4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
30 #include "qemu/osdep.h"
31 #include "sysemu/kvm.h"
32 #include "sysemu/sysemu.h"
33 #include "hw/xen/xen.h"
34 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "qemu/error-report.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
46 #include "exec/cpu-all.h"
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
51 #include "exec/memory-internal.h"
52 #include "exec/ram_addr.h"
54 #include "qemu/range.h"
56 //#define DEBUG_SUBPAGE
58 #if !defined(CONFIG_USER_ONLY)
59 static bool in_migration;
61 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
63 static MemoryRegion *system_memory;
64 static MemoryRegion *system_io;
66 AddressSpace address_space_io;
67 AddressSpace address_space_memory;
69 MemoryRegion io_mem_rom, io_mem_notdirty;
70 static MemoryRegion io_mem_unassigned;
72 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
73 #define RAM_PREALLOC (1 << 0)
75 /* RAM is mmap-ed with MAP_SHARED */
76 #define RAM_SHARED (1 << 1)
80 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
81 /* current CPU in the current thread. It is only valid inside
83 DEFINE_TLS(CPUState *, current_cpu);
84 /* 0 = Do not count executed instructions.
85 1 = Precise instruction counting.
86 2 = Adaptive rate instruction counting. */
89 #if !defined(CONFIG_USER_ONLY)
91 typedef struct PhysPageEntry PhysPageEntry;
93 struct PhysPageEntry {
94 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
96 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
100 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
102 /* Size of the L2 (and L3, etc) page tables. */
103 #define ADDR_SPACE_BITS 64
106 #define P_L2_SIZE (1 << P_L2_BITS)
108 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
110 typedef PhysPageEntry Node[P_L2_SIZE];
112 typedef struct PhysPageMap {
113 unsigned sections_nb;
114 unsigned sections_nb_alloc;
116 unsigned nodes_nb_alloc;
118 MemoryRegionSection *sections;
121 struct AddressSpaceDispatch {
122 /* This is a multi-level map on the physical address space.
123 * The bottom level has pointers to MemoryRegionSections.
125 PhysPageEntry phys_map;
130 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
131 typedef struct subpage_t {
135 uint16_t sub_section[TARGET_PAGE_SIZE];
138 #define PHYS_SECTION_UNASSIGNED 0
139 #define PHYS_SECTION_NOTDIRTY 1
140 #define PHYS_SECTION_ROM 2
141 #define PHYS_SECTION_WATCH 3
143 static void io_mem_init(void);
144 static void memory_map_init(void);
145 static void tcg_commit(MemoryListener *listener);
147 static MemoryRegion io_mem_watch;
150 #if !defined(CONFIG_USER_ONLY)
152 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
154 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
155 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
156 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
157 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
161 static uint32_t phys_map_node_alloc(PhysPageMap *map)
166 ret = map->nodes_nb++;
167 assert(ret != PHYS_MAP_NODE_NIL);
168 assert(ret != map->nodes_nb_alloc);
169 for (i = 0; i < P_L2_SIZE; ++i) {
170 map->nodes[ret][i].skip = 1;
171 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
176 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
177 hwaddr *index, hwaddr *nb, uint16_t leaf,
182 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
184 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
185 lp->ptr = phys_map_node_alloc(map);
186 p = map->nodes[lp->ptr];
188 for (i = 0; i < P_L2_SIZE; i++) {
190 p[i].ptr = PHYS_SECTION_UNASSIGNED;
194 p = map->nodes[lp->ptr];
196 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
198 while (*nb && lp < &p[P_L2_SIZE]) {
199 if ((*index & (step - 1)) == 0 && *nb >= step) {
205 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
211 static void phys_page_set(AddressSpaceDispatch *d,
212 hwaddr index, hwaddr nb,
215 /* Wildly overreserve - it doesn't matter much. */
216 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
218 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
221 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
222 * and update our entry so we can skip it and go directly to the destination.
224 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
226 unsigned valid_ptr = P_L2_SIZE;
231 if (lp->ptr == PHYS_MAP_NODE_NIL) {
236 for (i = 0; i < P_L2_SIZE; i++) {
237 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
244 phys_page_compact(&p[i], nodes, compacted);
248 /* We can only compress if there's only one child. */
253 assert(valid_ptr < P_L2_SIZE);
255 /* Don't compress if it won't fit in the # of bits we have. */
256 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
260 lp->ptr = p[valid_ptr].ptr;
261 if (!p[valid_ptr].skip) {
262 /* If our only child is a leaf, make this a leaf. */
263 /* By design, we should have made this node a leaf to begin with so we
264 * should never reach here.
265 * But since it's so simple to handle this, let's do it just in case we
270 lp->skip += p[valid_ptr].skip;
274 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
276 DECLARE_BITMAP(compacted, nodes_nb);
278 if (d->phys_map.skip) {
279 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
283 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
284 Node *nodes, MemoryRegionSection *sections)
287 hwaddr index = addr >> TARGET_PAGE_BITS;
290 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
291 if (lp.ptr == PHYS_MAP_NODE_NIL) {
292 return §ions[PHYS_SECTION_UNASSIGNED];
295 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
298 if (sections[lp.ptr].size.hi ||
299 range_covers_byte(sections[lp.ptr].offset_within_address_space,
300 sections[lp.ptr].size.lo, addr)) {
301 return §ions[lp.ptr];
303 return §ions[PHYS_SECTION_UNASSIGNED];
307 bool memory_region_is_unassigned(MemoryRegion *mr)
309 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
310 && mr != &io_mem_watch;
313 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
315 bool resolve_subpage)
317 MemoryRegionSection *section;
320 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
321 if (resolve_subpage && section->mr->subpage) {
322 subpage = container_of(section->mr, subpage_t, iomem);
323 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
328 static MemoryRegionSection *
329 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
330 hwaddr *plen, bool resolve_subpage)
332 MemoryRegionSection *section;
335 section = address_space_lookup_region(d, addr, resolve_subpage);
336 /* Compute offset within MemoryRegionSection */
337 addr -= section->offset_within_address_space;
339 /* Compute offset within MemoryRegion */
340 *xlat = addr + section->offset_within_region;
342 diff = int128_sub(section->mr->size, int128_make64(addr));
343 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
347 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
349 if (memory_region_is_ram(mr)) {
350 return !(is_write && mr->readonly);
352 if (memory_region_is_romd(mr)) {
359 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
360 hwaddr *xlat, hwaddr *plen,
364 MemoryRegionSection *section;
369 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
372 if (!mr->iommu_ops) {
376 iotlb = mr->iommu_ops->translate(mr, addr);
377 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
378 | (addr & iotlb.addr_mask));
379 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
380 if (!(iotlb.perm & (1 << is_write))) {
381 mr = &io_mem_unassigned;
385 as = iotlb.target_as;
388 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
389 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
390 len = MIN(page, len);
398 MemoryRegionSection *
399 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
402 MemoryRegionSection *section;
403 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
405 assert(!section->mr->iommu_ops);
410 void cpu_exec_init_all(void)
412 #if !defined(CONFIG_USER_ONLY)
413 qemu_mutex_init(&ram_list.mutex);
419 #if !defined(CONFIG_USER_ONLY)
421 static int cpu_common_post_load(void *opaque, int version_id)
423 CPUState *cpu = opaque;
425 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
426 version_id is increased. */
427 cpu->interrupt_request &= ~0x01;
433 const VMStateDescription vmstate_cpu_common = {
434 .name = "cpu_common",
436 .minimum_version_id = 1,
437 .post_load = cpu_common_post_load,
438 .fields = (VMStateField[]) {
439 VMSTATE_UINT32(halted, CPUState),
440 VMSTATE_UINT32(interrupt_request, CPUState),
441 VMSTATE_END_OF_LIST()
447 CPUState *qemu_get_cpu(int index)
452 if (cpu->cpu_index == index) {
460 #if !defined(CONFIG_USER_ONLY)
461 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
463 /* We only support one address space per cpu at the moment. */
464 assert(cpu->as == as);
466 if (cpu->tcg_as_listener) {
467 memory_listener_unregister(cpu->tcg_as_listener);
469 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
471 cpu->tcg_as_listener->commit = tcg_commit;
472 memory_listener_register(cpu->tcg_as_listener, as);
476 void cpu_exec_init(CPUArchState *env)
478 CPUState *cpu = ENV_GET_CPU(env);
479 CPUClass *cc = CPU_GET_CLASS(cpu);
483 #if defined(CONFIG_USER_ONLY)
487 CPU_FOREACH(some_cpu) {
490 cpu->cpu_index = cpu_index;
492 QTAILQ_INIT(&cpu->breakpoints);
493 QTAILQ_INIT(&cpu->watchpoints);
494 #ifndef CONFIG_USER_ONLY
495 cpu->as = &address_space_memory;
496 cpu->thread_id = qemu_get_thread_id();
498 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
499 #if defined(CONFIG_USER_ONLY)
502 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
503 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
505 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
506 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
507 cpu_save, cpu_load, env);
508 assert(cc->vmsd == NULL);
509 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
511 if (cc->vmsd != NULL) {
512 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
516 #if defined(TARGET_HAS_ICE)
517 #if defined(CONFIG_USER_ONLY)
518 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
520 tb_invalidate_phys_page_range(pc, pc + 1, 0);
523 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
525 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
527 tb_invalidate_phys_addr(cpu->as,
528 phys | (pc & ~TARGET_PAGE_MASK));
532 #endif /* TARGET_HAS_ICE */
534 #if defined(CONFIG_USER_ONLY)
535 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
540 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
541 int flags, CPUWatchpoint **watchpoint)
546 /* Add a watchpoint. */
547 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
548 int flags, CPUWatchpoint **watchpoint)
550 vaddr len_mask = ~(len - 1);
553 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
554 if ((len & (len - 1)) || (addr & ~len_mask) ||
555 len == 0 || len > TARGET_PAGE_SIZE) {
556 error_report("tried to set invalid watchpoint at %"
557 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
560 wp = g_malloc(sizeof(*wp));
563 wp->len_mask = len_mask;
566 /* keep all GDB-injected watchpoints in front */
567 if (flags & BP_GDB) {
568 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
570 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
573 tlb_flush_page(cpu, addr);
580 /* Remove a specific watchpoint. */
581 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
584 vaddr len_mask = ~(len - 1);
587 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
588 if (addr == wp->vaddr && len_mask == wp->len_mask
589 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
590 cpu_watchpoint_remove_by_ref(cpu, wp);
597 /* Remove a specific watchpoint by reference. */
598 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
600 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
602 tlb_flush_page(cpu, watchpoint->vaddr);
607 /* Remove all matching watchpoints. */
608 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
610 CPUWatchpoint *wp, *next;
612 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
613 if (wp->flags & mask) {
614 cpu_watchpoint_remove_by_ref(cpu, wp);
620 /* Add a breakpoint. */
621 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
622 CPUBreakpoint **breakpoint)
624 #if defined(TARGET_HAS_ICE)
627 bp = g_malloc(sizeof(*bp));
632 /* keep all GDB-injected breakpoints in front */
633 if (flags & BP_GDB) {
634 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
636 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
639 breakpoint_invalidate(cpu, pc);
650 /* Remove a specific breakpoint. */
651 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
653 #if defined(TARGET_HAS_ICE)
656 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
657 if (bp->pc == pc && bp->flags == flags) {
658 cpu_breakpoint_remove_by_ref(cpu, bp);
668 /* Remove a specific breakpoint by reference. */
669 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
671 #if defined(TARGET_HAS_ICE)
672 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
674 breakpoint_invalidate(cpu, breakpoint->pc);
680 /* Remove all matching breakpoints. */
681 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
683 #if defined(TARGET_HAS_ICE)
684 CPUBreakpoint *bp, *next;
686 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
687 if (bp->flags & mask) {
688 cpu_breakpoint_remove_by_ref(cpu, bp);
694 /* enable or disable single step mode. EXCP_DEBUG is returned by the
695 CPU loop after each instruction */
696 void cpu_single_step(CPUState *cpu, int enabled)
698 #if defined(TARGET_HAS_ICE)
699 if (cpu->singlestep_enabled != enabled) {
700 cpu->singlestep_enabled = enabled;
702 kvm_update_guest_debug(cpu, 0);
704 /* must flush all the translated code to avoid inconsistencies */
705 /* XXX: only flush what is necessary */
706 CPUArchState *env = cpu->env_ptr;
713 void cpu_abort(CPUState *cpu, const char *fmt, ...)
720 fprintf(stderr, "qemu: fatal: ");
721 vfprintf(stderr, fmt, ap);
722 fprintf(stderr, "\n");
723 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
724 if (qemu_log_enabled()) {
725 qemu_log("qemu: fatal: ");
726 qemu_log_vprintf(fmt, ap2);
728 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
734 #if defined(CONFIG_USER_ONLY)
736 struct sigaction act;
737 sigfillset(&act.sa_mask);
738 act.sa_handler = SIG_DFL;
739 sigaction(SIGABRT, &act, NULL);
745 #if !defined(CONFIG_USER_ONLY)
746 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
750 /* The list is protected by the iothread lock here. */
751 block = ram_list.mru_block;
752 if (block && addr - block->offset < block->length) {
755 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
756 if (addr - block->offset < block->length) {
761 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
765 ram_list.mru_block = block;
769 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
775 end = TARGET_PAGE_ALIGN(start + length);
776 start &= TARGET_PAGE_MASK;
778 block = qemu_get_ram_block(start);
779 assert(block == qemu_get_ram_block(end - 1));
780 start1 = (uintptr_t)block->host + (start - block->offset);
781 cpu_tlb_reset_dirty_all(start1, length);
784 /* Note: start and end must be within the same ram block. */
785 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
790 cpu_physical_memory_clear_dirty_range(start, length, client);
793 tlb_reset_dirty_range_all(start, length);
797 static void cpu_physical_memory_set_dirty_tracking(bool enable)
799 in_migration = enable;
802 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
803 MemoryRegionSection *section,
805 hwaddr paddr, hwaddr xlat,
807 target_ulong *address)
812 if (memory_region_is_ram(section->mr)) {
814 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
816 if (!section->readonly) {
817 iotlb |= PHYS_SECTION_NOTDIRTY;
819 iotlb |= PHYS_SECTION_ROM;
822 iotlb = section - section->address_space->dispatch->map.sections;
826 /* Make accesses to pages with watchpoints go via the
827 watchpoint trap routines. */
828 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
829 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
830 /* Avoid trapping reads of pages with a write breakpoint. */
831 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
832 iotlb = PHYS_SECTION_WATCH + paddr;
833 *address |= TLB_MMIO;
841 #endif /* defined(CONFIG_USER_ONLY) */
843 #if !defined(CONFIG_USER_ONLY)
845 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
847 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
849 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
852 * Set a custom physical guest memory alloator.
853 * Accelerators with unusual needs may need this. Hopefully, we can
854 * get rid of it eventually.
856 void phys_mem_set_alloc(void *(*alloc)(size_t))
858 phys_mem_alloc = alloc;
861 static uint16_t phys_section_add(PhysPageMap *map,
862 MemoryRegionSection *section)
864 /* The physical section number is ORed with a page-aligned
865 * pointer to produce the iotlb entries. Thus it should
866 * never overflow into the page-aligned value.
868 assert(map->sections_nb < TARGET_PAGE_SIZE);
870 if (map->sections_nb == map->sections_nb_alloc) {
871 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
872 map->sections = g_renew(MemoryRegionSection, map->sections,
873 map->sections_nb_alloc);
875 map->sections[map->sections_nb] = *section;
876 memory_region_ref(section->mr);
877 return map->sections_nb++;
880 static void phys_section_destroy(MemoryRegion *mr)
882 memory_region_unref(mr);
885 subpage_t *subpage = container_of(mr, subpage_t, iomem);
886 memory_region_destroy(&subpage->iomem);
891 static void phys_sections_free(PhysPageMap *map)
893 while (map->sections_nb > 0) {
894 MemoryRegionSection *section = &map->sections[--map->sections_nb];
895 phys_section_destroy(section->mr);
897 g_free(map->sections);
901 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
904 hwaddr base = section->offset_within_address_space
906 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
907 d->map.nodes, d->map.sections);
908 MemoryRegionSection subsection = {
909 .offset_within_address_space = base,
910 .size = int128_make64(TARGET_PAGE_SIZE),
914 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
916 if (!(existing->mr->subpage)) {
917 subpage = subpage_init(d->as, base);
918 subsection.address_space = d->as;
919 subsection.mr = &subpage->iomem;
920 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
921 phys_section_add(&d->map, &subsection));
923 subpage = container_of(existing->mr, subpage_t, iomem);
925 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
926 end = start + int128_get64(section->size) - 1;
927 subpage_register(subpage, start, end,
928 phys_section_add(&d->map, section));
932 static void register_multipage(AddressSpaceDispatch *d,
933 MemoryRegionSection *section)
935 hwaddr start_addr = section->offset_within_address_space;
936 uint16_t section_index = phys_section_add(&d->map, section);
937 uint64_t num_pages = int128_get64(int128_rshift(section->size,
941 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
944 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
946 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
947 AddressSpaceDispatch *d = as->next_dispatch;
948 MemoryRegionSection now = *section, remain = *section;
949 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
951 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
952 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
953 - now.offset_within_address_space;
955 now.size = int128_min(int128_make64(left), now.size);
956 register_subpage(d, &now);
958 now.size = int128_zero();
960 while (int128_ne(remain.size, now.size)) {
961 remain.size = int128_sub(remain.size, now.size);
962 remain.offset_within_address_space += int128_get64(now.size);
963 remain.offset_within_region += int128_get64(now.size);
965 if (int128_lt(remain.size, page_size)) {
966 register_subpage(d, &now);
967 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
968 now.size = page_size;
969 register_subpage(d, &now);
971 now.size = int128_and(now.size, int128_neg(page_size));
972 register_multipage(d, &now);
977 void qemu_flush_coalesced_mmio_buffer(void)
980 kvm_flush_coalesced_mmio_buffer();
983 void qemu_mutex_lock_ramlist(void)
985 qemu_mutex_lock(&ram_list.mutex);
988 void qemu_mutex_unlock_ramlist(void)
990 qemu_mutex_unlock(&ram_list.mutex);
997 #define HUGETLBFS_MAGIC 0x958458f6
999 static long gethugepagesize(const char *path)
1005 ret = statfs(path, &fs);
1006 } while (ret != 0 && errno == EINTR);
1013 if (fs.f_type != HUGETLBFS_MAGIC)
1014 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1019 static void *file_ram_alloc(RAMBlock *block,
1025 char *sanitized_name;
1029 unsigned long hpagesize;
1031 hpagesize = gethugepagesize(path);
1036 if (memory < hpagesize) {
1040 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1042 "host lacks kvm mmu notifiers, -mem-path unsupported");
1046 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1047 sanitized_name = g_strdup(block->mr->name);
1048 for (c = sanitized_name; *c != '\0'; c++) {
1053 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1055 g_free(sanitized_name);
1057 fd = mkstemp(filename);
1059 error_setg_errno(errp, errno,
1060 "unable to create backing store for hugepages");
1067 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1070 * ftruncate is not supported by hugetlbfs in older
1071 * hosts, so don't bother bailing out on errors.
1072 * If anything goes wrong with it under other filesystems,
1075 if (ftruncate(fd, memory)) {
1076 perror("ftruncate");
1079 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1080 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1082 if (area == MAP_FAILED) {
1083 error_setg_errno(errp, errno,
1084 "unable to map backing store for hugepages");
1090 os_mem_prealloc(fd, area, memory);
1104 static ram_addr_t find_ram_offset(ram_addr_t size)
1106 RAMBlock *block, *next_block;
1107 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1109 assert(size != 0); /* it would hand out same offset multiple times */
1111 if (QTAILQ_EMPTY(&ram_list.blocks))
1114 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1115 ram_addr_t end, next = RAM_ADDR_MAX;
1117 end = block->offset + block->length;
1119 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1120 if (next_block->offset >= end) {
1121 next = MIN(next, next_block->offset);
1124 if (next - end >= size && next - end < mingap) {
1126 mingap = next - end;
1130 if (offset == RAM_ADDR_MAX) {
1131 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1139 ram_addr_t last_ram_offset(void)
1142 ram_addr_t last = 0;
1144 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1145 last = MAX(last, block->offset + block->length);
1150 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1154 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1155 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1156 "dump-guest-core", true)) {
1157 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1159 perror("qemu_madvise");
1160 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1161 "but dump_guest_core=off specified\n");
1166 static RAMBlock *find_ram_block(ram_addr_t addr)
1170 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1171 if (block->offset == addr) {
1179 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1181 RAMBlock *new_block = find_ram_block(addr);
1185 assert(!new_block->idstr[0]);
1188 char *id = qdev_get_dev_path(dev);
1190 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1194 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1196 /* This assumes the iothread lock is taken here too. */
1197 qemu_mutex_lock_ramlist();
1198 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1199 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1200 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1205 qemu_mutex_unlock_ramlist();
1208 void qemu_ram_unset_idstr(ram_addr_t addr)
1210 RAMBlock *block = find_ram_block(addr);
1213 memset(block->idstr, 0, sizeof(block->idstr));
1217 static int memory_try_enable_merging(void *addr, size_t len)
1219 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1220 /* disabled by the user */
1224 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1227 static ram_addr_t ram_block_add(RAMBlock *new_block)
1230 ram_addr_t old_ram_size, new_ram_size;
1232 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1234 /* This assumes the iothread lock is taken here too. */
1235 qemu_mutex_lock_ramlist();
1236 new_block->offset = find_ram_offset(new_block->length);
1238 if (!new_block->host) {
1239 if (xen_enabled()) {
1240 xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
1242 new_block->host = phys_mem_alloc(new_block->length);
1243 if (!new_block->host) {
1244 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1245 new_block->mr->name, strerror(errno));
1248 memory_try_enable_merging(new_block->host, new_block->length);
1252 /* Keep the list sorted from biggest to smallest block. */
1253 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1254 if (block->length < new_block->length) {
1259 QTAILQ_INSERT_BEFORE(block, new_block, next);
1261 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1263 ram_list.mru_block = NULL;
1266 qemu_mutex_unlock_ramlist();
1268 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1270 if (new_ram_size > old_ram_size) {
1272 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1273 ram_list.dirty_memory[i] =
1274 bitmap_zero_extend(ram_list.dirty_memory[i],
1275 old_ram_size, new_ram_size);
1278 cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
1280 qemu_ram_setup_dump(new_block->host, new_block->length);
1281 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
1282 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
1284 if (kvm_enabled()) {
1285 kvm_setup_guest_memory(new_block->host, new_block->length);
1288 return new_block->offset;
1292 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1293 bool share, const char *mem_path,
1296 RAMBlock *new_block;
1298 if (xen_enabled()) {
1299 error_setg(errp, "-mem-path not supported with Xen");
1303 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1305 * file_ram_alloc() needs to allocate just like
1306 * phys_mem_alloc, but we haven't bothered to provide
1310 "-mem-path not supported with this accelerator");
1314 size = TARGET_PAGE_ALIGN(size);
1315 new_block = g_malloc0(sizeof(*new_block));
1317 new_block->length = size;
1318 new_block->flags = share ? RAM_SHARED : 0;
1319 new_block->host = file_ram_alloc(new_block, size,
1321 if (!new_block->host) {
1326 return ram_block_add(new_block);
1330 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1333 RAMBlock *new_block;
1335 size = TARGET_PAGE_ALIGN(size);
1336 new_block = g_malloc0(sizeof(*new_block));
1338 new_block->length = size;
1340 new_block->host = host;
1342 new_block->flags |= RAM_PREALLOC;
1344 return ram_block_add(new_block);
1347 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1349 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1352 void qemu_ram_free_from_ptr(ram_addr_t addr)
1356 /* This assumes the iothread lock is taken here too. */
1357 qemu_mutex_lock_ramlist();
1358 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1359 if (addr == block->offset) {
1360 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1361 ram_list.mru_block = NULL;
1367 qemu_mutex_unlock_ramlist();
1370 void qemu_ram_free(ram_addr_t addr)
1374 /* This assumes the iothread lock is taken here too. */
1375 qemu_mutex_lock_ramlist();
1376 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1377 if (addr == block->offset) {
1378 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1379 ram_list.mru_block = NULL;
1381 if (block->flags & RAM_PREALLOC) {
1383 } else if (xen_enabled()) {
1384 xen_invalidate_map_cache_entry(block->host);
1386 } else if (block->fd >= 0) {
1387 munmap(block->host, block->length);
1391 qemu_anon_ram_free(block->host, block->length);
1397 qemu_mutex_unlock_ramlist();
1402 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1409 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1410 offset = addr - block->offset;
1411 if (offset < block->length) {
1412 vaddr = block->host + offset;
1413 if (block->flags & RAM_PREALLOC) {
1415 } else if (xen_enabled()) {
1419 munmap(vaddr, length);
1420 if (block->fd >= 0) {
1421 flags |= (block->flags & RAM_SHARED ?
1422 MAP_SHARED : MAP_PRIVATE);
1423 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1424 flags, block->fd, offset);
1427 * Remap needs to match alloc. Accelerators that
1428 * set phys_mem_alloc never remap. If they did,
1429 * we'd need a remap hook here.
1431 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1433 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1434 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1437 if (area != vaddr) {
1438 fprintf(stderr, "Could not remap addr: "
1439 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1443 memory_try_enable_merging(vaddr, length);
1444 qemu_ram_setup_dump(vaddr, length);
1450 #endif /* !_WIN32 */
1452 int qemu_get_ram_fd(ram_addr_t addr)
1454 RAMBlock *block = qemu_get_ram_block(addr);
1459 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1460 With the exception of the softmmu code in this file, this should
1461 only be used for local memory (e.g. video ram) that the device owns,
1462 and knows it isn't going to access beyond the end of the block.
1464 It should not be used for general purpose DMA.
1465 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1467 void *qemu_get_ram_ptr(ram_addr_t addr)
1469 RAMBlock *block = qemu_get_ram_block(addr);
1471 if (xen_enabled()) {
1472 /* We need to check if the requested address is in the RAM
1473 * because we don't want to map the entire memory in QEMU.
1474 * In that case just map until the end of the page.
1476 if (block->offset == 0) {
1477 return xen_map_cache(addr, 0, 0);
1478 } else if (block->host == NULL) {
1480 xen_map_cache(block->offset, block->length, 1);
1483 return block->host + (addr - block->offset);
1486 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1487 * but takes a size argument */
1488 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1493 if (xen_enabled()) {
1494 return xen_map_cache(addr, *size, 1);
1498 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1499 if (addr - block->offset < block->length) {
1500 if (addr - block->offset + *size > block->length)
1501 *size = block->length - addr + block->offset;
1502 return block->host + (addr - block->offset);
1506 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1511 /* Some of the softmmu routines need to translate from a host pointer
1512 (typically a TLB entry) back to a ram offset. */
1513 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1516 uint8_t *host = ptr;
1518 if (xen_enabled()) {
1519 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1520 return qemu_get_ram_block(*ram_addr)->mr;
1523 block = ram_list.mru_block;
1524 if (block && block->host && host - block->host < block->length) {
1528 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1529 /* This case append when the block is not mapped. */
1530 if (block->host == NULL) {
1533 if (host - block->host < block->length) {
1541 *ram_addr = block->offset + (host - block->host);
1545 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1546 uint64_t val, unsigned size)
1548 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1549 tb_invalidate_phys_page_fast(ram_addr, size);
1553 stb_p(qemu_get_ram_ptr(ram_addr), val);
1556 stw_p(qemu_get_ram_ptr(ram_addr), val);
1559 stl_p(qemu_get_ram_ptr(ram_addr), val);
1564 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1565 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1566 /* we remove the notdirty callback only if the code has been
1568 if (!cpu_physical_memory_is_clean(ram_addr)) {
1569 CPUArchState *env = current_cpu->env_ptr;
1570 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1574 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1575 unsigned size, bool is_write)
1580 static const MemoryRegionOps notdirty_mem_ops = {
1581 .write = notdirty_mem_write,
1582 .valid.accepts = notdirty_mem_accepts,
1583 .endianness = DEVICE_NATIVE_ENDIAN,
1586 /* Generate a debug exception if a watchpoint has been hit. */
1587 static void check_watchpoint(int offset, int len_mask, int flags)
1589 CPUState *cpu = current_cpu;
1590 CPUArchState *env = cpu->env_ptr;
1591 target_ulong pc, cs_base;
1596 if (cpu->watchpoint_hit) {
1597 /* We re-entered the check after replacing the TB. Now raise
1598 * the debug interrupt so that is will trigger after the
1599 * current instruction. */
1600 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1603 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1604 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1605 if ((vaddr == (wp->vaddr & len_mask) ||
1606 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1607 wp->flags |= BP_WATCHPOINT_HIT;
1608 if (!cpu->watchpoint_hit) {
1609 cpu->watchpoint_hit = wp;
1610 tb_check_watchpoint(cpu);
1611 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1612 cpu->exception_index = EXCP_DEBUG;
1615 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1616 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1617 cpu_resume_from_signal(cpu, NULL);
1621 wp->flags &= ~BP_WATCHPOINT_HIT;
1626 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1627 so these check for a hit then pass through to the normal out-of-line
1629 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1632 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1634 case 1: return ldub_phys(&address_space_memory, addr);
1635 case 2: return lduw_phys(&address_space_memory, addr);
1636 case 4: return ldl_phys(&address_space_memory, addr);
1641 static void watch_mem_write(void *opaque, hwaddr addr,
1642 uint64_t val, unsigned size)
1644 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1647 stb_phys(&address_space_memory, addr, val);
1650 stw_phys(&address_space_memory, addr, val);
1653 stl_phys(&address_space_memory, addr, val);
1659 static const MemoryRegionOps watch_mem_ops = {
1660 .read = watch_mem_read,
1661 .write = watch_mem_write,
1662 .endianness = DEVICE_NATIVE_ENDIAN,
1665 static uint64_t subpage_read(void *opaque, hwaddr addr,
1668 subpage_t *subpage = opaque;
1671 #if defined(DEBUG_SUBPAGE)
1672 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1673 subpage, len, addr);
1675 address_space_read(subpage->as, addr + subpage->base, buf, len);
1688 static void subpage_write(void *opaque, hwaddr addr,
1689 uint64_t value, unsigned len)
1691 subpage_t *subpage = opaque;
1694 #if defined(DEBUG_SUBPAGE)
1695 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1696 " value %"PRIx64"\n",
1697 __func__, subpage, len, addr, value);
1712 address_space_write(subpage->as, addr + subpage->base, buf, len);
1715 static bool subpage_accepts(void *opaque, hwaddr addr,
1716 unsigned len, bool is_write)
1718 subpage_t *subpage = opaque;
1719 #if defined(DEBUG_SUBPAGE)
1720 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1721 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1724 return address_space_access_valid(subpage->as, addr + subpage->base,
1728 static const MemoryRegionOps subpage_ops = {
1729 .read = subpage_read,
1730 .write = subpage_write,
1731 .valid.accepts = subpage_accepts,
1732 .endianness = DEVICE_NATIVE_ENDIAN,
1735 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1740 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1742 idx = SUBPAGE_IDX(start);
1743 eidx = SUBPAGE_IDX(end);
1744 #if defined(DEBUG_SUBPAGE)
1745 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1746 __func__, mmio, start, end, idx, eidx, section);
1748 for (; idx <= eidx; idx++) {
1749 mmio->sub_section[idx] = section;
1755 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1759 mmio = g_malloc0(sizeof(subpage_t));
1763 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1764 "subpage", TARGET_PAGE_SIZE);
1765 mmio->iomem.subpage = true;
1766 #if defined(DEBUG_SUBPAGE)
1767 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1768 mmio, base, TARGET_PAGE_SIZE);
1770 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1775 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
1779 MemoryRegionSection section = {
1780 .address_space = as,
1782 .offset_within_address_space = 0,
1783 .offset_within_region = 0,
1784 .size = int128_2_64(),
1787 return phys_section_add(map, §ion);
1790 MemoryRegion *iotlb_to_region(AddressSpace *as, hwaddr index)
1792 return as->dispatch->map.sections[index & ~TARGET_PAGE_MASK].mr;
1795 static void io_mem_init(void)
1797 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1798 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1799 "unassigned", UINT64_MAX);
1800 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1801 "notdirty", UINT64_MAX);
1802 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1803 "watch", UINT64_MAX);
1806 static void mem_begin(MemoryListener *listener)
1808 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1809 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1812 n = dummy_section(&d->map, as, &io_mem_unassigned);
1813 assert(n == PHYS_SECTION_UNASSIGNED);
1814 n = dummy_section(&d->map, as, &io_mem_notdirty);
1815 assert(n == PHYS_SECTION_NOTDIRTY);
1816 n = dummy_section(&d->map, as, &io_mem_rom);
1817 assert(n == PHYS_SECTION_ROM);
1818 n = dummy_section(&d->map, as, &io_mem_watch);
1819 assert(n == PHYS_SECTION_WATCH);
1821 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1823 as->next_dispatch = d;
1826 static void mem_commit(MemoryListener *listener)
1828 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1829 AddressSpaceDispatch *cur = as->dispatch;
1830 AddressSpaceDispatch *next = as->next_dispatch;
1832 phys_page_compact_all(next, next->map.nodes_nb);
1834 as->dispatch = next;
1837 phys_sections_free(&cur->map);
1842 static void tcg_commit(MemoryListener *listener)
1846 /* since each CPU stores ram addresses in its TLB cache, we must
1847 reset the modified entries */
1850 /* FIXME: Disentangle the cpu.h circular files deps so we can
1851 directly get the right CPU from listener. */
1852 if (cpu->tcg_as_listener != listener) {
1859 static void core_log_global_start(MemoryListener *listener)
1861 cpu_physical_memory_set_dirty_tracking(true);
1864 static void core_log_global_stop(MemoryListener *listener)
1866 cpu_physical_memory_set_dirty_tracking(false);
1869 static MemoryListener core_memory_listener = {
1870 .log_global_start = core_log_global_start,
1871 .log_global_stop = core_log_global_stop,
1875 void address_space_init_dispatch(AddressSpace *as)
1877 as->dispatch = NULL;
1878 as->dispatch_listener = (MemoryListener) {
1880 .commit = mem_commit,
1881 .region_add = mem_add,
1882 .region_nop = mem_add,
1885 memory_listener_register(&as->dispatch_listener, as);
1888 void address_space_destroy_dispatch(AddressSpace *as)
1890 AddressSpaceDispatch *d = as->dispatch;
1892 memory_listener_unregister(&as->dispatch_listener);
1894 as->dispatch = NULL;
1897 static void memory_map_init(void)
1899 system_memory = g_malloc(sizeof(*system_memory));
1901 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1902 address_space_init(&address_space_memory, system_memory, "memory");
1904 system_io = g_malloc(sizeof(*system_io));
1905 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1907 address_space_init(&address_space_io, system_io, "I/O");
1909 memory_listener_register(&core_memory_listener, &address_space_memory);
1912 MemoryRegion *get_system_memory(void)
1914 return system_memory;
1917 MemoryRegion *get_system_io(void)
1922 #endif /* !defined(CONFIG_USER_ONLY) */
1924 /* physical memory access (slow version, mainly for debug) */
1925 #if defined(CONFIG_USER_ONLY)
1926 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1927 uint8_t *buf, int len, int is_write)
1934 page = addr & TARGET_PAGE_MASK;
1935 l = (page + TARGET_PAGE_SIZE) - addr;
1938 flags = page_get_flags(page);
1939 if (!(flags & PAGE_VALID))
1942 if (!(flags & PAGE_WRITE))
1944 /* XXX: this code should not depend on lock_user */
1945 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1948 unlock_user(p, addr, l);
1950 if (!(flags & PAGE_READ))
1952 /* XXX: this code should not depend on lock_user */
1953 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1956 unlock_user(p, addr, 0);
1967 static void invalidate_and_set_dirty(hwaddr addr,
1970 if (cpu_physical_memory_is_clean(addr)) {
1971 /* invalidate code */
1972 tb_invalidate_phys_page_range(addr, addr + length, 0);
1974 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1975 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1977 xen_modified_memory(addr, length);
1980 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1982 unsigned access_size_max = mr->ops->valid.max_access_size;
1984 /* Regions are assumed to support 1-4 byte accesses unless
1985 otherwise specified. */
1986 if (access_size_max == 0) {
1987 access_size_max = 4;
1990 /* Bound the maximum access by the alignment of the address. */
1991 if (!mr->ops->impl.unaligned) {
1992 unsigned align_size_max = addr & -addr;
1993 if (align_size_max != 0 && align_size_max < access_size_max) {
1994 access_size_max = align_size_max;
1998 /* Don't attempt accesses larger than the maximum. */
1999 if (l > access_size_max) {
2000 l = access_size_max;
2003 l = 1 << (qemu_fls(l) - 1);
2009 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
2010 int len, bool is_write)
2021 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2024 if (!memory_access_is_direct(mr, is_write)) {
2025 l = memory_access_size(mr, l, addr1);
2026 /* XXX: could force current_cpu to NULL to avoid
2030 /* 64 bit write access */
2032 error |= io_mem_write(mr, addr1, val, 8);
2035 /* 32 bit write access */
2037 error |= io_mem_write(mr, addr1, val, 4);
2040 /* 16 bit write access */
2042 error |= io_mem_write(mr, addr1, val, 2);
2045 /* 8 bit write access */
2047 error |= io_mem_write(mr, addr1, val, 1);
2053 addr1 += memory_region_get_ram_addr(mr);
2055 ptr = qemu_get_ram_ptr(addr1);
2056 memcpy(ptr, buf, l);
2057 invalidate_and_set_dirty(addr1, l);
2060 if (!memory_access_is_direct(mr, is_write)) {
2062 l = memory_access_size(mr, l, addr1);
2065 /* 64 bit read access */
2066 error |= io_mem_read(mr, addr1, &val, 8);
2070 /* 32 bit read access */
2071 error |= io_mem_read(mr, addr1, &val, 4);
2075 /* 16 bit read access */
2076 error |= io_mem_read(mr, addr1, &val, 2);
2080 /* 8 bit read access */
2081 error |= io_mem_read(mr, addr1, &val, 1);
2089 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2090 memcpy(buf, ptr, l);
2101 bool address_space_write(AddressSpace *as, hwaddr addr,
2102 const uint8_t *buf, int len)
2104 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2107 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2109 return address_space_rw(as, addr, buf, len, false);
2113 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2114 int len, int is_write)
2116 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2119 enum write_rom_type {
2124 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2125 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2134 mr = address_space_translate(as, addr, &addr1, &l, true);
2136 if (!(memory_region_is_ram(mr) ||
2137 memory_region_is_romd(mr))) {
2140 addr1 += memory_region_get_ram_addr(mr);
2142 ptr = qemu_get_ram_ptr(addr1);
2145 memcpy(ptr, buf, l);
2146 invalidate_and_set_dirty(addr1, l);
2149 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2159 /* used for ROM loading : can write in RAM and ROM */
2160 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2161 const uint8_t *buf, int len)
2163 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2166 void cpu_flush_icache_range(hwaddr start, int len)
2169 * This function should do the same thing as an icache flush that was
2170 * triggered from within the guest. For TCG we are always cache coherent,
2171 * so there is no need to flush anything. For KVM / Xen we need to flush
2172 * the host's instruction cache at least.
2174 if (tcg_enabled()) {
2178 cpu_physical_memory_write_rom_internal(&address_space_memory,
2179 start, NULL, len, FLUSH_CACHE);
2189 static BounceBuffer bounce;
2191 typedef struct MapClient {
2193 void (*callback)(void *opaque);
2194 QLIST_ENTRY(MapClient) link;
2197 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2198 = QLIST_HEAD_INITIALIZER(map_client_list);
2200 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2202 MapClient *client = g_malloc(sizeof(*client));
2204 client->opaque = opaque;
2205 client->callback = callback;
2206 QLIST_INSERT_HEAD(&map_client_list, client, link);
2210 static void cpu_unregister_map_client(void *_client)
2212 MapClient *client = (MapClient *)_client;
2214 QLIST_REMOVE(client, link);
2218 static void cpu_notify_map_clients(void)
2222 while (!QLIST_EMPTY(&map_client_list)) {
2223 client = QLIST_FIRST(&map_client_list);
2224 client->callback(client->opaque);
2225 cpu_unregister_map_client(client);
2229 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2236 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2237 if (!memory_access_is_direct(mr, is_write)) {
2238 l = memory_access_size(mr, l, addr);
2239 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2250 /* Map a physical memory region into a host virtual address.
2251 * May map a subset of the requested range, given by and returned in *plen.
2252 * May return NULL if resources needed to perform the mapping are exhausted.
2253 * Use only for reads OR writes - not for read-modify-write operations.
2254 * Use cpu_register_map_client() to know when retrying the map operation is
2255 * likely to succeed.
2257 void *address_space_map(AddressSpace *as,
2264 hwaddr l, xlat, base;
2265 MemoryRegion *mr, *this_mr;
2273 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2274 if (!memory_access_is_direct(mr, is_write)) {
2275 if (bounce.buffer) {
2278 /* Avoid unbounded allocations */
2279 l = MIN(l, TARGET_PAGE_SIZE);
2280 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2284 memory_region_ref(mr);
2287 address_space_read(as, addr, bounce.buffer, l);
2291 return bounce.buffer;
2295 raddr = memory_region_get_ram_addr(mr);
2306 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2307 if (this_mr != mr || xlat != base + done) {
2312 memory_region_ref(mr);
2314 return qemu_ram_ptr_length(raddr + base, plen);
2317 /* Unmaps a memory region previously mapped by address_space_map().
2318 * Will also mark the memory as dirty if is_write == 1. access_len gives
2319 * the amount of memory that was actually read or written by the caller.
2321 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2322 int is_write, hwaddr access_len)
2324 if (buffer != bounce.buffer) {
2328 mr = qemu_ram_addr_from_host(buffer, &addr1);
2331 while (access_len) {
2333 l = TARGET_PAGE_SIZE;
2336 invalidate_and_set_dirty(addr1, l);
2341 if (xen_enabled()) {
2342 xen_invalidate_map_cache_entry(buffer);
2344 memory_region_unref(mr);
2348 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2350 qemu_vfree(bounce.buffer);
2351 bounce.buffer = NULL;
2352 memory_region_unref(bounce.mr);
2353 cpu_notify_map_clients();
2356 void *cpu_physical_memory_map(hwaddr addr,
2360 return address_space_map(&address_space_memory, addr, plen, is_write);
2363 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2364 int is_write, hwaddr access_len)
2366 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2369 /* warning: addr must be aligned */
2370 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2371 enum device_endian endian)
2379 mr = address_space_translate(as, addr, &addr1, &l, false);
2380 if (l < 4 || !memory_access_is_direct(mr, false)) {
2382 io_mem_read(mr, addr1, &val, 4);
2383 #if defined(TARGET_WORDS_BIGENDIAN)
2384 if (endian == DEVICE_LITTLE_ENDIAN) {
2388 if (endian == DEVICE_BIG_ENDIAN) {
2394 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2398 case DEVICE_LITTLE_ENDIAN:
2399 val = ldl_le_p(ptr);
2401 case DEVICE_BIG_ENDIAN:
2402 val = ldl_be_p(ptr);
2412 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2414 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2417 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2419 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2422 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2424 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2427 /* warning: addr must be aligned */
2428 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2429 enum device_endian endian)
2437 mr = address_space_translate(as, addr, &addr1, &l,
2439 if (l < 8 || !memory_access_is_direct(mr, false)) {
2441 io_mem_read(mr, addr1, &val, 8);
2442 #if defined(TARGET_WORDS_BIGENDIAN)
2443 if (endian == DEVICE_LITTLE_ENDIAN) {
2447 if (endian == DEVICE_BIG_ENDIAN) {
2453 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2457 case DEVICE_LITTLE_ENDIAN:
2458 val = ldq_le_p(ptr);
2460 case DEVICE_BIG_ENDIAN:
2461 val = ldq_be_p(ptr);
2471 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2473 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2476 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2478 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2481 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2483 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2487 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2490 address_space_rw(as, addr, &val, 1, 0);
2494 /* warning: addr must be aligned */
2495 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2496 enum device_endian endian)
2504 mr = address_space_translate(as, addr, &addr1, &l,
2506 if (l < 2 || !memory_access_is_direct(mr, false)) {
2508 io_mem_read(mr, addr1, &val, 2);
2509 #if defined(TARGET_WORDS_BIGENDIAN)
2510 if (endian == DEVICE_LITTLE_ENDIAN) {
2514 if (endian == DEVICE_BIG_ENDIAN) {
2520 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2524 case DEVICE_LITTLE_ENDIAN:
2525 val = lduw_le_p(ptr);
2527 case DEVICE_BIG_ENDIAN:
2528 val = lduw_be_p(ptr);
2538 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2540 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2543 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2545 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2548 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2550 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2553 /* warning: addr must be aligned. The ram page is not masked as dirty
2554 and the code inside is not invalidated. It is useful if the dirty
2555 bits are used to track modified PTEs */
2556 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2563 mr = address_space_translate(as, addr, &addr1, &l,
2565 if (l < 4 || !memory_access_is_direct(mr, true)) {
2566 io_mem_write(mr, addr1, val, 4);
2568 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2569 ptr = qemu_get_ram_ptr(addr1);
2572 if (unlikely(in_migration)) {
2573 if (cpu_physical_memory_is_clean(addr1)) {
2574 /* invalidate code */
2575 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2577 cpu_physical_memory_set_dirty_flag(addr1,
2578 DIRTY_MEMORY_MIGRATION);
2579 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2585 /* warning: addr must be aligned */
2586 static inline void stl_phys_internal(AddressSpace *as,
2587 hwaddr addr, uint32_t val,
2588 enum device_endian endian)
2595 mr = address_space_translate(as, addr, &addr1, &l,
2597 if (l < 4 || !memory_access_is_direct(mr, true)) {
2598 #if defined(TARGET_WORDS_BIGENDIAN)
2599 if (endian == DEVICE_LITTLE_ENDIAN) {
2603 if (endian == DEVICE_BIG_ENDIAN) {
2607 io_mem_write(mr, addr1, val, 4);
2610 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2611 ptr = qemu_get_ram_ptr(addr1);
2613 case DEVICE_LITTLE_ENDIAN:
2616 case DEVICE_BIG_ENDIAN:
2623 invalidate_and_set_dirty(addr1, 4);
2627 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2629 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2632 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2634 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2637 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2639 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2643 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2646 address_space_rw(as, addr, &v, 1, 1);
2649 /* warning: addr must be aligned */
2650 static inline void stw_phys_internal(AddressSpace *as,
2651 hwaddr addr, uint32_t val,
2652 enum device_endian endian)
2659 mr = address_space_translate(as, addr, &addr1, &l, true);
2660 if (l < 2 || !memory_access_is_direct(mr, true)) {
2661 #if defined(TARGET_WORDS_BIGENDIAN)
2662 if (endian == DEVICE_LITTLE_ENDIAN) {
2666 if (endian == DEVICE_BIG_ENDIAN) {
2670 io_mem_write(mr, addr1, val, 2);
2673 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2674 ptr = qemu_get_ram_ptr(addr1);
2676 case DEVICE_LITTLE_ENDIAN:
2679 case DEVICE_BIG_ENDIAN:
2686 invalidate_and_set_dirty(addr1, 2);
2690 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2692 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2695 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2697 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2700 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2702 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2706 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2709 address_space_rw(as, addr, (void *) &val, 8, 1);
2712 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2714 val = cpu_to_le64(val);
2715 address_space_rw(as, addr, (void *) &val, 8, 1);
2718 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2720 val = cpu_to_be64(val);
2721 address_space_rw(as, addr, (void *) &val, 8, 1);
2724 /* virtual memory access for debug (includes writing to ROM) */
2725 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2726 uint8_t *buf, int len, int is_write)
2733 page = addr & TARGET_PAGE_MASK;
2734 phys_addr = cpu_get_phys_page_debug(cpu, page);
2735 /* if no physical page mapped, return an error */
2736 if (phys_addr == -1)
2738 l = (page + TARGET_PAGE_SIZE) - addr;
2741 phys_addr += (addr & ~TARGET_PAGE_MASK);
2743 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
2745 address_space_rw(cpu->as, phys_addr, buf, l, 0);
2755 #if !defined(CONFIG_USER_ONLY)
2758 * A helper function for the _utterly broken_ virtio device model to find out if
2759 * it's running on a big endian machine. Don't do this at home kids!
2761 bool virtio_is_big_endian(void);
2762 bool virtio_is_big_endian(void)
2764 #if defined(TARGET_WORDS_BIGENDIAN)
2773 #ifndef CONFIG_USER_ONLY
2774 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2779 mr = address_space_translate(&address_space_memory,
2780 phys_addr, &phys_addr, &l, false);
2782 return !(memory_region_is_ram(mr) ||
2783 memory_region_is_romd(mr));
2786 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2790 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2791 func(block->host, block->offset, block->length, opaque);
projects / lisovros / qemu_apohw.git / blob