4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
72 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUState *, current_cpu);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 typedef PhysPageEntry Node[L2_SIZE];
93 struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map;
99 MemoryRegionSection *sections;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t {
108 uint16_t sub_section[TARGET_PAGE_SIZE];
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
120 unsigned nodes_nb_alloc;
122 MemoryRegionSection *sections;
125 static PhysPageMap *prev_map;
126 static PhysPageMap next_map;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
133 static MemoryRegion io_mem_watch;
136 #if !defined(CONFIG_USER_ONLY)
138 static void phys_map_node_reserve(unsigned nodes)
140 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
141 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
143 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
144 next_map.nodes_nb + nodes);
145 next_map.nodes = g_renew(Node, next_map.nodes,
146 next_map.nodes_nb_alloc);
150 static uint16_t phys_map_node_alloc(void)
155 ret = next_map.nodes_nb++;
156 assert(ret != PHYS_MAP_NODE_NIL);
157 assert(ret != next_map.nodes_nb_alloc);
158 for (i = 0; i < L2_SIZE; ++i) {
159 next_map.nodes[ret][i].is_leaf = 0;
160 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
165 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
166 hwaddr *nb, uint16_t leaf,
171 hwaddr step = (hwaddr)1 << (level * L2_BITS);
173 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
174 lp->ptr = phys_map_node_alloc();
175 p = next_map.nodes[lp->ptr];
177 for (i = 0; i < L2_SIZE; i++) {
179 p[i].ptr = PHYS_SECTION_UNASSIGNED;
183 p = next_map.nodes[lp->ptr];
185 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
187 while (*nb && lp < &p[L2_SIZE]) {
188 if ((*index & (step - 1)) == 0 && *nb >= step) {
194 phys_page_set_level(lp, index, nb, leaf, level - 1);
200 static void phys_page_set(AddressSpaceDispatch *d,
201 hwaddr index, hwaddr nb,
204 /* Wildly overreserve - it doesn't matter much. */
205 phys_map_node_reserve(3 * P_L2_LEVELS);
207 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
210 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
211 Node *nodes, MemoryRegionSection *sections)
216 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
217 if (lp.ptr == PHYS_MAP_NODE_NIL) {
218 return §ions[PHYS_SECTION_UNASSIGNED];
221 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
223 return §ions[lp.ptr];
226 bool memory_region_is_unassigned(MemoryRegion *mr)
228 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
229 && mr != &io_mem_watch;
232 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
234 bool resolve_subpage)
236 MemoryRegionSection *section;
239 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
240 d->nodes, d->sections);
241 if (resolve_subpage && section->mr->subpage) {
242 subpage = container_of(section->mr, subpage_t, iomem);
243 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
248 static MemoryRegionSection *
249 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
250 hwaddr *plen, bool resolve_subpage)
252 MemoryRegionSection *section;
255 section = address_space_lookup_region(d, addr, resolve_subpage);
256 /* Compute offset within MemoryRegionSection */
257 addr -= section->offset_within_address_space;
259 /* Compute offset within MemoryRegion */
260 *xlat = addr + section->offset_within_region;
262 diff = int128_sub(section->mr->size, int128_make64(addr));
263 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
267 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
268 hwaddr *xlat, hwaddr *plen,
272 MemoryRegionSection *section;
277 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
280 if (!mr->iommu_ops) {
284 iotlb = mr->iommu_ops->translate(mr, addr);
285 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
286 | (addr & iotlb.addr_mask));
287 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
288 if (!(iotlb.perm & (1 << is_write))) {
289 mr = &io_mem_unassigned;
293 as = iotlb.target_as;
301 MemoryRegionSection *
302 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
305 MemoryRegionSection *section;
306 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
308 assert(!section->mr->iommu_ops);
313 void cpu_exec_init_all(void)
315 #if !defined(CONFIG_USER_ONLY)
316 qemu_mutex_init(&ram_list.mutex);
322 #if !defined(CONFIG_USER_ONLY)
324 static int cpu_common_post_load(void *opaque, int version_id)
326 CPUState *cpu = opaque;
328 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
329 version_id is increased. */
330 cpu->interrupt_request &= ~0x01;
331 tlb_flush(cpu->env_ptr, 1);
336 const VMStateDescription vmstate_cpu_common = {
337 .name = "cpu_common",
339 .minimum_version_id = 1,
340 .minimum_version_id_old = 1,
341 .post_load = cpu_common_post_load,
342 .fields = (VMStateField []) {
343 VMSTATE_UINT32(halted, CPUState),
344 VMSTATE_UINT32(interrupt_request, CPUState),
345 VMSTATE_END_OF_LIST()
351 CPUState *qemu_get_cpu(int index)
356 if (cpu->cpu_index == index) {
364 void cpu_exec_init(CPUArchState *env)
366 CPUState *cpu = ENV_GET_CPU(env);
367 CPUClass *cc = CPU_GET_CLASS(cpu);
371 #if defined(CONFIG_USER_ONLY)
375 CPU_FOREACH(some_cpu) {
378 cpu->cpu_index = cpu_index;
380 QTAILQ_INIT(&env->breakpoints);
381 QTAILQ_INIT(&env->watchpoints);
382 #ifndef CONFIG_USER_ONLY
383 cpu->thread_id = qemu_get_thread_id();
385 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
386 #if defined(CONFIG_USER_ONLY)
389 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
390 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
392 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
393 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
394 cpu_save, cpu_load, env);
395 assert(cc->vmsd == NULL);
396 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
398 if (cc->vmsd != NULL) {
399 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
403 #if defined(TARGET_HAS_ICE)
404 #if defined(CONFIG_USER_ONLY)
405 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
407 tb_invalidate_phys_page_range(pc, pc + 1, 0);
410 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
412 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
414 tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
418 #endif /* TARGET_HAS_ICE */
420 #if defined(CONFIG_USER_ONLY)
421 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
426 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
427 int flags, CPUWatchpoint **watchpoint)
432 /* Add a watchpoint. */
433 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
434 int flags, CPUWatchpoint **watchpoint)
436 target_ulong len_mask = ~(len - 1);
439 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
440 if ((len & (len - 1)) || (addr & ~len_mask) ||
441 len == 0 || len > TARGET_PAGE_SIZE) {
442 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
443 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
446 wp = g_malloc(sizeof(*wp));
449 wp->len_mask = len_mask;
452 /* keep all GDB-injected watchpoints in front */
454 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
456 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
458 tlb_flush_page(env, addr);
465 /* Remove a specific watchpoint. */
466 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
469 target_ulong len_mask = ~(len - 1);
472 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
473 if (addr == wp->vaddr && len_mask == wp->len_mask
474 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
475 cpu_watchpoint_remove_by_ref(env, wp);
482 /* Remove a specific watchpoint by reference. */
483 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
485 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
487 tlb_flush_page(env, watchpoint->vaddr);
492 /* Remove all matching watchpoints. */
493 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
495 CPUWatchpoint *wp, *next;
497 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
498 if (wp->flags & mask)
499 cpu_watchpoint_remove_by_ref(env, wp);
504 /* Add a breakpoint. */
505 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
506 CPUBreakpoint **breakpoint)
508 #if defined(TARGET_HAS_ICE)
511 bp = g_malloc(sizeof(*bp));
516 /* keep all GDB-injected breakpoints in front */
517 if (flags & BP_GDB) {
518 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
520 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
523 breakpoint_invalidate(ENV_GET_CPU(env), pc);
534 /* Remove a specific breakpoint. */
535 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
537 #if defined(TARGET_HAS_ICE)
540 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
541 if (bp->pc == pc && bp->flags == flags) {
542 cpu_breakpoint_remove_by_ref(env, bp);
552 /* Remove a specific breakpoint by reference. */
553 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
555 #if defined(TARGET_HAS_ICE)
556 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
558 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
564 /* Remove all matching breakpoints. */
565 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
567 #if defined(TARGET_HAS_ICE)
568 CPUBreakpoint *bp, *next;
570 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
571 if (bp->flags & mask)
572 cpu_breakpoint_remove_by_ref(env, bp);
577 /* enable or disable single step mode. EXCP_DEBUG is returned by the
578 CPU loop after each instruction */
579 void cpu_single_step(CPUState *cpu, int enabled)
581 #if defined(TARGET_HAS_ICE)
582 if (cpu->singlestep_enabled != enabled) {
583 cpu->singlestep_enabled = enabled;
585 kvm_update_guest_debug(cpu, 0);
587 /* must flush all the translated code to avoid inconsistencies */
588 /* XXX: only flush what is necessary */
589 CPUArchState *env = cpu->env_ptr;
596 void cpu_abort(CPUArchState *env, const char *fmt, ...)
598 CPUState *cpu = ENV_GET_CPU(env);
604 fprintf(stderr, "qemu: fatal: ");
605 vfprintf(stderr, fmt, ap);
606 fprintf(stderr, "\n");
607 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
608 if (qemu_log_enabled()) {
609 qemu_log("qemu: fatal: ");
610 qemu_log_vprintf(fmt, ap2);
612 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
618 #if defined(CONFIG_USER_ONLY)
620 struct sigaction act;
621 sigfillset(&act.sa_mask);
622 act.sa_handler = SIG_DFL;
623 sigaction(SIGABRT, &act, NULL);
629 #if !defined(CONFIG_USER_ONLY)
630 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
634 /* The list is protected by the iothread lock here. */
635 block = ram_list.mru_block;
636 if (block && addr - block->offset < block->length) {
639 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
640 if (addr - block->offset < block->length) {
645 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
649 ram_list.mru_block = block;
653 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
659 block = qemu_get_ram_block(start);
660 assert(block == qemu_get_ram_block(end - 1));
661 start1 = (uintptr_t)block->host + (start - block->offset);
662 cpu_tlb_reset_dirty_all(start1, length);
665 /* Note: start and end must be within the same ram block. */
666 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
671 start &= TARGET_PAGE_MASK;
672 end = TARGET_PAGE_ALIGN(end);
674 length = end - start;
677 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
680 tlb_reset_dirty_range_all(start, end, length);
684 static int cpu_physical_memory_set_dirty_tracking(int enable)
687 in_migration = enable;
691 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
692 MemoryRegionSection *section,
694 hwaddr paddr, hwaddr xlat,
696 target_ulong *address)
701 if (memory_region_is_ram(section->mr)) {
703 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
705 if (!section->readonly) {
706 iotlb |= PHYS_SECTION_NOTDIRTY;
708 iotlb |= PHYS_SECTION_ROM;
711 iotlb = section - address_space_memory.dispatch->sections;
715 /* Make accesses to pages with watchpoints go via the
716 watchpoint trap routines. */
717 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
718 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
719 /* Avoid trapping reads of pages with a write breakpoint. */
720 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
721 iotlb = PHYS_SECTION_WATCH + paddr;
722 *address |= TLB_MMIO;
730 #endif /* defined(CONFIG_USER_ONLY) */
732 #if !defined(CONFIG_USER_ONLY)
734 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
736 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
738 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
741 * Set a custom physical guest memory alloator.
742 * Accelerators with unusual needs may need this. Hopefully, we can
743 * get rid of it eventually.
745 void phys_mem_set_alloc(void *(*alloc)(size_t))
747 phys_mem_alloc = alloc;
750 static uint16_t phys_section_add(MemoryRegionSection *section)
752 /* The physical section number is ORed with a page-aligned
753 * pointer to produce the iotlb entries. Thus it should
754 * never overflow into the page-aligned value.
756 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
758 if (next_map.sections_nb == next_map.sections_nb_alloc) {
759 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
761 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
762 next_map.sections_nb_alloc);
764 next_map.sections[next_map.sections_nb] = *section;
765 memory_region_ref(section->mr);
766 return next_map.sections_nb++;
769 static void phys_section_destroy(MemoryRegion *mr)
771 memory_region_unref(mr);
774 subpage_t *subpage = container_of(mr, subpage_t, iomem);
775 memory_region_destroy(&subpage->iomem);
780 static void phys_sections_free(PhysPageMap *map)
782 while (map->sections_nb > 0) {
783 MemoryRegionSection *section = &map->sections[--map->sections_nb];
784 phys_section_destroy(section->mr);
786 g_free(map->sections);
791 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
794 hwaddr base = section->offset_within_address_space
796 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
797 next_map.nodes, next_map.sections);
798 MemoryRegionSection subsection = {
799 .offset_within_address_space = base,
800 .size = int128_make64(TARGET_PAGE_SIZE),
804 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
806 if (!(existing->mr->subpage)) {
807 subpage = subpage_init(d->as, base);
808 subsection.mr = &subpage->iomem;
809 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
810 phys_section_add(&subsection));
812 subpage = container_of(existing->mr, subpage_t, iomem);
814 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
815 end = start + int128_get64(section->size) - 1;
816 subpage_register(subpage, start, end, phys_section_add(section));
820 static void register_multipage(AddressSpaceDispatch *d,
821 MemoryRegionSection *section)
823 hwaddr start_addr = section->offset_within_address_space;
824 uint16_t section_index = phys_section_add(section);
825 uint64_t num_pages = int128_get64(int128_rshift(section->size,
829 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
832 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
834 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
835 AddressSpaceDispatch *d = as->next_dispatch;
836 MemoryRegionSection now = *section, remain = *section;
837 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
839 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
840 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
841 - now.offset_within_address_space;
843 now.size = int128_min(int128_make64(left), now.size);
844 register_subpage(d, &now);
846 now.size = int128_zero();
848 while (int128_ne(remain.size, now.size)) {
849 remain.size = int128_sub(remain.size, now.size);
850 remain.offset_within_address_space += int128_get64(now.size);
851 remain.offset_within_region += int128_get64(now.size);
853 if (int128_lt(remain.size, page_size)) {
854 register_subpage(d, &now);
855 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
856 now.size = page_size;
857 register_subpage(d, &now);
859 now.size = int128_and(now.size, int128_neg(page_size));
860 register_multipage(d, &now);
865 void qemu_flush_coalesced_mmio_buffer(void)
868 kvm_flush_coalesced_mmio_buffer();
871 void qemu_mutex_lock_ramlist(void)
873 qemu_mutex_lock(&ram_list.mutex);
876 void qemu_mutex_unlock_ramlist(void)
878 qemu_mutex_unlock(&ram_list.mutex);
885 #define HUGETLBFS_MAGIC 0x958458f6
887 static long gethugepagesize(const char *path)
893 ret = statfs(path, &fs);
894 } while (ret != 0 && errno == EINTR);
901 if (fs.f_type != HUGETLBFS_MAGIC)
902 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
907 static void *file_ram_alloc(RAMBlock *block,
912 char *sanitized_name;
919 unsigned long hpagesize;
921 hpagesize = gethugepagesize(path);
926 if (memory < hpagesize) {
930 if (kvm_enabled() && !kvm_has_sync_mmu()) {
931 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
935 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
936 sanitized_name = g_strdup(block->mr->name);
937 for (c = sanitized_name; *c != '\0'; c++) {
942 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
944 g_free(sanitized_name);
946 fd = mkstemp(filename);
948 perror("unable to create backing store for hugepages");
955 memory = (memory+hpagesize-1) & ~(hpagesize-1);
958 * ftruncate is not supported by hugetlbfs in older
959 * hosts, so don't bother bailing out on errors.
960 * If anything goes wrong with it under other filesystems,
963 if (ftruncate(fd, memory))
967 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
968 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
969 * to sidestep this quirk.
971 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
972 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
974 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
976 if (area == MAP_FAILED) {
977 perror("file_ram_alloc: can't mmap RAM pages");
985 static void *file_ram_alloc(RAMBlock *block,
989 fprintf(stderr, "-mem-path not supported on this host\n");
994 static ram_addr_t find_ram_offset(ram_addr_t size)
996 RAMBlock *block, *next_block;
997 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
999 assert(size != 0); /* it would hand out same offset multiple times */
1001 if (QTAILQ_EMPTY(&ram_list.blocks))
1004 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1005 ram_addr_t end, next = RAM_ADDR_MAX;
1007 end = block->offset + block->length;
1009 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1010 if (next_block->offset >= end) {
1011 next = MIN(next, next_block->offset);
1014 if (next - end >= size && next - end < mingap) {
1016 mingap = next - end;
1020 if (offset == RAM_ADDR_MAX) {
1021 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1029 ram_addr_t last_ram_offset(void)
1032 ram_addr_t last = 0;
1034 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1035 last = MAX(last, block->offset + block->length);
1040 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1044 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1045 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1046 "dump-guest-core", true)) {
1047 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1049 perror("qemu_madvise");
1050 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1051 "but dump_guest_core=off specified\n");
1056 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1058 RAMBlock *new_block, *block;
1061 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1062 if (block->offset == addr) {
1068 assert(!new_block->idstr[0]);
1071 char *id = qdev_get_dev_path(dev);
1073 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1077 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1079 /* This assumes the iothread lock is taken here too. */
1080 qemu_mutex_lock_ramlist();
1081 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1082 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1083 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1088 qemu_mutex_unlock_ramlist();
1091 static int memory_try_enable_merging(void *addr, size_t len)
1093 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1094 /* disabled by the user */
1098 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1101 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1104 RAMBlock *block, *new_block;
1106 size = TARGET_PAGE_ALIGN(size);
1107 new_block = g_malloc0(sizeof(*new_block));
1110 /* This assumes the iothread lock is taken here too. */
1111 qemu_mutex_lock_ramlist();
1113 new_block->offset = find_ram_offset(size);
1115 new_block->host = host;
1116 new_block->flags |= RAM_PREALLOC_MASK;
1117 } else if (xen_enabled()) {
1119 fprintf(stderr, "-mem-path not supported with Xen\n");
1122 xen_ram_alloc(new_block->offset, size, mr);
1125 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1127 * file_ram_alloc() needs to allocate just like
1128 * phys_mem_alloc, but we haven't bothered to provide
1132 "-mem-path not supported with this accelerator\n");
1135 new_block->host = file_ram_alloc(new_block, size, mem_path);
1137 if (!new_block->host) {
1138 new_block->host = phys_mem_alloc(size);
1139 if (!new_block->host) {
1140 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1141 new_block->mr->name, strerror(errno));
1144 memory_try_enable_merging(new_block->host, size);
1147 new_block->length = size;
1149 /* Keep the list sorted from biggest to smallest block. */
1150 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1151 if (block->length < new_block->length) {
1156 QTAILQ_INSERT_BEFORE(block, new_block, next);
1158 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1160 ram_list.mru_block = NULL;
1163 qemu_mutex_unlock_ramlist();
1165 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1166 last_ram_offset() >> TARGET_PAGE_BITS);
1167 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1168 0, size >> TARGET_PAGE_BITS);
1169 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1171 qemu_ram_setup_dump(new_block->host, size);
1172 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1173 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1176 kvm_setup_guest_memory(new_block->host, size);
1178 return new_block->offset;
1181 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1183 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1186 void qemu_ram_free_from_ptr(ram_addr_t addr)
1190 /* This assumes the iothread lock is taken here too. */
1191 qemu_mutex_lock_ramlist();
1192 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1193 if (addr == block->offset) {
1194 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1195 ram_list.mru_block = NULL;
1201 qemu_mutex_unlock_ramlist();
1204 void qemu_ram_free(ram_addr_t addr)
1208 /* This assumes the iothread lock is taken here too. */
1209 qemu_mutex_lock_ramlist();
1210 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1211 if (addr == block->offset) {
1212 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1213 ram_list.mru_block = NULL;
1215 if (block->flags & RAM_PREALLOC_MASK) {
1217 } else if (xen_enabled()) {
1218 xen_invalidate_map_cache_entry(block->host);
1220 } else if (block->fd >= 0) {
1221 munmap(block->host, block->length);
1225 qemu_anon_ram_free(block->host, block->length);
1231 qemu_mutex_unlock_ramlist();
1236 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1243 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1244 offset = addr - block->offset;
1245 if (offset < block->length) {
1246 vaddr = block->host + offset;
1247 if (block->flags & RAM_PREALLOC_MASK) {
1249 } else if (xen_enabled()) {
1253 munmap(vaddr, length);
1254 if (block->fd >= 0) {
1256 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1259 flags |= MAP_PRIVATE;
1261 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1262 flags, block->fd, offset);
1265 * Remap needs to match alloc. Accelerators that
1266 * set phys_mem_alloc never remap. If they did,
1267 * we'd need a remap hook here.
1269 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1271 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1272 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1275 if (area != vaddr) {
1276 fprintf(stderr, "Could not remap addr: "
1277 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1281 memory_try_enable_merging(vaddr, length);
1282 qemu_ram_setup_dump(vaddr, length);
1288 #endif /* !_WIN32 */
1290 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1291 With the exception of the softmmu code in this file, this should
1292 only be used for local memory (e.g. video ram) that the device owns,
1293 and knows it isn't going to access beyond the end of the block.
1295 It should not be used for general purpose DMA.
1296 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1298 void *qemu_get_ram_ptr(ram_addr_t addr)
1300 RAMBlock *block = qemu_get_ram_block(addr);
1302 if (xen_enabled()) {
1303 /* We need to check if the requested address is in the RAM
1304 * because we don't want to map the entire memory in QEMU.
1305 * In that case just map until the end of the page.
1307 if (block->offset == 0) {
1308 return xen_map_cache(addr, 0, 0);
1309 } else if (block->host == NULL) {
1311 xen_map_cache(block->offset, block->length, 1);
1314 return block->host + (addr - block->offset);
1317 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1318 * but takes a size argument */
1319 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1324 if (xen_enabled()) {
1325 return xen_map_cache(addr, *size, 1);
1329 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1330 if (addr - block->offset < block->length) {
1331 if (addr - block->offset + *size > block->length)
1332 *size = block->length - addr + block->offset;
1333 return block->host + (addr - block->offset);
1337 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1342 /* Some of the softmmu routines need to translate from a host pointer
1343 (typically a TLB entry) back to a ram offset. */
1344 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1347 uint8_t *host = ptr;
1349 if (xen_enabled()) {
1350 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1351 return qemu_get_ram_block(*ram_addr)->mr;
1354 block = ram_list.mru_block;
1355 if (block && block->host && host - block->host < block->length) {
1359 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1360 /* This case append when the block is not mapped. */
1361 if (block->host == NULL) {
1364 if (host - block->host < block->length) {
1372 *ram_addr = block->offset + (host - block->host);
1376 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1377 uint64_t val, unsigned size)
1380 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1381 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1382 tb_invalidate_phys_page_fast(ram_addr, size);
1383 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1387 stb_p(qemu_get_ram_ptr(ram_addr), val);
1390 stw_p(qemu_get_ram_ptr(ram_addr), val);
1393 stl_p(qemu_get_ram_ptr(ram_addr), val);
1398 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1399 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1400 /* we remove the notdirty callback only if the code has been
1402 if (dirty_flags == 0xff) {
1403 CPUArchState *env = current_cpu->env_ptr;
1404 tlb_set_dirty(env, env->mem_io_vaddr);
1408 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1409 unsigned size, bool is_write)
1414 static const MemoryRegionOps notdirty_mem_ops = {
1415 .write = notdirty_mem_write,
1416 .valid.accepts = notdirty_mem_accepts,
1417 .endianness = DEVICE_NATIVE_ENDIAN,
1420 /* Generate a debug exception if a watchpoint has been hit. */
1421 static void check_watchpoint(int offset, int len_mask, int flags)
1423 CPUArchState *env = current_cpu->env_ptr;
1424 target_ulong pc, cs_base;
1429 if (env->watchpoint_hit) {
1430 /* We re-entered the check after replacing the TB. Now raise
1431 * the debug interrupt so that is will trigger after the
1432 * current instruction. */
1433 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1436 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1437 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1438 if ((vaddr == (wp->vaddr & len_mask) ||
1439 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1440 wp->flags |= BP_WATCHPOINT_HIT;
1441 if (!env->watchpoint_hit) {
1442 env->watchpoint_hit = wp;
1443 tb_check_watchpoint(env);
1444 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1445 env->exception_index = EXCP_DEBUG;
1448 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1449 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1450 cpu_resume_from_signal(env, NULL);
1454 wp->flags &= ~BP_WATCHPOINT_HIT;
1459 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1460 so these check for a hit then pass through to the normal out-of-line
1462 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1465 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1467 case 1: return ldub_phys(addr);
1468 case 2: return lduw_phys(addr);
1469 case 4: return ldl_phys(addr);
1474 static void watch_mem_write(void *opaque, hwaddr addr,
1475 uint64_t val, unsigned size)
1477 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1480 stb_phys(addr, val);
1483 stw_phys(addr, val);
1486 stl_phys(addr, val);
1492 static const MemoryRegionOps watch_mem_ops = {
1493 .read = watch_mem_read,
1494 .write = watch_mem_write,
1495 .endianness = DEVICE_NATIVE_ENDIAN,
1498 static uint64_t subpage_read(void *opaque, hwaddr addr,
1501 subpage_t *subpage = opaque;
1504 #if defined(DEBUG_SUBPAGE)
1505 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1506 subpage, len, addr);
1508 address_space_read(subpage->as, addr + subpage->base, buf, len);
1521 static void subpage_write(void *opaque, hwaddr addr,
1522 uint64_t value, unsigned len)
1524 subpage_t *subpage = opaque;
1527 #if defined(DEBUG_SUBPAGE)
1528 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1529 " value %"PRIx64"\n",
1530 __func__, subpage, len, addr, value);
1545 address_space_write(subpage->as, addr + subpage->base, buf, len);
1548 static bool subpage_accepts(void *opaque, hwaddr addr,
1549 unsigned len, bool is_write)
1551 subpage_t *subpage = opaque;
1552 #if defined(DEBUG_SUBPAGE)
1553 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1554 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1557 return address_space_access_valid(subpage->as, addr + subpage->base,
1561 static const MemoryRegionOps subpage_ops = {
1562 .read = subpage_read,
1563 .write = subpage_write,
1564 .valid.accepts = subpage_accepts,
1565 .endianness = DEVICE_NATIVE_ENDIAN,
1568 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1573 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1575 idx = SUBPAGE_IDX(start);
1576 eidx = SUBPAGE_IDX(end);
1577 #if defined(DEBUG_SUBPAGE)
1578 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1579 __func__, mmio, start, end, idx, eidx, section);
1581 for (; idx <= eidx; idx++) {
1582 mmio->sub_section[idx] = section;
1588 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1592 mmio = g_malloc0(sizeof(subpage_t));
1596 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1597 "subpage", TARGET_PAGE_SIZE);
1598 mmio->iomem.subpage = true;
1599 #if defined(DEBUG_SUBPAGE)
1600 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1601 mmio, base, TARGET_PAGE_SIZE);
1603 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1608 static uint16_t dummy_section(MemoryRegion *mr)
1610 MemoryRegionSection section = {
1612 .offset_within_address_space = 0,
1613 .offset_within_region = 0,
1614 .size = int128_2_64(),
1617 return phys_section_add(§ion);
1620 MemoryRegion *iotlb_to_region(hwaddr index)
1622 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1625 static void io_mem_init(void)
1627 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1628 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1629 "unassigned", UINT64_MAX);
1630 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1631 "notdirty", UINT64_MAX);
1632 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1633 "watch", UINT64_MAX);
1636 static void mem_begin(MemoryListener *listener)
1638 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1639 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1641 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1643 as->next_dispatch = d;
1646 static void mem_commit(MemoryListener *listener)
1648 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1649 AddressSpaceDispatch *cur = as->dispatch;
1650 AddressSpaceDispatch *next = as->next_dispatch;
1652 next->nodes = next_map.nodes;
1653 next->sections = next_map.sections;
1655 as->dispatch = next;
1659 static void core_begin(MemoryListener *listener)
1663 prev_map = g_new(PhysPageMap, 1);
1664 *prev_map = next_map;
1666 memset(&next_map, 0, sizeof(next_map));
1667 n = dummy_section(&io_mem_unassigned);
1668 assert(n == PHYS_SECTION_UNASSIGNED);
1669 n = dummy_section(&io_mem_notdirty);
1670 assert(n == PHYS_SECTION_NOTDIRTY);
1671 n = dummy_section(&io_mem_rom);
1672 assert(n == PHYS_SECTION_ROM);
1673 n = dummy_section(&io_mem_watch);
1674 assert(n == PHYS_SECTION_WATCH);
1677 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1678 * All AddressSpaceDispatch instances have switched to the next map.
1680 static void core_commit(MemoryListener *listener)
1682 phys_sections_free(prev_map);
1685 static void tcg_commit(MemoryListener *listener)
1689 /* since each CPU stores ram addresses in its TLB cache, we must
1690 reset the modified entries */
1693 CPUArchState *env = cpu->env_ptr;
1699 static void core_log_global_start(MemoryListener *listener)
1701 cpu_physical_memory_set_dirty_tracking(1);
1704 static void core_log_global_stop(MemoryListener *listener)
1706 cpu_physical_memory_set_dirty_tracking(0);
1709 static MemoryListener core_memory_listener = {
1710 .begin = core_begin,
1711 .commit = core_commit,
1712 .log_global_start = core_log_global_start,
1713 .log_global_stop = core_log_global_stop,
1717 static MemoryListener tcg_memory_listener = {
1718 .commit = tcg_commit,
1721 void address_space_init_dispatch(AddressSpace *as)
1723 as->dispatch = NULL;
1724 as->dispatch_listener = (MemoryListener) {
1726 .commit = mem_commit,
1727 .region_add = mem_add,
1728 .region_nop = mem_add,
1731 memory_listener_register(&as->dispatch_listener, as);
1734 void address_space_destroy_dispatch(AddressSpace *as)
1736 AddressSpaceDispatch *d = as->dispatch;
1738 memory_listener_unregister(&as->dispatch_listener);
1740 as->dispatch = NULL;
1743 static void memory_map_init(void)
1745 system_memory = g_malloc(sizeof(*system_memory));
1746 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1747 address_space_init(&address_space_memory, system_memory, "memory");
1749 system_io = g_malloc(sizeof(*system_io));
1750 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1752 address_space_init(&address_space_io, system_io, "I/O");
1754 memory_listener_register(&core_memory_listener, &address_space_memory);
1755 if (tcg_enabled()) {
1756 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1760 MemoryRegion *get_system_memory(void)
1762 return system_memory;
1765 MemoryRegion *get_system_io(void)
1770 #endif /* !defined(CONFIG_USER_ONLY) */
1772 /* physical memory access (slow version, mainly for debug) */
1773 #if defined(CONFIG_USER_ONLY)
1774 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1775 uint8_t *buf, int len, int is_write)
1782 page = addr & TARGET_PAGE_MASK;
1783 l = (page + TARGET_PAGE_SIZE) - addr;
1786 flags = page_get_flags(page);
1787 if (!(flags & PAGE_VALID))
1790 if (!(flags & PAGE_WRITE))
1792 /* XXX: this code should not depend on lock_user */
1793 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1796 unlock_user(p, addr, l);
1798 if (!(flags & PAGE_READ))
1800 /* XXX: this code should not depend on lock_user */
1801 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1804 unlock_user(p, addr, 0);
1815 static void invalidate_and_set_dirty(hwaddr addr,
1818 if (!cpu_physical_memory_is_dirty(addr)) {
1819 /* invalidate code */
1820 tb_invalidate_phys_page_range(addr, addr + length, 0);
1822 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1824 xen_modified_memory(addr, length);
1827 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1829 if (memory_region_is_ram(mr)) {
1830 return !(is_write && mr->readonly);
1832 if (memory_region_is_romd(mr)) {
1839 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1841 unsigned access_size_max = mr->ops->valid.max_access_size;
1843 /* Regions are assumed to support 1-4 byte accesses unless
1844 otherwise specified. */
1845 if (access_size_max == 0) {
1846 access_size_max = 4;
1849 /* Bound the maximum access by the alignment of the address. */
1850 if (!mr->ops->impl.unaligned) {
1851 unsigned align_size_max = addr & -addr;
1852 if (align_size_max != 0 && align_size_max < access_size_max) {
1853 access_size_max = align_size_max;
1857 /* Don't attempt accesses larger than the maximum. */
1858 if (l > access_size_max) {
1859 l = access_size_max;
1862 l = 1 << (qemu_fls(l) - 1);
1868 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1869 int len, bool is_write)
1880 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1883 if (!memory_access_is_direct(mr, is_write)) {
1884 l = memory_access_size(mr, l, addr1);
1885 /* XXX: could force current_cpu to NULL to avoid
1889 /* 64 bit write access */
1891 error |= io_mem_write(mr, addr1, val, 8);
1894 /* 32 bit write access */
1896 error |= io_mem_write(mr, addr1, val, 4);
1899 /* 16 bit write access */
1901 error |= io_mem_write(mr, addr1, val, 2);
1904 /* 8 bit write access */
1906 error |= io_mem_write(mr, addr1, val, 1);
1912 addr1 += memory_region_get_ram_addr(mr);
1914 ptr = qemu_get_ram_ptr(addr1);
1915 memcpy(ptr, buf, l);
1916 invalidate_and_set_dirty(addr1, l);
1919 if (!memory_access_is_direct(mr, is_write)) {
1921 l = memory_access_size(mr, l, addr1);
1924 /* 64 bit read access */
1925 error |= io_mem_read(mr, addr1, &val, 8);
1929 /* 32 bit read access */
1930 error |= io_mem_read(mr, addr1, &val, 4);
1934 /* 16 bit read access */
1935 error |= io_mem_read(mr, addr1, &val, 2);
1939 /* 8 bit read access */
1940 error |= io_mem_read(mr, addr1, &val, 1);
1948 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1949 memcpy(buf, ptr, l);
1960 bool address_space_write(AddressSpace *as, hwaddr addr,
1961 const uint8_t *buf, int len)
1963 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1966 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1968 return address_space_rw(as, addr, buf, len, false);
1972 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1973 int len, int is_write)
1975 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1978 /* used for ROM loading : can write in RAM and ROM */
1979 void cpu_physical_memory_write_rom(hwaddr addr,
1980 const uint8_t *buf, int len)
1989 mr = address_space_translate(&address_space_memory,
1990 addr, &addr1, &l, true);
1992 if (!(memory_region_is_ram(mr) ||
1993 memory_region_is_romd(mr))) {
1996 addr1 += memory_region_get_ram_addr(mr);
1998 ptr = qemu_get_ram_ptr(addr1);
1999 memcpy(ptr, buf, l);
2000 invalidate_and_set_dirty(addr1, l);
2015 static BounceBuffer bounce;
2017 typedef struct MapClient {
2019 void (*callback)(void *opaque);
2020 QLIST_ENTRY(MapClient) link;
2023 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2024 = QLIST_HEAD_INITIALIZER(map_client_list);
2026 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2028 MapClient *client = g_malloc(sizeof(*client));
2030 client->opaque = opaque;
2031 client->callback = callback;
2032 QLIST_INSERT_HEAD(&map_client_list, client, link);
2036 static void cpu_unregister_map_client(void *_client)
2038 MapClient *client = (MapClient *)_client;
2040 QLIST_REMOVE(client, link);
2044 static void cpu_notify_map_clients(void)
2048 while (!QLIST_EMPTY(&map_client_list)) {
2049 client = QLIST_FIRST(&map_client_list);
2050 client->callback(client->opaque);
2051 cpu_unregister_map_client(client);
2055 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2062 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2063 if (!memory_access_is_direct(mr, is_write)) {
2064 l = memory_access_size(mr, l, addr);
2065 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2076 /* Map a physical memory region into a host virtual address.
2077 * May map a subset of the requested range, given by and returned in *plen.
2078 * May return NULL if resources needed to perform the mapping are exhausted.
2079 * Use only for reads OR writes - not for read-modify-write operations.
2080 * Use cpu_register_map_client() to know when retrying the map operation is
2081 * likely to succeed.
2083 void *address_space_map(AddressSpace *as,
2090 hwaddr l, xlat, base;
2091 MemoryRegion *mr, *this_mr;
2099 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2100 if (!memory_access_is_direct(mr, is_write)) {
2101 if (bounce.buffer) {
2104 /* Avoid unbounded allocations */
2105 l = MIN(l, TARGET_PAGE_SIZE);
2106 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2110 memory_region_ref(mr);
2113 address_space_read(as, addr, bounce.buffer, l);
2117 return bounce.buffer;
2121 raddr = memory_region_get_ram_addr(mr);
2132 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2133 if (this_mr != mr || xlat != base + done) {
2138 memory_region_ref(mr);
2140 return qemu_ram_ptr_length(raddr + base, plen);
2143 /* Unmaps a memory region previously mapped by address_space_map().
2144 * Will also mark the memory as dirty if is_write == 1. access_len gives
2145 * the amount of memory that was actually read or written by the caller.
2147 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2148 int is_write, hwaddr access_len)
2150 if (buffer != bounce.buffer) {
2154 mr = qemu_ram_addr_from_host(buffer, &addr1);
2157 while (access_len) {
2159 l = TARGET_PAGE_SIZE;
2162 invalidate_and_set_dirty(addr1, l);
2167 if (xen_enabled()) {
2168 xen_invalidate_map_cache_entry(buffer);
2170 memory_region_unref(mr);
2174 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2176 qemu_vfree(bounce.buffer);
2177 bounce.buffer = NULL;
2178 memory_region_unref(bounce.mr);
2179 cpu_notify_map_clients();
2182 void *cpu_physical_memory_map(hwaddr addr,
2186 return address_space_map(&address_space_memory, addr, plen, is_write);
2189 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2190 int is_write, hwaddr access_len)
2192 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2195 /* warning: addr must be aligned */
2196 static inline uint32_t ldl_phys_internal(hwaddr addr,
2197 enum device_endian endian)
2205 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2207 if (l < 4 || !memory_access_is_direct(mr, false)) {
2209 io_mem_read(mr, addr1, &val, 4);
2210 #if defined(TARGET_WORDS_BIGENDIAN)
2211 if (endian == DEVICE_LITTLE_ENDIAN) {
2215 if (endian == DEVICE_BIG_ENDIAN) {
2221 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2225 case DEVICE_LITTLE_ENDIAN:
2226 val = ldl_le_p(ptr);
2228 case DEVICE_BIG_ENDIAN:
2229 val = ldl_be_p(ptr);
2239 uint32_t ldl_phys(hwaddr addr)
2241 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2244 uint32_t ldl_le_phys(hwaddr addr)
2246 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2249 uint32_t ldl_be_phys(hwaddr addr)
2251 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2254 /* warning: addr must be aligned */
2255 static inline uint64_t ldq_phys_internal(hwaddr addr,
2256 enum device_endian endian)
2264 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2266 if (l < 8 || !memory_access_is_direct(mr, false)) {
2268 io_mem_read(mr, addr1, &val, 8);
2269 #if defined(TARGET_WORDS_BIGENDIAN)
2270 if (endian == DEVICE_LITTLE_ENDIAN) {
2274 if (endian == DEVICE_BIG_ENDIAN) {
2280 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2284 case DEVICE_LITTLE_ENDIAN:
2285 val = ldq_le_p(ptr);
2287 case DEVICE_BIG_ENDIAN:
2288 val = ldq_be_p(ptr);
2298 uint64_t ldq_phys(hwaddr addr)
2300 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2303 uint64_t ldq_le_phys(hwaddr addr)
2305 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2308 uint64_t ldq_be_phys(hwaddr addr)
2310 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2314 uint32_t ldub_phys(hwaddr addr)
2317 cpu_physical_memory_read(addr, &val, 1);
2321 /* warning: addr must be aligned */
2322 static inline uint32_t lduw_phys_internal(hwaddr addr,
2323 enum device_endian endian)
2331 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2333 if (l < 2 || !memory_access_is_direct(mr, false)) {
2335 io_mem_read(mr, addr1, &val, 2);
2336 #if defined(TARGET_WORDS_BIGENDIAN)
2337 if (endian == DEVICE_LITTLE_ENDIAN) {
2341 if (endian == DEVICE_BIG_ENDIAN) {
2347 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2351 case DEVICE_LITTLE_ENDIAN:
2352 val = lduw_le_p(ptr);
2354 case DEVICE_BIG_ENDIAN:
2355 val = lduw_be_p(ptr);
2365 uint32_t lduw_phys(hwaddr addr)
2367 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2370 uint32_t lduw_le_phys(hwaddr addr)
2372 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2375 uint32_t lduw_be_phys(hwaddr addr)
2377 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2380 /* warning: addr must be aligned. The ram page is not masked as dirty
2381 and the code inside is not invalidated. It is useful if the dirty
2382 bits are used to track modified PTEs */
2383 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2390 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2392 if (l < 4 || !memory_access_is_direct(mr, true)) {
2393 io_mem_write(mr, addr1, val, 4);
2395 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2396 ptr = qemu_get_ram_ptr(addr1);
2399 if (unlikely(in_migration)) {
2400 if (!cpu_physical_memory_is_dirty(addr1)) {
2401 /* invalidate code */
2402 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2404 cpu_physical_memory_set_dirty_flags(
2405 addr1, (0xff & ~CODE_DIRTY_FLAG));
2411 /* warning: addr must be aligned */
2412 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2413 enum device_endian endian)
2420 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2422 if (l < 4 || !memory_access_is_direct(mr, true)) {
2423 #if defined(TARGET_WORDS_BIGENDIAN)
2424 if (endian == DEVICE_LITTLE_ENDIAN) {
2428 if (endian == DEVICE_BIG_ENDIAN) {
2432 io_mem_write(mr, addr1, val, 4);
2435 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2436 ptr = qemu_get_ram_ptr(addr1);
2438 case DEVICE_LITTLE_ENDIAN:
2441 case DEVICE_BIG_ENDIAN:
2448 invalidate_and_set_dirty(addr1, 4);
2452 void stl_phys(hwaddr addr, uint32_t val)
2454 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2457 void stl_le_phys(hwaddr addr, uint32_t val)
2459 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2462 void stl_be_phys(hwaddr addr, uint32_t val)
2464 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2468 void stb_phys(hwaddr addr, uint32_t val)
2471 cpu_physical_memory_write(addr, &v, 1);
2474 /* warning: addr must be aligned */
2475 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2476 enum device_endian endian)
2483 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2485 if (l < 2 || !memory_access_is_direct(mr, true)) {
2486 #if defined(TARGET_WORDS_BIGENDIAN)
2487 if (endian == DEVICE_LITTLE_ENDIAN) {
2491 if (endian == DEVICE_BIG_ENDIAN) {
2495 io_mem_write(mr, addr1, val, 2);
2498 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2499 ptr = qemu_get_ram_ptr(addr1);
2501 case DEVICE_LITTLE_ENDIAN:
2504 case DEVICE_BIG_ENDIAN:
2511 invalidate_and_set_dirty(addr1, 2);
2515 void stw_phys(hwaddr addr, uint32_t val)
2517 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2520 void stw_le_phys(hwaddr addr, uint32_t val)
2522 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2525 void stw_be_phys(hwaddr addr, uint32_t val)
2527 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2531 void stq_phys(hwaddr addr, uint64_t val)
2534 cpu_physical_memory_write(addr, &val, 8);
2537 void stq_le_phys(hwaddr addr, uint64_t val)
2539 val = cpu_to_le64(val);
2540 cpu_physical_memory_write(addr, &val, 8);
2543 void stq_be_phys(hwaddr addr, uint64_t val)
2545 val = cpu_to_be64(val);
2546 cpu_physical_memory_write(addr, &val, 8);
2549 /* virtual memory access for debug (includes writing to ROM) */
2550 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2551 uint8_t *buf, int len, int is_write)
2558 page = addr & TARGET_PAGE_MASK;
2559 phys_addr = cpu_get_phys_page_debug(cpu, page);
2560 /* if no physical page mapped, return an error */
2561 if (phys_addr == -1)
2563 l = (page + TARGET_PAGE_SIZE) - addr;
2566 phys_addr += (addr & ~TARGET_PAGE_MASK);
2568 cpu_physical_memory_write_rom(phys_addr, buf, l);
2570 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2579 #if !defined(CONFIG_USER_ONLY)
2582 * A helper function for the _utterly broken_ virtio device model to find out if
2583 * it's running on a big endian machine. Don't do this at home kids!
2585 bool virtio_is_big_endian(void);
2586 bool virtio_is_big_endian(void)
2588 #if defined(TARGET_WORDS_BIGENDIAN)
2597 #ifndef CONFIG_USER_ONLY
2598 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2603 mr = address_space_translate(&address_space_memory,
2604 phys_addr, &phys_addr, &l, false);
2606 return !(memory_region_is_ram(mr) ||
2607 memory_region_is_romd(mr));
2610 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2614 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2615 func(block->host, block->offset, block->length, opaque);
projects / lisovros / qemu_apohw.git / blob