4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
25 #include "qemu/cutils.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "qemu/error-report.h"
39 #include "exec/memory.h"
40 #include "sysemu/dma.h"
41 #include "exec/address-spaces.h"
42 #if defined(CONFIG_USER_ONLY)
44 #else /* !CONFIG_USER_ONLY */
45 #include "sysemu/xen-mapcache.h"
48 #include "exec/cpu-all.h"
49 #include "qemu/rcu_queue.h"
50 #include "qemu/main-loop.h"
51 #include "translate-all.h"
52 #include "sysemu/replay.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
58 #include "qemu/range.h"
60 #include "qemu/mmap-alloc.h"
63 //#define DEBUG_SUBPAGE
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
89 #define RAM_RESIZEABLE (1 << 2)
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
102 #if !defined(CONFIG_USER_ONLY)
104 typedef struct PhysPageEntry PhysPageEntry;
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
119 #define P_L2_SIZE (1 << P_L2_BITS)
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
123 typedef PhysPageEntry Node[P_L2_SIZE];
125 typedef struct PhysPageMap {
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
131 unsigned nodes_nb_alloc;
133 MemoryRegionSection *sections;
136 struct AddressSpaceDispatch {
139 MemoryRegionSection *mru_section;
140 /* This is a multi-level map on the physical address space.
141 * The bottom level has pointers to MemoryRegionSections.
143 PhysPageEntry phys_map;
148 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
149 typedef struct subpage_t {
153 uint16_t sub_section[TARGET_PAGE_SIZE];
156 #define PHYS_SECTION_UNASSIGNED 0
157 #define PHYS_SECTION_NOTDIRTY 1
158 #define PHYS_SECTION_ROM 2
159 #define PHYS_SECTION_WATCH 3
161 static void io_mem_init(void);
162 static void memory_map_init(void);
163 static void tcg_commit(MemoryListener *listener);
165 static MemoryRegion io_mem_watch;
168 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
169 * @cpu: the CPU whose AddressSpace this is
170 * @as: the AddressSpace itself
171 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
172 * @tcg_as_listener: listener for tracking changes to the AddressSpace
174 struct CPUAddressSpace {
177 struct AddressSpaceDispatch *memory_dispatch;
178 MemoryListener tcg_as_listener;
183 #if !defined(CONFIG_USER_ONLY)
185 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
187 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
189 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
190 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
194 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
201 ret = map->nodes_nb++;
203 assert(ret != PHYS_MAP_NODE_NIL);
204 assert(ret != map->nodes_nb_alloc);
206 e.skip = leaf ? 0 : 1;
207 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
208 for (i = 0; i < P_L2_SIZE; ++i) {
209 memcpy(&p[i], &e, sizeof(e));
214 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
215 hwaddr *index, hwaddr *nb, uint16_t leaf,
219 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
221 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
222 lp->ptr = phys_map_node_alloc(map, level == 0);
224 p = map->nodes[lp->ptr];
225 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
227 while (*nb && lp < &p[P_L2_SIZE]) {
228 if ((*index & (step - 1)) == 0 && *nb >= step) {
234 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
240 static void phys_page_set(AddressSpaceDispatch *d,
241 hwaddr index, hwaddr nb,
244 /* Wildly overreserve - it doesn't matter much. */
245 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
247 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
250 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
251 * and update our entry so we can skip it and go directly to the destination.
253 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
255 unsigned valid_ptr = P_L2_SIZE;
260 if (lp->ptr == PHYS_MAP_NODE_NIL) {
265 for (i = 0; i < P_L2_SIZE; i++) {
266 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
273 phys_page_compact(&p[i], nodes, compacted);
277 /* We can only compress if there's only one child. */
282 assert(valid_ptr < P_L2_SIZE);
284 /* Don't compress if it won't fit in the # of bits we have. */
285 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
289 lp->ptr = p[valid_ptr].ptr;
290 if (!p[valid_ptr].skip) {
291 /* If our only child is a leaf, make this a leaf. */
292 /* By design, we should have made this node a leaf to begin with so we
293 * should never reach here.
294 * But since it's so simple to handle this, let's do it just in case we
299 lp->skip += p[valid_ptr].skip;
303 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
305 DECLARE_BITMAP(compacted, nodes_nb);
307 if (d->phys_map.skip) {
308 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
312 static inline bool section_covers_addr(const MemoryRegionSection *section,
315 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
316 * the section must cover the entire address space.
318 return section->size.hi ||
319 range_covers_byte(section->offset_within_address_space,
320 section->size.lo, addr);
323 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
324 Node *nodes, MemoryRegionSection *sections)
327 hwaddr index = addr >> TARGET_PAGE_BITS;
330 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
331 if (lp.ptr == PHYS_MAP_NODE_NIL) {
332 return §ions[PHYS_SECTION_UNASSIGNED];
335 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
338 if (section_covers_addr(§ions[lp.ptr], addr)) {
339 return §ions[lp.ptr];
341 return §ions[PHYS_SECTION_UNASSIGNED];
345 bool memory_region_is_unassigned(MemoryRegion *mr)
347 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
348 && mr != &io_mem_watch;
351 /* Called from RCU critical section */
352 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
354 bool resolve_subpage)
356 MemoryRegionSection *section = atomic_read(&d->mru_section);
360 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
361 section_covers_addr(section, addr)) {
364 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 if (resolve_subpage && section->mr->subpage) {
369 subpage = container_of(section->mr, subpage_t, iomem);
370 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
373 atomic_set(&d->mru_section, section);
378 /* Called from RCU critical section */
379 static MemoryRegionSection *
380 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
381 hwaddr *plen, bool resolve_subpage)
383 MemoryRegionSection *section;
387 section = address_space_lookup_region(d, addr, resolve_subpage);
388 /* Compute offset within MemoryRegionSection */
389 addr -= section->offset_within_address_space;
391 /* Compute offset within MemoryRegion */
392 *xlat = addr + section->offset_within_region;
396 /* MMIO registers can be expected to perform full-width accesses based only
397 * on their address, without considering adjacent registers that could
398 * decode to completely different MemoryRegions. When such registers
399 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
400 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * If the length is small (as is the case for address_space_ldl/stl),
404 * everything works fine. If the incoming length is large, however,
405 * the caller really has to do the clamping through memory_access_size.
407 if (memory_region_is_ram(mr)) {
408 diff = int128_sub(section->size, int128_make64(addr));
409 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
414 /* Called from RCU critical section */
415 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
416 hwaddr *xlat, hwaddr *plen,
420 MemoryRegionSection *section;
424 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
425 section = address_space_translate_internal(d, addr, &addr, plen, true);
428 if (!mr->iommu_ops) {
432 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
433 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
434 | (addr & iotlb.addr_mask));
435 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
436 if (!(iotlb.perm & (1 << is_write))) {
437 mr = &io_mem_unassigned;
441 as = iotlb.target_as;
444 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
445 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
446 *plen = MIN(page, *plen);
453 /* Called from RCU critical section */
454 MemoryRegionSection *
455 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
456 hwaddr *xlat, hwaddr *plen)
458 MemoryRegionSection *section;
459 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
461 section = address_space_translate_internal(d, addr, xlat, plen, false);
463 assert(!section->mr->iommu_ops);
468 #if !defined(CONFIG_USER_ONLY)
470 static int cpu_common_post_load(void *opaque, int version_id)
472 CPUState *cpu = opaque;
474 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
475 version_id is increased. */
476 cpu->interrupt_request &= ~0x01;
482 static int cpu_common_pre_load(void *opaque)
484 CPUState *cpu = opaque;
486 cpu->exception_index = -1;
491 static bool cpu_common_exception_index_needed(void *opaque)
493 CPUState *cpu = opaque;
495 return tcg_enabled() && cpu->exception_index != -1;
498 static const VMStateDescription vmstate_cpu_common_exception_index = {
499 .name = "cpu_common/exception_index",
501 .minimum_version_id = 1,
502 .needed = cpu_common_exception_index_needed,
503 .fields = (VMStateField[]) {
504 VMSTATE_INT32(exception_index, CPUState),
505 VMSTATE_END_OF_LIST()
509 static bool cpu_common_crash_occurred_needed(void *opaque)
511 CPUState *cpu = opaque;
513 return cpu->crash_occurred;
516 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
517 .name = "cpu_common/crash_occurred",
519 .minimum_version_id = 1,
520 .needed = cpu_common_crash_occurred_needed,
521 .fields = (VMStateField[]) {
522 VMSTATE_BOOL(crash_occurred, CPUState),
523 VMSTATE_END_OF_LIST()
527 const VMStateDescription vmstate_cpu_common = {
528 .name = "cpu_common",
530 .minimum_version_id = 1,
531 .pre_load = cpu_common_pre_load,
532 .post_load = cpu_common_post_load,
533 .fields = (VMStateField[]) {
534 VMSTATE_UINT32(halted, CPUState),
535 VMSTATE_UINT32(interrupt_request, CPUState),
536 VMSTATE_END_OF_LIST()
538 .subsections = (const VMStateDescription*[]) {
539 &vmstate_cpu_common_exception_index,
540 &vmstate_cpu_common_crash_occurred,
547 CPUState *qemu_get_cpu(int index)
552 if (cpu->cpu_index == index) {
560 #if !defined(CONFIG_USER_ONLY)
561 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
563 CPUAddressSpace *newas;
565 /* Target code should have set num_ases before calling us */
566 assert(asidx < cpu->num_ases);
569 /* address space 0 gets the convenience alias */
573 /* KVM cannot currently support multiple address spaces. */
574 assert(asidx == 0 || !kvm_enabled());
576 if (!cpu->cpu_ases) {
577 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
580 newas = &cpu->cpu_ases[asidx];
584 newas->tcg_as_listener.commit = tcg_commit;
585 memory_listener_register(&newas->tcg_as_listener, as);
589 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
591 /* Return the AddressSpace corresponding to the specified index */
592 return cpu->cpu_ases[asidx].as;
596 #ifndef CONFIG_USER_ONLY
597 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
599 static int cpu_get_free_index(Error **errp)
601 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
603 if (cpu >= MAX_CPUMASK_BITS) {
604 error_setg(errp, "Trying to use more CPUs than max of %d",
609 bitmap_set(cpu_index_map, cpu, 1);
613 void cpu_exec_exit(CPUState *cpu)
615 if (cpu->cpu_index == -1) {
616 /* cpu_index was never allocated by this @cpu or was already freed. */
620 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
625 static int cpu_get_free_index(Error **errp)
630 CPU_FOREACH(some_cpu) {
636 void cpu_exec_exit(CPUState *cpu)
641 void cpu_exec_init(CPUState *cpu, Error **errp)
643 CPUClass *cc = CPU_GET_CLASS(cpu);
645 Error *local_err = NULL;
650 #ifndef CONFIG_USER_ONLY
651 cpu->thread_id = qemu_get_thread_id();
653 /* This is a softmmu CPU object, so create a property for it
654 * so users can wire up its memory. (This can't go in qom/cpu.c
655 * because that file is compiled only once for both user-mode
656 * and system builds.) The default if no link is set up is to use
657 * the system address space.
659 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
660 (Object **)&cpu->memory,
661 qdev_prop_allow_set_link_before_realize,
662 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 cpu->memory = system_memory;
665 object_ref(OBJECT(cpu->memory));
668 #if defined(CONFIG_USER_ONLY)
671 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
673 error_propagate(errp, local_err);
674 #if defined(CONFIG_USER_ONLY)
679 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
680 #if defined(CONFIG_USER_ONLY)
683 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
684 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
686 if (cc->vmsd != NULL) {
687 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
691 #if defined(CONFIG_USER_ONLY)
692 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
694 tb_invalidate_phys_page_range(pc, pc + 1, 0);
697 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
700 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
701 int asidx = cpu_asidx_from_attrs(cpu, attrs);
703 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
704 phys | (pc & ~TARGET_PAGE_MASK));
709 #if defined(CONFIG_USER_ONLY)
710 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
715 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
721 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
726 int flags, CPUWatchpoint **watchpoint)
731 /* Add a watchpoint. */
732 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
733 int flags, CPUWatchpoint **watchpoint)
737 /* forbid ranges which are empty or run off the end of the address space */
738 if (len == 0 || (addr + len - 1) < addr) {
739 error_report("tried to set invalid watchpoint at %"
740 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
743 wp = g_malloc(sizeof(*wp));
749 /* keep all GDB-injected watchpoints in front */
750 if (flags & BP_GDB) {
751 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
753 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
756 tlb_flush_page(cpu, addr);
763 /* Remove a specific watchpoint. */
764 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
769 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
770 if (addr == wp->vaddr && len == wp->len
771 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
772 cpu_watchpoint_remove_by_ref(cpu, wp);
779 /* Remove a specific watchpoint by reference. */
780 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
782 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
784 tlb_flush_page(cpu, watchpoint->vaddr);
789 /* Remove all matching watchpoints. */
790 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
792 CPUWatchpoint *wp, *next;
794 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
795 if (wp->flags & mask) {
796 cpu_watchpoint_remove_by_ref(cpu, wp);
801 /* Return true if this watchpoint address matches the specified
802 * access (ie the address range covered by the watchpoint overlaps
803 * partially or completely with the address range covered by the
806 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 /* We know the lengths are non-zero, but a little caution is
811 * required to avoid errors in the case where the range ends
812 * exactly at the top of the address space and so addr + len
813 * wraps round to zero.
815 vaddr wpend = wp->vaddr + wp->len - 1;
816 vaddr addrend = addr + len - 1;
818 return !(addr > wpend || wp->vaddr > addrend);
823 /* Add a breakpoint. */
824 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
825 CPUBreakpoint **breakpoint)
829 bp = g_malloc(sizeof(*bp));
834 /* keep all GDB-injected breakpoints in front */
835 if (flags & BP_GDB) {
836 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
838 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
841 breakpoint_invalidate(cpu, pc);
849 /* Remove a specific breakpoint. */
850 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
854 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
855 if (bp->pc == pc && bp->flags == flags) {
856 cpu_breakpoint_remove_by_ref(cpu, bp);
863 /* Remove a specific breakpoint by reference. */
864 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
866 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
868 breakpoint_invalidate(cpu, breakpoint->pc);
873 /* Remove all matching breakpoints. */
874 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
876 CPUBreakpoint *bp, *next;
878 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
879 if (bp->flags & mask) {
880 cpu_breakpoint_remove_by_ref(cpu, bp);
885 /* enable or disable single step mode. EXCP_DEBUG is returned by the
886 CPU loop after each instruction */
887 void cpu_single_step(CPUState *cpu, int enabled)
889 if (cpu->singlestep_enabled != enabled) {
890 cpu->singlestep_enabled = enabled;
892 kvm_update_guest_debug(cpu, 0);
894 /* must flush all the translated code to avoid inconsistencies */
895 /* XXX: only flush what is necessary */
901 void cpu_abort(CPUState *cpu, const char *fmt, ...)
908 fprintf(stderr, "qemu: fatal: ");
909 vfprintf(stderr, fmt, ap);
910 fprintf(stderr, "\n");
911 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
912 if (qemu_log_separate()) {
913 qemu_log("qemu: fatal: ");
914 qemu_log_vprintf(fmt, ap2);
916 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
923 #if defined(CONFIG_USER_ONLY)
925 struct sigaction act;
926 sigfillset(&act.sa_mask);
927 act.sa_handler = SIG_DFL;
928 sigaction(SIGABRT, &act, NULL);
934 #if !defined(CONFIG_USER_ONLY)
935 /* Called from RCU critical section */
936 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940 block = atomic_rcu_read(&ram_list.mru_block);
941 if (block && addr - block->offset < block->max_length) {
944 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
945 if (addr - block->offset < block->max_length) {
950 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 /* It is safe to write mru_block outside the iothread lock. This
959 * xxx removed from list
963 * call_rcu(reclaim_ramblock, xxx);
966 * atomic_rcu_set is not needed here. The block was already published
967 * when it was placed into the list. Here we're just making an extra
968 * copy of the pointer.
970 ram_list.mru_block = block;
974 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
981 end = TARGET_PAGE_ALIGN(start + length);
982 start &= TARGET_PAGE_MASK;
985 block = qemu_get_ram_block(start);
986 assert(block == qemu_get_ram_block(end - 1));
987 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
989 tlb_reset_dirty(cpu, start1, length);
994 /* Note: start and end must be within the same ram block. */
995 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 DirtyMemoryBlocks *blocks;
1000 unsigned long end, page;
1007 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1008 page = start >> TARGET_PAGE_BITS;
1012 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1014 while (page < end) {
1015 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1016 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1017 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1019 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1026 if (dirty && tcg_enabled()) {
1027 tlb_reset_dirty_range_all(start, length);
1033 /* Called from RCU critical section */
1034 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1035 MemoryRegionSection *section,
1037 hwaddr paddr, hwaddr xlat,
1039 target_ulong *address)
1044 if (memory_region_is_ram(section->mr)) {
1046 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1048 if (!section->readonly) {
1049 iotlb |= PHYS_SECTION_NOTDIRTY;
1051 iotlb |= PHYS_SECTION_ROM;
1054 AddressSpaceDispatch *d;
1056 d = atomic_rcu_read(§ion->address_space->dispatch);
1057 iotlb = section - d->map.sections;
1061 /* Make accesses to pages with watchpoints go via the
1062 watchpoint trap routines. */
1063 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1064 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1065 /* Avoid trapping reads of pages with a write breakpoint. */
1066 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1067 iotlb = PHYS_SECTION_WATCH + paddr;
1068 *address |= TLB_MMIO;
1076 #endif /* defined(CONFIG_USER_ONLY) */
1078 #if !defined(CONFIG_USER_ONLY)
1080 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1082 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1084 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1085 qemu_anon_ram_alloc;
1088 * Set a custom physical guest memory alloator.
1089 * Accelerators with unusual needs may need this. Hopefully, we can
1090 * get rid of it eventually.
1092 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1094 phys_mem_alloc = alloc;
1097 static uint16_t phys_section_add(PhysPageMap *map,
1098 MemoryRegionSection *section)
1100 /* The physical section number is ORed with a page-aligned
1101 * pointer to produce the iotlb entries. Thus it should
1102 * never overflow into the page-aligned value.
1104 assert(map->sections_nb < TARGET_PAGE_SIZE);
1106 if (map->sections_nb == map->sections_nb_alloc) {
1107 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1108 map->sections = g_renew(MemoryRegionSection, map->sections,
1109 map->sections_nb_alloc);
1111 map->sections[map->sections_nb] = *section;
1112 memory_region_ref(section->mr);
1113 return map->sections_nb++;
1116 static void phys_section_destroy(MemoryRegion *mr)
1118 bool have_sub_page = mr->subpage;
1120 memory_region_unref(mr);
1122 if (have_sub_page) {
1123 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1124 object_unref(OBJECT(&subpage->iomem));
1129 static void phys_sections_free(PhysPageMap *map)
1131 while (map->sections_nb > 0) {
1132 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1133 phys_section_destroy(section->mr);
1135 g_free(map->sections);
1139 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1142 hwaddr base = section->offset_within_address_space
1144 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1145 d->map.nodes, d->map.sections);
1146 MemoryRegionSection subsection = {
1147 .offset_within_address_space = base,
1148 .size = int128_make64(TARGET_PAGE_SIZE),
1152 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1154 if (!(existing->mr->subpage)) {
1155 subpage = subpage_init(d->as, base);
1156 subsection.address_space = d->as;
1157 subsection.mr = &subpage->iomem;
1158 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1159 phys_section_add(&d->map, &subsection));
1161 subpage = container_of(existing->mr, subpage_t, iomem);
1163 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1164 end = start + int128_get64(section->size) - 1;
1165 subpage_register(subpage, start, end,
1166 phys_section_add(&d->map, section));
1170 static void register_multipage(AddressSpaceDispatch *d,
1171 MemoryRegionSection *section)
1173 hwaddr start_addr = section->offset_within_address_space;
1174 uint16_t section_index = phys_section_add(&d->map, section);
1175 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1179 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1182 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1184 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1185 AddressSpaceDispatch *d = as->next_dispatch;
1186 MemoryRegionSection now = *section, remain = *section;
1187 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1189 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1190 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1191 - now.offset_within_address_space;
1193 now.size = int128_min(int128_make64(left), now.size);
1194 register_subpage(d, &now);
1196 now.size = int128_zero();
1198 while (int128_ne(remain.size, now.size)) {
1199 remain.size = int128_sub(remain.size, now.size);
1200 remain.offset_within_address_space += int128_get64(now.size);
1201 remain.offset_within_region += int128_get64(now.size);
1203 if (int128_lt(remain.size, page_size)) {
1204 register_subpage(d, &now);
1205 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1206 now.size = page_size;
1207 register_subpage(d, &now);
1209 now.size = int128_and(now.size, int128_neg(page_size));
1210 register_multipage(d, &now);
1215 void qemu_flush_coalesced_mmio_buffer(void)
1218 kvm_flush_coalesced_mmio_buffer();
1221 void qemu_mutex_lock_ramlist(void)
1223 qemu_mutex_lock(&ram_list.mutex);
1226 void qemu_mutex_unlock_ramlist(void)
1228 qemu_mutex_unlock(&ram_list.mutex);
1232 static void *file_ram_alloc(RAMBlock *block,
1237 bool unlink_on_error = false;
1239 char *sanitized_name;
1245 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1247 "host lacks kvm mmu notifiers, -mem-path unsupported");
1252 fd = open(path, O_RDWR);
1254 /* @path names an existing file, use it */
1257 if (errno == ENOENT) {
1258 /* @path names a file that doesn't exist, create it */
1259 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1261 unlink_on_error = true;
1264 } else if (errno == EISDIR) {
1265 /* @path names a directory, create a file there */
1266 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1267 sanitized_name = g_strdup(memory_region_name(block->mr));
1268 for (c = sanitized_name; *c != '\0'; c++) {
1274 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1276 g_free(sanitized_name);
1278 fd = mkstemp(filename);
1286 if (errno != EEXIST && errno != EINTR) {
1287 error_setg_errno(errp, errno,
1288 "can't open backing store %s for guest RAM",
1293 * Try again on EINTR and EEXIST. The latter happens when
1294 * something else creates the file between our two open().
1298 page_size = qemu_fd_getpagesize(fd);
1299 block->mr->align = page_size;
1301 if (memory < page_size) {
1302 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1303 "or larger than page size 0x%" PRIx64,
1308 memory = ROUND_UP(memory, page_size);
1311 * ftruncate is not supported by hugetlbfs in older
1312 * hosts, so don't bother bailing out on errors.
1313 * If anything goes wrong with it under other filesystems,
1316 if (ftruncate(fd, memory)) {
1317 perror("ftruncate");
1320 area = qemu_ram_mmap(fd, memory, page_size, block->flags & RAM_SHARED);
1321 if (area == MAP_FAILED) {
1322 error_setg_errno(errp, errno,
1323 "unable to map backing store for guest RAM");
1328 os_mem_prealloc(fd, area, memory);
1335 if (unlink_on_error) {
1345 /* Called with the ramlist lock held. */
1346 static ram_addr_t find_ram_offset(ram_addr_t size)
1348 RAMBlock *block, *next_block;
1349 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1351 assert(size != 0); /* it would hand out same offset multiple times */
1353 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1357 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1358 ram_addr_t end, next = RAM_ADDR_MAX;
1360 end = block->offset + block->max_length;
1362 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1363 if (next_block->offset >= end) {
1364 next = MIN(next, next_block->offset);
1367 if (next - end >= size && next - end < mingap) {
1369 mingap = next - end;
1373 if (offset == RAM_ADDR_MAX) {
1374 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1382 ram_addr_t last_ram_offset(void)
1385 ram_addr_t last = 0;
1388 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1389 last = MAX(last, block->offset + block->max_length);
1395 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1399 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1400 if (!machine_dump_guest_core(current_machine)) {
1401 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1403 perror("qemu_madvise");
1404 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1405 "but dump_guest_core=off specified\n");
1410 /* Called within an RCU critical section, or while the ramlist lock
1413 static RAMBlock *find_ram_block(ram_addr_t addr)
1417 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1418 if (block->offset == addr) {
1426 const char *qemu_ram_get_idstr(RAMBlock *rb)
1431 /* Called with iothread lock held. */
1432 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1434 RAMBlock *new_block, *block;
1437 new_block = find_ram_block(addr);
1439 assert(!new_block->idstr[0]);
1442 char *id = qdev_get_dev_path(dev);
1444 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1448 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1450 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1451 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1452 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1460 /* Called with iothread lock held. */
1461 void qemu_ram_unset_idstr(ram_addr_t addr)
1465 /* FIXME: arch_init.c assumes that this is not called throughout
1466 * migration. Ignore the problem since hot-unplug during migration
1467 * does not work anyway.
1471 block = find_ram_block(addr);
1473 memset(block->idstr, 0, sizeof(block->idstr));
1478 static int memory_try_enable_merging(void *addr, size_t len)
1480 if (!machine_mem_merge(current_machine)) {
1481 /* disabled by the user */
1485 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1488 /* Only legal before guest might have detected the memory size: e.g. on
1489 * incoming migration, or right after reset.
1491 * As memory core doesn't know how is memory accessed, it is up to
1492 * resize callback to update device state and/or add assertions to detect
1493 * misuse, if necessary.
1495 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1497 RAMBlock *block = find_ram_block(base);
1501 newsize = HOST_PAGE_ALIGN(newsize);
1503 if (block->used_length == newsize) {
1507 if (!(block->flags & RAM_RESIZEABLE)) {
1508 error_setg_errno(errp, EINVAL,
1509 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1510 " in != 0x" RAM_ADDR_FMT, block->idstr,
1511 newsize, block->used_length);
1515 if (block->max_length < newsize) {
1516 error_setg_errno(errp, EINVAL,
1517 "Length too large: %s: 0x" RAM_ADDR_FMT
1518 " > 0x" RAM_ADDR_FMT, block->idstr,
1519 newsize, block->max_length);
1523 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1524 block->used_length = newsize;
1525 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1527 memory_region_set_size(block->mr, newsize);
1528 if (block->resized) {
1529 block->resized(block->idstr, newsize, block->host);
1534 /* Called with ram_list.mutex held */
1535 static void dirty_memory_extend(ram_addr_t old_ram_size,
1536 ram_addr_t new_ram_size)
1538 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1539 DIRTY_MEMORY_BLOCK_SIZE);
1540 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1541 DIRTY_MEMORY_BLOCK_SIZE);
1544 /* Only need to extend if block count increased */
1545 if (new_num_blocks <= old_num_blocks) {
1549 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1550 DirtyMemoryBlocks *old_blocks;
1551 DirtyMemoryBlocks *new_blocks;
1554 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1555 new_blocks = g_malloc(sizeof(*new_blocks) +
1556 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1558 if (old_num_blocks) {
1559 memcpy(new_blocks->blocks, old_blocks->blocks,
1560 old_num_blocks * sizeof(old_blocks->blocks[0]));
1563 for (j = old_num_blocks; j < new_num_blocks; j++) {
1564 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1567 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1570 g_free_rcu(old_blocks, rcu);
1575 static void ram_block_add(RAMBlock *new_block, Error **errp)
1578 RAMBlock *last_block = NULL;
1579 ram_addr_t old_ram_size, new_ram_size;
1582 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1584 qemu_mutex_lock_ramlist();
1585 new_block->offset = find_ram_offset(new_block->max_length);
1587 if (!new_block->host) {
1588 if (xen_enabled()) {
1589 xen_ram_alloc(new_block->offset, new_block->max_length,
1590 new_block->mr, &err);
1592 error_propagate(errp, err);
1593 qemu_mutex_unlock_ramlist();
1597 new_block->host = phys_mem_alloc(new_block->max_length,
1598 &new_block->mr->align);
1599 if (!new_block->host) {
1600 error_setg_errno(errp, errno,
1601 "cannot set up guest memory '%s'",
1602 memory_region_name(new_block->mr));
1603 qemu_mutex_unlock_ramlist();
1606 memory_try_enable_merging(new_block->host, new_block->max_length);
1610 new_ram_size = MAX(old_ram_size,
1611 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1612 if (new_ram_size > old_ram_size) {
1613 migration_bitmap_extend(old_ram_size, new_ram_size);
1614 dirty_memory_extend(old_ram_size, new_ram_size);
1616 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1617 * QLIST (which has an RCU-friendly variant) does not have insertion at
1618 * tail, so save the last element in last_block.
1620 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1622 if (block->max_length < new_block->max_length) {
1627 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1628 } else if (last_block) {
1629 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1630 } else { /* list is empty */
1631 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1633 ram_list.mru_block = NULL;
1635 /* Write list before version */
1638 qemu_mutex_unlock_ramlist();
1640 cpu_physical_memory_set_dirty_range(new_block->offset,
1641 new_block->used_length,
1644 if (new_block->host) {
1645 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1646 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1647 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1648 if (kvm_enabled()) {
1649 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1655 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1656 bool share, const char *mem_path,
1659 RAMBlock *new_block;
1660 Error *local_err = NULL;
1662 if (xen_enabled()) {
1663 error_setg(errp, "-mem-path not supported with Xen");
1667 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1669 * file_ram_alloc() needs to allocate just like
1670 * phys_mem_alloc, but we haven't bothered to provide
1674 "-mem-path not supported with this accelerator");
1678 size = HOST_PAGE_ALIGN(size);
1679 new_block = g_malloc0(sizeof(*new_block));
1681 new_block->used_length = size;
1682 new_block->max_length = size;
1683 new_block->flags = share ? RAM_SHARED : 0;
1684 new_block->host = file_ram_alloc(new_block, size,
1686 if (!new_block->host) {
1691 ram_block_add(new_block, &local_err);
1694 error_propagate(errp, local_err);
1702 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1703 void (*resized)(const char*,
1706 void *host, bool resizeable,
1707 MemoryRegion *mr, Error **errp)
1709 RAMBlock *new_block;
1710 Error *local_err = NULL;
1712 size = HOST_PAGE_ALIGN(size);
1713 max_size = HOST_PAGE_ALIGN(max_size);
1714 new_block = g_malloc0(sizeof(*new_block));
1716 new_block->resized = resized;
1717 new_block->used_length = size;
1718 new_block->max_length = max_size;
1719 assert(max_size >= size);
1721 new_block->host = host;
1723 new_block->flags |= RAM_PREALLOC;
1726 new_block->flags |= RAM_RESIZEABLE;
1728 ram_block_add(new_block, &local_err);
1731 error_propagate(errp, local_err);
1737 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1738 MemoryRegion *mr, Error **errp)
1740 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1743 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1745 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1748 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1749 void (*resized)(const char*,
1752 MemoryRegion *mr, Error **errp)
1754 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1757 static void reclaim_ramblock(RAMBlock *block)
1759 if (block->flags & RAM_PREALLOC) {
1761 } else if (xen_enabled()) {
1762 xen_invalidate_map_cache_entry(block->host);
1764 } else if (block->fd >= 0) {
1765 qemu_ram_munmap(block->host, block->max_length);
1769 qemu_anon_ram_free(block->host, block->max_length);
1774 void qemu_ram_free(RAMBlock *block)
1780 qemu_mutex_lock_ramlist();
1781 QLIST_REMOVE_RCU(block, next);
1782 ram_list.mru_block = NULL;
1783 /* Write list before version */
1786 call_rcu(block, reclaim_ramblock, rcu);
1787 qemu_mutex_unlock_ramlist();
1791 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1798 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1799 offset = addr - block->offset;
1800 if (offset < block->max_length) {
1801 vaddr = ramblock_ptr(block, offset);
1802 if (block->flags & RAM_PREALLOC) {
1804 } else if (xen_enabled()) {
1808 if (block->fd >= 0) {
1809 flags |= (block->flags & RAM_SHARED ?
1810 MAP_SHARED : MAP_PRIVATE);
1811 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1812 flags, block->fd, offset);
1815 * Remap needs to match alloc. Accelerators that
1816 * set phys_mem_alloc never remap. If they did,
1817 * we'd need a remap hook here.
1819 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1821 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1822 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1825 if (area != vaddr) {
1826 fprintf(stderr, "Could not remap addr: "
1827 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1831 memory_try_enable_merging(vaddr, length);
1832 qemu_ram_setup_dump(vaddr, length);
1837 #endif /* !_WIN32 */
1839 int qemu_get_ram_fd(ram_addr_t addr)
1845 block = qemu_get_ram_block(addr);
1851 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1856 block = qemu_get_ram_block(addr);
1861 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1867 block = qemu_get_ram_block(addr);
1868 ptr = ramblock_ptr(block, 0);
1873 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1874 * This should not be used for general purpose DMA. Use address_space_map
1875 * or address_space_rw instead. For local memory (e.g. video ram) that the
1876 * device owns, use memory_region_get_ram_ptr.
1878 * Called within RCU critical section.
1880 void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1882 RAMBlock *block = ram_block;
1884 if (block == NULL) {
1885 block = qemu_get_ram_block(addr);
1888 if (xen_enabled() && block->host == NULL) {
1889 /* We need to check if the requested address is in the RAM
1890 * because we don't want to map the entire memory in QEMU.
1891 * In that case just map until the end of the page.
1893 if (block->offset == 0) {
1894 return xen_map_cache(addr, 0, 0);
1897 block->host = xen_map_cache(block->offset, block->max_length, 1);
1899 return ramblock_ptr(block, addr - block->offset);
1902 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1903 * but takes a size argument.
1905 * Called within RCU critical section.
1907 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1910 RAMBlock *block = ram_block;
1911 ram_addr_t offset_inside_block;
1916 if (block == NULL) {
1917 block = qemu_get_ram_block(addr);
1919 offset_inside_block = addr - block->offset;
1920 *size = MIN(*size, block->max_length - offset_inside_block);
1922 if (xen_enabled() && block->host == NULL) {
1923 /* We need to check if the requested address is in the RAM
1924 * because we don't want to map the entire memory in QEMU.
1925 * In that case just map the requested area.
1927 if (block->offset == 0) {
1928 return xen_map_cache(addr, *size, 1);
1931 block->host = xen_map_cache(block->offset, block->max_length, 1);
1934 return ramblock_ptr(block, offset_inside_block);
1938 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1941 * ptr: Host pointer to look up
1942 * round_offset: If true round the result offset down to a page boundary
1943 * *ram_addr: set to result ram_addr
1944 * *offset: set to result offset within the RAMBlock
1946 * Returns: RAMBlock (or NULL if not found)
1948 * By the time this function returns, the returned pointer is not protected
1949 * by RCU anymore. If the caller is not within an RCU critical section and
1950 * does not hold the iothread lock, it must have other means of protecting the
1951 * pointer, such as a reference to the region that includes the incoming
1954 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1955 ram_addr_t *ram_addr,
1959 uint8_t *host = ptr;
1961 if (xen_enabled()) {
1963 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1964 block = qemu_get_ram_block(*ram_addr);
1966 *offset = (host - block->host);
1973 block = atomic_rcu_read(&ram_list.mru_block);
1974 if (block && block->host && host - block->host < block->max_length) {
1978 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1979 /* This case append when the block is not mapped. */
1980 if (block->host == NULL) {
1983 if (host - block->host < block->max_length) {
1992 *offset = (host - block->host);
1994 *offset &= TARGET_PAGE_MASK;
1996 *ram_addr = block->offset + *offset;
2002 * Finds the named RAMBlock
2004 * name: The name of RAMBlock to find
2006 * Returns: RAMBlock (or NULL if not found)
2008 RAMBlock *qemu_ram_block_by_name(const char *name)
2012 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
2013 if (!strcmp(name, block->idstr)) {
2021 /* Some of the softmmu routines need to translate from a host pointer
2022 (typically a TLB entry) back to a ram offset. */
2023 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2026 ram_addr_t offset; /* Not used */
2028 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2037 /* Called within RCU critical section. */
2038 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
2039 uint64_t val, unsigned size)
2041 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
2042 tb_invalidate_phys_page_fast(ram_addr, size);
2046 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2049 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2052 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2057 /* Set both VGA and migration bits for simplicity and to remove
2058 * the notdirty callback faster.
2060 cpu_physical_memory_set_dirty_range(ram_addr, size,
2061 DIRTY_CLIENTS_NOCODE);
2062 /* we remove the notdirty callback only if the code has been
2064 if (!cpu_physical_memory_is_clean(ram_addr)) {
2065 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2069 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2070 unsigned size, bool is_write)
2075 static const MemoryRegionOps notdirty_mem_ops = {
2076 .write = notdirty_mem_write,
2077 .valid.accepts = notdirty_mem_accepts,
2078 .endianness = DEVICE_NATIVE_ENDIAN,
2081 /* Generate a debug exception if a watchpoint has been hit. */
2082 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2084 CPUState *cpu = current_cpu;
2085 CPUClass *cc = CPU_GET_CLASS(cpu);
2086 CPUArchState *env = cpu->env_ptr;
2087 target_ulong pc, cs_base;
2092 if (cpu->watchpoint_hit) {
2093 /* We re-entered the check after replacing the TB. Now raise
2094 * the debug interrupt so that is will trigger after the
2095 * current instruction. */
2096 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2099 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2100 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2101 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2102 && (wp->flags & flags)) {
2103 if (flags == BP_MEM_READ) {
2104 wp->flags |= BP_WATCHPOINT_HIT_READ;
2106 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2108 wp->hitaddr = vaddr;
2109 wp->hitattrs = attrs;
2110 if (!cpu->watchpoint_hit) {
2111 if (wp->flags & BP_CPU &&
2112 !cc->debug_check_watchpoint(cpu, wp)) {
2113 wp->flags &= ~BP_WATCHPOINT_HIT;
2116 cpu->watchpoint_hit = wp;
2117 tb_check_watchpoint(cpu);
2118 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2119 cpu->exception_index = EXCP_DEBUG;
2122 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2123 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2124 cpu_resume_from_signal(cpu, NULL);
2128 wp->flags &= ~BP_WATCHPOINT_HIT;
2133 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2134 so these check for a hit then pass through to the normal out-of-line
2136 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2137 unsigned size, MemTxAttrs attrs)
2141 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2142 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2144 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2147 data = address_space_ldub(as, addr, attrs, &res);
2150 data = address_space_lduw(as, addr, attrs, &res);
2153 data = address_space_ldl(as, addr, attrs, &res);
2161 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2162 uint64_t val, unsigned size,
2166 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2167 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2169 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2172 address_space_stb(as, addr, val, attrs, &res);
2175 address_space_stw(as, addr, val, attrs, &res);
2178 address_space_stl(as, addr, val, attrs, &res);
2185 static const MemoryRegionOps watch_mem_ops = {
2186 .read_with_attrs = watch_mem_read,
2187 .write_with_attrs = watch_mem_write,
2188 .endianness = DEVICE_NATIVE_ENDIAN,
2191 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2192 unsigned len, MemTxAttrs attrs)
2194 subpage_t *subpage = opaque;
2198 #if defined(DEBUG_SUBPAGE)
2199 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2200 subpage, len, addr);
2202 res = address_space_read(subpage->as, addr + subpage->base,
2209 *data = ldub_p(buf);
2212 *data = lduw_p(buf);
2225 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2226 uint64_t value, unsigned len, MemTxAttrs attrs)
2228 subpage_t *subpage = opaque;
2231 #if defined(DEBUG_SUBPAGE)
2232 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2233 " value %"PRIx64"\n",
2234 __func__, subpage, len, addr, value);
2252 return address_space_write(subpage->as, addr + subpage->base,
2256 static bool subpage_accepts(void *opaque, hwaddr addr,
2257 unsigned len, bool is_write)
2259 subpage_t *subpage = opaque;
2260 #if defined(DEBUG_SUBPAGE)
2261 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2262 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2265 return address_space_access_valid(subpage->as, addr + subpage->base,
2269 static const MemoryRegionOps subpage_ops = {
2270 .read_with_attrs = subpage_read,
2271 .write_with_attrs = subpage_write,
2272 .impl.min_access_size = 1,
2273 .impl.max_access_size = 8,
2274 .valid.min_access_size = 1,
2275 .valid.max_access_size = 8,
2276 .valid.accepts = subpage_accepts,
2277 .endianness = DEVICE_NATIVE_ENDIAN,
2280 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2285 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2287 idx = SUBPAGE_IDX(start);
2288 eidx = SUBPAGE_IDX(end);
2289 #if defined(DEBUG_SUBPAGE)
2290 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2291 __func__, mmio, start, end, idx, eidx, section);
2293 for (; idx <= eidx; idx++) {
2294 mmio->sub_section[idx] = section;
2300 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2304 mmio = g_malloc0(sizeof(subpage_t));
2308 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2309 NULL, TARGET_PAGE_SIZE);
2310 mmio->iomem.subpage = true;
2311 #if defined(DEBUG_SUBPAGE)
2312 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2313 mmio, base, TARGET_PAGE_SIZE);
2315 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2320 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2324 MemoryRegionSection section = {
2325 .address_space = as,
2327 .offset_within_address_space = 0,
2328 .offset_within_region = 0,
2329 .size = int128_2_64(),
2332 return phys_section_add(map, §ion);
2335 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2337 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2338 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2339 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2340 MemoryRegionSection *sections = d->map.sections;
2342 return sections[index & ~TARGET_PAGE_MASK].mr;
2345 static void io_mem_init(void)
2347 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2348 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2350 memory_region_init_io(&io_mem_notdirty, NULL, ¬dirty_mem_ops, NULL,
2352 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2356 static void mem_begin(MemoryListener *listener)
2358 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2359 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2362 n = dummy_section(&d->map, as, &io_mem_unassigned);
2363 assert(n == PHYS_SECTION_UNASSIGNED);
2364 n = dummy_section(&d->map, as, &io_mem_notdirty);
2365 assert(n == PHYS_SECTION_NOTDIRTY);
2366 n = dummy_section(&d->map, as, &io_mem_rom);
2367 assert(n == PHYS_SECTION_ROM);
2368 n = dummy_section(&d->map, as, &io_mem_watch);
2369 assert(n == PHYS_SECTION_WATCH);
2371 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2373 as->next_dispatch = d;
2376 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2378 phys_sections_free(&d->map);
2382 static void mem_commit(MemoryListener *listener)
2384 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2385 AddressSpaceDispatch *cur = as->dispatch;
2386 AddressSpaceDispatch *next = as->next_dispatch;
2388 phys_page_compact_all(next, next->map.nodes_nb);
2390 atomic_rcu_set(&as->dispatch, next);
2392 call_rcu(cur, address_space_dispatch_free, rcu);
2396 static void tcg_commit(MemoryListener *listener)
2398 CPUAddressSpace *cpuas;
2399 AddressSpaceDispatch *d;
2401 /* since each CPU stores ram addresses in its TLB cache, we must
2402 reset the modified entries */
2403 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2404 cpu_reloading_memory_map();
2405 /* The CPU and TLB are protected by the iothread lock.
2406 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2407 * may have split the RCU critical section.
2409 d = atomic_rcu_read(&cpuas->as->dispatch);
2410 cpuas->memory_dispatch = d;
2411 tlb_flush(cpuas->cpu, 1);
2414 void address_space_init_dispatch(AddressSpace *as)
2416 as->dispatch = NULL;
2417 as->dispatch_listener = (MemoryListener) {
2419 .commit = mem_commit,
2420 .region_add = mem_add,
2421 .region_nop = mem_add,
2424 memory_listener_register(&as->dispatch_listener, as);
2427 void address_space_unregister(AddressSpace *as)
2429 memory_listener_unregister(&as->dispatch_listener);
2432 void address_space_destroy_dispatch(AddressSpace *as)
2434 AddressSpaceDispatch *d = as->dispatch;
2436 atomic_rcu_set(&as->dispatch, NULL);
2438 call_rcu(d, address_space_dispatch_free, rcu);
2442 static void memory_map_init(void)
2444 system_memory = g_malloc(sizeof(*system_memory));
2446 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2447 address_space_init(&address_space_memory, system_memory, "memory");
2449 system_io = g_malloc(sizeof(*system_io));
2450 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2452 address_space_init(&address_space_io, system_io, "I/O");
2455 MemoryRegion *get_system_memory(void)
2457 return system_memory;
2460 MemoryRegion *get_system_io(void)
2465 #endif /* !defined(CONFIG_USER_ONLY) */
2467 /* physical memory access (slow version, mainly for debug) */
2468 #if defined(CONFIG_USER_ONLY)
2469 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2470 uint8_t *buf, int len, int is_write)
2477 page = addr & TARGET_PAGE_MASK;
2478 l = (page + TARGET_PAGE_SIZE) - addr;
2481 flags = page_get_flags(page);
2482 if (!(flags & PAGE_VALID))
2485 if (!(flags & PAGE_WRITE))
2487 /* XXX: this code should not depend on lock_user */
2488 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2491 unlock_user(p, addr, l);
2493 if (!(flags & PAGE_READ))
2495 /* XXX: this code should not depend on lock_user */
2496 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2499 unlock_user(p, addr, 0);
2510 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2513 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2514 /* No early return if dirty_log_mask is or becomes 0, because
2515 * cpu_physical_memory_set_dirty_range will still call
2516 * xen_modified_memory.
2518 if (dirty_log_mask) {
2520 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2522 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2523 tb_invalidate_phys_range(addr, addr + length);
2524 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2526 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2529 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2531 unsigned access_size_max = mr->ops->valid.max_access_size;
2533 /* Regions are assumed to support 1-4 byte accesses unless
2534 otherwise specified. */
2535 if (access_size_max == 0) {
2536 access_size_max = 4;
2539 /* Bound the maximum access by the alignment of the address. */
2540 if (!mr->ops->impl.unaligned) {
2541 unsigned align_size_max = addr & -addr;
2542 if (align_size_max != 0 && align_size_max < access_size_max) {
2543 access_size_max = align_size_max;
2547 /* Don't attempt accesses larger than the maximum. */
2548 if (l > access_size_max) {
2549 l = access_size_max;
2556 static bool prepare_mmio_access(MemoryRegion *mr)
2558 bool unlocked = !qemu_mutex_iothread_locked();
2559 bool release_lock = false;
2561 if (unlocked && mr->global_locking) {
2562 qemu_mutex_lock_iothread();
2564 release_lock = true;
2566 if (mr->flush_coalesced_mmio) {
2568 qemu_mutex_lock_iothread();
2570 qemu_flush_coalesced_mmio_buffer();
2572 qemu_mutex_unlock_iothread();
2576 return release_lock;
2579 /* Called within RCU critical section. */
2580 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2583 int len, hwaddr addr1,
2584 hwaddr l, MemoryRegion *mr)
2588 MemTxResult result = MEMTX_OK;
2589 bool release_lock = false;
2592 if (!memory_access_is_direct(mr, true)) {
2593 release_lock |= prepare_mmio_access(mr);
2594 l = memory_access_size(mr, l, addr1);
2595 /* XXX: could force current_cpu to NULL to avoid
2599 /* 64 bit write access */
2601 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2605 /* 32 bit write access */
2607 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2611 /* 16 bit write access */
2613 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2617 /* 8 bit write access */
2619 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2626 addr1 += memory_region_get_ram_addr(mr);
2628 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2629 memcpy(ptr, buf, l);
2630 invalidate_and_set_dirty(mr, addr1, l);
2634 qemu_mutex_unlock_iothread();
2635 release_lock = false;
2647 mr = address_space_translate(as, addr, &addr1, &l, true);
2653 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2654 const uint8_t *buf, int len)
2659 MemTxResult result = MEMTX_OK;
2664 mr = address_space_translate(as, addr, &addr1, &l, true);
2665 result = address_space_write_continue(as, addr, attrs, buf, len,
2673 /* Called within RCU critical section. */
2674 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2675 MemTxAttrs attrs, uint8_t *buf,
2676 int len, hwaddr addr1, hwaddr l,
2681 MemTxResult result = MEMTX_OK;
2682 bool release_lock = false;
2685 if (!memory_access_is_direct(mr, false)) {
2687 release_lock |= prepare_mmio_access(mr);
2688 l = memory_access_size(mr, l, addr1);
2691 /* 64 bit read access */
2692 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2697 /* 32 bit read access */
2698 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2703 /* 16 bit read access */
2704 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2709 /* 8 bit read access */
2710 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2719 ptr = qemu_get_ram_ptr(mr->ram_block,
2720 memory_region_get_ram_addr(mr) + addr1);
2721 memcpy(buf, ptr, l);
2725 qemu_mutex_unlock_iothread();
2726 release_lock = false;
2738 mr = address_space_translate(as, addr, &addr1, &l, false);
2744 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2745 MemTxAttrs attrs, uint8_t *buf, int len)
2750 MemTxResult result = MEMTX_OK;
2755 mr = address_space_translate(as, addr, &addr1, &l, false);
2756 result = address_space_read_continue(as, addr, attrs, buf, len,
2764 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2765 uint8_t *buf, int len, bool is_write)
2768 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2770 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2774 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2775 int len, int is_write)
2777 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2778 buf, len, is_write);
2781 enum write_rom_type {
2786 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2787 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2797 mr = address_space_translate(as, addr, &addr1, &l, true);
2799 if (!(memory_region_is_ram(mr) ||
2800 memory_region_is_romd(mr))) {
2801 l = memory_access_size(mr, l, addr1);
2803 addr1 += memory_region_get_ram_addr(mr);
2805 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2808 memcpy(ptr, buf, l);
2809 invalidate_and_set_dirty(mr, addr1, l);
2812 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2823 /* used for ROM loading : can write in RAM and ROM */
2824 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2825 const uint8_t *buf, int len)
2827 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2830 void cpu_flush_icache_range(hwaddr start, int len)
2833 * This function should do the same thing as an icache flush that was
2834 * triggered from within the guest. For TCG we are always cache coherent,
2835 * so there is no need to flush anything. For KVM / Xen we need to flush
2836 * the host's instruction cache at least.
2838 if (tcg_enabled()) {
2842 cpu_physical_memory_write_rom_internal(&address_space_memory,
2843 start, NULL, len, FLUSH_CACHE);
2854 static BounceBuffer bounce;
2856 typedef struct MapClient {
2858 QLIST_ENTRY(MapClient) link;
2861 QemuMutex map_client_list_lock;
2862 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2863 = QLIST_HEAD_INITIALIZER(map_client_list);
2865 static void cpu_unregister_map_client_do(MapClient *client)
2867 QLIST_REMOVE(client, link);
2871 static void cpu_notify_map_clients_locked(void)
2875 while (!QLIST_EMPTY(&map_client_list)) {
2876 client = QLIST_FIRST(&map_client_list);
2877 qemu_bh_schedule(client->bh);
2878 cpu_unregister_map_client_do(client);
2882 void cpu_register_map_client(QEMUBH *bh)
2884 MapClient *client = g_malloc(sizeof(*client));
2886 qemu_mutex_lock(&map_client_list_lock);
2888 QLIST_INSERT_HEAD(&map_client_list, client, link);
2889 if (!atomic_read(&bounce.in_use)) {
2890 cpu_notify_map_clients_locked();
2892 qemu_mutex_unlock(&map_client_list_lock);
2895 void cpu_exec_init_all(void)
2897 qemu_mutex_init(&ram_list.mutex);
2900 qemu_mutex_init(&map_client_list_lock);
2903 void cpu_unregister_map_client(QEMUBH *bh)
2907 qemu_mutex_lock(&map_client_list_lock);
2908 QLIST_FOREACH(client, &map_client_list, link) {
2909 if (client->bh == bh) {
2910 cpu_unregister_map_client_do(client);
2914 qemu_mutex_unlock(&map_client_list_lock);
2917 static void cpu_notify_map_clients(void)
2919 qemu_mutex_lock(&map_client_list_lock);
2920 cpu_notify_map_clients_locked();
2921 qemu_mutex_unlock(&map_client_list_lock);
2924 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2932 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2933 if (!memory_access_is_direct(mr, is_write)) {
2934 l = memory_access_size(mr, l, addr);
2935 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2947 /* Map a physical memory region into a host virtual address.
2948 * May map a subset of the requested range, given by and returned in *plen.
2949 * May return NULL if resources needed to perform the mapping are exhausted.
2950 * Use only for reads OR writes - not for read-modify-write operations.
2951 * Use cpu_register_map_client() to know when retrying the map operation is
2952 * likely to succeed.
2954 void *address_space_map(AddressSpace *as,
2961 hwaddr l, xlat, base;
2962 MemoryRegion *mr, *this_mr;
2972 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2974 if (!memory_access_is_direct(mr, is_write)) {
2975 if (atomic_xchg(&bounce.in_use, true)) {
2979 /* Avoid unbounded allocations */
2980 l = MIN(l, TARGET_PAGE_SIZE);
2981 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2985 memory_region_ref(mr);
2988 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2994 return bounce.buffer;
2998 raddr = memory_region_get_ram_addr(mr);
3009 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3010 if (this_mr != mr || xlat != base + done) {
3015 memory_region_ref(mr);
3017 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
3023 /* Unmaps a memory region previously mapped by address_space_map().
3024 * Will also mark the memory as dirty if is_write == 1. access_len gives
3025 * the amount of memory that was actually read or written by the caller.
3027 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3028 int is_write, hwaddr access_len)
3030 if (buffer != bounce.buffer) {
3034 mr = qemu_ram_addr_from_host(buffer, &addr1);
3037 invalidate_and_set_dirty(mr, addr1, access_len);
3039 if (xen_enabled()) {
3040 xen_invalidate_map_cache_entry(buffer);
3042 memory_region_unref(mr);
3046 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3047 bounce.buffer, access_len);
3049 qemu_vfree(bounce.buffer);
3050 bounce.buffer = NULL;
3051 memory_region_unref(bounce.mr);
3052 atomic_mb_set(&bounce.in_use, false);
3053 cpu_notify_map_clients();
3056 void *cpu_physical_memory_map(hwaddr addr,
3060 return address_space_map(&address_space_memory, addr, plen, is_write);
3063 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3064 int is_write, hwaddr access_len)
3066 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3069 /* warning: addr must be aligned */
3070 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3072 MemTxResult *result,
3073 enum device_endian endian)
3081 bool release_lock = false;
3084 mr = address_space_translate(as, addr, &addr1, &l, false);
3085 if (l < 4 || !memory_access_is_direct(mr, false)) {
3086 release_lock |= prepare_mmio_access(mr);
3089 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3090 #if defined(TARGET_WORDS_BIGENDIAN)
3091 if (endian == DEVICE_LITTLE_ENDIAN) {
3095 if (endian == DEVICE_BIG_ENDIAN) {
3101 ptr = qemu_get_ram_ptr(mr->ram_block,
3102 (memory_region_get_ram_addr(mr)
3106 case DEVICE_LITTLE_ENDIAN:
3107 val = ldl_le_p(ptr);
3109 case DEVICE_BIG_ENDIAN:
3110 val = ldl_be_p(ptr);
3122 qemu_mutex_unlock_iothread();
3128 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs, MemTxResult *result)
3131 return address_space_ldl_internal(as, addr, attrs, result,
3132 DEVICE_NATIVE_ENDIAN);
3135 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3138 return address_space_ldl_internal(as, addr, attrs, result,
3139 DEVICE_LITTLE_ENDIAN);
3142 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs, MemTxResult *result)
3145 return address_space_ldl_internal(as, addr, attrs, result,
3149 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3151 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3154 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3156 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3159 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3161 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3164 /* warning: addr must be aligned */
3165 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3167 MemTxResult *result,
3168 enum device_endian endian)
3176 bool release_lock = false;
3179 mr = address_space_translate(as, addr, &addr1, &l,
3181 if (l < 8 || !memory_access_is_direct(mr, false)) {
3182 release_lock |= prepare_mmio_access(mr);
3185 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3186 #if defined(TARGET_WORDS_BIGENDIAN)
3187 if (endian == DEVICE_LITTLE_ENDIAN) {
3191 if (endian == DEVICE_BIG_ENDIAN) {
3197 ptr = qemu_get_ram_ptr(mr->ram_block,
3198 (memory_region_get_ram_addr(mr)
3202 case DEVICE_LITTLE_ENDIAN:
3203 val = ldq_le_p(ptr);
3205 case DEVICE_BIG_ENDIAN:
3206 val = ldq_be_p(ptr);
3218 qemu_mutex_unlock_iothread();
3224 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3225 MemTxAttrs attrs, MemTxResult *result)
3227 return address_space_ldq_internal(as, addr, attrs, result,
3228 DEVICE_NATIVE_ENDIAN);
3231 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3232 MemTxAttrs attrs, MemTxResult *result)
3234 return address_space_ldq_internal(as, addr, attrs, result,
3235 DEVICE_LITTLE_ENDIAN);
3238 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3239 MemTxAttrs attrs, MemTxResult *result)
3241 return address_space_ldq_internal(as, addr, attrs, result,
3245 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3247 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3250 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3252 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3255 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3257 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3261 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3262 MemTxAttrs attrs, MemTxResult *result)
3267 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3274 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3276 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3279 /* warning: addr must be aligned */
3280 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3283 MemTxResult *result,
3284 enum device_endian endian)
3292 bool release_lock = false;
3295 mr = address_space_translate(as, addr, &addr1, &l,
3297 if (l < 2 || !memory_access_is_direct(mr, false)) {
3298 release_lock |= prepare_mmio_access(mr);
3301 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3302 #if defined(TARGET_WORDS_BIGENDIAN)
3303 if (endian == DEVICE_LITTLE_ENDIAN) {
3307 if (endian == DEVICE_BIG_ENDIAN) {
3313 ptr = qemu_get_ram_ptr(mr->ram_block,
3314 (memory_region_get_ram_addr(mr)
3318 case DEVICE_LITTLE_ENDIAN:
3319 val = lduw_le_p(ptr);
3321 case DEVICE_BIG_ENDIAN:
3322 val = lduw_be_p(ptr);
3334 qemu_mutex_unlock_iothread();
3340 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3341 MemTxAttrs attrs, MemTxResult *result)
3343 return address_space_lduw_internal(as, addr, attrs, result,
3344 DEVICE_NATIVE_ENDIAN);
3347 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3348 MemTxAttrs attrs, MemTxResult *result)
3350 return address_space_lduw_internal(as, addr, attrs, result,
3351 DEVICE_LITTLE_ENDIAN);
3354 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3355 MemTxAttrs attrs, MemTxResult *result)
3357 return address_space_lduw_internal(as, addr, attrs, result,
3361 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3363 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3366 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3368 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3371 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3373 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3376 /* warning: addr must be aligned. The ram page is not masked as dirty
3377 and the code inside is not invalidated. It is useful if the dirty
3378 bits are used to track modified PTEs */
3379 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3380 MemTxAttrs attrs, MemTxResult *result)
3387 uint8_t dirty_log_mask;
3388 bool release_lock = false;
3391 mr = address_space_translate(as, addr, &addr1, &l,
3393 if (l < 4 || !memory_access_is_direct(mr, true)) {
3394 release_lock |= prepare_mmio_access(mr);
3396 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3398 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3399 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3402 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3403 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3404 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3411 qemu_mutex_unlock_iothread();
3416 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3418 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3421 /* warning: addr must be aligned */
3422 static inline void address_space_stl_internal(AddressSpace *as,
3423 hwaddr addr, uint32_t val,
3425 MemTxResult *result,
3426 enum device_endian endian)
3433 bool release_lock = false;
3436 mr = address_space_translate(as, addr, &addr1, &l,
3438 if (l < 4 || !memory_access_is_direct(mr, true)) {
3439 release_lock |= prepare_mmio_access(mr);
3441 #if defined(TARGET_WORDS_BIGENDIAN)
3442 if (endian == DEVICE_LITTLE_ENDIAN) {
3446 if (endian == DEVICE_BIG_ENDIAN) {
3450 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3453 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3454 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3456 case DEVICE_LITTLE_ENDIAN:
3459 case DEVICE_BIG_ENDIAN:
3466 invalidate_and_set_dirty(mr, addr1, 4);
3473 qemu_mutex_unlock_iothread();
3478 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3479 MemTxAttrs attrs, MemTxResult *result)
3481 address_space_stl_internal(as, addr, val, attrs, result,
3482 DEVICE_NATIVE_ENDIAN);
3485 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3486 MemTxAttrs attrs, MemTxResult *result)
3488 address_space_stl_internal(as, addr, val, attrs, result,
3489 DEVICE_LITTLE_ENDIAN);
3492 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3493 MemTxAttrs attrs, MemTxResult *result)
3495 address_space_stl_internal(as, addr, val, attrs, result,
3499 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3501 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3504 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3506 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3509 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3511 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3515 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3516 MemTxAttrs attrs, MemTxResult *result)
3521 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3527 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3529 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3532 /* warning: addr must be aligned */
3533 static inline void address_space_stw_internal(AddressSpace *as,
3534 hwaddr addr, uint32_t val,
3536 MemTxResult *result,
3537 enum device_endian endian)
3544 bool release_lock = false;
3547 mr = address_space_translate(as, addr, &addr1, &l, true);
3548 if (l < 2 || !memory_access_is_direct(mr, true)) {
3549 release_lock |= prepare_mmio_access(mr);
3551 #if defined(TARGET_WORDS_BIGENDIAN)
3552 if (endian == DEVICE_LITTLE_ENDIAN) {
3556 if (endian == DEVICE_BIG_ENDIAN) {
3560 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3563 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3564 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3566 case DEVICE_LITTLE_ENDIAN:
3569 case DEVICE_BIG_ENDIAN:
3576 invalidate_and_set_dirty(mr, addr1, 2);
3583 qemu_mutex_unlock_iothread();
3588 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3589 MemTxAttrs attrs, MemTxResult *result)
3591 address_space_stw_internal(as, addr, val, attrs, result,
3592 DEVICE_NATIVE_ENDIAN);
3595 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3596 MemTxAttrs attrs, MemTxResult *result)
3598 address_space_stw_internal(as, addr, val, attrs, result,
3599 DEVICE_LITTLE_ENDIAN);
3602 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3603 MemTxAttrs attrs, MemTxResult *result)
3605 address_space_stw_internal(as, addr, val, attrs, result,
3609 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3611 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3614 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3616 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3619 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3621 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3625 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3626 MemTxAttrs attrs, MemTxResult *result)
3630 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3636 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3637 MemTxAttrs attrs, MemTxResult *result)
3640 val = cpu_to_le64(val);
3641 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3646 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3647 MemTxAttrs attrs, MemTxResult *result)
3650 val = cpu_to_be64(val);
3651 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3657 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3659 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3662 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3664 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3667 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3669 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3672 /* virtual memory access for debug (includes writing to ROM) */
3673 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3674 uint8_t *buf, int len, int is_write)
3684 page = addr & TARGET_PAGE_MASK;
3685 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3686 asidx = cpu_asidx_from_attrs(cpu, attrs);
3687 /* if no physical page mapped, return an error */
3688 if (phys_addr == -1)
3690 l = (page + TARGET_PAGE_SIZE) - addr;
3693 phys_addr += (addr & ~TARGET_PAGE_MASK);
3695 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3698 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3699 MEMTXATTRS_UNSPECIFIED,
3710 * Allows code that needs to deal with migration bitmaps etc to still be built
3711 * target independent.
3713 size_t qemu_target_page_bits(void)
3715 return TARGET_PAGE_BITS;
3721 * A helper function for the _utterly broken_ virtio device model to find out if
3722 * it's running on a big endian machine. Don't do this at home kids!
3724 bool target_words_bigendian(void);
3725 bool target_words_bigendian(void)
3727 #if defined(TARGET_WORDS_BIGENDIAN)
3734 #ifndef CONFIG_USER_ONLY
3735 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3742 mr = address_space_translate(&address_space_memory,
3743 phys_addr, &phys_addr, &l, false);
3745 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3750 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3756 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3757 ret = func(block->idstr, block->host, block->offset,
3758 block->used_length, opaque);
Code Review / kvmfornfv.git / blob