4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include <sys/types.h>
25 #include "qemu-common.h"
30 #include "qemu/osdep.h"
31 #include "sysemu/kvm.h"
32 #include "sysemu/sysemu.h"
33 #include "hw/xen/xen.h"
34 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "exec/memory.h"
37 #include "sysemu/dma.h"
38 #include "exec/address-spaces.h"
39 #if defined(CONFIG_USER_ONLY)
41 #else /* !CONFIG_USER_ONLY */
42 #include "sysemu/xen-mapcache.h"
45 #include "exec/cpu-all.h"
47 #include "exec/cputlb.h"
48 #include "translate-all.h"
50 #include "exec/memory-internal.h"
51 #include "exec/ram_addr.h"
52 #include "qemu/cache-utils.h"
54 #include "qemu/range.h"
56 //#define DEBUG_SUBPAGE
58 #if !defined(CONFIG_USER_ONLY)
59 static bool in_migration;
61 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
63 static MemoryRegion *system_memory;
64 static MemoryRegion *system_io;
66 AddressSpace address_space_io;
67 AddressSpace address_space_memory;
69 MemoryRegion io_mem_rom, io_mem_notdirty;
70 static MemoryRegion io_mem_unassigned;
74 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
75 /* current CPU in the current thread. It is only valid inside
77 DEFINE_TLS(CPUState *, current_cpu);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
83 #if !defined(CONFIG_USER_ONLY)
85 typedef struct PhysPageEntry PhysPageEntry;
87 struct PhysPageEntry {
88 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
90 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
94 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
96 /* Size of the L2 (and L3, etc) page tables. */
97 #define ADDR_SPACE_BITS 64
100 #define P_L2_SIZE (1 << P_L2_BITS)
102 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
104 typedef PhysPageEntry Node[P_L2_SIZE];
106 typedef struct PhysPageMap {
107 unsigned sections_nb;
108 unsigned sections_nb_alloc;
110 unsigned nodes_nb_alloc;
112 MemoryRegionSection *sections;
115 struct AddressSpaceDispatch {
116 /* This is a multi-level map on the physical address space.
117 * The bottom level has pointers to MemoryRegionSections.
119 PhysPageEntry phys_map;
124 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
125 typedef struct subpage_t {
129 uint16_t sub_section[TARGET_PAGE_SIZE];
132 #define PHYS_SECTION_UNASSIGNED 0
133 #define PHYS_SECTION_NOTDIRTY 1
134 #define PHYS_SECTION_ROM 2
135 #define PHYS_SECTION_WATCH 3
137 static void io_mem_init(void);
138 static void memory_map_init(void);
139 static void tcg_commit(MemoryListener *listener);
141 static MemoryRegion io_mem_watch;
144 #if !defined(CONFIG_USER_ONLY)
146 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
148 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
149 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
151 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
155 static uint32_t phys_map_node_alloc(PhysPageMap *map)
160 ret = map->nodes_nb++;
161 assert(ret != PHYS_MAP_NODE_NIL);
162 assert(ret != map->nodes_nb_alloc);
163 for (i = 0; i < P_L2_SIZE; ++i) {
164 map->nodes[ret][i].skip = 1;
165 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
170 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
171 hwaddr *index, hwaddr *nb, uint16_t leaf,
176 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
178 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
179 lp->ptr = phys_map_node_alloc(map);
180 p = map->nodes[lp->ptr];
182 for (i = 0; i < P_L2_SIZE; i++) {
184 p[i].ptr = PHYS_SECTION_UNASSIGNED;
188 p = map->nodes[lp->ptr];
190 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
192 while (*nb && lp < &p[P_L2_SIZE]) {
193 if ((*index & (step - 1)) == 0 && *nb >= step) {
199 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
205 static void phys_page_set(AddressSpaceDispatch *d,
206 hwaddr index, hwaddr nb,
209 /* Wildly overreserve - it doesn't matter much. */
210 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
212 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
215 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
216 * and update our entry so we can skip it and go directly to the destination.
218 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220 unsigned valid_ptr = P_L2_SIZE;
225 if (lp->ptr == PHYS_MAP_NODE_NIL) {
230 for (i = 0; i < P_L2_SIZE; i++) {
231 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
238 phys_page_compact(&p[i], nodes, compacted);
242 /* We can only compress if there's only one child. */
247 assert(valid_ptr < P_L2_SIZE);
249 /* Don't compress if it won't fit in the # of bits we have. */
250 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
254 lp->ptr = p[valid_ptr].ptr;
255 if (!p[valid_ptr].skip) {
256 /* If our only child is a leaf, make this a leaf. */
257 /* By design, we should have made this node a leaf to begin with so we
258 * should never reach here.
259 * But since it's so simple to handle this, let's do it just in case we
264 lp->skip += p[valid_ptr].skip;
268 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270 DECLARE_BITMAP(compacted, nodes_nb);
272 if (d->phys_map.skip) {
273 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
277 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
278 Node *nodes, MemoryRegionSection *sections)
281 hwaddr index = addr >> TARGET_PAGE_BITS;
284 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
285 if (lp.ptr == PHYS_MAP_NODE_NIL) {
286 return §ions[PHYS_SECTION_UNASSIGNED];
289 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
292 if (sections[lp.ptr].size.hi ||
293 range_covers_byte(sections[lp.ptr].offset_within_address_space,
294 sections[lp.ptr].size.lo, addr)) {
295 return §ions[lp.ptr];
297 return §ions[PHYS_SECTION_UNASSIGNED];
301 bool memory_region_is_unassigned(MemoryRegion *mr)
303 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
304 && mr != &io_mem_watch;
307 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
309 bool resolve_subpage)
311 MemoryRegionSection *section;
314 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
315 if (resolve_subpage && section->mr->subpage) {
316 subpage = container_of(section->mr, subpage_t, iomem);
317 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
322 static MemoryRegionSection *
323 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
324 hwaddr *plen, bool resolve_subpage)
326 MemoryRegionSection *section;
329 section = address_space_lookup_region(d, addr, resolve_subpage);
330 /* Compute offset within MemoryRegionSection */
331 addr -= section->offset_within_address_space;
333 /* Compute offset within MemoryRegion */
334 *xlat = addr + section->offset_within_region;
336 diff = int128_sub(section->mr->size, int128_make64(addr));
337 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
341 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
343 if (memory_region_is_ram(mr)) {
344 return !(is_write && mr->readonly);
346 if (memory_region_is_romd(mr)) {
353 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
354 hwaddr *xlat, hwaddr *plen,
358 MemoryRegionSection *section;
363 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
366 if (!mr->iommu_ops) {
370 iotlb = mr->iommu_ops->translate(mr, addr);
371 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
372 | (addr & iotlb.addr_mask));
373 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
374 if (!(iotlb.perm & (1 << is_write))) {
375 mr = &io_mem_unassigned;
379 as = iotlb.target_as;
382 if (memory_access_is_direct(mr, is_write)) {
383 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
384 len = MIN(page, len);
392 MemoryRegionSection *
393 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
396 MemoryRegionSection *section;
397 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
399 assert(!section->mr->iommu_ops);
404 void cpu_exec_init_all(void)
406 #if !defined(CONFIG_USER_ONLY)
407 qemu_mutex_init(&ram_list.mutex);
413 #if !defined(CONFIG_USER_ONLY)
415 static int cpu_common_post_load(void *opaque, int version_id)
417 CPUState *cpu = opaque;
419 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
420 version_id is increased. */
421 cpu->interrupt_request &= ~0x01;
422 tlb_flush(cpu->env_ptr, 1);
427 const VMStateDescription vmstate_cpu_common = {
428 .name = "cpu_common",
430 .minimum_version_id = 1,
431 .minimum_version_id_old = 1,
432 .post_load = cpu_common_post_load,
433 .fields = (VMStateField []) {
434 VMSTATE_UINT32(halted, CPUState),
435 VMSTATE_UINT32(interrupt_request, CPUState),
436 VMSTATE_END_OF_LIST()
442 CPUState *qemu_get_cpu(int index)
447 if (cpu->cpu_index == index) {
455 #if !defined(CONFIG_USER_ONLY)
456 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
458 /* We only support one address space per cpu at the moment. */
459 assert(cpu->as == as);
461 if (cpu->tcg_as_listener) {
462 memory_listener_unregister(cpu->tcg_as_listener);
464 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
466 cpu->tcg_as_listener->commit = tcg_commit;
467 memory_listener_register(cpu->tcg_as_listener, as);
471 void cpu_exec_init(CPUArchState *env)
473 CPUState *cpu = ENV_GET_CPU(env);
474 CPUClass *cc = CPU_GET_CLASS(cpu);
478 #if defined(CONFIG_USER_ONLY)
482 CPU_FOREACH(some_cpu) {
485 cpu->cpu_index = cpu_index;
487 QTAILQ_INIT(&env->breakpoints);
488 QTAILQ_INIT(&env->watchpoints);
489 #ifndef CONFIG_USER_ONLY
490 cpu->as = &address_space_memory;
491 cpu->thread_id = qemu_get_thread_id();
493 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
494 #if defined(CONFIG_USER_ONLY)
497 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
498 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
500 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
501 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
502 cpu_save, cpu_load, env);
503 assert(cc->vmsd == NULL);
504 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
506 if (cc->vmsd != NULL) {
507 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
511 #if defined(TARGET_HAS_ICE)
512 #if defined(CONFIG_USER_ONLY)
513 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
515 tb_invalidate_phys_page_range(pc, pc + 1, 0);
518 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
520 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
522 tb_invalidate_phys_addr(cpu->as,
523 phys | (pc & ~TARGET_PAGE_MASK));
527 #endif /* TARGET_HAS_ICE */
529 #if defined(CONFIG_USER_ONLY)
530 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
535 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
536 int flags, CPUWatchpoint **watchpoint)
541 /* Add a watchpoint. */
542 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
543 int flags, CPUWatchpoint **watchpoint)
545 target_ulong len_mask = ~(len - 1);
548 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
549 if ((len & (len - 1)) || (addr & ~len_mask) ||
550 len == 0 || len > TARGET_PAGE_SIZE) {
551 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
552 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
555 wp = g_malloc(sizeof(*wp));
558 wp->len_mask = len_mask;
561 /* keep all GDB-injected watchpoints in front */
563 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
565 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
567 tlb_flush_page(env, addr);
574 /* Remove a specific watchpoint. */
575 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
578 target_ulong len_mask = ~(len - 1);
581 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
582 if (addr == wp->vaddr && len_mask == wp->len_mask
583 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
584 cpu_watchpoint_remove_by_ref(env, wp);
591 /* Remove a specific watchpoint by reference. */
592 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
594 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
596 tlb_flush_page(env, watchpoint->vaddr);
601 /* Remove all matching watchpoints. */
602 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
604 CPUWatchpoint *wp, *next;
606 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
607 if (wp->flags & mask)
608 cpu_watchpoint_remove_by_ref(env, wp);
613 /* Add a breakpoint. */
614 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
615 CPUBreakpoint **breakpoint)
617 #if defined(TARGET_HAS_ICE)
620 bp = g_malloc(sizeof(*bp));
625 /* keep all GDB-injected breakpoints in front */
626 if (flags & BP_GDB) {
627 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
629 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
632 breakpoint_invalidate(ENV_GET_CPU(env), pc);
643 /* Remove a specific breakpoint. */
644 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
646 #if defined(TARGET_HAS_ICE)
649 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
650 if (bp->pc == pc && bp->flags == flags) {
651 cpu_breakpoint_remove_by_ref(env, bp);
661 /* Remove a specific breakpoint by reference. */
662 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
664 #if defined(TARGET_HAS_ICE)
665 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
667 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
673 /* Remove all matching breakpoints. */
674 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
676 #if defined(TARGET_HAS_ICE)
677 CPUBreakpoint *bp, *next;
679 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
680 if (bp->flags & mask)
681 cpu_breakpoint_remove_by_ref(env, bp);
686 /* enable or disable single step mode. EXCP_DEBUG is returned by the
687 CPU loop after each instruction */
688 void cpu_single_step(CPUState *cpu, int enabled)
690 #if defined(TARGET_HAS_ICE)
691 if (cpu->singlestep_enabled != enabled) {
692 cpu->singlestep_enabled = enabled;
694 kvm_update_guest_debug(cpu, 0);
696 /* must flush all the translated code to avoid inconsistencies */
697 /* XXX: only flush what is necessary */
698 CPUArchState *env = cpu->env_ptr;
705 void cpu_abort(CPUArchState *env, const char *fmt, ...)
707 CPUState *cpu = ENV_GET_CPU(env);
713 fprintf(stderr, "qemu: fatal: ");
714 vfprintf(stderr, fmt, ap);
715 fprintf(stderr, "\n");
716 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
717 if (qemu_log_enabled()) {
718 qemu_log("qemu: fatal: ");
719 qemu_log_vprintf(fmt, ap2);
721 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
727 #if defined(CONFIG_USER_ONLY)
729 struct sigaction act;
730 sigfillset(&act.sa_mask);
731 act.sa_handler = SIG_DFL;
732 sigaction(SIGABRT, &act, NULL);
738 #if !defined(CONFIG_USER_ONLY)
739 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
743 /* The list is protected by the iothread lock here. */
744 block = ram_list.mru_block;
745 if (block && addr - block->offset < block->length) {
748 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
749 if (addr - block->offset < block->length) {
754 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
758 ram_list.mru_block = block;
762 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
768 end = TARGET_PAGE_ALIGN(start + length);
769 start &= TARGET_PAGE_MASK;
771 block = qemu_get_ram_block(start);
772 assert(block == qemu_get_ram_block(end - 1));
773 start1 = (uintptr_t)block->host + (start - block->offset);
774 cpu_tlb_reset_dirty_all(start1, length);
777 /* Note: start and end must be within the same ram block. */
778 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
783 cpu_physical_memory_clear_dirty_range(start, length, client);
786 tlb_reset_dirty_range_all(start, length);
790 static void cpu_physical_memory_set_dirty_tracking(bool enable)
792 in_migration = enable;
795 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
796 MemoryRegionSection *section,
798 hwaddr paddr, hwaddr xlat,
800 target_ulong *address)
805 if (memory_region_is_ram(section->mr)) {
807 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
809 if (!section->readonly) {
810 iotlb |= PHYS_SECTION_NOTDIRTY;
812 iotlb |= PHYS_SECTION_ROM;
815 iotlb = section - section->address_space->dispatch->map.sections;
819 /* Make accesses to pages with watchpoints go via the
820 watchpoint trap routines. */
821 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
822 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
823 /* Avoid trapping reads of pages with a write breakpoint. */
824 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
825 iotlb = PHYS_SECTION_WATCH + paddr;
826 *address |= TLB_MMIO;
834 #endif /* defined(CONFIG_USER_ONLY) */
836 #if !defined(CONFIG_USER_ONLY)
838 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
840 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
842 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
845 * Set a custom physical guest memory alloator.
846 * Accelerators with unusual needs may need this. Hopefully, we can
847 * get rid of it eventually.
849 void phys_mem_set_alloc(void *(*alloc)(size_t))
851 phys_mem_alloc = alloc;
854 static uint16_t phys_section_add(PhysPageMap *map,
855 MemoryRegionSection *section)
857 /* The physical section number is ORed with a page-aligned
858 * pointer to produce the iotlb entries. Thus it should
859 * never overflow into the page-aligned value.
861 assert(map->sections_nb < TARGET_PAGE_SIZE);
863 if (map->sections_nb == map->sections_nb_alloc) {
864 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
865 map->sections = g_renew(MemoryRegionSection, map->sections,
866 map->sections_nb_alloc);
868 map->sections[map->sections_nb] = *section;
869 memory_region_ref(section->mr);
870 return map->sections_nb++;
873 static void phys_section_destroy(MemoryRegion *mr)
875 memory_region_unref(mr);
878 subpage_t *subpage = container_of(mr, subpage_t, iomem);
879 memory_region_destroy(&subpage->iomem);
884 static void phys_sections_free(PhysPageMap *map)
886 while (map->sections_nb > 0) {
887 MemoryRegionSection *section = &map->sections[--map->sections_nb];
888 phys_section_destroy(section->mr);
890 g_free(map->sections);
894 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
897 hwaddr base = section->offset_within_address_space
899 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
900 d->map.nodes, d->map.sections);
901 MemoryRegionSection subsection = {
902 .offset_within_address_space = base,
903 .size = int128_make64(TARGET_PAGE_SIZE),
907 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
909 if (!(existing->mr->subpage)) {
910 subpage = subpage_init(d->as, base);
911 subsection.address_space = d->as;
912 subsection.mr = &subpage->iomem;
913 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
914 phys_section_add(&d->map, &subsection));
916 subpage = container_of(existing->mr, subpage_t, iomem);
918 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
919 end = start + int128_get64(section->size) - 1;
920 subpage_register(subpage, start, end,
921 phys_section_add(&d->map, section));
925 static void register_multipage(AddressSpaceDispatch *d,
926 MemoryRegionSection *section)
928 hwaddr start_addr = section->offset_within_address_space;
929 uint16_t section_index = phys_section_add(&d->map, section);
930 uint64_t num_pages = int128_get64(int128_rshift(section->size,
934 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
937 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
939 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
940 AddressSpaceDispatch *d = as->next_dispatch;
941 MemoryRegionSection now = *section, remain = *section;
942 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
944 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
945 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
946 - now.offset_within_address_space;
948 now.size = int128_min(int128_make64(left), now.size);
949 register_subpage(d, &now);
951 now.size = int128_zero();
953 while (int128_ne(remain.size, now.size)) {
954 remain.size = int128_sub(remain.size, now.size);
955 remain.offset_within_address_space += int128_get64(now.size);
956 remain.offset_within_region += int128_get64(now.size);
958 if (int128_lt(remain.size, page_size)) {
959 register_subpage(d, &now);
960 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
961 now.size = page_size;
962 register_subpage(d, &now);
964 now.size = int128_and(now.size, int128_neg(page_size));
965 register_multipage(d, &now);
970 void qemu_flush_coalesced_mmio_buffer(void)
973 kvm_flush_coalesced_mmio_buffer();
976 void qemu_mutex_lock_ramlist(void)
978 qemu_mutex_lock(&ram_list.mutex);
981 void qemu_mutex_unlock_ramlist(void)
983 qemu_mutex_unlock(&ram_list.mutex);
990 #define HUGETLBFS_MAGIC 0x958458f6
992 static long gethugepagesize(const char *path)
998 ret = statfs(path, &fs);
999 } while (ret != 0 && errno == EINTR);
1006 if (fs.f_type != HUGETLBFS_MAGIC)
1007 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1012 static sigjmp_buf sigjump;
1014 static void sigbus_handler(int signal)
1016 siglongjmp(sigjump, 1);
1019 static void *file_ram_alloc(RAMBlock *block,
1024 char *sanitized_name;
1028 unsigned long hpagesize;
1030 hpagesize = gethugepagesize(path);
1035 if (memory < hpagesize) {
1039 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1040 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1044 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1045 sanitized_name = g_strdup(block->mr->name);
1046 for (c = sanitized_name; *c != '\0'; c++) {
1051 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1053 g_free(sanitized_name);
1055 fd = mkstemp(filename);
1057 perror("unable to create backing store for hugepages");
1064 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1067 * ftruncate is not supported by hugetlbfs in older
1068 * hosts, so don't bother bailing out on errors.
1069 * If anything goes wrong with it under other filesystems,
1072 if (ftruncate(fd, memory))
1073 perror("ftruncate");
1075 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1076 if (area == MAP_FAILED) {
1077 perror("file_ram_alloc: can't mmap RAM pages");
1084 struct sigaction act, oldact;
1085 sigset_t set, oldset;
1087 memset(&act, 0, sizeof(act));
1088 act.sa_handler = &sigbus_handler;
1091 ret = sigaction(SIGBUS, &act, &oldact);
1093 perror("file_ram_alloc: failed to install signal handler");
1097 /* unblock SIGBUS */
1099 sigaddset(&set, SIGBUS);
1100 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
1102 if (sigsetjmp(sigjump, 1)) {
1103 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
1107 /* MAP_POPULATE silently ignores failures */
1108 for (i = 0; i < (memory/hpagesize); i++) {
1109 memset(area + (hpagesize*i), 0, 1);
1112 ret = sigaction(SIGBUS, &oldact, NULL);
1114 perror("file_ram_alloc: failed to reinstall signal handler");
1118 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
1131 static void *file_ram_alloc(RAMBlock *block,
1135 fprintf(stderr, "-mem-path not supported on this host\n");
1140 static ram_addr_t find_ram_offset(ram_addr_t size)
1142 RAMBlock *block, *next_block;
1143 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1145 assert(size != 0); /* it would hand out same offset multiple times */
1147 if (QTAILQ_EMPTY(&ram_list.blocks))
1150 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1151 ram_addr_t end, next = RAM_ADDR_MAX;
1153 end = block->offset + block->length;
1155 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1156 if (next_block->offset >= end) {
1157 next = MIN(next, next_block->offset);
1160 if (next - end >= size && next - end < mingap) {
1162 mingap = next - end;
1166 if (offset == RAM_ADDR_MAX) {
1167 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1175 ram_addr_t last_ram_offset(void)
1178 ram_addr_t last = 0;
1180 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1181 last = MAX(last, block->offset + block->length);
1186 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1190 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1191 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1192 "dump-guest-core", true)) {
1193 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1195 perror("qemu_madvise");
1196 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1197 "but dump_guest_core=off specified\n");
1202 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1204 RAMBlock *new_block, *block;
1207 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1208 if (block->offset == addr) {
1214 assert(!new_block->idstr[0]);
1217 char *id = qdev_get_dev_path(dev);
1219 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1223 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1225 /* This assumes the iothread lock is taken here too. */
1226 qemu_mutex_lock_ramlist();
1227 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1228 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1229 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1234 qemu_mutex_unlock_ramlist();
1237 static int memory_try_enable_merging(void *addr, size_t len)
1239 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1240 /* disabled by the user */
1244 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1247 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1250 RAMBlock *block, *new_block;
1251 ram_addr_t old_ram_size, new_ram_size;
1253 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1255 size = TARGET_PAGE_ALIGN(size);
1256 new_block = g_malloc0(sizeof(*new_block));
1259 /* This assumes the iothread lock is taken here too. */
1260 qemu_mutex_lock_ramlist();
1262 new_block->offset = find_ram_offset(size);
1264 new_block->host = host;
1265 new_block->flags |= RAM_PREALLOC_MASK;
1266 } else if (xen_enabled()) {
1268 fprintf(stderr, "-mem-path not supported with Xen\n");
1271 xen_ram_alloc(new_block->offset, size, mr);
1274 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1276 * file_ram_alloc() needs to allocate just like
1277 * phys_mem_alloc, but we haven't bothered to provide
1281 "-mem-path not supported with this accelerator\n");
1284 new_block->host = file_ram_alloc(new_block, size, mem_path);
1286 if (!new_block->host) {
1287 new_block->host = phys_mem_alloc(size);
1288 if (!new_block->host) {
1289 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1290 new_block->mr->name, strerror(errno));
1293 memory_try_enable_merging(new_block->host, size);
1296 new_block->length = size;
1298 /* Keep the list sorted from biggest to smallest block. */
1299 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1300 if (block->length < new_block->length) {
1305 QTAILQ_INSERT_BEFORE(block, new_block, next);
1307 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1309 ram_list.mru_block = NULL;
1312 qemu_mutex_unlock_ramlist();
1314 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1316 if (new_ram_size > old_ram_size) {
1318 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1319 ram_list.dirty_memory[i] =
1320 bitmap_zero_extend(ram_list.dirty_memory[i],
1321 old_ram_size, new_ram_size);
1324 cpu_physical_memory_set_dirty_range(new_block->offset, size);
1326 qemu_ram_setup_dump(new_block->host, size);
1327 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1328 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1331 kvm_setup_guest_memory(new_block->host, size);
1333 return new_block->offset;
1336 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1338 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1341 void qemu_ram_free_from_ptr(ram_addr_t addr)
1345 /* This assumes the iothread lock is taken here too. */
1346 qemu_mutex_lock_ramlist();
1347 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1348 if (addr == block->offset) {
1349 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1350 ram_list.mru_block = NULL;
1356 qemu_mutex_unlock_ramlist();
1359 void qemu_ram_free(ram_addr_t addr)
1363 /* This assumes the iothread lock is taken here too. */
1364 qemu_mutex_lock_ramlist();
1365 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1366 if (addr == block->offset) {
1367 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1368 ram_list.mru_block = NULL;
1370 if (block->flags & RAM_PREALLOC_MASK) {
1372 } else if (xen_enabled()) {
1373 xen_invalidate_map_cache_entry(block->host);
1375 } else if (block->fd >= 0) {
1376 munmap(block->host, block->length);
1380 qemu_anon_ram_free(block->host, block->length);
1386 qemu_mutex_unlock_ramlist();
1391 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1398 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1399 offset = addr - block->offset;
1400 if (offset < block->length) {
1401 vaddr = block->host + offset;
1402 if (block->flags & RAM_PREALLOC_MASK) {
1404 } else if (xen_enabled()) {
1408 munmap(vaddr, length);
1409 if (block->fd >= 0) {
1411 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1414 flags |= MAP_PRIVATE;
1416 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1417 flags, block->fd, offset);
1420 * Remap needs to match alloc. Accelerators that
1421 * set phys_mem_alloc never remap. If they did,
1422 * we'd need a remap hook here.
1424 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1426 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1427 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1430 if (area != vaddr) {
1431 fprintf(stderr, "Could not remap addr: "
1432 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1436 memory_try_enable_merging(vaddr, length);
1437 qemu_ram_setup_dump(vaddr, length);
1443 #endif /* !_WIN32 */
1445 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1446 With the exception of the softmmu code in this file, this should
1447 only be used for local memory (e.g. video ram) that the device owns,
1448 and knows it isn't going to access beyond the end of the block.
1450 It should not be used for general purpose DMA.
1451 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1453 void *qemu_get_ram_ptr(ram_addr_t addr)
1455 RAMBlock *block = qemu_get_ram_block(addr);
1457 if (xen_enabled()) {
1458 /* We need to check if the requested address is in the RAM
1459 * because we don't want to map the entire memory in QEMU.
1460 * In that case just map until the end of the page.
1462 if (block->offset == 0) {
1463 return xen_map_cache(addr, 0, 0);
1464 } else if (block->host == NULL) {
1466 xen_map_cache(block->offset, block->length, 1);
1469 return block->host + (addr - block->offset);
1472 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1473 * but takes a size argument */
1474 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1479 if (xen_enabled()) {
1480 return xen_map_cache(addr, *size, 1);
1484 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1485 if (addr - block->offset < block->length) {
1486 if (addr - block->offset + *size > block->length)
1487 *size = block->length - addr + block->offset;
1488 return block->host + (addr - block->offset);
1492 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1497 /* Some of the softmmu routines need to translate from a host pointer
1498 (typically a TLB entry) back to a ram offset. */
1499 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1502 uint8_t *host = ptr;
1504 if (xen_enabled()) {
1505 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1506 return qemu_get_ram_block(*ram_addr)->mr;
1509 block = ram_list.mru_block;
1510 if (block && block->host && host - block->host < block->length) {
1514 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1515 /* This case append when the block is not mapped. */
1516 if (block->host == NULL) {
1519 if (host - block->host < block->length) {
1527 *ram_addr = block->offset + (host - block->host);
1531 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1532 uint64_t val, unsigned size)
1534 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1535 tb_invalidate_phys_page_fast(ram_addr, size);
1539 stb_p(qemu_get_ram_ptr(ram_addr), val);
1542 stw_p(qemu_get_ram_ptr(ram_addr), val);
1545 stl_p(qemu_get_ram_ptr(ram_addr), val);
1550 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1551 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1552 /* we remove the notdirty callback only if the code has been
1554 if (!cpu_physical_memory_is_clean(ram_addr)) {
1555 CPUArchState *env = current_cpu->env_ptr;
1556 tlb_set_dirty(env, env->mem_io_vaddr);
1560 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1561 unsigned size, bool is_write)
1566 static const MemoryRegionOps notdirty_mem_ops = {
1567 .write = notdirty_mem_write,
1568 .valid.accepts = notdirty_mem_accepts,
1569 .endianness = DEVICE_NATIVE_ENDIAN,
1572 /* Generate a debug exception if a watchpoint has been hit. */
1573 static void check_watchpoint(int offset, int len_mask, int flags)
1575 CPUArchState *env = current_cpu->env_ptr;
1576 target_ulong pc, cs_base;
1581 if (env->watchpoint_hit) {
1582 /* We re-entered the check after replacing the TB. Now raise
1583 * the debug interrupt so that is will trigger after the
1584 * current instruction. */
1585 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1588 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1589 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1590 if ((vaddr == (wp->vaddr & len_mask) ||
1591 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1592 wp->flags |= BP_WATCHPOINT_HIT;
1593 if (!env->watchpoint_hit) {
1594 env->watchpoint_hit = wp;
1595 tb_check_watchpoint(env);
1596 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1597 env->exception_index = EXCP_DEBUG;
1600 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1601 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1602 cpu_resume_from_signal(env, NULL);
1606 wp->flags &= ~BP_WATCHPOINT_HIT;
1611 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1612 so these check for a hit then pass through to the normal out-of-line
1614 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1617 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1619 case 1: return ldub_phys(&address_space_memory, addr);
1620 case 2: return lduw_phys(&address_space_memory, addr);
1621 case 4: return ldl_phys(&address_space_memory, addr);
1626 static void watch_mem_write(void *opaque, hwaddr addr,
1627 uint64_t val, unsigned size)
1629 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1632 stb_phys(&address_space_memory, addr, val);
1635 stw_phys(&address_space_memory, addr, val);
1638 stl_phys(&address_space_memory, addr, val);
1644 static const MemoryRegionOps watch_mem_ops = {
1645 .read = watch_mem_read,
1646 .write = watch_mem_write,
1647 .endianness = DEVICE_NATIVE_ENDIAN,
1650 static uint64_t subpage_read(void *opaque, hwaddr addr,
1653 subpage_t *subpage = opaque;
1656 #if defined(DEBUG_SUBPAGE)
1657 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1658 subpage, len, addr);
1660 address_space_read(subpage->as, addr + subpage->base, buf, len);
1673 static void subpage_write(void *opaque, hwaddr addr,
1674 uint64_t value, unsigned len)
1676 subpage_t *subpage = opaque;
1679 #if defined(DEBUG_SUBPAGE)
1680 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1681 " value %"PRIx64"\n",
1682 __func__, subpage, len, addr, value);
1697 address_space_write(subpage->as, addr + subpage->base, buf, len);
1700 static bool subpage_accepts(void *opaque, hwaddr addr,
1701 unsigned len, bool is_write)
1703 subpage_t *subpage = opaque;
1704 #if defined(DEBUG_SUBPAGE)
1705 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1706 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1709 return address_space_access_valid(subpage->as, addr + subpage->base,
1713 static const MemoryRegionOps subpage_ops = {
1714 .read = subpage_read,
1715 .write = subpage_write,
1716 .valid.accepts = subpage_accepts,
1717 .endianness = DEVICE_NATIVE_ENDIAN,
1720 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1725 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1727 idx = SUBPAGE_IDX(start);
1728 eidx = SUBPAGE_IDX(end);
1729 #if defined(DEBUG_SUBPAGE)
1730 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1731 __func__, mmio, start, end, idx, eidx, section);
1733 for (; idx <= eidx; idx++) {
1734 mmio->sub_section[idx] = section;
1740 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1744 mmio = g_malloc0(sizeof(subpage_t));
1748 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1749 "subpage", TARGET_PAGE_SIZE);
1750 mmio->iomem.subpage = true;
1751 #if defined(DEBUG_SUBPAGE)
1752 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1753 mmio, base, TARGET_PAGE_SIZE);
1755 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1760 static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr)
1762 MemoryRegionSection section = {
1763 .address_space = &address_space_memory,
1765 .offset_within_address_space = 0,
1766 .offset_within_region = 0,
1767 .size = int128_2_64(),
1770 return phys_section_add(map, §ion);
1773 MemoryRegion *iotlb_to_region(AddressSpace *as, hwaddr index)
1775 return as->dispatch->map.sections[index & ~TARGET_PAGE_MASK].mr;
1778 static void io_mem_init(void)
1780 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1781 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1782 "unassigned", UINT64_MAX);
1783 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
1784 "notdirty", UINT64_MAX);
1785 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1786 "watch", UINT64_MAX);
1789 static void mem_begin(MemoryListener *listener)
1791 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1792 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1795 n = dummy_section(&d->map, &io_mem_unassigned);
1796 assert(n == PHYS_SECTION_UNASSIGNED);
1797 n = dummy_section(&d->map, &io_mem_notdirty);
1798 assert(n == PHYS_SECTION_NOTDIRTY);
1799 n = dummy_section(&d->map, &io_mem_rom);
1800 assert(n == PHYS_SECTION_ROM);
1801 n = dummy_section(&d->map, &io_mem_watch);
1802 assert(n == PHYS_SECTION_WATCH);
1804 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1806 as->next_dispatch = d;
1809 static void mem_commit(MemoryListener *listener)
1811 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1812 AddressSpaceDispatch *cur = as->dispatch;
1813 AddressSpaceDispatch *next = as->next_dispatch;
1815 phys_page_compact_all(next, next->map.nodes_nb);
1817 as->dispatch = next;
1820 phys_sections_free(&cur->map);
1825 static void tcg_commit(MemoryListener *listener)
1829 /* since each CPU stores ram addresses in its TLB cache, we must
1830 reset the modified entries */
1833 CPUArchState *env = cpu->env_ptr;
1835 /* FIXME: Disentangle the cpu.h circular files deps so we can
1836 directly get the right CPU from listener. */
1837 if (cpu->tcg_as_listener != listener) {
1844 static void core_log_global_start(MemoryListener *listener)
1846 cpu_physical_memory_set_dirty_tracking(true);
1849 static void core_log_global_stop(MemoryListener *listener)
1851 cpu_physical_memory_set_dirty_tracking(false);
1854 static MemoryListener core_memory_listener = {
1855 .log_global_start = core_log_global_start,
1856 .log_global_stop = core_log_global_stop,
1860 void address_space_init_dispatch(AddressSpace *as)
1862 as->dispatch = NULL;
1863 as->dispatch_listener = (MemoryListener) {
1865 .commit = mem_commit,
1866 .region_add = mem_add,
1867 .region_nop = mem_add,
1870 memory_listener_register(&as->dispatch_listener, as);
1873 void address_space_destroy_dispatch(AddressSpace *as)
1875 AddressSpaceDispatch *d = as->dispatch;
1877 memory_listener_unregister(&as->dispatch_listener);
1879 as->dispatch = NULL;
1882 static void memory_map_init(void)
1884 system_memory = g_malloc(sizeof(*system_memory));
1886 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1887 address_space_init(&address_space_memory, system_memory, "memory");
1889 system_io = g_malloc(sizeof(*system_io));
1890 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1892 address_space_init(&address_space_io, system_io, "I/O");
1894 memory_listener_register(&core_memory_listener, &address_space_memory);
1897 MemoryRegion *get_system_memory(void)
1899 return system_memory;
1902 MemoryRegion *get_system_io(void)
1907 #endif /* !defined(CONFIG_USER_ONLY) */
1909 /* physical memory access (slow version, mainly for debug) */
1910 #if defined(CONFIG_USER_ONLY)
1911 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1912 uint8_t *buf, int len, int is_write)
1919 page = addr & TARGET_PAGE_MASK;
1920 l = (page + TARGET_PAGE_SIZE) - addr;
1923 flags = page_get_flags(page);
1924 if (!(flags & PAGE_VALID))
1927 if (!(flags & PAGE_WRITE))
1929 /* XXX: this code should not depend on lock_user */
1930 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1933 unlock_user(p, addr, l);
1935 if (!(flags & PAGE_READ))
1937 /* XXX: this code should not depend on lock_user */
1938 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1941 unlock_user(p, addr, 0);
1952 static void invalidate_and_set_dirty(hwaddr addr,
1955 if (cpu_physical_memory_is_clean(addr)) {
1956 /* invalidate code */
1957 tb_invalidate_phys_page_range(addr, addr + length, 0);
1959 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1960 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1962 xen_modified_memory(addr, length);
1965 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1967 unsigned access_size_max = mr->ops->valid.max_access_size;
1969 /* Regions are assumed to support 1-4 byte accesses unless
1970 otherwise specified. */
1971 if (access_size_max == 0) {
1972 access_size_max = 4;
1975 /* Bound the maximum access by the alignment of the address. */
1976 if (!mr->ops->impl.unaligned) {
1977 unsigned align_size_max = addr & -addr;
1978 if (align_size_max != 0 && align_size_max < access_size_max) {
1979 access_size_max = align_size_max;
1983 /* Don't attempt accesses larger than the maximum. */
1984 if (l > access_size_max) {
1985 l = access_size_max;
1988 l = 1 << (qemu_fls(l) - 1);
1994 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1995 int len, bool is_write)
2006 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2009 if (!memory_access_is_direct(mr, is_write)) {
2010 l = memory_access_size(mr, l, addr1);
2011 /* XXX: could force current_cpu to NULL to avoid
2015 /* 64 bit write access */
2017 error |= io_mem_write(mr, addr1, val, 8);
2020 /* 32 bit write access */
2022 error |= io_mem_write(mr, addr1, val, 4);
2025 /* 16 bit write access */
2027 error |= io_mem_write(mr, addr1, val, 2);
2030 /* 8 bit write access */
2032 error |= io_mem_write(mr, addr1, val, 1);
2038 addr1 += memory_region_get_ram_addr(mr);
2040 ptr = qemu_get_ram_ptr(addr1);
2041 memcpy(ptr, buf, l);
2042 invalidate_and_set_dirty(addr1, l);
2045 if (!memory_access_is_direct(mr, is_write)) {
2047 l = memory_access_size(mr, l, addr1);
2050 /* 64 bit read access */
2051 error |= io_mem_read(mr, addr1, &val, 8);
2055 /* 32 bit read access */
2056 error |= io_mem_read(mr, addr1, &val, 4);
2060 /* 16 bit read access */
2061 error |= io_mem_read(mr, addr1, &val, 2);
2065 /* 8 bit read access */
2066 error |= io_mem_read(mr, addr1, &val, 1);
2074 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2075 memcpy(buf, ptr, l);
2086 bool address_space_write(AddressSpace *as, hwaddr addr,
2087 const uint8_t *buf, int len)
2089 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2092 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2094 return address_space_rw(as, addr, buf, len, false);
2098 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2099 int len, int is_write)
2101 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2104 enum write_rom_type {
2109 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2110 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2119 mr = address_space_translate(as, addr, &addr1, &l, true);
2121 if (!(memory_region_is_ram(mr) ||
2122 memory_region_is_romd(mr))) {
2125 addr1 += memory_region_get_ram_addr(mr);
2127 ptr = qemu_get_ram_ptr(addr1);
2130 memcpy(ptr, buf, l);
2131 invalidate_and_set_dirty(addr1, l);
2134 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2144 /* used for ROM loading : can write in RAM and ROM */
2145 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2146 const uint8_t *buf, int len)
2148 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2151 void cpu_flush_icache_range(hwaddr start, int len)
2154 * This function should do the same thing as an icache flush that was
2155 * triggered from within the guest. For TCG we are always cache coherent,
2156 * so there is no need to flush anything. For KVM / Xen we need to flush
2157 * the host's instruction cache at least.
2159 if (tcg_enabled()) {
2163 cpu_physical_memory_write_rom_internal(&address_space_memory,
2164 start, NULL, len, FLUSH_CACHE);
2174 static BounceBuffer bounce;
2176 typedef struct MapClient {
2178 void (*callback)(void *opaque);
2179 QLIST_ENTRY(MapClient) link;
2182 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2183 = QLIST_HEAD_INITIALIZER(map_client_list);
2185 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2187 MapClient *client = g_malloc(sizeof(*client));
2189 client->opaque = opaque;
2190 client->callback = callback;
2191 QLIST_INSERT_HEAD(&map_client_list, client, link);
2195 static void cpu_unregister_map_client(void *_client)
2197 MapClient *client = (MapClient *)_client;
2199 QLIST_REMOVE(client, link);
2203 static void cpu_notify_map_clients(void)
2207 while (!QLIST_EMPTY(&map_client_list)) {
2208 client = QLIST_FIRST(&map_client_list);
2209 client->callback(client->opaque);
2210 cpu_unregister_map_client(client);
2214 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2221 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2222 if (!memory_access_is_direct(mr, is_write)) {
2223 l = memory_access_size(mr, l, addr);
2224 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2235 /* Map a physical memory region into a host virtual address.
2236 * May map a subset of the requested range, given by and returned in *plen.
2237 * May return NULL if resources needed to perform the mapping are exhausted.
2238 * Use only for reads OR writes - not for read-modify-write operations.
2239 * Use cpu_register_map_client() to know when retrying the map operation is
2240 * likely to succeed.
2242 void *address_space_map(AddressSpace *as,
2249 hwaddr l, xlat, base;
2250 MemoryRegion *mr, *this_mr;
2258 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2259 if (!memory_access_is_direct(mr, is_write)) {
2260 if (bounce.buffer) {
2263 /* Avoid unbounded allocations */
2264 l = MIN(l, TARGET_PAGE_SIZE);
2265 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2269 memory_region_ref(mr);
2272 address_space_read(as, addr, bounce.buffer, l);
2276 return bounce.buffer;
2280 raddr = memory_region_get_ram_addr(mr);
2291 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2292 if (this_mr != mr || xlat != base + done) {
2297 memory_region_ref(mr);
2299 return qemu_ram_ptr_length(raddr + base, plen);
2302 /* Unmaps a memory region previously mapped by address_space_map().
2303 * Will also mark the memory as dirty if is_write == 1. access_len gives
2304 * the amount of memory that was actually read or written by the caller.
2306 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2307 int is_write, hwaddr access_len)
2309 if (buffer != bounce.buffer) {
2313 mr = qemu_ram_addr_from_host(buffer, &addr1);
2316 while (access_len) {
2318 l = TARGET_PAGE_SIZE;
2321 invalidate_and_set_dirty(addr1, l);
2326 if (xen_enabled()) {
2327 xen_invalidate_map_cache_entry(buffer);
2329 memory_region_unref(mr);
2333 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2335 qemu_vfree(bounce.buffer);
2336 bounce.buffer = NULL;
2337 memory_region_unref(bounce.mr);
2338 cpu_notify_map_clients();
2341 void *cpu_physical_memory_map(hwaddr addr,
2345 return address_space_map(&address_space_memory, addr, plen, is_write);
2348 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2349 int is_write, hwaddr access_len)
2351 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2354 /* warning: addr must be aligned */
2355 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2356 enum device_endian endian)
2364 mr = address_space_translate(as, addr, &addr1, &l, false);
2365 if (l < 4 || !memory_access_is_direct(mr, false)) {
2367 io_mem_read(mr, addr1, &val, 4);
2368 #if defined(TARGET_WORDS_BIGENDIAN)
2369 if (endian == DEVICE_LITTLE_ENDIAN) {
2373 if (endian == DEVICE_BIG_ENDIAN) {
2379 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2383 case DEVICE_LITTLE_ENDIAN:
2384 val = ldl_le_p(ptr);
2386 case DEVICE_BIG_ENDIAN:
2387 val = ldl_be_p(ptr);
2397 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2399 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2402 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2404 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2407 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2409 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2412 /* warning: addr must be aligned */
2413 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2414 enum device_endian endian)
2422 mr = address_space_translate(as, addr, &addr1, &l,
2424 if (l < 8 || !memory_access_is_direct(mr, false)) {
2426 io_mem_read(mr, addr1, &val, 8);
2427 #if defined(TARGET_WORDS_BIGENDIAN)
2428 if (endian == DEVICE_LITTLE_ENDIAN) {
2432 if (endian == DEVICE_BIG_ENDIAN) {
2438 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2442 case DEVICE_LITTLE_ENDIAN:
2443 val = ldq_le_p(ptr);
2445 case DEVICE_BIG_ENDIAN:
2446 val = ldq_be_p(ptr);
2456 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2458 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2461 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2463 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2466 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2468 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2472 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2475 address_space_rw(as, addr, &val, 1, 0);
2479 /* warning: addr must be aligned */
2480 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2481 enum device_endian endian)
2489 mr = address_space_translate(as, addr, &addr1, &l,
2491 if (l < 2 || !memory_access_is_direct(mr, false)) {
2493 io_mem_read(mr, addr1, &val, 2);
2494 #if defined(TARGET_WORDS_BIGENDIAN)
2495 if (endian == DEVICE_LITTLE_ENDIAN) {
2499 if (endian == DEVICE_BIG_ENDIAN) {
2505 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2509 case DEVICE_LITTLE_ENDIAN:
2510 val = lduw_le_p(ptr);
2512 case DEVICE_BIG_ENDIAN:
2513 val = lduw_be_p(ptr);
2523 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2525 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2528 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2530 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2533 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2535 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2538 /* warning: addr must be aligned. The ram page is not masked as dirty
2539 and the code inside is not invalidated. It is useful if the dirty
2540 bits are used to track modified PTEs */
2541 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2548 mr = address_space_translate(as, addr, &addr1, &l,
2550 if (l < 4 || !memory_access_is_direct(mr, true)) {
2551 io_mem_write(mr, addr1, val, 4);
2553 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2554 ptr = qemu_get_ram_ptr(addr1);
2557 if (unlikely(in_migration)) {
2558 if (cpu_physical_memory_is_clean(addr1)) {
2559 /* invalidate code */
2560 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2562 cpu_physical_memory_set_dirty_flag(addr1,
2563 DIRTY_MEMORY_MIGRATION);
2564 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2570 /* warning: addr must be aligned */
2571 static inline void stl_phys_internal(AddressSpace *as,
2572 hwaddr addr, uint32_t val,
2573 enum device_endian endian)
2580 mr = address_space_translate(as, addr, &addr1, &l,
2582 if (l < 4 || !memory_access_is_direct(mr, true)) {
2583 #if defined(TARGET_WORDS_BIGENDIAN)
2584 if (endian == DEVICE_LITTLE_ENDIAN) {
2588 if (endian == DEVICE_BIG_ENDIAN) {
2592 io_mem_write(mr, addr1, val, 4);
2595 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2596 ptr = qemu_get_ram_ptr(addr1);
2598 case DEVICE_LITTLE_ENDIAN:
2601 case DEVICE_BIG_ENDIAN:
2608 invalidate_and_set_dirty(addr1, 4);
2612 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2614 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2617 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2619 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2622 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2624 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2628 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2631 address_space_rw(as, addr, &v, 1, 1);
2634 /* warning: addr must be aligned */
2635 static inline void stw_phys_internal(AddressSpace *as,
2636 hwaddr addr, uint32_t val,
2637 enum device_endian endian)
2644 mr = address_space_translate(as, addr, &addr1, &l, true);
2645 if (l < 2 || !memory_access_is_direct(mr, true)) {
2646 #if defined(TARGET_WORDS_BIGENDIAN)
2647 if (endian == DEVICE_LITTLE_ENDIAN) {
2651 if (endian == DEVICE_BIG_ENDIAN) {
2655 io_mem_write(mr, addr1, val, 2);
2658 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2659 ptr = qemu_get_ram_ptr(addr1);
2661 case DEVICE_LITTLE_ENDIAN:
2664 case DEVICE_BIG_ENDIAN:
2671 invalidate_and_set_dirty(addr1, 2);
2675 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2677 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2680 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2682 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2685 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2687 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2691 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2694 address_space_rw(as, addr, (void *) &val, 8, 1);
2697 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2699 val = cpu_to_le64(val);
2700 address_space_rw(as, addr, (void *) &val, 8, 1);
2703 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2705 val = cpu_to_be64(val);
2706 address_space_rw(as, addr, (void *) &val, 8, 1);
2709 /* virtual memory access for debug (includes writing to ROM) */
2710 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2711 uint8_t *buf, int len, int is_write)
2718 page = addr & TARGET_PAGE_MASK;
2719 phys_addr = cpu_get_phys_page_debug(cpu, page);
2720 /* if no physical page mapped, return an error */
2721 if (phys_addr == -1)
2723 l = (page + TARGET_PAGE_SIZE) - addr;
2726 phys_addr += (addr & ~TARGET_PAGE_MASK);
2728 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
2730 address_space_rw(cpu->as, phys_addr, buf, l, 0);
2740 #if !defined(CONFIG_USER_ONLY)
2743 * A helper function for the _utterly broken_ virtio device model to find out if
2744 * it's running on a big endian machine. Don't do this at home kids!
2746 bool virtio_is_big_endian(void);
2747 bool virtio_is_big_endian(void)
2749 #if defined(TARGET_WORDS_BIGENDIAN)
2758 #ifndef CONFIG_USER_ONLY
2759 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2764 mr = address_space_translate(&address_space_memory,
2765 phys_addr, &phys_addr, &l, false);
2767 return !(memory_region_is_ram(mr) ||
2768 memory_region_is_romd(mr));
2771 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2775 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2776 func(block->host, block->offset, block->length, opaque);
projects / lisovros / qemu_apohw.git / blob