,
1565 .endianness = DEVICE_NATIVE_ENDIAN,
1568 static uint64_t subpage_read(void *opaque, hwaddr addr,
1571 subpage_t *subpage = opaque;
1574 #if defined(DEBUG_SUBPAGE)
1575 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1576 subpage, len, addr);
1578 address_space_read(subpage->as, addr + subpage->base, buf, len);
1591 static void subpage_write(void *opaque, hwaddr addr,
1592 uint64_t value, unsigned len)
1594 subpage_t *subpage = opaque;
1597 #if defined(DEBUG_SUBPAGE)
1598 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1599 " value %"PRIx64"\n",
1600 __func__, subpage, len, addr, value);
1615 address_space_write(subpage->as, addr + subpage->base, buf, len);
1618 static bool subpage_accepts(void *opaque, hwaddr addr,
1619 unsigned size, bool is_write)
1621 subpage_t *subpage = opaque;
1622 #if defined(DEBUG_SUBPAGE)
1623 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1624 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1627 return address_space_access_valid(subpage->as, addr + subpage->base,
1631 static const MemoryRegionOps subpage_ops = {
1632 .read = subpage_read,
1633 .write = subpage_write,
1634 .valid.accepts = subpage_accepts,
1635 .endianness = DEVICE_NATIVE_ENDIAN,
1638 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1643 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1645 idx = SUBPAGE_IDX(start);
1646 eidx = SUBPAGE_IDX(end);
1647 #if defined(DEBUG_SUBPAGE)
1648 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1649 mmio, start, end, idx, eidx, memory);
1651 for (; idx <= eidx; idx++) {
1652 mmio->sub_section[idx] = section;
1658 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1662 mmio = g_malloc0(sizeof(subpage_t));
1666 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1667 "subpage", TARGET_PAGE_SIZE);
1668 mmio->iomem.subpage = true;
1669 #if defined(DEBUG_SUBPAGE)
1670 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1671 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1673 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1678 static uint16_t dummy_section(MemoryRegion *mr)
1680 MemoryRegionSection section = {
1682 .offset_within_address_space = 0,
1683 .offset_within_region = 0,
1684 .size = int128_2_64(),
1687 return phys_section_add(§ion);
1690 MemoryRegion *iotlb_to_region(hwaddr index)
1692 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1695 static void io_mem_init(void)
1697 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1698 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1699 "unassigned", UINT64_MAX);
1700 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1701 "notdirty", UINT64_MAX);
1702 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1703 "watch", UINT64_MAX);
1706 static void mem_begin(MemoryListener *listener)
1708 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1709 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1711 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1713 as->next_dispatch = d;
1716 static void mem_commit(MemoryListener *listener)
1718 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1719 AddressSpaceDispatch *cur = as->dispatch;
1720 AddressSpaceDispatch *next = as->next_dispatch;
1722 next->nodes = next_map.nodes;
1723 next->sections = next_map.sections;
1725 as->dispatch = next;
1729 static void core_begin(MemoryListener *listener)
1733 prev_map = g_new(PhysPageMap, 1);
1734 *prev_map = next_map;
1736 memset(&next_map, 0, sizeof(next_map));
1737 n = dummy_section(&io_mem_unassigned);
1738 assert(n == PHYS_SECTION_UNASSIGNED);
1739 n = dummy_section(&io_mem_notdirty);
1740 assert(n == PHYS_SECTION_NOTDIRTY);
1741 n = dummy_section(&io_mem_rom);
1742 assert(n == PHYS_SECTION_ROM);
1743 n = dummy_section(&io_mem_watch);
1744 assert(n == PHYS_SECTION_WATCH);
1747 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1748 * All AddressSpaceDispatch instances have switched to the next map.
1750 static void core_commit(MemoryListener *listener)
1752 phys_sections_free(prev_map);
1755 static void tcg_commit(MemoryListener *listener)
1759 /* since each CPU stores ram addresses in its TLB cache, we must
1760 reset the modified entries */
1762 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1763 CPUArchState *env = cpu->env_ptr;
1769 static void core_log_global_start(MemoryListener *listener)
1771 cpu_physical_memory_set_dirty_tracking(1);
1774 static void core_log_global_stop(MemoryListener *listener)
1776 cpu_physical_memory_set_dirty_tracking(0);
1779 static MemoryListener core_memory_listener = {
1780 .begin = core_begin,
1781 .commit = core_commit,
1782 .log_global_start = core_log_global_start,
1783 .log_global_stop = core_log_global_stop,
1787 static MemoryListener tcg_memory_listener = {
1788 .commit = tcg_commit,
1791 void address_space_init_dispatch(AddressSpace *as)
1793 as->dispatch = NULL;
1794 as->dispatch_listener = (MemoryListener) {
1796 .commit = mem_commit,
1797 .region_add = mem_add,
1798 .region_nop = mem_add,
1801 memory_listener_register(&as->dispatch_listener, as);
1804 void address_space_destroy_dispatch(AddressSpace *as)
1806 AddressSpaceDispatch *d = as->dispatch;
1808 memory_listener_unregister(&as->dispatch_listener);
1810 as->dispatch = NULL;
1813 static void memory_map_init(void)
1815 system_memory = g_malloc(sizeof(*system_memory));
1816 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1817 address_space_init(&address_space_memory, system_memory, "memory");
1819 system_io = g_malloc(sizeof(*system_io));
1820 memory_region_init(system_io, NULL, "io", 65536);
1821 address_space_init(&address_space_io, system_io, "I/O");
1823 memory_listener_register(&core_memory_listener, &address_space_memory);
1824 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1827 MemoryRegion *get_system_memory(void)
1829 return system_memory;
1832 MemoryRegion *get_system_io(void)
1837 #endif /* !defined(CONFIG_USER_ONLY) */
1839 /* physical memory access (slow version, mainly for debug) */
1840 #if defined(CONFIG_USER_ONLY)
1841 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1842 uint8_t *buf, int len, int is_write)
1849 page = addr & TARGET_PAGE_MASK;
1850 l = (page + TARGET_PAGE_SIZE) - addr;
1853 flags = page_get_flags(page);
1854 if (!(flags & PAGE_VALID))
1857 if (!(flags & PAGE_WRITE))
1859 /* XXX: this code should not depend on lock_user */
1860 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1863 unlock_user(p, addr, l);
1865 if (!(flags & PAGE_READ))
1867 /* XXX: this code should not depend on lock_user */
1868 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1871 unlock_user(p, addr, 0);
1882 static void invalidate_and_set_dirty(hwaddr addr,
1885 if (!cpu_physical_memory_is_dirty(addr)) {
1886 /* invalidate code */
1887 tb_invalidate_phys_page_range(addr, addr + length, 0);
1889 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1891 xen_modified_memory(addr, length);
1894 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1896 if (memory_region_is_ram(mr)) {
1897 return !(is_write && mr->readonly);
1899 if (memory_region_is_romd(mr)) {
1906 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1908 unsigned access_size_max = mr->ops->valid.max_access_size;
1910 /* Regions are assumed to support 1-4 byte accesses unless
1911 otherwise specified. */
1912 if (access_size_max == 0) {
1913 access_size_max = 4;
1916 /* Bound the maximum access by the alignment of the address. */
1917 if (!mr->ops->impl.unaligned) {
1918 unsigned align_size_max = addr & -addr;
1919 if (align_size_max != 0 && align_size_max < access_size_max) {
1920 access_size_max = align_size_max;
1924 /* Don't attempt accesses larger than the maximum. */
1925 if (l > access_size_max) {
1926 l = access_size_max;
1932 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1933 int len, bool is_write)
1944 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1947 if (!memory_access_is_direct(mr, is_write)) {
1948 l = memory_access_size(mr, l, addr1);
1949 /* XXX: could force current_cpu to NULL to avoid
1953 /* 64 bit write access */
1955 error |= io_mem_write(mr, addr1, val, 8);
1958 /* 32 bit write access */
1960 error |= io_mem_write(mr, addr1, val, 4);
1963 /* 16 bit write access */
1965 error |= io_mem_write(mr, addr1, val, 2);
1968 /* 8 bit write access */
1970 error |= io_mem_write(mr, addr1, val, 1);
1976 addr1 += memory_region_get_ram_addr(mr);
1978 ptr = qemu_get_ram_ptr(addr1);
1979 memcpy(ptr, buf, l);
1980 invalidate_and_set_dirty(addr1, l);
1983 if (!memory_access_is_direct(mr, is_write)) {
1985 l = memory_access_size(mr, l, addr1);
1988 /* 64 bit read access */
1989 error |= io_mem_read(mr, addr1, &val, 8);
1993 /* 32 bit read access */
1994 error |= io_mem_read(mr, addr1, &val, 4);
1998 /* 16 bit read access */
1999 error |= io_mem_read(mr, addr1, &val, 2);
2003 /* 8 bit read access */
2004 error |= io_mem_read(mr, addr1, &val, 1);
2012 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2013 memcpy(buf, ptr, l);
2024 bool address_space_write(AddressSpace *as, hwaddr addr,
2025 const uint8_t *buf, int len)
2027 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2030 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2032 return address_space_rw(as, addr, buf, len, false);
2036 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2037 int len, int is_write)
2039 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2042 /* used for ROM loading : can write in RAM and ROM */
2043 void cpu_physical_memory_write_rom(hwaddr addr,
2044 const uint8_t *buf, int len)
2053 mr = address_space_translate(&address_space_memory,
2054 addr, &addr1, &l, true);
2056 if (!(memory_region_is_ram(mr) ||
2057 memory_region_is_romd(mr))) {
2060 addr1 += memory_region_get_ram_addr(mr);
2062 ptr = qemu_get_ram_ptr(addr1);
2063 memcpy(ptr, buf, l);
2064 invalidate_and_set_dirty(addr1, l);
2079 static BounceBuffer bounce;
2081 typedef struct MapClient {
2083 void (*callback)(void *opaque);
2084 QLIST_ENTRY(MapClient) link;
2087 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2088 = QLIST_HEAD_INITIALIZER(map_client_list);
2090 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2092 MapClient *client = g_malloc(sizeof(*client));
2094 client->opaque = opaque;
2095 client->callback = callback;
2096 QLIST_INSERT_HEAD(&map_client_list, client, link);
2100 static void cpu_unregister_map_client(void *_client)
2102 MapClient *client = (MapClient *)_client;
2104 QLIST_REMOVE(client, link);
2108 static void cpu_notify_map_clients(void)
2112 while (!QLIST_EMPTY(&map_client_list)) {
2113 client = QLIST_FIRST(&map_client_list);
2114 client->callback(client->opaque);
2115 cpu_unregister_map_client(client);
2119 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2126 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2127 if (!memory_access_is_direct(mr, is_write)) {
2128 l = memory_access_size(mr, l, addr);
2129 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2140 /* Map a physical memory region into a host virtual address.
2141 * May map a subset of the requested range, given by and returned in *plen.
2142 * May return NULL if resources needed to perform the mapping are exhausted.
2143 * Use only for reads OR writes - not for read-modify-write operations.
2144 * Use cpu_register_map_client() to know when retrying the map operation is
2145 * likely to succeed.
2147 void *address_space_map(AddressSpace *as,
2154 hwaddr l, xlat, base;
2155 MemoryRegion *mr, *this_mr;
2163 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2164 if (!memory_access_is_direct(mr, is_write)) {
2165 if (bounce.buffer) {
2168 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2172 memory_region_ref(mr);
2175 address_space_read(as, addr, bounce.buffer, l);
2179 return bounce.buffer;
2183 raddr = memory_region_get_ram_addr(mr);
2194 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2195 if (this_mr != mr || xlat != base + done) {
2200 memory_region_ref(mr);
2202 return qemu_ram_ptr_length(raddr + base, plen);
2205 /* Unmaps a memory region previously mapped by address_space_map().
2206 * Will also mark the memory as dirty if is_write == 1. access_len gives
2207 * the amount of memory that was actually read or written by the caller.
2209 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2210 int is_write, hwaddr access_len)
2212 if (buffer != bounce.buffer) {
2216 mr = qemu_ram_addr_from_host(buffer, &addr1);
2219 while (access_len) {
2221 l = TARGET_PAGE_SIZE;
2224 invalidate_and_set_dirty(addr1, l);
2229 if (xen_enabled()) {
2230 xen_invalidate_map_cache_entry(buffer);
2232 memory_region_unref(mr);
2236 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2238 qemu_vfree(bounce.buffer);
2239 bounce.buffer = NULL;
2240 memory_region_unref(bounce.mr);
2241 cpu_notify_map_clients();
2244 void *cpu_physical_memory_map(hwaddr addr,
2248 return address_space_map(&address_space_memory, addr, plen, is_write);
2251 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2252 int is_write, hwaddr access_len)
2254 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2257 /* warning: addr must be aligned */
2258 static inline uint32_t ldl_phys_internal(hwaddr addr,
2259 enum device_endian endian)
2267 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2269 if (l < 4 || !memory_access_is_direct(mr, false)) {
2271 io_mem_read(mr, addr1, &val, 4);
2272 #if defined(TARGET_WORDS_BIGENDIAN)
2273 if (endian == DEVICE_LITTLE_ENDIAN) {
2277 if (endian == DEVICE_BIG_ENDIAN) {
2283 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2287 case DEVICE_LITTLE_ENDIAN:
2288 val = ldl_le_p(ptr);
2290 case DEVICE_BIG_ENDIAN:
2291 val = ldl_be_p(ptr);
2301 uint32_t ldl_phys(hwaddr addr)
2303 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2306 uint32_t ldl_le_phys(hwaddr addr)
2308 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2311 uint32_t ldl_be_phys(hwaddr addr)
2313 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2316 /* warning: addr must be aligned */
2317 static inline uint64_t ldq_phys_internal(hwaddr addr,
2318 enum device_endian endian)
2326 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2328 if (l < 8 || !memory_access_is_direct(mr, false)) {
2330 io_mem_read(mr, addr1, &val, 8);
2331 #if defined(TARGET_WORDS_BIGENDIAN)
2332 if (endian == DEVICE_LITTLE_ENDIAN) {
2336 if (endian == DEVICE_BIG_ENDIAN) {
2342 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2346 case DEVICE_LITTLE_ENDIAN:
2347 val = ldq_le_p(ptr);
2349 case DEVICE_BIG_ENDIAN:
2350 val = ldq_be_p(ptr);
2360 uint64_t ldq_phys(hwaddr addr)
2362 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2365 uint64_t ldq_le_phys(hwaddr addr)
2367 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2370 uint64_t ldq_be_phys(hwaddr addr)
2372 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2376 uint32_t ldub_phys(hwaddr addr)
2379 cpu_physical_memory_read(addr, &val, 1);
2383 /* warning: addr must be aligned */
2384 static inline uint32_t lduw_phys_internal(hwaddr addr,
2385 enum device_endian endian)
2393 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2395 if (l < 2 || !memory_access_is_direct(mr, false)) {
2397 io_mem_read(mr, addr1, &val, 2);
2398 #if defined(TARGET_WORDS_BIGENDIAN)
2399 if (endian == DEVICE_LITTLE_ENDIAN) {
2403 if (endian == DEVICE_BIG_ENDIAN) {
2409 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2413 case DEVICE_LITTLE_ENDIAN:
2414 val = lduw_le_p(ptr);
2416 case DEVICE_BIG_ENDIAN:
2417 val = lduw_be_p(ptr);
2427 uint32_t lduw_phys(hwaddr addr)
2429 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2432 uint32_t lduw_le_phys(hwaddr addr)
2434 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2437 uint32_t lduw_be_phys(hwaddr addr)
2439 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2442 /* warning: addr must be aligned. The ram page is not masked as dirty
2443 and the code inside is not invalidated. It is useful if the dirty
2444 bits are used to track modified PTEs */
2445 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2452 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2454 if (l < 4 || !memory_access_is_direct(mr, true)) {
2455 io_mem_write(mr, addr1, val, 4);
2457 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2458 ptr = qemu_get_ram_ptr(addr1);
2461 if (unlikely(in_migration)) {
2462 if (!cpu_physical_memory_is_dirty(addr1)) {
2463 /* invalidate code */
2464 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2466 cpu_physical_memory_set_dirty_flags(
2467 addr1, (0xff & ~CODE_DIRTY_FLAG));
2473 /* warning: addr must be aligned */
2474 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2475 enum device_endian endian)
2482 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2484 if (l < 4 || !memory_access_is_direct(mr, true)) {
2485 #if defined(TARGET_WORDS_BIGENDIAN)
2486 if (endian == DEVICE_LITTLE_ENDIAN) {
2490 if (endian == DEVICE_BIG_ENDIAN) {
2494 io_mem_write(mr, addr1, val, 4);
2497 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2498 ptr = qemu_get_ram_ptr(addr1);
2500 case DEVICE_LITTLE_ENDIAN:
2503 case DEVICE_BIG_ENDIAN:
2510 invalidate_and_set_dirty(addr1, 4);
2514 void stl_phys(hwaddr addr, uint32_t val)
2516 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2519 void stl_le_phys(hwaddr addr, uint32_t val)
2521 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2524 void stl_be_phys(hwaddr addr, uint32_t val)
2526 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2530 void stb_phys(hwaddr addr, uint32_t val)
2533 cpu_physical_memory_write(addr, &v, 1);
2536 /* warning: addr must be aligned */
2537 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2538 enum device_endian endian)
2545 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2547 if (l < 2 || !memory_access_is_direct(mr, true)) {
2548 #if defined(TARGET_WORDS_BIGENDIAN)
2549 if (endian == DEVICE_LITTLE_ENDIAN) {
2553 if (endian == DEVICE_BIG_ENDIAN) {
2557 io_mem_write(mr, addr1, val, 2);
2560 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2561 ptr = qemu_get_ram_ptr(addr1);
2563 case DEVICE_LITTLE_ENDIAN:
2566 case DEVICE_BIG_ENDIAN:
2573 invalidate_and_set_dirty(addr1, 2);
2577 void stw_phys(hwaddr addr, uint32_t val)
2579 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2582 void stw_le_phys(hwaddr addr, uint32_t val)
2584 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2587 void stw_be_phys(hwaddr addr, uint32_t val)
2589 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2593 void stq_phys(hwaddr addr, uint64_t val)
2596 cpu_physical_memory_write(addr, &val, 8);
2599 void stq_le_phys(hwaddr addr, uint64_t val)
2601 val = cpu_to_le64(val);
2602 cpu_physical_memory_write(addr, &val, 8);
2605 void stq_be_phys(hwaddr addr, uint64_t val)
2607 val = cpu_to_be64(val);
2608 cpu_physical_memory_write(addr, &val, 8);
2611 /* virtual memory access for debug (includes writing to ROM) */
2612 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2613 uint8_t *buf, int len, int is_write)
2620 page = addr & TARGET_PAGE_MASK;
2621 phys_addr = cpu_get_phys_page_debug(cpu, page);
2622 /* if no physical page mapped, return an error */
2623 if (phys_addr == -1)
2625 l = (page + TARGET_PAGE_SIZE) - addr;
2628 phys_addr += (addr & ~TARGET_PAGE_MASK);
2630 cpu_physical_memory_write_rom(phys_addr, buf, l);
2632 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2641 #if !defined(CONFIG_USER_ONLY)
2644 * A helper function for the _utterly broken_ virtio device model to find out if
2645 * it's running on a big endian machine. Don't do this at home kids!
2647 bool virtio_is_big_endian(void);
2648 bool virtio_is_big_endian(void)
2650 #if defined(TARGET_WORDS_BIGENDIAN)
2659 #ifndef CONFIG_USER_ONLY
2660 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2665 mr = address_space_translate(&address_space_memory,
2666 phys_addr, &phys_addr, &l, false);
2668 return !(memory_region_is_ram(mr) ||
2669 memory_region_is_romd(mr));
2672 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2676 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2677 func(block->host, block->offset, block->length, opaque);
projects / sdk / emulator / qemu.git / blob